Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RustStore_Setup.exe

Overview

General Information

Sample name:RustStore_Setup.exe
Analysis ID:1525385
MD5:4e4c8bd71f7875fac184a95f79fb1327
SHA1:e24f4fd00b568e2e278a1ec6f4b86181c393b025
SHA256:e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d
Tags:darkcrystalnetreactordcratexeratremoteuser-FPS
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Yara detected DCRat
AI detected suspicious sample
Creates processes via WMI
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • RustStore_Setup.exe (PID: 3128 cmdline: "C:\Users\user\Desktop\RustStore_Setup.exe" MD5: 4E4C8BD71F7875FAC184A95F79FB1327)
    • wscript.exe (PID: 180 cmdline: "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 5428 cmdline: C:\Windows\system32\cmd.exe /c ""C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • BridgeSurrogatenet.exe (PID: 940 cmdline: "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe" MD5: 432B80F7150FA78CE2E0635C5DA14546)
          • schtasks.exe (PID: 7092 cmdline: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1436 cmdline: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZ" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5652 cmdline: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 13 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4144 cmdline: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1264 cmdline: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZ" /sc ONLOGON /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 528 cmdline: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2968 cmdline: schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\Recovery\cmd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2260 cmdline: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7064 cmdline: schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2072 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2300 cmdline: schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3128 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2352 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3040 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6644 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 5568 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • w32tm.exe (PID: 6668 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
  • cmd.exe (PID: 3608 cmdline: C:\Recovery\cmd.exe MD5: 432B80F7150FA78CE2E0635C5DA14546)
  • cmd.exe (PID: 1264 cmdline: C:\Recovery\cmd.exe MD5: 432B80F7150FA78CE2E0635C5DA14546)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"M\":\"!\",\"c\":\".\",\"6\":\"@\",\"T\":\"~\",\"1\":\"-\",\"p\":\"<\",\"X\":\" \",\"C\":\"`\",\"9\":\"&\",\"B\":\"(\",\"y\":\",\",\"I\":\"%\",\"J\":\">\",\"L\":\"_\",\"n\":\";\",\"i\":\"|\",\"3\":\"^\",\"b\":\")\",\"e\":\"$\",\"A\":\"*\",\"V\":\"#\"}", "PCRT": "{\"b\":\".\",\"V\":\"$\",\"2\":\";\",\"m\":\"!\",\"R\":\"^\",\"J\":\"#\",\"U\":\"<\",\"Q\":\"_\",\"W\":\"%\",\"C\":\"~\",\"I\":\")\",\"A\":\"@\",\"L\":\",\",\"E\":\"-\",\"B\":\"*\",\"F\":\">\",\"p\":\"`\",\"d\":\"&\",\"S\":\"|\",\"x\":\"(\",\"v\":\" \"}", "TAG": "", "MUTEX": "DCR_MUTEX-qrhdDySugmaYwAeelr9l", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001C.00000002.2305479349.000000000297D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    0000001B.00000002.2298715470.0000000002691000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000005.00000002.2195051315.00000000033BC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        0000001C.00000002.2305479349.0000000002941000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          0000001B.00000002.2298715470.00000000026CC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 12 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Execution from Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, CommandLine: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, NewProcessName: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, OriginalFileName: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, ProcessId: 2716, ProcessName: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe, ProcessId: 940, TargetFilename: C:\hyperdriverIntoruntimeHost\dllhost.exe
            Sigma detected: Invoke-Obfuscation CLIP+ Launcher
            Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f, CommandLine: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe", ParentImage: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe, ParentProcessId: 940, ParentProcessName: BridgeSurrogatenet.exe, ProcessCommandLine: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f, ProcessId: 2260, ProcessName: schtasks.exe
            Sigma detected: Invoke-Obfuscation VAR+ Launcher
            Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f, CommandLine: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe", ParentImage: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe, ParentProcessId: 940, ParentProcessName: BridgeSurrogatenet.exe, ProcessCommandLine: schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f, ProcessId: 2260, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f, CommandLine: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe", ParentImage: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe, ParentProcessId: 940, ParentProcessName: BridgeSurrogatenet.exe, ProcessCommandLine: schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f, ProcessId: 4144, ProcessName: schtasks.exe
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\RustStore_Setup.exe", ParentImage: C:\Users\user\Desktop\RustStore_Setup.exe, ParentProcessId: 3128, ParentProcessName: RustStore_Setup.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe" , ProcessId: 180, ProcessName: wscript.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Schedule system process
            Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /f, CommandLine: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe", ParentImage: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe, ParentProcessId: 940, ParentProcessName: BridgeSurrogatenet.exe, ProcessCommandLine: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /f, ProcessId: 2072, ProcessName: schtasks.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: RustStore_Setup.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Recovery\cmd.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbeAvira: detection malicious, Label: VBS/Runner.VPG
            Source: C:\hyperdriverIntoruntimeHost\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\user\AppData\Local\Temp\7hM3IriNjv.batAvira: detection malicious, Label: BAT/Delbat.C
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\hyperdriverIntoruntimeHost\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Found malware configuration
            Source: 00000005.00000002.2196364821.00000000130ED000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"M\":\"!\",\"c\":\".\",\"6\":\"@\",\"T\":\"~\",\"1\":\"-\",\"p\":\"<\",\"X\":\" \",\"C\":\"`\",\"9\":\"&\",\"B\":\"(\",\"y\":\",\",\"I\":\"%\",\"J\":\">\",\"L\":\"_\",\"n\":\";\",\"i\":\"|\",\"3\":\"^\",\"b\":\")\",\"e\":\"$\",\"A\":\"*\",\"V\":\"#\"}", "PCRT": "{\"b\":\".\",\"V\":\"$\",\"2\":\";\",\"m\":\"!\",\"R\":\"^\",\"J\":\"#\",\"U\":\"<\",\"Q\":\"_\",\"W\":\"%\",\"C\":\"~\",\"I\":\")\",\"A\":\"@\",\"L\":\",\",\"E\":\"-\",\"B\":\"*\",\"F\":\">\",\"p\":\"`\",\"d\":\"&\",\"S\":\"|\",\"x\":\"(\",\"v\":\" \"}", "TAG": "", "MUTEX": "DCR_MUTEX-qrhdDySugmaYwAeelr9l", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}
            Multi AV Scanner detection for dropped file
            Source: C:\Recovery\cmd.exeVirustotal: Detection: 68%Perma Link
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeVirustotal: Detection: 68%Perma Link
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeVirustotal: Detection: 68%Perma Link
            Source: C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeVirustotal: Detection: 68%Perma Link
            Source: C:\hyperdriverIntoruntimeHost\RuntimeBroker.exeVirustotal: Detection: 68%Perma Link
            Source: C:\hyperdriverIntoruntimeHost\dllhost.exeVirustotal: Detection: 68%Perma Link
            Multi AV Scanner detection for submitted file
            Source: RustStore_Setup.exeReversingLabs: Detection: 63%
            Source: RustStore_Setup.exeVirustotal: Detection: 59%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
            Machine Learning detection for dropped file
            Source: C:\Recovery\cmd.exeJoe Sandbox ML: detected
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeJoe Sandbox ML: detected
            Source: C:\hyperdriverIntoruntimeHost\dllhost.exeJoe Sandbox ML: detected
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeJoe Sandbox ML: detected
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeJoe Sandbox ML: detected
            Source: C:\hyperdriverIntoruntimeHost\RuntimeBroker.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: RustStore_Setup.exeJoe Sandbox ML: detected
            Source: RustStore_Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: RustStore_Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: RustStore_Setup.exe
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00A3A5F4
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00A4B8E0
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5AAA8 FindFirstFileExA,0_2_00A5AAA8
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\userJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: BridgeSurrogatenet.exe, 00000005.00000002.2195051315.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, BridgeSurrogatenet.exe, 00000005.00000002.2195051315.00000000033F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

            System Summary

            barindex
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00A3718C
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3857B0_2_00A3857B
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A470BF0_2_00A470BF
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5D00E0_2_00A5D00E
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3407E0_2_00A3407E
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A611940_2_00A61194
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3E2A00_2_00A3E2A0
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A332810_2_00A33281
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A502F60_2_00A502F6
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A466460_2_00A46646
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A327E80_2_00A327E8
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A437C10_2_00A437C1
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5473A0_2_00A5473A
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5070E0_2_00A5070E
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3E8A00_2_00A3E8A0
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3F9680_2_00A3F968
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A549690_2_00A54969
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A43A3C0_2_00A43A3C
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A46A7B0_2_00A46A7B
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5CB600_2_00A5CB60
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A50B430_2_00A50B43
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A45C770_2_00A45C77
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4FDFA0_2_00A4FDFA
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3ED140_2_00A3ED14
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A43D6D0_2_00A43D6D
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3BE130_2_00A3BE13
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3DE6C0_2_00A3DE6C
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A35F3C0_2_00A35F3C
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A50F780_2_00A50F78
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeCode function: 5_2_00007FF8491551525_2_00007FF849155152
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeCode function: 5_2_00007FF8491543A65_2_00007FF8491543A6
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: String function: 00A4E360 appears 52 times
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: String function: 00A4ED00 appears 31 times
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: String function: 00A4E28C appears 35 times
            Source: BridgeSurrogatenet.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: cmd.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: dllhost.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: RuntimeBroker.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: RustStore_Setup.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs RustStore_Setup.exe
            Source: RustStore_Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.evad.winEXE@35/19@0/0
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A36EC9 GetLastError,FormatMessageW,0_2_00A36EC9
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A49E1C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00A49E1C
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMutant created: NULL
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeMutant created: \Sessions\1\BaseNamedObjects\Local\31f5594aaf1530bd530579e7d3f1fa6b469887b2
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\Users\user\AppData\Local\Temp\MvCJNUdD46Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat" "
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCommand line argument: sfxname0_2_00A4D5D4
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCommand line argument: sfxstime0_2_00A4D5D4
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCommand line argument: STARTDLG0_2_00A4D5D4
            Source: RustStore_Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: RustStore_Setup.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RustStore_Setup.exeFile read: C:\Windows\win.iniJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RustStore_Setup.exeReversingLabs: Detection: 63%
            Source: RustStore_Setup.exeVirustotal: Detection: 59%
            Source: C:\Users\user\Desktop\RustStore_Setup.exeFile read: C:\Users\user\Desktop\RustStore_Setup.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\RustStore_Setup.exe "C:\Users\user\Desktop\RustStore_Setup.exe"
            Source: C:\Users\user\Desktop\RustStore_Setup.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat" "
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe"
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZ" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 13 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZ" /sc ONLOGON /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\Recovery\cmd.exe'" /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /rl HIGHEST /f
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: unknownProcess created: C:\Recovery\cmd.exe C:\Recovery\cmd.exe
            Source: unknownProcess created: C:\Recovery\cmd.exe C:\Recovery\cmd.exe
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe "C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"
            Source: C:\Users\user\Desktop\RustStore_Setup.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat" "Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe"Jump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe "C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: dxgidebug.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: version.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: wldp.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: profapi.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: amsi.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: userenv.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: edputil.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: propsys.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: dlnashext.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: wpdshext.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: netutils.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: slc.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: sppc.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
            Source: C:\Recovery\cmd.exeSection loaded: mscoree.dll
            Source: C:\Recovery\cmd.exeSection loaded: apphelp.dll
            Source: C:\Recovery\cmd.exeSection loaded: kernel.appcore.dll
            Source: C:\Recovery\cmd.exeSection loaded: version.dll
            Source: C:\Recovery\cmd.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Recovery\cmd.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Recovery\cmd.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Recovery\cmd.exeSection loaded: uxtheme.dll
            Source: C:\Recovery\cmd.exeSection loaded: windows.storage.dll
            Source: C:\Recovery\cmd.exeSection loaded: wldp.dll
            Source: C:\Recovery\cmd.exeSection loaded: profapi.dll
            Source: C:\Recovery\cmd.exeSection loaded: cryptsp.dll
            Source: C:\Recovery\cmd.exeSection loaded: rsaenh.dll
            Source: C:\Recovery\cmd.exeSection loaded: cryptbase.dll
            Source: C:\Recovery\cmd.exeSection loaded: sspicli.dll
            Source: C:\Recovery\cmd.exeSection loaded: mscoree.dll
            Source: C:\Recovery\cmd.exeSection loaded: kernel.appcore.dll
            Source: C:\Recovery\cmd.exeSection loaded: version.dll
            Source: C:\Recovery\cmd.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Recovery\cmd.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Recovery\cmd.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Recovery\cmd.exeSection loaded: uxtheme.dll
            Source: C:\Recovery\cmd.exeSection loaded: windows.storage.dll
            Source: C:\Recovery\cmd.exeSection loaded: wldp.dll
            Source: C:\Recovery\cmd.exeSection loaded: profapi.dll
            Source: C:\Recovery\cmd.exeSection loaded: cryptsp.dll
            Source: C:\Recovery\cmd.exeSection loaded: rsaenh.dll
            Source: C:\Recovery\cmd.exeSection loaded: cryptbase.dll
            Source: C:\Recovery\cmd.exeSection loaded: sspicli.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: mscoree.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: version.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: uxtheme.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: windows.storage.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: wldp.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: profapi.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: cryptsp.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: rsaenh.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: cryptbase.dll
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeSection loaded: sspicli.dll
            Source: C:\Users\user\Desktop\RustStore_Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: RustStore_Setup.exeStatic file information: File size 3647136 > 1048576
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: RustStore_Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: RustStore_Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: RustStore_Setup.exe
            Source: RustStore_Setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: RustStore_Setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: RustStore_Setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: RustStore_Setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: RustStore_Setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\RustStore_Setup.exeFile created: C:\hyperdriverIntoruntimeHost\__tmp_rar_sfx_access_check_6683078Jump to behavior
            Source: RustStore_Setup.exeStatic PE information: section name: .didat
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4E28C push eax; ret 0_2_00A4E2AA
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4ED46 push ecx; ret 0_2_00A4ED59
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeCode function: 14_2_00007FF848E600BD pushad ; iretd 14_2_00007FF848E600C1
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeCode function: 16_2_00007FF848E600BD pushad ; iretd 16_2_00007FF848E600C1

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\hyperdriverIntoruntimeHost\RuntimeBroker.exeJump to dropped file
            Source: C:\Users\user\Desktop\RustStore_Setup.exeFile created: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeJump to dropped file
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeJump to dropped file
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeJump to dropped file
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\Recovery\cmd.exeJump to dropped file
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile created: C:\hyperdriverIntoruntimeHost\dllhost.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f
            Source: C:\Users\user\Desktop\RustStore_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Recovery\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeMemory allocated: 15B0000 memory reserve | memory write watchJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeMemory allocated: 1B0E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMemory allocated: 1190000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMemory allocated: 1AAE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMemory allocated: 12D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMemory allocated: 1AC10000 memory reserve | memory write watchJump to behavior
            Source: C:\Recovery\cmd.exeMemory allocated: B20000 memory reserve | memory write watch
            Source: C:\Recovery\cmd.exeMemory allocated: 1A690000 memory reserve | memory write watch
            Source: C:\Recovery\cmd.exeMemory allocated: FB0000 memory reserve | memory write watch
            Source: C:\Recovery\cmd.exeMemory allocated: 1A940000 memory reserve | memory write watch
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMemory allocated: 1190000 memory reserve | memory write watch
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeMemory allocated: 1ABF0000 memory reserve | memory write watch
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Recovery\cmd.exeThread delayed: delay time: 922337203685477
            Source: C:\Recovery\cmd.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWindow / User API: threadDelayed 779Jump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeWindow / User API: threadDelayed 1178Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeWindow / User API: threadDelayed 602Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeWindow / User API: threadDelayed 453Jump to behavior
            Source: C:\Recovery\cmd.exeWindow / User API: threadDelayed 369
            Source: C:\Recovery\cmd.exeWindow / User API: threadDelayed 369
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeWindow / User API: threadDelayed 681
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeWindow / User API: threadDelayed 447
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe TID: 6160Thread sleep count: 779 > 30Jump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe TID: 7084Thread sleep count: 1178 > 30Jump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe TID: 432Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 5516Thread sleep count: 114 > 30Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 5516Thread sleep count: 602 > 30Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 2920Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 5160Thread sleep count: 453 > 30Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 1812Thread sleep count: 49 > 30Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 3924Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Recovery\cmd.exe TID: 2408Thread sleep count: 369 > 30
            Source: C:\Recovery\cmd.exe TID: 1600Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Recovery\cmd.exe TID: 3772Thread sleep count: 369 > 30
            Source: C:\Recovery\cmd.exe TID: 904Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 7496Thread sleep count: 681 > 30
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 7496Thread sleep count: 447 > 30
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe TID: 7468Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Recovery\cmd.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Recovery\cmd.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00A3A5F4
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00A4B8E0
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5AAA8 FindFirstFileExA,0_2_00A5AAA8
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4DD72 VirtualQuery,GetSystemInfo,0_2_00A4DD72
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Recovery\cmd.exeThread delayed: delay time: 922337203685477
            Source: C:\Recovery\cmd.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeThread delayed: delay time: 922337203685477
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\userJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: w32tm.exe, 0000001A.00000002.2245083192.000001CD384C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllv
            Source: wscript.exe, 00000001.00000003.2156172327.0000000002CE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}6F
            Source: BridgeSurrogatenet.exe, 00000005.00000002.2221887393.000000001C93E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c
            Source: RustStore_Setup.exe, 00000000.00000002.2083833748.0000000003024000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}#
            Source: RustStore_Setup.exe, 00000000.00000002.2083833748.0000000003024000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: wscript.exe, 00000001.00000003.2156172327.0000000002CE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\xF
            Source: RustStore_Setup.exe, cmd.exe.5.dr, LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe.5.dr, dllhost.exe.5.dr, BridgeSurrogatenet.exe.0.dr, LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe0.5.dr, RuntimeBroker.exe.5.drBinary or memory string: UC58Wdg3kmL8OQeMU0P
            Source: C:\Users\user\Desktop\RustStore_Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-24547
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A5866F
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5753D mov eax, dword ptr fs:[00000030h]0_2_00A5753D
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5B710 GetProcessHeap,0_2_00A5B710
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Recovery\cmd.exeProcess token adjusted: Debug
            Source: C:\Recovery\cmd.exeProcess token adjusted: Debug
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4F063 SetUnhandledExceptionFilter,0_2_00A4F063
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4F22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A4F22B
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A5866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A5866F
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4EF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A4EF05
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\RustStore_Setup.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat" "Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe "C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe"Jump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat" Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe "C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4ED5B cpuid 0_2_00A4ED5B
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00A4A63C
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeQueries volume information: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe VolumeInformationJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeQueries volume information: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe VolumeInformationJump to behavior
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeQueries volume information: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Recovery\cmd.exeQueries volume information: C:\Recovery\cmd.exe VolumeInformation
            Source: C:\Recovery\cmd.exeQueries volume information: C:\Recovery\cmd.exe VolumeInformation
            Source: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exeQueries volume information: C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe VolumeInformation
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A4D5D4 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00A4D5D4
            Source: C:\Users\user\Desktop\RustStore_Setup.exeCode function: 0_2_00A3ACF5 GetVersionExW,0_2_00A3ACF5
            Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 0000001C.00000002.2305479349.000000000297D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.2298715470.0000000002691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2195051315.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001C.00000002.2305479349.0000000002941000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.2298715470.00000000026CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.2281773003.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.2281773003.0000000002C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2326677524.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2195051315.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2274187756.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2196364821.00000000130ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: BridgeSurrogatenet.exe PID: 940, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe PID: 2716, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe PID: 1784, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3608, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1264, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe PID: 7448, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 0000001C.00000002.2305479349.000000000297D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.2298715470.0000000002691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2195051315.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001C.00000002.2305479349.0000000002941000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001B.00000002.2298715470.00000000026CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.2281773003.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.2281773003.0000000002C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2326677524.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2195051315.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.2274187756.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2196364821.00000000130ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: BridgeSurrogatenet.exe PID: 940, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe PID: 2716, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe PID: 1784, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3608, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1264, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe PID: 7448, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information11
            Scripting            		Valid Accounts11
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		11
            Process Injection            		1
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		11
            Scripting            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory121
            Security Software Discovery            		Remote Desktop Protocol1
            Clipboard Data            		Junk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Scheduled Task/Job            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
            Obfuscated Files or Information            		Cached Domain Credentials3
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Software Packing            		DCSync37
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525385 Sample: RustStore_Setup.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 57 Found malware configuration 2->57 59 Antivirus detection for dropped file 2->59 61 Antivirus / Scanner detection for submitted sample 2->61 63 11 other signatures 2->63 10 RustStore_Setup.exe 3 6 2->10         started        13 LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe 3 2->13         started        16 cmd.exe 2->16         started        18 2 other processes 2->18 process3 file4 53 C:\...\BridgeSurrogatenet.exe, PE32 10->53 dropped 55 C:\...\RyNGDgfn2lqcEdmANFTv.vbe, data 10->55 dropped 20 wscript.exe 1 10->20         started        75 Antivirus detection for dropped file 13->75 77 Multi AV Scanner detection for dropped file 13->77 79 Machine Learning detection for dropped file 13->79 signatures5 process6 signatures7 65 Windows Scripting host queries suspicious COM object (likely to drop second stage) 20->65 23 cmd.exe 1 20->23         started        process8 process9 25 BridgeSurrogatenet.exe 3 16 23->25         started        29 conhost.exe 23->29         started        file10 45 C:\hyperdriverIntoruntimeHost\dllhost.exe, PE32 25->45 dropped 47 C:\...\RuntimeBroker.exe, PE32 25->47 dropped 49 C:\...\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, PE32 25->49 dropped 51 3 other malicious files 25->51 dropped 67 Antivirus detection for dropped file 25->67 69 Multi AV Scanner detection for dropped file 25->69 71 Machine Learning detection for dropped file 25->71 73 2 other signatures 25->73 31 cmd.exe 25->31         started        33 schtasks.exe 25->33         started        35 schtasks.exe 25->35         started        37 13 other processes 25->37 signatures11 process12 process13 39 conhost.exe 31->39         started        41 w32tm.exe 31->41         started        43 LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe 31->43         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RustStore_Setup.exe63%ReversingLabsByteCode-MSIL.Trojan.Uztuby
            RustStore_Setup.exe60%VirustotalBrowse
            RustStore_Setup.exe100%AviraVBS/Runner.VPG
            RustStore_Setup.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Recovery\cmd.exe100%AviraHEUR/AGEN.1323984
            C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe100%AviraHEUR/AGEN.1323984
            C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe100%AviraVBS/Runner.VPG
            C:\hyperdriverIntoruntimeHost\dllhost.exe100%AviraHEUR/AGEN.1323984
            C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe100%AviraHEUR/AGEN.1323984
            C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat100%AviraBAT/Delbat.C
            C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe100%AviraHEUR/AGEN.1323984
            C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe100%AviraHEUR/AGEN.1323984
            C:\Recovery\cmd.exe100%Joe Sandbox ML
            C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe100%Joe Sandbox ML
            C:\hyperdriverIntoruntimeHost\dllhost.exe100%Joe Sandbox ML
            C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe100%Joe Sandbox ML
            C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe100%Joe Sandbox ML
            C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe100%Joe Sandbox ML
            C:\Recovery\cmd.exe68%VirustotalBrowse
            C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe68%VirustotalBrowse
            C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe68%VirustotalBrowse
            C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe68%VirustotalBrowse
            C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe68%VirustotalBrowse
            C:\hyperdriverIntoruntimeHost\dllhost.exe68%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBridgeSurrogatenet.exe, 00000005.00000002.2195051315.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, BridgeSurrogatenet.exe, 00000005.00000002.2195051315.00000000033F7000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1525385
            Start date and time:2024-10-04 04:57:08 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 8m 10s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:36
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:RustStore_Setup.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@35/19@0/0
            EGA Information:
            • Successful, ratio: 33.3%
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, PID 1784 because it is empty
            • Execution Graph export aborted for target LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, PID 2716 because it is empty
            • Execution Graph export aborted for target LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe, PID 7448 because it is empty
            • Execution Graph export aborted for target cmd.exe, PID 3608 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            04:58:13Task SchedulerRun new task: LFLHWlcKpdKxiJMBhoVPGEPQyHcZ path: "C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"
            04:58:13Task SchedulerRun new task: LFLHWlcKpdKxiJMBhoVPGEPQyHcZL path: "C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"
            04:58:15Task SchedulerRun new task: cmd path: "C:\Recovery\cmd.exe"
            04:58:16Task SchedulerRun new task: cmdc path: "C:\Recovery\cmd.exe"
            04:58:16Task SchedulerRun new task: dllhost path: "C:\hyperdriverIntoruntimeHost\dllhost.exe"
            04:58:16Task SchedulerRun new task: dllhostd path: "C:\hyperdriverIntoruntimeHost\dllhost.exe"
            04:58:16Task SchedulerRun new task: RuntimeBroker path: "C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe"
            04:58:16Task SchedulerRun new task: RuntimeBrokerR path: "C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe"

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Recovery\cmd.exe

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3098112
            Entropy (8bit):7.7309912781240255
            Encrypted:false
            SSDEEP:49152:1Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBom:1ZThZSY82n/TVVK/4X4+ruE2nOm
            MD5:432B80F7150FA78CE2E0635C5DA14546
            SHA1:20673FAA29AC8B70B1155F26861958C816DCDFC2
            SHA-256:197AD0F9744127D42E5FB3A226163A8F846473B2092E3B95E0ADEFC19244B83A
            SHA-512:2A906C59FA53868470A38CE84B4C89E50651F57F1F3EBF4D9FE111F4172D20D32F3C770F6ABEE174069ED484E04409228B22B5DD9FC5A30A3BCE55B920DBF7A7
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................../..6......n+/.. ...@/...@.. ......................../...........@................................. +/.K...../......................./...................................................... ............... ..H............text...t./.. ..../................. ..`.sdata.../...@/..0..../.............@....rsrc........./......@/.............@..@.reloc......../......D/.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Recovery\ebf1f9fa8afd6d

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with very long lines (481), with no line terminators
            Category:dropped
            Size (bytes):481
            Entropy (8bit):5.837839070917738
            Encrypted:false
            SSDEEP:12:fNOiW66KrCntkmKrHAM1vJxVnEDdD+iBzS8393Cz:FXW66hyVrHAM1vJxVnUD+8zf93w
            MD5:2640F9738B0BD4E8123E2D7C5DBBE7E3
            SHA1:963A22EC4A00FDD1F128F573653F0E25E4FBB382
            SHA-256:86166937C44061574CE08DE5BA4B351B35E317D83DCEC7DFF8868ABF50AF531C
            SHA-512:2592A22CB81ABD1319F6896EC1E0A94BD9104ECCA7D35B5DBC9E86DA634A10863C0A6DC3373D84537E26DEFC52B8421AF5930513AB79F2A1164B2FD88DA5EADF
            Malicious:false
            Preview:xwbV17Hrvle1cG0njCjIDmqcrWlTKJxj8EbIqsOpMrit1Q21BhzfmPaLF9nfWxhlx42Xor70y45WD7kbdtSnUS7toQDrEsTYJ756XeNTj8rrTEHIYMCmf4Re7JtYoPwFlgMGBnD8g8DVlPZjI5S2qq3Ppb9OvzpULlGw2BGuIDFh053rtJPs74Y4n6akozNrStJ9JmrHyiunkWYthSelj7WRMLJ5lgGSzYOHw3iHbI4ZKvTQiqCWVlHVW1w7cwfSbbyMHQ7ntXKbC7Hb23X4du6NQ3v4Hlopml7s7HIRsYm8bqSYuUFjZlyrek5OfDgIseybAZeuuFLFI8wkkXJwfEPBwQNWL4wp1dP610YVzUyTZtjgyUnI3tmnPxouLIi0TgNosztu8y7LQ6lDqri1QovI0lrDLnJrw7A3f4x9l3JFwbXTMlDejrkpuFxGHqiUoPZS5shv3jPWepVYOY1kkpIEXUIaHq15V

            C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3098112
            Entropy (8bit):7.7309912781240255
            Encrypted:false
            SSDEEP:49152:1Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBom:1ZThZSY82n/TVVK/4X4+ruE2nOm
            MD5:432B80F7150FA78CE2E0635C5DA14546
            SHA1:20673FAA29AC8B70B1155F26861958C816DCDFC2
            SHA-256:197AD0F9744127D42E5FB3A226163A8F846473B2092E3B95E0ADEFC19244B83A
            SHA-512:2A906C59FA53868470A38CE84B4C89E50651F57F1F3EBF4D9FE111F4172D20D32F3C770F6ABEE174069ED484E04409228B22B5DD9FC5A30A3BCE55B920DBF7A7
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................../..6......n+/.. ...@/...@.. ......................../...........@................................. +/.K...../......................./...................................................... ............... ..H............text...t./.. ..../................. ..`.sdata.../...@/..0..../.............@....rsrc........./......@/.............@..@.reloc......../......D/.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\Public\Desktop\c8b7bf62a6a3f6

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with very long lines (938), with no line terminators
            Category:dropped
            Size (bytes):938
            Entropy (8bit):5.910488299740654
            Encrypted:false
            SSDEEP:12:/E3ISmpc8OexydBPfdbDSzXfjJQ1sbJ0+sqhEWyWmAvEg18HjjVokYie3KQDmcxv:MYSmp/OwydbMnbW9/A8Djitie3KQ6SKE
            MD5:7E1950E157CC1FC559FB64F50C7997EB
            SHA1:E4E1305338761391AD7346C3CC5A91B4310F83DF
            SHA-256:CEF59300280B186D9314EF9A6DB8DEDAF692C5A1E09AF0839F219AAB51F15B33
            SHA-512:BECC947F379E3262A7AAAB7F30F576AB8DC02A5997B81BB2C0255F6A58F7F30F88FDD8EC884631888A9D20D5E2A1AF510790FA62911A6DB7694ED67A5E89C846
            Malicious:false
            Preview:rb7Aaddz0YGy7RYhoKEnOSzAmNIHNchLBagoALcux1d5Zf1LwNFxK4sZm7XNVWlY14wgvtgdrU0Wy4lGV7UAWuBHsGBDxOZbPFDetVaCqmF0DVksWQ2YBlBG3oyordqc4ZHt0GXAhSUuoLEXfTrgWBaoD6lEgvUM6n5nN02P320sQRcrkbIYvJF29dq3eSdv7HyBPaJpbbndKrXve3eFm6bwhCotK9vkZFvJdbcJRd7UgmsSG4YkyXIBqBdMvZebqCEF5OSDbUyJ9GQ5UWnPkLwB6udb7PX18fndhmW2mVIdj9Cjvi2ZvP1fQCJLu0FL76KddwXr9vmPCTc6s3pZX8FtnIMfdLHwQ7gmziG9KKaAmmc7jMc0Kpx80azUj2Oxo08EwzHKxqPNhFGBpP5QsQlkJhwYsvZR6mVwnYKtFSDeakbuUyoU77EYPX5PDsbBR7R4uUXRELLaNGKjFBE4HFU8h7gPc4qW0BNcSgA9aWPwvoLINWJCoh4LmSWwxIzJfzjL3rQjAEduzhM3wYCGvnrSGBzAJOLShFR6F9OfGkCjEKWFFdAZFsY1HQF21PZv3LMtQPxxJhAKkHO6ou4pOwNyrZzy4Wn0LRq27myzqMPhsOR9BINGVthH8XC0a83x4K8TbW9C6E9BgpGcI0xvIgectj4jj7ZrTcniP8ipJLKRtfkSRkskLHoXpgj1bac8oSrDCiMKRIm7VNsN8lR9OzfMyP2tYqNssLmayhPtXiSDeqCbxV3zIduzwfOxpdvl43PJlRZbWimqgcrINa5CxXkPbwoSScD3wrIla20g5bdj1DSTyGkPitxhSAsynHI3fs3zUFrVkZGV3BYXdUeL2yVD3kSaJB2ySjDIKd9sZPoJmbnRlUUTn7BrXz5uxQLigSDT7PMAVvwnJLbb6AyzqjLViWvViP5IDGmTYUUWHU

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BridgeSurrogatenet.exe.log

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1915
            Entropy (8bit):5.363869398054153
            Encrypted:false
            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1Gq2
            MD5:5D3E8414C47C0F4A064FA0043789EC3E
            SHA1:CF7FC44D13EA93E644AC81C5FE61D6C8EDFA41B0
            SHA-256:4FDFF52E159C9D420E13E429CCD2B40025A0110AD84DC357BE17E21654BEEBC7
            SHA-512:74D567BBBA09EDF55D2422653F6647DCFBA8EF6CA0D4DBEBD91E3CA9B3A278C99FA52832EDF823F293C416053727D0CF15F878EC1278E62524DA1513DA4AC6AF
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe.log

            Download File
            Process:C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\cmd.exe.log

            Download File
            Process:C:\Recovery\cmd.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1281
            Entropy (8bit):5.370111951859942
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
            MD5:12C61586CD59AA6F2A21DF30501F71BD
            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
            Malicious:false
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:DOS batch file, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):222
            Entropy (8bit):5.32951548191324
            Encrypted:false
            SSDEEP:6:hITg3Nou11r+DE1aH9tcJSeZKOZG1923f0cRH:OTg9YDEGYbH
            MD5:CB9C10AC0E0C77C04E96737C21C07D31
            SHA1:602AC48398A05E7C8D4B09156D32A8066FE7E085
            SHA-256:BC8A7DAFDB8BC38FEDBB1F19F5FE8AA7CCE544F0A42ADD557FCC32B9B137AB00
            SHA-512:46785540777B34E18D608A307C5D0A843B6AD12331DFDA32EFCC3C6449A853B3B1FAFA398FB1C217F47187CF31F461B2C7D36256D7CC20817CA11326967796F2
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\7hM3IriNjv.bat"

            C:\Users\user\AppData\Local\Temp\MvCJNUdD46

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):25
            Entropy (8bit):4.293660689688184
            Encrypted:false
            SSDEEP:3:QbLKwxo7:mLKwc
            MD5:9B730135CFE7F031CE0D09F9E9A65B40
            SHA1:CF5DCC3DF7DECA9422354F29BB59F341521FD1B1
            SHA-256:3DF5EF60C2770E60AAA594F4C54B4A96B62F4526065D05E8EAA94AD6ED9E7445
            SHA-512:DF6F9E5E4BD63F3582E7FD3FB93D0A3D1B45EF7B8BD21BF0FF056DC37D44043DF6886F93899A32B59E558F17A62930418B8184BDFED9E534FE2E147A595F8B44
            Malicious:false
            Preview:AAGcC8tJCt16uSPoUTvAlrwbi

            C:\hyperdriverIntoruntimeHost\5940a34987c991

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):15
            Entropy (8bit):3.906890595608518
            Encrypted:false
            SSDEEP:3:aNn:aNn
            MD5:6ED5D09FCBDA7D07ED069773FDF1A551
            SHA1:B3407144733F309B01747532BD68EA5199EF9604
            SHA-256:AAAAD4460BCFE8EB1A8341F9FBA988E0D276BCC58FB688E998AB2B82821286D5
            SHA-512:B4DB527BA167AC6BBCCD9D1100586C129A382B3F660D4CB2DD8F64AE35F91823CF838B7E681D86AE31D166259DFE311F01BB9787F2EEA2714D5FF9657567805D
            Malicious:false
            Preview:bNKFtZ2sy7u9HU4

            C:\hyperdriverIntoruntimeHost\9e8d7a4ca61bd9

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with very long lines (310), with no line terminators
            Category:dropped
            Size (bytes):310
            Entropy (8bit):5.8287744908471995
            Encrypted:false
            SSDEEP:6:fS4y0dN2CMoW+csVllVXt0pNTw1Cudf8pIY9/JR+cr:fS4y2VS+cC30pKCuWF3
            MD5:5146808634EEFBA0D3DAC0FEA9448E14
            SHA1:90990B32D65BA5F6EA0BDB8F5DB0D1523C464E46
            SHA-256:CB3D6B01817C9D06C1EA94BCACDCEF0357E790D7EE4CFD269E9D48F72BB199C3
            SHA-512:0756738D12BB1F51D761B39AF8CF5C8F83586951EAC247F8C906D1B17CD3A3FA4818E091A24393C5E41B0A273439BBD2543D9A059ED900451DBF79B2592C59AF
            Malicious:false
            Preview:EHmKKDrryIGXEbasJw38mYSHLe05Dsrbcb59ruahZ6XiOnmwXn9Pdhppzf8qMvoFbo5mgbAZVWiqAt2h2DhZtc74vQKMwuUnSSHjs9Q6mk3H89oFmayJOOW8qB1QQymlB5XsmTz2xkwJj05vlFjW5LYD6J2qI9py7RFDm5cTk5WnbNZ0GFoLOQp0gUwdaIux58LSu1JqmQvAyvlstCkCUdjrlPgRJ92cKisdBGGO58j8epBvsDtYhsdbYereV1gmXT0QCIrm5WGV4lM5NvjFQe4cERFhZl3Db7kLzuskWGcLlHgwSvRjSa

            C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe

            Download File
            Process:C:\Users\user\Desktop\RustStore_Setup.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3098112
            Entropy (8bit):7.7309912781240255
            Encrypted:false
            SSDEEP:49152:1Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBom:1ZThZSY82n/TVVK/4X4+ruE2nOm
            MD5:432B80F7150FA78CE2E0635C5DA14546
            SHA1:20673FAA29AC8B70B1155F26861958C816DCDFC2
            SHA-256:197AD0F9744127D42E5FB3A226163A8F846473B2092E3B95E0ADEFC19244B83A
            SHA-512:2A906C59FA53868470A38CE84B4C89E50651F57F1F3EBF4D9FE111F4172D20D32F3C770F6ABEE174069ED484E04409228B22B5DD9FC5A30A3BCE55B920DBF7A7
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................../..6......n+/.. ...@/...@.. ......................../...........@................................. +/.K...../......................./...................................................... ............... ..H............text...t./.. ..../................. ..`.sdata.../...@/..0..../.............@....rsrc........./......@/.............@..@.reloc......../......D/.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat

            Download File
            Process:C:\Users\user\Desktop\RustStore_Setup.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):54
            Entropy (8bit):4.282187734842534
            Encrypted:false
            SSDEEP:3:I56AXa5RLsbPcoQaA0R0dAHn:IlKQLP0di
            MD5:618ED0F04E6F0BA6549F0175C4DCE46B
            SHA1:FB0868CAA2E6CD2C1F3E4521CE1889C447894123
            SHA-256:92A5167DE9BE9281E8995B088CEEBAA504436F1BAF7C9443AF1A445A60AA9459
            SHA-512:DBD4A271A3080083A0BEF3E968AB4D14E5F687442CFA2DC3BA96C497D1F28EFA359CB839AB669C8BBDE0693D1651E3D2A7319A594D86B9A1167F7C071FDAEF55
            Malicious:false
            Preview:"C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe"

            C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3098112
            Entropy (8bit):7.7309912781240255
            Encrypted:false
            SSDEEP:49152:1Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBom:1ZThZSY82n/TVVK/4X4+ruE2nOm
            MD5:432B80F7150FA78CE2E0635C5DA14546
            SHA1:20673FAA29AC8B70B1155F26861958C816DCDFC2
            SHA-256:197AD0F9744127D42E5FB3A226163A8F846473B2092E3B95E0ADEFC19244B83A
            SHA-512:2A906C59FA53868470A38CE84B4C89E50651F57F1F3EBF4D9FE111F4172D20D32F3C770F6ABEE174069ED484E04409228B22B5DD9FC5A30A3BCE55B920DBF7A7
            Malicious:true
            Antivirus:
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................../..6......n+/.. ...@/...@.. ......................../...........@................................. +/.K...../......................./...................................................... ............... ..H............text...t./.. ..../................. ..`.sdata.../...@/..0..../.............@....rsrc........./......@/.............@..@.reloc......../......D/.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3098112
            Entropy (8bit):7.7309912781240255
            Encrypted:false
            SSDEEP:49152:1Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBom:1ZThZSY82n/TVVK/4X4+ruE2nOm
            MD5:432B80F7150FA78CE2E0635C5DA14546
            SHA1:20673FAA29AC8B70B1155F26861958C816DCDFC2
            SHA-256:197AD0F9744127D42E5FB3A226163A8F846473B2092E3B95E0ADEFC19244B83A
            SHA-512:2A906C59FA53868470A38CE84B4C89E50651F57F1F3EBF4D9FE111F4172D20D32F3C770F6ABEE174069ED484E04409228B22B5DD9FC5A30A3BCE55B920DBF7A7
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................../..6......n+/.. ...@/...@.. ......................../...........@................................. +/.K...../......................./...................................................... ............... ..H............text...t./.. ..../................. ..`.sdata.../...@/..0..../.............@....rsrc........./......@/.............@..@.reloc......../......D/.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe

            Download File
            Process:C:\Users\user\Desktop\RustStore_Setup.exe
            File Type:data
            Category:dropped
            Size (bytes):212
            Entropy (8bit):5.776349847203621
            Encrypted:false
            SSDEEP:6:GUwqK+NkLzWbHo18nZNDd3RL1wQJRM+CevSpR/1Ljfs:GlMCzWLo14d3XBJGOvsLo
            MD5:9D240E3FFAC0ADEDFC210A868185E803
            SHA1:9C2FE870DECAF967C28046CACD682EA2D56165E6
            SHA-256:1E894A36B99ED2DC2FC7CC6FEBE47EECF80D27F91A4BA5AA05A76A9AA6564798
            SHA-512:1D220FC7B2C82756CF6A3351EACC8A13BEB94933D3E86A0FB683F811A7F642D2D380B6DF9D6B67B9EA4219AEFEC812DC6178EBDD4231BD2FCC059FE7BB05B25A
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Preview:#@~^uwAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vGT!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJtza+MNDb\..q.YGD!xOrs+CKdYJqnFGo6ZZ4R8lOEBPT~,Wl^/nZjwAAA==^#~@.

            C:\hyperdriverIntoruntimeHost\c8b7bf62a6a3f6

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):200
            Entropy (8bit):5.719788943270429
            Encrypted:false
            SSDEEP:3:zfPo+GB3eVdE13NeprWmpZZk2Dm1LRFV1NRThYClA90dDN4DKhQC2oF5eEXfwxD:zP+64NtMZ2N1LRFf7VlFN4ecoFZwxD
            MD5:1C78F4AE0C59943D313FCDB1C857ED1F
            SHA1:C6D35439E8661D1DDADFEC72BC0E4B3F5C0A22C1
            SHA-256:78023DD24CBC3D796F2316C6E6720DB1A8805B426BFF9E6163E70EE25D0F4832
            SHA-512:EBD400DCA828088915D204BB4A3389039FE653A674CE072F8C42A2F38770F1AF8A5292DDA60EC597D628D5EA9B4320AB73ED9572733A7FC0068EBF36713D4180
            Malicious:false
            Preview:mkzUVPr8tGMo4azkcdRf05pxaguDgJVLZ7RDs3pvL3vLSi3NWfMikLVr4C4yfobjuAO7Jw1iyfU6Kdf1ngrB7wkOljIq90PhbLaRU6DjontE0YgahCL86am7aAVjnLi7Qxf9CNhqcHWTDfXMDrI7pRkAic0Tke6dEwyD3hYTeegzDT44mIg6ClS8MeajWNG8L3OQqUTf

            C:\hyperdriverIntoruntimeHost\dllhost.exe

            Download File
            Process:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):3098112
            Entropy (8bit):7.7309912781240255
            Encrypted:false
            SSDEEP:49152:1Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBom:1ZThZSY82n/TVVK/4X4+ruE2nOm
            MD5:432B80F7150FA78CE2E0635C5DA14546
            SHA1:20673FAA29AC8B70B1155F26861958C816DCDFC2
            SHA-256:197AD0F9744127D42E5FB3A226163A8F846473B2092E3B95E0ADEFC19244B83A
            SHA-512:2A906C59FA53868470A38CE84B4C89E50651F57F1F3EBF4D9FE111F4172D20D32F3C770F6ABEE174069ED484E04409228B22B5DD9FC5A30A3BCE55B920DBF7A7
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Virustotal, Detection: 68%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................../..6......n+/.. ...@/...@.. ......................../...........@................................. +/.K...../......................./...................................................... ............... ..H............text...t./.. ..../................. ..`.sdata.../...@/..0..../.............@....rsrc........./......@/.............@..@.reloc......../......D/.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            \Device\Null

            Download File
            Process:C:\Windows\System32\w32tm.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):151
            Entropy (8bit):4.753627250737138
            Encrypted:false
            SSDEEP:3:VLV993J+miJWEoJ8FXEpBNe9XKvp3/GKvj:Vx993DEUDLGs
            MD5:E9DFD22695581D527E33C4AE796731EE
            SHA1:82395956C38321D078756A78921EAE5F2215142B
            SHA-256:23227B648BF3D5D5367E5B302472EACE465FE40271AE5366146134ADB743F42C
            SHA-512:A9F533B8D306F16825DE68F6F18C613536E947D40CB889E44EEEAA80BB36DA4D4967ACDE4972580BB31DE9D9202BCE6424A75A3426856C61F1C43355F95E0E9E
            Malicious:false
            Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 04/10/2024 00:46:10..00:46:10, error: 0x80072746.00:46:15, error: 0x80072746.

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):7.592127901789459
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            • Win32 Executable (generic) a (10002005/4) 49.97%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:RustStore_Setup.exe
            File size:3'647'136 bytes
            MD5:4e4c8bd71f7875fac184a95f79fb1327
            SHA1:e24f4fd00b568e2e278a1ec6f4b86181c393b025
            SHA256:e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d
            SHA512:5b9f5592f364777fc1385b5a72699b39fc5f13b85fbfab24aef884d2446772a25cbc1cd6fc4c0716baf42259f6660f19511d603b17c4fcac736086cc15b3b2fa
            SSDEEP:49152:hbA3C8Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBomh:hbeZThZSY82n/TVVK/4X4+ruE2nOmh
            TLSH:A8F5DFC1BE408B1DEC09C53FC2AFE71447B4E84026A5E32B79A9F66D1411F97390D6BA
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'..

            File Icon

            Icon Hash:8d0d4e4891383628

            Static PE Info

            General

            Entrypoint:0x41ec40
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Time Stamp:0x5FC684D7 [Tue Dec 1 18:00:55 2020 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:5
            OS Version Minor:1
            File Version Major:5
            File Version Minor:1
            Subsystem Version Major:5
            Subsystem Version Minor:1
            Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

            Entrypoint Preview

            Instruction
            call 00007FA50C7C1CF9h
            jmp 00007FA50C7C170Dh
            cmp ecx, dword ptr [0043E668h]
            jne 00007FA50C7C1885h
            ret
            jmp 00007FA50C7C1E7Eh
            int3
            int3
            int3
            int3
            int3
            push ebp
            mov ebp, esp
            push esi
            push dword ptr [ebp+08h]
            mov esi, ecx
            call 00007FA50C7B4617h
            mov dword ptr [esi], 00435580h
            mov eax, esi
            pop esi
            pop ebp
            retn 0004h
            and dword ptr [ecx+04h], 00000000h
            mov eax, ecx
            and dword ptr [ecx+08h], 00000000h
            mov dword ptr [ecx+04h], 00435588h
            mov dword ptr [ecx], 00435580h
            ret
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            lea eax, dword ptr [ecx+04h]
            mov dword ptr [ecx], 00435568h
            push eax
            call 00007FA50C7C4A1Dh
            pop ecx
            ret
            push ebp
            mov ebp, esp
            sub esp, 0Ch
            lea ecx, dword ptr [ebp-0Ch]
            call 00007FA50C7B45AEh
            push 0043B704h
            lea eax, dword ptr [ebp-0Ch]
            push eax
            call 00007FA50C7C4132h
            int3
            push ebp
            mov ebp, esp
            sub esp, 0Ch
            lea ecx, dword ptr [ebp-0Ch]
            call 00007FA50C7C1824h
            push 0043B91Ch
            lea eax, dword ptr [ebp-0Ch]
            push eax
            call 00007FA50C7C4115h
            int3
            jmp 00007FA50C7C6163h
            jmp dword ptr [00433260h]
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            int3
            push 00421EB0h
            push dword ptr fs:[00000000h]

            Rich Headers

            Programming Language:
            • [ C ] VS2008 SP1 build 30729
            • [IMP] VS2008 SP1 build 30729
            • [C++] VS2015 UPD3.1 build 24215
            • [EXP] VS2015 UPD3.1 build 24215
            • [RES] VS2015 UPD3 build 24213
            • [LNK] VS2015 UPD3.1 build 24215

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8200x34.rdata
            IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8540x3c.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x46968.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xaa0000x2268.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x3aac00x54.rdata
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355080x40.rdata
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x330000x260.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bdc40x120.rdata
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x310ea0x31200c5bf61bbedb6ad471e9dc6266398e965False0.583959526081425data6.708075396341128IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x330000xa6120xa8007980b588d5b28128a2f3c36cabe2ce98False0.45284598214285715data5.221742709250668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x3e0000x237280x1000201530c9e56f172adf2473053298d48fFalse0.36767578125data3.7088186669877685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .didat0x620000x1880x200c5d41d8f254f69e567595ab94266cfdcFalse0.4453125data3.2982538067961342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x630000x469680x46a00b5d32eef9f385b09aafad4b916d0131aFalse0.09205613938053098data3.5635569423282156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xaa0000x22680x2400c7a942b723cb29d9c02f7c611b544b50False0.7681206597222222data6.5548620101740545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            PNG0x635240xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
            PNG0x6406c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
            RT_ICON0x656180x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2621440.05242699056129242
            RT_DIALOG0xa76400x286dataEnglishUnited States0.5092879256965944
            RT_DIALOG0xa78c80x13adataEnglishUnited States0.60828025477707
            RT_DIALOG0xa7a040xecdataEnglishUnited States0.6991525423728814
            RT_DIALOG0xa7af00x12edataEnglishUnited States0.5927152317880795
            RT_DIALOG0xa7c200x338dataEnglishUnited States0.45145631067961167
            RT_DIALOG0xa7f580x252dataEnglishUnited States0.5757575757575758
            RT_STRING0xa81ac0x1e2dataEnglishUnited States0.3900414937759336
            RT_STRING0xa83900x1ccdataEnglishUnited States0.4282608695652174
            RT_STRING0xa855c0x1b8dataEnglishUnited States0.45681818181818185
            RT_STRING0xa87140x146dataEnglishUnited States0.5153374233128835
            RT_STRING0xa885c0x446dataEnglishUnited States0.340036563071298
            RT_STRING0xa8ca40x166dataEnglishUnited States0.49162011173184356
            RT_STRING0xa8e0c0x152dataEnglishUnited States0.5059171597633136
            RT_STRING0xa8f600x10adataEnglishUnited States0.49624060150375937
            RT_STRING0xa906c0xbcdataEnglishUnited States0.6329787234042553
            RT_STRING0xa91280xd6dataEnglishUnited States0.5747663551401869
            RT_GROUP_ICON0xa92000x14data1.1
            RT_MANIFEST0xa92140x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

            Imports

            DLLImport
            KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
            gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:22:58:03
            Start date:03/10/2024
            Path:C:\Users\user\Desktop\RustStore_Setup.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\RustStore_Setup.exe"
            Imagebase:0xa30000
            File size:3'647'136 bytes
            MD5 hash:4E4C8BD71F7875FAC184A95F79FB1327
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:1
            Start time:22:58:03
            Start date:03/10/2024
            Path:C:\Windows\SysWOW64\wscript.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\System32\WScript.exe" "C:\hyperdriverIntoruntimeHost\RyNGDgfn2lqcEdmANFTv.vbe"
            Imagebase:0x5f0000
            File size:147'456 bytes
            MD5 hash:FF00E0480075B095948000BDC66E81F0
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:3
            Start time:22:58:11
            Start date:03/10/2024
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:C:\Windows\system32\cmd.exe /c ""C:\hyperdriverIntoruntimeHost\IP7oFx0Ch.bat" "
            Imagebase:0x790000
            File size:236'544 bytes
            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:22:58:11
            Start date:03/10/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff6d64d0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:5
            Start time:22:58:11
            Start date:03/10/2024
            Path:C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe
            Wow64 process (32bit):false
            Commandline:"C:\hyperdriverIntoruntimeHost\BridgeSurrogatenet.exe"
            Imagebase:0xb90000
            File size:3'098'112 bytes
            MD5 hash:432B80F7150FA78CE2E0635C5DA14546
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2195051315.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2195051315.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2196364821.00000000130ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 68%, Virustotal, Browse
            Reputation:low
            Has exited:true

            General

            Target ID:6
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:7
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZ" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:8
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 13 /tr "'C:\hyperdriverIntoruntimeHost\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6d64d0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:9
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:10
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZ" /sc ONLOGON /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:11
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "LFLHWlcKpdKxiJMBhoVPGEPQyHcZL" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:12
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\Recovery\cmd.exe'" /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:13
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:14
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Wow64 process (32bit):false
            Commandline:C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Imagebase:0x670000
            File size:3'098'112 bytes
            MD5 hash:432B80F7150FA78CE2E0635C5DA14546
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000E.00000002.2274187756.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 100%, Joe Sandbox ML
            • Detection: 68%, Virustotal, Browse
            Has exited:true

            General

            Target ID:15
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\Recovery\cmd.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:16
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Wow64 process (32bit):false
            Commandline:C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Imagebase:0x6a0000
            File size:3'098'112 bytes
            MD5 hash:432B80F7150FA78CE2E0635C5DA14546
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2281773003.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2281773003.0000000002C4D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:17
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:18
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:19
            Start time:22:58:13
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\hyperdriverIntoruntimeHost\dllhost.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:20
            Start time:22:58:14
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:21
            Start time:22:58:14
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:22
            Start time:22:58:14
            Start date:03/10/2024
            Path:C:\Windows\System32\schtasks.exe
            Wow64 process (32bit):false
            Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\hyperdriverIntoruntimeHost\RuntimeBroker.exe'" /rl HIGHEST /f
            Imagebase:0x7ff6c2fc0000
            File size:235'008 bytes
            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:24
            Start time:22:58:14
            Start date:03/10/2024
            Path:C:\Windows\System32\cmd.exe
            Wow64 process (32bit):false
            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7hM3IriNjv.bat"
            Imagebase:0x7ff6a3230000
            File size:289'792 bytes
            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:25
            Start time:22:58:14
            Start date:03/10/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff6d64d0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:26
            Start time:22:58:15
            Start date:03/10/2024
            Path:C:\Windows\System32\w32tm.exe
            Wow64 process (32bit):false
            Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
            Imagebase:0x7ff7c8520000
            File size:108'032 bytes
            MD5 hash:81A82132737224D324A3E8DA993E2FB5
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:27
            Start time:22:58:15
            Start date:03/10/2024
            Path:C:\Recovery\cmd.exe
            Wow64 process (32bit):false
            Commandline:C:\Recovery\cmd.exe
            Imagebase:0x100000
            File size:3'098'112 bytes
            MD5 hash:432B80F7150FA78CE2E0635C5DA14546
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.2298715470.0000000002691000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.2298715470.00000000026CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 68%, Virustotal, Browse
            Has exited:true

            General

            Target ID:28
            Start time:22:58:16
            Start date:03/10/2024
            Path:C:\Recovery\cmd.exe
            Wow64 process (32bit):false
            Commandline:C:\Recovery\cmd.exe
            Imagebase:0x590000
            File size:3'098'112 bytes
            MD5 hash:432B80F7150FA78CE2E0635C5DA14546
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001C.00000002.2305479349.000000000297D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001C.00000002.2305479349.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            General

            Target ID:34
            Start time:22:58:20
            Start date:03/10/2024
            Path:C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\Public\Desktop\LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.exe"
            Imagebase:0x670000
            File size:3'098'112 bytes
            MD5 hash:432B80F7150FA78CE2E0635C5DA14546
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2326677524.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:9.7%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:9.4%
              Total number of Nodes:1471
              Total number of Limit Nodes:26
              execution_graph 24810 a396a0 79 API calls 24863 a5e9a0 51 API calls 24813 a4e4a2 38 API calls 2 library calls 24864 a579b7 55 API calls _free 24814 a316b0 84 API calls 22945 a590b0 22953 a5a56f 22945->22953 22948 a590c4 22950 a590cc 22951 a590d9 22950->22951 22961 a590e0 11 API calls 22950->22961 22962 a5a458 22953->22962 22956 a5a5ae TlsAlloc 22957 a5a59f 22956->22957 22969 a4ec4a 22957->22969 22959 a590ba 22959->22948 22960 a59029 20 API calls 2 library calls 22959->22960 22960->22950 22961->22948 22963 a5a488 22962->22963 22964 a5a484 22962->22964 22963->22956 22963->22957 22964->22963 22965 a5a4a8 22964->22965 22976 a5a4f4 22964->22976 22965->22963 22967 a5a4b4 GetProcAddress 22965->22967 22968 a5a4c4 __crt_fast_encode_pointer 22967->22968 22968->22963 22970 a4ec55 IsProcessorFeaturePresent 22969->22970 22971 a4ec53 22969->22971 22973 a4f267 22970->22973 22971->22959 22983 a4f22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22973->22983 22975 a4f34a 22975->22959 22977 a5a515 LoadLibraryExW 22976->22977 22982 a5a50a 22976->22982 22978 a5a532 GetLastError 22977->22978 22981 a5a54a 22977->22981 22980 a5a53d LoadLibraryExW 22978->22980 22978->22981 22979 a5a561 FreeLibrary 22979->22982 22980->22981 22981->22979 22981->22982 22982->22964 22983->22975 22984 a5a3b0 22986 a5a3bb 22984->22986 22987 a5a3e4 22986->22987 22988 a5a3e0 22986->22988 22990 a5a6ca 22986->22990 22997 a5a410 DeleteCriticalSection 22987->22997 22991 a5a458 __dosmaperr 5 API calls 22990->22991 22992 a5a6f1 22991->22992 22993 a5a70f InitializeCriticalSectionAndSpinCount 22992->22993 22996 a5a6fa 22992->22996 22993->22996 22994 a4ec4a DloadUnlock 5 API calls 22995 a5a726 22994->22995 22995->22986 22996->22994 22997->22988 24815 a51eb0 6 API calls 4 library calls 24817 a576bd 52 API calls 3 library calls 24868 a55780 QueryPerformanceFrequency QueryPerformanceCounter 23070 a31385 82 API calls 3 library calls 24869 a52397 48 API calls 23266 a4d997 23267 a4d89b 23266->23267 23268 a4df59 ___delayLoadHelper2@8 19 API calls 23267->23268 23268->23267 24819 a47090 114 API calls 24820 a4cc90 70 API calls 24870 a4a990 97 API calls 24871 a49b90 GdipCloneImage GdipAlloc 23270 a4d891 19 API calls ___delayLoadHelper2@8 24872 a59b90 21 API calls 2 library calls 24823 a4a89d 78 API calls 24824 a3ea98 FreeLibrary 23276 a4aee0 23277 a4aeea __EH_prolog 23276->23277 23439 a3130b 23277->23439 23280 a4af2c 23284 a4afa2 23280->23284 23285 a4af39 23280->23285 23311 a4af18 23280->23311 23281 a4b5cb 23514 a4cd2e 23281->23514 23288 a4b041 GetDlgItemTextW 23284->23288 23294 a4afbc 23284->23294 23289 a4af75 23285->23289 23290 a4af3e 23285->23290 23286 a4b5f7 23292 a4b600 SendDlgItemMessageW 23286->23292 23293 a4b611 GetDlgItem SendMessageW 23286->23293 23287 a4b5e9 SendMessageW 23287->23286 23288->23289 23291 a4b077 23288->23291 23296 a4af96 KiUserCallbackDispatcher 23289->23296 23289->23311 23295 a3ddd1 53 API calls 23290->23295 23290->23311 23297 a4b08f GetDlgItem 23291->23297 23437 a4b080 23291->23437 23292->23293 23532 a49da4 GetCurrentDirectoryW 23293->23532 23299 a3ddd1 53 API calls 23294->23299 23300 a4af58 23295->23300 23296->23311 23302 a4b0a4 SendMessageW SendMessageW 23297->23302 23303 a4b0c5 SetFocus 23297->23303 23304 a4afde SetDlgItemTextW 23299->23304 23552 a31241 SHGetMalloc 23300->23552 23301 a4b641 GetDlgItem 23307 a4b664 SetWindowTextW 23301->23307 23308 a4b65e 23301->23308 23302->23303 23309 a4b0d5 23303->23309 23319 a4b0ed 23303->23319 23305 a4afec 23304->23305 23305->23311 23317 a4aff9 GetMessageW 23305->23317 23533 a4a2c7 GetClassNameW 23307->23533 23308->23307 23310 a3ddd1 53 API calls 23309->23310 23316 a4b0df 23310->23316 23312 a4af5f 23312->23311 23318 a4af63 SetDlgItemTextW 23312->23318 23313 a4b56b 23320 a3ddd1 53 API calls 23313->23320 23553 a4cb5a 23316->23553 23317->23311 23323 a4b010 IsDialogMessageW 23317->23323 23318->23311 23328 a3ddd1 53 API calls 23319->23328 23324 a4b57b SetDlgItemTextW 23320->23324 23323->23305 23326 a4b01f TranslateMessage DispatchMessageW 23323->23326 23327 a4b58f 23324->23327 23326->23305 23331 a3ddd1 53 API calls 23327->23331 23330 a4b124 23328->23330 23329 a4b6af 23335 a4b6df 23329->23335 23340 a3ddd1 53 API calls 23329->23340 23336 a3400a _swprintf 51 API calls 23330->23336 23337 a4b5b8 23331->23337 23332 a4b0e6 23449 a3a04f 23332->23449 23334 a4bdf5 98 API calls 23334->23329 23347 a4bdf5 98 API calls 23335->23347 23377 a4b797 23335->23377 23341 a4b136 23336->23341 23338 a3ddd1 53 API calls 23337->23338 23338->23311 23345 a4b6c2 SetDlgItemTextW 23340->23345 23346 a4cb5a 16 API calls 23341->23346 23342 a4b847 23349 a4b850 EnableWindow 23342->23349 23350 a4b859 23342->23350 23343 a4b174 GetLastError 23344 a4b17f 23343->23344 23455 a4a322 SetCurrentDirectoryW 23344->23455 23352 a3ddd1 53 API calls 23345->23352 23346->23332 23348 a4b6fa 23347->23348 23356 a4b70c 23348->23356 23378 a4b731 23348->23378 23349->23350 23353 a4b876 23350->23353 23571 a312c8 GetDlgItem EnableWindow 23350->23571 23355 a4b6d6 SetDlgItemTextW 23352->23355 23361 a4b89d 23353->23361 23369 a4b895 SendMessageW 23353->23369 23354 a4b195 23359 a4b1ac 23354->23359 23360 a4b19e GetLastError 23354->23360 23355->23335 23569 a49635 32 API calls 23356->23569 23357 a4b78a 23362 a4bdf5 98 API calls 23357->23362 23368 a4b227 23359->23368 23372 a4b237 23359->23372 23374 a4b1c4 GetTickCount 23359->23374 23360->23359 23361->23311 23365 a3ddd1 53 API calls 23361->23365 23362->23377 23364 a4b86c 23572 a312c8 GetDlgItem EnableWindow 23364->23572 23371 a4b8b6 SetDlgItemTextW 23365->23371 23366 a4b725 23366->23378 23368->23372 23373 a4b46c 23368->23373 23369->23361 23370 a4b825 23570 a49635 32 API calls 23370->23570 23371->23311 23380 a4b407 23372->23380 23381 a4b24f GetModuleFileNameW 23372->23381 23471 a312e6 GetDlgItem ShowWindow 23373->23471 23375 a3400a _swprintf 51 API calls 23374->23375 23382 a4b1dd 23375->23382 23377->23342 23377->23370 23384 a3ddd1 53 API calls 23377->23384 23378->23357 23385 a4bdf5 98 API calls 23378->23385 23380->23289 23389 a3ddd1 53 API calls 23380->23389 23563 a3eb3a 80 API calls 23381->23563 23456 a3971e 23382->23456 23383 a4b844 23383->23342 23384->23377 23390 a4b75f 23385->23390 23386 a4b47c 23472 a312e6 GetDlgItem ShowWindow 23386->23472 23388 a4b275 23393 a3400a _swprintf 51 API calls 23388->23393 23394 a4b41b 23389->23394 23390->23357 23395 a4b768 DialogBoxParamW 23390->23395 23392 a4b486 23473 a3ddd1 23392->23473 23397 a4b297 CreateFileMappingW 23393->23397 23399 a3400a _swprintf 51 API calls 23394->23399 23395->23289 23395->23357 23401 a4b2f9 GetCommandLineW 23397->23401 23433 a4b376 __vswprintf_c_l 23397->23433 23403 a4b439 23399->23403 23406 a4b30a 23401->23406 23402 a4b203 23407 a4b215 23402->23407 23408 a4b20a GetLastError 23402->23408 23415 a3ddd1 53 API calls 23403->23415 23404 a4b381 ShellExecuteExW 23428 a4b39e 23404->23428 23564 a4ab2e SHGetMalloc 23406->23564 23464 a39653 23407->23464 23408->23407 23409 a4b4a2 SetDlgItemTextW GetDlgItem 23412 a4b4d7 23409->23412 23413 a4b4bf GetWindowLongW SetWindowLongW 23409->23413 23477 a4bdf5 23412->23477 23413->23412 23414 a4b326 23565 a4ab2e SHGetMalloc 23414->23565 23415->23289 23419 a4b332 23566 a4ab2e SHGetMalloc 23419->23566 23420 a4b3e1 23420->23380 23427 a4b3f7 UnmapViewOfFile CloseHandle 23420->23427 23421 a4bdf5 98 API calls 23423 a4b4f3 23421->23423 23502 a4d0f5 23423->23502 23424 a4b33e 23567 a3ecad 80 API calls ___scrt_get_show_window_mode 23424->23567 23427->23380 23428->23420 23431 a4b3cd Sleep 23428->23431 23430 a4b355 MapViewOfFile 23430->23433 23431->23420 23431->23428 23432 a4bdf5 98 API calls 23436 a4b519 23432->23436 23433->23404 23434 a4b542 23568 a312c8 GetDlgItem EnableWindow 23434->23568 23436->23434 23438 a4bdf5 98 API calls 23436->23438 23437->23289 23437->23313 23438->23434 23440 a3136d 23439->23440 23443 a31314 23439->23443 23574 a3da71 GetWindowLongW SetWindowLongW 23440->23574 23442 a3137a 23442->23280 23442->23281 23442->23311 23443->23442 23573 a3da98 62 API calls 2 library calls 23443->23573 23445 a31336 23445->23442 23446 a31349 GetDlgItem 23445->23446 23446->23442 23447 a31359 23446->23447 23447->23442 23448 a3135f SetWindowTextW 23447->23448 23448->23442 23451 a3a059 23449->23451 23450 a3a0ea 23452 a3a207 9 API calls 23450->23452 23454 a3a113 23450->23454 23451->23450 23451->23454 23575 a3a207 23451->23575 23452->23454 23454->23343 23454->23344 23455->23354 23457 a39728 23456->23457 23458 a39792 CreateFileW 23457->23458 23459 a39786 23457->23459 23458->23459 23460 a3b66c 2 API calls 23459->23460 23461 a397e4 23459->23461 23462 a397cb 23460->23462 23461->23402 23462->23461 23463 a397cf CreateFileW 23462->23463 23463->23461 23465 a39677 23464->23465 23470 a39688 23464->23470 23466 a39683 23465->23466 23467 a3968a 23465->23467 23465->23470 23596 a39817 23466->23596 23601 a396d0 23467->23601 23470->23368 23471->23386 23472->23392 23616 a3ddff 23473->23616 23476 a312e6 GetDlgItem ShowWindow 23476->23409 23478 a4bdff __EH_prolog 23477->23478 23479 a4b4e5 23478->23479 23480 a4aa36 ExpandEnvironmentStringsW 23478->23480 23479->23421 23491 a4be36 _wcsrchr 23480->23491 23482 a4aa36 ExpandEnvironmentStringsW 23482->23491 23483 a4c11d SetWindowTextW 23483->23491 23486 a535de 22 API calls 23486->23491 23488 a4bf0b SetFileAttributesW 23490 a4bfc5 GetFileAttributesW 23488->23490 23501 a4bf25 ___scrt_get_show_window_mode 23488->23501 23490->23491 23493 a4bfd7 DeleteFileW 23490->23493 23491->23479 23491->23482 23491->23483 23491->23486 23491->23488 23494 a4c2e7 GetDlgItem SetWindowTextW SendMessageW 23491->23494 23497 a4c327 SendMessageW 23491->23497 23639 a417ac CompareStringW 23491->23639 23640 a49da4 GetCurrentDirectoryW 23491->23640 23642 a3a52a 7 API calls 23491->23642 23643 a3a4b3 FindClose 23491->23643 23644 a4ab9a 76 API calls ___std_exception_copy 23491->23644 23493->23491 23495 a4bfe8 23493->23495 23494->23491 23496 a3400a _swprintf 51 API calls 23495->23496 23498 a4c008 GetFileAttributesW 23496->23498 23497->23491 23498->23495 23499 a4c01d MoveFileW 23498->23499 23499->23491 23500 a4c035 MoveFileExW 23499->23500 23500->23491 23501->23490 23501->23491 23641 a3b4f7 52 API calls 2 library calls 23501->23641 23503 a4d0ff __EH_prolog 23502->23503 23645 a3fead 23503->23645 23505 a4d130 23649 a35c59 23505->23649 23507 a4d14e 23653 a37c68 23507->23653 23511 a4d1a1 23670 a37cfb 23511->23670 23513 a4b504 23513->23432 23515 a4cd38 23514->23515 24143 a49d1a 23515->24143 23518 a4cd45 GetWindow 23519 a4b5d1 23518->23519 23522 a4cd65 23518->23522 23519->23286 23519->23287 23520 a4cd72 GetClassNameW 24148 a417ac CompareStringW 23520->24148 23522->23519 23522->23520 23523 a4cd96 GetWindowLongW 23522->23523 23524 a4cdfa GetWindow 23522->23524 23523->23524 23525 a4cda6 SendMessageW 23523->23525 23524->23519 23524->23522 23525->23524 23526 a4cdbc GetObjectW 23525->23526 24149 a49d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23526->24149 23528 a4cdd3 24150 a49d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23528->24150 24151 a49f5d 8 API calls ___scrt_get_show_window_mode 23528->24151 23531 a4cde4 SendMessageW DeleteObject 23531->23524 23532->23301 23534 a4a30d 23533->23534 23535 a4a2e8 23533->23535 23539 a4a7c3 23534->23539 24154 a417ac CompareStringW 23535->24154 23537 a4a2fb 23537->23534 23538 a4a2ff FindWindowExW 23537->23538 23538->23534 23540 a4a7cd __EH_prolog 23539->23540 23541 a31380 82 API calls 23540->23541 23542 a4a7ef 23541->23542 24155 a31f4f 23542->24155 23545 a4a818 23548 a31951 126 API calls 23545->23548 23546 a4a809 23547 a31631 84 API calls 23546->23547 23549 a4a814 23547->23549 23551 a4a83a __vswprintf_c_l ___std_exception_copy 23548->23551 23549->23329 23549->23334 23550 a31631 84 API calls 23550->23549 23551->23549 23551->23550 23552->23312 24163 a4ac74 PeekMessageW 23553->24163 23556 a4cbbc SendMessageW SendMessageW 23558 a4cc17 SendMessageW SendMessageW SendMessageW 23556->23558 23559 a4cbf8 23556->23559 23557 a4cb88 23562 a4cb93 ShowWindow SendMessageW SendMessageW 23557->23562 23560 a4cc6d SendMessageW 23558->23560 23561 a4cc4a SendMessageW 23558->23561 23559->23558 23560->23332 23561->23560 23562->23556 23563->23388 23564->23414 23565->23419 23566->23424 23567->23430 23568->23437 23569->23366 23570->23383 23571->23364 23572->23353 23573->23445 23574->23442 23576 a3a214 23575->23576 23577 a3a238 23576->23577 23578 a3a22b CreateDirectoryW 23576->23578 23579 a3a180 4 API calls 23577->23579 23578->23577 23580 a3a26b 23578->23580 23581 a3a23e 23579->23581 23584 a3a27a 23580->23584 23588 a3a444 23580->23588 23582 a3a27e GetLastError 23581->23582 23585 a3b66c 2 API calls 23581->23585 23582->23584 23584->23451 23586 a3a254 23585->23586 23586->23582 23587 a3a258 CreateDirectoryW 23586->23587 23587->23580 23587->23582 23589 a4e360 23588->23589 23590 a3a451 SetFileAttributesW 23589->23590 23591 a3a467 23590->23591 23592 a3a494 23590->23592 23593 a3b66c 2 API calls 23591->23593 23592->23584 23594 a3a47b 23593->23594 23594->23592 23595 a3a47f SetFileAttributesW 23594->23595 23595->23592 23597 a39820 23596->23597 23598 a39824 23596->23598 23597->23470 23598->23597 23607 a3a12d 23598->23607 23602 a396dc 23601->23602 23603 a396fa 23601->23603 23602->23603 23605 a396e8 CloseHandle 23602->23605 23604 a39719 23603->23604 23615 a36e3e 74 API calls 23603->23615 23604->23470 23605->23603 23608 a4e360 23607->23608 23609 a3a13a DeleteFileW 23608->23609 23610 a3984c 23609->23610 23611 a3a14d 23609->23611 23610->23470 23612 a3b66c 2 API calls 23611->23612 23613 a3a161 23612->23613 23613->23610 23614 a3a165 DeleteFileW 23613->23614 23614->23610 23615->23604 23622 a3d28a 23616->23622 23619 a3de22 LoadStringW 23620 a3ddfc SetDlgItemTextW 23619->23620 23621 a3de39 LoadStringW 23619->23621 23620->23476 23621->23620 23627 a3d1c3 23622->23627 23624 a3d2a7 23625 a3d2bc 23624->23625 23635 a3d2c8 26 API calls 23624->23635 23625->23619 23625->23620 23628 a3d1de 23627->23628 23634 a3d1d7 _strncpy 23627->23634 23630 a3d202 23628->23630 23636 a41596 WideCharToMultiByte 23628->23636 23633 a3d233 23630->23633 23637 a3dd6b 50 API calls __vsnprintf 23630->23637 23638 a558d9 26 API calls 3 library calls 23633->23638 23634->23624 23635->23625 23636->23630 23637->23633 23638->23634 23639->23491 23640->23491 23641->23501 23642->23491 23643->23491 23644->23491 23646 a3feba 23645->23646 23674 a31789 23646->23674 23648 a3fed2 23648->23505 23650 a3fead 23649->23650 23651 a31789 76 API calls 23650->23651 23652 a3fed2 23651->23652 23652->23507 23654 a37c72 __EH_prolog 23653->23654 23691 a3c827 23654->23691 23656 a37c8d 23697 a4e24a 23656->23697 23658 a37cb7 23703 a4440b 23658->23703 23661 a37ddf 23662 a37de9 23661->23662 23664 a37e53 23662->23664 23735 a3a4c6 23662->23735 23666 a37ec4 23664->23666 23668 a3a4c6 8 API calls 23664->23668 23713 a3837f 23664->23713 23669 a37f06 23666->23669 23741 a36dc1 74 API calls 23666->23741 23668->23664 23669->23511 23671 a37d09 23670->23671 23673 a37d10 23670->23673 23672 a41acf 84 API calls 23671->23672 23672->23673 23675 a3179f 23674->23675 23686 a317fa __vswprintf_c_l 23674->23686 23676 a317c8 23675->23676 23687 a36e91 74 API calls __vswprintf_c_l 23675->23687 23678 a31827 23676->23678 23679 a317e7 ___std_exception_copy 23676->23679 23681 a535de 22 API calls 23678->23681 23679->23686 23689 a36efd 75 API calls 23679->23689 23680 a317be 23688 a36efd 75 API calls 23680->23688 23683 a3182e 23681->23683 23683->23686 23690 a36efd 75 API calls 23683->23690 23686->23648 23687->23680 23688->23676 23689->23686 23690->23686 23692 a3c831 __EH_prolog 23691->23692 23693 a4e24a new 8 API calls 23692->23693 23694 a3c874 23693->23694 23695 a4e24a new 8 API calls 23694->23695 23696 a3c898 23695->23696 23696->23656 23698 a4e24f ___std_exception_copy 23697->23698 23699 a4e27b 23698->23699 23709 a571ad 7 API calls 2 library calls 23698->23709 23710 a4ecce RaiseException Concurrency::cancel_current_task new 23698->23710 23711 a4ecb1 RaiseException Concurrency::cancel_current_task 23698->23711 23699->23658 23704 a44415 __EH_prolog 23703->23704 23705 a4e24a new 8 API calls 23704->23705 23706 a44431 23705->23706 23707 a37ce6 23706->23707 23712 a406ba 78 API calls 23706->23712 23707->23661 23709->23698 23712->23707 23714 a38389 __EH_prolog 23713->23714 23742 a31380 23714->23742 23716 a383a4 23750 a39ef7 23716->23750 23721 a383cf 23723 a383d3 23721->23723 23732 a3a4c6 8 API calls 23721->23732 23734 a3846e 23721->23734 23877 a3bac4 CompareStringW 23721->23877 23873 a31631 23723->23873 23727 a384ce 23776 a31f00 23727->23776 23730 a384d9 23730->23723 23780 a33aac 23730->23780 23790 a3857b 23730->23790 23732->23721 23769 a38517 23734->23769 23736 a3a4db 23735->23736 23740 a3a4df 23736->23740 24131 a3a5f4 23736->24131 23738 a3a4ef 23739 a3a4f4 FindClose 23738->23739 23738->23740 23739->23740 23740->23662 23741->23669 23743 a31385 __EH_prolog 23742->23743 23744 a3c827 8 API calls 23743->23744 23745 a313bd 23744->23745 23746 a4e24a new 8 API calls 23745->23746 23749 a31416 ___scrt_get_show_window_mode 23745->23749 23747 a31403 23746->23747 23747->23749 23878 a3b07d 23747->23878 23749->23716 23751 a39f0e 23750->23751 23752 a383ba 23751->23752 23894 a36f5d 76 API calls 23751->23894 23752->23723 23754 a319a6 23752->23754 23755 a319b0 __EH_prolog 23754->23755 23757 a31a00 23755->23757 23767 a319e5 23755->23767 23895 a3709d 23755->23895 23758 a31b50 23757->23758 23761 a31b60 23757->23761 23757->23767 23898 a36dc1 74 API calls 23758->23898 23760 a33aac 97 API calls 23765 a31bb3 23760->23765 23761->23760 23761->23767 23762 a31bff 23762->23767 23768 a31c32 23762->23768 23899 a36dc1 74 API calls 23762->23899 23764 a33aac 97 API calls 23764->23765 23765->23762 23765->23764 23766 a33aac 97 API calls 23766->23768 23767->23721 23768->23766 23768->23767 23770 a38524 23769->23770 23917 a40c26 GetSystemTime SystemTimeToFileTime 23770->23917 23772 a38488 23772->23727 23773 a41359 23772->23773 23919 a4d51a 23773->23919 23778 a31f05 __EH_prolog 23776->23778 23777 a31f39 23777->23730 23778->23777 23927 a31951 23778->23927 23781 a33ab8 23780->23781 23782 a33abc 23780->23782 23781->23730 23783 a33af7 23782->23783 23784 a33ae9 23782->23784 24062 a327e8 97 API calls 3 library calls 23783->24062 23785 a33b29 23784->23785 24061 a33281 85 API calls 3 library calls 23784->24061 23785->23730 23788 a33af5 23788->23785 24063 a3204e 74 API calls 23788->24063 23791 a38585 __EH_prolog 23790->23791 23792 a385be 23791->23792 23800 a385c2 23791->23800 24086 a484bd 99 API calls 23791->24086 23793 a385e7 23792->23793 23798 a3867a 23792->23798 23792->23800 23795 a38609 23793->23795 23793->23800 24087 a37b66 151 API calls 23793->24087 23795->23800 24088 a484bd 99 API calls 23795->24088 23798->23800 24064 a35e3a 23798->24064 23800->23730 23801 a38705 23801->23800 24070 a3826a 23801->24070 23804 a38875 23805 a3a4c6 8 API calls 23804->23805 23808 a388e0 23804->23808 23805->23808 23807 a3c991 80 API calls 23811 a3893b _memcmp 23807->23811 24074 a37d6c 23808->24074 23809 a38a70 23810 a38b43 23809->23810 23816 a38abf 23809->23816 23815 a38b9e 23810->23815 23825 a38b4e 23810->23825 23811->23800 23811->23807 23811->23809 23812 a38a69 23811->23812 24089 a38236 82 API calls 23811->24089 24090 a31f94 74 API calls 23811->24090 24091 a31f94 74 API calls 23812->24091 23824 a38b30 23815->23824 24094 a380ea 96 API calls 23815->24094 23818 a3a180 4 API calls 23816->23818 23816->23824 23817 a38b9c 23819 a39653 79 API calls 23817->23819 23822 a38af7 23818->23822 23819->23800 23821 a39653 79 API calls 23821->23800 23822->23824 24092 a39377 96 API calls 23822->24092 23823 a38c09 23836 a38c74 23823->23836 23872 a391c1 ___InternalCxxFrameHandler 23823->23872 24095 a39989 23823->24095 23824->23817 23824->23823 23825->23817 24093 a37f26 100 API calls ___InternalCxxFrameHandler 23825->24093 23826 a3aa88 8 API calls 23829 a38cc3 23826->23829 23832 a3aa88 8 API calls 23829->23832 23831 a38c4c 23831->23836 24099 a31f94 74 API calls 23831->24099 23850 a38cd9 23832->23850 23834 a38c62 24100 a37061 75 API calls 23834->24100 23836->23826 23837 a38d9c 23838 a38df7 23837->23838 23839 a38efd 23837->23839 23840 a38e69 23838->23840 23841 a38e07 23838->23841 23843 a38f23 23839->23843 23844 a38f0f 23839->23844 23860 a38e27 23839->23860 23842 a3826a CharUpperW 23840->23842 23845 a38e4d 23841->23845 23854 a38e15 23841->23854 23846 a38e84 23842->23846 23848 a42c42 75 API calls 23843->23848 23847 a392e6 121 API calls 23844->23847 23845->23860 24103 a37907 108 API calls 23845->24103 23856 a38eb4 23846->23856 23857 a38ead 23846->23857 23846->23860 23847->23860 23849 a38f3c 23848->23849 24106 a428f1 121 API calls 23849->24106 23850->23837 24101 a39b21 SetFilePointer GetLastError SetEndOfFile 23850->24101 24102 a31f94 74 API calls 23854->24102 24105 a39224 94 API calls __EH_prolog 23856->24105 24104 a37698 84 API calls ___InternalCxxFrameHandler 23857->24104 23866 a3904b 23860->23866 24107 a31f94 74 API calls 23860->24107 23862 a39156 23863 a3a444 4 API calls 23862->23863 23862->23872 23865 a391b1 23863->23865 23864 a39104 24081 a39d62 23864->24081 23865->23872 24108 a31f94 74 API calls 23865->24108 23866->23862 23866->23864 23866->23872 24080 a39ebf SetEndOfFile 23866->24080 23869 a3914b 23871 a396d0 75 API calls 23869->23871 23871->23862 23872->23821 23874 a31643 23873->23874 24123 a3c8ca 23874->24123 23877->23721 23879 a3b087 __EH_prolog 23878->23879 23884 a3ea80 80 API calls 23879->23884 23881 a3b099 23885 a3b195 23881->23885 23884->23881 23886 a3b1a7 ___scrt_get_show_window_mode 23885->23886 23889 a40948 23886->23889 23892 a40908 GetCurrentProcess GetProcessAffinityMask 23889->23892 23893 a3b10f 23892->23893 23893->23749 23894->23752 23900 a316d2 23895->23900 23897 a370b9 23897->23757 23898->23767 23899->23768 23901 a316e8 23900->23901 23912 a31740 __vswprintf_c_l 23900->23912 23902 a31711 23901->23902 23913 a36e91 74 API calls __vswprintf_c_l 23901->23913 23903 a31767 23902->23903 23909 a3172d ___std_exception_copy 23902->23909 23906 a535de 22 API calls 23903->23906 23905 a31707 23914 a36efd 75 API calls 23905->23914 23908 a3176e 23906->23908 23908->23912 23916 a36efd 75 API calls 23908->23916 23909->23912 23915 a36efd 75 API calls 23909->23915 23912->23897 23913->23905 23914->23902 23915->23912 23916->23912 23918 a40c56 __vswprintf_c_l 23917->23918 23918->23772 23920 a4d527 23919->23920 23921 a3ddd1 53 API calls 23920->23921 23922 a4d54a 23921->23922 23923 a3400a _swprintf 51 API calls 23922->23923 23924 a4d55c 23923->23924 23925 a4cb5a 16 API calls 23924->23925 23926 a41372 23925->23926 23926->23727 23928 a31961 23927->23928 23930 a3195d 23927->23930 23931 a31896 23928->23931 23930->23777 23932 a318a8 23931->23932 23933 a318e5 23931->23933 23934 a33aac 97 API calls 23932->23934 23939 a33f18 23933->23939 23935 a318c8 23934->23935 23935->23930 23940 a33f21 23939->23940 23941 a33aac 97 API calls 23940->23941 23942 a31906 23940->23942 23956 a4067c 23940->23956 23941->23940 23942->23935 23944 a31e00 23942->23944 23945 a31e0a __EH_prolog 23944->23945 23964 a33b3d 23945->23964 23947 a31e34 23948 a31ebb 23947->23948 23949 a316d2 76 API calls 23947->23949 23948->23935 23950 a31e4b 23949->23950 23992 a31849 76 API calls 23950->23992 23952 a31e63 23954 a31e6f 23952->23954 23993 a4137a MultiByteToWideChar 23952->23993 23994 a31849 76 API calls 23954->23994 23957 a40683 23956->23957 23958 a4069e 23957->23958 23962 a36e8c RaiseException Concurrency::cancel_current_task 23957->23962 23960 a406af SetThreadExecutionState 23958->23960 23963 a36e8c RaiseException Concurrency::cancel_current_task 23958->23963 23960->23940 23962->23958 23963->23960 23965 a33b47 __EH_prolog 23964->23965 23966 a33b79 23965->23966 23967 a33b5d 23965->23967 23969 a33dc2 23966->23969 23972 a33ba5 23966->23972 24023 a36dc1 74 API calls 23967->24023 24040 a36dc1 74 API calls 23969->24040 23971 a33b68 23971->23947 23972->23971 23995 a42c42 23972->23995 23974 a33c26 23975 a33cb1 23974->23975 23991 a33c1d 23974->23991 24026 a3c991 23974->24026 24008 a3aa88 23975->24008 23976 a33c22 23976->23974 24025 a32034 76 API calls 23976->24025 23978 a33c12 24024 a36dc1 74 API calls 23978->24024 23979 a33bf4 23979->23974 23979->23976 23979->23978 23981 a33cc4 23985 a33d48 23981->23985 23986 a33d3e 23981->23986 24032 a428f1 121 API calls 23985->24032 24012 a392e6 23986->24012 23989 a33d46 23989->23991 24033 a31f94 74 API calls 23989->24033 24034 a41acf 23991->24034 23992->23952 23993->23954 23994->23948 23996 a42c51 23995->23996 23998 a42c5b 23995->23998 24041 a36efd 75 API calls 23996->24041 23999 a42ca2 ___std_exception_copy 23998->23999 24002 a42c9d Concurrency::cancel_current_task 23998->24002 24003 a42cfd ___scrt_get_show_window_mode 23998->24003 24000 a42da9 Concurrency::cancel_current_task 23999->24000 24001 a42cd9 23999->24001 23999->24003 24044 a5157a RaiseException 24000->24044 24042 a42b7b 75 API calls 3 library calls 24001->24042 24043 a5157a RaiseException 24002->24043 24003->23979 24007 a42dc1 24009 a3aa95 24008->24009 24011 a3aa9f 24008->24011 24010 a4e24a new 8 API calls 24009->24010 24010->24011 24011->23981 24013 a392f0 __EH_prolog 24012->24013 24045 a37dc6 24013->24045 24016 a3709d 76 API calls 24017 a39302 24016->24017 24048 a3ca6c 24017->24048 24019 a39314 24020 a3935c 24019->24020 24021 a3ca6c 114 API calls 24019->24021 24057 a3cc51 97 API calls __vswprintf_c_l 24019->24057 24020->23989 24021->24019 24023->23971 24024->23991 24025->23974 24027 a3c9b2 24026->24027 24028 a3c9c4 24026->24028 24058 a36249 80 API calls 24027->24058 24059 a36249 80 API calls 24028->24059 24031 a3c9bc 24031->23975 24032->23989 24033->23991 24036 a41ad9 24034->24036 24035 a41af2 24060 a4075b 84 API calls 24035->24060 24036->24035 24039 a41b06 24036->24039 24038 a41af9 24038->24039 24040->23971 24041->23998 24042->24003 24043->24000 24044->24007 24046 a3acf5 GetVersionExW 24045->24046 24047 a37dcb 24046->24047 24047->24016 24054 a3ca82 __vswprintf_c_l 24048->24054 24049 a3cbf7 24050 a3cc1f 24049->24050 24051 a3ca0b 6 API calls 24049->24051 24052 a4067c SetThreadExecutionState RaiseException 24050->24052 24051->24050 24055 a3cbee 24052->24055 24053 a484bd 99 API calls 24053->24054 24054->24049 24054->24053 24054->24055 24056 a3ab70 89 API calls 24054->24056 24055->24019 24056->24054 24057->24019 24058->24031 24059->24031 24060->24038 24061->23788 24062->23788 24063->23785 24065 a35e4a 24064->24065 24109 a35d67 24065->24109 24067 a35eb5 24067->23801 24068 a35e7d 24068->24067 24114 a3ad65 CharUpperW CompareStringW 24068->24114 24071 a38289 24070->24071 24120 a4179d CharUpperW 24071->24120 24073 a38333 24073->23804 24075 a37d7b 24074->24075 24076 a37dbb 24075->24076 24121 a37043 74 API calls 24075->24121 24076->23811 24078 a37db3 24122 a36dc1 74 API calls 24078->24122 24080->23864 24082 a39d73 24081->24082 24084 a39d82 24081->24084 24083 a39d79 FlushFileBuffers 24082->24083 24082->24084 24083->24084 24085 a39dfb SetFileTime 24084->24085 24085->23869 24086->23792 24087->23795 24088->23800 24089->23811 24090->23811 24091->23809 24092->23824 24093->23817 24094->23824 24096 a39992 GetFileType 24095->24096 24097 a3998f 24095->24097 24098 a399a0 24096->24098 24097->23831 24098->23831 24099->23834 24100->23836 24101->23837 24102->23860 24103->23860 24104->23860 24105->23860 24106->23860 24107->23866 24108->23872 24115 a35c64 24109->24115 24111 a35d88 24111->24068 24113 a35c64 2 API calls 24113->24111 24114->24068 24118 a35c6e 24115->24118 24116 a35d56 24116->24111 24116->24113 24118->24116 24119 a3ad65 CharUpperW CompareStringW 24118->24119 24119->24118 24120->24073 24121->24078 24122->24076 24127 a3c8db 24123->24127 24125 a3c90d 24130 a3a90e 84 API calls 24125->24130 24129 a3a90e 84 API calls 24127->24129 24128 a3c918 24129->24125 24130->24128 24132 a3a5fe 24131->24132 24133 a3a691 FindNextFileW 24132->24133 24134 a3a621 FindFirstFileW 24132->24134 24135 a3a6b0 24133->24135 24136 a3a69c GetLastError 24133->24136 24137 a3a638 24134->24137 24142 a3a675 24134->24142 24135->24142 24136->24135 24138 a3b66c 2 API calls 24137->24138 24139 a3a64d 24138->24139 24140 a3a651 FindFirstFileW 24139->24140 24141 a3a66a GetLastError 24139->24141 24140->24141 24140->24142 24141->24142 24142->23738 24152 a49d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24143->24152 24145 a49d21 24146 a49d2d 24145->24146 24153 a49d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24145->24153 24146->23518 24146->23519 24148->23522 24149->23528 24150->23528 24151->23531 24152->24145 24153->24146 24154->23537 24156 a39ef7 76 API calls 24155->24156 24157 a31f5b 24156->24157 24158 a319a6 97 API calls 24157->24158 24161 a31f78 24157->24161 24159 a31f68 24158->24159 24159->24161 24162 a36dc1 74 API calls 24159->24162 24161->23545 24161->23546 24162->24161 24164 a4ac8f GetMessageW 24163->24164 24165 a4acc8 GetDlgItem 24163->24165 24166 a4acb4 TranslateMessage DispatchMessageW 24164->24166 24167 a4aca5 IsDialogMessageW 24164->24167 24165->23556 24165->23557 24166->24165 24167->24165 24167->24166 24826 a4b8e0 93 API calls _swprintf 24827 a48ce0 6 API calls 24830 a616e0 CloseHandle 24874 a4ebf7 20 API calls 24186 a4e1f9 24187 a4e203 24186->24187 24188 a4df59 ___delayLoadHelper2@8 19 API calls 24187->24188 24189 a4e210 24188->24189 24833 a514f8 RaiseException 24834 a4eac0 27 API calls pre_c_initialization 24877 a5ebc1 21 API calls __vswprintf_c_l 24878 a497c0 10 API calls 24836 a59ec0 21 API calls 24879 a5b5c0 GetCommandLineA GetCommandLineW 24837 a4a8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 24838 a4acd0 100 API calls 24883 a419d0 26 API calls std::bad_exception::bad_exception 24201 a310d5 24206 a35bd7 24201->24206 24207 a35be1 __EH_prolog 24206->24207 24208 a3b07d 82 API calls 24207->24208 24209 a35bed 24208->24209 24213 a35dcc GetCurrentProcess GetProcessAffinityMask 24209->24213 24214 a4ead2 24215 a4eade ___BuildCatchObject 24214->24215 24240 a4e5c7 24215->24240 24217 a4eae5 24219 a4eb0e 24217->24219 24320 a4ef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_get_show_window_mode 24217->24320 24224 a4eb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24219->24224 24251 a5824d 24219->24251 24223 a4eb2d ___BuildCatchObject 24225 a4ebad 24224->24225 24321 a57243 38 API calls 2 library calls 24224->24321 24259 a4f020 24225->24259 24235 a4ebd9 24237 a4ebe2 24235->24237 24322 a5764a 28 API calls _abort 24235->24322 24323 a4e73e 13 API calls 2 library calls 24237->24323 24241 a4e5d0 24240->24241 24324 a4ed5b IsProcessorFeaturePresent 24241->24324 24243 a4e5dc 24325 a52016 24243->24325 24245 a4e5e1 24246 a4e5e5 24245->24246 24334 a580d7 24245->24334 24246->24217 24249 a4e5fc 24249->24217 24252 a58264 24251->24252 24253 a4ec4a DloadUnlock 5 API calls 24252->24253 24254 a4eb27 24253->24254 24254->24223 24255 a581f1 24254->24255 24256 a58220 24255->24256 24257 a4ec4a DloadUnlock 5 API calls 24256->24257 24258 a58249 24257->24258 24258->24224 24384 a4f350 24259->24384 24262 a4ebb3 24263 a5819e 24262->24263 24386 a5b290 24263->24386 24265 a4ebbc 24268 a4d5d4 24265->24268 24267 a581a7 24267->24265 24390 a5b59a 38 API calls 24267->24390 24511 a400cf 24268->24511 24272 a4d5f3 24560 a4a335 24272->24560 24274 a4d5fc 24564 a413b3 GetCPInfo 24274->24564 24276 a4d606 ___scrt_get_show_window_mode 24277 a4d619 GetCommandLineW 24276->24277 24278 a4d6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24277->24278 24279 a4d628 24277->24279 24280 a3400a _swprintf 51 API calls 24278->24280 24567 a4bc84 24279->24567 24282 a4d70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24280->24282 24578 a4aded LoadBitmapW 24282->24578 24285 a4d636 OpenFileMappingW 24288 a4d696 CloseHandle 24285->24288 24289 a4d64f MapViewOfFile 24285->24289 24286 a4d6a0 24572 a4d287 24286->24572 24288->24278 24292 a4d660 __vswprintf_c_l 24289->24292 24293 a4d68d UnmapViewOfFile 24289->24293 24297 a4d287 2 API calls 24292->24297 24293->24288 24299 a4d67c 24297->24299 24298 a48835 8 API calls 24300 a4d76a DialogBoxParamW 24298->24300 24299->24293 24301 a4d7a4 24300->24301 24302 a4d7b6 Sleep 24301->24302 24303 a4d7bd 24301->24303 24302->24303 24304 a4d7cb 24303->24304 24608 a4a544 CompareStringW SetCurrentDirectoryW ___scrt_get_show_window_mode 24303->24608 24306 a4d7ea DeleteObject 24304->24306 24307 a4d7ff DeleteObject 24306->24307 24308 a4d806 24306->24308 24307->24308 24309 a4d837 24308->24309 24310 a4d849 24308->24310 24609 a4d2e6 6 API calls 24309->24609 24605 a4a39d 24310->24605 24312 a4d83d CloseHandle 24312->24310 24314 a4d883 24315 a5757e GetModuleHandleW 24314->24315 24316 a4ebcf 24315->24316 24316->24235 24317 a576a7 24316->24317 24745 a57424 24317->24745 24320->24217 24321->24225 24322->24237 24323->24223 24324->24243 24326 a5201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 24325->24326 24338 a5310e 24326->24338 24330 a52031 24331 a5203c 24330->24331 24352 a5314a DeleteCriticalSection 24330->24352 24331->24245 24333 a52029 24333->24245 24380 a5b73a 24334->24380 24337 a5203f 8 API calls 3 library calls 24337->24246 24339 a53117 24338->24339 24341 a53140 24339->24341 24342 a52025 24339->24342 24353 a53385 24339->24353 24358 a5314a DeleteCriticalSection 24341->24358 24342->24333 24344 a5215c 24342->24344 24373 a5329a 24344->24373 24346 a52166 24347 a52171 24346->24347 24378 a53348 6 API calls try_get_function 24346->24378 24347->24330 24349 a5217f 24350 a5218c 24349->24350 24379 a5218f 6 API calls ___vcrt_FlsFree 24349->24379 24350->24330 24352->24333 24359 a53179 24353->24359 24356 a533bc InitializeCriticalSectionAndSpinCount 24357 a533a8 24356->24357 24357->24339 24358->24342 24360 a531ad 24359->24360 24361 a531a9 24359->24361 24360->24356 24360->24357 24361->24360 24364 a531cd 24361->24364 24366 a53219 24361->24366 24363 a531d9 GetProcAddress 24365 a531e9 __crt_fast_encode_pointer 24363->24365 24364->24360 24364->24363 24365->24360 24367 a53236 24366->24367 24368 a53241 LoadLibraryExW 24366->24368 24367->24361 24369 a5325d GetLastError 24368->24369 24372 a53275 24368->24372 24371 a53268 LoadLibraryExW 24369->24371 24369->24372 24370 a5328c FreeLibrary 24370->24367 24371->24372 24372->24367 24372->24370 24374 a53179 try_get_function 5 API calls 24373->24374 24375 a532b4 24374->24375 24376 a532bd 24375->24376 24377 a532cc TlsAlloc 24375->24377 24376->24346 24378->24349 24379->24347 24383 a5b753 24380->24383 24381 a4ec4a DloadUnlock 5 API calls 24382 a4e5ee 24381->24382 24382->24249 24382->24337 24383->24381 24385 a4f033 GetStartupInfoW 24384->24385 24385->24262 24387 a5b299 24386->24387 24388 a5b2a2 24386->24388 24391 a5b188 24387->24391 24388->24267 24390->24267 24392 a58fa5 pre_c_initialization 38 API calls 24391->24392 24393 a5b195 24392->24393 24411 a5b2ae 24393->24411 24395 a5b19d 24420 a5af1b 24395->24420 24398 a58518 __vswprintf_c_l 21 API calls 24399 a5b1c5 24398->24399 24401 a5b1f7 24399->24401 24427 a5b350 24399->24427 24402 a584de _free 20 API calls 24401->24402 24404 a5b1b4 24402->24404 24404->24388 24405 a5b1f2 24437 a5895a 20 API calls __dosmaperr 24405->24437 24407 a5b23b 24407->24401 24438 a5adf1 26 API calls 24407->24438 24408 a5b20f 24408->24407 24409 a584de _free 20 API calls 24408->24409 24409->24407 24412 a5b2ba ___BuildCatchObject 24411->24412 24413 a58fa5 pre_c_initialization 38 API calls 24412->24413 24415 a5b2c4 24413->24415 24416 a5b348 ___BuildCatchObject 24415->24416 24419 a584de _free 20 API calls 24415->24419 24439 a58566 38 API calls _abort 24415->24439 24440 a5a3f1 EnterCriticalSection 24415->24440 24441 a5b33f LeaveCriticalSection _abort 24415->24441 24416->24395 24419->24415 24421 a53dd6 __fassign 38 API calls 24420->24421 24422 a5af2d 24421->24422 24423 a5af3c GetOEMCP 24422->24423 24424 a5af4e 24422->24424 24425 a5af65 24423->24425 24424->24425 24426 a5af53 GetACP 24424->24426 24425->24398 24425->24404 24426->24425 24428 a5af1b 40 API calls 24427->24428 24429 a5b36f 24428->24429 24432 a5b3c0 IsValidCodePage 24429->24432 24434 a5b376 24429->24434 24436 a5b3e5 ___scrt_get_show_window_mode 24429->24436 24430 a4ec4a DloadUnlock 5 API calls 24431 a5b1ea 24430->24431 24431->24405 24431->24408 24433 a5b3d2 GetCPInfo 24432->24433 24432->24434 24433->24434 24433->24436 24434->24430 24442 a5aff4 GetCPInfo 24436->24442 24437->24401 24438->24401 24440->24415 24441->24415 24443 a5b0d8 24442->24443 24447 a5b02e 24442->24447 24446 a4ec4a DloadUnlock 5 API calls 24443->24446 24449 a5b184 24446->24449 24452 a5c099 24447->24452 24449->24434 24451 a5a275 __vswprintf_c_l 43 API calls 24451->24443 24453 a53dd6 __fassign 38 API calls 24452->24453 24454 a5c0b9 MultiByteToWideChar 24453->24454 24456 a5c18f 24454->24456 24458 a5c0f7 24454->24458 24457 a4ec4a DloadUnlock 5 API calls 24456->24457 24460 a5b08f 24457->24460 24459 a58518 __vswprintf_c_l 21 API calls 24458->24459 24462 a5c118 __vsnwprintf_l ___scrt_get_show_window_mode 24458->24462 24459->24462 24466 a5a275 24460->24466 24461 a5c189 24471 a5a2c0 20 API calls _free 24461->24471 24462->24461 24464 a5c15d MultiByteToWideChar 24462->24464 24464->24461 24465 a5c179 GetStringTypeW 24464->24465 24465->24461 24467 a53dd6 __fassign 38 API calls 24466->24467 24468 a5a288 24467->24468 24472 a5a058 24468->24472 24471->24456 24473 a5a073 __vswprintf_c_l 24472->24473 24474 a5a099 MultiByteToWideChar 24473->24474 24475 a5a24d 24474->24475 24476 a5a0c3 24474->24476 24477 a4ec4a DloadUnlock 5 API calls 24475->24477 24479 a58518 __vswprintf_c_l 21 API calls 24476->24479 24482 a5a0e4 __vsnwprintf_l 24476->24482 24478 a5a260 24477->24478 24478->24451 24479->24482 24480 a5a199 24508 a5a2c0 20 API calls _free 24480->24508 24481 a5a12d MultiByteToWideChar 24481->24480 24483 a5a146 24481->24483 24482->24480 24482->24481 24499 a5a72c 24483->24499 24487 a5a170 24487->24480 24490 a5a72c __vswprintf_c_l 11 API calls 24487->24490 24488 a5a1a8 24489 a58518 __vswprintf_c_l 21 API calls 24488->24489 24492 a5a1c9 __vsnwprintf_l 24488->24492 24489->24492 24490->24480 24491 a5a23e 24507 a5a2c0 20 API calls _free 24491->24507 24492->24491 24493 a5a72c __vswprintf_c_l 11 API calls 24492->24493 24495 a5a21d 24493->24495 24495->24491 24496 a5a22c WideCharToMultiByte 24495->24496 24496->24491 24497 a5a26c 24496->24497 24509 a5a2c0 20 API calls _free 24497->24509 24500 a5a458 __dosmaperr 5 API calls 24499->24500 24501 a5a753 24500->24501 24503 a5a75c 24501->24503 24510 a5a7b4 10 API calls 3 library calls 24501->24510 24505 a4ec4a DloadUnlock 5 API calls 24503->24505 24504 a5a79c LCMapStringW 24504->24503 24506 a5a15d 24505->24506 24506->24480 24506->24487 24506->24488 24507->24480 24508->24475 24509->24480 24510->24504 24512 a4e360 24511->24512 24513 a400d9 GetModuleHandleW 24512->24513 24514 a40154 24513->24514 24515 a400f0 GetProcAddress 24513->24515 24516 a40484 GetModuleFileNameW 24514->24516 24619 a570dd 42 API calls 2 library calls 24514->24619 24517 a40121 GetProcAddress 24515->24517 24518 a40109 24515->24518 24531 a404a3 24516->24531 24517->24514 24519 a40133 24517->24519 24518->24517 24519->24514 24521 a403be 24521->24516 24522 a403c9 GetModuleFileNameW CreateFileW 24521->24522 24523 a403fc SetFilePointer 24522->24523 24524 a40478 CloseHandle 24522->24524 24523->24524 24525 a4040c ReadFile 24523->24525 24524->24516 24525->24524 24528 a4042b 24525->24528 24528->24524 24530 a40085 2 API calls 24528->24530 24529 a404d2 CompareStringW 24529->24531 24530->24528 24531->24529 24532 a40508 GetFileAttributesW 24531->24532 24533 a40520 24531->24533 24610 a3acf5 24531->24610 24613 a40085 24531->24613 24532->24531 24532->24533 24535 a40560 24533->24535 24536 a4052a 24533->24536 24534 a4066f 24559 a49da4 GetCurrentDirectoryW 24534->24559 24535->24534 24539 a3acf5 GetVersionExW 24535->24539 24537 a40542 GetFileAttributesW 24536->24537 24538 a4055a 24536->24538 24537->24536 24537->24538 24538->24535 24540 a4057a 24539->24540 24541 a405e7 24540->24541 24542 a40581 24540->24542 24543 a3400a _swprintf 51 API calls 24541->24543 24544 a40085 2 API calls 24542->24544 24545 a4060f AllocConsole 24543->24545 24546 a4058b 24544->24546 24547 a40667 ExitProcess 24545->24547 24548 a4061c GetCurrentProcessId AttachConsole 24545->24548 24549 a40085 2 API calls 24546->24549 24620 a535b3 24548->24620 24551 a40595 24549->24551 24553 a3ddd1 53 API calls 24551->24553 24552 a4063d GetStdHandle WriteConsoleW Sleep FreeConsole 24552->24547 24554 a405b0 24553->24554 24555 a3400a _swprintf 51 API calls 24554->24555 24556 a405c3 24555->24556 24557 a3ddd1 53 API calls 24556->24557 24558 a405d2 24557->24558 24558->24547 24559->24272 24561 a40085 2 API calls 24560->24561 24562 a4a349 OleInitialize 24561->24562 24563 a4a36c GdiplusStartup SHGetMalloc 24562->24563 24563->24274 24565 a413d7 IsDBCSLeadByte 24564->24565 24565->24565 24566 a413ef 24565->24566 24566->24276 24568 a4bc8e 24567->24568 24569 a4bda4 24568->24569 24570 a4179d CharUpperW 24568->24570 24622 a3ecad 80 API calls ___scrt_get_show_window_mode 24568->24622 24569->24285 24569->24286 24570->24568 24573 a4e360 24572->24573 24574 a4d294 SetEnvironmentVariableW 24573->24574 24576 a4d2b7 24574->24576 24575 a4d2df 24575->24278 24576->24575 24577 a4d2d3 SetEnvironmentVariableW 24576->24577 24577->24575 24579 a4ae15 24578->24579 24580 a4ae0e 24578->24580 24582 a4ae2a 24579->24582 24583 a4ae1b GetObjectW 24579->24583 24623 a49e1c FindResourceW 24580->24623 24584 a49d1a 4 API calls 24582->24584 24583->24582 24585 a4ae3d 24584->24585 24586 a4ae80 24585->24586 24587 a4ae5c 24585->24587 24588 a49e1c 13 API calls 24585->24588 24597 a3d31c 24586->24597 24639 a49d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24587->24639 24590 a4ae4d 24588->24590 24590->24587 24592 a4ae53 DeleteObject 24590->24592 24591 a4ae64 24640 a49d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24591->24640 24592->24587 24594 a4ae6d 24641 a49f5d 8 API calls ___scrt_get_show_window_mode 24594->24641 24596 a4ae74 DeleteObject 24596->24586 24650 a3d341 24597->24650 24599 a3d328 24690 a3da4e GetModuleHandleW FindResourceW 24599->24690 24602 a48835 24603 a4e24a new 8 API calls 24602->24603 24604 a48854 24603->24604 24604->24298 24606 a4a3cc GdiplusShutdown CoUninitialize 24605->24606 24606->24314 24608->24304 24609->24312 24611 a3ad09 GetVersionExW 24610->24611 24612 a3ad45 24610->24612 24611->24612 24612->24531 24614 a4e360 24613->24614 24615 a40092 GetSystemDirectoryW 24614->24615 24616 a400c8 24615->24616 24617 a400aa 24615->24617 24616->24531 24618 a400bb LoadLibraryW 24617->24618 24618->24616 24619->24521 24621 a535bb 24620->24621 24621->24552 24621->24621 24622->24568 24624 a49e3e SizeofResource 24623->24624 24625 a49e70 24623->24625 24624->24625 24626 a49e52 LoadResource 24624->24626 24625->24579 24626->24625 24627 a49e63 LockResource 24626->24627 24627->24625 24628 a49e77 GlobalAlloc 24627->24628 24628->24625 24629 a49e92 GlobalLock 24628->24629 24630 a49f21 GlobalFree 24629->24630 24631 a49ea1 __vswprintf_c_l 24629->24631 24630->24625 24632 a49ea9 CreateStreamOnHGlobal 24631->24632 24633 a49ec1 24632->24633 24634 a49f1a GlobalUnlock 24632->24634 24642 a49d7b GdipAlloc 24633->24642 24634->24630 24637 a49eef GdipCreateHBITMAPFromBitmap 24638 a49f05 24637->24638 24638->24634 24639->24591 24640->24594 24641->24596 24643 a49d9a 24642->24643 24644 a49d8d 24642->24644 24643->24634 24643->24637 24643->24638 24646 a49b0f 24644->24646 24647 a49b37 GdipCreateBitmapFromStream 24646->24647 24648 a49b30 GdipCreateBitmapFromStreamICM 24646->24648 24649 a49b3c 24647->24649 24648->24649 24649->24643 24651 a3d34b _wcschr __EH_prolog 24650->24651 24652 a3d37a GetModuleFileNameW 24651->24652 24653 a3d3ab 24651->24653 24654 a3d394 24652->24654 24692 a399b0 24653->24692 24654->24653 24656 a39653 79 API calls 24659 a3d7ab 24656->24659 24657 a3d407 24703 a55a90 26 API calls 3 library calls 24657->24703 24659->24599 24660 a43781 76 API calls 24662 a3d3db 24660->24662 24661 a3d41a 24704 a55a90 26 API calls 3 library calls 24661->24704 24662->24657 24662->24660 24674 a3d627 24662->24674 24664 a3d563 24664->24674 24722 a39d30 77 API calls 24664->24722 24668 a3d57d ___std_exception_copy 24669 a39bf0 80 API calls 24668->24669 24668->24674 24672 a3d5a6 ___std_exception_copy 24669->24672 24671 a3d42c 24671->24664 24671->24674 24705 a39e40 24671->24705 24713 a39bf0 24671->24713 24721 a39d30 77 API calls 24671->24721 24672->24674 24688 a3d5b2 ___std_exception_copy 24672->24688 24723 a4137a MultiByteToWideChar 24672->24723 24674->24656 24675 a3d72b 24724 a3ce72 76 API calls 24675->24724 24677 a3da0a 24729 a3ce72 76 API calls 24677->24729 24679 a3d771 24725 a55a90 26 API calls 3 library calls 24679->24725 24680 a3d9fa 24680->24599 24682 a3d742 24682->24679 24684 a43781 76 API calls 24682->24684 24683 a3d78b 24726 a55a90 26 API calls 3 library calls 24683->24726 24684->24682 24686 a41596 WideCharToMultiByte 24686->24688 24688->24674 24688->24675 24688->24677 24688->24680 24688->24686 24727 a3dd6b 50 API calls __vsnprintf 24688->24727 24728 a558d9 26 API calls 3 library calls 24688->24728 24691 a3d32f 24690->24691 24691->24602 24693 a399ba 24692->24693 24694 a39a39 CreateFileW 24693->24694 24695 a39aaa 24694->24695 24696 a39a59 GetLastError 24694->24696 24698 a39ae1 24695->24698 24700 a39ac7 SetFileTime 24695->24700 24697 a3b66c 2 API calls 24696->24697 24699 a39a79 24697->24699 24698->24662 24699->24695 24701 a39a7d CreateFileW GetLastError 24699->24701 24700->24698 24702 a39aa1 24701->24702 24702->24695 24703->24661 24704->24671 24706 a39e53 24705->24706 24707 a39e64 SetFilePointer 24705->24707 24709 a39e9d 24706->24709 24730 a36fa5 75 API calls 24706->24730 24708 a39e82 GetLastError 24707->24708 24707->24709 24708->24709 24711 a39e8c 24708->24711 24709->24671 24711->24709 24731 a36fa5 75 API calls 24711->24731 24715 a39bfc 24713->24715 24718 a39c03 24713->24718 24715->24671 24716 a39c9e 24716->24715 24744 a36f6b 75 API calls 24716->24744 24718->24715 24718->24716 24719 a39cc0 24718->24719 24732 a3984e 24718->24732 24719->24715 24720 a3984e 5 API calls 24719->24720 24720->24719 24721->24671 24722->24668 24723->24688 24724->24682 24725->24683 24726->24674 24727->24688 24728->24688 24729->24680 24730->24707 24731->24709 24733 a39867 ReadFile 24732->24733 24734 a3985c GetStdHandle 24732->24734 24735 a39880 24733->24735 24742 a398a0 24733->24742 24734->24733 24736 a39989 GetFileType 24735->24736 24737 a39887 24736->24737 24738 a398a8 GetLastError 24737->24738 24739 a398b7 24737->24739 24743 a39895 24737->24743 24738->24739 24738->24742 24741 a398c7 GetLastError 24739->24741 24739->24742 24740 a3984e GetFileType 24740->24742 24741->24742 24741->24743 24742->24718 24743->24740 24744->24715 24746 a57430 _abort 24745->24746 24747 a57448 24746->24747 24748 a5757e _abort GetModuleHandleW 24746->24748 24767 a5a3f1 EnterCriticalSection 24747->24767 24750 a5743c 24748->24750 24750->24747 24779 a575c2 GetModuleHandleExW 24750->24779 24751 a574ee 24768 a5752e 24751->24768 24754 a574c5 24756 a574dd 24754->24756 24762 a581f1 _abort 5 API calls 24754->24762 24763 a581f1 _abort 5 API calls 24756->24763 24757 a57537 24788 a61a19 5 API calls DloadUnlock 24757->24788 24758 a5750b 24771 a5753d 24758->24771 24762->24756 24763->24751 24764 a57450 24764->24751 24764->24754 24787 a57f30 20 API calls _abort 24764->24787 24767->24764 24789 a5a441 LeaveCriticalSection 24768->24789 24770 a57507 24770->24757 24770->24758 24790 a5a836 24771->24790 24774 a5756b 24777 a575c2 _abort 8 API calls 24774->24777 24775 a5754b GetPEB 24775->24774 24776 a5755b GetCurrentProcess TerminateProcess 24775->24776 24776->24774 24778 a57573 ExitProcess 24777->24778 24780 a575ec GetProcAddress 24779->24780 24781 a5760f 24779->24781 24785 a57601 24780->24785 24782 a57615 FreeLibrary 24781->24782 24783 a5761e 24781->24783 24782->24783 24784 a4ec4a DloadUnlock 5 API calls 24783->24784 24786 a57628 24784->24786 24785->24781 24786->24747 24787->24754 24789->24770 24791 a5a85b 24790->24791 24795 a5a851 24790->24795 24792 a5a458 __dosmaperr 5 API calls 24791->24792 24792->24795 24793 a4ec4a DloadUnlock 5 API calls 24794 a57547 24793->24794 24794->24774 24794->24775 24795->24793 24839 a31025 29 API calls pre_c_initialization 22931 a39f2f 22932 a39f44 22931->22932 22933 a39f3d 22931->22933 22934 a39f4a GetStdHandle 22932->22934 22941 a39f55 22932->22941 22934->22941 22935 a39fa9 WriteFile 22935->22941 22936 a39f7c WriteFile 22937 a39f7a 22936->22937 22936->22941 22937->22936 22937->22941 22939 a3a031 22943 a37061 75 API calls 22939->22943 22941->22933 22941->22935 22941->22936 22941->22937 22941->22939 22942 a36e18 60 API calls 22941->22942 22942->22941 22943->22933 24889 a4be49 103 API calls 4 library calls 24840 a4a430 73 API calls 24841 a4ea00 46 API calls 6 library calls 23000 a4db01 23001 a4daaa 23000->23001 23003 a4df59 23001->23003 23031 a4dc67 23003->23031 23005 a4df73 23006 a4dfd0 23005->23006 23017 a4dff4 23005->23017 23007 a4ded7 DloadReleaseSectionWriteAccess 11 API calls 23006->23007 23008 a4dfdb RaiseException 23007->23008 23009 a4e1c9 23008->23009 23011 a4ec4a DloadUnlock 5 API calls 23009->23011 23010 a4e06c LoadLibraryExA 23012 a4e0cd 23010->23012 23013 a4e07f GetLastError 23010->23013 23014 a4e1d8 23011->23014 23015 a4e0df 23012->23015 23018 a4e0d8 FreeLibrary 23012->23018 23019 a4e092 23013->23019 23020 a4e0a8 23013->23020 23014->23001 23016 a4e13d GetProcAddress 23015->23016 23026 a4e19b 23015->23026 23022 a4e14d GetLastError 23016->23022 23016->23026 23017->23010 23017->23012 23017->23015 23017->23026 23018->23015 23019->23012 23019->23020 23021 a4ded7 DloadReleaseSectionWriteAccess 11 API calls 23020->23021 23023 a4e0b3 RaiseException 23021->23023 23024 a4e160 23022->23024 23023->23009 23024->23026 23027 a4ded7 DloadReleaseSectionWriteAccess 11 API calls 23024->23027 23042 a4ded7 23026->23042 23028 a4e181 RaiseException 23027->23028 23029 a4dc67 ___delayLoadHelper2@8 11 API calls 23028->23029 23030 a4e198 23029->23030 23030->23026 23032 a4dc73 23031->23032 23033 a4dc99 23031->23033 23050 a4dd15 23032->23050 23033->23005 23036 a4dc94 23060 a4dc9a 23036->23060 23039 a4ec4a DloadUnlock 5 API calls 23040 a4df55 23039->23040 23040->23005 23041 a4df24 23041->23039 23043 a4dee9 23042->23043 23044 a4df0b 23042->23044 23045 a4dd15 DloadLock 8 API calls 23043->23045 23044->23009 23046 a4deee 23045->23046 23047 a4df06 23046->23047 23048 a4de67 DloadProtectSection 3 API calls 23046->23048 23069 a4df0f 8 API calls DloadUnlock 23047->23069 23048->23047 23051 a4dc9a DloadUnlock 3 API calls 23050->23051 23052 a4dd2a 23051->23052 23053 a4ec4a DloadUnlock 5 API calls 23052->23053 23054 a4dc78 23053->23054 23054->23036 23055 a4de67 23054->23055 23057 a4de7c DloadObtainSection 23055->23057 23056 a4de82 23056->23036 23057->23056 23058 a4deb7 VirtualProtect 23057->23058 23068 a4dd72 VirtualQuery GetSystemInfo 23057->23068 23058->23056 23061 a4dca7 23060->23061 23062 a4dcab 23060->23062 23061->23041 23063 a4dcb3 GetModuleHandleW 23062->23063 23064 a4dcaf 23062->23064 23065 a4dcc5 23063->23065 23066 a4dcc9 GetProcAddress 23063->23066 23064->23041 23065->23041 23066->23065 23067 a4dcd9 GetProcAddress 23066->23067 23067->23065 23068->23058 23069->23044 24893 a31f05 126 API calls __EH_prolog 23073 a4c40e 23074 a4c4c7 23073->23074 23081 a4c42c _wcschr 23073->23081 23075 a4c4e5 23074->23075 23091 a4be49 _wcsrchr 23074->23091 23128 a4ce22 23074->23128 23078 a4ce22 18 API calls 23075->23078 23075->23091 23078->23091 23079 a4ca8d 23081->23074 23082 a417ac CompareStringW 23081->23082 23082->23081 23083 a4c11d SetWindowTextW 23083->23091 23088 a4bf0b SetFileAttributesW 23090 a4bfc5 GetFileAttributesW 23088->23090 23101 a4bf25 ___scrt_get_show_window_mode 23088->23101 23090->23091 23093 a4bfd7 DeleteFileW 23090->23093 23091->23079 23091->23083 23091->23088 23094 a4c2e7 GetDlgItem SetWindowTextW SendMessageW 23091->23094 23097 a4c327 SendMessageW 23091->23097 23102 a417ac CompareStringW 23091->23102 23103 a4aa36 23091->23103 23107 a49da4 GetCurrentDirectoryW 23091->23107 23112 a3a52a 7 API calls 23091->23112 23113 a3a4b3 FindClose 23091->23113 23114 a4ab9a 76 API calls ___std_exception_copy 23091->23114 23115 a535de 23091->23115 23093->23091 23095 a4bfe8 23093->23095 23094->23091 23109 a3400a 23095->23109 23097->23091 23099 a4c01d MoveFileW 23099->23091 23100 a4c035 MoveFileExW 23099->23100 23100->23091 23101->23090 23101->23091 23108 a3b4f7 52 API calls 2 library calls 23101->23108 23102->23091 23104 a4aa40 23103->23104 23105 a4aaf3 ExpandEnvironmentStringsW 23104->23105 23106 a4ab16 23104->23106 23105->23106 23106->23091 23107->23091 23108->23101 23151 a33fdd 23109->23151 23112->23091 23113->23091 23114->23091 23116 a58606 23115->23116 23117 a58613 23116->23117 23118 a5861e 23116->23118 23223 a58518 23117->23223 23120 a58626 23118->23120 23126 a5862f __dosmaperr 23118->23126 23123 a584de _free 20 API calls 23120->23123 23121 a58634 23230 a5895a 20 API calls __dosmaperr 23121->23230 23122 a58659 HeapReAlloc 23125 a5861b 23122->23125 23122->23126 23123->23125 23125->23091 23126->23121 23126->23122 23231 a571ad 7 API calls 2 library calls 23126->23231 23129 a4ce2c ___scrt_get_show_window_mode 23128->23129 23132 a4cf1b 23129->23132 23136 a4d08a 23129->23136 23237 a417ac CompareStringW 23129->23237 23234 a3a180 23132->23234 23134 a4cf4f ShellExecuteExW 23134->23136 23142 a4cf62 23134->23142 23136->23075 23137 a4cf47 23137->23134 23138 a4cf9b 23239 a4d2e6 6 API calls 23138->23239 23139 a4cff1 CloseHandle 23140 a4d00a 23139->23140 23141 a4cfff 23139->23141 23140->23136 23147 a4d081 ShowWindow 23140->23147 23240 a417ac CompareStringW 23141->23240 23142->23138 23142->23139 23144 a4cf91 ShowWindow 23142->23144 23144->23138 23146 a4cfb3 23146->23139 23148 a4cfc6 GetExitCodeProcess 23146->23148 23147->23136 23148->23139 23149 a4cfd9 23148->23149 23149->23139 23152 a33ff4 ___scrt_initialize_default_local_stdio_options 23151->23152 23155 a55759 23152->23155 23158 a53837 23155->23158 23159 a53877 23158->23159 23160 a5385f 23158->23160 23159->23160 23162 a5387f 23159->23162 23175 a5895a 20 API calls __dosmaperr 23160->23175 23177 a53dd6 23162->23177 23163 a53864 23176 a58839 26 API calls pre_c_initialization 23163->23176 23168 a4ec4a DloadUnlock 5 API calls 23170 a33ffe GetFileAttributesW 23168->23170 23169 a53907 23186 a54186 51 API calls 3 library calls 23169->23186 23170->23095 23170->23099 23173 a5386f 23173->23168 23174 a53912 23187 a53e59 20 API calls _free 23174->23187 23175->23163 23176->23173 23178 a53df3 23177->23178 23179 a5388f 23177->23179 23178->23179 23188 a58fa5 GetLastError 23178->23188 23185 a53da1 20 API calls 2 library calls 23179->23185 23181 a53e14 23209 a590fa 38 API calls __fassign 23181->23209 23183 a53e2d 23210 a59127 38 API calls __fassign 23183->23210 23185->23169 23186->23174 23187->23173 23189 a58fc7 23188->23189 23190 a58fbb 23188->23190 23212 a585a9 20 API calls 2 library calls 23189->23212 23211 a5a61b 11 API calls 2 library calls 23190->23211 23193 a58fc1 23193->23189 23195 a59010 SetLastError 23193->23195 23194 a58fd3 23196 a58fdb 23194->23196 23219 a5a671 11 API calls 2 library calls 23194->23219 23195->23181 23213 a584de 23196->23213 23198 a58ff0 23198->23196 23201 a58ff7 23198->23201 23200 a58fe1 23202 a5901c SetLastError 23200->23202 23220 a58e16 20 API calls __dosmaperr 23201->23220 23221 a58566 38 API calls _abort 23202->23221 23204 a59002 23206 a584de _free 20 API calls 23204->23206 23208 a59009 23206->23208 23208->23195 23208->23202 23209->23183 23210->23179 23211->23193 23212->23194 23214 a584e9 RtlFreeHeap 23213->23214 23218 a58512 __dosmaperr 23213->23218 23215 a584fe 23214->23215 23214->23218 23222 a5895a 20 API calls __dosmaperr 23215->23222 23217 a58504 GetLastError 23217->23218 23218->23200 23219->23198 23220->23204 23222->23217 23224 a58556 23223->23224 23228 a58526 __dosmaperr 23223->23228 23233 a5895a 20 API calls __dosmaperr 23224->23233 23225 a58541 RtlAllocateHeap 23227 a58554 23225->23227 23225->23228 23227->23125 23228->23224 23228->23225 23232 a571ad 7 API calls 2 library calls 23228->23232 23230->23125 23231->23126 23232->23228 23233->23227 23241 a3a194 23234->23241 23237->23132 23238 a3b239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 23238->23137 23239->23146 23240->23140 23249 a4e360 23241->23249 23244 a3a1b2 23251 a3b66c 23244->23251 23245 a3a189 23245->23134 23245->23238 23247 a3a1c6 23247->23245 23248 a3a1ca GetFileAttributesW 23247->23248 23248->23245 23250 a3a1a1 GetFileAttributesW 23249->23250 23250->23244 23250->23245 23252 a3b679 23251->23252 23260 a3b683 23252->23260 23261 a3b806 CharUpperW 23252->23261 23254 a3b692 23262 a3b832 CharUpperW 23254->23262 23256 a3b6a1 23257 a3b6a5 23256->23257 23258 a3b71c GetCurrentDirectoryW 23256->23258 23263 a3b806 CharUpperW 23257->23263 23258->23260 23260->23247 23261->23254 23262->23256 23263->23260 24842 a4ec0b 28 API calls 2 library calls 24895 a4db0b 19 API calls ___delayLoadHelper2@8 24896 a36110 80 API calls 24897 a5b710 GetProcessHeap 24898 a5a918 27 API calls 3 library calls 24899 a4be49 108 API calls 4 library calls 24844 a4fc60 51 API calls 2 library calls 24846 a53460 RtlUnwind 24847 a59c60 71 API calls _free 24848 a59e60 31 API calls 2 library calls 24851 a45c77 121 API calls __vswprintf_c_l 24854 a31075 82 API calls pre_c_initialization 24175 a4d573 24176 a4d580 24175->24176 24177 a3ddd1 53 API calls 24176->24177 24178 a4d594 24177->24178 24179 a3400a _swprintf 51 API calls 24178->24179 24180 a4d5a6 SetDlgItemTextW 24179->24180 24181 a4ac74 5 API calls 24180->24181 24182 a4d5c3 24181->24182 24855 a4ec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24856 a48c40 GetClientRect 24857 a53040 5 API calls 2 library calls 24901 a4be49 98 API calls 3 library calls 24858 a60040 IsProcessorFeaturePresent 24902 a4d34e DialogBoxParamW 24903 a49b50 GdipDisposeImage GdipFree ___InternalCxxFrameHandler 24861 a58050 8 API calls ___vcrt_uninitialize 24802 a39b59 24803 a39bd7 24802->24803 24806 a39b63 24802->24806 24804 a39bad SetFilePointer 24804->24803 24805 a39bcd GetLastError 24804->24805 24805->24803 24806->24804

              Executed Functions

              Function 00A4D5D4 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
                • Part of subcall function 00A400CF: GetModuleHandleW.KERNEL32(kernel32), ref: 00A400E4
                • Part of subcall function 00A400CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A400F6
                • Part of subcall function 00A400CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A40127
                • Part of subcall function 00A49DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00A49DAC
                • Part of subcall function 00A4A335: OleInitialize.OLE32(00000000), ref: 00A4A34E
                • Part of subcall function 00A4A335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00A4A385
                • Part of subcall function 00A4A335: SHGetMalloc.SHELL32(00A78430), ref: 00A4A38F
                • Part of subcall function 00A413B3: GetCPInfo.KERNEL32(00000000,?), ref: 00A413C4
                • Part of subcall function 00A413B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 00A413D8
              • GetCommandLineW.KERNEL32 ref: 00A4D61C
              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00A4D643
              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00A4D654
              • UnmapViewOfFile.KERNEL32(00000000), ref: 00A4D68E
                • Part of subcall function 00A4D287: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00A4D29D
                • Part of subcall function 00A4D287: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00A4D2D9
              • CloseHandle.KERNEL32(00000000), ref: 00A4D697
              • GetModuleFileNameW.KERNEL32(00000000,00A8DC90,00000800), ref: 00A4D6B2
              • SetEnvironmentVariableW.KERNEL32(sfxname,00A8DC90), ref: 00A4D6BE
              • GetLocalTime.KERNEL32(?), ref: 00A4D6C9
              • _swprintf.LIBCMT ref: 00A4D708
              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00A4D71A
              • GetModuleHandleW.KERNEL32(00000000), ref: 00A4D721
              • LoadIconW.USER32(00000000,00000064), ref: 00A4D738
              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 00A4D789
              • Sleep.KERNEL32(?), ref: 00A4D7B7
              • DeleteObject.GDI32 ref: 00A4D7F0
              • DeleteObject.GDI32(?), ref: 00A4D800
              • CloseHandle.KERNEL32 ref: 00A4D843
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
              • API String ID: 788466649-2656992072
              • Opcode ID: 7b9d9e343d9b66cdeae4b1b27ee354fadfad37262fada7e01114f3b07802c7b6
              • Instruction ID: b72e3c5dbb4e483895429f5c3885465683fd47c3e2b3781ac0fdf356aec7110d
              • Opcode Fuzzy Hash: 7b9d9e343d9b66cdeae4b1b27ee354fadfad37262fada7e01114f3b07802c7b6
              • Instruction Fuzzy Hash: 8C61F1B5940240BFD720EFF5ED49F2B77B8BB85741F004429F54992191EBB88D46C7A2
              Function 00A49E1C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 770 a49e1c-a49e38 FindResourceW 771 a49e3e-a49e50 SizeofResource 770->771 772 a49f2f-a49f32 770->772 773 a49e70-a49e72 771->773 774 a49e52-a49e61 LoadResource 771->774 775 a49f2e 773->775 774->773 776 a49e63-a49e6e LockResource 774->776 775->772 776->773 777 a49e77-a49e8c GlobalAlloc 776->777 778 a49e92-a49e9b GlobalLock 777->778 779 a49f28-a49f2d 777->779 780 a49f21-a49f22 GlobalFree 778->780 781 a49ea1-a49ebf call a4f4b0 CreateStreamOnHGlobal 778->781 779->775 780->779 784 a49ec1-a49ee3 call a49d7b 781->784 785 a49f1a-a49f1b GlobalUnlock 781->785 784->785 790 a49ee5-a49eed 784->790 785->780 791 a49eef-a49f03 GdipCreateHBITMAPFromBitmap 790->791 792 a49f08-a49f16 790->792 791->792 793 a49f05 791->793 792->785 793->792
              APIs
              • FindResourceW.KERNEL32(00A4AE4D,PNG,?,?,?,00A4AE4D,00000066), ref: 00A49E2E
              • SizeofResource.KERNEL32(00000000,00000000,?,?,?,00A4AE4D,00000066), ref: 00A49E46
              • LoadResource.KERNEL32(00000000,?,?,?,00A4AE4D,00000066), ref: 00A49E59
              • LockResource.KERNEL32(00000000,?,?,?,00A4AE4D,00000066), ref: 00A49E64
              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00A4AE4D,00000066), ref: 00A49E82
              • GlobalLock.KERNEL32(00000000), ref: 00A49E93
              • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00A49EB7
              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00A49EFC
              • GlobalUnlock.KERNEL32(00000000), ref: 00A49F1B
              • GlobalFree.KERNEL32(00000000), ref: 00A49F22
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
              • String ID: PNG
              • API String ID: 3656887471-364855578
              • Opcode ID: 98fd1ef736ede380076834de087f8029282d4b1e133ea0261ae1353430ca78ea
              • Instruction ID: 88b8805d22856da53981d839c6391aaa03215acea3564ba64afb208d54cc1bdc
              • Opcode Fuzzy Hash: 98fd1ef736ede380076834de087f8029282d4b1e133ea0261ae1353430ca78ea
              • Instruction Fuzzy Hash: 23318176604302AFDB10DFA1DC49D1BBBBDFFC6751B044619F906D2260DB72DC168A60
              Function 00A3A5F4 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 979 a3a5f4-a3a61f call a4e360 982 a3a691-a3a69a FindNextFileW 979->982 983 a3a621-a3a632 FindFirstFileW 979->983 984 a3a6b0-a3a6b2 982->984 985 a3a69c-a3a6aa GetLastError 982->985 986 a3a6b8-a3a75c call a3fe56 call a3bcfb call a40e19 * 3 983->986 987 a3a638-a3a64f call a3b66c 983->987 984->986 988 a3a761-a3a774 984->988 985->984 986->988 994 a3a651-a3a668 FindFirstFileW 987->994 995 a3a66a-a3a673 GetLastError 987->995 994->986 994->995 997 a3a675-a3a678 995->997 998 a3a684 995->998 997->998 999 a3a67a-a3a67d 997->999 1000 a3a686-a3a68c 998->1000 999->998 1002 a3a67f-a3a682 999->1002 1000->988 1002->1000
              APIs
              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00A3A4EF,000000FF,?,?), ref: 00A3A628
              • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00A3A4EF,000000FF,?,?), ref: 00A3A65E
              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00A3A4EF,000000FF,?,?), ref: 00A3A66A
              • FindNextFileW.KERNEL32(?,?,?,?,?,?,00A3A4EF,000000FF,?,?), ref: 00A3A692
              • GetLastError.KERNEL32(?,?,?,?,00A3A4EF,000000FF,?,?), ref: 00A3A69E
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FileFind$ErrorFirstLast$Next
              • String ID:
              • API String ID: 869497890-0
              • Opcode ID: c227f79aa8549ba791c26ba885789dc12d35c25d955ad265cc7c2bc0a1090bac
              • Instruction ID: 2f79f3ad5161ccd0285e0ff0e3fd5a383c49d40722f6057a5961a4b938feaf73
              • Opcode Fuzzy Hash: c227f79aa8549ba791c26ba885789dc12d35c25d955ad265cc7c2bc0a1090bac
              • Instruction Fuzzy Hash: 4E41B676504251AFC720EF78C8C5ADAF7F8BF98340F040A2AF6D9D3200D774A9598B92
              Function 00A5753D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetCurrentProcess.KERNEL32(00000000,?,00A57513,00000000,00A6BAD8,0000000C,00A5766A,00000000,00000002,00000000), ref: 00A5755E
              • TerminateProcess.KERNEL32(00000000,?,00A57513,00000000,00A6BAD8,0000000C,00A5766A,00000000,00000002,00000000), ref: 00A57565
              • ExitProcess.KERNEL32 ref: 00A57577
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Process$CurrentExitTerminate
              • String ID:
              • API String ID: 1703294689-0
              • Opcode ID: 74c94dde6d45ee9755bf2cdc638ee90aa410afc5a8fece4e68799e84eb4a5ea3
              • Instruction ID: 3a26887065c1a694dd2bc46d23b23fea3cb80d8c4aade45e90437cc895d1b9b6
              • Opcode Fuzzy Hash: 74c94dde6d45ee9755bf2cdc638ee90aa410afc5a8fece4e68799e84eb4a5ea3
              • Instruction Fuzzy Hash: 04E0B632504548ABCF11EFA4EE09E493B79FB51742F118414FD069A222DB75DE4BCA50
              Function 00A3857B Relevance: 3.9, APIs: 2, Instructions: 947COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog_memcmp
              • String ID:
              • API String ID: 3004599000-0
              • Opcode ID: 164d2a90c961ecdeefb141fa16c5a5bec23f76c2a54ace58218ea6c45af4fee8
              • Instruction ID: 22c821bc6f5ed242c4818cb177bfb470f5e2210d40b7bb72fa33645e4812c631
              • Opcode Fuzzy Hash: 164d2a90c961ecdeefb141fa16c5a5bec23f76c2a54ace58218ea6c45af4fee8
              • Instruction Fuzzy Hash: DD821870904345AEDF25DF64C985BFEBBB9AF05300F0841BAF859AB142DB795A48CB60
              Function 00A4AEE0 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A4AEE5
                • Part of subcall function 00A3130B: GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
                • Part of subcall function 00A3130B: SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prologItemTextWindow
              • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
              • API String ID: 810644672-3472986185
              • Opcode ID: 4228f6ede082277bd346a4fa5846e764b80f97715be5f71abfd4bf6c88edc88a
              • Instruction ID: 23e8ae1df8186780bc68c396379e8ffb6ad3e099c56d8c0b59a6136104fb3e9f
              • Opcode Fuzzy Hash: 4228f6ede082277bd346a4fa5846e764b80f97715be5f71abfd4bf6c88edc88a
              • Instruction Fuzzy Hash: CD4214B5954244BEEB21EBF09D4AFAE7B7CEB91701F004155F205A60D1CBB88D8ACB31
              Function 00A400CF Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 257 a400cf-a400ee call a4e360 GetModuleHandleW 260 a40154-a403b2 257->260 261 a400f0-a40107 GetProcAddress 257->261 262 a40484-a404b3 GetModuleFileNameW call a3bc85 call a3fe56 260->262 263 a403b8-a403c3 call a570dd 260->263 264 a40121-a40131 GetProcAddress 261->264 265 a40109-a4011f 261->265 279 a404b5-a404bf call a3acf5 262->279 263->262 274 a403c9-a403fa GetModuleFileNameW CreateFileW 263->274 264->260 266 a40133-a40152 264->266 265->264 266->260 276 a403fc-a4040a SetFilePointer 274->276 277 a40478-a4047f CloseHandle 274->277 276->277 280 a4040c-a40429 ReadFile 276->280 277->262 285 a404c1-a404c5 call a40085 279->285 286 a404cc 279->286 280->277 281 a4042b-a40450 280->281 283 a4046d-a40476 call a3fbd8 281->283 283->277 294 a40452-a4046c call a40085 283->294 291 a404ca 285->291 289 a404ce-a404d0 286->289 292 a404f2-a40518 call a3bcfb GetFileAttributesW 289->292 293 a404d2-a404f0 CompareStringW 289->293 291->289 296 a4051a-a4051e 292->296 301 a40522 292->301 293->292 293->296 294->283 296->279 300 a40520 296->300 302 a40526-a40528 300->302 301->302 303 a40560-a40562 302->303 304 a4052a 302->304 305 a4066f-a40679 303->305 306 a40568-a4057f call a3bccf call a3acf5 303->306 307 a4052c-a40552 call a3bcfb GetFileAttributesW 304->307 317 a405e7-a4061a call a3400a AllocConsole 306->317 318 a40581-a405e2 call a40085 * 2 call a3ddd1 call a3400a call a3ddd1 call a49f35 306->318 312 a40554-a40558 307->312 313 a4055c 307->313 312->307 315 a4055a 312->315 313->303 315->303 323 a40667-a40669 ExitProcess 317->323 324 a4061c-a40661 GetCurrentProcessId AttachConsole call a535b3 GetStdHandle WriteConsoleW Sleep FreeConsole 317->324 318->323 324->323
              APIs
              • GetModuleHandleW.KERNEL32(kernel32), ref: 00A400E4
              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A400F6
              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A40127
              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A403D4
              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00A403F0
              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00A40402
              • ReadFile.KERNEL32(00000000,?,00007FFE,00A63BA4,00000000), ref: 00A40421
              • CloseHandle.KERNEL32(00000000), ref: 00A40479
              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A4048F
              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 00A404E7
              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00A40510
              • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 00A4054A
                • Part of subcall function 00A40085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A400A0
                • Part of subcall function 00A40085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3EB86,Crypt32.dll,00000000,00A3EC0A,?,?,00A3EBEC,?,?,?), ref: 00A400C2
              • _swprintf.LIBCMT ref: 00A405BE
              • _swprintf.LIBCMT ref: 00A4060A
                • Part of subcall function 00A3400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A3401D
              • AllocConsole.KERNEL32 ref: 00A40612
              • GetCurrentProcessId.KERNEL32 ref: 00A4061C
              • AttachConsole.KERNEL32(00000000), ref: 00A40623
              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00A40649
              • WriteConsoleW.KERNEL32(00000000), ref: 00A40650
              • Sleep.KERNEL32(00002710), ref: 00A4065B
              • FreeConsole.KERNEL32 ref: 00A40661
              • ExitProcess.KERNEL32 ref: 00A40669
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
              • API String ID: 1201351596-3298887752
              • Opcode ID: 9506e80656092c7a1dee49aed426a9bb5a76b3154b1f057bdcec8492d2482c94
              • Instruction ID: f100fb45279a85d44fd09f2ef464acbc75022fda6770f2e1e20c974e5b65eeb8
              • Opcode Fuzzy Hash: 9506e80656092c7a1dee49aed426a9bb5a76b3154b1f057bdcec8492d2482c94
              • Instruction Fuzzy Hash: 22D16FB2508384ABDB31DF50D949F9FBBF8FBC5704F01491DF6899A140DBB4864A8B62
              Function 00A4BDF5 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 406 a4bdf5-a4be0d call a4e28c call a4e360 411 a4ca90-a4ca9d 406->411 412 a4be13-a4be3d call a4aa36 406->412 412->411 415 a4be43-a4be48 412->415 416 a4be49-a4be57 415->416 417 a4be58-a4be6d call a4a6c7 416->417 420 a4be6f 417->420 421 a4be71-a4be86 call a417ac 420->421 424 a4be93-a4be96 421->424 425 a4be88-a4be8c 421->425 427 a4ca5c-a4ca87 call a4aa36 424->427 428 a4be9c 424->428 425->421 426 a4be8e 425->426 426->427 427->416 440 a4ca8d-a4ca8f 427->440 430 a4c074-a4c076 428->430 431 a4c115-a4c117 428->431 432 a4c132-a4c134 428->432 433 a4bea3-a4bea6 428->433 430->427 437 a4c07c-a4c088 430->437 431->427 434 a4c11d-a4c12d SetWindowTextW 431->434 432->427 435 a4c13a-a4c141 432->435 433->427 438 a4beac-a4bf06 call a49da4 call a3b965 call a3a49d call a3a5d7 call a370bf 433->438 434->427 435->427 439 a4c147-a4c160 435->439 441 a4c09c-a4c0a1 437->441 442 a4c08a-a4c09b call a57168 437->442 494 a4c045-a4c05a call a3a52a 438->494 444 a4c162 439->444 445 a4c168-a4c176 call a535b3 439->445 440->411 448 a4c0a3-a4c0a9 441->448 449 a4c0ab-a4c0b6 call a4ab9a 441->449 442->441 444->445 445->427 462 a4c17c-a4c185 445->462 453 a4c0bb-a4c0bd 448->453 449->453 456 a4c0bf-a4c0c6 call a535b3 453->456 457 a4c0c8-a4c0e8 call a535b3 call a535de 453->457 456->457 482 a4c101-a4c103 457->482 483 a4c0ea-a4c0f1 457->483 466 a4c187-a4c18b 462->466 467 a4c1ae-a4c1b1 462->467 466->467 473 a4c18d-a4c195 466->473 470 a4c296-a4c2a4 call a3fe56 467->470 471 a4c1b7-a4c1ba 467->471 486 a4c2a6-a4c2ba call a517cb 470->486 475 a4c1c7-a4c1e2 471->475 476 a4c1bc-a4c1c1 471->476 473->427 479 a4c19b-a4c1a9 call a3fe56 473->479 495 a4c1e4-a4c21e 475->495 496 a4c22c-a4c233 475->496 476->470 476->475 479->486 482->427 485 a4c109-a4c110 call a535ce 482->485 490 a4c0f3-a4c0f5 483->490 491 a4c0f8-a4c100 call a57168 483->491 485->427 505 a4c2c7-a4c318 call a3fe56 call a4a8d0 GetDlgItem SetWindowTextW SendMessageW call a535e9 486->505 506 a4c2bc-a4c2c0 486->506 490->491 491->482 512 a4c060-a4c06f call a3a4b3 494->512 513 a4bf0b-a4bf1f SetFileAttributesW 494->513 529 a4c220 495->529 530 a4c222-a4c224 495->530 498 a4c235-a4c24d call a535b3 496->498 499 a4c261-a4c284 call a535b3 * 2 496->499 498->499 516 a4c24f-a4c25c call a3fe2e 498->516 499->486 534 a4c286-a4c294 call a3fe2e 499->534 540 a4c31d-a4c321 505->540 506->505 511 a4c2c2-a4c2c4 506->511 511->505 512->427 518 a4bfc5-a4bfd5 GetFileAttributesW 513->518 519 a4bf25-a4bf58 call a3b4f7 call a3b207 call a535b3 513->519 516->499 518->494 527 a4bfd7-a4bfe6 DeleteFileW 518->527 550 a4bf5a-a4bf69 call a535b3 519->550 551 a4bf6b-a4bf79 call a3b925 519->551 527->494 533 a4bfe8-a4bfeb 527->533 529->530 530->496 537 a4bfef-a4c01b call a3400a GetFileAttributesW 533->537 534->486 547 a4bfed-a4bfee 537->547 548 a4c01d-a4c033 MoveFileW 537->548 540->427 544 a4c327-a4c33b SendMessageW 540->544 544->427 547->537 548->494 549 a4c035-a4c03f MoveFileExW 548->549 549->494 550->551 556 a4bf7f-a4bfbe call a535b3 call a4f350 550->556 551->512 551->556 556->518
              APIs
              • __EH_prolog.LIBCMT ref: 00A4BDFA
                • Part of subcall function 00A4AA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00A4AAFE
              • SetWindowTextW.USER32(?,?), ref: 00A4C127
              • _wcsrchr.LIBVCRUNTIME ref: 00A4C2B1
              • GetDlgItem.USER32(?,00000066), ref: 00A4C2EC
              • SetWindowTextW.USER32(00000000,?), ref: 00A4C2FC
              • SendMessageW.USER32(00000000,00000143,00000000,00A7A472), ref: 00A4C30A
              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A4C335
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
              • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
              • API String ID: 3564274579-312220925
              • Opcode ID: 9132d10e394ba6b0d1a5a9200e505f1b092e4495c3daee7c37dd9998c34d6ae1
              • Instruction ID: b2b27c86734ab6fea03b063eb6464480a19baf3166038dda30df0dd1a05f0c83
              • Opcode Fuzzy Hash: 9132d10e394ba6b0d1a5a9200e505f1b092e4495c3daee7c37dd9998c34d6ae1
              • Instruction Fuzzy Hash: 22E1857AD00118AADF25DBA0DD45EEF73BCAF98351F1041A6F609E3051EB749F898B60
              Function 00A3D341 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 555COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 561 a3d341-a3d378 call a4e28c call a4e360 call a515e8 568 a3d3ab-a3d3b4 call a3fe56 561->568 569 a3d37a-a3d3a9 GetModuleFileNameW call a3bc85 call a3fe2e 561->569 573 a3d3b9-a3d3dd call a39619 call a399b0 568->573 569->573 580 a3d3e3-a3d3eb 573->580 581 a3d7a0-a3d7a6 call a39653 573->581 583 a3d409-a3d438 call a55a90 * 2 580->583 584 a3d3ed-a3d405 call a43781 * 2 580->584 586 a3d7ab-a3d7bb 581->586 595 a3d43b-a3d43e 583->595 594 a3d407 584->594 594->583 596 a3d444-a3d44a call a39e40 595->596 597 a3d56c-a3d58f call a39d30 call a535d3 595->597 601 a3d44f-a3d476 call a39bf0 596->601 597->581 606 a3d595-a3d5b0 call a39bf0 597->606 607 a3d535-a3d538 601->607 608 a3d47c-a3d484 601->608 618 a3d5b2-a3d5b7 606->618 619 a3d5b9-a3d5cc call a535d3 606->619 609 a3d53b-a3d55d call a39d30 607->609 611 a3d486-a3d48e 608->611 612 a3d4af-a3d4ba 608->612 609->595 629 a3d563-a3d566 609->629 611->612 613 a3d490-a3d4aa call a55ec0 611->613 615 a3d4e5-a3d4ed 612->615 616 a3d4bc-a3d4c8 612->616 633 a3d52b-a3d533 613->633 634 a3d4ac 613->634 623 a3d519-a3d51d 615->623 624 a3d4ef-a3d4f7 615->624 616->615 622 a3d4ca-a3d4cf 616->622 626 a3d5f1-a3d5f8 618->626 619->581 639 a3d5d2-a3d5ee call a4137a call a535ce 619->639 622->615 630 a3d4d1-a3d4e3 call a55808 622->630 623->607 625 a3d51f-a3d522 623->625 624->623 631 a3d4f9-a3d513 call a55ec0 624->631 625->608 636 a3d5fa 626->636 637 a3d5fc-a3d625 call a3fdfb call a535d3 626->637 629->581 629->597 630->615 644 a3d527 630->644 631->581 631->623 633->609 634->612 636->637 650 a3d633-a3d649 637->650 651 a3d627-a3d62e call a535ce 637->651 639->626 644->633 654 a3d731-a3d757 call a3ce72 call a535ce * 2 650->654 655 a3d64f-a3d65d 650->655 651->581 686 a3d771-a3d79d call a55a90 * 2 654->686 687 a3d759-a3d76f call a43781 * 2 654->687 657 a3d664-a3d669 655->657 659 a3d66f-a3d678 657->659 660 a3d97c-a3d984 657->660 662 a3d684-a3d68b 659->662 663 a3d67a-a3d67e 659->663 664 a3d72b-a3d72e 660->664 665 a3d98a-a3d98e 660->665 667 a3d691-a3d6b6 662->667 668 a3d880-a3d891 call a3fcbf 662->668 663->660 663->662 664->654 669 a3d990-a3d996 665->669 670 a3d9de-a3d9e4 665->670 675 a3d6b9-a3d6de call a535b3 call a55808 667->675 688 a3d897-a3d8c0 call a3fe56 call a55885 668->688 689 a3d976-a3d979 668->689 676 a3d722-a3d725 669->676 677 a3d99c-a3d9a3 669->677 673 a3d9e6-a3d9ec 670->673 674 a3da0a-a3da2a call a3ce72 670->674 673->674 680 a3d9ee-a3d9f4 673->680 699 a3da02-a3da05 674->699 713 a3d6e0-a3d6ea 675->713 714 a3d6f6 675->714 676->657 676->664 683 a3d9a5-a3d9a8 677->683 684 a3d9ca 677->684 680->676 691 a3d9fa-a3da01 680->691 694 a3d9c6-a3d9c8 683->694 695 a3d9aa-a3d9ad 683->695 690 a3d9cc-a3d9d9 684->690 686->581 687->686 688->689 721 a3d8c6-a3d93c call a41596 call a3fdfb call a3fdd4 call a3fdfb call a558d9 688->721 689->660 690->676 691->699 694->690 701 a3d9c2-a3d9c4 695->701 702 a3d9af-a3d9b2 695->702 701->690 703 a3d9b4-a3d9b8 702->703 704 a3d9be-a3d9c0 702->704 703->680 709 a3d9ba-a3d9bc 703->709 704->690 709->690 713->714 715 a3d6ec-a3d6f4 713->715 716 a3d6f9-a3d6fd 714->716 715->716 716->675 720 a3d6ff-a3d706 716->720 722 a3d7be-a3d7c1 720->722 723 a3d70c-a3d71a call a3fdfb 720->723 753 a3d94a-a3d95f 721->753 754 a3d93e-a3d947 721->754 722->668 727 a3d7c7-a3d7ce 722->727 728 a3d71f 723->728 730 a3d7d0-a3d7d4 727->730 731 a3d7d6-a3d7d7 727->731 728->676 730->731 732 a3d7d9-a3d7e7 730->732 731->727 734 a3d7e9-a3d7ec 732->734 735 a3d808-a3d830 call a41596 732->735 737 a3d805 734->737 738 a3d7ee-a3d803 734->738 744 a3d853-a3d85b 735->744 745 a3d832-a3d84e call a535e9 735->745 737->735 738->734 738->737 748 a3d862-a3d87b call a3dd6b 744->748 749 a3d85d 744->749 745->728 748->728 749->748 756 a3d960-a3d967 753->756 754->753 757 a3d973-a3d974 756->757 758 a3d969-a3d96d 756->758 757->756 758->728 758->757
              APIs
              • __EH_prolog.LIBCMT ref: 00A3D346
              • _wcschr.LIBVCRUNTIME ref: 00A3D367
              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00A3D328,?), ref: 00A3D382
              • __fprintf_l.LIBCMT ref: 00A3D873
                • Part of subcall function 00A4137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00A3B652,00000000,?,?,?,00010448), ref: 00A41396
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
              • API String ID: 4184910265-980926923
              • Opcode ID: 26dbefccc7f21123c450ed4f55339f6e65f631c6b747a0777a43b83f2af322df
              • Instruction ID: 484ce89b0f30ff8d4e922d1252a82d08b1599876bf9445888561460d93d68006
              • Opcode Fuzzy Hash: 26dbefccc7f21123c450ed4f55339f6e65f631c6b747a0777a43b83f2af322df
              • Instruction Fuzzy Hash: F512AEB1D00219EEDF24DFA4E992BEEB7B5FF44700F10456AF506A7281EB709A45CB20
              Function 00A4CB5A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
                • Part of subcall function 00A4AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4AC85
                • Part of subcall function 00A4AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4AC96
                • Part of subcall function 00A4AC74: IsDialogMessageW.USER32(00010448,?), ref: 00A4ACAA
                • Part of subcall function 00A4AC74: TranslateMessage.USER32(?), ref: 00A4ACB8
                • Part of subcall function 00A4AC74: DispatchMessageW.USER32(?), ref: 00A4ACC2
              • GetDlgItem.USER32(00000068,00A8ECB0), ref: 00A4CB6E
              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,00A4A632,00000001,?,?,00A4AECB,00A64F88,00A8ECB0), ref: 00A4CB96
              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00A4CBA1
              • SendMessageW.USER32(00000000,000000C2,00000000,00A635B4), ref: 00A4CBAF
              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A4CBC5
              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00A4CBDF
              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A4CC23
              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00A4CC31
              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A4CC40
              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A4CC67
              • SendMessageW.USER32(00000000,000000C2,00000000,00A6431C), ref: 00A4CC76
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
              • String ID: \
              • API String ID: 3569833718-2967466578
              • Opcode ID: 3040dc8fc5ebfe3ddbf92fafff33a956683ae0f7cababa487882032d7517a727
              • Instruction ID: 1669b2e47ab62051f190b117411231318da1571b78685dc04f38d57a9336fc06
              • Opcode Fuzzy Hash: 3040dc8fc5ebfe3ddbf92fafff33a956683ae0f7cababa487882032d7517a727
              • Instruction Fuzzy Hash: 3C31DF71285752BFE301DF60DC4AFAB7FACEB82714F00051AF651962A1DB644D0ACBB6
              Function 00A4CE22 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 795 a4ce22-a4ce3a call a4e360 798 a4ce40-a4ce4c call a535b3 795->798 799 a4d08b-a4d093 795->799 798->799 802 a4ce52-a4ce7a call a4f350 798->802 805 a4ce84-a4ce91 802->805 806 a4ce7c 802->806 807 a4ce95-a4ce9e 805->807 808 a4ce93 805->808 806->805 809 a4ced6 807->809 810 a4cea0-a4cea2 807->810 808->807 812 a4ceda-a4cedd 809->812 811 a4ceaa-a4cead 810->811 813 a4ceb3-a4cebb 811->813 814 a4d03c-a4d041 811->814 815 a4cee4-a4cee6 812->815 816 a4cedf-a4cee2 812->816 817 a4d055-a4d05d 813->817 818 a4cec1-a4cec7 813->818 819 a4d036-a4d03a 814->819 820 a4d043 814->820 821 a4cef9-a4cf0e call a3b493 815->821 822 a4cee8-a4ceef 815->822 816->815 816->821 826 a4d065-a4d06d 817->826 827 a4d05f-a4d061 817->827 818->817 824 a4cecd-a4ced4 818->824 819->814 825 a4d048-a4d04c 819->825 820->825 830 a4cf27-a4cf32 call a3a180 821->830 831 a4cf10-a4cf1d call a417ac 821->831 822->821 828 a4cef1 822->828 824->809 824->811 825->817 826->812 827->826 828->821 837 a4cf34-a4cf4b call a3b239 830->837 838 a4cf4f-a4cf5c ShellExecuteExW 830->838 831->830 836 a4cf1f 831->836 836->830 837->838 840 a4cf62-a4cf6f 838->840 841 a4d08a 838->841 843 a4cf71-a4cf78 840->843 844 a4cf82-a4cf84 840->844 841->799 843->844 847 a4cf7a-a4cf80 843->847 845 a4cf86-a4cf8f 844->845 846 a4cf9b-a4cfba call a4d2e6 844->846 845->846 856 a4cf91-a4cf99 ShowWindow 845->856 848 a4cff1-a4cffd CloseHandle 846->848 865 a4cfbc-a4cfc4 846->865 847->844 847->848 849 a4d00e-a4d01c 848->849 850 a4cfff-a4d00c call a417ac 848->850 854 a4d01e-a4d020 849->854 855 a4d079-a4d07b 849->855 850->849 862 a4d072 850->862 854->855 860 a4d022-a4d028 854->860 855->841 859 a4d07d-a4d07f 855->859 856->846 859->841 863 a4d081-a4d084 ShowWindow 859->863 860->855 864 a4d02a-a4d034 860->864 862->855 863->841 864->855 865->848 866 a4cfc6-a4cfd7 GetExitCodeProcess 865->866 866->848 867 a4cfd9-a4cfe3 866->867 868 a4cfe5 867->868 869 a4cfea 867->869 868->869 869->848
              APIs
              • ShellExecuteExW.SHELL32(?), ref: 00A4CF54
              • ShowWindow.USER32(?,00000000), ref: 00A4CF93
              • GetExitCodeProcess.KERNEL32(?,?), ref: 00A4CFCF
              • CloseHandle.KERNEL32(?), ref: 00A4CFF5
              • ShowWindow.USER32(?,00000001), ref: 00A4D084
                • Part of subcall function 00A417AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00A3BB05,00000000,.exe,?,?,00000800,?,?,00A485DF,?), ref: 00A417C2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
              • String ID: $.exe$.inf
              • API String ID: 3686203788-2452507128
              • Opcode ID: d47ab000009d466d3daf8840812ece41d7f41d07f5663adb0b1781514066474f
              • Instruction ID: 8290ed0a490786fae2a8c24f7b77bbd9acdbf96146442a15cf38c8eb5be3d52c
              • Opcode Fuzzy Hash: d47ab000009d466d3daf8840812ece41d7f41d07f5663adb0b1781514066474f
              • Instruction Fuzzy Hash: C66135B8505380EADB31DF64D8146ABBBF9EFC1314F04481EF5CA97250D7B5898ACB92
              Function 00A5A058 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 870 a5a058-a5a071 871 a5a087-a5a08c 870->871 872 a5a073-a5a083 call a5e6ed 870->872 874 a5a08e-a5a096 871->874 875 a5a099-a5a0bd MultiByteToWideChar 871->875 872->871 882 a5a085 872->882 874->875 876 a5a250-a5a263 call a4ec4a 875->876 877 a5a0c3-a5a0cf 875->877 879 a5a0d1-a5a0e2 877->879 880 a5a123 877->880 883 a5a0e4-a5a0f3 call a61a30 879->883 884 a5a101-a5a112 call a58518 879->884 886 a5a125-a5a127 880->886 882->871 889 a5a245 883->889 897 a5a0f9-a5a0ff 883->897 884->889 898 a5a118 884->898 886->889 890 a5a12d-a5a140 MultiByteToWideChar 886->890 891 a5a247-a5a24e call a5a2c0 889->891 890->889 894 a5a146-a5a158 call a5a72c 890->894 891->876 899 a5a15d-a5a161 894->899 901 a5a11e-a5a121 897->901 898->901 899->889 902 a5a167-a5a16e 899->902 901->886 903 a5a170-a5a175 902->903 904 a5a1a8-a5a1b4 902->904 903->891 905 a5a17b-a5a17d 903->905 906 a5a1b6-a5a1c7 904->906 907 a5a200 904->907 905->889 908 a5a183-a5a19d call a5a72c 905->908 910 a5a1e2-a5a1f3 call a58518 906->910 911 a5a1c9-a5a1d8 call a61a30 906->911 909 a5a202-a5a204 907->909 908->891 923 a5a1a3 908->923 914 a5a206-a5a21f call a5a72c 909->914 915 a5a23e-a5a244 call a5a2c0 909->915 910->915 922 a5a1f5 910->922 911->915 926 a5a1da-a5a1e0 911->926 914->915 928 a5a221-a5a228 914->928 915->889 927 a5a1fb-a5a1fe 922->927 923->889 926->927 927->909 929 a5a264-a5a26a 928->929 930 a5a22a-a5a22b 928->930 931 a5a22c-a5a23c WideCharToMultiByte 929->931 930->931 931->915 932 a5a26c-a5a273 call a5a2c0 931->932 932->891
              APIs
              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A54E35,00A54E35,?,?,?,00A5A2A9,00000001,00000001,3FE85006), ref: 00A5A0B2
              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A5A2A9,00000001,00000001,3FE85006,?,?,?), ref: 00A5A138
              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A5A232
              • __freea.LIBCMT ref: 00A5A23F
                • Part of subcall function 00A58518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5C13D,00000000,?,00A567E2,?,00000008,?,00A589AD,?,?,?), ref: 00A5854A
              • __freea.LIBCMT ref: 00A5A248
              • __freea.LIBCMT ref: 00A5A26D
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ByteCharMultiWide__freea$AllocateHeap
              • String ID:
              • API String ID: 1414292761-0
              • Opcode ID: 52008767737e610afdbe53d5b75e34f49eaa037e2052215670173769b8d8002a
              • Instruction ID: ae2ac915b3cecc8590274f30a8304e75243a554166fc43c16b59deaf4eea25ff
              • Opcode Fuzzy Hash: 52008767737e610afdbe53d5b75e34f49eaa037e2052215670173769b8d8002a
              • Instruction Fuzzy Hash: F451BC72710206AEEB258F64CC42EEE77AAFB64751F144329FC05D6160EB75DC4886A2
              Function 00A4A2C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 935 a4a2c7-a4a2e6 GetClassNameW 936 a4a30e-a4a310 935->936 937 a4a2e8-a4a2fd call a417ac 935->937 938 a4a312-a4a314 936->938 939 a4a31b-a4a31f 936->939 942 a4a30d 937->942 943 a4a2ff-a4a30b FindWindowExW 937->943 938->939 942->936 943->942
              APIs
              • GetClassNameW.USER32(?,?,00000050), ref: 00A4A2DE
              • SHAutoComplete.SHLWAPI(?,00000010), ref: 00A4A315
                • Part of subcall function 00A417AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00A3BB05,00000000,.exe,?,?,00000800,?,?,00A485DF,?), ref: 00A417C2
              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00A4A305
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AutoClassCompareCompleteFindNameStringWindow
              • String ID: @Ut$EDIT
              • API String ID: 4243998846-2065656831
              • Opcode ID: 0037cc82c63809a203cc272c7b351cfffcf48c8d9ac7e3e017a39b2b4c260405
              • Instruction ID: 4e64713181c35943664d1c5f5a51c0070611769f567a15f0b18ba60ddfdbd15b
              • Opcode Fuzzy Hash: 0037cc82c63809a203cc272c7b351cfffcf48c8d9ac7e3e017a39b2b4c260405
              • Instruction Fuzzy Hash: 1FF0A73AB4122877E7309B64AC05FDB776C9F96B50F040056BD05E6180EB60AD42C6F6
              Function 00A4A335 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
                • Part of subcall function 00A40085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A400A0
                • Part of subcall function 00A40085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3EB86,Crypt32.dll,00000000,00A3EC0A,?,?,00A3EBEC,?,?,?), ref: 00A400C2
              • OleInitialize.OLE32(00000000), ref: 00A4A34E
              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00A4A385
              • SHGetMalloc.SHELL32(00A78430), ref: 00A4A38F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
              • String ID: riched20.dll$3Qo
              • API String ID: 3498096277-4232643773
              • Opcode ID: 766b16d7a546693c10d40af44502f1ef53ab3254ed9c73b8c04aec2e50547f20
              • Instruction ID: b6dd4302aeace3beb7939c8cd1c41aadf517fbac37e33c20fbcbc939c5b81b20
              • Opcode Fuzzy Hash: 766b16d7a546693c10d40af44502f1ef53ab3254ed9c73b8c04aec2e50547f20
              • Instruction Fuzzy Hash: E4F0FFB5D00209ABCB10EF99D949AEFFBFCEF95701F00415BE914E2200DBB456058BA1
              Function 00A399B0 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 948 a399b0-a399d1 call a4e360 951 a399d3-a399d6 948->951 952 a399dc 948->952 951->952 953 a399d8-a399da 951->953 954 a399de-a399fb 952->954 953->954 955 a39a03-a39a0d 954->955 956 a399fd 954->956 957 a39a12-a39a31 call a370bf 955->957 958 a39a0f 955->958 956->955 961 a39a33 957->961 962 a39a39-a39a57 CreateFileW 957->962 958->957 961->962 963 a39abb-a39ac0 962->963 964 a39a59-a39a7b GetLastError call a3b66c 962->964 966 a39ac2-a39ac5 963->966 967 a39ae1-a39af5 963->967 972 a39aaa-a39aaf 964->972 973 a39a7d-a39a9f CreateFileW GetLastError 964->973 966->967 969 a39ac7-a39adb SetFileTime 966->969 970 a39b13-a39b1e 967->970 971 a39af7-a39b0f call a3fe56 967->971 969->967 971->970 972->963 977 a39ab1 972->977 975 a39aa1 973->975 976 a39aa5-a39aa8 973->976 975->976 976->963 976->972 977->963
              APIs
              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,00A378AD,?,00000005,?,00000011), ref: 00A39A4C
              • GetLastError.KERNEL32(?,?,00A378AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A39A59
              • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,00A378AD,?,00000005,?), ref: 00A39A8E
              • GetLastError.KERNEL32(?,?,00A378AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A39A96
              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00A378AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A39ADB
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: File$CreateErrorLast$Time
              • String ID:
              • API String ID: 1999340476-0
              • Opcode ID: 2e0301b7e451328a24348d45ae3f913c02d0f9533d84b3bd91a9ca31797750ba
              • Instruction ID: dcdf51f988f271fae48ebe613bb95347952348468a7c46af4aada99721ead5ad
              • Opcode Fuzzy Hash: 2e0301b7e451328a24348d45ae3f913c02d0f9533d84b3bd91a9ca31797750ba
              • Instruction Fuzzy Hash: F54122319447466FE720CB60CC06BDBBBE4BB01324F100719F9A4961D1E7F5A98A8BA1
              Function 00A4AC74 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1007 a4ac74-a4ac8d PeekMessageW 1008 a4ac8f-a4aca3 GetMessageW 1007->1008 1009 a4acc8-a4accc 1007->1009 1010 a4acb4-a4acc2 TranslateMessage DispatchMessageW 1008->1010 1011 a4aca5-a4acb2 IsDialogMessageW 1008->1011 1010->1009 1011->1009 1011->1010
              APIs
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4AC85
              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4AC96
              • IsDialogMessageW.USER32(00010448,?), ref: 00A4ACAA
              • TranslateMessage.USER32(?), ref: 00A4ACB8
              • DispatchMessageW.USER32(?), ref: 00A4ACC2
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Message$DialogDispatchPeekTranslate
              • String ID:
              • API String ID: 1266772231-0
              • Opcode ID: 98b13ca2144563ad67246cd7b72a9a1c7524b6282b922c9d5f302f03228004cb
              • Instruction ID: ec78793f33552a89d47a95bd1fec3e07b17f6637e1a66e3d7714246ae7d31c86
              • Opcode Fuzzy Hash: 98b13ca2144563ad67246cd7b72a9a1c7524b6282b922c9d5f302f03228004cb
              • Instruction Fuzzy Hash: 9BF0D071E42229BB9B20DBE6EC4CEEB7FACEE152517404416F519D2110EB38D946C7F1
              Function 00A4D287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1012 a4d287-a4d2b2 call a4e360 SetEnvironmentVariableW call a3fbd8 1016 a4d2b7-a4d2bb 1012->1016 1017 a4d2bd-a4d2c1 1016->1017 1018 a4d2df-a4d2e3 1016->1018 1019 a4d2ca-a4d2d1 call a3fcf1 1017->1019 1022 a4d2c3-a4d2c9 1019->1022 1023 a4d2d3-a4d2d9 SetEnvironmentVariableW 1019->1023 1022->1019 1023->1018
              APIs
              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00A4D29D
              • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00A4D2D9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: EnvironmentVariable
              • String ID: sfxcmd$sfxpar
              • API String ID: 1431749950-3493335439
              • Opcode ID: 2748d1f28f8659508c1c43ef1891c8e142df59cba82176bb9f6452a0ac6c1c92
              • Instruction ID: 9bb8ae1a84f35b4b34372a4472951b3ee80d0f1d10edf402d82611a24a1e759c
              • Opcode Fuzzy Hash: 2748d1f28f8659508c1c43ef1891c8e142df59cba82176bb9f6452a0ac6c1c92
              • Instruction Fuzzy Hash: 76F0A0B6C11228BACF206FE09C0AAFABB79BF09B51F000522FD84A6141D6A0CD41D7F1
              Function 00A3984E Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1024 a3984e-a3985a 1025 a39867-a3987e ReadFile 1024->1025 1026 a3985c-a39864 GetStdHandle 1024->1026 1027 a39880-a39889 call a39989 1025->1027 1028 a398da 1025->1028 1026->1025 1032 a398a2-a398a6 1027->1032 1033 a3988b-a39893 1027->1033 1030 a398dd-a398e2 1028->1030 1035 a398b7-a398bb 1032->1035 1036 a398a8-a398b1 GetLastError 1032->1036 1033->1032 1034 a39895 1033->1034 1037 a39896-a398a0 call a3984e 1034->1037 1039 a398d5-a398d8 1035->1039 1040 a398bd-a398c5 1035->1040 1036->1035 1038 a398b3-a398b5 1036->1038 1037->1030 1038->1030 1039->1030 1040->1039 1042 a398c7-a398d0 GetLastError 1040->1042 1042->1039 1044 a398d2-a398d3 1042->1044 1044->1037
              APIs
              • GetStdHandle.KERNEL32(000000F6), ref: 00A3985E
              • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00A39876
              • GetLastError.KERNEL32 ref: 00A398A8
              • GetLastError.KERNEL32 ref: 00A398C7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorLast$FileHandleRead
              • String ID:
              • API String ID: 2244327787-0
              • Opcode ID: ce6cf7049847361a82a9158cb3ddca8e422fe8559b7b253d6f27671d00fac5c3
              • Instruction ID: 18e7dd76ce8c9d28fde76264c8fe4a7017a27d81adc9646ae2fa1bcb9130941c
              • Opcode Fuzzy Hash: ce6cf7049847361a82a9158cb3ddca8e422fe8559b7b253d6f27671d00fac5c3
              • Instruction Fuzzy Hash: FC118E31904304EBDF209F55C804ABB77F8FB86731F10852AF86A85690D7F59E459F51
              Function 00A5A4F4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A3CFE0,00000000,00000000,?,00A5A49B,00A3CFE0,00000000,00000000,00000000,?,00A5A698,00000006,FlsSetValue), ref: 00A5A526
              • GetLastError.KERNEL32(?,00A5A49B,00A3CFE0,00000000,00000000,00000000,?,00A5A698,00000006,FlsSetValue,00A67348,00A67350,00000000,00000364,?,00A59077), ref: 00A5A532
              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A5A49B,00A3CFE0,00000000,00000000,00000000,?,00A5A698,00000006,FlsSetValue,00A67348,00A67350,00000000), ref: 00A5A540
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: LibraryLoad$ErrorLast
              • String ID:
              • API String ID: 3177248105-0
              • Opcode ID: 3ab9ef0554e3c5e6dc9e31bbd96e92d088eae1aa9e98c4e75a80b365bd4dad5c
              • Instruction ID: 5d92da382c12b07efc816e5ae7a8d14efb7ac4038d34cef0c6d9b384ad91cf6c
              • Opcode Fuzzy Hash: 3ab9ef0554e3c5e6dc9e31bbd96e92d088eae1aa9e98c4e75a80b365bd4dad5c
              • Instruction Fuzzy Hash: 66012033751222ABCF21CBA89C44E567B78BF657A27110720FD0BD3140E771D906CAD1
              Function 00A39F2F Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
              Download Yara Rule
              APIs
              • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,00A3CC94,00000001,?,?,?,00000000,00A44ECD,?,?,?), ref: 00A39F4C
              • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00A44ECD,?,?,?,?,?,00A44972,?), ref: 00A39F8E
              • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,00A3CC94,00000001,?,?), ref: 00A39FB8
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FileWrite$Handle
              • String ID:
              • API String ID: 4209713984-0
              • Opcode ID: 89eb41933692c394b7b4f36a15a6acdc27170ef655b9b9fa0c5e5346c5b66802
              • Instruction ID: 630765f4f8c0c40adeb36b873039077a542cb42c3b1d1ff81bbfa04e34e5072c
              • Opcode Fuzzy Hash: 89eb41933692c394b7b4f36a15a6acdc27170ef655b9b9fa0c5e5346c5b66802
              • Instruction Fuzzy Hash: 2D31E2712083159BDF148F24D948B6BBBA8EB61710F048559F885DA281C7B5DD49CBA2
              Function 00A3A207 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
              Download Yara Rule
              APIs
              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A22E
              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A261
              • GetLastError.KERNEL32(?,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A27E
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CreateDirectory$ErrorLast
              • String ID:
              • API String ID: 2485089472-0
              • Opcode ID: 3cb5838baf42c2d046a68965275404788f868f87b1e2b705a49a9140f136aa8c
              • Instruction ID: 094701e03b8beacc5856ecbe8f210a00cd0578d65a2468ca95271e50274f9b30
              • Opcode Fuzzy Hash: 3cb5838baf42c2d046a68965275404788f868f87b1e2b705a49a9140f136aa8c
              • Instruction Fuzzy Hash: 7B01B57155023466DF329BF44C06BEF735CAF2A741F044455F981D50B2D7A6CA42C6B3
              Function 00A5AFF4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
              Download Yara Rule
              APIs
              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00A5B019
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Info
              • String ID:
              • API String ID: 1807457897-3916222277
              • Opcode ID: 135074c3226ba69f38bd3d4c2fa607d46a76c15e23f224120156904fa56dd577
              • Instruction ID: fd3df86a05ec1c31cbd561db84619c1df42812d1ec11d03e99020f89d6c1dbed
              • Opcode Fuzzy Hash: 135074c3226ba69f38bd3d4c2fa607d46a76c15e23f224120156904fa56dd577
              • Instruction Fuzzy Hash: FE4136B050434C9ADF218F248C95AFBBBB9FB45306F2405ECE99A87182D3359A49CF70
              Function 00A5A72C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 00A5A79D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: String
              • String ID: LCMapStringEx
              • API String ID: 2568140703-3893581201
              • Opcode ID: 9a40f83b8b7131858025035ff158504cb6a1f5beb4e955095055694d55886c37
              • Instruction ID: 340ea529fc634a2ca5a524bd671ea46579a560a0fe500370197302a2ad6a941b
              • Opcode Fuzzy Hash: 9a40f83b8b7131858025035ff158504cb6a1f5beb4e955095055694d55886c37
              • Instruction Fuzzy Hash: 4F01C236644209BBCF029FA0DD05DEE3F76FB1C750F044654FE1465160CA728932AB91
              Function 00A5A6CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
              Download Yara Rule
              APIs
              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00A59D2F), ref: 00A5A715
              Strings
              • InitializeCriticalSectionEx, xrefs: 00A5A6E5
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CountCriticalInitializeSectionSpin
              • String ID: InitializeCriticalSectionEx
              • API String ID: 2593887523-3084827643
              • Opcode ID: 5ad36fe03361ad93f12a0828955d9fc791b819375b54821fc93f59236343c562
              • Instruction ID: db13015db84255294d2c22f4a17eebef62e563f977c50acda0382eaf81cf7e08
              • Opcode Fuzzy Hash: 5ad36fe03361ad93f12a0828955d9fc791b819375b54821fc93f59236343c562
              • Instruction Fuzzy Hash: 32F0E23574520CBBCF01AFA0CC05CAE7FB1FF69721B004654FC095A260DAB14E12EB91
              Function 00A5A56F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Alloc
              • String ID: FlsAlloc
              • API String ID: 2773662609-671089009
              • Opcode ID: 3a761c93f9b90941890ed03eb729176264fb783ea5308e3c5ca7e55d1ee4b26c
              • Instruction ID: 012b121248f1ffe7cfbfdc6211b8895ec2da8947878adf7b9990b17d91a1e959
              • Opcode Fuzzy Hash: 3a761c93f9b90941890ed03eb729176264fb783ea5308e3c5ca7e55d1ee4b26c
              • Instruction Fuzzy Hash: 30E05531B5522C7B8610EBA0CC02CAEBBB0FB36722B000214FC055B240DEB00E0292D6
              Function 00A5329A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
              Download Yara Rule
              APIs
              • try_get_function.LIBVCRUNTIME ref: 00A532AF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: try_get_function
              • String ID: FlsAlloc
              • API String ID: 2742660187-671089009
              • Opcode ID: 131ee03af27896344e302a7893a2afeae40889d3934c380512650e097f00ce20
              • Instruction ID: 9e6b5dbf179688852050f07b504f4f114087f5f1c794d532c811dcff96333294
              • Opcode Fuzzy Hash: 131ee03af27896344e302a7893a2afeae40889d3934c380512650e097f00ce20
              • Instruction Fuzzy Hash: CAD02B27F80A387A8D1433E0AC039AE7E14B741FF6F490752FF0C1A18286B1450181E5
              Function 00A4E1F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E20B
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID: 3Qo
              • API String ID: 1269201914-1944013411
              • Opcode ID: d75599086813c334e9fbd05287d483c2dcc01b70ee4b5ed79cce71751642177c
              • Instruction ID: 364f250821fea0a5a21e1f5b62f31b2a8458c357b97554fe7dad84fe1142dba5
              • Opcode Fuzzy Hash: d75599086813c334e9fbd05287d483c2dcc01b70ee4b5ed79cce71751642177c
              • Instruction Fuzzy Hash: C5B012A937E0017C3A1C51007F16D77033CD5C0B50330881BB205D4081AE814D4D4032
              Function 00A5B350 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A5AF1B: GetOEMCP.KERNEL32(00000000,?,?,00A5B1A5,?), ref: 00A5AF46
              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00A5B1EA,?,00000000), ref: 00A5B3C4
              • GetCPInfo.KERNEL32(00000000,00A5B1EA,?,?,?,00A5B1EA,?,00000000), ref: 00A5B3D7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CodeInfoPageValid
              • String ID:
              • API String ID: 546120528-0
              • Opcode ID: 96bfe1b10862c372b37ef3770ceb7e2ad80ffb984c255246eef58429fc48485b
              • Instruction ID: 9cf2ddd8b1cabeeff94f15c4c5ace315aa531d6a5cebdc5c38f33256bee5ca3a
              • Opcode Fuzzy Hash: 96bfe1b10862c372b37ef3770ceb7e2ad80ffb984c255246eef58429fc48485b
              • Instruction Fuzzy Hash: FB515574A102059EDB34CF71C8816BABBF5FF50312F18416EE8968B253D734954ACBA1
              Function 00A31385 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A31385
                • Part of subcall function 00A36057: __EH_prolog.LIBCMT ref: 00A3605C
                • Part of subcall function 00A3C827: __EH_prolog.LIBCMT ref: 00A3C82C
                • Part of subcall function 00A3C827: new.LIBCMT ref: 00A3C86F
                • Part of subcall function 00A3C827: new.LIBCMT ref: 00A3C893
              • new.LIBCMT ref: 00A313FE
                • Part of subcall function 00A3B07D: __EH_prolog.LIBCMT ref: 00A3B082
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 7c2ebc0e85867505342e4d946e978b2bdd01ad90d7e04177ae471e16b40f70e0
              • Instruction ID: 712385fb1d611fbb7602e3cae8fd31e70d78111bb75462aa7e230ed279293212
              • Opcode Fuzzy Hash: 7c2ebc0e85867505342e4d946e978b2bdd01ad90d7e04177ae471e16b40f70e0
              • Instruction Fuzzy Hash: C14124B0805B409EE724DF7989859E7FBE5FF18310F504A2EE6EE83282DB726554CB11
              Function 00A31380 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A31385
                • Part of subcall function 00A36057: __EH_prolog.LIBCMT ref: 00A3605C
                • Part of subcall function 00A3C827: __EH_prolog.LIBCMT ref: 00A3C82C
                • Part of subcall function 00A3C827: new.LIBCMT ref: 00A3C86F
                • Part of subcall function 00A3C827: new.LIBCMT ref: 00A3C893
              • new.LIBCMT ref: 00A313FE
                • Part of subcall function 00A3B07D: __EH_prolog.LIBCMT ref: 00A3B082
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: f3301a1ec1bb7dfcb5819873d04a4c13c5c9b52e9e0ddf3d527bc72b4c6c09b0
              • Instruction ID: adf569fd84389136bb80c955177370259fad208ef0d70b6f4de3a0617899eb23
              • Opcode Fuzzy Hash: f3301a1ec1bb7dfcb5819873d04a4c13c5c9b52e9e0ddf3d527bc72b4c6c09b0
              • Instruction Fuzzy Hash: C94136B0805B409EE724DF7985859E7FBE5FF18300F504A2EE2EE83282DB726554CB11
              Function 00A5B188 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A58FA5: GetLastError.KERNEL32(?,00A70EE8,00A53E14,00A70EE8,?,?,00A53713,00000050,?,00A70EE8,00000200), ref: 00A58FA9
                • Part of subcall function 00A58FA5: _free.LIBCMT ref: 00A58FDC
                • Part of subcall function 00A58FA5: SetLastError.KERNEL32(00000000,?,00A70EE8,00000200), ref: 00A5901D
                • Part of subcall function 00A58FA5: _abort.LIBCMT ref: 00A59023
                • Part of subcall function 00A5B2AE: _abort.LIBCMT ref: 00A5B2E0
                • Part of subcall function 00A5B2AE: _free.LIBCMT ref: 00A5B314
                • Part of subcall function 00A5AF1B: GetOEMCP.KERNEL32(00000000,?,?,00A5B1A5,?), ref: 00A5AF46
              • _free.LIBCMT ref: 00A5B200
              • _free.LIBCMT ref: 00A5B236
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$ErrorLast_abort
              • String ID:
              • API String ID: 2991157371-0
              • Opcode ID: e22ea14bfefe0d687bc245bf1c6699eaac6ee5fbece2150fef2847def3d1e3a0
              • Instruction ID: 910c4c24eb81242fc96f506f91898be96b9b6ee61d3af5f3fc40d5c114c15b52
              • Opcode Fuzzy Hash: e22ea14bfefe0d687bc245bf1c6699eaac6ee5fbece2150fef2847def3d1e3a0
              • Instruction Fuzzy Hash: 2631E231904208AFDB10EFA9D941BADB7F1FF40323F254199EC14AB291EB759D49CB60
              Function 00A3971E Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00A39EDC,?,?,00A37867), ref: 00A397A6
              • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00A39EDC,?,?,00A37867), ref: 00A397DB
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: c658104232615c0083f55f68964ef775d4dcb5aff76142a2eacf1c9d923890bc
              • Instruction ID: 158f79b3cf55271749d3cb9eaa335c4a832e208f2b8f49c128ee506ef3e6d672
              • Opcode Fuzzy Hash: c658104232615c0083f55f68964ef775d4dcb5aff76142a2eacf1c9d923890bc
              • Instruction Fuzzy Hash: D02108B1514748AFE7308F64CC86FA7B7E8EB49764F00892DF5E5821D1C3B4AC898B61
              Function 00A39D62 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
              Download Yara Rule
              APIs
              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00A37547,?,?,?,?), ref: 00A39D7C
              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A39E2C
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: File$BuffersFlushTime
              • String ID:
              • API String ID: 1392018926-0
              • Opcode ID: 7d8ffc977e0604fa983a3e75209d14189eb6d5a4a38bd9841d93174502306041
              • Instruction ID: 40529004410f5a0e6785440a6534307af8873800ba201239e29fb1e00651e927
              • Opcode Fuzzy Hash: 7d8ffc977e0604fa983a3e75209d14189eb6d5a4a38bd9841d93174502306041
              • Instruction Fuzzy Hash: 7B21E532148246ABD714DF64C892EABBBE4AF95744F04081DF8C1C7141D369EE0DDBA1
              Function 00A5A458 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetProcAddress.KERNEL32(00000000,00A63958), ref: 00A5A4B8
              • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A5A4C5
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AddressProc__crt_fast_encode_pointer
              • String ID:
              • API String ID: 2279764990-0
              • Opcode ID: 6e73b5581c1b691d363091bed37b718d2c44949f8c63cfb76ce620d3c8f0c5b0
              • Instruction ID: 981b321b056348f0e6c9a332075710f8458d2fef334665e92f60c63ac4a69aa7
              • Opcode Fuzzy Hash: 6e73b5581c1b691d363091bed37b718d2c44949f8c63cfb76ce620d3c8f0c5b0
              • Instruction Fuzzy Hash: FE110A37B011215B9F21DFA8EC4486A73B5BB913217164320FD15AB254DAB0DC46C6D3
              Function 00A39B59 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
              Download Yara Rule
              APIs
              • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00A39B35,?,?,00000000,?,?,00A38D9C,?), ref: 00A39BC0
              • GetLastError.KERNEL32 ref: 00A39BCD
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorFileLastPointer
              • String ID:
              • API String ID: 2976181284-0
              • Opcode ID: e370d9f870a79d11693c99361834097da4345c9c5da64b993b0937e264ce2f3e
              • Instruction ID: 47cc8686bf3ab66d3cc1f6e77d7a906c263750236f27326ca33e34ddf23783a4
              • Opcode Fuzzy Hash: e370d9f870a79d11693c99361834097da4345c9c5da64b993b0937e264ce2f3e
              • Instruction Fuzzy Hash: 8301C4323043159B8B08CF65AD949BFF3A9AFC5721F14452DF92687290CAB1DC069A21
              Function 00A39E40 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
              Download Yara Rule
              APIs
              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00A39E76
              • GetLastError.KERNEL32 ref: 00A39E82
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorFileLastPointer
              • String ID:
              • API String ID: 2976181284-0
              • Opcode ID: 90bf5e5f1ac83a688a27be521694a9f8b9a4009ff24880f9507452423616d679
              • Instruction ID: 83da7a33bca7ca2e8ff2e54fb20e8322671e868c8a063374edb5414209927765
              • Opcode Fuzzy Hash: 90bf5e5f1ac83a688a27be521694a9f8b9a4009ff24880f9507452423616d679
              • Instruction Fuzzy Hash: D7019E727043006BEB34DF69DD44B6BB6E99B88324F24893EF156C2680DAB5EC488A10
              Function 00A58606 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 00A58627
                • Part of subcall function 00A58518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5C13D,00000000,?,00A567E2,?,00000008,?,00A589AD,?,?,?), ref: 00A5854A
              • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00A70F50,00A3CE57,?,?,?,?,?,?), ref: 00A58663
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Heap$AllocAllocate_free
              • String ID:
              • API String ID: 2447670028-0
              • Opcode ID: ee0c0ec8c424989b98ace5b748280301c71097fdb01c6ce4b7789af75aa62abe
              • Instruction ID: 3f1ea4bf059aa227bf06c5ccd26fbe3fa7f447a55c4403a323b38812dfca66f8
              • Opcode Fuzzy Hash: ee0c0ec8c424989b98ace5b748280301c71097fdb01c6ce4b7789af75aa62abe
              • Instruction Fuzzy Hash: 7DF0F632201116A6CB212B21AC00F6F3778BFE1BB3F244115FC64B79A1EF3CC80955A5
              Function 00A40908 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
              Download Yara Rule
              APIs
              • GetCurrentProcess.KERNEL32(?,?), ref: 00A40915
              • GetProcessAffinityMask.KERNEL32(00000000), ref: 00A4091C
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Process$AffinityCurrentMask
              • String ID:
              • API String ID: 1231390398-0
              • Opcode ID: 84c35affd7dff3acd00ed31429b89bf535ac06c6f673f0ed7d7b2ec5cd171e32
              • Instruction ID: ec5933103cadbaa04e21e7a6a62ce4c06221424a4683359fbd4deb0c33f3bd71
              • Opcode Fuzzy Hash: 84c35affd7dff3acd00ed31429b89bf535ac06c6f673f0ed7d7b2ec5cd171e32
              • Instruction Fuzzy Hash: 82E09B77E14105ABEF05CBE49C04CBB73ADDB88214721417DEA07D3202F530DD0696A0
              Function 00A3A444 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
              Download Yara Rule
              APIs
              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A3A27A,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A458
              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A3A27A,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A489
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: 5bde3812409dd03cfd79191a399937a7b29116ffd6901e853afe88ddda72ec58
              • Instruction ID: 689e9157e8e63ba9ef529ce16b034e6062b0c1c7bbda9e7d1d7111c6116284bc
              • Opcode Fuzzy Hash: 5bde3812409dd03cfd79191a399937a7b29116ffd6901e853afe88ddda72ec58
              • Instruction Fuzzy Hash: A9F0A03125121D7BDF129F60DC05FD9376CBB14381F04C055FD8886161DBB29AA9AA50
              Function 00A4D573 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemText_swprintf
              • String ID:
              • API String ID: 3011073432-0
              • Opcode ID: efb2e9f31a14102d35810ecb67887c1bbc658d1257d6986d6ab491755eb6cf72
              • Instruction ID: 7701172f357d9ed677d43395f67fbbd2d889a951fe247ca8ad0197ebda5beb7b
              • Opcode Fuzzy Hash: efb2e9f31a14102d35810ecb67887c1bbc658d1257d6986d6ab491755eb6cf72
              • Instruction Fuzzy Hash: 17F055356403487AEB11EBF09C0AFAA3B2CEB04345F000692B604A30A2DE756A608762
              Function 00A3A12D Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
              Download Yara Rule
              APIs
              • DeleteFileW.KERNELBASE(?,?,?,00A3984C,?,?,00A39688,?,?,?,?,00A61FA1,000000FF), ref: 00A3A13E
              • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00A3984C,?,?,00A39688,?,?,?,?,00A61FA1,000000FF), ref: 00A3A16C
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: DeleteFile
              • String ID:
              • API String ID: 4033686569-0
              • Opcode ID: f3de02f78ae4627f38d508f86576976eb061b63056cb2500e981541ad0120224
              • Instruction ID: f2e2518c91555e1435c271ecbbbc23f960558b2d7e42e48dbea20e0ad1b4ab4c
              • Opcode Fuzzy Hash: f3de02f78ae4627f38d508f86576976eb061b63056cb2500e981541ad0120224
              • Instruction Fuzzy Hash: DFE0923A6402186BDB119F70DC41FE9776CBB09381F484065B988C7061DB729D99AAA0
              Function 00A4A39D Relevance: 3.0, APIs: 2, Instructions: 27COMMON
              Download Yara Rule
              APIs
              • GdiplusShutdown.GDIPLUS(?,?,?,?,00A61FA1,000000FF), ref: 00A4A3D1
              • CoUninitialize.COMBASE(?,?,?,?,00A61FA1,000000FF), ref: 00A4A3D6
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: GdiplusShutdownUninitialize
              • String ID:
              • API String ID: 3856339756-0
              • Opcode ID: fd21f1aa5c2426209ac72a955206ca59ac6a472ae0dbe4c4b32f44b3487e5598
              • Instruction ID: ec8ee40333a3cab00ab907bd86f44948578c0a5099d82e87258ca187397c9d1f
              • Opcode Fuzzy Hash: fd21f1aa5c2426209ac72a955206ca59ac6a472ae0dbe4c4b32f44b3487e5598
              • Instruction Fuzzy Hash: 4BF0A032618604EFCB00DB8CDC05B45FBBCFB89B20F04436AF40983760CB746801CA80
              Function 00A3A194 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
              Download Yara Rule
              APIs
              • GetFileAttributesW.KERNELBASE(?,?,?,00A3A189,?,00A376B2,?,?,?,?), ref: 00A3A1A5
              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00A3A189,?,00A376B2,?,?,?,?), ref: 00A3A1D1
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: 09e435df1b561f7a416cda13e97c19c68400796937464e639ff11968c47f9017
              • Instruction ID: 994ff263ed2e9853babcdf909643de1ecf2f92ab3570f979426b61585c0bc689
              • Opcode Fuzzy Hash: 09e435df1b561f7a416cda13e97c19c68400796937464e639ff11968c47f9017
              • Instruction Fuzzy Hash: 4EE09B3690012857CB21EB64DC05BE5776CAB183F1F004261FE44D3191D7709D459AE0
              Function 00A40085 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
              Download Yara Rule
              APIs
              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A400A0
              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3EB86,Crypt32.dll,00000000,00A3EC0A,?,?,00A3EBEC,?,?,?), ref: 00A400C2
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: DirectoryLibraryLoadSystem
              • String ID:
              • API String ID: 1175261203-0
              • Opcode ID: b10a93241451036fbbdcf59d5966da1690474d00a7d07ac4cc3607c831bcbbdb
              • Instruction ID: dacccf0d2bd9921eeb45a89916e303577703b6a09646af520ff89d538c59bfa4
              • Opcode Fuzzy Hash: b10a93241451036fbbdcf59d5966da1690474d00a7d07ac4cc3607c831bcbbdb
              • Instruction Fuzzy Hash: BBE0127691511C6ADB21DBA49C05FD6776CFF49392F0400A5BA48D3105DAB49A448BB0
              Function 00A49B0F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
              Download Yara Rule
              APIs
              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00A49B30
              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00A49B37
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: BitmapCreateFromGdipStream
              • String ID:
              • API String ID: 1918208029-0
              • Opcode ID: 938f81c53c98e049d453376f7840e61b36b8b7c0426f4b78015bd43ebb2e9648
              • Instruction ID: d2a5e55e0e084715d5d17d60a7c5b3229d7fcf80f55317ae8a06f2a239b7fcf7
              • Opcode Fuzzy Hash: 938f81c53c98e049d453376f7840e61b36b8b7c0426f4b78015bd43ebb2e9648
              • Instruction Fuzzy Hash: 9BE0ED79901218EBCB20DF98D5016DAB7FCEB49321F10805BE89593200D6B16E149B91
              Function 00A5215C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A5329A: try_get_function.LIBVCRUNTIME ref: 00A532AF
              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A5217A
              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00A52185
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
              • String ID:
              • API String ID: 806969131-0
              • Opcode ID: 61d16676eaa37fa2cab7b9ed5686b81efcc7f56d0411e8d6679e835185e694cf
              • Instruction ID: 95453eb77e90ae5d1f657370a3fe036798733698b36064af2382367e10a10da8
              • Opcode Fuzzy Hash: 61d16676eaa37fa2cab7b9ed5686b81efcc7f56d0411e8d6679e835185e694cf
              • Instruction Fuzzy Hash: 93D0A93A208B02342C0867B029423AB23A478A3BB73E00B46EE208A0D2EF31804D6321
              Function 00A4DC67 Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • DloadLock.DELAYIMP ref: 00A4DC73
              • DloadProtectSection.DELAYIMP ref: 00A4DC8F
                • Part of subcall function 00A4DE67: DloadObtainSection.DELAYIMP ref: 00A4DE77
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Dload$Section$LockObtainProtect
              • String ID:
              • API String ID: 731663317-0
              • Opcode ID: 5c66e6ef647ade1154e68e14384a88e6ca9617af75b79f1e3b25d1ad64d89aaf
              • Instruction ID: de80db579d1528065c9bafe3db12cf418043c2697eb24be54948e1372d87ed18
              • Opcode Fuzzy Hash: 5c66e6ef647ade1154e68e14384a88e6ca9617af75b79f1e3b25d1ad64d89aaf
              • Instruction Fuzzy Hash: 87D0127C6002005EC611EBB49A8AB1C32B0BB847C4FA40647F106C70A0DFF44C82C605
              Function 00A312E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemShowWindow
              • String ID:
              • API String ID: 3351165006-0
              • Opcode ID: f3c4b3f6d605cfa3f69c2b10e7cdcedb0fa5e9cdc9bc851c62768008f9d8cd14
              • Instruction ID: 5d355e7123eb56f2f76194251f2f2e48e1078691ece489e5793fdb839b8d64db
              • Opcode Fuzzy Hash: f3c4b3f6d605cfa3f69c2b10e7cdcedb0fa5e9cdc9bc851c62768008f9d8cd14
              • Instruction Fuzzy Hash: C0C01232158100BECF014BB0DC09E2F7BA8AB94211F15CA0AB2A5C0060C638C020DB51
              Function 00A319A6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 5594f23319c24f47dd141e8e7a41017b90a356fb23058c33d8914b200a38ba19
              • Instruction ID: 0af5602d03a5578de599f05f37548d0a49a3f15a541315441c5283899fa8bc07
              • Opcode Fuzzy Hash: 5594f23319c24f47dd141e8e7a41017b90a356fb23058c33d8914b200a38ba19
              • Instruction Fuzzy Hash: 53C1CD30A042449FEF25CF68C894BA97BB5EF1A300F1844BAFC46DF286CB759945CB61
              Function 00A33B3D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 8b73860c8706704ee9461f6196e69ed23365c27d9f12864a4d59f3b32df9cefd
              • Instruction ID: bf157d1e2034aed6588efa54d7ecc932e24e177caee82c8a9c7eb18338567a22
              • Opcode Fuzzy Hash: 8b73860c8706704ee9461f6196e69ed23365c27d9f12864a4d59f3b32df9cefd
              • Instruction Fuzzy Hash: DF718D72508F44AADF25DB70CD41AEBB7E8AF14301F44896EF5AB87242DA316A48DF11
              Function 00A3837F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A38384
                • Part of subcall function 00A31380: __EH_prolog.LIBCMT ref: 00A31385
                • Part of subcall function 00A31380: new.LIBCMT ref: 00A313FE
                • Part of subcall function 00A319A6: __EH_prolog.LIBCMT ref: 00A319AB
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 020ed0be2d3e47a90ac7f1b41dddf8dfc19c721e97081ab8544300cb0418dcfa
              • Instruction ID: 1c8a655253a70ea56bff27756b36bce8f39b7b058e50e8fc8826720d9d4f17b7
              • Opcode Fuzzy Hash: 020ed0be2d3e47a90ac7f1b41dddf8dfc19c721e97081ab8544300cb0418dcfa
              • Instruction Fuzzy Hash: A941A0318407589ADF20EB60CD55BEAB3B8AF50300F0440EAF58AA7493DF796EC8DB50
              Function 00A31E00 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A31E05
                • Part of subcall function 00A33B3D: __EH_prolog.LIBCMT ref: 00A33B42
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 19a350676d830b66b77446bda459c10eb1e8ea1d0357686213bb8e3264882446
              • Instruction ID: f01e91eaf4f44bc9016d2e6b1f6350dd43a9487ac44546469e784be5ceb61fb6
              • Opcode Fuzzy Hash: 19a350676d830b66b77446bda459c10eb1e8ea1d0357686213bb8e3264882446
              • Instruction Fuzzy Hash: 032128729041089FCB11EFA8DA519EEBBF5BF58300F2000ADF845A7251CB325E14CB60
              Function 00A4A7C3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A4A7C8
                • Part of subcall function 00A31380: __EH_prolog.LIBCMT ref: 00A31385
                • Part of subcall function 00A31380: new.LIBCMT ref: 00A313FE
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: e71b4c32e2396d8dd7b912b8fb0a7855d330794ec528943974a28b725cad576c
              • Instruction ID: 1fd1b45a94e0d7e62b5d95ede75f210e73524568013acf7a9565f2187accd273
              • Opcode Fuzzy Hash: e71b4c32e2396d8dd7b912b8fb0a7855d330794ec528943974a28b725cad576c
              • Instruction Fuzzy Hash: B3217C75C042499ECF15DF94CA429EEB7B4FF59300F0004AEF809A7202DB356E06CBA1
              Function 00A392E6 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 08399adf3bae075391d7d0e43fe1e23119195c9c7588b14c2cd8037abeb62b46
              • Instruction ID: caa6ff6ee0d1cdb452f01d6156986a0389437c3278aa77aeea8f7ef85ba324ca
              • Opcode Fuzzy Hash: 08399adf3bae075391d7d0e43fe1e23119195c9c7588b14c2cd8037abeb62b46
              • Instruction Fuzzy Hash: B21161B3E005289BCF26AFA8CD919DEB736FF88750F054119F815BB251DB758D1087A0
              Function 00A3AA88 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
              • Instruction ID: 88545e2a4f104cf8b6c7b8335b0975da6343242abc7ef87c8e3d1a5c2c741eac
              • Opcode Fuzzy Hash: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
              • Instruction Fuzzy Hash: C3F08C329047259FDB30DB75CA45A16B7E8EB21360F20891AF4D6C2680E770D880C782
              Function 00A35BD7 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A35BDC
                • Part of subcall function 00A3B07D: __EH_prolog.LIBCMT ref: 00A3B082
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: 350e8a587b59365b3d7e0ac1dd86f09b9835d3367fc97c56210f51d16581af9f
              • Instruction ID: 417259940a1b870fc84821dd736ea7f1b09ec62bcfbb3c567d72d4d0c6cabc1a
              • Opcode Fuzzy Hash: 350e8a587b59365b3d7e0ac1dd86f09b9835d3367fc97c56210f51d16581af9f
              • Instruction Fuzzy Hash: ED016D34A25684DEC725F7B8C2553DDFBA49F1AB00F50419DF86A53383CBB41B08C6A2
              Function 00A58518 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5C13D,00000000,?,00A567E2,?,00000008,?,00A589AD,?,?,?), ref: 00A5854A
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 15bbc9bf28f6c077cb4f11fd098266fce376247f0df742cfb6009c9c6d5e3f81
              • Instruction ID: f09137f1a48bdc7be24d8fb811d56d6f6d7da4d3cf989aa1d6de2edce2f2a2f4
              • Opcode Fuzzy Hash: 15bbc9bf28f6c077cb4f11fd098266fce376247f0df742cfb6009c9c6d5e3f81
              • Instruction Fuzzy Hash: F3E0E5316401219AEB312B695C00B9A379CBF617F3F140210FD14B6090EF38CC0D45E5
              Function 00A3A4C6 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
              Download Yara Rule
              APIs
              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00A3A4F5
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CloseFind
              • String ID:
              • API String ID: 1863332320-0
              • Opcode ID: 40df6d80329e06ea31bd9c5fa8739b4640505f5b55f8669947d5cbdb854e874a
              • Instruction ID: d4bfa99e5acd471104463435e61a4537545578dc4f81fef50d1bcf00ca620c82
              • Opcode Fuzzy Hash: 40df6d80329e06ea31bd9c5fa8739b4640505f5b55f8669947d5cbdb854e874a
              • Instruction Fuzzy Hash: 11F089354097A0AACA225BB88904BD6BBA16F26371F04CA49F1FD12192C2B554969723
              Function 00A4067C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
              Download Yara Rule
              APIs
              • SetThreadExecutionState.KERNEL32(00000001), ref: 00A406B1
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ExecutionStateThread
              • String ID:
              • API String ID: 2211380416-0
              • Opcode ID: 095d51a5220d3cbe01dcafee6722ec67729becf9196965a8d9b0d6be273d653c
              • Instruction ID: 66b870535b6455675c2c9076fb31f9b91edc3cea5f920bef177e57a42a0760d5
              • Opcode Fuzzy Hash: 095d51a5220d3cbe01dcafee6722ec67729becf9196965a8d9b0d6be273d653c
              • Instruction Fuzzy Hash: FCD0122960416065DA217B64AE09BFE1A564FC3B10F1E4065F50E975868A9608CB66A2
              Function 00A49D7B Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
              Download Yara Rule
              APIs
              • GdipAlloc.GDIPLUS(00000010), ref: 00A49D81
                • Part of subcall function 00A49B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00A49B30
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Gdip$AllocBitmapCreateFromStream
              • String ID:
              • API String ID: 1915507550-0
              • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
              • Instruction ID: 08c9f9415ccd847ee948b7ffce8aad55f08da1072cc37ffc879799aa1e7631a9
              • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
              • Instruction Fuzzy Hash: 55D0C77465420D7ADF41BF759D0297BBBA9EB84350F108165BC0886151FE71DE30A661
              Function 00A39989 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(000000FF,00A39887), ref: 00A39995
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 20afa36dd3f1a7674fd0a95b9e4365e1efb5603bd68be2748ae2eda9ef9a6e73
              • Instruction ID: 202b1c4480097314c719437afd96762b21edad55198a1c3a2d9e335e16736fd4
              • Opcode Fuzzy Hash: 20afa36dd3f1a7674fd0a95b9e4365e1efb5603bd68be2748ae2eda9ef9a6e73
              • Instruction Fuzzy Hash: B0D01232411141958F6187344D092DB7761DB83366F38C6E8F025C40B1D763C903F541
              Function 00A4D41A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
              Download Yara Rule
              APIs
              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 00A4D43F
                • Part of subcall function 00A4AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4AC85
                • Part of subcall function 00A4AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4AC96
                • Part of subcall function 00A4AC74: IsDialogMessageW.USER32(00010448,?), ref: 00A4ACAA
                • Part of subcall function 00A4AC74: TranslateMessage.USER32(?), ref: 00A4ACB8
                • Part of subcall function 00A4AC74: DispatchMessageW.USER32(?), ref: 00A4ACC2
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Message$DialogDispatchItemPeekSendTranslate
              • String ID:
              • API String ID: 897784432-0
              • Opcode ID: 48054da682b5e8293d63febb743674477cfe4a12911ef193e3fe0acd095d7e30
              • Instruction ID: 05ac01e15df29c49edfebdaa63700ae2caa34693a51acd05c3b7892d70638757
              • Opcode Fuzzy Hash: 48054da682b5e8293d63febb743674477cfe4a12911ef193e3fe0acd095d7e30
              • Instruction Fuzzy Hash: B7D09E35144300BBDA116B91CF06F0F7AA6AB98B04F004654B348740B18A629D319B16
              Function 00A4D8AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 804ee51837ec3359964154ca1fe9a8aa4fc0b765856a95f1f81fc200b44a6fa6
              • Instruction ID: 9aa79b6b788269f67cde6810b605b0f1d83d317e08d609cd949ec2b20a5a30cf
              • Opcode Fuzzy Hash: 804ee51837ec3359964154ca1fe9a8aa4fc0b765856a95f1f81fc200b44a6fa6
              • Instruction Fuzzy Hash: F8B012BD37D101BC350861046E52E3B026CE5C1B10330491AB109D40C1D5405C480631
              Function 00A4D8B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 291bca9dfbedc36e662f396569960dd7cb175feb621303c71d2df7d36dcade1d
              • Instruction ID: cd8258973112b274513230a7b4158a455e92d84f2211f2b41568904f587606a4
              • Opcode Fuzzy Hash: 291bca9dfbedc36e662f396569960dd7cb175feb621303c71d2df7d36dcade1d
              • Instruction Fuzzy Hash: CDB012BD37C001BC310861046E12E36026CC5C2B10330C95AB409D41C1D5405C4D0531
              Function 00A4D891 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 1a302a315a9f5a82c5b197b79a25493aff846f264c14b43fd0fe98a7f34d34e3
              • Instruction ID: 765a38b2877b8cc575b09f964ab9c5c96164cdd37a111d39650679183a6385f9
              • Opcode Fuzzy Hash: 1a302a315a9f5a82c5b197b79a25493aff846f264c14b43fd0fe98a7f34d34e3
              • Instruction Fuzzy Hash: 89B012BD37C301BC390821006E62D3B022CC5C1B103304E6BB109E40C1D5405C8C4431
              Function 00A4D8E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: bdafce3ef5cb6db696c5d17870be7dc91a5218c691878239d15ab76997ffba40
              • Instruction ID: 8616d22a9dab8cd0086c4cc3e9b6d67bf59a6b000b5fdae1a6bc5fc43aa8940a
              • Opcode Fuzzy Hash: bdafce3ef5cb6db696c5d17870be7dc91a5218c691878239d15ab76997ffba40
              • Instruction Fuzzy Hash: 9BB012B937C101BC314861086E12E36026CC5C1B103304A1BB00DD40C1D5405C880531
              Function 00A4D8F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: afc51e7d45a37cfaa683c725af71c08b927b9a51521243da4cf4fcc87cd2a536
              • Instruction ID: ff194f7cad3bbac38c7f32bd7a82096276625581ef4fbe14630f52e884c4f2b3
              • Opcode Fuzzy Hash: afc51e7d45a37cfaa683c725af71c08b927b9a51521243da4cf4fcc87cd2a536
              • Instruction Fuzzy Hash: 04B012B937C001BC310C61086F12E36026CC5C1B10330491AB00DD40C1D5405D4D0531
              Function 00A4D8FC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 445b4ffa69532b69993838a124fcd43d6b70d98c5b4d25f129a8b56fe7f58268
              • Instruction ID: 42383f0796a7971f2032c283e53be4fa0a880d7cc1e9b5057a7b8d0c56584d4f
              • Opcode Fuzzy Hash: 445b4ffa69532b69993838a124fcd43d6b70d98c5b4d25f129a8b56fe7f58268
              • Instruction Fuzzy Hash: 05B012B937D001BC310C61096E12E36026CD5C1B10330491AB00DD40D1D5405C480531
              Function 00A4D8C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 5bba98557b880fb05c99130c6b9528a72cfbcc97a85a6832d99e8fa5362c1d14
              • Instruction ID: 708cd0167b66ad1ac573b5f870f532f4f73ca7e13010e353dd88c26350c1a1f5
              • Opcode Fuzzy Hash: 5bba98557b880fb05c99130c6b9528a72cfbcc97a85a6832d99e8fa5362c1d14
              • Instruction Fuzzy Hash: 94B012BD37C101BC314861046E12E36026CC5C1B103308A5BB009D41C1D5405CCD0531
              Function 00A4D8CA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: fb1f52c85ecd70728ed9e7cbb606ee02e5bde23cb637b7109c7863e89e541742
              • Instruction ID: 344d423e7ca9b22a1e4fe25d97ca0ea5f142a4c667c15257306dca8e987ff706
              • Opcode Fuzzy Hash: fb1f52c85ecd70728ed9e7cbb606ee02e5bde23cb637b7109c7863e89e541742
              • Instruction Fuzzy Hash: F2B012BD37C001BC310C61046F12E36026CC5C1B10330895AB009D41C1D5405C4E0531
              Function 00A4D8DE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 418ce59bf5bda642f0d5959c805ca3e0c4ca992aa2660dbafd74048a241a9e66
              • Instruction ID: dbc803f37a3082ca5519e91f1241c2b0452ad913f476dd72e6bcdc6dc42b9c63
              • Opcode Fuzzy Hash: 418ce59bf5bda642f0d5959c805ca3e0c4ca992aa2660dbafd74048a241a9e66
              • Instruction Fuzzy Hash: EEB012B937C001BC310861086E12E36026CC5C2B10330891AB40DD40C1D5405C480531
              Function 00A4D924 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 12b1d45818f889bbe2988c0acdc13e9e2407171c2294cd188adfef88784e5109
              • Instruction ID: fb1d6d767279af346b9409bea2b12e918f5af2e653068ef105813ccc13352d11
              • Opcode Fuzzy Hash: 12b1d45818f889bbe2988c0acdc13e9e2407171c2294cd188adfef88784e5109
              • Instruction Fuzzy Hash: 3CB012B937E001BC311861046E12E3A02ADD9C1B10730491AB009D40C1D9405C480531
              Function 00A4D92E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 7239d4a9fde677f9da85bd2f05272cd9e43feb4964ea2caaf6d3e1d45953b435
              • Instruction ID: c5731460b4e9e9ba6202bb3fb48de7393939bd12ecbf96cce8d2c3f658cdc87f
              • Opcode Fuzzy Hash: 7239d4a9fde677f9da85bd2f05272cd9e43feb4964ea2caaf6d3e1d45953b435
              • Instruction Fuzzy Hash: A4B012B937C001BC310861146E12E3602ACC5C2B10330891AB509D40C1D7405C480531
              Function 00A4D906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f9b6ac29b24bf0d9dc38c0fcfc9fc679f3fdd101de3b9630b8320556ff9b3d2e
              • Instruction ID: 02560519956a07c8686420e8bc85fcc62856bfd7701e0bb0347aa1730aec5304
              • Opcode Fuzzy Hash: f9b6ac29b24bf0d9dc38c0fcfc9fc679f3fdd101de3b9630b8320556ff9b3d2e
              • Instruction Fuzzy Hash: B3B012B937D001BC311861046E12E36026DC5C2B10730891AB409D40C1D9405C480531
              Function 00A4D910 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 91f3d5541dc9813c15c25375882154ddabf7b83bb12937e3d4bf1c09608097c7
              • Instruction ID: 409a81233d3ef7dc9f5aefe8f8b303f8c6568bdda73814cd4c0facf795dac28b
              • Opcode Fuzzy Hash: 91f3d5541dc9813c15c25375882154ddabf7b83bb12937e3d4bf1c09608097c7
              • Instruction Fuzzy Hash: 82B012B937D101BC315862046E12E36026DC5C1B107304A1BB009D40C1D9405C880531
              Function 00A4D942 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 6d05f3d5ff364edc1193515b2ca23c14346ac7bc39be8f4881e8eb665cf5b6f1
              • Instruction ID: 9026e00b275ccce0547eab50ade2aad6c72b526512baf9e519404b178d7ffa39
              • Opcode Fuzzy Hash: 6d05f3d5ff364edc1193515b2ca23c14346ac7bc39be8f4881e8eb665cf5b6f1
              • Instruction Fuzzy Hash: 4CB012B937C001BC310C61046F12E3602ECC5C1B10730491AB009D40C1D6405C4D0531
              Function 00A4DACF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 1e0af5ccf991ad44f073f4223dc42bbc0c4b8091e45d9d9f09a8b261f13bb6bb
              • Instruction ID: 5fe65369b8da7160beba55a0a4dfa3a20d379b3439f0cab1d564910aa581ba3f
              • Opcode Fuzzy Hash: 1e0af5ccf991ad44f073f4223dc42bbc0c4b8091e45d9d9f09a8b261f13bb6bb
              • Instruction Fuzzy Hash: DAB012B937C001FC310871096E12E3A02ACC1C0B10330C92BB409C8145E4844C494531
              Function 00A4DAD9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e8227c757c4f1e160a8d7c0277ac646d543c836747eed7af06016fefaff18aed
              • Instruction ID: 311660bf038a29f403bcf2f7af1781c82460d40f11578b0086de6f875130fe8f
              • Opcode Fuzzy Hash: e8227c757c4f1e160a8d7c0277ac646d543c836747eed7af06016fefaff18aed
              • Instruction Fuzzy Hash: 53B012AD37D001BC310871066E12F3E02BCD1C5B103308D2BB009C8145D4804C4E4531
              Function 00A4DBE8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f474451940acdb68ae6d06751ddd7a4c5a362e51b412699b1399b8e2aee40cce
              • Instruction ID: 166e59989204e884dcbd67e50097f3794615d73c714c798a3e5ab7fb7c27731f
              • Opcode Fuzzy Hash: f474451940acdb68ae6d06751ddd7a4c5a362e51b412699b1399b8e2aee40cce
              • Instruction Fuzzy Hash: 94B012AD37C002FC310C51042E17E77027CD1C0F10330881FB409C5481D9414C4D5131
              Function 00A4DBFC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: ef5f270f43f8ab9bd2e4eb89f9c26a9b4375fc3f6a2ccdd34b0ad50cd4bc34a2
              • Instruction ID: 21130ed00b0e34d436a9f1a25bbbda66978613016c462761e952b1bfc3a98e4a
              • Opcode Fuzzy Hash: ef5f270f43f8ab9bd2e4eb89f9c26a9b4375fc3f6a2ccdd34b0ad50cd4bc34a2
              • Instruction Fuzzy Hash: FEB012AD37C002BC310C51042F17E77027CD1C0F10330881FB109C4481D9424C4E5131
              Function 00A4DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 34c16e7f76f731e862cb587a337fdd34d99cb113713286249509dca614dc1ebc
              • Instruction ID: 9413a61a420065347fe44f5fb8cd6cb00d56a2ec1f6ca29791d59930453e1c52
              • Opcode Fuzzy Hash: 34c16e7f76f731e862cb587a337fdd34d99cb113713286249509dca614dc1ebc
              • Instruction Fuzzy Hash: D4B012AD37C106BC320811002E17D77023CD1C0F10330492FB005D4481D9414C8D5031
              Function 00A4DBDE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 2d814b5e9cd4167f68a144746e7e452197e6e68f2c76362d822411870021e021
              • Instruction ID: b2fd5b94b2bb6a85fa4a7ddf107488dc50beb38bdb6354093aa597c3ded029b8
              • Opcode Fuzzy Hash: 2d814b5e9cd4167f68a144746e7e452197e6e68f2c76362d822411870021e021
              • Instruction Fuzzy Hash: EDB012AD3BD001BC310851142E17F76027CE1C0F10330482FB00AC0481D9404C4D5131
              Function 00A4DB01 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 263297fb7c2de1860db81240be59435a68991df8bb83c246adecbaf727fbd90b
              • Instruction ID: 7a9d5b060ca87318ee3f79f6ec5ddc36df9e1151d5398d456a61db9743705989
              • Opcode Fuzzy Hash: 263297fb7c2de1860db81240be59435a68991df8bb83c246adecbaf727fbd90b
              • Instruction Fuzzy Hash: DEB012A93BD101BC750871056E12F3A02ACE1C0B103304A3BB009C8149D4804C494631
              Function 00A4DC24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DC36
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 0fbf8bc9001bf68cc9f77a169bbbd4b86b95d60f9327d06ff5352c5b97ee1304
              • Instruction ID: d550c5beed076b45e4f50b1c62838a4fc2ecba0b2ee670bd58d1783f64d05a6a
              • Opcode Fuzzy Hash: 0fbf8bc9001bf68cc9f77a169bbbd4b86b95d60f9327d06ff5352c5b97ee1304
              • Instruction Fuzzy Hash: 9BB012BD77C201BC310C21106F22D36033CC2C0B103304F1BB105E0041A5805C885031
              Function 00A4DC53 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DC36
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f771c966da2b2613aefc2caae306531c84314ecaee53adfcba32f54690d75fac
              • Instruction ID: b81a0a8449338987f07b34e330a8e64dc10be99d60ab5e1c45154e9d7c447681
              • Opcode Fuzzy Hash: f771c966da2b2613aefc2caae306531c84314ecaee53adfcba32f54690d75fac
              • Instruction Fuzzy Hash: 63B012BD77C101BC310C61146E22E36037CC1C5B103308E1BB509D0041E5805C484131
              Function 00A4DC5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DC36
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 7cfce920b04c9ce83b1323416e79e71a9e873cd425b85ad791dffa8768e9c57a
              • Instruction ID: 90cac32f579ca3ba571a919ede71ea9d07da5b328cd706c168eae2efe6de9e7b
              • Opcode Fuzzy Hash: 7cfce920b04c9ce83b1323416e79e71a9e873cd425b85ad791dffa8768e9c57a
              • Instruction Fuzzy Hash: 9FB012BD77D201BC350C61146E22E36037CD1C0B103304E1BB109D0051E5805C484131
              Function 00A4D8D9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: ac7d91e7cc8dc4489ea5ff39e2120c523661841c4d44440ab5af9ca2e5acd1c6
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: ac7d91e7cc8dc4489ea5ff39e2120c523661841c4d44440ab5af9ca2e5acd1c6
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D983 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 79169d1fc5106bed7f5827942b69edd23201c144cac01cce10bd3fbd458a2c43
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: 79169d1fc5106bed7f5827942b69edd23201c144cac01cce10bd3fbd458a2c43
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D98D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e1eeba1602874292013aa66fee07465158853753871837305f14c0dea0f8806b
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: e1eeba1602874292013aa66fee07465158853753871837305f14c0dea0f8806b
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D997 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f85a513b70bf709fd742aa6f2780df301b7a2967ed17dd9c994870c24dae7455
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: f85a513b70bf709fd742aa6f2780df301b7a2967ed17dd9c994870c24dae7455
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D93D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e6297623619c44da313c163c8d3a722d03453427540588f2f98d48947df0e84a
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: e6297623619c44da313c163c8d3a722d03453427540588f2f98d48947df0e84a
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D91F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 4b357a4b24963507e32767ae4ef617e2844f848c8d477cac8d6c87f1bd96be49
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: 4b357a4b24963507e32767ae4ef617e2844f848c8d477cac8d6c87f1bd96be49
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D965 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 99e2dcf413037edd340c6298beed8197bb531bb138ffbbfd1f18d560d98accf3
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: 99e2dcf413037edd340c6298beed8197bb531bb138ffbbfd1f18d560d98accf3
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D96F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 27657cffa752bf18c3403eb193f70256a07f38122821abc4b7a8e4dbaad96665
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: 27657cffa752bf18c3403eb193f70256a07f38122821abc4b7a8e4dbaad96665
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D979 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: dd1cd02f1d2840715a3e596283ec3965172878170714eb49b1b9690c18e33f40
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: dd1cd02f1d2840715a3e596283ec3965172878170714eb49b1b9690c18e33f40
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D951 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: d485cfea52ed2409338a0500a5ead8318f811612f913e8de1e03637f6a7ae663
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: d485cfea52ed2409338a0500a5ead8318f811612f913e8de1e03637f6a7ae663
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4D95B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4D8A3
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 593a4f475641fdb321943cfa689affb0a4781c047578c0085e150f31375f9ba2
              • Instruction ID: 7195ffc0f3608e8adf31efaab642cc1119161fe3ba0ec391b4a6283e0382dda4
              • Opcode Fuzzy Hash: 593a4f475641fdb321943cfa689affb0a4781c047578c0085e150f31375f9ba2
              • Instruction Fuzzy Hash: A0A001AA6BD502BC31186251AE66D3A022CD9C6B617308D5AB44AE84C2AA8068895831
              Function 00A4DAA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: f93d6d0a0ce33fe7ffa01fc60470f02d27db684a193ea85ef3e647228f967e8c
              • Instruction ID: 2a2bac670ada5bc7f1ee141e1b09c0a2ac2e9bccf38e99f085cb22c9df39c717
              • Opcode Fuzzy Hash: f93d6d0a0ce33fe7ffa01fc60470f02d27db684a193ea85ef3e647228f967e8c
              • Instruction Fuzzy Hash: 91A002A927D5017C71587151AE16D3A026CD5D1B51330491AB406D8545558458495431
              Function 00A4DAE8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 2b007ff121421bdfe30e1eee989407c8bc502cdb4cf17ac3d112470e80c1d929
              • Instruction ID: eccb25e93eef08f7eab32f7c4d8846655b38f0b706ec8ca18f41ca826c3fe685
              • Opcode Fuzzy Hash: 2b007ff121421bdfe30e1eee989407c8bc502cdb4cf17ac3d112470e80c1d929
              • Instruction Fuzzy Hash: B5A001AA2BD102BC71187252AE26D3A026CD5C5BA13308E2AB40AD858AA984588A5831
              Function 00A4DAF2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 3b291fa9b7a91a69df4fa97f0b12b7b4b07cca4e454c846bf39857d579c0365d
              • Instruction ID: eccb25e93eef08f7eab32f7c4d8846655b38f0b706ec8ca18f41ca826c3fe685
              • Opcode Fuzzy Hash: 3b291fa9b7a91a69df4fa97f0b12b7b4b07cca4e454c846bf39857d579c0365d
              • Instruction Fuzzy Hash: B5A001AA2BD102BC71187252AE26D3A026CD5C5BA13308E2AB40AD858AA984588A5831
              Function 00A4DAFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 34c8bf3c35152452a9793393d323e49c01756829fb86253e16e8f5a85f318ed5
              • Instruction ID: eccb25e93eef08f7eab32f7c4d8846655b38f0b706ec8ca18f41ca826c3fe685
              • Opcode Fuzzy Hash: 34c8bf3c35152452a9793393d323e49c01756829fb86253e16e8f5a85f318ed5
              • Instruction Fuzzy Hash: B5A001AA2BD102BC71187252AE26D3A026CD5C5BA13308E2AB40AD858AA984588A5831
              Function 00A4DAC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e125f10c6f373034810c2510dc074f0fcd71fd3371c3582acca26ff5081e27d0
              • Instruction ID: eccb25e93eef08f7eab32f7c4d8846655b38f0b706ec8ca18f41ca826c3fe685
              • Opcode Fuzzy Hash: e125f10c6f373034810c2510dc074f0fcd71fd3371c3582acca26ff5081e27d0
              • Instruction Fuzzy Hash: B5A001AA2BD102BC71187252AE26D3A026CD5C5BA13308E2AB40AD858AA984588A5831
              Function 00A4DACA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DAB2
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: bf1b25838b87c88749a54223950bb432f720ed067301d52888a8c7ee7b2424b2
              • Instruction ID: eccb25e93eef08f7eab32f7c4d8846655b38f0b706ec8ca18f41ca826c3fe685
              • Opcode Fuzzy Hash: bf1b25838b87c88749a54223950bb432f720ed067301d52888a8c7ee7b2424b2
              • Instruction Fuzzy Hash: B5A001AA2BD102BC71187252AE26D3A026CD5C5BA13308E2AB40AD858AA984588A5831
              Function 00A4DBF7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 8dec144e9b5d80e5fe3e09319bb1d4ce6380e20c1633c7487fd40e4eff5cb5c0
              • Instruction ID: 4027701e84399ce9d9766ff50675cf68eee04ed7d06581a56ab75478b4386244
              • Opcode Fuzzy Hash: 8dec144e9b5d80e5fe3e09319bb1d4ce6380e20c1633c7487fd40e4eff5cb5c0
              • Instruction Fuzzy Hash: 74A001AE2BD106BC311866516E2BDBA023CE5C5F613318D1EB50AD4482EA915C8A6431
              Function 00A4DC0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 4c56bde7ec444b3e7280c67723346bc6fa10f5b5906ee55f981391fc843282a9
              • Instruction ID: 4027701e84399ce9d9766ff50675cf68eee04ed7d06581a56ab75478b4386244
              • Opcode Fuzzy Hash: 4c56bde7ec444b3e7280c67723346bc6fa10f5b5906ee55f981391fc843282a9
              • Instruction Fuzzy Hash: 74A001AE2BD106BC311866516E2BDBA023CE5C5F613318D1EB50AD4482EA915C8A6431
              Function 00A4DC15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 22074938211d5a9514f431df6541cdec7d4f6b179cca75b803424fecd9863ddb
              • Instruction ID: 4027701e84399ce9d9766ff50675cf68eee04ed7d06581a56ab75478b4386244
              • Opcode Fuzzy Hash: 22074938211d5a9514f431df6541cdec7d4f6b179cca75b803424fecd9863ddb
              • Instruction Fuzzy Hash: 74A001AE2BD106BC311866516E2BDBA023CE5C5F613318D1EB50AD4482EA915C8A6431
              Function 00A4DC1F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DBD5
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: b3ecbf3491bc5cdfc571a86d38a3bcfd58ea0e333155d5b42e4b618623629f85
              • Instruction ID: 4027701e84399ce9d9766ff50675cf68eee04ed7d06581a56ab75478b4386244
              • Opcode Fuzzy Hash: b3ecbf3491bc5cdfc571a86d38a3bcfd58ea0e333155d5b42e4b618623629f85
              • Instruction Fuzzy Hash: 74A001AE2BD106BC311866516E2BDBA023CE5C5F613318D1EB50AD4482EA915C8A6431
              Function 00A4DC44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DC36
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: e6b307f48c338e2f36167f4697135c4fad0293c1185f6d86912daddd86b2223a
              • Instruction ID: c276acac37bcd8437ea211487d97df3434e388fe07f6e87c7d15bda62eb17e4e
              • Opcode Fuzzy Hash: e6b307f48c338e2f36167f4697135c4fad0293c1185f6d86912daddd86b2223a
              • Instruction Fuzzy Hash: 5CA001BEABD202BC311C62616E66D7A033CD5C5B613308D1AB50AE4492AA816C899431
              Function 00A4DC4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
              Download Yara Rule
              APIs
              • ___delayLoadHelper2@8.DELAYIMP ref: 00A4DC36
                • Part of subcall function 00A4DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4DFD6
                • Part of subcall function 00A4DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4DFE7
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
              • String ID:
              • API String ID: 1269201914-0
              • Opcode ID: 8f00615d96cfdc8fd4c473ced8a670f17ca849ba7e425930746ff4d6adc3c794
              • Instruction ID: c276acac37bcd8437ea211487d97df3434e388fe07f6e87c7d15bda62eb17e4e
              • Opcode Fuzzy Hash: 8f00615d96cfdc8fd4c473ced8a670f17ca849ba7e425930746ff4d6adc3c794
              • Instruction Fuzzy Hash: 5CA001BEABD202BC311C62616E66D7A033CD5C5B613308D1AB50AE4492AA816C899431
              Function 00A39EBF Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
              Download Yara Rule
              APIs
              • SetEndOfFile.KERNELBASE(?,00A39104,?,?,-00001964), ref: 00A39EC2
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: File
              • String ID:
              • API String ID: 749574446-0
              • Opcode ID: dca105f3bab105f904bb9cc9508d43d7385317c093abb0e426d375c4d8184028
              • Instruction ID: b25ffe1ce5d0dddabef5dab2ea8f0cdc94e5fab2a72f177ffcbc0061e0ec64f4
              • Opcode Fuzzy Hash: dca105f3bab105f904bb9cc9508d43d7385317c093abb0e426d375c4d8184028
              • Instruction Fuzzy Hash: D9B011320AA00A8A8E002B30CE088283A30EA2230A30282A0A002CA0A0CB22C00BAA00
              Function 00A4A322 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?,00A4A587,C:\Users\user\Desktop,00000000,00A7946A,00000006), ref: 00A4A326
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: 3bd61c0cbd70b7695cffa896cf555737f00554888e40c002a65cfa39a8edef32
              • Instruction ID: 87a6babe87a9339e39e8d9deb348f69bd8b81fbedcfe739c41333f979d9dc971
              • Opcode Fuzzy Hash: 3bd61c0cbd70b7695cffa896cf555737f00554888e40c002a65cfa39a8edef32
              • Instruction Fuzzy Hash: 4EA01231194006578E004B30CC09C1576605761702F008720B002C00A0CB308815A500
              Function 00A396D0 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(000000FF,?,?,00A3968F,?,?,?,?,00A61FA1,000000FF), ref: 00A396EB
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: aa9b465c523f7c255b0d42749fe6c11538147903c1045841a1235f00f9acdcf1
              • Instruction ID: 8fc4c10986dd08469c3b04ef075f20f197bac770f4f10a60a7f9a1c0461f1f8b
              • Opcode Fuzzy Hash: aa9b465c523f7c255b0d42749fe6c11538147903c1045841a1235f00f9acdcf1
              • Instruction Fuzzy Hash: 28F08231556B049FEB308B24DA49793B7E49B12735F048B1EE0FB434E0E7A1684E8F00

              Non-executed Functions

              Function 00A4B8E0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3130B: GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
                • Part of subcall function 00A3130B: SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00A4B971
              • EndDialog.USER32(?,00000006), ref: 00A4B984
              • GetDlgItem.USER32(?,0000006C), ref: 00A4B9A0
              • SetFocus.USER32(00000000), ref: 00A4B9A7
              • SetDlgItemTextW.USER32(?,00000065,?), ref: 00A4B9E1
              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00A4BA18
              • FindFirstFileW.KERNEL32(?,?), ref: 00A4BA2E
              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A4BA4C
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A4BA5C
              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00A4BA78
              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00A4BA94
              • _swprintf.LIBCMT ref: 00A4BAC4
                • Part of subcall function 00A3400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A3401D
              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00A4BAD7
              • FindClose.KERNEL32(00000000), ref: 00A4BADE
              • _swprintf.LIBCMT ref: 00A4BB37
              • SetDlgItemTextW.USER32(?,00000068,?), ref: 00A4BB4A
              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00A4BB67
              • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00A4BB87
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A4BB97
              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00A4BBB1
              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00A4BBC9
              • _swprintf.LIBCMT ref: 00A4BBF5
              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00A4BC08
              • _swprintf.LIBCMT ref: 00A4BC5C
              • SetDlgItemTextW.USER32(?,00000069,?), ref: 00A4BC6F
                • Part of subcall function 00A4A63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00A4A662
                • Part of subcall function 00A4A63C: GetNumberFormatW.KERNEL32(00000400,00000000,?,00A6E600,?,?), ref: 00A4A6B1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
              • API String ID: 797121971-1840816070
              • Opcode ID: 1dc24f0ee09e6123da2ccdb18a9988bde631e43a85d129da83cdfb278c16783b
              • Instruction ID: 4b4279892bbbe5ade428369c22040aff73dddc3f5c4b27cf945e6d1731cb28d6
              • Opcode Fuzzy Hash: 1dc24f0ee09e6123da2ccdb18a9988bde631e43a85d129da83cdfb278c16783b
              • Instruction Fuzzy Hash: BC917372248348BBD621DBA0DD89FFB77ACEB8A704F040919F749D2091DB75EA058772
              Function 00A3718C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A37191
              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 00A372F1
              • CloseHandle.KERNEL32(00000000), ref: 00A37301
                • Part of subcall function 00A37BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A37C04
                • Part of subcall function 00A37BF5: GetLastError.KERNEL32 ref: 00A37C4A
                • Part of subcall function 00A37BF5: CloseHandle.KERNEL32(?), ref: 00A37C59
              • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 00A3730C
              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00A3741A
              • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 00A37446
              • CloseHandle.KERNEL32(?), ref: 00A37457
              • GetLastError.KERNEL32 ref: 00A37467
              • RemoveDirectoryW.KERNEL32(?), ref: 00A374B3
              • DeleteFileW.KERNEL32(?), ref: 00A374DB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
              • API String ID: 3935142422-3508440684
              • Opcode ID: 0d8447416a72bef59e24b74e632d4bafc17181cb6e33dddbb36b47b419d3a5e3
              • Instruction ID: 3191ea21dda73afee95060595646418e632537d00839b0d71c0f4d9c573fde5c
              • Opcode Fuzzy Hash: 0d8447416a72bef59e24b74e632d4bafc17181cb6e33dddbb36b47b419d3a5e3
              • Instruction Fuzzy Hash: 88B1C0B1904215ABDF21DFA4DD41FEEB7B8BF04300F0445A9F94AE7142EB74AA49CB61
              Function 00A33281 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 608COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog_memcmp
              • String ID: CMT$h%u$hc%u
              • API String ID: 3004599000-3282847064
              • Opcode ID: 724173f4b659c956dfc67c6f9f43f3fce7390af710baaf05b69d8a64bc7a0214
              • Instruction ID: 9a4061c9e63f067eb98dbd2a77da60ec8086eab4315aa1ffb3fa4c125bc5519b
              • Opcode Fuzzy Hash: 724173f4b659c956dfc67c6f9f43f3fce7390af710baaf05b69d8a64bc7a0214
              • Instruction Fuzzy Hash: 4132C3725147849FDF14DF74C996AEA3BA5AF54300F04447EFD8ACB282DB74AA48CB60
              Function 00A5D00E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: __floor_pentium4
              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
              • API String ID: 4168288129-2761157908
              • Opcode ID: 84f56279f0c928fd130b5c507db52bcfe8456a1b1584888cdb5f87a16b29c891
              • Instruction ID: 5f906cd6f839737c79016990ac3218f626b4c11d189c1320422f25c643072be5
              • Opcode Fuzzy Hash: 84f56279f0c928fd130b5c507db52bcfe8456a1b1584888cdb5f87a16b29c891
              • Instruction Fuzzy Hash: 9FC20871E086288BDB39CF289D407EAB7B5FB44316F1545EAD84DE7240E774AE898F40
              Function 00A327E8 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 794COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A327F1
              • _strlen.LIBCMT ref: 00A32D7F
                • Part of subcall function 00A4137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00A3B652,00000000,?,?,?,00010448), ref: 00A41396
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A32EE0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
              • String ID: CMT
              • API String ID: 1706572503-2756464174
              • Opcode ID: 50d38c5383466e3628bbe3afaeb37648b288226ac5121459c724a49f66e897dc
              • Instruction ID: c838f3b4987a80d9fc6d2892bbb3cf176518dd6bba14ab294ee1f7154544ffa6
              • Opcode Fuzzy Hash: 50d38c5383466e3628bbe3afaeb37648b288226ac5121459c724a49f66e897dc
              • Instruction Fuzzy Hash: 6262F3729042848FDF29DF74C9857EA3BE1AF64300F08457EFD9A9B282DB74A945CB50
              Function 00A5866F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00A58767
              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00A58771
              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00A5877E
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled$DebuggerPresent
              • String ID:
              • API String ID: 3906539128-0
              • Opcode ID: 19bcfc91bc2e2618d4f3a9ad29eaaa2c64cd562c70754ca0f1e88ad4b61b31f7
              • Instruction ID: 3453912b100a284ea441f26e8cbd0fc1221f85f84382053eb95aa4fea1a3fd8f
              • Opcode Fuzzy Hash: 19bcfc91bc2e2618d4f3a9ad29eaaa2c64cd562c70754ca0f1e88ad4b61b31f7
              • Instruction Fuzzy Hash: 2B31D6B59012289BCF21DF64D988B8CB7B4BF48311F5041EAE81CA7250EB749F858F45
              Function 00A5AAA8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: .
              • API String ID: 0-248832578
              • Opcode ID: e3db041beccec87d149e820f891498583e08b561c86395d6dd13afa6ed79d6b1
              • Instruction ID: c2577a2dbd525a31c574885a5fb1edd6422f61df9137b067b7c248f8b5d69860
              • Opcode Fuzzy Hash: e3db041beccec87d149e820f891498583e08b561c86395d6dd13afa6ed79d6b1
              • Instruction Fuzzy Hash: 88310772A001096FCB24DF78CD84EFB7BBDEB95315F040298F91997251E6309D49CB91
              Function 00A5CB60 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
              • Instruction ID: 79a8ff75e77f4d9c6779a7074fc971555394c4eff1067efc874034ec7c441388
              • Opcode Fuzzy Hash: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
              • Instruction Fuzzy Hash: 08022D72E002199FDF14CFA9C8806ADBBF1FF88325F254169E919E7385D731AA45CB90
              Function 00A4A63C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
              Download Yara Rule
              APIs
              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00A4A662
              • GetNumberFormatW.KERNEL32(00000400,00000000,?,00A6E600,?,?), ref: 00A4A6B1
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FormatInfoLocaleNumber
              • String ID:
              • API String ID: 2169056816-0
              • Opcode ID: 0ab69e7d87b3d66f0e74260b47869f39fe23019b847c2b6e5b7a155887db9295
              • Instruction ID: 5e33713d3e751c97ba0741e04326d7677f48a54e7f3b31b72cb215f4a574011c
              • Opcode Fuzzy Hash: 0ab69e7d87b3d66f0e74260b47869f39fe23019b847c2b6e5b7a155887db9295
              • Instruction Fuzzy Hash: 100171BA500208BFDB10DFA5EC05FAB77BCEF19710F004522FA0497150E3B09A2687E5
              Function 00A36EC9 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
              Download Yara Rule
              APIs
              • GetLastError.KERNEL32(00A4117C,?,00000200), ref: 00A36EC9
              • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00A36EEA
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorFormatLastMessage
              • String ID:
              • API String ID: 3479602957-0
              • Opcode ID: 654c1feb994b0e8d38b828dea7726bc7a94b9da880922d2b95fdb835bcb948f6
              • Instruction ID: 9d53a6e42034a8a9209b0684972bbd6a2a9495e43c69b0d9fd4202cb18e784d2
              • Opcode Fuzzy Hash: 654c1feb994b0e8d38b828dea7726bc7a94b9da880922d2b95fdb835bcb948f6
              • Instruction Fuzzy Hash: DDD09E36288202BAEE114A748C05F267B646759B42F21C515B267DD0D0C6B0901A9615
              Function 00A61194 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A6118F,?,?,00000008,?,?,00A60E2F,00000000), ref: 00A613C1
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ExceptionRaise
              • String ID:
              • API String ID: 3997070919-0
              • Opcode ID: 5747d0c63a0617cb42d228a92c7ac3113b2cd80321b8d5ed026b995d5d708eaf
              • Instruction ID: d7c8861335cad8bc0492d5aac01962e4d1f734e8f424ebcaa1f93a7f060cfd35
              • Opcode Fuzzy Hash: 5747d0c63a0617cb42d228a92c7ac3113b2cd80321b8d5ed026b995d5d708eaf
              • Instruction Fuzzy Hash: A9B14B756106089FD719CF28C48ABA57FF0FF45364F298658E99ACF2A1C735E982CB40
              Function 00A3407E Relevance: 1.6, Strings: 1, Instructions: 332COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: gj
              • API String ID: 0-4203073231
              • Opcode ID: d2f9ae0df342b2bcdfe92e60158ee548f13324165cd2121ffef832ee3a2f7016
              • Instruction ID: c7588e1c37ed394cd9dfe55d82dd6b55217040700a624fad475e67512207941c
              • Opcode Fuzzy Hash: d2f9ae0df342b2bcdfe92e60158ee548f13324165cd2121ffef832ee3a2f7016
              • Instruction Fuzzy Hash: F3F1C1B6A083418FD748CF29D880A1AFBF1BFC8208F15892EF498D7711E774E9458B56
              Function 00A3ACF5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
              Download Yara Rule
              APIs
              • GetVersionExW.KERNEL32(?), ref: 00A3AD1A
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Version
              • String ID:
              • API String ID: 1889659487-0
              • Opcode ID: e9093973b95c90d542880d4c4ad789cc232bb76ccec1167b183605855b9c98a5
              • Instruction ID: 24cc02da6d36f19deb390523260bd3c55d13fcfdf71c87848d2a4fd173d4ee39
              • Opcode Fuzzy Hash: e9093973b95c90d542880d4c4ad789cc232bb76ccec1167b183605855b9c98a5
              • Instruction Fuzzy Hash: 8AF090B4D0021CCFCB28DF58EC51AE973B1F758301F204299E91883364D7B0AD82CE51
              Function 00A4F063 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
              Download Yara Rule
              APIs
              • SetUnhandledExceptionFilter.KERNEL32(Function_0001F070,00A4EAC5), ref: 00A4F068
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: 7a828bbc8cf71706ab0078b6283281c3091899eed4d04a183dbed874cc7262df
              • Instruction ID: 98a5293643e334dfd987d0f48968b761cb6716ada137a4401eea5954aab90e12
              • Opcode Fuzzy Hash: 7a828bbc8cf71706ab0078b6283281c3091899eed4d04a183dbed874cc7262df
              • Instruction Fuzzy Hash:
              Function 00A5B710 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: HeapProcess
              • String ID:
              • API String ID: 54951025-0
              • Opcode ID: 673ec0701d46b7309a0410eb01e9fbea8579417785f8204b5b5a0c57e0f9f8fb
              • Instruction ID: 940c703b6a41b22a767c9479cf281c104164b9ca367efe431a2c3cc258adb7bb
              • Opcode Fuzzy Hash: 673ec0701d46b7309a0410eb01e9fbea8579417785f8204b5b5a0c57e0f9f8fb
              • Instruction Fuzzy Hash: A1A002756011018B9B40CFB5590960935B965455917058255A515C5160DA6445625F01
              Function 00A45C77 Relevance: .8, Instructions: 800COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
              • Instruction ID: e70b7916525b0b84307ae78b21a47c7d76691864f8c3f7be0e36fa7b2dc4408c
              • Opcode Fuzzy Hash: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
              • Instruction Fuzzy Hash: 64621879A04B859FCB29CF38C9906B9BBE1AFD6304F04856DD89B8B346D730E945CB11
              Function 00A470BF Relevance: .8, Instructions: 773COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
              • Instruction ID: 8fd22642425efe4fa45ab40de2bb2201aef3f0c6aa2e46a9b4c14c43d5c35103
              • Opcode Fuzzy Hash: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
              • Instruction Fuzzy Hash: 176213786087869FC719CF28C9805BDFBE1BF95304F14866EE8A68B742D730E955CB81
              Function 00A3ED14 Relevance: .7, Instructions: 694COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
              • Instruction ID: 65ac0baf68b6a5f94b405c860acce9f1e1d47fe75a0daf599e743101ada1c643
              • Opcode Fuzzy Hash: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
              • Instruction Fuzzy Hash: B9523AB26087018FC718CF19C891A6AF7E1FFCC304F498A2DE98597255D734EA19CB86
              Function 00A46A7B Relevance: .5, Instructions: 509COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6154f29c8c3db2d7b75296e589107bde7733baad2637699b1c98f67adf811440
              • Instruction ID: 6edfa7b8c1f1761cb528b2ea2eeb876d22f39834266dfe2eb4f496eb35ab4f54
              • Opcode Fuzzy Hash: 6154f29c8c3db2d7b75296e589107bde7733baad2637699b1c98f67adf811440
              • Instruction Fuzzy Hash: 4812C0B57047068BC728CF28C9D06B9B3E0FF99308F14892EE597C7A81D774A895CB46
              Function 00A3BE13 Relevance: .4, Instructions: 449COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f4d3341ab7b48d18d3f42ee57a285242612573923eed91f793208d6d341492d
              • Instruction ID: e7ddfc4f105e81169f19d0904d59380d8ed0c9eef9a9ecedfacefc4e7bf4ec32
              • Opcode Fuzzy Hash: 6f4d3341ab7b48d18d3f42ee57a285242612573923eed91f793208d6d341492d
              • Instruction Fuzzy Hash: C8F19E716183418FC718DF29C98496ABBE2FFCA324F148A2EF595AB251D730E9058B52
              Function 00A50B43 Relevance: .3, Instructions: 345COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction ID: 051f0041bcebfda042f2cb1929f278f1addd4f8a1be73d530eb945e10a8bcba5
              • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
              • Instruction Fuzzy Hash: 19C181362154930ADF2D473A857493FBAA17AA27B231A075DDCB2CB1C5FE30D52CDA20
              Function 00A50F78 Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction ID: 29cc5018e4ea3c1a7e4d7a69daeaec66396c09674b6c02d6ff28879c97d4cf70
              • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
              • Instruction Fuzzy Hash: FEC182362055930ADB6D473A857453FBAA17AA27B231A076DDCB2CB0C5FE30D56CDA20
              Function 00A5070E Relevance: .3, Instructions: 331COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction ID: e8c0c87ff7e51d565bc0c3c7d654bd537b86a24198d6cfedc7e617f5dde6a47c
              • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
              • Instruction Fuzzy Hash: 1DC152362055934ADF2D473A857493FBAA16EA17B231A076DDCB2CB1C5FE30D528DA20
              Function 00A46646 Relevance: .3, Instructions: 325COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: H_prolog
              • String ID:
              • API String ID: 3519838083-0
              • Opcode ID: b0af517f103f23b439da7c7e970d42c712ef3fb82959e3712b161026d658fab8
              • Instruction ID: d3fd4772435b2cf517ad5b0c7fe447f8092d58f3c37d94461b634e499421ba5b
              • Opcode Fuzzy Hash: b0af517f103f23b439da7c7e970d42c712ef3fb82959e3712b161026d658fab8
              • Instruction Fuzzy Hash: F8D1F3B5A043419FDB14CF28C98079BBBE0BFD6308F08456DE8849B642D774E959CB9B
              Function 00A502F6 Relevance: .3, Instructions: 323COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction ID: e1949b59c9c2d06e4b3bf46ad64bce4173a87c905460afd85b8f710e613377da
              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
              • Instruction Fuzzy Hash: 82C172362055930ADF6D473A853483FBAA16AA17B331A176DDCB2CB1D5FE30D52CDA20
              Function 00A3E2A0 Relevance: .3, Instructions: 318COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fb8e2be1d83bd4b98729809ac3002781b8a2069ccaa07908baf1241b4770dcd
              • Instruction ID: 4c75d77f8702015c273bcdcd1376e938a37594396fb3d38f38810e1a347adbc7
              • Opcode Fuzzy Hash: 8fb8e2be1d83bd4b98729809ac3002781b8a2069ccaa07908baf1241b4770dcd
              • Instruction Fuzzy Hash: 68E136755187848FC304CF69D89096BBBF0BB8A300F85895EF5D987352C335EA4ADB62
              Function 00A43A3C Relevance: .3, Instructions: 263COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
              • Instruction ID: bbb26905fe7453da7574fd5aa6adc6436792fb817aaa0adf497dd106ea8a9fe5
              • Opcode Fuzzy Hash: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
              • Instruction Fuzzy Hash: 0191447A2047498BDF24EF68C9D5BBE73A5EBE0300F10092DF597C7282DA74A649C742
              Function 00A54969 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6983a0c7939a4f4c4e69e3d5f823683094446ec5e87d6645b4e9a1286914b87e
              • Instruction ID: 53458530f56a092eec3017ba430a55f2a1779153292ba99e5a97617052bbd356
              • Opcode Fuzzy Hash: 6983a0c7939a4f4c4e69e3d5f823683094446ec5e87d6645b4e9a1286914b87e
              • Instruction Fuzzy Hash: 4B616971644B08A6DE348B285956BBF33A4BB4D38FF100619EE82DB282D531DDCDC759
              Function 00A43D6D Relevance: .2, Instructions: 232COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
              • Instruction ID: 2ef8ce605f3dd14daf2eb15c7cce0cf9aa5b660db4b8d58f50d3af4c52a4ffc1
              • Opcode Fuzzy Hash: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
              • Instruction Fuzzy Hash: 60712676A043455BDF24EF29C9C1BBD77E5ABE0304F00492DF9C68B282DB749A898752
              Function 00A5473A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
              • Instruction ID: 94e1b74692c2c14c3e4a4cc6f13d975717b3889a1265047e0f4f6ee989e4edc1
              • Opcode Fuzzy Hash: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
              • Instruction Fuzzy Hash: EA514771600A8466DB3887788956BBF27D9BB5F34FF180549ED8297282C335DDCD8351
              Function 00A3DE6C Relevance: .2, Instructions: 190COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81b112ece4a29a809b55e3cf29cccb5d19ca85da287a06697df5e592fc1e56a2
              • Instruction ID: c8b060288fef57be1a5fd59daa660ae87d472f42f8924419a1d0903a572dc02f
              • Opcode Fuzzy Hash: 81b112ece4a29a809b55e3cf29cccb5d19ca85da287a06697df5e592fc1e56a2
              • Instruction Fuzzy Hash: 76819E9321E6D49EC716CFBC3CA42F93FA15733301F1981AAD4CA862A3C17646DAD721
              Function 00A3E8A0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63feb3a9e11168128ad791d929e1532b8d7c26f0d0e0c67ec7c9425bd22f5f41
              • Instruction ID: 27e88f574b5b72613f08015235e6883dd79a586d1957a0699fd7a52bcf35a717
              • Opcode Fuzzy Hash: 63feb3a9e11168128ad791d929e1532b8d7c26f0d0e0c67ec7c9425bd22f5f41
              • Instruction Fuzzy Hash: 8A51CD31A083D58FC712CF24958456FFFE1BE9A314F59489EF4E54B286D320DA49CBA2
              Function 00A3F968 Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebbdf89fe1b76932c68be8808d3aa200abef560df617310c7aa7ae78a840e403
              • Instruction ID: 924db3a04df2eab4b814c213671f88d0f7799d1eee8e823dbe387a65995577b8
              • Opcode Fuzzy Hash: ebbdf89fe1b76932c68be8808d3aa200abef560df617310c7aa7ae78a840e403
              • Instruction Fuzzy Hash: E5512571A083028FC748CF19D48059AF7E1FF88354F058A2EE899A7740DB34EA59CB96
              Function 00A437C1 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
              • Instruction ID: a144520f419e1014b11d09aabdbc32606fb49097b6830b99a20faa20f19523c4
              • Opcode Fuzzy Hash: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
              • Instruction Fuzzy Hash: 4231D0B66047558FCB14DF28C89166EBBE0FBA5300F10492EE4D5C7342C739EA49CB92
              Function 00A35F3C Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2fae0532389f0ddc92033a847a99e5566ae99fbf407d3ea326df04af83d1753
              • Instruction ID: 3606bf7a1ebf5a6507ed6b6ceab82d2aef432f16f44170871b538393be0142da
              • Opcode Fuzzy Hash: e2fae0532389f0ddc92033a847a99e5566ae99fbf407d3ea326df04af83d1753
              • Instruction Fuzzy Hash: 4E21FC72A201614FCB48CF6DEDD18767761AB86311B46C12BFE46CB2D1C535E926C7E0
              Function 00A3DA98 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 236COMMON
              Download Yara Rule
              APIs
              • _swprintf.LIBCMT ref: 00A3DABE
                • Part of subcall function 00A3400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A3401D
                • Part of subcall function 00A41596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00A70EE8,00000200,00A3D202,00000000,?,00000050,00A70EE8), ref: 00A415B3
              • _strlen.LIBCMT ref: 00A3DADF
              • SetDlgItemTextW.USER32(?,00A6E154,?), ref: 00A3DB3F
              • GetWindowRect.USER32(?,?), ref: 00A3DB79
              • GetClientRect.USER32(?,?), ref: 00A3DB85
              • GetWindowLongW.USER32(?,000000F0), ref: 00A3DC25
              • GetWindowRect.USER32(?,?), ref: 00A3DC52
              • SetWindowTextW.USER32(?,?), ref: 00A3DC95
              • GetSystemMetrics.USER32(00000008), ref: 00A3DC9D
              • GetWindow.USER32(?,00000005), ref: 00A3DCA8
              • GetWindowRect.USER32(00000000,?), ref: 00A3DCD5
              • GetWindow.USER32(00000000,00000002), ref: 00A3DD47
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
              • String ID: $%s:$CAPTION$d
              • API String ID: 2407758923-2512411981
              • Opcode ID: 85db65e58838ad1541797ba2de7e8513c34ef4c531b2d29d7de2af5fe21937e7
              • Instruction ID: 7e3bc8f0dd1e42035e7c6a9451f706ffb695a66ab5ecf44952d2deef315eef1b
              • Opcode Fuzzy Hash: 85db65e58838ad1541797ba2de7e8513c34ef4c531b2d29d7de2af5fe21937e7
              • Instruction Fuzzy Hash: C6819072608301AFD710DFA8DD89F6BBBE9EBC9704F04091DFA8593251D670E90ACB52
              Function 00A5C233 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • ___free_lconv_mon.LIBCMT ref: 00A5C277
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE2F
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE41
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE53
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE65
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE77
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE89
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BE9B
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BEAD
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BEBF
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BED1
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BEE3
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BEF5
                • Part of subcall function 00A5BE12: _free.LIBCMT ref: 00A5BF07
              • _free.LIBCMT ref: 00A5C26C
                • Part of subcall function 00A584DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958), ref: 00A584F4
                • Part of subcall function 00A584DE: GetLastError.KERNEL32(00A63958,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958,00A63958), ref: 00A58506
              • _free.LIBCMT ref: 00A5C28E
              • _free.LIBCMT ref: 00A5C2A3
              • _free.LIBCMT ref: 00A5C2AE
              • _free.LIBCMT ref: 00A5C2D0
              • _free.LIBCMT ref: 00A5C2E3
              • _free.LIBCMT ref: 00A5C2F1
              • _free.LIBCMT ref: 00A5C2FC
              • _free.LIBCMT ref: 00A5C334
              • _free.LIBCMT ref: 00A5C33B
              • _free.LIBCMT ref: 00A5C358
              • _free.LIBCMT ref: 00A5C370
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
              • String ID:
              • API String ID: 161543041-0
              • Opcode ID: 548dd876c353b9ec76316c81d29ead244895de8556d37f647af4a98dd42911ca
              • Instruction ID: 09ba07da6b328d6996cc562b7716f90bbd877509da4a9e4532fc38b1b6c3437e
              • Opcode Fuzzy Hash: 548dd876c353b9ec76316c81d29ead244895de8556d37f647af4a98dd42911ca
              • Instruction Fuzzy Hash: 4B3140315007099FDB20AB78DA45B9AB3E5FF00322F14C429EC99EB559DF75AC48D750
              Function 00A4CD2E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
              Download Yara Rule
              APIs
              • GetWindow.USER32(?,00000005), ref: 00A4CD51
              • GetClassNameW.USER32(00000000,?,00000800), ref: 00A4CD7D
                • Part of subcall function 00A417AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00A3BB05,00000000,.exe,?,?,00000800,?,?,00A485DF,?), ref: 00A417C2
              • GetWindowLongW.USER32(00000000,000000F0), ref: 00A4CD99
              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00A4CDB0
              • GetObjectW.GDI32(00000000,00000018,?), ref: 00A4CDC4
              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00A4CDED
              • DeleteObject.GDI32(00000000), ref: 00A4CDF4
              • GetWindow.USER32(00000000,00000002), ref: 00A4CDFD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
              • String ID: STATIC
              • API String ID: 3820355801-1882779555
              • Opcode ID: 28a93a137025512da277aa1baac500ec2228dc79eb9489b8501cb594dbc77748
              • Instruction ID: 314f5752e93ca6170b1e0c42467334f9b328aef5d0fc051446999f892d9bb2cf
              • Opcode Fuzzy Hash: 28a93a137025512da277aa1baac500ec2228dc79eb9489b8501cb594dbc77748
              • Instruction Fuzzy Hash: 08110D3A6423107BE631EB709C0AFAF365CFFD5761F004521FA45A6092DF648D1687A4
              Function 00A58EB1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 00A58EC5
                • Part of subcall function 00A584DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958), ref: 00A584F4
                • Part of subcall function 00A584DE: GetLastError.KERNEL32(00A63958,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958,00A63958), ref: 00A58506
              • _free.LIBCMT ref: 00A58ED1
              • _free.LIBCMT ref: 00A58EDC
              • _free.LIBCMT ref: 00A58EE7
              • _free.LIBCMT ref: 00A58EF2
              • _free.LIBCMT ref: 00A58EFD
              • _free.LIBCMT ref: 00A58F08
              • _free.LIBCMT ref: 00A58F13
              • _free.LIBCMT ref: 00A58F1E
              • _free.LIBCMT ref: 00A58F2C
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 08055214f71f6c7825d300b53a511c991b0c85a306b819872b49b82c90f6afa2
              • Instruction ID: b3fccbc8bd6bc01927bdc9e9527a2b3880c2fb8c5aa95325617f2ce9328aa755
              • Opcode Fuzzy Hash: 08055214f71f6c7825d300b53a511c991b0c85a306b819872b49b82c90f6afa2
              • Instruction Fuzzy Hash: B711D47650110DAFCB11EF54CA42CDA3BB5FF04351B0180A0BE48AB62ADA36DA559B80
              Function 00A32162 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: ;%u$x%u$xc%u
              • API String ID: 0-2277559157
              • Opcode ID: 8e494145491d380ce66c8c12f5e61ad76817c52130642d493905ad147daabee3
              • Instruction ID: 40266a72899d7b55e70f883d0b438b55cae2b75e6baeceb4fde1dcbe2980b8e3
              • Opcode Fuzzy Hash: 8e494145491d380ce66c8c12f5e61ad76817c52130642d493905ad147daabee3
              • Instruction Fuzzy Hash: 99F127716043405BDB25EF388A96BFE77A5BFD0310F080579F9869B283DB649948C7A2
              Function 00A4ACD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3130B: GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
                • Part of subcall function 00A3130B: SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              • EndDialog.USER32(?,00000001), ref: 00A4AD20
              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00A4AD47
              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00A4AD60
              • SetWindowTextW.USER32(?,?), ref: 00A4AD71
              • GetDlgItem.USER32(?,00000065), ref: 00A4AD7A
              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00A4AD8E
              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00A4ADA4
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: MessageSend$Item$TextWindow$Dialog
              • String ID: LICENSEDLG
              • API String ID: 3214253823-2177901306
              • Opcode ID: c404fcadafe99397ce99e44d22d7d0d7189089fc47a57df885f16d292303803b
              • Instruction ID: 9e5ece120dbbac4a2d2317e0fb42d840b766022e66575cd3ab4ed48eea268000
              • Opcode Fuzzy Hash: c404fcadafe99397ce99e44d22d7d0d7189089fc47a57df885f16d292303803b
              • Instruction Fuzzy Hash: 96219176A80105BBD621EBA1ED49F7B3B7CFB96B46F010015F605A24A0DA629D02D772
              Function 00A39443 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A39448
              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00A3946B
              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00A3948A
                • Part of subcall function 00A417AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00A3BB05,00000000,.exe,?,?,00000800,?,?,00A485DF,?), ref: 00A417C2
              • _swprintf.LIBCMT ref: 00A39526
                • Part of subcall function 00A3400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A3401D
              • MoveFileW.KERNEL32(?,?), ref: 00A39595
              • MoveFileW.KERNEL32(?,?), ref: 00A395D5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
              • String ID: rtmp%d
              • API String ID: 2111052971-3303766350
              • Opcode ID: 984d7d7b4711f1948b30f8f1bd4a3e4a9bb97404f9f128523b46d7f660bcde90
              • Instruction ID: 83e3b194c97e3988e8a503446fe8e4a257f7eb4af91f1c86d004c4ce880a523c
              • Opcode Fuzzy Hash: 984d7d7b4711f1948b30f8f1bd4a3e4a9bb97404f9f128523b46d7f660bcde90
              • Instruction Fuzzy Hash: AA415072901259A6DF30EBA08D85EEFB37CAF55380F0444E5B549E3142EBB49B89CB64
              Function 00A48E62 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 125memoryCOMMON
              Download Yara Rule
              APIs
              • GlobalAlloc.KERNEL32(00000040,?), ref: 00A48F38
              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00A48F59
              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,00000000), ref: 00A48F80
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Global$AllocByteCharCreateMultiStreamWide
              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
              • API String ID: 4094277203-4209811716
              • Opcode ID: 35d83fdbed45a45ab563d1aeebc51b4fc2cf0543f59f9cdffa1f0fc8cf040354
              • Instruction ID: 0609f9448191ae6e5a16ecf3848abaf5246aa78b8ff996cfc28e8bb587483b7c
              • Opcode Fuzzy Hash: 35d83fdbed45a45ab563d1aeebc51b4fc2cf0543f59f9cdffa1f0fc8cf040354
              • Instruction Fuzzy Hash: 2F3105365083117BDB20AB74AC06FAF77A8BFD6761F100519F901A61D1EF789A0D83A5
              Function 00A40A8A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
              Download Yara Rule
              APIs
              • __aulldiv.LIBCMT ref: 00A40A9D
                • Part of subcall function 00A3ACF5: GetVersionExW.KERNEL32(?), ref: 00A3AD1A
              • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00A40AC0
              • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00A40AD2
              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00A40AE3
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A40AF3
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A40B03
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A40B3D
              • __aullrem.LIBCMT ref: 00A40BCB
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
              • String ID:
              • API String ID: 1247370737-0
              • Opcode ID: 090de3674894aa4f3b4710c36c5d56935e8b9c8d528aa309ae3af3d03d8e08e0
              • Instruction ID: 55066fedfb06fc41e71db4858275e1aa606283e68ef0c1dd2232a679d8c91fa4
              • Opcode Fuzzy Hash: 090de3674894aa4f3b4710c36c5d56935e8b9c8d528aa309ae3af3d03d8e08e0
              • Instruction Fuzzy Hash: DC413AB6408305AFC710DFA5C88096BF7F8FB88715F004A2EFAD692650E774E54ADB52
              Function 00A5EE2D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
              Download Yara Rule
              APIs
              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00A5F5A2,?,00000000,?,00000000,00000000), ref: 00A5EE6F
              • __fassign.LIBCMT ref: 00A5EEEA
              • __fassign.LIBCMT ref: 00A5EF05
              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00A5EF2B
              • WriteFile.KERNEL32(?,?,00000000,00A5F5A2,00000000,?,?,?,?,?,?,?,?,?,00A5F5A2,?), ref: 00A5EF4A
              • WriteFile.KERNEL32(?,?,00000001,00A5F5A2,00000000,?,?,?,?,?,?,?,?,?,00A5F5A2,?), ref: 00A5EF83
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
              • String ID:
              • API String ID: 1324828854-0
              • Opcode ID: 33b79514d3d3466fd650664c592951298f7f56825538e1d044051adbdffc91d2
              • Instruction ID: 4af74ca6d90a3820ddb4cce2c17a43716a5d57cb2300b22a2352346f39eeeb48
              • Opcode Fuzzy Hash: 33b79514d3d3466fd650664c592951298f7f56825538e1d044051adbdffc91d2
              • Instruction Fuzzy Hash: BB51E8B1A00209AFCF14CFA8DC45AEEBBF5FF09301F14411AE955E7291EB709A49CB60
              Function 00A4C534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
              Download Yara Rule
              APIs
              • GetTempPathW.KERNEL32(00000800,?), ref: 00A4C54A
              • _swprintf.LIBCMT ref: 00A4C57E
                • Part of subcall function 00A3400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A3401D
              • SetDlgItemTextW.USER32(?,00000066,00A7946A), ref: 00A4C59E
              • _wcschr.LIBVCRUNTIME ref: 00A4C5D1
              • EndDialog.USER32(?,00000001), ref: 00A4C6B2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
              • String ID: %s%s%u
              • API String ID: 2892007947-1360425832
              • Opcode ID: 12778eb7ab7f5b41ef79b3ba4542e7dd3c3928920ec1eb68b6c9736bef7c9127
              • Instruction ID: 1db227683f7cf3287d1e5c865084b068ffcd0d5034c76c5d833e7a804c1c5cb4
              • Opcode Fuzzy Hash: 12778eb7ab7f5b41ef79b3ba4542e7dd3c3928920ec1eb68b6c9736bef7c9127
              • Instruction Fuzzy Hash: 5A41A176D00618BADB26DBA0CC45EEAB7BDEF88315F0090A6F50DE6060E7719BC4CB50
              Function 00A49635 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
              Download Yara Rule
              APIs
              • ShowWindow.USER32(?,00000000), ref: 00A4964E
              • GetWindowRect.USER32(?,00000000), ref: 00A49693
              • ShowWindow.USER32(?,00000005,00000000), ref: 00A4972A
              • SetWindowTextW.USER32(?,00000000), ref: 00A49732
              • ShowWindow.USER32(00000000,00000005), ref: 00A49748
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Window$Show$RectText
              • String ID: RarHtmlClassName
              • API String ID: 3937224194-1658105358
              • Opcode ID: 6b963a77ea065b8feaf3fa0ff7ace5aa309d75df674e9d59c4f201d40b5e9c4e
              • Instruction ID: 609bcfae01a99c243a4616a5ee4d6cc1d31b5c0fc521f09be971bdb35040120a
              • Opcode Fuzzy Hash: 6b963a77ea065b8feaf3fa0ff7ace5aa309d75df674e9d59c4f201d40b5e9c4e
              • Instruction Fuzzy Hash: D131CE36104200BFDB119FA4DC48F6BBBA8FF88311F11465AFE499A162DB30D825CBA5
              Function 00A5BFB5 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 00A5BF79: _free.LIBCMT ref: 00A5BFA2
              • _free.LIBCMT ref: 00A5C003
                • Part of subcall function 00A584DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958), ref: 00A584F4
                • Part of subcall function 00A584DE: GetLastError.KERNEL32(00A63958,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958,00A63958), ref: 00A58506
              • _free.LIBCMT ref: 00A5C00E
              • _free.LIBCMT ref: 00A5C019
              • _free.LIBCMT ref: 00A5C06D
              • _free.LIBCMT ref: 00A5C078
              • _free.LIBCMT ref: 00A5C083
              • _free.LIBCMT ref: 00A5C08E
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
              • Instruction ID: c18c1e98fd9315e3fa256add67d90c7a1e89d3ca6f6d411e5b22e007b94b856c
              • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
              • Instruction Fuzzy Hash: 37110071551B04FBD620BBB0CE07FCBB7AD7F04702F408855BA9966452DB7AF90C8AA0
              Function 00A520CA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetLastError.KERNEL32(?,?,00A520C1,00A4FB12), ref: 00A520D8
              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A520E6
              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A520FF
              • SetLastError.KERNEL32(00000000,?,00A520C1,00A4FB12), ref: 00A52151
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorLastValue___vcrt_
              • String ID:
              • API String ID: 3852720340-0
              • Opcode ID: 8fc80d71e5602743feaae518ea988eeba6bb933c7658ae666cf5ac35bc63fd85
              • Instruction ID: 076098222efee45be7ce93b6fa95480ca71e6bbab60943b5b73891292adda61e
              • Opcode Fuzzy Hash: 8fc80d71e5602743feaae518ea988eeba6bb933c7658ae666cf5ac35bc63fd85
              • Instruction Fuzzy Hash: A901283B20A7116EAA256BF4BC8561B2A64FB627733210729FE10590E0FFB14C0E5354
              Function 00A4DC9A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
              • API String ID: 0-1718035505
              • Opcode ID: a588561256a23a99750503086637c26709114c630a6f33bc3079636fc29142f3
              • Instruction ID: 64cc0706e6e0598764db7a935f4eafcdd47cc34ba14e7a4bc27b746879378523
              • Opcode Fuzzy Hash: a588561256a23a99750503086637c26709114c630a6f33bc3079636fc29142f3
              • Instruction Fuzzy Hash: 1701A47AB42622AF4F219FB55CC96A623E4AAC2756320067EE501D7240DEE1C886D6A0
              Function 00A40CBE Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
              Download Yara Rule
              APIs
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A40D0D
                • Part of subcall function 00A3ACF5: GetVersionExW.KERNEL32(?), ref: 00A3AD1A
              • LocalFileTimeToFileTime.KERNEL32(?,00A40CB8), ref: 00A40D31
              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A40D47
              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00A40D56
              • SystemTimeToFileTime.KERNEL32(?,00A40CB8), ref: 00A40D64
              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A40D72
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Time$File$System$Local$SpecificVersion
              • String ID:
              • API String ID: 2092733347-0
              • Opcode ID: 6229234cad8315acf7618adcd69b0d41465ec1e0442d0c69298e4bc9ba173d16
              • Instruction ID: 347cded85ec1c7f6f0d49a1b5fbce3b757a4cf08d7def4e2a3cdac8f600d77b1
              • Opcode Fuzzy Hash: 6229234cad8315acf7618adcd69b0d41465ec1e0442d0c69298e4bc9ba173d16
              • Instruction Fuzzy Hash: E131C97A900209EBCF00DFE5D9859EFBBBCFF58700B04455AE955E3210E7309646CB65
              Function 00A491B0 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _memcmp
              • String ID:
              • API String ID: 2931989736-0
              • Opcode ID: 840e8f2d93eddfd6c95bb8d7c771986b5c5a8c5b26ea18ad5d9dda51a083b43d
              • Instruction ID: 6972aaf5a2f1c86ccd43bc514aaabe6f82913af8b8612ad0449efdf55a391120
              • Opcode Fuzzy Hash: 840e8f2d93eddfd6c95bb8d7c771986b5c5a8c5b26ea18ad5d9dda51a083b43d
              • Instruction Fuzzy Hash: A9219275A0010EBBD7049F24CD81FAB77BDEBD0788F208628FC099B201E2B0ED5196A1
              Function 00A58FA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetLastError.KERNEL32(?,00A70EE8,00A53E14,00A70EE8,?,?,00A53713,00000050,?,00A70EE8,00000200), ref: 00A58FA9
              • _free.LIBCMT ref: 00A58FDC
              • _free.LIBCMT ref: 00A59004
              • SetLastError.KERNEL32(00000000,?,00A70EE8,00000200), ref: 00A59011
              • SetLastError.KERNEL32(00000000,?,00A70EE8,00000200), ref: 00A5901D
              • _abort.LIBCMT ref: 00A59023
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorLast$_free$_abort
              • String ID:
              • API String ID: 3160817290-0
              • Opcode ID: 9371e315e6a6d1adbaa51ff53ec82841dd75e879454c9bb519e96c84440bc812
              • Instruction ID: 67971308c3f692e688743064e73fc9e4791538c81941380ec12710ef2b9f2577
              • Opcode Fuzzy Hash: 9371e315e6a6d1adbaa51ff53ec82841dd75e879454c9bb519e96c84440bc812
              • Instruction Fuzzy Hash: 24F02836605601AAC611B3686E0AB2B2A7ABBD5773B250514FC16F6192EF78C90F6110
              Function 00A4D2E6 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
              Download Yara Rule
              APIs
              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00A4D2F2
              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4D30C
              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4D31D
              • TranslateMessage.USER32(?), ref: 00A4D327
              • DispatchMessageW.USER32(?), ref: 00A4D331
              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00A4D33C
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
              • String ID:
              • API String ID: 2148572870-0
              • Opcode ID: 73ae19fb20a85a82723d121136abd29046c5d67299cac8eb8a96543e3bf7d800
              • Instruction ID: 0f85e42972aec7990af3d8f52e677b7c76019884fcfb64bb0d44f659b90f8f87
              • Opcode Fuzzy Hash: 73ae19fb20a85a82723d121136abd29046c5d67299cac8eb8a96543e3bf7d800
              • Instruction Fuzzy Hash: BDF03C72A01119BBCB209FE1EC4CEDBBF7DEF91391F008012F606D6010DA349952C7A1
              Function 00A4C40E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
              Download Yara Rule
              APIs
              • _wcschr.LIBVCRUNTIME ref: 00A4C435
                • Part of subcall function 00A417AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,00A3BB05,00000000,.exe,?,?,00000800,?,?,00A485DF,?), ref: 00A417C2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CompareString_wcschr
              • String ID: <$HIDE$MAX$MIN
              • API String ID: 2548945186-3358265660
              • Opcode ID: 015e9da852ae9450d5761799167ef1540f915e1b07116c0c7b90e5b9dde9537c
              • Instruction ID: b07b8aa8c0248fd7e5240e3a8e0d278f5f1f444260d41e08e6744572f2096c10
              • Opcode Fuzzy Hash: 015e9da852ae9450d5761799167ef1540f915e1b07116c0c7b90e5b9dde9537c
              • Instruction Fuzzy Hash: 6831B47A900209AADF61DB64CD55FEA77BDEB94350F004466FA08D2090EBB08FC4CA50
              Function 00A4ADED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
              Download Yara Rule
              APIs
              • LoadBitmapW.USER32(00000065), ref: 00A4ADFD
              • GetObjectW.GDI32(00000000,00000018,?), ref: 00A4AE22
              • DeleteObject.GDI32(00000000), ref: 00A4AE54
              • DeleteObject.GDI32(00000000), ref: 00A4AE77
                • Part of subcall function 00A49E1C: FindResourceW.KERNEL32(00A4AE4D,PNG,?,?,?,00A4AE4D,00000066), ref: 00A49E2E
                • Part of subcall function 00A49E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,00A4AE4D,00000066), ref: 00A49E46
                • Part of subcall function 00A49E1C: LoadResource.KERNEL32(00000000,?,?,?,00A4AE4D,00000066), ref: 00A49E59
                • Part of subcall function 00A49E1C: LockResource.KERNEL32(00000000,?,?,?,00A4AE4D,00000066), ref: 00A49E64
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
              • String ID: ]
              • API String ID: 142272564-3352871620
              • Opcode ID: da1d305e576379c432276da6b688b8c5ab27a5f8ec10ac24b71da85cee08fd24
              • Instruction ID: f3a82dcebfdfc95719ad071fd33f22f01aa3c8fbd4ebc15bb7b5782194feac53
              • Opcode Fuzzy Hash: da1d305e576379c432276da6b688b8c5ab27a5f8ec10ac24b71da85cee08fd24
              • Instruction Fuzzy Hash: D101F53AA80225B7D710A7A49D07B7F7B7AAFD1B52F080115FD10A7291DF318C2697B2
              Function 00A4CC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3130B: GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
                • Part of subcall function 00A3130B: SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              • EndDialog.USER32(?,00000001), ref: 00A4CCDB
              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00A4CCF1
              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00A4CD05
              • SetDlgItemTextW.USER32(?,00000068), ref: 00A4CD14
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemText$DialogWindow
              • String ID: RENAMEDLG
              • API String ID: 445417207-3299779563
              • Opcode ID: 6636203eb895c0a8ac73b3097314d797f7fdf1ca7f48101bda618923db63422d
              • Instruction ID: 3563c964a66d79da0e5e83c20ca3e553ae47da6483380e8b54a22d8c7493aa3b
              • Opcode Fuzzy Hash: 6636203eb895c0a8ac73b3097314d797f7fdf1ca7f48101bda618923db63422d
              • Instruction Fuzzy Hash: 9D016832786210BED551CFA49C08F573B6CEBCA712F100411F34EA20E0CA61581687A1
              Function 00A575C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A57573,00000000,?,00A57513,00000000,00A6BAD8,0000000C,00A5766A,00000000,00000002), ref: 00A575E2
              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A575F5
              • FreeLibrary.KERNEL32(00000000,?,?,?,00A57573,00000000,?,00A57513,00000000,00A6BAD8,0000000C,00A5766A,00000000,00000002), ref: 00A57618
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AddressFreeHandleLibraryModuleProc
              • String ID: CorExitProcess$mscoree.dll
              • API String ID: 4061214504-1276376045
              • Opcode ID: b5ab264f107fe12787895d53cb61803f5e3116f65d2ff8e071cc8802f864a0eb
              • Instruction ID: 73ac21616b3d08ca52db963a052bc125ffff5a408acfdee3cb6f90da514ff3f7
              • Opcode Fuzzy Hash: b5ab264f107fe12787895d53cb61803f5e3116f65d2ff8e071cc8802f864a0eb
              • Instruction Fuzzy Hash: 64F04F31A08618BBDF15DBA4DC09BADBFB9FF04712F104168F805A2160DBB08A46CA94
              Function 00A3EB73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A40085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A400A0
                • Part of subcall function 00A40085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3EB86,Crypt32.dll,00000000,00A3EC0A,?,?,00A3EBEC,?,?,?), ref: 00A400C2
              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00A3EB92
              • GetProcAddress.KERNEL32(00A781C0,CryptUnprotectMemory), ref: 00A3EBA2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AddressProc$DirectoryLibraryLoadSystem
              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
              • API String ID: 2141747552-1753850145
              • Opcode ID: 56c837cf3dd84173ea0f4dd10b1899fb769716bdd93ffd4c7dc147cef2eb5708
              • Instruction ID: a5047c675bac7a882088a665c359b0300effa827817b9e01e253a8d70052edce
              • Opcode Fuzzy Hash: 56c837cf3dd84173ea0f4dd10b1899fb769716bdd93ffd4c7dc147cef2eb5708
              • Instruction Fuzzy Hash: F8E01272800741AECF219F689818A42BAF46B14700F04CC1DF496E3A80DAF4D5868F60
              Function 00A57DD9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: b1d3d62679573be590fc3afee015360465d061e28fb42572e864a12d2fbada91
              • Instruction ID: 4eaaaa8c7f3296feeb31864d6fd4eff8ce4952593232c8b28a52102d2a4937d5
              • Opcode Fuzzy Hash: b1d3d62679573be590fc3afee015360465d061e28fb42572e864a12d2fbada91
              • Instruction Fuzzy Hash: 2C41D136A003049FCB20DF78D981A5EB7B6FF89724F1545A8ED15EB251DB31AD05CB80
              Function 00A5B610 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • GetEnvironmentStringsW.KERNEL32 ref: 00A5B619
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A5B63C
                • Part of subcall function 00A58518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5C13D,00000000,?,00A567E2,?,00000008,?,00A589AD,?,?,?), ref: 00A5854A
              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A5B662
              • _free.LIBCMT ref: 00A5B675
              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A5B684
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
              • String ID:
              • API String ID: 336800556-0
              • Opcode ID: 42b307d85f1a42a1bbb4923109b71d0271cfe42482ceb0b65427aec1a9df65ff
              • Instruction ID: b319b28e9c030f937f978102556b29548eda7df5498cf767421f65f8a29054b5
              • Opcode Fuzzy Hash: 42b307d85f1a42a1bbb4923109b71d0271cfe42482ceb0b65427aec1a9df65ff
              • Instruction Fuzzy Hash: CF01B173611211BF6B2157B66C89C7B6A7EFAC7BA33140228FD05D2510EFB08D0681B0
              Function 00A59029 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetLastError.KERNEL32(?,00A70EE8,00000200,00A5895F,00A558FE,?,?,?,?,00A3D25E,?,02F829C0,00000063,00000004,00A3CFE0,?), ref: 00A5902E
              • _free.LIBCMT ref: 00A59063
              • _free.LIBCMT ref: 00A5908A
              • SetLastError.KERNEL32(00000000,00A63958,00000050,00A70EE8), ref: 00A59097
              • SetLastError.KERNEL32(00000000,00A63958,00000050,00A70EE8), ref: 00A590A0
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorLast$_free
              • String ID:
              • API String ID: 3170660625-0
              • Opcode ID: 8482430e017cf7f978d340d882d51f30aa2514dbcc4edffb9c20202355f73fa0
              • Instruction ID: 55f5ee7ab2a75b93a523e8f6d715a5b91f712907717d5833f85cc2208edbe4a0
              • Opcode Fuzzy Hash: 8482430e017cf7f978d340d882d51f30aa2514dbcc4edffb9c20202355f73fa0
              • Instruction Fuzzy Hash: E001F976605600AA8721A774AE8592B257DFBD13733210924FD16AB1D1EFB4CC0F5150
              Function 00A4075B Relevance: 7.5, APIs: 5, Instructions: 44COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A40A41: ResetEvent.KERNEL32(?), ref: 00A40A53
                • Part of subcall function 00A40A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00A40A67
              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00A4078F
              • CloseHandle.KERNEL32(?,?), ref: 00A407A9
              • DeleteCriticalSection.KERNEL32(?), ref: 00A407C2
              • CloseHandle.KERNEL32(?), ref: 00A407CE
              • CloseHandle.KERNEL32(?), ref: 00A407DA
                • Part of subcall function 00A4084E: WaitForSingleObject.KERNEL32(?,000000FF,00A40A78,?), ref: 00A40854
                • Part of subcall function 00A4084E: GetLastError.KERNEL32(?), ref: 00A40860
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
              • String ID:
              • API String ID: 1868215902-0
              • Opcode ID: c84a52fb19141c0f5f43eb096e4f8c053a3b911fded8cd1e1900182bfc8984dc
              • Instruction ID: 52dc6dc00ec219ae805bab3e109e8b237aa8ae6df8c997255e19670541ee0b7d
              • Opcode Fuzzy Hash: c84a52fb19141c0f5f43eb096e4f8c053a3b911fded8cd1e1900182bfc8984dc
              • Instruction Fuzzy Hash: 0B01B576440B04EFCB21DBA5DD84FC6BBF9FB88710F000529F25A42160CBB56A4ADB90
              Function 00A5BF10 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 00A5BF28
                • Part of subcall function 00A584DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958), ref: 00A584F4
                • Part of subcall function 00A584DE: GetLastError.KERNEL32(00A63958,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958,00A63958), ref: 00A58506
              • _free.LIBCMT ref: 00A5BF3A
              • _free.LIBCMT ref: 00A5BF4C
              • _free.LIBCMT ref: 00A5BF5E
              • _free.LIBCMT ref: 00A5BF70
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 3bffd14dc07aa9408cdeb9aba823b54c672643f5e4a768bb7fe58fae3a041834
              • Instruction ID: fb9b91abe4d323dc29133e69585b3c536e98996fc937b90b78a527092934935f
              • Opcode Fuzzy Hash: 3bffd14dc07aa9408cdeb9aba823b54c672643f5e4a768bb7fe58fae3a041834
              • Instruction Fuzzy Hash: 57F01236515201E78620EBA4EF86C1B73F9BA007527648809FC49E7954CB74FC8E8A64
              Function 00A58060 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 00A5807E
                • Part of subcall function 00A584DE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958), ref: 00A584F4
                • Part of subcall function 00A584DE: GetLastError.KERNEL32(00A63958,?,00A5BFA7,00A63958,00000000,00A63958,00000000,?,00A5BFCE,00A63958,00000007,00A63958,?,00A5C3CB,00A63958,00A63958), ref: 00A58506
              • _free.LIBCMT ref: 00A58090
              • _free.LIBCMT ref: 00A580A3
              • _free.LIBCMT ref: 00A580B4
              • _free.LIBCMT ref: 00A580C5
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 93e9b88a9e7354fc523740cd0c7b48f1df75418de75ce2b8223e2c2f01cc3c70
              • Instruction ID: 5573ff9bfcc95a1113052513c730dac7964961eaea0811cc25e6cbd4fb9c29a1
              • Opcode Fuzzy Hash: 93e9b88a9e7354fc523740cd0c7b48f1df75418de75ce2b8223e2c2f01cc3c70
              • Instruction Fuzzy Hash: BCF03A79A02126DB8711FF95BD014453BB5F7147213088A5BFC50ABAB4DF3908579FC1
              Function 00A576BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
              Download Yara Rule
              APIs
              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\RustStore_Setup.exe,00000104), ref: 00A576FD
              • _free.LIBCMT ref: 00A577C8
              • _free.LIBCMT ref: 00A577D2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _free$FileModuleName
              • String ID: C:\Users\user\Desktop\RustStore_Setup.exe
              • API String ID: 2506810119-652289378
              • Opcode ID: 3665bf85f027e3e5e449ebe0ccc4bff331bfb29c2da4bce0677476c4ea190246
              • Instruction ID: 20005b5f0a0c50b738e2a9e5d184e9552ec55ee8c12a5d9dbe9962573f5f6947
              • Opcode Fuzzy Hash: 3665bf85f027e3e5e449ebe0ccc4bff331bfb29c2da4bce0677476c4ea190246
              • Instruction Fuzzy Hash: F4319E71A04209AFDB21DF99BD8199EBBFCFB98311F1440A6FD04A7201DA704A498BA0
              Function 00A37574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A37579
                • Part of subcall function 00A33B3D: __EH_prolog.LIBCMT ref: 00A33B42
              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00A37640
                • Part of subcall function 00A37BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A37C04
                • Part of subcall function 00A37BF5: GetLastError.KERNEL32 ref: 00A37C4A
                • Part of subcall function 00A37BF5: CloseHandle.KERNEL32(?), ref: 00A37C59
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
              • String ID: SeRestorePrivilege$SeSecurityPrivilege
              • API String ID: 3813983858-639343689
              • Opcode ID: fd8076d6485fae3d12dcebf222aceff10d3dfd61d32a992cca5574de008dcb52
              • Instruction ID: feb2a1ba87f0744d94a4e68584b915e912e5d85b63a0d9ed2f0875aa32ef7bc7
              • Opcode Fuzzy Hash: fd8076d6485fae3d12dcebf222aceff10d3dfd61d32a992cca5574de008dcb52
              • Instruction Fuzzy Hash: 5B31B4B1908248AEDF20EFA8DD42FEEBB79AF55354F00405AF449E7192DBB04A45CB61
              Function 00A4A430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3130B: GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
                • Part of subcall function 00A3130B: SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              • EndDialog.USER32(?,00000001), ref: 00A4A4B8
              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00A4A4CD
              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00A4A4E2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemText$DialogWindow
              • String ID: ASKNEXTVOL
              • API String ID: 445417207-3402441367
              • Opcode ID: d13f483dacef127712a34490b3c176ad5c5c963087c07620ac0d1959e5f4e14f
              • Instruction ID: d54504aecc55763b92d652c46f183094ab7691e67e211f947eba3c622006964a
              • Opcode Fuzzy Hash: d13f483dacef127712a34490b3c176ad5c5c963087c07620ac0d1959e5f4e14f
              • Instruction Fuzzy Hash: 7C11B236384200BFDA21DFA9DD4DF6A77A9EBAA740F100106F2419B0A0CBA19906D726
              Function 00A3D1C3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: __fprintf_l_strncpy
              • String ID: $%s$@%s
              • API String ID: 1857242416-834177443
              • Opcode ID: 92c1188c19bb71256ffcfb9786380a69b5953207617ec1036074e2c920b4fc8c
              • Instruction ID: f6450304097869128af002d4ab7fd2ca0b645a01d01c5059b19d1ab1d819a4e4
              • Opcode Fuzzy Hash: 92c1188c19bb71256ffcfb9786380a69b5953207617ec1036074e2c920b4fc8c
              • Instruction Fuzzy Hash: C3214D72840308EBEF21DFA4DD46FEA7BB8AB05300F044512FE1596192E371EA599B51
              Function 00A4A990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3130B: GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
                • Part of subcall function 00A3130B: SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              • EndDialog.USER32(?,00000001), ref: 00A4A9DE
              • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00A4A9F6
              • SetDlgItemTextW.USER32(?,00000067,?), ref: 00A4AA24
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemText$DialogWindow
              • String ID: GETPASSWORD1
              • API String ID: 445417207-3292211884
              • Opcode ID: 91a29aad8167a10b8f1ae21e3e4a77c40ee510beb4854c7948c65b22dcb724c0
              • Instruction ID: f05d8398ca7f0b4b56940e5141f2ce40847dd93cd5c31931162fde368eede4e2
              • Opcode Fuzzy Hash: 91a29aad8167a10b8f1ae21e3e4a77c40ee510beb4854c7948c65b22dcb724c0
              • Instruction Fuzzy Hash: E0112B379801187ADB21DB649E09FFB7B7CEBA9740F000022FA45B61D1C6719D55D7B2
              Function 00A3B4F7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • _swprintf.LIBCMT ref: 00A3B51E
                • Part of subcall function 00A3400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A3401D
              • _wcschr.LIBVCRUNTIME ref: 00A3B53C
              • _wcschr.LIBVCRUNTIME ref: 00A3B54C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _wcschr$__vswprintf_c_l_swprintf
              • String ID: %c:\
              • API String ID: 525462905-3142399695
              • Opcode ID: e54b19851dce4f30b7397d67fa45aecea95533eb6c8a4e71042396e5a2127382
              • Instruction ID: 2fcb46ef60581aa445402fa4e4c81b07a7bad9b499abcd455e2c0fddd953197c
              • Opcode Fuzzy Hash: e54b19851dce4f30b7397d67fa45aecea95533eb6c8a4e71042396e5a2127382
              • Instruction Fuzzy Hash: 70012863A14311BACB20ABB59D83D6BB7ADEE963A1F504416FE46C7081FB30D944C2B1
              Function 00A406BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
              Download Yara Rule
              APIs
              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00A3ABC5,00000008,?,00000000,?,00A3CB88,?,00000000), ref: 00A406F3
              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00A3ABC5,00000008,?,00000000,?,00A3CB88,?,00000000), ref: 00A406FD
              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00A3ABC5,00000008,?,00000000,?,00A3CB88,?,00000000), ref: 00A4070D
              Strings
              • Thread pool initialization failed., xrefs: 00A40725
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Create$CriticalEventInitializeSectionSemaphore
              • String ID: Thread pool initialization failed.
              • API String ID: 3340455307-2182114853
              • Opcode ID: b4cb7eb287a094bc012d491a868ef80b2391add17ce560a03d015d3e3d6d80b5
              • Instruction ID: 3ae125784833634f4c8ad6e2922325060f2bcb57dc31f751ea903850c190dec5
              • Opcode Fuzzy Hash: b4cb7eb287a094bc012d491a868ef80b2391add17ce560a03d015d3e3d6d80b5
              • Instruction Fuzzy Hash: 1611C2B5500708AFC3305F75DC84AA7FBECEF95744F21482EF2DA82200D6B16981CB50
              Function 00A4D38B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: RENAMEDLG$REPLACEFILEDLG
              • API String ID: 0-56093855
              • Opcode ID: c4fae9bd65bc4e9ad098befcd8dd58cad82ab81dbe706565216ab08d3233034a
              • Instruction ID: ff17ed12aaf4b3fedba17900d7b10b2b3c330d1448f067f8ab6848b8c3b8491e
              • Opcode Fuzzy Hash: c4fae9bd65bc4e9ad098befcd8dd58cad82ab81dbe706565216ab08d3233034a
              • Instruction Fuzzy Hash: BD01D475640245BFCB51CFA5EC48E5A3BA9F788790F008435F409D2230CBB1ACA1EBA1
              Function 00A591DE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: __alldvrm$_strrchr
              • String ID:
              • API String ID: 1036877536-0
              • Opcode ID: 35fd0d8be5dca6c89d1c4a519db20ace465afc24967252a61766d950e54f80d3
              • Instruction ID: 0a9109f49d60def456a6fa9c275997683de3d5c8905be063d3e611d945c1f7fb
              • Opcode Fuzzy Hash: 35fd0d8be5dca6c89d1c4a519db20ace465afc24967252a61766d950e54f80d3
              • Instruction Fuzzy Hash: 20A10072A00286EFDB218F68C8917AFBBA5FF55311F18416DE8899F281C2389D4AC751
              Function 00A3A2AB Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00A380B7,?,?,?), ref: 00A3A351
              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,00A380B7,?,?), ref: 00A3A395
              • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,00A380B7,?,?,?,?,?,?,?,?), ref: 00A3A416
              • CloseHandle.KERNEL32(?,?,00000000,?,00A380B7,?,?,?,?,?,?,?,?,?,?,?), ref: 00A3A41D
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: File$Create$CloseHandleTime
              • String ID:
              • API String ID: 2287278272-0
              • Opcode ID: b9f93f4c51337ff5db4778174e5605ae247f51a613559d354e59e6a872b5b4a6
              • Instruction ID: e48e194f7f9f359bbff4d07da785bc4a49ef8e7b9e05edb550c88be8fd8868da
              • Opcode Fuzzy Hash: b9f93f4c51337ff5db4778174e5605ae247f51a613559d354e59e6a872b5b4a6
              • Instruction Fuzzy Hash: 7E41EB31288390AAE731DF64DC46FEBBBE8AFA1300F04091CF5D0971D1C6A89A489B13
              Function 00A5C099 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00A589AD,?,00000000,?,00000001,?,?,00000001,00A589AD,?), ref: 00A5C0E6
              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A5C16F
              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00A567E2,?), ref: 00A5C181
              • __freea.LIBCMT ref: 00A5C18A
                • Part of subcall function 00A58518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5C13D,00000000,?,00A567E2,?,00000008,?,00A589AD,?,?,?), ref: 00A5854A
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
              • String ID:
              • API String ID: 2652629310-0
              • Opcode ID: 8102cfbdf6283d4a9d2eb1b68b3924cc2313ffb81d1c3c39d4cbd7a4491e355e
              • Instruction ID: 6c9ca1b01a979f052dca3b8364275a035eb955f16474fbf7e9103aadfff32f0e
              • Opcode Fuzzy Hash: 8102cfbdf6283d4a9d2eb1b68b3924cc2313ffb81d1c3c39d4cbd7a4491e355e
              • Instruction Fuzzy Hash: A531AA72A0060AAFDF248FA4DC85DAE7BB5FB40721F140228FC05D6251EB35CD59CBA0
              Function 00A52503 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • ___BuildCatchObject.LIBVCRUNTIME ref: 00A5251A
                • Part of subcall function 00A52B52: ___AdjustPointer.LIBCMT ref: 00A52B9C
              • _UnwindNestedFrames.LIBCMT ref: 00A52531
              • ___FrameUnwindToState.LIBVCRUNTIME ref: 00A52543
              • CallCatchBlock.LIBVCRUNTIME ref: 00A52567
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
              • String ID:
              • API String ID: 2633735394-0
              • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
              • Instruction ID: 7cfd6d2e324637f6905d8ee6bab7f106e5cb3cc02d1ae9ac84ab2e43db86ef5a
              • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
              • Instruction Fuzzy Hash: 6E012532000108BFCF129F65DD41EDA3BBAFF9A751F058024FD1866120D336E966EBA1
              Function 00A49DBB Relevance: 6.0, APIs: 4, Instructions: 19COMMON
              Download Yara Rule
              APIs
              • GetDC.USER32(00000000), ref: 00A49DBE
              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A49DCD
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A49DDB
              • ReleaseDC.USER32(00000000,00000000), ref: 00A49DE9
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CapsDevice$Release
              • String ID:
              • API String ID: 1035833867-0
              • Opcode ID: 713754578be5fdb48615b1156d47aec64ff113f052ee9e624853ce7f51637fab
              • Instruction ID: bb400914cac663aae853a271edefc1a8010bb70c523af18a9e53a36dd33cf716
              • Opcode Fuzzy Hash: 713754578be5fdb48615b1156d47aec64ff113f052ee9e624853ce7f51637fab
              • Instruction Fuzzy Hash: F0E0EC35A86A21B7D7609BE5AC0DB8B3B64AB0A722F054006F60596190DEB44846CB94
              Function 00A52016 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
              Download Yara Rule
              APIs
              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00A52016
              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00A5201B
              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00A52020
                • Part of subcall function 00A5310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00A5311F
              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00A52035
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
              • String ID:
              • API String ID: 1761009282-0
              • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
              • Instruction ID: e0eeb44183b9f335217db3d906f46b56809e00d7284ba47c0f2ced84ae7abf12
              • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
              • Instruction Fuzzy Hash: 47C00227106A44941C213BB173023AA07103CA37E7B9221C2BC80571839E360A0EA636
              Function 00A49F5D Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A49DF1: GetDC.USER32(00000000), ref: 00A49DF5
                • Part of subcall function 00A49DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A49E00
                • Part of subcall function 00A49DF1: ReleaseDC.USER32(00000000,00000000), ref: 00A49E0B
              • GetObjectW.GDI32(?,00000018,?), ref: 00A49F8D
                • Part of subcall function 00A4A1E5: GetDC.USER32(00000000), ref: 00A4A1EE
                • Part of subcall function 00A4A1E5: GetObjectW.GDI32(?,00000018,?), ref: 00A4A21D
                • Part of subcall function 00A4A1E5: ReleaseDC.USER32(00000000,?), ref: 00A4A2B5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ObjectRelease$CapsDevice
              • String ID: (
              • API String ID: 1061551593-3887548279
              • Opcode ID: f0a6ecc1ece94edeed7f6593621ac6008724e42ce8873bb6a5651c8efe1c434e
              • Instruction ID: 3d72de4c11112b55e0a72e6325d5d3a9498d5ead6c01a09633eec50769b3582c
              • Opcode Fuzzy Hash: f0a6ecc1ece94edeed7f6593621ac6008724e42ce8873bb6a5651c8efe1c434e
              • Instruction Fuzzy Hash: 67811275608204AFC614DF69C854A6BBBF9FFE9704F00491DF98AD7260CB71AD06CB52
              Function 00A40E37 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: _swprintf
              • String ID: %ls$%s: %s
              • API String ID: 589789837-2259941744
              • Opcode ID: 179dc7703313b1e54c52bf24fd663e90ed295471b6311f0f1db3627fe5faac98
              • Instruction ID: c06d31672d449207c85ef14ed59754361c81dea0fdc224baa5b41d104a829993
              • Opcode Fuzzy Hash: 179dc7703313b1e54c52bf24fd663e90ed295471b6311f0f1db3627fe5faac98
              • Instruction Fuzzy Hash: 0551B73D28C700FEEA311AA4DD43F367A75ABD8B00F204916F79B648E5C6F255A47A12
              Function 00A5A918 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
              Download Yara Rule
              APIs
              • _free.LIBCMT ref: 00A5AA84
                • Part of subcall function 00A58849: IsProcessorFeaturePresent.KERNEL32(00000017,00A58838,00000050,00A63958,?,00A3CFE0,00000004,00A70EE8,?,?,00A58845,00000000,00000000,00000000,00000000,00000000), ref: 00A5884B
                • Part of subcall function 00A58849: GetCurrentProcess.KERNEL32(C0000417,00A63958,00000050,00A70EE8), ref: 00A5886D
                • Part of subcall function 00A58849: TerminateProcess.KERNEL32(00000000), ref: 00A58874
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
              • String ID: *?$.
              • API String ID: 2667617558-3972193922
              • Opcode ID: 46d45437bf881060891f947650aec9d3ba4d76883fc361421d2bb44ca5e48db8
              • Instruction ID: bccd1d9e7c626dbe146e1b2096b2898f2e71052035ca4b5163d97e52513df32c
              • Opcode Fuzzy Hash: 46d45437bf881060891f947650aec9d3ba4d76883fc361421d2bb44ca5e48db8
              • Instruction Fuzzy Hash: 2851C271E0011AEFDF14CFA8C9419ADB7B5FF68311F25826AE954E7300E6319E09CB51
              Function 00A3772B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
              Download Yara Rule
              APIs
              • __EH_prolog.LIBCMT ref: 00A37730
              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A378CC
                • Part of subcall function 00A3A444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A3A27A,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A458
                • Part of subcall function 00A3A444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A3A27A,?,?,?,00A3A113,?,00000001,00000000,?,?), ref: 00A3A489
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: File$Attributes$H_prologTime
              • String ID: :
              • API String ID: 1861295151-336475711
              • Opcode ID: 70c62ac0869f5ec6cf73979c9aefaf276928e3d6904aa924586871e87d2b914f
              • Instruction ID: fa4f31441ed46851f41ecbdbd519bf21afbf2d8b68b69dc7b09563577fcbdeb7
              • Opcode Fuzzy Hash: 70c62ac0869f5ec6cf73979c9aefaf276928e3d6904aa924586871e87d2b914f
              • Instruction Fuzzy Hash: 3F4144B1905268AADB35EB50DE56EEFB37CAF45300F0041DAB649A3092DB745F84CF61
              Function 00A3B66C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: UNC$\\?\
              • API String ID: 0-253988292
              • Opcode ID: 1016196965340e107ff9e781bf75d9d3f590b3aad10335bd733a020a0463538a
              • Instruction ID: 4147e1898c6df983f2dc579eae3388adc241e81e8c657091aa253d89d078d82c
              • Opcode Fuzzy Hash: 1016196965340e107ff9e781bf75d9d3f590b3aad10335bd733a020a0463538a
              • Instruction Fuzzy Hash: BB41A235821219BACF20AF61DD41EEB77BBFF85390F104426FA14A7152E770DA44CA70
              Function 00A48FB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID:
              • String ID: Shell.Explorer$about:blank
              • API String ID: 0-874089819
              • Opcode ID: e32f57061514e59516392d1936ab829c4ad9c43c0ce4cee63b1993a5c86837b3
              • Instruction ID: a8b59809366cd541db38f0137468d2bc2ebc53db018f76361811a6696d6a87b8
              • Opcode Fuzzy Hash: e32f57061514e59516392d1936ab829c4ad9c43c0ce4cee63b1993a5c86837b3
              • Instruction Fuzzy Hash: DE218075614304AFDB08DF68D895A6B77A9FFC8711B14856DF80A8B286DFB0EC11CB60
              Function 00A3EBF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3EB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00A3EB92
                • Part of subcall function 00A3EB73: GetProcAddress.KERNEL32(00A781C0,CryptUnprotectMemory), ref: 00A3EBA2
              • GetCurrentProcessId.KERNEL32(?,?,?,00A3EBEC), ref: 00A3EC84
              Strings
              • CryptProtectMemory failed, xrefs: 00A3EC3B
              • CryptUnprotectMemory failed, xrefs: 00A3EC7C
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: AddressProc$CurrentProcess
              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
              • API String ID: 2190909847-396321323
              • Opcode ID: eb240e068c30b532cff734d11ec616f9291ad55bad122289b1aa02c141e48edc
              • Instruction ID: 5feb70394f5eec1a0ef763c4357dce1493b5865900c04fddcbc7bd6a87578cee
              • Opcode Fuzzy Hash: eb240e068c30b532cff734d11ec616f9291ad55bad122289b1aa02c141e48edc
              • Instruction Fuzzy Hash: 7A112633A04224ABDB15DB35DD06AAE3B64BF01720F04D119FC09AB2C1CB75AE8287D4
              Function 00A40889 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              • CreateThread.KERNEL32(00000000,00010000,00A409D0,?,00000000,00000000), ref: 00A408AD
              • SetThreadPriority.KERNEL32(?,00000000), ref: 00A408F4
                • Part of subcall function 00A36E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A36EAF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: Thread$CreatePriority__vswprintf_c_l
              • String ID: CreateThread failed
              • API String ID: 2655393344-3849766595
              • Opcode ID: 948f109891906cab34d25298f42024d3f45b4599d95a1742fc2f7dbc3d4be1a2
              • Instruction ID: 2f1c75ff339b7eba8ac2bd87fa3cfe27cd169f7fda825f37e35d4207094cb4a5
              • Opcode Fuzzy Hash: 948f109891906cab34d25298f42024d3f45b4599d95a1742fc2f7dbc3d4be1a2
              • Instruction Fuzzy Hash: 4701F9BA344305BFD620AF64EE81F6673A8EB80711F20453DF78AD2181DEF1A845A664
              Function 00A3130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00A3DA98: _swprintf.LIBCMT ref: 00A3DABE
                • Part of subcall function 00A3DA98: _strlen.LIBCMT ref: 00A3DADF
                • Part of subcall function 00A3DA98: SetDlgItemTextW.USER32(?,00A6E154,?), ref: 00A3DB3F
                • Part of subcall function 00A3DA98: GetWindowRect.USER32(?,?), ref: 00A3DB79
                • Part of subcall function 00A3DA98: GetClientRect.USER32(?,?), ref: 00A3DB85
              • GetDlgItem.USER32(00000000,00003021), ref: 00A3134F
              • SetWindowTextW.USER32(00000000,00A635B4), ref: 00A31365
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ItemRectTextWindow$Client_strlen_swprintf
              • String ID: 0
              • API String ID: 2622349952-4108050209
              • Opcode ID: c1032c76bcf46f52d0f19b36d3a787ce1656ac83d87021aacc7bafec11542f1a
              • Instruction ID: cf1657a259feb37df362a3df65e3f8c63bc6213884b9bba256dc5e8135dae59a
              • Opcode Fuzzy Hash: c1032c76bcf46f52d0f19b36d3a787ce1656ac83d87021aacc7bafec11542f1a
              • Instruction Fuzzy Hash: EBF0AF3010428CBADF654FA08D09BE93BE8BB10345F089414FD4A595A1CB76C996EB50
              Function 00A4084E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
              Download Yara Rule
              APIs
              • WaitForSingleObject.KERNEL32(?,000000FF,00A40A78,?), ref: 00A40854
              • GetLastError.KERNEL32(?), ref: 00A40860
                • Part of subcall function 00A36E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A36EAF
              Strings
              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00A40869
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
              • String ID: WaitForMultipleObjects error %d, GetLastError %d
              • API String ID: 1091760877-2248577382
              • Opcode ID: 71303d074de74d81ab44a0970f0ed4c4a326536347e5e20bd08cb68873f6a9c2
              • Instruction ID: 6bf7722902339dd75c872072972eaba04efd0f383178e209bb20cc5751e503c1
              • Opcode Fuzzy Hash: 71303d074de74d81ab44a0970f0ed4c4a326536347e5e20bd08cb68873f6a9c2
              • Instruction Fuzzy Hash: A3D05E3690803076CA102774AD0ADAF79259F52730F358B24F239A51F5DB61095682D5
              Function 00A3DA4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNEL32(00000000,?,00A3D32F,?), ref: 00A3DA53
              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00A3D32F,?), ref: 00A3DA61
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2083072338.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
              • Associated: 00000000.00000002.2083029108.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083117348.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A74000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083139741.0000000000A91000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2083211710.0000000000AD7000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_a30000_RustStore_Setup.jbxd
              Similarity
              • API ID: FindHandleModuleResource
              • String ID: RTL
              • API String ID: 3537982541-834975271
              • Opcode ID: 693bb44e72926b4569ef27d8fd52f3faf305bdd8e567752ed3d9d0bfdb383882
              • Instruction ID: c84660edf44cc340446df47367d122f89b9a4fb33ed4d9a7654ac6cd28a09f41
              • Opcode Fuzzy Hash: 693bb44e72926b4569ef27d8fd52f3faf305bdd8e567752ed3d9d0bfdb383882
              • Instruction Fuzzy Hash: 29C01233689350B6EF3057607D0DB4329686B10B51F06044CF141DA5D0D5F5C9478650

              Execution Graph

              Execution Coverage:9.5%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:0%
              Total number of Nodes:3
              Total number of Limit Nodes:0
              execution_graph 9566 7ff8491569d5 9569 7ff849156a46 QueryFullProcessImageNameA 9566->9569 9568 7ff849156b94 9569->9568

              Executed Functions

              Function 00007FF848E8F789 Relevance: 8.9, Strings: 7, Instructions: 127COMMON
              Download Yara Rule

              Control-flow Graph

              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID: "$)$7$G$Z$[${
              • API String ID: 0-1574887523
              • Opcode ID: 2b45c1f12fd6fd4e57fb9700bd964dd5b82cb13cb4536e8877380c773d46cbde
              • Instruction ID: df787624931932362ad387687c3f5cdcf24250e94cf9ea2cb08ad898150b2c3c
              • Opcode Fuzzy Hash: 2b45c1f12fd6fd4e57fb9700bd964dd5b82cb13cb4536e8877380c773d46cbde
              • Instruction Fuzzy Hash: 1451B170D0862ACFEBA8EF14C8547EDB6B1BF58345F8041EAD40DA7291CB786A84DF45
              Function 00007FF848E8F7A5 Relevance: 3.9, Strings: 3, Instructions: 160COMMON
              Download Yara Rule

              Control-flow Graph

              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID: &$0$`
              • API String ID: 0-1069707454
              • Opcode ID: d95e347b45eac189fb7bb5b48a0bbc010fa734fd4c206d5ba24621e70cc46cb1
              • Instruction ID: 3a148e01284efd428a241c44512f1e27670570d9470054b5c6c45272fd5bfdc7
              • Opcode Fuzzy Hash: d95e347b45eac189fb7bb5b48a0bbc010fa734fd4c206d5ba24621e70cc46cb1
              • Instruction Fuzzy Hash: 3761F2B0D18A2D8FDBA8EB18C8957E9B7B1FB58345F5001EAD40DE3291DB346AC18F45
              Function 00007FF8491569D5 Relevance: 1.7, APIs: 1, Instructions: 249COMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2227430751.00007FF849150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849150000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff849150000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID: FullImageNameProcessQuery
              • String ID:
              • API String ID: 3578328331-0
              • Opcode ID: affa21e49f2a8da4a1124956949d0d4b28a53d35a89fedc20bde3a3432a3b0ef
              • Instruction ID: d6f84a18dc76668bcbba781546814657270f46a3255eee5fac5fd7f6402f36ac
              • Opcode Fuzzy Hash: affa21e49f2a8da4a1124956949d0d4b28a53d35a89fedc20bde3a3432a3b0ef
              • Instruction Fuzzy Hash: 85717E30618A8C8FDB69EF28C8557F977E1FB59351F04427EE84EC7292CB74A8458B81
              Function 00007FF848E8EDE2 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 178 7ff848e8ede2-7ff848e8ede6 179 7ff848e8f1f1-7ff848e8f21b call 7ff848e8aa68 call 7ff848e8aa98 178->179 180 7ff848e8edec 178->180 184 7ff848e8f220-7ff848e8f235 179->184 180->179
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID: J
              • API String ID: 0-1141589763
              • Opcode ID: 053f468bcf7dcb0f7d506c7a4b541be203c7b4ffa297811ac7b3bae213fe14a7
              • Instruction ID: b5b12bc275f0c76eead62e6b0fb6e298d75e9fa62ed4002b4967937dc0ed6082
              • Opcode Fuzzy Hash: 053f468bcf7dcb0f7d506c7a4b541be203c7b4ffa297811ac7b3bae213fe14a7
              • Instruction Fuzzy Hash: BAF0B7B0D0C5698EDB68EF04C9547ECB6B1BF14345F5040A9D64DA3291CB386A81DF59
              Function 00007FF848E8D6F9 Relevance: .4, Instructions: 389COMMON
              Download Yara Rule

              Control-flow Graph

              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f5b2120352efc948ba234a76b4806753f5ea29df8499823bce4101436bb434c
              • Instruction ID: dcdeec57cf61a400cafd14f4d86982fda9550fd7dbac9443ed53f73e3b83049b
              • Opcode Fuzzy Hash: 6f5b2120352efc948ba234a76b4806753f5ea29df8499823bce4101436bb434c
              • Instruction Fuzzy Hash: 21E14B71E19A5A8FEB98EB68C4547BCB7B1FF58340F4440BAD00DE3292CB38A840CB55
              Function 00007FF848E8A9FA Relevance: .4, Instructions: 364COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 381 7ff848e8a9fa-7ff848e90623 384 7ff848e90625 381->384 385 7ff848e9062a-7ff848e9062b 381->385 384->385 386 7ff848e9064c-7ff848e90650 385->386 387 7ff848e90652-7ff848e90678 386->387 388 7ff848e9062d-7ff848e9063d 386->388 394 7ff848e906a9-7ff848e906c8 387->394 395 7ff848e9067a-7ff848e906a7 387->395 390 7ff848e90644-7ff848e9064a 388->390 391 7ff848e9063f 388->391 390->386 391->390 400 7ff848e906cb-7ff848e906fe 394->400 395->400 404 7ff848e90700-7ff848e90709 400->404 405 7ff848e9070e-7ff848e9074b 400->405 406 7ff848e9099f-7ff848e909aa 404->406 410 7ff848e90907-7ff848e90930 405->410 412 7ff848e90750-7ff848e9077f 410->412 413 7ff848e90936-7ff848e9099d 410->413 416 7ff848e90781-7ff848e90785 412->416 417 7ff848e907a3-7ff848e907a7 412->417 413->406 421 7ff848e907f5-7ff848e90810 call 7ff848e8db50 416->421 422 7ff848e90787-7ff848e9078e 416->422 419 7ff848e907a9-7ff848e907ad 417->419 420 7ff848e907be-7ff848e907c2 417->420 423 7ff848e907d3-7ff848e907df 419->423 424 7ff848e907af-7ff848e907b6 419->424 420->423 425 7ff848e907c4-7ff848e907cb 420->425 442 7ff848e908ff-7ff848e90904 421->442 433 7ff848e90794-7ff848e9079b 422->433 434 7ff848e90815-7ff848e90826 422->434 431 7ff848e908bb-7ff848e908fe 423->431 438 7ff848e907e4-7ff848e907f0 424->438 439 7ff848e907b8-7ff848e907b9 424->439 425->438 440 7ff848e907cd-7ff848e907ce 425->440 431->442 433->434 444 7ff848e9079d-7ff848e9079e 433->444 435 7ff848e908b8-7ff848e908b9 434->435 436 7ff848e9082c-7ff848e9083e 434->436 435->431 447 7ff848e90849-7ff848e90866 436->447 438->431 439->431 440->431 442->410 444->431 449 7ff848e9086b-7ff848e908b6 447->449 449->442
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 871311d2e864b76de2bbe19f6e297116222e9cfb1ade83ac57d2a7171d16bdd5
              • Instruction ID: 46071f1c92a15fd784c07676d2516b45fe0293688e650ce726abfa1e453aa76c
              • Opcode Fuzzy Hash: 871311d2e864b76de2bbe19f6e297116222e9cfb1ade83ac57d2a7171d16bdd5
              • Instruction Fuzzy Hash: A4D10630D1D65ACFEBA8EBA8C4546BCB7B1FF59345F5400BAD00DA3292CB786881CB55
              Function 00007FF848E81688 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule

              Control-flow Graph

              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4c46dc6df35f0e1966dd73df56f48a07926ce284dd5b27ee26d54931882f21b
              • Instruction ID: aa3eb06761b9f8f2f5ddfc146bf443acc05ebd78a076f60584b7e87a3a27e4d0
              • Opcode Fuzzy Hash: c4c46dc6df35f0e1966dd73df56f48a07926ce284dd5b27ee26d54931882f21b
              • Instruction Fuzzy Hash: CD819D31E0CA898FDB59EE1C88556BD77E2FF98744F54417AE44DC3286CE35AC028785
              Function 00007FF848E806C0 Relevance: .2, Instructions: 230COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 493 7ff848e806c0-7ff848e806dc 496 7ff848e8071e-7ff848e8074c 493->496 497 7ff848e806de-7ff848e8071c 493->497 504 7ff848e8078e-7ff848e808a7 496->504 505 7ff848e8074e-7ff848e8078c 496->505 497->496 527 7ff848e808ae-7ff848e808af 504->527 528 7ff848e808a9 504->528 505->504 529 7ff848e808d0-7ff848e808d4 527->529 528->527 530 7ff848e808d6 call 7ff848e80488 529->530 531 7ff848e808b1-7ff848e808c1 529->531 535 7ff848e808db-7ff848e808e1 530->535 532 7ff848e808c8-7ff848e808ce 531->532 533 7ff848e808c3 531->533 532->529 533->532
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bad25dd7f88693a1be24720c8f4cee05266660906b974a0a23e0edc9046ccbb3
              • Instruction ID: 5970a0481172c3f4ffdef1ec80fe1b9b88dd460d9192dac5dfecc865cf5caca6
              • Opcode Fuzzy Hash: bad25dd7f88693a1be24720c8f4cee05266660906b974a0a23e0edc9046ccbb3
              • Instruction Fuzzy Hash: 97612552E0F9C69FE215B67C68191BC6BE0FF52790F4842F7C0488B0D7DE39984687A9
              Function 00007FF848E81CCD Relevance: .2, Instructions: 189COMMON
              Download Yara Rule

              Control-flow Graph

              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad2f078f85a3ba35b4fd6b0437c3487d4d1ee298ee2e0b3638d53b94fb2600e6
              • Instruction ID: adbe1bcb2ce266e3fc27060ea640d9988192c6922893d5b21466901ee47cbc67
              • Opcode Fuzzy Hash: ad2f078f85a3ba35b4fd6b0437c3487d4d1ee298ee2e0b3638d53b94fb2600e6
              • Instruction Fuzzy Hash: 9351C031A0CA898FDB48EE1C88546BA77E2FF98745F54417ED44EC3282CF35E8028B85
              Function 00007FF848E8AB58 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09719455e655d3f633c1898a3337b122211c2a771cb90d97c61007f0a6c8617c
              • Instruction ID: c60ac40b0a12c37e1120cb9b8d83aaf75d4840d98562b3b62e57352a1e9b6954
              • Opcode Fuzzy Hash: 09719455e655d3f633c1898a3337b122211c2a771cb90d97c61007f0a6c8617c
              • Instruction Fuzzy Hash: 1351F570D0C91E8EEB94EBA8C8556BDB7B1FF99340F90017AD009E7292DF3868458B59
              Function 00007FF848E820E5 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 530baeaefa62b1884500cf5e2982d629b3372ae06861e4aa14ce5dd09445227c
              • Instruction ID: fe92562826c9a18ddc305d999455645d50b6cf9766095b2ae4190bf9669b2b58
              • Opcode Fuzzy Hash: 530baeaefa62b1884500cf5e2982d629b3372ae06861e4aa14ce5dd09445227c
              • Instruction Fuzzy Hash: BC41E131E0DA4A4FE755EB3898551BDBBE0FF46390F4845BAD40CC7193DF28A8418359
              Function 00007FF848E95140 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 154adb6f14d2f2e5f90e36cc33c7cff6ceda1e759bc7ef300659f54b55538367
              • Instruction ID: 6871118f3dbc745b6b3adbdd0c62ad8eb9518ed4585c0bcfafad8a1c87b75078
              • Opcode Fuzzy Hash: 154adb6f14d2f2e5f90e36cc33c7cff6ceda1e759bc7ef300659f54b55538367
              • Instruction Fuzzy Hash: C3411A70D1891D9FEBA4EBA8D855AADBBF1FF58744F10017AD00DE3285DF7468818B44
              Function 00007FF848E83165 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ced831c729367f717bc0a264c6dd062124b99cec2e7dea1d1cc358585cf62616
              • Instruction ID: 1f5f43332472ffea31e84dc306d91eb989896022a3e7185b33267521ea7fdba4
              • Opcode Fuzzy Hash: ced831c729367f717bc0a264c6dd062124b99cec2e7dea1d1cc358585cf62616
              • Instruction Fuzzy Hash: 60413330D0D60ACEEB54EBA8C4546FDB7F1FF49340F90517AD409E3292DB38A9458B58
              Function 00007FF848E8BEF8 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf9cd7c9e77d6801f9a55dd79a1af9794fb093081d4795a0ab0c143cc0926f21
              • Instruction ID: 095a20973af33125c10b5100cd86f1f17acaab8ac2b7c57f5e9ff407e19d81ca
              • Opcode Fuzzy Hash: cf9cd7c9e77d6801f9a55dd79a1af9794fb093081d4795a0ab0c143cc0926f21
              • Instruction Fuzzy Hash: 7F31C671D1C91D9EEB94EBA8D895ABCB7B2FF99340F901129D00DE3292DE3468458B04
              Function 00007FF848E8C66D Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c63c9d8aee4f0c2bf559abf71a3a1c055274c90c5c6231a8f1df4aa84857f1b0
              • Instruction ID: e12fcb29fffe1a0782e72f6fb5993e4a40fe6e68f1df5655c51b85404563275c
              • Opcode Fuzzy Hash: c63c9d8aee4f0c2bf559abf71a3a1c055274c90c5c6231a8f1df4aa84857f1b0
              • Instruction Fuzzy Hash: C931067298DA6A5FE7997A6DE8050FC37A0FF463A4F485177D11CC6093CF3824488A69
              Function 00007FF848E8F30C Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ae80f05322c21ecaf09a4ec3115de4c9533cf4a746fa8d07acd20334fe81e46
              • Instruction ID: 25dc15c8202f40a16d4a2420f026e0446f8577c388f1d1147c8548c5b422bdfc
              • Opcode Fuzzy Hash: 0ae80f05322c21ecaf09a4ec3115de4c9533cf4a746fa8d07acd20334fe81e46
              • Instruction Fuzzy Hash: B84116B0D18A198FDBA8EB1888857E8B7F1FB58341F9041E9D40DE3291DB346AC18F49
              Function 00007FF848E836BA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81b499a34c6f38524c6a6bd924dc5012ca94bd11eb3ce9e7ec242cb6cb0a2a7c
              • Instruction ID: 23c3bde6ab63718dbbcce2e0a87ada02edcf7149b46058ec914a9e2e4ccf20e0
              • Opcode Fuzzy Hash: 81b499a34c6f38524c6a6bd924dc5012ca94bd11eb3ce9e7ec242cb6cb0a2a7c
              • Instruction Fuzzy Hash: 8C319C70A1C94A8FE758EF6CC8193BD7BE1FB9A395F90017AC00AD72C6DBB614058B45
              Function 00007FF848E80805 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c2ff4744b4aa724fda4cbfc71ba6a2901e22a0ecd57ad9b9b5ab1d46fd46f9c
              • Instruction ID: c7c714521c44427e1dd0bdccfb16785b170122c09e69822878354e7de8e22096
              • Opcode Fuzzy Hash: 2c2ff4744b4aa724fda4cbfc71ba6a2901e22a0ecd57ad9b9b5ab1d46fd46f9c
              • Instruction Fuzzy Hash: AD2137A2E5D9869FE318B67CA85A1FC77D0FF123A4F484173D048CA083EE245086C2A5
              Function 00007FF848E8AC8D Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63f229d31e89f1b2d8e17fff8ed04e6f59e7d4f8e22ca4075bb17d0c09a0a249
              • Instruction ID: d982e702013d0409b57b0657de4141b3104085cba2993418278086de5464493a
              • Opcode Fuzzy Hash: 63f229d31e89f1b2d8e17fff8ed04e6f59e7d4f8e22ca4075bb17d0c09a0a249
              • Instruction Fuzzy Hash: 9F21FE72E0C94AAFE341FB3888592ADBBE0FF15390F4844B6C418C7092EF3564828746
              Function 00007FF848E80A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96f39f670cd161b06d3fa0a21dd95996373cb117c43a78eac1b812dd1ace8887
              • Instruction ID: b5c71839c0f25a84d3bf2d073147677bd104152fbf95261c640e6bf60f335189
              • Opcode Fuzzy Hash: 96f39f670cd161b06d3fa0a21dd95996373cb117c43a78eac1b812dd1ace8887
              • Instruction Fuzzy Hash: 54116A31E1894E9EE794FB6888492BE7BF0FF59390F8005B6D419C71A2EF38A4448760
              Function 00007FF848E8335C Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e5277aebb611a1251c6308fe910cb32276c58260096fcb94fb8a3b2713fba81
              • Instruction ID: 3df31c7f5dbf9f6ecfd298deafd7f29313ca9267f406c0fda3a87734ffef5a39
              • Opcode Fuzzy Hash: 4e5277aebb611a1251c6308fe910cb32276c58260096fcb94fb8a3b2713fba81
              • Instruction Fuzzy Hash: F1217C3084D68A9FE782EB78C8586A97FF0FF5B351F0505EAD058CB162DA389545CB21
              Function 00007FF848E8120D Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0accb21a1c5bf81e42e3ed203ff5682edff3d952920c93acff543faf46399989
              • Instruction ID: 58631186689e76b70fa2cfbae431f599ff3bf63ee8fce25348f08ad9e485bf88
              • Opcode Fuzzy Hash: 0accb21a1c5bf81e42e3ed203ff5682edff3d952920c93acff543faf46399989
              • Instruction Fuzzy Hash: 24119D7090D54A8EEB98EB6884996BD7BE0FF5A341F4004BAD41AC71D2EF3A6444D700
              Function 00007FF848E8C6F0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69ad4404d056047133e8f25580d2734986c14f08c90035c86b9caca6285e31a7
              • Instruction ID: 8e911c55a4186bb3c0a2ff92df24ac87dff56f9cb0a888be3fe93f842442c939
              • Opcode Fuzzy Hash: 69ad4404d056047133e8f25580d2734986c14f08c90035c86b9caca6285e31a7
              • Instruction Fuzzy Hash: BA11467090DA8E9EEB86FB7488182BD7BB0FF1A340F4404BBD819C70A2DB356958C754
              Function 00007FF848E80F1E Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b1681c0719728fd2da1abb4d41ec83c46edf64292e050b0b53d07a5a623f8f5
              • Instruction ID: cf2585940fcea1748e2c5c946674e6a5da3df568580f0892b4bbec007bc690ae
              • Opcode Fuzzy Hash: 9b1681c0719728fd2da1abb4d41ec83c46edf64292e050b0b53d07a5a623f8f5
              • Instruction Fuzzy Hash: 5C112E30D099098FEB54FB14C855BED73B1FB54350F5042B9D40AA7295DF386D418BA4
              Function 00007FF848E83475 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb5fba97c18247c7af3108440b09afcd584e46930d602e117414912c6046911d
              • Instruction ID: 9743ac5dcaa2699727b7aef08c60c5ea4c6227878ce02a7ab9e0fa6b6ab3386d
              • Opcode Fuzzy Hash: bb5fba97c18247c7af3108440b09afcd584e46930d602e117414912c6046911d
              • Instruction Fuzzy Hash: 68117C3091C68E8FDB46FF68C4592BD7BA0FF19341F8004BAD419D3191DB38A540C704
              Function 00007FF848E805D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
              • Instruction ID: bef25fb6a556043b971e465400bb969342970cbe665ff1179c8db98394655a5d
              • Opcode Fuzzy Hash: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
              • Instruction Fuzzy Hash: FF01693090890E9EEB88EF24C0846BD77A1FF58385F90407AD41ED3190CB36A560CB48
              Function 00007FF848E8E140 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2659baf1ffc1d8e25dda27310ebddd534c4c4a1da2cbab0e5831085cbc648841
              • Instruction ID: e4d70a7e83a37027cd74676be91f4e77fa066dbb228ebb9e305738b746ae16b4
              • Opcode Fuzzy Hash: 2659baf1ffc1d8e25dda27310ebddd534c4c4a1da2cbab0e5831085cbc648841
              • Instruction Fuzzy Hash: FD011B70D18A1E9FEB84EF6884486BEB7B1FF98341F5086BAE419C3155DB34A1948B90
              Function 00007FF848E81C41 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fccd89b06992c5f0ec8cdb1c4af9c96c61b67903ef1f4ddaed17c45c27f4123b
              • Instruction ID: f4606bfa46cb281a647f351fbfe82cddc8e1806bfd024f324df28ca1c28a0466
              • Opcode Fuzzy Hash: fccd89b06992c5f0ec8cdb1c4af9c96c61b67903ef1f4ddaed17c45c27f4123b
              • Instruction Fuzzy Hash: 4501817090D64D9FEB9DEF2494552BD7BA0FF56341F81117AE808C3191DB369560C744
              Function 00007FF848E8E121 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 745153911dd63e189f4e9c14e852dfe73a13df12a881aa10a525b3b172c415ea
              • Instruction ID: a2bfc82371db244562b97a5c8571a3b1578477db9803ca296a4ba1e7fc16f3a3
              • Opcode Fuzzy Hash: 745153911dd63e189f4e9c14e852dfe73a13df12a881aa10a525b3b172c415ea
              • Instruction Fuzzy Hash: 0E017C70D0C64E8FEB94EF2488082BE7BA0FF54341F4445BAE808C31A1DB3491508B80
              Function 00007FF848E8AAE8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b85623e3bcb0d0c5f3c7dd44a024b12d06d54718662e38782eee50c10f1c5401
              • Instruction ID: d1007f8f83a37a3a1cf5d83a8c75a8eb36e74b096c4c2adbc426321225289ae8
              • Opcode Fuzzy Hash: b85623e3bcb0d0c5f3c7dd44a024b12d06d54718662e38782eee50c10f1c5401
              • Instruction Fuzzy Hash: 48015A3091890EAEEB88FFA8C4486BE76F0FF18349F50097AE41ED2190DF75A150C704
              Function 00007FF848E8BA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 701aedd1455cd3866adc06f2a83d9cf354003b8b8370dbf4c7953a53011c9096
              • Instruction ID: 54dcb27067481753c17a45fe07853e472e5143a90fb12c75e0c9bb683affbfb8
              • Opcode Fuzzy Hash: 701aedd1455cd3866adc06f2a83d9cf354003b8b8370dbf4c7953a53011c9096
              • Instruction Fuzzy Hash: 2801697090C94E8EEB98FF6888592BE7AA0FF58341F4004BAD41EC3191DF75A5908704
              Function 00007FF848E8284D Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ee534d3027d1d48034f6d250f18d8309ec363d680d7c03bd8986bc3b359b19c
              • Instruction ID: 030477b7caa127426a3d3bf793641788462c0105a32b0d2fb2a0acd062e47ee2
              • Opcode Fuzzy Hash: 8ee534d3027d1d48034f6d250f18d8309ec363d680d7c03bd8986bc3b359b19c
              • Instruction Fuzzy Hash: B9017830D1D64E9FEB65FB6488886AD7BE0FF59341F8145B6D408C70A2EF38A1408604
              Function 00007FF848E8AC28 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 358aba985ab7d714ca8974de1c11c584cf063913ac443c6454882fd51be10053
              • Instruction ID: 67c134189c854e4f33d6e16e60bb5bc5072955d9f292c0129efa0c432a13446a
              • Opcode Fuzzy Hash: 358aba985ab7d714ca8974de1c11c584cf063913ac443c6454882fd51be10053
              • Instruction Fuzzy Hash: 2D01043091890E9FEB88FF68C4596BE77A1FF58345F90087AE41AD3191DF35A590CA44
              Function 00007FF848E8C1B0 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca14d4578cfa885a0476215566392d20b8c6bf92b6bb5d5ba52c4793e4683314
              • Instruction ID: 338aff8866c738c4192a931fc977d15449fd00f71b1cd535b1d3b7ffef636932
              • Opcode Fuzzy Hash: ca14d4578cfa885a0476215566392d20b8c6bf92b6bb5d5ba52c4793e4683314
              • Instruction Fuzzy Hash: 33015A3091890E8EEB84FF68C4586BE76F0FF19345F40087AE81AD3190DF30A554CB04
              Function 00007FF848E8ABE8 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fedd22119efd5cd24e704d879ffc2426c85db40e56c6c7eab9e60c4bf487af07
              • Instruction ID: 1ed3ffc562772bf430176ca2ceab1045ea8f58e917041ab928e2c03a4b7141ab
              • Opcode Fuzzy Hash: fedd22119efd5cd24e704d879ffc2426c85db40e56c6c7eab9e60c4bf487af07
              • Instruction Fuzzy Hash: E1015A3090890E9EDB88FFA4C4452BE76A1FF6A345F90457AE41AC3191DF35A194C684
              Function 00007FF848E8A849 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc21e72cb27a7e9896e74ddb3dd2271625fb54c0aa8b61663f64b86ab25bdd59
              • Instruction ID: 9f2a4038d1919ca805ddf8eec57309359e182e7221213302b65d2650b2f850aa
              • Opcode Fuzzy Hash: fc21e72cb27a7e9896e74ddb3dd2271625fb54c0aa8b61663f64b86ab25bdd59
              • Instruction Fuzzy Hash: 34017C3095D6899FE752FB74984D5AD7BF0FF1A340F8509F6D408C70A2EE38A4848722
              Function 00007FF848E82EE9 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5859af5e6f3df02cf18180b61496945a5f830da0a15891eef99283cf22540a45
              • Instruction ID: 9841da18a6c1d643255dcf0210cf7a85ff16c6f53ac2780c110fd8cb623eda5f
              • Opcode Fuzzy Hash: 5859af5e6f3df02cf18180b61496945a5f830da0a15891eef99283cf22540a45
              • Instruction Fuzzy Hash: 39017C31D1D6899FE752BB3488592A97BE0FF0A340F8605F7D408CB0A7EB38A444C715
              Function 00007FF848E8C195 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a371ddb521c19a0e1fab74be547d719d6e64aee8a9d905d694d29c5ee7341845
              • Instruction ID: 7c853fb8eaccd13fbfb0222270d40bc6e35349dd91af77b01197a6332e2b50c6
              • Opcode Fuzzy Hash: a371ddb521c19a0e1fab74be547d719d6e64aee8a9d905d694d29c5ee7341845
              • Instruction Fuzzy Hash: 0CF0DC70C0D68E8FEB85EF2888582FE3BB0FF1A240F4008BAE818C3091DB3495188700
              Function 00007FF848E80608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9076750c6fd98e1c75ec31a416f555ee5859e201bd397c5b785af50fc9a13925
              • Instruction ID: 2e01780f04598fd7d548b8620f4e6e7c9ece0f7f14d1bd933341b6c97a0d4e88
              • Opcode Fuzzy Hash: 9076750c6fd98e1c75ec31a416f555ee5859e201bd397c5b785af50fc9a13925
              • Instruction Fuzzy Hash: DB01463091850E9EEB48FB2484586BE72A2FF18345F9008BEE81AC2192DF36A150C614
              Function 00007FF848E80610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cae1a30083550757dd33d4a88940ef7077d4b40af8d5f68510dd144997066378
              • Instruction ID: 97f16020235db5c8f6ecdcced3623c206df443614b5348fb08c7425f3da156ae
              • Opcode Fuzzy Hash: cae1a30083550757dd33d4a88940ef7077d4b40af8d5f68510dd144997066378
              • Instruction Fuzzy Hash: B4016930919A4E9EEF48FF2484482BD72A0FF18345F9048BEE80EC31D2DF3AA550C604
              Function 00007FF848EE3460 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e31c879b2dcb38c6b2f505de995a58165da1d86cb973eb3c3c467586dca04db8
              • Instruction ID: fd51439e07115d75f35aeca4574e27a4ccd4f3e0c546f98eb134f9d6a0040a27
              • Opcode Fuzzy Hash: e31c879b2dcb38c6b2f505de995a58165da1d86cb973eb3c3c467586dca04db8
              • Instruction Fuzzy Hash: 4B01193091891E9FEB91FB68C8486BEB6F4FF18341F4049B6E41CC3591EF38A1948655
              Function 00007FF848E8BDC9 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a766d2c51bdbb748a4a3730060c908f371d6cd82c7e0cdc5f902c0fbe286ff59
              • Instruction ID: 1f302b4226dadff9f894bad8cf0337d15b309743783a024556e5476e21f4fb38
              • Opcode Fuzzy Hash: a766d2c51bdbb748a4a3730060c908f371d6cd82c7e0cdc5f902c0fbe286ff59
              • Instruction Fuzzy Hash: 12018130D1D68E8FEB95EF6888582FD3BB0FF55341F8505BAE418C3192DB3895548741
              Function 00007FF848E87270 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f2aafb4e78bc854ede75021c23fabadfff5287149dd12fb52d512be5b2bee06
              • Instruction ID: e5cc3ab381c0520e374ce8f4b8f76264aa408a20a9f728ad6c9de27643339413
              • Opcode Fuzzy Hash: 2f2aafb4e78bc854ede75021c23fabadfff5287149dd12fb52d512be5b2bee06
              • Instruction Fuzzy Hash: C3014C70A085298FD764EB54C884BADB3F2FB55350F5045F6D00DE3295DF38AA84CB24
              Function 00007FF848E81220 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a30e7258e54d2a7bfd4ca5d203cf500f4455728a07a517b9a55c078024f5df6
              • Instruction ID: a20c75c84566f7f8245d1a8034c33c8450b8524923b97d2efeb618b6b0867e54
              • Opcode Fuzzy Hash: 0a30e7258e54d2a7bfd4ca5d203cf500f4455728a07a517b9a55c078024f5df6
              • Instruction Fuzzy Hash: 58F08C70D0E54A8EEB98AAA894186FE77A4BF56395F40047AD41AC21D1EF345554D204
              Function 00007FF848E8C219 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: faaf934471b922cc42b2944564179eecdce6108ffb57b5e50ba195ce6771af89
              • Instruction ID: 784f4d8cec05f5d5d69d91d83f285a9bcd4ebd5be53b8dff1f39d7abeecd14bf
              • Opcode Fuzzy Hash: faaf934471b922cc42b2944564179eecdce6108ffb57b5e50ba195ce6771af89
              • Instruction Fuzzy Hash: C901813080DB8D8FDB95AF6488552AE3FA0FF56340F8501BAE808C71D2DB399558C785
              Function 00007FF848E82769 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a3786f3b4d224e4719b6e485b68b1992e2f49a03e14663510927781f0f08ac9
              • Instruction ID: 649284672df3d226667161ee35c2e7976f7e8ae6b4f98ecd77ada9e96381c309
              • Opcode Fuzzy Hash: 5a3786f3b4d224e4719b6e485b68b1992e2f49a03e14663510927781f0f08ac9
              • Instruction Fuzzy Hash: 02F04F3180E6898FEB59AF3488592A93B61FF16345F4504BAE809C61D2DB39A454C751
              Function 00007FF848E8B5D5 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf775f938f4e4b07f0d75215261f89e312150cb24be0da9779abb53f410181fe
              • Instruction ID: b397e895df7ad5567198d9ffd6f2aa839ba5faed4fae914bacd0e80d6991b591
              • Opcode Fuzzy Hash: cf775f938f4e4b07f0d75215261f89e312150cb24be0da9779abb53f410181fe
              • Instruction Fuzzy Hash: E4F0E270E0892D8EEBA5EB18C455BEAB3B1FFA8700F5042A6C40DE3155DB35AE859F40
              Function 00007FF848E827DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef5fd0e9ea7f77ef7da0ef8e3ff0755005d404959c03aa93f2a4e8e029c31ac3
              • Instruction ID: 074efdd15b6b1674ccf706808ee0e2a36b43082ffa41cbd428bd544a3f57454d
              • Opcode Fuzzy Hash: ef5fd0e9ea7f77ef7da0ef8e3ff0755005d404959c03aa93f2a4e8e029c31ac3
              • Instruction Fuzzy Hash: 81F09A3080E6CA8FEB59AF2488592AD3BA0FF06341F8045BAE809C61D2EB39A454C701
              Function 00007FF848E8F875 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 527d0a0aaa6b8028f44a4432e027688a3d5e973a7579a0af2552b1d12722bdde
              • Instruction ID: a6a7bf86e6553959e44609d9b5500066b352be1f4d000c33f111dacc144439a4
              • Opcode Fuzzy Hash: 527d0a0aaa6b8028f44a4432e027688a3d5e973a7579a0af2552b1d12722bdde
              • Instruction Fuzzy Hash: F1F09870D0861A8FDB68EF14C9947BE76B1FF48381F5001E9D04DA3291CB386E819F45
              Function 00007FF848E8E92C Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 629215c41545321369727fa764b7e79bb0d8c94e02a540742634fc9d0b4a9f18
              • Instruction ID: 031c5979f6accce799c3b9d07836bcad23402cd1a87f631bfaec889130464e04
              • Opcode Fuzzy Hash: 629215c41545321369727fa764b7e79bb0d8c94e02a540742634fc9d0b4a9f18
              • Instruction Fuzzy Hash: 50D01770908A5C8FD7AADB2888087A87AB0FB04314F1843D9E06E932E0CB742A449F01

              Non-executed Functions

              Function 00007FF848E8E5EC Relevance: 7.6, Strings: 6, Instructions: 132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2223289291.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_7ff848e80000_BridgeSurrogatenet.jbxd
              Similarity
              • API ID:
              • String ID: .$/$6$9$b$d
              • API String ID: 0-4247058742
              • Opcode ID: 4b7cbc2656ee5654112cc29bf531bd15fbafbf9ca1379acc10b92a62392b1918
              • Instruction ID: 39cd2dbe9efe603b94b527fbb11a54e81018ce1e5e097d2706707e91b6dc0623
              • Opcode Fuzzy Hash: 4b7cbc2656ee5654112cc29bf531bd15fbafbf9ca1379acc10b92a62392b1918
              • Instruction Fuzzy Hash: 6151BD70D0822A8FEB68EF14C8947EDB7B5BB18345F5041EAD41DA3291CB786A84CF44

              Executed Functions

              Function 00007FF848E61688 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: 2EH
              • API String ID: 0-17899816
              • Opcode ID: 0beb1791e23420d8bddabaec8817ef002bc136e0ae8d8f88be7038f883e52b50
              • Instruction ID: ff4793d2ed654851d570ad0b88ec3774980ebec7d7901365f36e98640c23f524
              • Opcode Fuzzy Hash: 0beb1791e23420d8bddabaec8817ef002bc136e0ae8d8f88be7038f883e52b50
              • Instruction Fuzzy Hash: 1781CF31E0CA498FDB99EE1C88555B977E2FFD8750F14017AE44DE3286CE35AC028785
              Function 00007FF848E6EDE2 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: J
              • API String ID: 0-1141589763
              • Opcode ID: 053f468bcf7dcb0f7d506c7a4b541be203c7b4ffa297811ac7b3bae213fe14a7
              • Instruction ID: ef7ba08f2594b642bfc674ed2a3b79903a8d61a13aec8692dbadf86e3299ee62
              • Opcode Fuzzy Hash: 053f468bcf7dcb0f7d506c7a4b541be203c7b4ffa297811ac7b3bae213fe14a7
              • Instruction Fuzzy Hash: B7F0B7B0D0C5698EDB68EF04C9547ECB6B1BF14345F5040AAD64DB3281CB386A81DF59
              Function 00007FF848E6D6F9 Relevance: .4, Instructions: 389COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f11caaea0e857e05c2b70e6d4a403db32ce7871b40c35111239b1c2ccf405bf
              • Instruction ID: 0fba91127900bf9e6da6553117cc08a59f47e399f0f33d0cbda94d41d5c62856
              • Opcode Fuzzy Hash: 8f11caaea0e857e05c2b70e6d4a403db32ce7871b40c35111239b1c2ccf405bf
              • Instruction Fuzzy Hash: A7E14B71E1965A8FEB98EB68C4547F8B7B1FF58350F4440BAD00DE3296CB39A840CB55
              Function 00007FF848E61CCD Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4416e1b587c6b3c2edfe8c9cc5ed7537d730c5b85f4a385dd9fa2ee2f8c735d
              • Instruction ID: 229bfc64ec517b56022a7ff15b117271317e2215e1504e6863669180b7035747
              • Opcode Fuzzy Hash: e4416e1b587c6b3c2edfe8c9cc5ed7537d730c5b85f4a385dd9fa2ee2f8c735d
              • Instruction Fuzzy Hash: 4B51DF31A0CA8A8FDB49EE1C88645BA77E2FFD8741F54457ED44AD3282CF35E8028785
              Function 00007FF848E620E5 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79aa50f4f40a857d5933d009e8f12094642b495ff5dd01517f035f795c798ef3
              • Instruction ID: 23183983b7eef72ea20e672c68134f5feb7d8ff83be4f65ca797422f79b50d33
              • Opcode Fuzzy Hash: 79aa50f4f40a857d5933d009e8f12094642b495ff5dd01517f035f795c798ef3
              • Instruction Fuzzy Hash: 39411031E0DA4A4FE345EB3898591B9BBE0FF86390F4845BAD40CD7193DF28B8418359
              Function 00007FF848E63165 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0bcd8e2c932cb7d2ec94814a99cbc1145c6ac73948404fdc7cedaab871606012
              • Instruction ID: c27000a1b85e9411bb6ec4d9e8acf7583aadf8ce62f909e99d39b3ed1b028d89
              • Opcode Fuzzy Hash: 0bcd8e2c932cb7d2ec94814a99cbc1145c6ac73948404fdc7cedaab871606012
              • Instruction Fuzzy Hash: 22412730D1C60A8FEB54EAA8D4546FD77F1FF49344F904179D409E3292DB38A9468B54
              Function 00007FF848E636BA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b299e5e12dbf74251f6ca51f456a779078f9e59ff900cf5ff219ce92fc4392f7
              • Instruction ID: 7210a71323855232e548746e0f8841ee3278fc3d5ca27838eab6e063837477f8
              • Opcode Fuzzy Hash: b299e5e12dbf74251f6ca51f456a779078f9e59ff900cf5ff219ce92fc4392f7
              • Instruction Fuzzy Hash: AD31CF71A1C90A8FE758DF6CE8183ED7BE1FB96365F90007AC00AD72C6DBB524028B45
              Function 00007FF848E6AC8D Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e64ff7e85e7baf41f4fb9408f077356048f6f42aa1b19fb8062a212fc94a6f4d
              • Instruction ID: 90883f51f316092655d99ca18dbfd7bb3fe24ca21fd0f0a7cfbb2bc9a575d635
              • Opcode Fuzzy Hash: e64ff7e85e7baf41f4fb9408f077356048f6f42aa1b19fb8062a212fc94a6f4d
              • Instruction Fuzzy Hash: 1821F171E0C94AAFE341FB3898592A97BE0FF55395F4804B6C419E7092EF3474929344
              Function 00007FF848E6084D Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 662175385b36d1beccfcef4d57a0135042cb72750d1b6f5356f8ef77f6fdb94f
              • Instruction ID: cea11342f835c2304c53c0204ee37219e27fae8dc9be01d5f6a32fd7e753c7a2
              • Opcode Fuzzy Hash: 662175385b36d1beccfcef4d57a0135042cb72750d1b6f5356f8ef77f6fdb94f
              • Instruction Fuzzy Hash: 32110431E1C69A8FE785FB7884491E8BBE0FF16390F5544B2C009E6093EE34B4858294
              Function 00007FF848E60A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a70b66c87599640e82a065f4ef5d36629b361f378c1464604aebba6053ed69e
              • Instruction ID: e0922f8e3804401edf6b518594dc2ed94fd1bd3d6b15828937953c9e47d8b9ce
              • Opcode Fuzzy Hash: 4a70b66c87599640e82a065f4ef5d36629b361f378c1464604aebba6053ed69e
              • Instruction Fuzzy Hash: 17115B31E1895E9EE790FB6888492B97BE1FF58390F8005B6D409E61A2EF38B9448744
              Function 00007FF848E6335C Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79082906594a5e80ebdb32135f9c4db57780f25db828fe284a443d16aa1861c9
              • Instruction ID: 40fc1ecf5c6df9fe923506059a0bf61bf6e8d267f87e0074df64f39c24c3a7a3
              • Opcode Fuzzy Hash: 79082906594a5e80ebdb32135f9c4db57780f25db828fe284a443d16aa1861c9
              • Instruction Fuzzy Hash: 91218C3084D68A8FE742BB78C8585A97FF0FF5A351F0504EAD019CB062DA38A546C710
              Function 00007FF848E6BFB7 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29fcd395fe974faac1e4f20c6b44b7ee31b81d7199cc44578044f9a674193a62
              • Instruction ID: be29d23ffe5b52a743bdc3a1d95b36694032233de7cc6e42c909436d41f9b50c
              • Opcode Fuzzy Hash: 29fcd395fe974faac1e4f20c6b44b7ee31b81d7199cc44578044f9a674193a62
              • Instruction Fuzzy Hash: FB116330E1C91D8EDB94FBA89495AEDBBB1FF59340F941029D00DE3292DF3468819B44
              Function 00007FF848E6120D Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e73a88e3a2162740075bda2bab6fdd24d7478cab3d8392ac575f55ba1c6e4a2e
              • Instruction ID: 4020296fe81368247cb8c2c0cc446808479b409f2c4af3734956bc46d42d89f7
              • Opcode Fuzzy Hash: e73a88e3a2162740075bda2bab6fdd24d7478cab3d8392ac575f55ba1c6e4a2e
              • Instruction Fuzzy Hash: E411D070D0D54A8EEB89FB6484592F97BE0FF69381F4004BAC01AD6192EF356444C700
              Function 00007FF848E6C6F0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97a628aa9b3b53a061981e0d2f73e6cd3ccf9ef26728f354c5e31385e38e2004
              • Instruction ID: 5c46edc21a65acfde4ac9a721e270d5a4c2775d1a0ad92ae234cb1fec34e3244
              • Opcode Fuzzy Hash: 97a628aa9b3b53a061981e0d2f73e6cd3ccf9ef26728f354c5e31385e38e2004
              • Instruction Fuzzy Hash: BC116A7090DA8E9EEB46FB3888182B97BB0FF19341F4404BBD819D60A2DF347950C754
              Function 00007FF848E60F1E Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd9e050f194bdc3c14d6438bde23700647cea830d2d4bb9ef7c3d88276ddb27a
              • Instruction ID: 1f11d2fabcd7d70e94ab86e2d7493771e72907131207631dcb613d0eb3d02b80
              • Opcode Fuzzy Hash: cd9e050f194bdc3c14d6438bde23700647cea830d2d4bb9ef7c3d88276ddb27a
              • Instruction Fuzzy Hash: 69115B30D099198FEB54FB24C855BEDB3B1FB94350F6042BAD00AB7296DF386D418B88
              Function 00007FF848E6BDC9 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0f80ac5167ec269e2c24a6931f26a23e0ea8866ea87b05b9be82c7b0ecdcd02
              • Instruction ID: c183adb92f0c5afb1e8b2851f276686016385fe6d97c7c76a14603b5a70fe255
              • Opcode Fuzzy Hash: c0f80ac5167ec269e2c24a6931f26a23e0ea8866ea87b05b9be82c7b0ecdcd02
              • Instruction Fuzzy Hash: 69117930D1D68D8FEB89EF68C8682B97BB0FF59341F9504BAD409D7192EB38A550C740
              Function 00007FF848E63475 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f38f27759c6dba3fb6f5afda152943fe217adc05cbdddd6f02a8165d415296a0
              • Instruction ID: ac11a95f3a1ec65b910628a9ee99fd7011ce164859ae403c95b768783a6dc016
              • Opcode Fuzzy Hash: f38f27759c6dba3fb6f5afda152943fe217adc05cbdddd6f02a8165d415296a0
              • Instruction Fuzzy Hash: 97117C3090D68E8FDB45EF28C4592B9BBA0FF18341F8004BAD41AE2191DB38A541C704
              Function 00007FF848E62E71 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0548a87c90387d25955b35ab9870ec843b169bc1c44abe29ebe2f179f39d25b
              • Instruction ID: 12d7d6f9d7bae119e4e60576086f37d4fde5a228f7ac8433fcfb14ec1c6e1712
              • Opcode Fuzzy Hash: f0548a87c90387d25955b35ab9870ec843b169bc1c44abe29ebe2f179f39d25b
              • Instruction Fuzzy Hash: C3015A30E1D64A8FE752FB2488886A97AE0FF69381F8105B6D40CD61A2EF38B5848644
              Function 00007FF848E6C219 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 043c92e46759af3732333646c2a11b0f72e4b3e89a6c5bd7a5faf2b233a8f45f
              • Instruction ID: 6c32ec61ce6ac311e0e73d3e8f5cc8a5edd0d28cba6158024245a0b98728d82d
              • Opcode Fuzzy Hash: 043c92e46759af3732333646c2a11b0f72e4b3e89a6c5bd7a5faf2b233a8f45f
              • Instruction Fuzzy Hash: E911CE3090DA8D8FDB49EF2484952BA3FB1FF6A340F9001BED809D6192DB39A554C784
              Function 00007FF848E605D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a64fd8433f568fa00735a8d1c1db03497e62eac2c9c464c190c83112804cc413
              • Instruction ID: 9f03a6af157a2ee44028a372ba5307df2dc578cc22b328fc30ffb5b51d00a433
              • Opcode Fuzzy Hash: a64fd8433f568fa00735a8d1c1db03497e62eac2c9c464c190c83112804cc413
              • Instruction Fuzzy Hash: A5018C3090890E9FEB8AEF24C0846BD77A1FF58385F90407AD40ED2190CF36B560CB48
              Function 00007FF848E61C41 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40fac1759dc19afbb69e2d3932a09bda0cafac51c94a940ccff1f8cbcccaa0ea
              • Instruction ID: 94741377a39cc516d0a3fd41f0f1c9d3db290093d3f09a6f20a61eaf8395c345
              • Opcode Fuzzy Hash: 40fac1759dc19afbb69e2d3932a09bda0cafac51c94a940ccff1f8cbcccaa0ea
              • Instruction Fuzzy Hash: E401A430D0D68E9FEB9EEF2484596FD3BA1FF56351F81007AE808C2192DB36A560C744
              Function 00007FF848E6AAE8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 348b3f2ed107d37632af9e2b298725488a4ca46f91540fdf2d617c9fff958291
              • Instruction ID: b444fd0712be39cc115c79e38b50d558d92a269e96cd7aa90baff77183c5d262
              • Opcode Fuzzy Hash: 348b3f2ed107d37632af9e2b298725488a4ca46f91540fdf2d617c9fff958291
              • Instruction Fuzzy Hash: 54011A3091890EAEEB88FFA4C8596BE76E0FF18345F50097AE41ED2191DF35A550C744
              Function 00007FF848E6BA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bdf9d06e1d900f87c34449d28ba2b3981aeceaedc8b5b68b4a2d39e0153835f0
              • Instruction ID: ee893dcce2330f5abbf134963b150b576c28085447eb40252acaae6112af6297
              • Opcode Fuzzy Hash: bdf9d06e1d900f87c34449d28ba2b3981aeceaedc8b5b68b4a2d39e0153835f0
              • Instruction Fuzzy Hash: D5016970D1C94E8EEB98FF6884592BE7AA0FF58344F40047AD41ED2192DF75B5908704
              Function 00007FF848E6284D Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9023913bc9b3984737f418174a5d2a1539214db12288b7eaa69bfb22060f97c7
              • Instruction ID: 349a9375f6fbfbc1735ab688f534f4c05cbcbb63184da5c761f979050b4681a6
              • Opcode Fuzzy Hash: 9023913bc9b3984737f418174a5d2a1539214db12288b7eaa69bfb22060f97c7
              • Instruction Fuzzy Hash: 95017C30D1D68E9FE755FB2488496B97BE0FF69381F8145B6D408D60A2EF38E1408604
              Function 00007FF848E6A849 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0dc79f4bf2f7eec6c3946c641b67de21b993582ac89ccab435b64fd5339d2aec
              • Instruction ID: 5e443f2d2b157a8dd5c01c46b0490d1cae428bdcd542ffa403340b4647ac6a76
              • Opcode Fuzzy Hash: 0dc79f4bf2f7eec6c3946c641b67de21b993582ac89ccab435b64fd5339d2aec
              • Instruction Fuzzy Hash: 5B015A30D5D68A9FE752FB34984D5A97BE0FF1A380F8508F6D408C60A2EE38A4948711
              Function 00007FF848E62EE9 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a626ba5c933db3067ffb70e64072f98df3e8811f7db49af06c048622f9c9c7f
              • Instruction ID: 0775a062e9eb63e7c89aca4a2a6b3f53fa8003e9bb164d71f612ed1632d73bbc
              • Opcode Fuzzy Hash: 1a626ba5c933db3067ffb70e64072f98df3e8811f7db49af06c048622f9c9c7f
              • Instruction Fuzzy Hash: 6801BC30D1D2898FE742BB7488492A97BE0FF5A380F8605F2C408DB0A7EB38A444C315
              Function 00007FF848E60608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d490f57069725e2aca0ec9efb147bd30c973e02ce5dfa7430e2133ae02c4003
              • Instruction ID: ab9b4052bf5073c26fd267dbac3fa9c95cccfb503740bfd462d7f525bd086c3b
              • Opcode Fuzzy Hash: 7d490f57069725e2aca0ec9efb147bd30c973e02ce5dfa7430e2133ae02c4003
              • Instruction Fuzzy Hash: F6018C3091950E9EEB48FF24C458ABA73A1FF18355F9008BEE81ED21D2DF39B150C614
              Function 00007FF848E60610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b579d1a39accbaf80abde9e0f29297a2ce3fb2bbdeed8f4ae96c2a220bf5ea9
              • Instruction ID: 846e7db9bd2692da1e58071211879ac7da95f746155ab1ca8432d7a30a47daac
              • Opcode Fuzzy Hash: 3b579d1a39accbaf80abde9e0f29297a2ce3fb2bbdeed8f4ae96c2a220bf5ea9
              • Instruction Fuzzy Hash: 47016930919A4E9EEB48FF2488486B973A0FF19345F9048BEE40ED21D2DF3AB550C604
              Function 00007FF848E67270 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fecce24ac19402145b065b4fa6d993a170014212204dff63c4efff7683688fda
              • Instruction ID: 15df9f78eed24ecafbdbfc64c8116ad982e81b17f1cb369913c40fa021f0e5be
              • Opcode Fuzzy Hash: fecce24ac19402145b065b4fa6d993a170014212204dff63c4efff7683688fda
              • Instruction Fuzzy Hash: 32015E70E085298FD764EB54C884BA9B3F2FB55350F5045F6D00DE3295CF38AA84CB24
              Function 00007FF848E61220 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74a8af73d9260272748f4e36049eed5f37f8e8cdf6fe0583ba0784b28a1e00f8
              • Instruction ID: 0ed2eaacd0ceb8315195e05bc271dd6c2fc9fa8ceab02fd349bf6eb1a0cf51a1
              • Opcode Fuzzy Hash: 74a8af73d9260272748f4e36049eed5f37f8e8cdf6fe0583ba0784b28a1e00f8
              • Instruction Fuzzy Hash: 9AF0FF70D0DA4A8EEB89AA6894183FA77E0FF16395F40047AD41AE20C1EF342414D244
              Function 00007FF848E62769 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc2a1b645ad598f8fa17f1238a08638924238669e0da90824fe1204f963b38f2
              • Instruction ID: 5bf1d8de033dbb9a7411586fa7c383e609263a0031052049866dd5c32ceb2974
              • Opcode Fuzzy Hash: cc2a1b645ad598f8fa17f1238a08638924238669e0da90824fe1204f963b38f2
              • Instruction Fuzzy Hash: 1DF0C23080E38A8FEB59AF3488282A93B60FF16350F4504BBE809C61D3EB38B414C701
              Function 00007FF848E63231 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 495a20bcae325de46ffaab477daf989c9d08e5e975002091dcff33548d35ce13
              • Instruction ID: 00e59d88396077d5bac5154a971608b9a964b5ef0af01089146057334047799f
              • Opcode Fuzzy Hash: 495a20bcae325de46ffaab477daf989c9d08e5e975002091dcff33548d35ce13
              • Instruction Fuzzy Hash: F2F0EC75C0C52ACFEB58EA58D0946FC7BB1BF94385FA45039D00AA32C2CB386546DB58
              Function 00007FF848E6B5D5 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50c4616087489317179168430504dd15664ab1cae943083f069e3e918326b561
              • Instruction ID: f52e88a02da94e10ca571c0d28e32849bf23d1f9b015408edf805da539ac22bf
              • Opcode Fuzzy Hash: 50c4616087489317179168430504dd15664ab1cae943083f069e3e918326b561
              • Instruction Fuzzy Hash: 87F0E770D0892D8EEBA5EB18C4457E9B3B1FF98300F5041A6C40DE3155DB34AE868F40
              Function 00007FF848E627DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 646d0d06d6dc366e82df24f409371d2482a6c5e0fc29438e3d21e3748b477ac1
              • Instruction ID: c311805b4d98ee595f8a5288b9064cba75929e129b6695011092bacd07fbcd90
              • Opcode Fuzzy Hash: 646d0d06d6dc366e82df24f409371d2482a6c5e0fc29438e3d21e3748b477ac1
              • Instruction Fuzzy Hash: 3FF09A3080E7CE8FEB59AF2488692B93BA0FF56341F8045BAE809C61D2DB39A454C701
              Function 00007FF848E6E92C Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 629215c41545321369727fa764b7e79bb0d8c94e02a540742634fc9d0b4a9f18
              • Instruction ID: 9880462d90b7aaf39cb2006dcac8eb1c8d1e7681473ffbbd03d56978576980bb
              • Opcode Fuzzy Hash: 629215c41545321369727fa764b7e79bb0d8c94e02a540742634fc9d0b4a9f18
              • Instruction Fuzzy Hash: 4BD01770908A5C8FD7AADB2888087A87AB0FB04314F1843D9E06EA32D0CB742A448F01

              Non-executed Functions

              Function 00007FF848E6E5EC Relevance: 7.6, Strings: 6, Instructions: 132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000E.00000002.2280872179.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_14_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: .$/$6$9$b$d
              • API String ID: 0-4247058742
              • Opcode ID: d4b5c47e4b71537f4390da16fa1b8e1413c7e74ad26c0696a174558ddbb43ef1
              • Instruction ID: d1a33580a68bd023961c669cf1b7df80169705336fafbd7edff700b632b88fa7
              • Opcode Fuzzy Hash: d4b5c47e4b71537f4390da16fa1b8e1413c7e74ad26c0696a174558ddbb43ef1
              • Instruction Fuzzy Hash: 7E51CE70D0822A8FEBA8EF14C8947EDB7B5BB18345F5041EAD41DA3281DB786AC4CF44

              Executed Functions

              Function 00007FF848E6F7A5 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: &$0
              • API String ID: 0-347091530
              • Opcode ID: 4b1e5f553a7bd281a811c357c15b218fa1487e61ebeec8c393e7d3d74dcc4dc1
              • Instruction ID: c6cfb7cd2750f9c7b706e730c2235496a3cc46536fe7424f45f21731f2bc2462
              • Opcode Fuzzy Hash: 4b1e5f553a7bd281a811c357c15b218fa1487e61ebeec8c393e7d3d74dcc4dc1
              • Instruction Fuzzy Hash: 254109B0D18A698FDBA8EB1888957E8B7B1FF58345F5041F9D40DA3291CB346EC18F45
              Function 00007FF848E61688 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: 2EH
              • API String ID: 0-17899816
              • Opcode ID: 0beb1791e23420d8bddabaec8817ef002bc136e0ae8d8f88be7038f883e52b50
              • Instruction ID: ff4793d2ed654851d570ad0b88ec3774980ebec7d7901365f36e98640c23f524
              • Opcode Fuzzy Hash: 0beb1791e23420d8bddabaec8817ef002bc136e0ae8d8f88be7038f883e52b50
              • Instruction Fuzzy Hash: 1781CF31E0CA498FDB99EE1C88555B977E2FFD8750F14017AE44DE3286CE35AC028785
              Function 00007FF848E712D3 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 4c73e43899b64f657946e904b655a2820e771443383ae17ac15ce9a861fe6a35
              • Instruction ID: b5735afa7b90b255d0fa985364d393ff12ada1d95f0e563d5b83f2d28f20479a
              • Opcode Fuzzy Hash: 4c73e43899b64f657946e904b655a2820e771443383ae17ac15ce9a861fe6a35
              • Instruction Fuzzy Hash: 2401D674D093598FEB28EF40C8906ECB3F1FB55351F14017AD44AAB291DB796A94CE48
              Function 00007FF848E6D6F9 Relevance: .4, Instructions: 389COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: daebb721f090c26527f205e887a7730552c7b09694075351399730e56fdd1ab2
              • Instruction ID: 0fba91127900bf9e6da6553117cc08a59f47e399f0f33d0cbda94d41d5c62856
              • Opcode Fuzzy Hash: daebb721f090c26527f205e887a7730552c7b09694075351399730e56fdd1ab2
              • Instruction Fuzzy Hash: A7E14B71E1965A8FEB98EB68C4547F8B7B1FF58350F4440BAD00DE3296CB39A840CB55
              Function 00007FF848E7320D Relevance: .3, Instructions: 324COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0354b7d7c5fdc8b68c3e1d6ee70aedf163d70b09a38e9edae01f3afac5db6c6
              • Instruction ID: 54461103bd1b6a04bf6dc7cbedffe261217d1eeea47ecfd28f637ae9e4386cc4
              • Opcode Fuzzy Hash: b0354b7d7c5fdc8b68c3e1d6ee70aedf163d70b09a38e9edae01f3afac5db6c6
              • Instruction Fuzzy Hash: 1F116D7190D6CA9EE782A738C8196A97BF0FF16340F4904F7D048C71A3DA38A9448712
              Function 00007FF848E737A9 Relevance: .3, Instructions: 319COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df14a79193f21d53888fe1d3b19d8e4c9a3b961094b90e1fbcbfe066586f987a
              • Instruction ID: 4d2dafdbad2e281d5b98580db1e392a437251905aa9bbaaf47d2dd12d98a0dea
              • Opcode Fuzzy Hash: df14a79193f21d53888fe1d3b19d8e4c9a3b961094b90e1fbcbfe066586f987a
              • Instruction Fuzzy Hash: 7A814963B4D9656ED318BBBCF8551F97B90FF853B2F08447BC289CA043DA246046CBA4
              Function 00007FF848E73A45 Relevance: .3, Instructions: 309COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c49c3b6208fa39dfe4654a1f8718c624d70c7ed43941d871ea07a9d8fe817ba8
              • Instruction ID: e7b7f184ca45700ab52e6bffabf5bc98488fd4f83dc2c62faf82c33ce328b24d
              • Opcode Fuzzy Hash: c49c3b6208fa39dfe4654a1f8718c624d70c7ed43941d871ea07a9d8fe817ba8
              • Instruction Fuzzy Hash: 27D19270D18A2D9EEBA4EB58C895BECB6B1FF58341F5041BAD00DE3292DB7469848F05
              Function 00007FF848E737D3 Relevance: .3, Instructions: 289COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c27e8d21a19149123b1277218b7d19bdc5fb4b1407d53793e9a1fb09c845486
              • Instruction ID: b7cafdc4daf5d656f6cf9ced2d41c4618138a3b5b2da9aee74c49a0ef998815b
              • Opcode Fuzzy Hash: 4c27e8d21a19149123b1277218b7d19bdc5fb4b1407d53793e9a1fb09c845486
              • Instruction Fuzzy Hash: AA714B63B4D9666ED318BBBCF8551F97B50FF813B2B08557BC289C9043DA24604ACBE4
              Function 00007FF848E61CCD Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4416e1b587c6b3c2edfe8c9cc5ed7537d730c5b85f4a385dd9fa2ee2f8c735d
              • Instruction ID: 229bfc64ec517b56022a7ff15b117271317e2215e1504e6863669180b7035747
              • Opcode Fuzzy Hash: e4416e1b587c6b3c2edfe8c9cc5ed7537d730c5b85f4a385dd9fa2ee2f8c735d
              • Instruction Fuzzy Hash: 4B51DF31A0CA8A8FDB49EE1C88645BA77E2FFD8741F54457ED44AD3282CF35E8028785
              Function 00007FF848E738D3 Relevance: .2, Instructions: 176COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9777fe2ab7b842fa6e36a430dc7cda5886c41e1894e422803b035b69347961a
              • Instruction ID: d61479c8c82c0a20c7b89f43f0231a5cde81bb89e2dfc4b3cc9d60059fa92ad4
              • Opcode Fuzzy Hash: e9777fe2ab7b842fa6e36a430dc7cda5886c41e1894e422803b035b69347961a
              • Instruction Fuzzy Hash: 5B41372770D9615FE754BBACFC956F67B90FF413B2B44047BC249CA083DA205009C7A5
              Function 00007FF848E620E5 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32cdaf42b1e7810a2e641d68ad80c61be64b7981db8f8e1117be4e7125812d11
              • Instruction ID: a609dd5f129a54ae64a53c80055db077b3c4e38fdef0d8fc3b9d4395a2a7df59
              • Opcode Fuzzy Hash: 32cdaf42b1e7810a2e641d68ad80c61be64b7981db8f8e1117be4e7125812d11
              • Instruction Fuzzy Hash: E3411031E0DA4A4FE345EB3898591B9BBE0FF86390F4845BAD40CD7193DF28B8418359
              Function 00007FF848E63165 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad8a7ebd3f4a84a628c37c2bc55731d46967da1dc05633d698e535196f042b77
              • Instruction ID: 9b2e7ecf3af42581b9604a731d5a6e1fe109cde86881ba978b6b362571e5cbec
              • Opcode Fuzzy Hash: ad8a7ebd3f4a84a628c37c2bc55731d46967da1dc05633d698e535196f042b77
              • Instruction Fuzzy Hash: B8414730D0C60A8FEB54EAA8C4546FD77F1FF49380F904179C409E3292DB38A9468B48
              Function 00007FF848E6F30C Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cf48b53b417800b2b623c699f2159ebd4cb35a0eb5433d4c3d907a2e691712f
              • Instruction ID: 1eeb35a3010ef4857a00f128f0ad5e7cd3ca5c728fadcfd1268cb89a79a130fb
              • Opcode Fuzzy Hash: 6cf48b53b417800b2b623c699f2159ebd4cb35a0eb5433d4c3d907a2e691712f
              • Instruction Fuzzy Hash: C4411AB0D18A598FDBA8EB1888957A8B7F1FB58341F5041F9D50DE3251CF346AC18F45
              Function 00007FF848E636BA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ccdfdc18ca2cb6bfef9ad54e747eddacd300451ff2a59b6f9341ec19d6334eb
              • Instruction ID: e988f0737154ab0a535ccf64b850eb474ec858dbe73a6029c24db80fd0278122
              • Opcode Fuzzy Hash: 5ccdfdc18ca2cb6bfef9ad54e747eddacd300451ff2a59b6f9341ec19d6334eb
              • Instruction Fuzzy Hash: 0231CF71A0C90A8FE748DF6CD8193ED7BE1FBA63A5F90017AC00AD72C6DBB524018B44
              Function 00007FF848E6AC8D Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 874742466ef9ff97e5110e3b857966b6f10ca5bbf213d3ae058515b0f187b2f7
              • Instruction ID: 91f93980f7464690118c928ff8adcb318f74a240dc73af9cb9f60d35fc24e216
              • Opcode Fuzzy Hash: 874742466ef9ff97e5110e3b857966b6f10ca5bbf213d3ae058515b0f187b2f7
              • Instruction Fuzzy Hash: 6021F171E0C94AAFE341FB3888592A97BE0FF59395F4804B6C419E7092EF3474929344
              Function 00007FF848E720E0 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 157b243cde81d5936f7b08e4014e74b76796e535b068bccd5635dac32e936801
              • Instruction ID: 9c8ddad867fe323783882185131f27c177838c09cfd0ea92f07596544e0df6ca
              • Opcode Fuzzy Hash: 157b243cde81d5936f7b08e4014e74b76796e535b068bccd5635dac32e936801
              • Instruction Fuzzy Hash: 9821BE3088E2C94FDB47AB7088655E57FB0FF07250F0904EBD48ACB4A3CA2D694AC312
              Function 00007FF848E6084D Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 662175385b36d1beccfcef4d57a0135042cb72750d1b6f5356f8ef77f6fdb94f
              • Instruction ID: cea11342f835c2304c53c0204ee37219e27fae8dc9be01d5f6a32fd7e753c7a2
              • Opcode Fuzzy Hash: 662175385b36d1beccfcef4d57a0135042cb72750d1b6f5356f8ef77f6fdb94f
              • Instruction Fuzzy Hash: 32110431E1C69A8FE785FB7884491E8BBE0FF16390F5544B2C009E6093EE34B4858294
              Function 00007FF848E6335C Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79082906594a5e80ebdb32135f9c4db57780f25db828fe284a443d16aa1861c9
              • Instruction ID: 40fc1ecf5c6df9fe923506059a0bf61bf6e8d267f87e0074df64f39c24c3a7a3
              • Opcode Fuzzy Hash: 79082906594a5e80ebdb32135f9c4db57780f25db828fe284a443d16aa1861c9
              • Instruction Fuzzy Hash: 91218C3084D68A8FE742BB78C8585A97FF0FF5A351F0504EAD019CB062DA38A546C710
              Function 00007FF848E60A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6594ed2bb68a4a4abe9c30d8de748f61081912493a4c483b2470342ba73c70b
              • Instruction ID: 2bbbaf130d2b6cbefcfb341bec37068a43ecbf1034a2256fc7a3c009714e333e
              • Opcode Fuzzy Hash: f6594ed2bb68a4a4abe9c30d8de748f61081912493a4c483b2470342ba73c70b
              • Instruction Fuzzy Hash: F4115B30E1895E9EE790FB6888492B97BE1FF583D0F8005B6D408E61A2EF38A9448744
              Function 00007FF848E74605 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22f0fe9debc04243029ea76e58dca9b82cbaa39e6d7a565d92adb721c4490aa4
              • Instruction ID: 1959f3fd4adcd84817dd5be1531cc01e9c1000d39c5ae6f5b4059d3c4515b4c9
              • Opcode Fuzzy Hash: 22f0fe9debc04243029ea76e58dca9b82cbaa39e6d7a565d92adb721c4490aa4
              • Instruction Fuzzy Hash: E8117970D0DA4E9FEB88FF6884592B97BA0FF68345F0005BAD429C3196DB39A584CB41
              Function 00007FF848E74569 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2d4c515b8e9e6ddc2ef0f171a727fbb228930c1a6947aa48c527e1827edbbe24
              • Instruction ID: 7d06a9a0b082e378de9ad310c7f1d25c263d04d42eeb67d99db806caa9208b7b
              • Opcode Fuzzy Hash: 2d4c515b8e9e6ddc2ef0f171a727fbb228930c1a6947aa48c527e1827edbbe24
              • Instruction Fuzzy Hash: FE219D70D0DA8E9FEB99EF2884592B97BB0FF29345F0405BBD409C7192DB38A540CB41
              Function 00007FF848E6BFB7 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29fcd395fe974faac1e4f20c6b44b7ee31b81d7199cc44578044f9a674193a62
              • Instruction ID: be29d23ffe5b52a743bdc3a1d95b36694032233de7cc6e42c909436d41f9b50c
              • Opcode Fuzzy Hash: 29fcd395fe974faac1e4f20c6b44b7ee31b81d7199cc44578044f9a674193a62
              • Instruction Fuzzy Hash: FB116330E1C91D8EDB94FBA89495AEDBBB1FF59340F941029D00DE3292DF3468819B44
              Function 00007FF848E6120D Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e73a88e3a2162740075bda2bab6fdd24d7478cab3d8392ac575f55ba1c6e4a2e
              • Instruction ID: 4020296fe81368247cb8c2c0cc446808479b409f2c4af3734956bc46d42d89f7
              • Opcode Fuzzy Hash: e73a88e3a2162740075bda2bab6fdd24d7478cab3d8392ac575f55ba1c6e4a2e
              • Instruction Fuzzy Hash: E411D070D0D54A8EEB89FB6484592F97BE0FF69381F4004BAC01AD6192EF356444C700
              Function 00007FF848E74B25 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0127ab2330de07698844cafbc241b79a72c9f666c2fc255bd56a2ff5d7c6cb9
              • Instruction ID: 37d4deae2497f563525ddeaa59e947a9c30028c7d55d1fe1785b481db7dd2cfa
              • Opcode Fuzzy Hash: c0127ab2330de07698844cafbc241b79a72c9f666c2fc255bd56a2ff5d7c6cb9
              • Instruction Fuzzy Hash: F911C130D0DA898FEB99EB6488A93B87BA0FF19349F0400BEC109C6592DF396844C705
              Function 00007FF848E6C6F0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25875f9c4619d5a0ebd20494e1b7c7b21648a88d5b69b01b91335e518eaabc75
              • Instruction ID: 5c46edc21a65acfde4ac9a721e270d5a4c2775d1a0ad92ae234cb1fec34e3244
              • Opcode Fuzzy Hash: 25875f9c4619d5a0ebd20494e1b7c7b21648a88d5b69b01b91335e518eaabc75
              • Instruction Fuzzy Hash: BC116A7090DA8E9EEB46FB3888182B97BB0FF19341F4404BBD819D60A2DF347950C754
              Function 00007FF848E74F2D Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 200e541deb78e6328b766c94188b2b1e7f78dbcaafafe4131cf450263eadca5e
              • Instruction ID: 7c2c3b6a80315efb750f96efb1baff5021758715ab571f94ee6579b0fdf2f22f
              • Opcode Fuzzy Hash: 200e541deb78e6328b766c94188b2b1e7f78dbcaafafe4131cf450263eadca5e
              • Instruction Fuzzy Hash: F811BC70E1C98A8FE784FB2888482FD7BE0FF59380F4509B6D408CB192EF38A5408740
              Function 00007FF848E72F15 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af0c1b6e273b3e26a865993333af4b39164f59c3f4dfad8d6916b8f551ae3c4f
              • Instruction ID: fd26216ff732da6b63eb167c556dc8dc16e13ef6c31adf1cee13ec5592161f1f
              • Opcode Fuzzy Hash: af0c1b6e273b3e26a865993333af4b39164f59c3f4dfad8d6916b8f551ae3c4f
              • Instruction Fuzzy Hash: 9C11AC30D0C94E9EEB85FB2888496B97AF0FF19340F4405BAD409D31ABEF38A1848705
              Function 00007FF848E77421 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E77000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E77000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e77000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8bd64230463a5b50767d855503e76bdcb29bb65f749fb16ab1eabd6ed5d8f7a
              • Instruction ID: 8b4da9d42fed5f42ab2995b64ab2ebf2f5ac65759d87d7b4d850fbc4e248e7f9
              • Opcode Fuzzy Hash: f8bd64230463a5b50767d855503e76bdcb29bb65f749fb16ab1eabd6ed5d8f7a
              • Instruction Fuzzy Hash: A411273190D54A9FEB51FBA888486AA7BF4FF1A381F0409B6D418C71A1EB38A5908B55
              Function 00007FF848E60F1E Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d4fc18f79e69e37d4d8d1e181eb187c65cbd62258d4e350f2e109f9230836b7f
              • Instruction ID: b6535ef901f17073f2a1a8a1af5e6c0a2bbb4175f0d42638d872c47ead433b51
              • Opcode Fuzzy Hash: d4fc18f79e69e37d4d8d1e181eb187c65cbd62258d4e350f2e109f9230836b7f
              • Instruction Fuzzy Hash: 95115B30D099198FEB54FB14C855BEDB3B1FB98350F6042BAD00AB7296DF386D418B88
              Function 00007FF848E74E99 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b215ec5e5fba1e686b5af2bfe3e03a45ff645a08248b4ef80ed06649b774d10
              • Instruction ID: c61847322764e8652bb19eeba3b607447f8c5225aafaeda6504d5d28bc896a13
              • Opcode Fuzzy Hash: 6b215ec5e5fba1e686b5af2bfe3e03a45ff645a08248b4ef80ed06649b774d10
              • Instruction Fuzzy Hash: 1F115B3090D68A8FEB59FB6488696B97BF0FF19355F0404BBD419C61A2DF396484C741
              Function 00007FF848E74E0D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85e9272b9c38e0459136eb13e4ada6830ea45d2ab80a5ef55021acb0015ab170
              • Instruction ID: 3a9d147e241aa691e779a33648e8f0d1769c843c1c1b1a83c731b474227f9d3e
              • Opcode Fuzzy Hash: 85e9272b9c38e0459136eb13e4ada6830ea45d2ab80a5ef55021acb0015ab170
              • Instruction Fuzzy Hash: D5119E30D0D98E8FEB49EB2488596B97BB0FF28365F0405BAD41AC6192DF38A580CB41
              Function 00007FF848E727A1 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d22ce752fd3dabd78b2570e95db48e0608e7f6c37ca3a5f035602bce0c4b2ae9
              • Instruction ID: ef0939a2d31db3899f8cb9502683ef54127c5058f35c294b069bac218562e8db
              • Opcode Fuzzy Hash: d22ce752fd3dabd78b2570e95db48e0608e7f6c37ca3a5f035602bce0c4b2ae9
              • Instruction Fuzzy Hash: 2011AD30D1C54E8EE782FB68884C6F97BF0FF09341F0408B6D809C7052EB34A1808745
              Function 00007FF848E75F39 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 117084c177827dbe5815fe6708130324c3fbe2e68088e81d30831cf29b8d5001
              • Instruction ID: 71e3f92d990eb01ff641db7bebeec96b979915ed223edc146094f45bc99bb340
              • Opcode Fuzzy Hash: 117084c177827dbe5815fe6708130324c3fbe2e68088e81d30831cf29b8d5001
              • Instruction Fuzzy Hash: 25118C30D0D68A8EEB95FB2488592B97BF0FF19340F4906F7D408C70A6EB38A4448715
              Function 00007FF848E6BDC9 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5310ee8ef688d7ac3e29572ddda91d660b566b057afeaad36f90a338c05b46f5
              • Instruction ID: c183adb92f0c5afb1e8b2851f276686016385fe6d97c7c76a14603b5a70fe255
              • Opcode Fuzzy Hash: 5310ee8ef688d7ac3e29572ddda91d660b566b057afeaad36f90a338c05b46f5
              • Instruction Fuzzy Hash: 69117930D1D68D8FEB89EF68C8682B97BB0FF59341F9504BAD409D7192EB38A550C740
              Function 00007FF848E623CF Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6e797d32f104967d32f20b56793ae060b4d7661d4b2f61bd97b5faa6290428d
              • Instruction ID: a83cb346abc6ce66edd72cca84d0b1f341c15645c81a5916f74dce7bb16db74d
              • Opcode Fuzzy Hash: f6e797d32f104967d32f20b56793ae060b4d7661d4b2f61bd97b5faa6290428d
              • Instruction Fuzzy Hash: 1D21C870D08529CEEB68EF14C8957EDB2B0BF55341F9041BAD04EB6292CF782A89CF44
              Function 00007FF848E63475 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f38f27759c6dba3fb6f5afda152943fe217adc05cbdddd6f02a8165d415296a0
              • Instruction ID: ac11a95f3a1ec65b910628a9ee99fd7011ce164859ae403c95b768783a6dc016
              • Opcode Fuzzy Hash: f38f27759c6dba3fb6f5afda152943fe217adc05cbdddd6f02a8165d415296a0
              • Instruction Fuzzy Hash: 97117C3090D68E8FDB45EF28C4592B9BBA0FF18341F8004BAD41AE2191DB38A541C704
              Function 00007FF848E74C4D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8515769bf79ea0cb0e0e2996451f837ca783f61ddb893369839b134efec078c8
              • Instruction ID: eece31bc50289afde8ec408d04ae4c68e2888c289cf11e3b25cc4c80ee679b20
              • Opcode Fuzzy Hash: 8515769bf79ea0cb0e0e2996451f837ca783f61ddb893369839b134efec078c8
              • Instruction Fuzzy Hash: 5E116A7090D64AAFEB59EB6488592B97BF0FF18344F1405BAD409C3196DF38A440CB05
              Function 00007FF848E725D1 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec9868f95a577b50dacd3d2bb945e11e6730d58186cf85ca2d6da9326c9faeb6
              • Instruction ID: 154113f1b582942e52ada60b8523b9d156c065ce52ef67c32de5d8f1db9867ba
              • Opcode Fuzzy Hash: ec9868f95a577b50dacd3d2bb945e11e6730d58186cf85ca2d6da9326c9faeb6
              • Instruction Fuzzy Hash: A1019A3090D64E8FEB49EB6488692F9BBA0FF19345F8104BED41AC6092DF39A440C700
              Function 00007FF848E6C219 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b1200c4fa249adaf5c77574d69ee3c3d1d58e016df67bf4b8402eaca0df69ea
              • Instruction ID: 6c32ec61ce6ac311e0e73d3e8f5cc8a5edd0d28cba6158024245a0b98728d82d
              • Opcode Fuzzy Hash: 5b1200c4fa249adaf5c77574d69ee3c3d1d58e016df67bf4b8402eaca0df69ea
              • Instruction Fuzzy Hash: E911CE3090DA8D8FDB49EF2484952BA3FB1FF6A340F9001BED809D6192DB39A554C784
              Function 00007FF848E605D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a64fd8433f568fa00735a8d1c1db03497e62eac2c9c464c190c83112804cc413
              • Instruction ID: 9f03a6af157a2ee44028a372ba5307df2dc578cc22b328fc30ffb5b51d00a433
              • Opcode Fuzzy Hash: a64fd8433f568fa00735a8d1c1db03497e62eac2c9c464c190c83112804cc413
              • Instruction Fuzzy Hash: A5018C3090890E9FEB8AEF24C0846BD77A1FF58385F90407AD40ED2190CF36B560CB48
              Function 00007FF848E61C41 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40fac1759dc19afbb69e2d3932a09bda0cafac51c94a940ccff1f8cbcccaa0ea
              • Instruction ID: 94741377a39cc516d0a3fd41f0f1c9d3db290093d3f09a6f20a61eaf8395c345
              • Opcode Fuzzy Hash: 40fac1759dc19afbb69e2d3932a09bda0cafac51c94a940ccff1f8cbcccaa0ea
              • Instruction Fuzzy Hash: E401A430D0D68E9FEB9EEF2484596FD3BA1FF56351F81007AE808C2192DB36A560C744
              Function 00007FF848E6BA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd12f5d1b0b7ba98cead9b42af48da7b6a1f9e240251c9610de3ce71acdad147
              • Instruction ID: ee893dcce2330f5abbf134963b150b576c28085447eb40252acaae6112af6297
              • Opcode Fuzzy Hash: dd12f5d1b0b7ba98cead9b42af48da7b6a1f9e240251c9610de3ce71acdad147
              • Instruction Fuzzy Hash: D5016970D1C94E8EEB98FF6884592BE7AA0FF58344F40047AD41ED2192DF75B5908704
              Function 00007FF848E6284D Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9023913bc9b3984737f418174a5d2a1539214db12288b7eaa69bfb22060f97c7
              • Instruction ID: 349a9375f6fbfbc1735ab688f534f4c05cbcbb63184da5c761f979050b4681a6
              • Opcode Fuzzy Hash: 9023913bc9b3984737f418174a5d2a1539214db12288b7eaa69bfb22060f97c7
              • Instruction Fuzzy Hash: 95017C30D1D68E9FE755FB2488496B97BE0FF69381F8145B6D408D60A2EF38E1408604
              Function 00007FF848E6A849 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6c1cc9563f8ac4ca6e7e8e682089ddd315edf0cc626eaec18885eb7e6499929
              • Instruction ID: 5e443f2d2b157a8dd5c01c46b0490d1cae428bdcd542ffa403340b4647ac6a76
              • Opcode Fuzzy Hash: a6c1cc9563f8ac4ca6e7e8e682089ddd315edf0cc626eaec18885eb7e6499929
              • Instruction Fuzzy Hash: 5B015A30D5D68A9FE752FB34984D5A97BE0FF1A380F8508F6D408C60A2EE38A4948711
              Function 00007FF848E77BCD Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E77000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E77000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e77000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f56dbb99227ae4d97bd7198ec30dcad9a4a17dd583aa7b2090b4ca1150ce4830
              • Instruction ID: f75971f61411045c9e6c5a38d38facf002f12eca953d76d2b8a0238013cf4075
              • Opcode Fuzzy Hash: f56dbb99227ae4d97bd7198ec30dcad9a4a17dd583aa7b2090b4ca1150ce4830
              • Instruction Fuzzy Hash: 9C01BC3090D64A9FEB59EF24C8592BA7BA0FF0D384F0008BED00AC61A2DF39A550C745
              Function 00007FF848E62EE9 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a626ba5c933db3067ffb70e64072f98df3e8811f7db49af06c048622f9c9c7f
              • Instruction ID: 0775a062e9eb63e7c89aca4a2a6b3f53fa8003e9bb164d71f612ed1632d73bbc
              • Opcode Fuzzy Hash: 1a626ba5c933db3067ffb70e64072f98df3e8811f7db49af06c048622f9c9c7f
              • Instruction Fuzzy Hash: 6801BC30D1D2898FE742BB7488492A97BE0FF5A380F8605F2C408DB0A7EB38A444C315
              Function 00007FF848E77B59 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E77000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E77000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e77000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b632918ac357b928ef18c9de10d2d7d0290865f0d6b49274345b2d3371dba92b
              • Instruction ID: c94f327453d5086049de91ea0274252916e69383a42ba442e6605da923cf46bc
              • Opcode Fuzzy Hash: b632918ac357b928ef18c9de10d2d7d0290865f0d6b49274345b2d3371dba92b
              • Instruction Fuzzy Hash: 6C018C3094D6898FDB59EB2488692BA7BA1FF16340F5104FAD41AC7192DF39A944CB01
              Function 00007FF848E775A9 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E77000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E77000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e77000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a8d7a351a44057321b7eac2fc7b00ffe04a1e44b07088f8d2424738a81bea23
              • Instruction ID: d066433d58db8a5bbce7712f9c342ab5dc44ad950b88bbfdb74f4d32a7c52691
              • Opcode Fuzzy Hash: 6a8d7a351a44057321b7eac2fc7b00ffe04a1e44b07088f8d2424738a81bea23
              • Instruction Fuzzy Hash: 06018F7090E68A9FE742FB3888595A97BF0FF1A380F0549F2D408CB0A2EF38A444C711
              Function 00007FF848E60608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d490f57069725e2aca0ec9efb147bd30c973e02ce5dfa7430e2133ae02c4003
              • Instruction ID: ab9b4052bf5073c26fd267dbac3fa9c95cccfb503740bfd462d7f525bd086c3b
              • Opcode Fuzzy Hash: 7d490f57069725e2aca0ec9efb147bd30c973e02ce5dfa7430e2133ae02c4003
              • Instruction Fuzzy Hash: F6018C3091950E9EEB48FF24C458ABA73A1FF18355F9008BEE81ED21D2DF39B150C614
              Function 00007FF848E60610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b579d1a39accbaf80abde9e0f29297a2ce3fb2bbdeed8f4ae96c2a220bf5ea9
              • Instruction ID: 846e7db9bd2692da1e58071211879ac7da95f746155ab1ca8432d7a30a47daac
              • Opcode Fuzzy Hash: 3b579d1a39accbaf80abde9e0f29297a2ce3fb2bbdeed8f4ae96c2a220bf5ea9
              • Instruction Fuzzy Hash: 47016930919A4E9EEB48FF2488486B973A0FF19345F9048BEE40ED21D2DF3AB550C604
              Function 00007FF848E62339 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f53d88ef9653837cd7c835f97cc965968a7a8848d97928c9f4da4e5c4b985b9
              • Instruction ID: 25d4504e87be0fc1174f3111df6a4d156494b44743298c4b13f5494d611fd64f
              • Opcode Fuzzy Hash: 4f53d88ef9653837cd7c835f97cc965968a7a8848d97928c9f4da4e5c4b985b9
              • Instruction Fuzzy Hash: 8A11123084D61ACFEB94FB24C8557A877A0BF42350F5002F9C41DA7293DF782999CB44
              Function 00007FF848E61220 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74a8af73d9260272748f4e36049eed5f37f8e8cdf6fe0583ba0784b28a1e00f8
              • Instruction ID: 0ed2eaacd0ceb8315195e05bc271dd6c2fc9fa8ceab02fd349bf6eb1a0cf51a1
              • Opcode Fuzzy Hash: 74a8af73d9260272748f4e36049eed5f37f8e8cdf6fe0583ba0784b28a1e00f8
              • Instruction Fuzzy Hash: 9AF0FF70D0DA4A8EEB89AA6894183FA77E0FF16395F40047AD41AE20C1EF342414D244
              Function 00007FF848E62769 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc2a1b645ad598f8fa17f1238a08638924238669e0da90824fe1204f963b38f2
              • Instruction ID: 5bf1d8de033dbb9a7411586fa7c383e609263a0031052049866dd5c32ceb2974
              • Opcode Fuzzy Hash: cc2a1b645ad598f8fa17f1238a08638924238669e0da90824fe1204f963b38f2
              • Instruction Fuzzy Hash: 1DF0C23080E38A8FEB59AF3488282A93B60FF16350F4504BBE809C61D3EB38B414C701
              Function 00007FF848E6B5D5 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6a000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58aefc205258068a0c53b7d6f869cc863dd74521bc64a41d3c60149ee9e28fbd
              • Instruction ID: f02478118619be9d195b5dca91552fb5cdc39a8d56d7ef169bddbe8248eb6572
              • Opcode Fuzzy Hash: 58aefc205258068a0c53b7d6f869cc863dd74521bc64a41d3c60149ee9e28fbd
              • Instruction Fuzzy Hash: D7F0E270D0892E8EEBA5EB18C445BE9B3B1FFA8740F5042EAC40DE3155DB34AE858F40
              Function 00007FF848E627DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 646d0d06d6dc366e82df24f409371d2482a6c5e0fc29438e3d21e3748b477ac1
              • Instruction ID: c311805b4d98ee595f8a5288b9064cba75929e129b6695011092bacd07fbcd90
              • Opcode Fuzzy Hash: 646d0d06d6dc366e82df24f409371d2482a6c5e0fc29438e3d21e3748b477ac1
              • Instruction Fuzzy Hash: 3FF09A3080E7CE8FEB59AF2488692B93BA0FF56341F8045BAE809C61D2DB39A454C701
              Function 00007FF848E62392 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E60000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e60000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2199c17b9e15604cdf40ccc7e00f3c828e8559d4279814e32eda66964bd4021
              • Instruction ID: 75832a67e9622cda44f8c88aa5e7cc06790acaa44abd869d5b9ac06cb5a088d2
              • Opcode Fuzzy Hash: f2199c17b9e15604cdf40ccc7e00f3c828e8559d4279814e32eda66964bd4021
              • Instruction Fuzzy Hash: 06F0173090851ACFEB64FB24C844BA873A0FF51360F1042AAC42EE72D2DF3429988B40
              Function 00007FF848E6F875 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1cef851ff2770797bfe2095c91877aae38f5c1781db640e268a1208d7b69cf71
              • Instruction ID: 1b04763dfda48c5b3af74d49492b3cfd07b81f68343c0e36ff55168f1359a4d9
              • Opcode Fuzzy Hash: 1cef851ff2770797bfe2095c91877aae38f5c1781db640e268a1208d7b69cf71
              • Instruction Fuzzy Hash: 8FF09870D0861A8FDB68EF14C9947BE76B1FF58381F5001AAD04DA3291CB356E818F44
              Function 00007FF848E6F1F1 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eda6f5035d16d6982b338a09a329cad94c81e7b2f00d61962846eb15f774ed07
              • Instruction ID: 506ec158e975f8213386319376caf6e84414be780ff26fd8f816e0edd6cb63d8
              • Opcode Fuzzy Hash: eda6f5035d16d6982b338a09a329cad94c81e7b2f00d61962846eb15f774ed07
              • Instruction Fuzzy Hash: 8EF0C9B0D0852D8FDBA8EF04C9907ECB7B1BB58341F4040AE924DB3281CB346A81DF58
              Function 00007FF848E7529B Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43b9e73c9dff2678486ee780fbf43e32efd46f73399d5b7c492c393ec5e13e8d
              • Instruction ID: ee0c1206977653850de7619186cad1509da20b20f9f00e115d0e0e5c241005ee
              • Opcode Fuzzy Hash: 43b9e73c9dff2678486ee780fbf43e32efd46f73399d5b7c492c393ec5e13e8d
              • Instruction Fuzzy Hash: 05D0C971D19A698FD794EA58948D2A8BBF1FB54244F80402BC008D3145DF3155418B41

              Non-executed Functions

              Function 00007FF848E6F8CD Relevance: 7.6, Strings: 6, Instructions: 100COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: ($=$D$N$[$e
              • API String ID: 0-4213131990
              • Opcode ID: cabe54193b6589d89ce147642f5f39c4dd69c708456382b65cb8109ff833404a
              • Instruction ID: f6653469bfde29917cbb25830095807d1329c9eb9e9f0fb00f6d8ce7bba41c66
              • Opcode Fuzzy Hash: cabe54193b6589d89ce147642f5f39c4dd69c708456382b65cb8109ff833404a
              • Instruction Fuzzy Hash: A44192B0C0822A8EEBA4EF25C8847EDB6B1BF54345F5045FAD04DB22C1DB786A84DF54
              Function 00007FF848E6F789 Relevance: 7.6, Strings: 6, Instructions: 93COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: "$)$7$Z$[${
              • API String ID: 0-1517537208
              • Opcode ID: 2b9d5f8a27c2fa59c5c86157400cca768f04f333a7cff7d579c7a1c616503e4c
              • Instruction ID: 06459f10c3f292c6732f4501af1db61a7ad64621207952f7541b8c5e0e524b9d
              • Opcode Fuzzy Hash: 2b9d5f8a27c2fa59c5c86157400cca768f04f333a7cff7d579c7a1c616503e4c
              • Instruction Fuzzy Hash: E0419070C0822ACEEBA8AF15C8587FDB6B2BF14345F9041FAD44D662C1DB782A84DF55
              Function 00007FF848E7112D Relevance: 5.1, Strings: 4, Instructions: 132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E71000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e71000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: "$%$,$/
              • API String ID: 0-342641549
              • Opcode ID: cfbbee634a43dc87e4a35bb9cd6bcd8d90a0b2c21b87a2263ba30aad1f74fd9f
              • Instruction ID: b25d0a4b976ff6f0fd4b18020cb597ebc5988c5d4eaae15b06941c2a7c00c34a
              • Opcode Fuzzy Hash: cfbbee634a43dc87e4a35bb9cd6bcd8d90a0b2c21b87a2263ba30aad1f74fd9f
              • Instruction Fuzzy Hash: AC51C370D08269CFEBA8EF54C894BECB6B1BF54345F5040AAD44EA7291DB396A84DF04
              Function 00007FF848E6FC78 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2284133862.00007FF848E6F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E6F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_16_2_7ff848e6f000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: =$D$N$]
              • API String ID: 0-3572561417
              • Opcode ID: 0549f4f617dd14ca37b7323620e4651b412577a92a0299d5a1ebfa843f74681c
              • Instruction ID: 8a30eae215a7f19b9d4dd7c03ee66bd551aa76270ba5d8e9bf60860eaf928fe9
              • Opcode Fuzzy Hash: 0549f4f617dd14ca37b7323620e4651b412577a92a0299d5a1ebfa843f74681c
              • Instruction Fuzzy Hash: 7131A470C0826A8EEBA4EF15C8847EDB6B1BF54341F5044FAD04DB2281DB786AC4DF54

              Executed Functions

              Function 00007FF848E8F7A5 Relevance: 2.6, Strings: 2, Instructions: 117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID: &$0
              • API String ID: 0-347091530
              • Opcode ID: 2327ab736b1e8289450e73d7c563a518e4d0e90ecfc19bbd541dfd81f32e9cd9
              • Instruction ID: 1c436e4365da024b8832969350abe6213505dd3e807ddee78c37364cf32b61b9
              • Opcode Fuzzy Hash: 2327ab736b1e8289450e73d7c563a518e4d0e90ecfc19bbd541dfd81f32e9cd9
              • Instruction Fuzzy Hash: CD41E7B0D18A298FDBA8EB1888957E8B7B1FF58345F5041F9D40DA3291DB346EC18F49
              Function 00007FF848E912D3 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID: /
              • API String ID: 0-2043925204
              • Opcode ID: 450a2c0d64f3440f6a6caaaf156f76439aafb774e1d82bf8913fa0a554c99bdd
              • Instruction ID: d12474eca28b2188b8930acfadff26ee640b8c959c520a805b039a5069bd58c3
              • Opcode Fuzzy Hash: 450a2c0d64f3440f6a6caaaf156f76439aafb774e1d82bf8913fa0a554c99bdd
              • Instruction Fuzzy Hash: 68011670D082198FEB28EF80C8906ECB7F1FB19341F10017AD04A9B390DBB96A84CE48
              Function 00007FF848E8D6F9 Relevance: .4, Instructions: 389COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90b08b4d665a7e0df38095310138d782feed7e9e638787b068773844ccfbfb15
              • Instruction ID: dcdeec57cf61a400cafd14f4d86982fda9550fd7dbac9443ed53f73e3b83049b
              • Opcode Fuzzy Hash: 90b08b4d665a7e0df38095310138d782feed7e9e638787b068773844ccfbfb15
              • Instruction Fuzzy Hash: 21E14B71E19A5A8FEB98EB68C4547BCB7B1FF58340F4440BAD00DE3292CB38A840CB55
              Function 00007FF848E9320D Relevance: .3, Instructions: 324COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48b07097039cf53c1d8d300e01a3bb456405c943047f8ddbdce050bb36dc07b2
              • Instruction ID: 4ac17cb8884e0aeed502a7077514b7a63fac3211074ef693d03c4401caa9f62d
              • Opcode Fuzzy Hash: 48b07097039cf53c1d8d300e01a3bb456405c943047f8ddbdce050bb36dc07b2
              • Instruction Fuzzy Hash: 2D116D7190D68A9EE742A778C8186A97BF0FF1A344F0904F7D049C71A3DA78A944C712
              Function 00007FF848E937A9 Relevance: .3, Instructions: 313COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8153202821b7bad428cdd0f3baf7406d76a19ad1470261533b996e0529f3fd6
              • Instruction ID: 4aab4c9f0d1de2a1869304ecdea6ef17434686ce611dc960b7375ad1889d20ec
              • Opcode Fuzzy Hash: b8153202821b7bad428cdd0f3baf7406d76a19ad1470261533b996e0529f3fd6
              • Instruction Fuzzy Hash: D181276370C9566ED309BABCF8551F93B90FF853B6F08553BC189C9063DA24604ACBA5
              Function 00007FF848E93A45 Relevance: .3, Instructions: 309COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dec7549b277231040b66d777a6abdf309e6944ae9a078cf00a19dd1ccaf0459
              • Instruction ID: 66ef5ccb3cb7a7253bc7c6bab795fb9af2ff82cba5ff195313479a031652127c
              • Opcode Fuzzy Hash: 7dec7549b277231040b66d777a6abdf309e6944ae9a078cf00a19dd1ccaf0459
              • Instruction Fuzzy Hash: 4BD1A370D1862D9EEBA4EB98C8957ECB6B1FF58345F1051AAD00DE32A2DB746984CF04
              Function 00007FF848E937D3 Relevance: .3, Instructions: 283COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 808a31c158592cbab8727047cd5655c3a4d87eeb0e97b5cc2aefd14922bcaa5e
              • Instruction ID: 5361bf03334296763c5b11bc3a69fc76ee53829cdc5ecbde6866380feb4808fc
              • Opcode Fuzzy Hash: 808a31c158592cbab8727047cd5655c3a4d87eeb0e97b5cc2aefd14922bcaa5e
              • Instruction Fuzzy Hash: FF71296374D9666DD309BABCF8561F93B50FF823B6F08553BC188C9063DA24604ACBA5
              Function 00007FF848E81688 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4c46dc6df35f0e1966dd73df56f48a07926ce284dd5b27ee26d54931882f21b
              • Instruction ID: aa3eb06761b9f8f2f5ddfc146bf443acc05ebd78a076f60584b7e87a3a27e4d0
              • Opcode Fuzzy Hash: c4c46dc6df35f0e1966dd73df56f48a07926ce284dd5b27ee26d54931882f21b
              • Instruction Fuzzy Hash: CD819D31E0CA898FDB59EE1C88556BD77E2FF98744F54417AE44DC3286CE35AC028785
              Function 00007FF848E806C0 Relevance: .2, Instructions: 230COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0cf19a6f0f88e55929ea06c406a6323db1e45562d4e62a9bdcbab027f244365
              • Instruction ID: 5970a0481172c3f4ffdef1ec80fe1b9b88dd460d9192dac5dfecc865cf5caca6
              • Opcode Fuzzy Hash: c0cf19a6f0f88e55929ea06c406a6323db1e45562d4e62a9bdcbab027f244365
              • Instruction Fuzzy Hash: 97612552E0F9C69FE215B67C68191BC6BE0FF52790F4842F7C0488B0D7DE39984687A9
              Function 00007FF848E81CCD Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad2f078f85a3ba35b4fd6b0437c3487d4d1ee298ee2e0b3638d53b94fb2600e6
              • Instruction ID: adbe1bcb2ce266e3fc27060ea640d9988192c6922893d5b21466901ee47cbc67
              • Opcode Fuzzy Hash: ad2f078f85a3ba35b4fd6b0437c3487d4d1ee298ee2e0b3638d53b94fb2600e6
              • Instruction Fuzzy Hash: 9351C031A0CA898FDB48EE1C88546BA77E2FF98745F54417ED44EC3282CF35E8028B85
              Function 00007FF848E938D3 Relevance: .2, Instructions: 171COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 180adf83ebf7b7032771be84868df1e17178f1110004f56a35c335dc43d763dc
              • Instruction ID: 81f4bcac2400be95d6f23068dc7834377f1958e7d1779cad7ed613a3a9fe8315
              • Opcode Fuzzy Hash: 180adf83ebf7b7032771be84868df1e17178f1110004f56a35c335dc43d763dc
              • Instruction Fuzzy Hash: CA41572370D9626ED719BBACFC965F93B60FF423B6F04047BC108CA0A6DA615049C7A6
              Function 00007FF848E820E5 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd9ad04c4b158e112b4c62b8ab8fe3756b3dafba301c81a042118f433bd5591e
              • Instruction ID: 0cfd020878c3d34456de60c57948eb956ac60c3c2ba90ac657d3b6e80e125885
              • Opcode Fuzzy Hash: dd9ad04c4b158e112b4c62b8ab8fe3756b3dafba301c81a042118f433bd5591e
              • Instruction Fuzzy Hash: 4D41EF31E0DA4A4FE755EB3898551BDBBE0FF86390F8845BAD40CC7293DF28A8418359
              Function 00007FF848E9512D Relevance: .1, Instructions: 143COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c53094375be0243c11b2bfb0b729d5f557f8f1964b058bc3343a0068570f8ce
              • Instruction ID: a6d15632d29576eaf8ed49d0e1fe78e17b7fcceb2cb842fa2ce998b015084a72
              • Opcode Fuzzy Hash: 2c53094375be0243c11b2bfb0b729d5f557f8f1964b058bc3343a0068570f8ce
              • Instruction Fuzzy Hash: 1D513B70D18A5D9FEF94EBA8D855AACBBF1FF58340F1001AAD00DE3296DF7468818B40
              Function 00007FF848E83165 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 021d59b582f68382772433f5baa8545fbf4c464bc473bbfad568d24564987563
              • Instruction ID: a2db042098c7fd9e2df394916b72d040dc6b5f847454d9ff504ee097fe4dac97
              • Opcode Fuzzy Hash: 021d59b582f68382772433f5baa8545fbf4c464bc473bbfad568d24564987563
              • Instruction Fuzzy Hash: E9413330D0D60A8EEB54EBA8D4546FDB7B1FF49340F90517AD409E3292DF38A9458B58
              Function 00007FF848E8F30C Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52e091ac7ee3ac699eace6d3e3dce36790f85c7b0087b2b3ad0eddd9f8647e38
              • Instruction ID: 25dc15c8202f40a16d4a2420f026e0446f8577c388f1d1147c8548c5b422bdfc
              • Opcode Fuzzy Hash: 52e091ac7ee3ac699eace6d3e3dce36790f85c7b0087b2b3ad0eddd9f8647e38
              • Instruction Fuzzy Hash: B84116B0D18A198FDBA8EB1888857E8B7F1FB58341F9041E9D40DE3291DB346AC18F49
              Function 00007FF848E836BA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9894b2131cf7b75a8f84b3da758d83387ecda1952fae48cb1392464864bfc9ef
              • Instruction ID: f51fd95b8448f3cd39bca669cc6d471e2389e2ff8b4a935dfdad3488cf7b6cdc
              • Opcode Fuzzy Hash: 9894b2131cf7b75a8f84b3da758d83387ecda1952fae48cb1392464864bfc9ef
              • Instruction Fuzzy Hash: 4531AD71A0C90A8FE758EF68D8193AD7BE1FB96365F90007AC00AD72C6DFB614018B45
              Function 00007FF848E80805 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03af94a7f6d12e01ddad62f61591ed7cd3dee963ef7c7a2c85caa036a6ac0d7a
              • Instruction ID: c7c714521c44427e1dd0bdccfb16785b170122c09e69822878354e7de8e22096
              • Opcode Fuzzy Hash: 03af94a7f6d12e01ddad62f61591ed7cd3dee963ef7c7a2c85caa036a6ac0d7a
              • Instruction Fuzzy Hash: AD2137A2E5D9869FE318B67CA85A1FC77D0FF123A4F484173D048CA083EE245086C2A5
              Function 00007FF848E8AC8D Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85657e30f44ed2e2b52dcb5b3bf85e1198a1ca248c15cecebe24131fc6265899
              • Instruction ID: 764d4267dd1ebcfed21a9f0192ba7ff5a41ab4e1b1790e8dc04ffc8d8a26c2b3
              • Opcode Fuzzy Hash: 85657e30f44ed2e2b52dcb5b3bf85e1198a1ca248c15cecebe24131fc6265899
              • Instruction Fuzzy Hash: A021DE72E0C94AAFE741FB3898592ADBBE0FF55391F4845B6C418C7092EF3564828746
              Function 00007FF848E920E0 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 222859ae094397c03898a784b5344f6bcb3c4ea53f3d8866b14f93f778dbb588
              • Instruction ID: 88d85add2a1f4b2196765df910394f835c3aaf2c3d1194f7e4c7384a23960928
              • Opcode Fuzzy Hash: 222859ae094397c03898a784b5344f6bcb3c4ea53f3d8866b14f93f778dbb588
              • Instruction Fuzzy Hash: 4C21FF3088E3C50FDB47AB7088655E93FB0EF07244F0904EBD499CB4A3DA6D695AC312
              Function 00007FF848E8335C Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e5277aebb611a1251c6308fe910cb32276c58260096fcb94fb8a3b2713fba81
              • Instruction ID: 3df31c7f5dbf9f6ecfd298deafd7f29313ca9267f406c0fda3a87734ffef5a39
              • Opcode Fuzzy Hash: 4e5277aebb611a1251c6308fe910cb32276c58260096fcb94fb8a3b2713fba81
              • Instruction Fuzzy Hash: F1217C3084D68A9FE782EB78C8586A97FF0FF5B351F0505EAD058CB162DA389545CB21
              Function 00007FF848E80A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7353bf645c9754b7e4e257cf51d5b508a4f4c3650f517ccceac23b609b761f24
              • Instruction ID: 7e0c47fb45aa34becf0daed6bc0114f1c18e7bee286ea013bb0a9d0d869596fc
              • Opcode Fuzzy Hash: 7353bf645c9754b7e4e257cf51d5b508a4f4c3650f517ccceac23b609b761f24
              • Instruction Fuzzy Hash: 21116A31E1894E9EE790FB6888492BE7BF0FF59390F8005B6D419C71A2EF38A5448760
              Function 00007FF848E94605 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8db29ead4550df3f6c06a14c015e8b5843a0b89b648f2b749f6476cd2c4d65cb
              • Instruction ID: 915f0ebb1ef3d6ba3c0c93788aba02f0413e8b2cf2eaec7da764935107f1ad10
              • Opcode Fuzzy Hash: 8db29ead4550df3f6c06a14c015e8b5843a0b89b648f2b749f6476cd2c4d65cb
              • Instruction Fuzzy Hash: 95114CB0D0DA4E9FEB98EF68C4592BD7BA0FF58349F0005BAD419C3292DB75A544CB41
              Function 00007FF848E94569 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce65ddbf753fb0095326824ed7a5559933910dd659d4ff64bec20002e835ae01
              • Instruction ID: 9096db02512b09cb8b147a991056009d4bf6b4cb60fe9a97c022fccee225b04b
              • Opcode Fuzzy Hash: ce65ddbf753fb0095326824ed7a5559933910dd659d4ff64bec20002e835ae01
              • Instruction Fuzzy Hash: 47219D70D0DA8E9FEB99EFA884592B97BB0FF29349F0405BAD409C7192DB78A540C741
              Function 00007FF848E8BFB7 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b25a9faad81a2aac5ec1edc65969388ae324b140ef02117ed7078af624f2cd1
              • Instruction ID: 5537246bd33c76c2690aed4afe0748e82c298eb674fe74c20ed031fc28d206b5
              • Opcode Fuzzy Hash: 3b25a9faad81a2aac5ec1edc65969388ae324b140ef02117ed7078af624f2cd1
              • Instruction Fuzzy Hash: 23114330E1C91D8EDB94FBA89495AEDB7B1FF59340F901129D00DE7292DF3868819B45
              Function 00007FF848E8120D Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0accb21a1c5bf81e42e3ed203ff5682edff3d952920c93acff543faf46399989
              • Instruction ID: 58631186689e76b70fa2cfbae431f599ff3bf63ee8fce25348f08ad9e485bf88
              • Opcode Fuzzy Hash: 0accb21a1c5bf81e42e3ed203ff5682edff3d952920c93acff543faf46399989
              • Instruction Fuzzy Hash: 24119D7090D54A8EEB98EB6884996BD7BE0FF5A341F4004BAD41AC71D2EF3A6444D700
              Function 00007FF848E94B25 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22785a464e7a2add4b4002851444de88d3ba16ac9ea3c0a1025a2ef064ba8630
              • Instruction ID: 7a86c267da0efbfe47359cfb2c4b1b9566e07bcee92f85344fcef98ed8cf00c9
              • Opcode Fuzzy Hash: 22785a464e7a2add4b4002851444de88d3ba16ac9ea3c0a1025a2ef064ba8630
              • Instruction Fuzzy Hash: DA11B270D0DA898FEB59EAA488653B87BA0FF15349F0400BED00DC6592EF795444C705
              Function 00007FF848E94F2D Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 098ac3b7c2a783ee0a0a5aa10ce9734e8afaf0ce583271cfa47874eed56aa6c5
              • Instruction ID: 9dfc8d183f045d818800109b8be54fa677020560e220a69164fa3ea4b39ba4df
              • Opcode Fuzzy Hash: 098ac3b7c2a783ee0a0a5aa10ce9734e8afaf0ce583271cfa47874eed56aa6c5
              • Instruction Fuzzy Hash: DB116A70D1C94A8FEB90FBA888482BD7BE1FF59388F4549B6D418C7192EF78A5448740
              Function 00007FF848E92F15 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 631090ee6d78063ddffe39624dc5408daac9f56f12fff1e66595a7b8f9b8d827
              • Instruction ID: 4aeb9dae6474db5f08b683bb1d115c74c70dbc9a62e3f2439ccef25012772770
              • Opcode Fuzzy Hash: 631090ee6d78063ddffe39624dc5408daac9f56f12fff1e66595a7b8f9b8d827
              • Instruction Fuzzy Hash: 9B11A030D0D94E9EEB81FB6488496B97AE0FF19340F0505B6D418D3197EF78A5448705
              Function 00007FF848E97421 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E97000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E97000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e97000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 517ba9cd0f59f5e2359cb3825f21807d77dec7b3a81897d8e6df2120c7ea7943
              • Instruction ID: 56c5270f4e52fc0892cfa1bc16858d5274585d27cc5aaefbe4be2b93851e8777
              • Opcode Fuzzy Hash: 517ba9cd0f59f5e2359cb3825f21807d77dec7b3a81897d8e6df2120c7ea7943
              • Instruction Fuzzy Hash: BB11573090C54E9FE741FFA88C486AA7BF4FF19385F0004B6E818C70A2EB78A5888751
              Function 00007FF848E8C6F0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 391c2da60447eaa8988fa54258fb8de10c6df8fa89e7ce3c3e576ef53de9dc96
              • Instruction ID: 8e911c55a4186bb3c0a2ff92df24ac87dff56f9cb0a888be3fe93f842442c939
              • Opcode Fuzzy Hash: 391c2da60447eaa8988fa54258fb8de10c6df8fa89e7ce3c3e576ef53de9dc96
              • Instruction Fuzzy Hash: BA11467090DA8E9EEB86FB7488182BD7BB0FF1A340F4404BBD819C70A2DB356958C754
              Function 00007FF848E94E99 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1051ed865eeed9e064cd289e7acaf9f8c8a5d698c897768527d85aeb00d43b33
              • Instruction ID: 320d3dafb700a942236a216a6a55481e6bd29291d6f020ee5c61c2f4d8e46061
              • Opcode Fuzzy Hash: 1051ed865eeed9e064cd289e7acaf9f8c8a5d698c897768527d85aeb00d43b33
              • Instruction Fuzzy Hash: 91118B3090D68A8FEB59EB6888692B97BF0FF19348F0404BAD409C7192DF7864848701
              Function 00007FF848E80F1E Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92ff1d9c68f1f13ebb9dda1c3736e0aa9794527db97344c7f9fe87587dbb4527
              • Instruction ID: 8fc5668a327a4cd28b12ffb34bd15f16c291c3e5e45e6411afecb258ff50a671
              • Opcode Fuzzy Hash: 92ff1d9c68f1f13ebb9dda1c3736e0aa9794527db97344c7f9fe87587dbb4527
              • Instruction Fuzzy Hash: D0112B31D099098FEB54FB14C855BEDB3B1FB94350F6042B9D40AA7295DF386D41CBA4
              Function 00007FF848E95F39 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a900096ab6f5cc98f9f0d1d33f7ca2a90356e3e631e3aa17e21181b1ec63030
              • Instruction ID: fb80bc2aa11690bdd4e04aacf316491cb4348206fc93ebd96bc2959133563313
              • Opcode Fuzzy Hash: 2a900096ab6f5cc98f9f0d1d33f7ca2a90356e3e631e3aa17e21181b1ec63030
              • Instruction Fuzzy Hash: 61118C30D0DA8A9EE791FB6488592B97FF0FF19350F4906F6D408C71A2EB78A4448716
              Function 00007FF848E94E0D Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abd142fe9653f96e700ee4c31c2e5fd666a181ac01b0cbb825301208e8d71860
              • Instruction ID: 4fffa5b62a041df8261e335cfbb8abdbd4ca42b055984baf7e7859d21093c01e
              • Opcode Fuzzy Hash: abd142fe9653f96e700ee4c31c2e5fd666a181ac01b0cbb825301208e8d71860
              • Instruction Fuzzy Hash: 83119E30D1D98E8FEB89FB6888596BD7BB0FF18348F0404BAD41AC6192DF74A580C741
              Function 00007FF848E927A1 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b819b15ded04b269cc6b08f0d70f78c82b0cfb097c9fa6efff1e03be52468bcf
              • Instruction ID: ba6e840634b625a8d3a525dc945423b91f645a5e18bf7024591b77de1c360b94
              • Opcode Fuzzy Hash: b819b15ded04b269cc6b08f0d70f78c82b0cfb097c9fa6efff1e03be52468bcf
              • Instruction Fuzzy Hash: 7D11AD30D5C54E8EEB82FBA8884C6F97BF0FF0A345F0048B6E818D7062EB74A1848745
              Function 00007FF848E83475 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb5fba97c18247c7af3108440b09afcd584e46930d602e117414912c6046911d
              • Instruction ID: 9743ac5dcaa2699727b7aef08c60c5ea4c6227878ce02a7ab9e0fa6b6ab3386d
              • Opcode Fuzzy Hash: bb5fba97c18247c7af3108440b09afcd584e46930d602e117414912c6046911d
              • Instruction Fuzzy Hash: 68117C3091C68E8FDB46FF68C4592BD7BA0FF19341F8004BAD419D3191DB38A540C704
              Function 00007FF848E8BDC9 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad40472561b697e270b026df343ce4e0bb83e3dd922dabeb368d001884c4dff7
              • Instruction ID: 105c11d099f569543a8de94f8e83b772796fbc4b28b494b6c7bddb6d22be03af
              • Opcode Fuzzy Hash: ad40472561b697e270b026df343ce4e0bb83e3dd922dabeb368d001884c4dff7
              • Instruction Fuzzy Hash: B4115730D1968D8FEB89EF6888682BD7BB0FF59341F9504AAE419C71A2DB39A540C740
              Function 00007FF848E94C4D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfc3c4b41257649df5f1f29e7cbe0e858acc42a311a8606b157e1b30360da52b
              • Instruction ID: 0af0552dd0fe1f7ada5967bb331fb841b0f35fd4fc29d0b215bd463b91298f43
              • Opcode Fuzzy Hash: cfc3c4b41257649df5f1f29e7cbe0e858acc42a311a8606b157e1b30360da52b
              • Instruction Fuzzy Hash: 78116A7090D64AAFEB58EBA488692BD7BF0FF18349F0405BED409C3296EF74A540CB01
              Function 00007FF848E925D1 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e67c8637ec6a54fdf63974639ba285d498f9296be73c554eb832d3d970d0beea
              • Instruction ID: c46fdb7772bd9ce922d70e7a83b165d11a37f53be1b661dfafce041c6aa15c32
              • Opcode Fuzzy Hash: e67c8637ec6a54fdf63974639ba285d498f9296be73c554eb832d3d970d0beea
              • Instruction Fuzzy Hash: 9E01883090D6498FEB49FB6488692B9BBA0FF19349F4104BED42AC2493DFB9A440C701
              Function 00007FF848E82E71 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c549d92526fc640bbfc9b57f2092fee37ec2fb99b24815ca244f4339623cb435
              • Instruction ID: 3f61adbb43bf3bf6ab6a43b4956a2481d9af89b876133a48138e476bc5189732
              • Opcode Fuzzy Hash: c549d92526fc640bbfc9b57f2092fee37ec2fb99b24815ca244f4339623cb435
              • Instruction Fuzzy Hash: 9001563091D64E8FE752FB2888886A97AE0FF19341F8115B6D40CD71A2EB38A5848A18
              Function 00007FF848E8C219 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fc79a2d628f8373a54967862d6d3afdaab9b180e38786cef57ef42cbd4340df
              • Instruction ID: 7b647a822d8c5d89fc991a64aad61242a3de6844f5437b4e37280b9fd606e8ea
              • Opcode Fuzzy Hash: 7fc79a2d628f8373a54967862d6d3afdaab9b180e38786cef57ef42cbd4340df
              • Instruction Fuzzy Hash: 3611AC3090DA8D8FDB89EF6484552AE3BA1FF6A340F9101BAD409C71D2DB39A558C784
              Function 00007FF848E805D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
              • Instruction ID: bef25fb6a556043b971e465400bb969342970cbe665ff1179c8db98394655a5d
              • Opcode Fuzzy Hash: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
              • Instruction Fuzzy Hash: FF01693090890E9EEB88EF24C0846BD77A1FF58385F90407AD41ED3190CB36A560CB48
              Function 00007FF848E81C41 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fccd89b06992c5f0ec8cdb1c4af9c96c61b67903ef1f4ddaed17c45c27f4123b
              • Instruction ID: f4606bfa46cb281a647f351fbfe82cddc8e1806bfd024f324df28ca1c28a0466
              • Opcode Fuzzy Hash: fccd89b06992c5f0ec8cdb1c4af9c96c61b67903ef1f4ddaed17c45c27f4123b
              • Instruction Fuzzy Hash: 4501817090D64D9FEB9DEF2494552BD7BA0FF56341F81117AE808C3191DB369560C744
              Function 00007FF848E97BCD Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E97000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E97000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e97000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2d1d15e3726273383c8bab69e8c60935acf8704dd103db56040b464944606c53
              • Instruction ID: 8419d0268ba02f88b3a3c439638df55d74f526965b6a76e0a4ea07d3e7d70fae
              • Opcode Fuzzy Hash: 2d1d15e3726273383c8bab69e8c60935acf8704dd103db56040b464944606c53
              • Instruction Fuzzy Hash: 1F01D27180D6899FDB49EF6488592BA7BB0FF09348F0404BED00AC61A2EF79A448C741
              Function 00007FF848E8BA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df819ce71aea8fb9c582637f2b77fb42d52ec15393297ed8d6bbfc6b11c19562
              • Instruction ID: 54dcb27067481753c17a45fe07853e472e5143a90fb12c75e0c9bb683affbfb8
              • Opcode Fuzzy Hash: df819ce71aea8fb9c582637f2b77fb42d52ec15393297ed8d6bbfc6b11c19562
              • Instruction Fuzzy Hash: 2801697090C94E8EEB98FF6888592BE7AA0FF58341F4004BAD41EC3191DF75A5908704
              Function 00007FF848E8284D Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ee534d3027d1d48034f6d250f18d8309ec363d680d7c03bd8986bc3b359b19c
              • Instruction ID: 030477b7caa127426a3d3bf793641788462c0105a32b0d2fb2a0acd062e47ee2
              • Opcode Fuzzy Hash: 8ee534d3027d1d48034f6d250f18d8309ec363d680d7c03bd8986bc3b359b19c
              • Instruction Fuzzy Hash: B9017830D1D64E9FEB65FB6488886AD7BE0FF59341F8145B6D408C70A2EF38A1408604
              Function 00007FF848E8A849 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b2cf540bd5a8fb4e6b72a64e324c37963ee53e5e6097ed830284d15346bd166
              • Instruction ID: 9f2a4038d1919ca805ddf8eec57309359e182e7221213302b65d2650b2f850aa
              • Opcode Fuzzy Hash: 5b2cf540bd5a8fb4e6b72a64e324c37963ee53e5e6097ed830284d15346bd166
              • Instruction Fuzzy Hash: 34017C3095D6899FE752FB74984D5AD7BF0FF1A340F8509F6D408C70A2EE38A4848722
              Function 00007FF848E97B59 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E97000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E97000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e97000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 206090ce5d7620ff4d0258bd75f5d084c44113102a0b1397cba9eecbe0baab1f
              • Instruction ID: 039ec0559c91e8527c3a292babb43c95d1fef873e2fc9deea547c12c8a3d2b1d
              • Opcode Fuzzy Hash: 206090ce5d7620ff4d0258bd75f5d084c44113102a0b1397cba9eecbe0baab1f
              • Instruction Fuzzy Hash: A101CC3090D6898FDB49EF6488692BA3BA1FF09348F0104FAD40AC7192EF78A904C701
              Function 00007FF848E82EE9 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5859af5e6f3df02cf18180b61496945a5f830da0a15891eef99283cf22540a45
              • Instruction ID: 9841da18a6c1d643255dcf0210cf7a85ff16c6f53ac2780c110fd8cb623eda5f
              • Opcode Fuzzy Hash: 5859af5e6f3df02cf18180b61496945a5f830da0a15891eef99283cf22540a45
              • Instruction Fuzzy Hash: 39017C31D1D6899FE752BB3488592A97BE0FF0A340F8605F7D408CB0A7EB38A444C715
              Function 00007FF848E975A9 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E97000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E97000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e97000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2f84b8d394fe9a7d8ed96dfe0bdd1317ba83d877fab0e1931407b22957ddc85
              • Instruction ID: 0e636396e5308e22f56a29ec3c40b00e213716f9d6ebaf031df88a22a2a64f3f
              • Opcode Fuzzy Hash: a2f84b8d394fe9a7d8ed96dfe0bdd1317ba83d877fab0e1931407b22957ddc85
              • Instruction Fuzzy Hash: 7F01847090E6895FE742FB7488596A97BF0FF1A344F0545F2D008C70A2EF78A448C715
              Function 00007FF848E80608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9076750c6fd98e1c75ec31a416f555ee5859e201bd397c5b785af50fc9a13925
              • Instruction ID: 2e01780f04598fd7d548b8620f4e6e7c9ece0f7f14d1bd933341b6c97a0d4e88
              • Opcode Fuzzy Hash: 9076750c6fd98e1c75ec31a416f555ee5859e201bd397c5b785af50fc9a13925
              • Instruction Fuzzy Hash: DB01463091850E9EEB48FB2484586BE72A2FF18345F9008BEE81AC2192DF36A150C614
              Function 00007FF848E80610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cae1a30083550757dd33d4a88940ef7077d4b40af8d5f68510dd144997066378
              • Instruction ID: 97f16020235db5c8f6ecdcced3623c206df443614b5348fb08c7425f3da156ae
              • Opcode Fuzzy Hash: cae1a30083550757dd33d4a88940ef7077d4b40af8d5f68510dd144997066378
              • Instruction Fuzzy Hash: B4016930919A4E9EEF48FF2484482BD72A0FF18345F9048BEE80EC31D2DF3AA550C604
              Function 00007FF848E81220 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a30e7258e54d2a7bfd4ca5d203cf500f4455728a07a517b9a55c078024f5df6
              • Instruction ID: a20c75c84566f7f8245d1a8034c33c8450b8524923b97d2efeb618b6b0867e54
              • Opcode Fuzzy Hash: 0a30e7258e54d2a7bfd4ca5d203cf500f4455728a07a517b9a55c078024f5df6
              • Instruction Fuzzy Hash: 58F08C70D0E54A8EEB98AAA894186FE77A4BF56395F40047AD41AC21D1EF345554D204
              Function 00007FF848E82769 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a3786f3b4d224e4719b6e485b68b1992e2f49a03e14663510927781f0f08ac9
              • Instruction ID: 649284672df3d226667161ee35c2e7976f7e8ae6b4f98ecd77ada9e96381c309
              • Opcode Fuzzy Hash: 5a3786f3b4d224e4719b6e485b68b1992e2f49a03e14663510927781f0f08ac9
              • Instruction Fuzzy Hash: 02F04F3180E6898FEB59AF3488592A93B61FF16345F4504BAE809C61D2DB39A454C751
              Function 00007FF848E8B5D5 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8A000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8a000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a2184d54f57ed764dd906a7927be4e2583a65a5324fc86202497e71213eac61
              • Instruction ID: 7b6465b24fb4d15d6e96de50b56e0124ad68f182738eaa02fcabf14e5d2bdff9
              • Opcode Fuzzy Hash: 3a2184d54f57ed764dd906a7927be4e2583a65a5324fc86202497e71213eac61
              • Instruction Fuzzy Hash: 8BF0E270D0992D8EEBA5EB18C455BE9B3B1FFA8300F5042AAC40DE3155DB35AE859F40
              Function 00007FF848E827DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E80000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e80000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef5fd0e9ea7f77ef7da0ef8e3ff0755005d404959c03aa93f2a4e8e029c31ac3
              • Instruction ID: 074efdd15b6b1674ccf706808ee0e2a36b43082ffa41cbd428bd544a3f57454d
              • Opcode Fuzzy Hash: ef5fd0e9ea7f77ef7da0ef8e3ff0755005d404959c03aa93f2a4e8e029c31ac3
              • Instruction Fuzzy Hash: 81F09A3080E6CA8FEB59AF2488592AD3BA0FF06341F8045BAE809C61D2EB39A454C701
              Function 00007FF848E8F1F1 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eda6f5035d16d6982b338a09a329cad94c81e7b2f00d61962846eb15f774ed07
              • Instruction ID: 1fccfb76389168fb04054d0ce279cbbdde440fdec7f6a48bcfb15d4202eca6e2
              • Opcode Fuzzy Hash: eda6f5035d16d6982b338a09a329cad94c81e7b2f00d61962846eb15f774ed07
              • Instruction Fuzzy Hash: B7F045B0D085298FDBA8EF05D9907ECB7B1BF58345F4040EE964DA3291CB345A81DF59
              Function 00007FF848E8F875 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1cef851ff2770797bfe2095c91877aae38f5c1781db640e268a1208d7b69cf71
              • Instruction ID: a6a7bf86e6553959e44609d9b5500066b352be1f4d000c33f111dacc144439a4
              • Opcode Fuzzy Hash: 1cef851ff2770797bfe2095c91877aae38f5c1781db640e268a1208d7b69cf71
              • Instruction Fuzzy Hash: F1F09870D0861A8FDB68EF14C9947BE76B1FF48381F5001E9D04DA3291CB386E819F45
              Function 00007FF848E952A0 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8ba76930b9f00b1c3ec89a34eece95164835aca83e21da942aff4f75947623e
              • Instruction ID: b31e54bde9f6adfdb39b9e93c88cdf0d21ea2e60d01c333c750ea0b8f57e7063
              • Opcode Fuzzy Hash: f8ba76930b9f00b1c3ec89a34eece95164835aca83e21da942aff4f75947623e
              • Instruction Fuzzy Hash: 00C0CA72C18A29CFDB98DA88948D2A8BBF0FB55248F00002BC10893100EB3144428B01

              Non-executed Functions

              Function 00007FF848E8F8CD Relevance: 7.6, Strings: 6, Instructions: 100COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID: ($=$D$N$[$e
              • API String ID: 0-4213131990
              • Opcode ID: cabe54193b6589d89ce147642f5f39c4dd69c708456382b65cb8109ff833404a
              • Instruction ID: cdff4350139187ae646860fc6e225bc10e712249cfcc57d0e247ebae94d221b1
              • Opcode Fuzzy Hash: cabe54193b6589d89ce147642f5f39c4dd69c708456382b65cb8109ff833404a
              • Instruction Fuzzy Hash: 1F41D4B0C0822A8EEBA4EF25C8847EDB6B1BF55345F5045FAD04DA3291CB386AC4DF44
              Function 00007FF848E8F789 Relevance: 7.6, Strings: 6, Instructions: 93COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID: "$)$7$Z$[${
              • API String ID: 0-1517537208
              • Opcode ID: 2b9d5f8a27c2fa59c5c86157400cca768f04f333a7cff7d579c7a1c616503e4c
              • Instruction ID: e9acd91455b82d123070d4ffa80e3bcaf0e6038e25e35260c6bea03d8b5c77c0
              • Opcode Fuzzy Hash: 2b9d5f8a27c2fa59c5c86157400cca768f04f333a7cff7d579c7a1c616503e4c
              • Instruction Fuzzy Hash: 1C41CF70C0822A8EEBA8AF15C8547EDB6B1BF54345F8040FAD44D67291CB782A84DF45
              Function 00007FF848E9112D Relevance: 5.1, Strings: 4, Instructions: 132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E91000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E91000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e91000_cmd.jbxd
              Similarity
              • API ID:
              • String ID: "$%$,$/
              • API String ID: 0-342641549
              • Opcode ID: 7435e49caf4ad7f3014b40804a10d6b5ca3f867adf736305c09140da1bc2987d
              • Instruction ID: 14c770fc480e1b4376bc5b1a2357f5ae0bda42fa0fc87bece4cfc8f90d63a9a5
              • Opcode Fuzzy Hash: 7435e49caf4ad7f3014b40804a10d6b5ca3f867adf736305c09140da1bc2987d
              • Instruction Fuzzy Hash: 8151E570D08269CFEB68EF54C8947ECB6B1BF59345F5040AAD04EA7291CB795A84CF04
              Function 00007FF848E8FC78 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001B.00000002.2301734349.00007FF848E8F000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E8F000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_27_2_7ff848e8f000_cmd.jbxd
              Similarity
              • API ID:
              • String ID: =$D$N$]
              • API String ID: 0-3572561417
              • Opcode ID: 0549f4f617dd14ca37b7323620e4651b412577a92a0299d5a1ebfa843f74681c
              • Instruction ID: 0efd1922987d1c2c68157ca89264f9ee5129585c9ffda08b02b48ae0471789db
              • Opcode Fuzzy Hash: 0549f4f617dd14ca37b7323620e4651b412577a92a0299d5a1ebfa843f74681c
              • Instruction Fuzzy Hash: 1831C570C0826A8EEBA4EF15C8807EDB6B1BF55345F5044FAD00DA3281CB385AC4CF54

              Executed Functions

              Function 00007FF848E5F789 Relevance: 8.9, Strings: 7, Instructions: 127COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: "$)$7$G$Z$[${
              • API String ID: 0-1574887523
              • Opcode ID: 2b45c1f12fd6fd4e57fb9700bd964dd5b82cb13cb4536e8877380c773d46cbde
              • Instruction ID: cd510ba387650f91fdea4cc910bf05eb2a7f8c2377a37b5b80d52e00c4fa12e9
              • Opcode Fuzzy Hash: 2b45c1f12fd6fd4e57fb9700bd964dd5b82cb13cb4536e8877380c773d46cbde
              • Instruction Fuzzy Hash: C251C4B0D0862A8FEB68EF54C8547E9B7B1BB18385F4041E9D44DA7281CB786A84DF45
              Function 00007FF848E5F7A5 Relevance: 3.9, Strings: 3, Instructions: 161COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: &$0$`
              • API String ID: 0-1069707454
              • Opcode ID: 3a0d923ab78e9c165b5eba6b3eecb765756752ac29abe186f4031411c042827f
              • Instruction ID: f78a17e5aa8db175f8d13f39953f34f5346d4bfe5465da29570fd7343eb56aec
              • Opcode Fuzzy Hash: 3a0d923ab78e9c165b5eba6b3eecb765756752ac29abe186f4031411c042827f
              • Instruction Fuzzy Hash: A761E6B0D18A2D8FEBA8EB18C8957A9B7B1FB58341F5001E9D40DE3291CB746EC18F45
              Function 00007FF848E51688 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: 2EH
              • API String ID: 0-17899816
              • Opcode ID: dfafc744473695daf49dab7707f3c44a6425ea79c4913c00bc1b3fe982e82ae0
              • Instruction ID: 2aec4473c73eb166390698f9755afe2c10447440f482c37b22b898a025f95e0d
              • Opcode Fuzzy Hash: dfafc744473695daf49dab7707f3c44a6425ea79c4913c00bc1b3fe982e82ae0
              • Instruction Fuzzy Hash: 3681AF71E0CA498FDB59EE5C88555B9B7E2FF98748F14017AE44DC3286CE35AC028785
              Function 00007FF848E5EDE2 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: J
              • API String ID: 0-1141589763
              • Opcode ID: 053f468bcf7dcb0f7d506c7a4b541be203c7b4ffa297811ac7b3bae213fe14a7
              • Instruction ID: 259a9af16b8ddaef46541e1a035fb5903abf1d18d9730416558752e9e4512474
              • Opcode Fuzzy Hash: 053f468bcf7dcb0f7d506c7a4b541be203c7b4ffa297811ac7b3bae213fe14a7
              • Instruction Fuzzy Hash: 44F0B7B0D0C5698EDB68EF44C9547E8B6B1BF18345F1040A9D64DA3281CB786A81DF59
              Function 00007FF848E5D6F9 Relevance: .4, Instructions: 389COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c5b8121a37abbb72cc8402b08270ac9b8b3d3c8b16fefabf04fe412794fb4c6
              • Instruction ID: d74273e65543534eb55093d912330c47bf819ddae699b7ab3fe4e753cd78f16a
              • Opcode Fuzzy Hash: 7c5b8121a37abbb72cc8402b08270ac9b8b3d3c8b16fefabf04fe412794fb4c6
              • Instruction Fuzzy Hash: 54E15D71E19A5ACFEB98EBA8C4547B8B7B1FF58740F0440BAD00DD7292CB38A845CB55
              Function 00007FF848E51CCD Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdc31df34b4354f1a428faf5f123d319c19872ea34bdd3a3477eda3fc116cd67
              • Instruction ID: ea04ce00cf3bb1a1b2ff7acd593e84fde70588fbbeadc3593659714cfed446a5
              • Opcode Fuzzy Hash: cdc31df34b4354f1a428faf5f123d319c19872ea34bdd3a3477eda3fc116cd67
              • Instruction Fuzzy Hash: 7051D171A0CA894FDB48EE5C88645BAB7E2FFD8745F14417ED44AC3286CE35A8028785
              Function 00007FF848E520E5 Relevance: .1, Instructions: 145COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ee988eb2a86111f1fc4304447f63e460def1c53431fb9d38bfd5f25d3d1ea28
              • Instruction ID: 98507d673edff7d91681d4c7d6046a20993bb4eb228d9cd9bd6b40e037a580f5
              • Opcode Fuzzy Hash: 3ee988eb2a86111f1fc4304447f63e460def1c53431fb9d38bfd5f25d3d1ea28
              • Instruction Fuzzy Hash: 5E412271E0DA4A4FE345EBB898591BABBE0FF46390F0841BAD40DC7193DF38A8418359
              Function 00007FF848E5AC28 Relevance: .1, Instructions: 135COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff8dd54c11725a85ddcd7dc5bc75cff2bb607e81abd428a90467fc2958a160b7
              • Instruction ID: 63f454e296b2c6dc06a67bce463adf0834cf8f1acb3680690d9087c24d61fdfc
              • Opcode Fuzzy Hash: ff8dd54c11725a85ddcd7dc5bc75cff2bb607e81abd428a90467fc2958a160b7
              • Instruction Fuzzy Hash: E341FAA2D0E986AFF355BBB858591B8FBE0FF65390F0804B6C05987093FF3554858354
              Function 00007FF848E53165 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3745fa436d7e3c77ddbcd9d1bcbd01995f60ad6361e7406c50622a5edfa18fd1
              • Instruction ID: c69f20abefaaa770fc70accd4eb8e45f81e8d1cfd576e86a3cfc45c5e83e6547
              • Opcode Fuzzy Hash: 3745fa436d7e3c77ddbcd9d1bcbd01995f60ad6361e7406c50622a5edfa18fd1
              • Instruction Fuzzy Hash: D94158B0D1CA0A8FEB54EBA8C4546FDB7B1FF4A380F904079C409E7282DB38A9448B54
              Function 00007FF848E5F30C Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf7043c6b9dd9c57786bc9209b5c2247d50df920899dc35b9565650bca385887
              • Instruction ID: c480a754dedcd628fc949eee969187f94d71346893ee676049fe1b263bea4df2
              • Opcode Fuzzy Hash: bf7043c6b9dd9c57786bc9209b5c2247d50df920899dc35b9565650bca385887
              • Instruction Fuzzy Hash: AD4116B0D18A198FDBA8EB1888957A8F7F1FB58341F5041F9D50DE3292CB346AC18F49
              Function 00007FF848E536BA Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aafe94526a000e0bbf00214b566c2595ff8f95df356f2df34fd2d1180e8108b2
              • Instruction ID: f16456fc7d292b8af5b86241dac6fd64e2f51e31b67d8368e0fd0f5586a7156a
              • Opcode Fuzzy Hash: aafe94526a000e0bbf00214b566c2595ff8f95df356f2df34fd2d1180e8108b2
              • Instruction Fuzzy Hash: 0B31BC71A1C90A8FE748EF68D8183ED7FE1FB96355F9000BAC00AD72C6DBB518458B44
              Function 00007FF848E5084D Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0b008d50e8fd555bd91f98c1e1ccf91b5fb26cdc4869abcd670985ecca908d4
              • Instruction ID: 43e2256340b24245e28d45286d91e085edebe0540dec521e93f9a6b36b3fa792
              • Opcode Fuzzy Hash: f0b008d50e8fd555bd91f98c1e1ccf91b5fb26cdc4869abcd670985ecca908d4
              • Instruction Fuzzy Hash: F81104B1D0CA4A9FE745FFB894899E8F7E0FF16390F1904B2E009C6093EE34A4858294
              Function 00007FF848E50A01 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e001afd8daf17bf3c4ae7543aec79ed01dd4a461f88e0e6a2da4d5f32e649012
              • Instruction ID: 2d114bb13e1678c78e30f156b69bef1b844f9533c1bf8962bd05f8dd1032df8a
              • Opcode Fuzzy Hash: e001afd8daf17bf3c4ae7543aec79ed01dd4a461f88e0e6a2da4d5f32e649012
              • Instruction Fuzzy Hash: 7A116AB0D1C50E9FE794FFA888496BABBF1FF58380F4005B6E409C6192EF38A5448744
              Function 00007FF848E5335C Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a74371954be2f6a85977f3766a1391356bcbd884be398c8391667a5fc27906e3
              • Instruction ID: 425a8117a8e9c0554521cca00bc2347a2a0523af1d427b4bee0a4dd87aa61780
              • Opcode Fuzzy Hash: a74371954be2f6a85977f3766a1391356bcbd884be398c8391667a5fc27906e3
              • Instruction Fuzzy Hash: 78219D7084D68A8FE742FBB8C8586A97FF0FF5B341F0504EAD018CB062DA389545C720
              Function 00007FF848E5BFB7 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be2cb29b5254409cceff72e71e33d866fb7bef7ca5d23387ef2540149e540b26
              • Instruction ID: 3ac757592a45331fdfb54365557c5ae7fb906da3d363f053e171b4112bd1a87c
              • Opcode Fuzzy Hash: be2cb29b5254409cceff72e71e33d866fb7bef7ca5d23387ef2540149e540b26
              • Instruction Fuzzy Hash: B7116270E1D91D8EDB94FBA894A5AADFBB1FF59340F501029D00DE3692DF3468819B44
              Function 00007FF848E5120D Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41b72cad7edac8ca5ebcb20f8e11aadc38bc5a92dc407fd214c82e4be0f57621
              • Instruction ID: e666ccd6ef590f1424d9a5e434837e8b8105336c41944f359104e1a53115ed90
              • Opcode Fuzzy Hash: 41b72cad7edac8ca5ebcb20f8e11aadc38bc5a92dc407fd214c82e4be0f57621
              • Instruction Fuzzy Hash: 8F1190B490D54A8EEB88EBA484996B9BBA0FF69385F0404BED01AC6192EF7A5444D700
              Function 00007FF848E5C6F0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de00812dc29488505a7beb9fa5ad2ad7f027c10d3a3bb5b86195c27b3f6ca22f
              • Instruction ID: d03cb94c4d0fde8474b8706f9875e9b3f3e7f5e58a2753bccdf5d98462adf37c
              • Opcode Fuzzy Hash: de00812dc29488505a7beb9fa5ad2ad7f027c10d3a3bb5b86195c27b3f6ca22f
              • Instruction Fuzzy Hash: DB115BB090DA8E5FEB45EBB488281B9BBF0FF19740F0404BBD819C6192DF346950C755
              Function 00007FF848E50F1E Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82f7c2d72148b77bb91f10c82a3c21abe8cba4ddd2e14a39c3bcc02c0e7be4e7
              • Instruction ID: d171b734ce5c1affe65e928545102faef217925ec017348c9c5f4e23c803e14a
              • Opcode Fuzzy Hash: 82f7c2d72148b77bb91f10c82a3c21abe8cba4ddd2e14a39c3bcc02c0e7be4e7
              • Instruction Fuzzy Hash: FE115B71D099098FEB94FF54C855BEDB3B1FB54350F2042B9D00AA7295CF386D418B98
              Function 00007FF848E53475 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f974a6563838a850865b1887f0b72ad926a40076d9e45117dda59cfb20617503
              • Instruction ID: 9049c0a031bab2ceb6f5259fc1adc73c12b2a66e5b6a961ae6ee7b9d6760c96f
              • Opcode Fuzzy Hash: f974a6563838a850865b1887f0b72ad926a40076d9e45117dda59cfb20617503
              • Instruction Fuzzy Hash: B2117C7090C68D8FDB46EFA8C8596BEBBB0FF09341F8005BED419D2192DB38A540C754
              Function 00007FF848E5BDC9 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55520cbf5037019fa55244c6e183b397946e4423ee5914e707427f34eba68357
              • Instruction ID: 5741f85bd0c9ab2f20e202199eef4bdb4765e41891a0d756aaee89c7ce81fe17
              • Opcode Fuzzy Hash: 55520cbf5037019fa55244c6e183b397946e4423ee5914e707427f34eba68357
              • Instruction Fuzzy Hash: BE117C70D1D64D8FEB85EFA488582B9BBB0FF59341F1504BAD409C7192DF34A540C740
              Function 00007FF848E523CF Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6e797d32f104967d32f20b56793ae060b4d7661d4b2f61bd97b5faa6290428d
              • Instruction ID: 9c0258a97cd86df265d5462a3e645b9686920c3a59b7c81b41222c9df7d79ff4
              • Opcode Fuzzy Hash: f6e797d32f104967d32f20b56793ae060b4d7661d4b2f61bd97b5faa6290428d
              • Instruction Fuzzy Hash: 3821C7B0D08529CEEB68EF54C895BEDB2B0BF55341F1041BAD04E97292DF782A89CF44
              Function 00007FF848E52E71 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fedbd8356e26aa7bfa96356241163334bd97d0491fd360cae97ea87b45bcd191
              • Instruction ID: 901568ff9bb0240499be780d2b2b5236ebe6bffb2211914a67dc2b027742ce0a
              • Opcode Fuzzy Hash: fedbd8356e26aa7bfa96356241163334bd97d0491fd360cae97ea87b45bcd191
              • Instruction Fuzzy Hash: B8017C70D1D64E8FE756FB6488886A9BBE0FF59381F4505B6D40CC61A3EF38E6848744
              Function 00007FF848E505D8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 113d4b7e076d0f9f385483cb909ec94ae4a33061a15c7acb683e254e09d65ab0
              • Instruction ID: a608ef10742197331ada9086de7eb8b8b3bac234668028ab7b0ed148f7933a7c
              • Opcode Fuzzy Hash: 113d4b7e076d0f9f385483cb909ec94ae4a33061a15c7acb683e254e09d65ab0
              • Instruction Fuzzy Hash: CD018C7090890EAFEB48EF64C0946B9B7A1FF58389F50407AD40EC2190CF37A560CB48
              Function 00007FF848E50B15 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a364289fb47a8e39fc7083be9f603503612e7ceee393d09d2e33e4e393a13fb3
              • Instruction ID: f16f1e43965a6a6a902d184dd74ef79ac6af3f2f43eb669745c956dfdd8645d2
              • Opcode Fuzzy Hash: a364289fb47a8e39fc7083be9f603503612e7ceee393d09d2e33e4e393a13fb3
              • Instruction Fuzzy Hash: 3D018C7091D64A8FEB91FF6488896A9BBE0FF59345F4105BAE418C70A2EF34A5408B05
              Function 00007FF848E51C41 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ebed7961d26ce6e0cd47af0b1f4c9aa6a296d429ae4b1d490e759044f3a7406
              • Instruction ID: 958bc83e127edb1d4ae3db35fc5e2c9962f8b0235806dcaf406fa001dd3936e2
              • Opcode Fuzzy Hash: 9ebed7961d26ce6e0cd47af0b1f4c9aa6a296d429ae4b1d490e759044f3a7406
              • Instruction Fuzzy Hash: F301F470C0D68E9FEB5CEF6484652F97BA0FF56385F41007AE808C6192CB379560C744
              Function 00007FF848E5AAE8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 599251af3c23aa974f28fbdae34c28fa9c4bec0441b9a33d24b439efce376ffa
              • Instruction ID: 64781fa0fc21b1d97e0b37e9e0cc6ad59c4ef47a8968f1bb04d1891119467167
              • Opcode Fuzzy Hash: 599251af3c23aa974f28fbdae34c28fa9c4bec0441b9a33d24b439efce376ffa
              • Instruction Fuzzy Hash: 57015A3091891EAEEB88FF64C4486BE77E0FF18345F50097AD41EE2191DF35A150C744
              Function 00007FF848E5BA08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c0e97a9ff39db25fe537d67092a4523ddb746f05428cda2c98f3204d88e2191
              • Instruction ID: ba7683530854082662fff2e6a6cfa0259586b1d86ffa4df69db9061374c16b13
              • Opcode Fuzzy Hash: 0c0e97a9ff39db25fe537d67092a4523ddb746f05428cda2c98f3204d88e2191
              • Instruction Fuzzy Hash: 370129B0D1CA4E9EEB98FFA884592BEBAA0FF58341F10047AD41EC2192DF75A6508744
              Function 00007FF848E5284D Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c086e72ed265b1f03569d928ec6eca12ffbc7fd6729d1ff8c6372d6049df09c
              • Instruction ID: ef835907243bdd80b86948ea4690098836d22ae42962ac12bb4fc935a8219f5e
              • Opcode Fuzzy Hash: 9c086e72ed265b1f03569d928ec6eca12ffbc7fd6729d1ff8c6372d6049df09c
              • Instruction Fuzzy Hash: B5018F70D1D58E9FE755FBA484496B9BBF0FF59381F4545B6D408C6092EF38E1448704
              Function 00007FF848E5A849 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d3f7fb90dab7f0e658b39ec699bcf7bf65d6077f806e17fc94b6378de95ebfe1
              • Instruction ID: 8d4aad39f42b680db7814ab295e2852a3f4e34631ace149d846d33383d42fcbb
              • Opcode Fuzzy Hash: d3f7fb90dab7f0e658b39ec699bcf7bf65d6077f806e17fc94b6378de95ebfe1
              • Instruction Fuzzy Hash: 3701717095E68A5FE756FB74985D5A9BBF0FF1A380F4508F6D408C70A3EE38A4848711
              Function 00007FF848E52EE9 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e11ab40897d67875ccf32db9b099c5aaeef61d72a9c2b7066524a572ec11734
              • Instruction ID: 088f49aeec4d9baa57b45dacb55a50d050a87e156d3662a2dfeb74381560d858
              • Opcode Fuzzy Hash: 9e11ab40897d67875ccf32db9b099c5aaeef61d72a9c2b7066524a572ec11734
              • Instruction Fuzzy Hash: A101BC70D1D2898FE742BBB488492A9BBE0FF0A340F0605F2C408CB0A7EB38A4448725
              Function 00007FF848E50608 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5747bc6a8f345988969c9e9d9d0f8fd2162f2fd26fd240fadb6f774ca24a09c8
              • Instruction ID: 92d241fa122c5a66fab5ffef15fb01002543de6280b6abd8052643bac8f61aad
              • Opcode Fuzzy Hash: 5747bc6a8f345988969c9e9d9d0f8fd2162f2fd26fd240fadb6f774ca24a09c8
              • Instruction Fuzzy Hash: 56018C7091850E9EEB48FF64C4582BAB7A1FF18345F1008BEE81EC21D2EF35A190C614
              Function 00007FF848E50610 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa0404260ae93f991de695fac3fe0c530ce45fc99914ade10266cf9f47511e26
              • Instruction ID: b06ea9e6047e74874f0ec6b8cb1470e5ae53554057ef94e3b47d005a4c2dde62
              • Opcode Fuzzy Hash: aa0404260ae93f991de695fac3fe0c530ce45fc99914ade10266cf9f47511e26
              • Instruction Fuzzy Hash: EE016970919A4E9EEB48FFA484482BDB6A0FF18345F1048BEE40EC21D2DF39A550C604
              Function 00007FF848E52339 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f53d88ef9653837cd7c835f97cc965968a7a8848d97928c9f4da4e5c4b985b9
              • Instruction ID: 76dcb09e0a53abbd98e2bdb155e1ff3d02aaa2ae0ef297ae7eecc82f17c25c57
              • Opcode Fuzzy Hash: 4f53d88ef9653837cd7c835f97cc965968a7a8848d97928c9f4da4e5c4b985b9
              • Instruction Fuzzy Hash: 50111E7084D61ACFEB94FF64C895BA8B7A0BF42350F1002F9D41D97292DF781989CB44
              Function 00007FF848E57270 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: feafee458f1be0f1db093c2a5bc9bbc7431560a0f5c75023c194f6a5f21b50a8
              • Instruction ID: a0de5aa47e06a297e55adac72daa1f2234561f998ea6c9a734ae46406ce4f427
              • Opcode Fuzzy Hash: feafee458f1be0f1db093c2a5bc9bbc7431560a0f5c75023c194f6a5f21b50a8
              • Instruction Fuzzy Hash: 050152B4A085298FD764EB94C884BA9B3F1FB55350F1045F6D00DE3295CF34AA84CB28
              Function 00007FF848E51220 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18dcee11c530b698f855ad80a0275e08adbff0838f7e4bef0499b81ed83ddcdf
              • Instruction ID: 4ba2772c9c8721d227d4bd7676008f45d3e20a37e835472e26ad96a038f9b4b4
              • Opcode Fuzzy Hash: 18dcee11c530b698f855ad80a0275e08adbff0838f7e4bef0499b81ed83ddcdf
              • Instruction Fuzzy Hash: 29F0FFB0D0DA4E8EEB88AAA898183FAB7A0FF16389F00047ED41AC20C1EF741444D600
              Function 00007FF848E52769 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0f94a1f82d8d1ca267e2b496dbe136456aeedfda82474f154a7b88eb2a05766
              • Instruction ID: 6efa8ee817fa95fa75b85e18a36d310a068c04873e9335fbe872f15f85930295
              • Opcode Fuzzy Hash: b0f94a1f82d8d1ca267e2b496dbe136456aeedfda82474f154a7b88eb2a05766
              • Instruction Fuzzy Hash: D3F0C27080E3898FEB59EF3488282A97BA0FF16740F0404BBE819C61D3EB389454C701
              Function 00007FF848E53231 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb34f6fa6787e74c67afa040b953ed209579dceaf4a079da43ac9ec6b39ffcd5
              • Instruction ID: a71f1c073d077f497cdf6c2a70df5480de5b16f2e27ccc80a0e66d62b2f94f00
              • Opcode Fuzzy Hash: eb34f6fa6787e74c67afa040b953ed209579dceaf4a079da43ac9ec6b39ffcd5
              • Instruction Fuzzy Hash: 91F0FFB5C0C5298FEB58EB98C0946FCBBB1BF95381F544039D009A32C2CB385585DF54
              Function 00007FF848E5B5D5 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 447632ab09b0cd33bf89688ccb6b7b3ad32b478b043620ac6ac44cf104339d78
              • Instruction ID: 5097d3dca21d0d978a19ae9ef98e63912178732f94f99fb7fc2c769694cb7171
              • Opcode Fuzzy Hash: 447632ab09b0cd33bf89688ccb6b7b3ad32b478b043620ac6ac44cf104339d78
              • Instruction Fuzzy Hash: 3EF0E7B0D0892D9EEBA5EB18C4457E9B3B1FF58340F1041A6C40DE3155CB34AD858F40
              Function 00007FF848E527DD Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27e48a6f0688729c93b1d5404e128f4f13c238dae032d728e005c621ff2784a6
              • Instruction ID: c9bfa928ea6e53dc8d7d80bdd5ec89145564a2c7aa4b45beb21015720725a117
              • Opcode Fuzzy Hash: 27e48a6f0688729c93b1d5404e128f4f13c238dae032d728e005c621ff2784a6
              • Instruction Fuzzy Hash: 85F0907080E6CD8FEB59AF6488552BD7BA0FF55341F4045BAD809C61D2DB399454C701
              Function 00007FF848E52392 Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2199c17b9e15604cdf40ccc7e00f3c828e8559d4279814e32eda66964bd4021
              • Instruction ID: fa05c2fa861086a0354fb64550cd8eb4494bd28515f4f0fbfd89fadc53957efe
              • Opcode Fuzzy Hash: f2199c17b9e15604cdf40ccc7e00f3c828e8559d4279814e32eda66964bd4021
              • Instruction Fuzzy Hash: B9F03A7090851ACFEB64FF24CC44BA8B3A0FB11360F1042AAD42ED72D2DF342988CB40
              Function 00007FF848E5E92C Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 629215c41545321369727fa764b7e79bb0d8c94e02a540742634fc9d0b4a9f18
              • Instruction ID: ea2e13abe54faef54ca42ef6ad8e9b8f4c077cbe7979e9a533a4497df3c753cb
              • Opcode Fuzzy Hash: 629215c41545321369727fa764b7e79bb0d8c94e02a540742634fc9d0b4a9f18
              • Instruction Fuzzy Hash: A0D01770908A5C8FD7AADB2888087A8BAB0FB08355F1843D9E06E932D0CB742A448F01

              Non-executed Functions

              Function 00007FF848E5E5EC Relevance: 7.6, Strings: 6, Instructions: 132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000022.00000002.2329323605.00007FF848E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E50000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_34_2_7ff848e50000_LFLHWlcKpdKxiJMBhoVPGEPQyHcZ.jbxd
              Similarity
              • API ID:
              • String ID: .$/$6$9$b$d
              • API String ID: 0-4247058742
              • Opcode ID: 2bb5d647f49cc5881a7a8c8e58949e5c426e22d9aad0f7c31912296044f9ee67
              • Instruction ID: a43d303ed55f34d76ec0d59d0b6c39048d06379d1bdd21ba31d5cfe66f350c17
              • Opcode Fuzzy Hash: 2bb5d647f49cc5881a7a8c8e58949e5c426e22d9aad0f7c31912296044f9ee67
              • Instruction Fuzzy Hash: 7F51CFB0D0822A8FEB68EF54C8947E9B7B5BB18345F1041EED45DA3281CB786AC4CF44