Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
self_updater.exe

Overview

General Information

Sample name:self_updater.exe
Analysis ID:1430873
MD5:a6e4bd1b55655a29a1b25f2a567a65b7
SHA1:7a40ce5381449e369042f7a9adc1ae49ff1b22d3
SHA256:34077f9227c2fd9ee9949a0ff0ee436d80b0ac5322a02c524327be953be08c70
Tags:exe
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • self_updater.exe (PID: 5748 cmdline: "C:\Users\user\Desktop\self_updater.exe" MD5: A6E4BD1B55655A29A1B25F2A567A65B7)
    • conhost.exe (PID: 7144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B9A40 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,CloseHandle,BCryptGenRandom,0_2_00007FF76B1B9A40
Source: self_updater.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\clangen\clangen\self_updater\target\release\deps\self_updater.pdb source: self_updater.exe
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B7CB0 CloseHandle,FindFirstFileW,FindClose,0_2_00007FF76B1B7CB0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B6960 FindFirstFileW,GetLastError,0_2_00007FF76B1B6960
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B8150 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00007FF76B1B8150
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B6730 CloseHandle,NtCreateFile,RtlNtStatusToDosError,0_2_00007FF76B1B6730
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1AEC400_2_00007FF76B1AEC40
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1A20000_2_00007FF76B1A2000
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1AC4300_2_00007FF76B1AC430
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1BFCC00_2_00007FF76B1BFCC0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1C3CD00_2_00007FF76B1C3CD0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1CD4A00_2_00007FF76B1CD4A0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1CDBA00_2_00007FF76B1CDBA0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B9A400_2_00007FF76B1B9A40
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1C2A500_2_00007FF76B1C2A50
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1C92600_2_00007FF76B1C9260
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1BA9700_2_00007FF76B1BA970
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1A69A00_2_00007FF76B1A69A0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B58600_2_00007FF76B1B5860
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B8DC00_2_00007FF76B1B8DC0
Source: C:\Users\user\Desktop\self_updater.exeCode function: String function: 00007FF76B1CCD60 appears 73 times
Source: classification engineClassification label: clean5.winEXE@2/0@0/0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B82A0 GetModuleHandleW,FormatMessageW,GetLastError,0_2_00007FF76B1B82A0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
Source: self_updater.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\self_updater.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\self_updater.exe "C:\Users\user\Desktop\self_updater.exe"
Source: C:\Users\user\Desktop\self_updater.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\self_updater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\self_updater.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\self_updater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: self_updater.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: self_updater.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: self_updater.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\clangen\clangen\self_updater\target\release\deps\self_updater.pdb source: self_updater.exe
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1C26B0 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,ReleaseMutex,0_2_00007FF76B1C26B0
Source: self_updater.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\self_updater.exeAPI coverage: 2.6 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B7CB0 CloseHandle,FindFirstFileW,FindClose,0_2_00007FF76B1B7CB0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B6960 FindFirstFileW,GetLastError,0_2_00007FF76B1B6960
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1CFBB0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF76B1CFBB0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1C26B0 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcessId,CreateMutexA,CloseHandle,ReleaseMutex,ReleaseMutex,0_2_00007FF76B1C26B0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B5810 GetProcessHeap,HeapAlloc,0_2_00007FF76B1B5810
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1AB260 RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetLastError,0_2_00007FF76B1AB260
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1CFBB0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF76B1CFBB0
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1D398C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF76B1D398C
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1CFD54 SetUnhandledExceptionFilter,0_2_00007FF76B1CFD54
Source: C:\Users\user\Desktop\self_updater.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1B9A40 BCryptGenRandom,GetCurrentProcessId,BCryptGenRandom,CreateNamedPipeW,GetLastError,BCryptGenRandom,CloseHandle,BCryptGenRandom,0_2_00007FF76B1B9A40
Source: C:\Users\user\Desktop\self_updater.exeCode function: 0_2_00007FF76B1CFA8C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF76B1CFA8C

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		2
Process Injection		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Process Injection		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430873 Sample: self_updater.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 5 5 self_updater.exe 1 2->5         started        process3 7 conhost.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
self_updater.exe3%VirustotalBrowse
self_updater.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430873
Start date and time:2024-04-24 10:16:24 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:self_updater.exe
Detection:CLEAN
Classification:clean5.winEXE@2/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 11
  • Number of non-executed functions: 51
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.285441535396971
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:self_updater.exe
File size:295'424 bytes
MD5:a6e4bd1b55655a29a1b25f2a567a65b7
SHA1:7a40ce5381449e369042f7a9adc1ae49ff1b22d3
SHA256:34077f9227c2fd9ee9949a0ff0ee436d80b0ac5322a02c524327be953be08c70
SHA512:d0cd269f9ac94be178f0428af048d077edad767c3a6c5ecde553ca36baf1dcab07bfc9353fb875d78b7e0c0c63dd92ef1624445e9318dbf7a3d5a154acccd328
SSDEEP:3072:1naSAxCbhyHGsuHvWmDDkIOBiWGZzsmuW3hPMqCbQeLz8iCCWhjarxwJJJRJRJEl:AnwOuHOmDD8Gp9MbQeL4iCxwMfY
TLSH:DD544C11FA562CEDD45AC07882464A327A7274C60B32F9FF06D486393F6BAE46E3C754
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c...c...c...j...m....?..K....?..o....?..r...(...n...c.......c...m....<..b...Richc...........PE..d......f.........."....'.N.

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x14002f7a0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66118D1B [Sat Apr 6 17:57:47 2024 UTC]
TLS Callbacks:0x40020e30, 0x1
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:eacde63b8c5ae9b27d4f93898653d04e

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FC77CF01238h
dec eax
add esp, 28h
jmp 00007FC77CF00DC7h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 10h
dec esp
mov dword ptr [esp], edx
dec esp
mov dword ptr [esp+08h], ebx
dec ebp
xor ebx, ebx
dec esp
lea edx, dword ptr [esp+18h]
dec esp
sub edx, eax
dec ebp
cmovb edx, ebx
dec esp
mov ebx, dword ptr [00000010h]
dec ebp
cmp edx, ebx
jnc 00007FC77CF00F68h
inc cx
and edx, 8D4DF000h
wait
add al, dh

Rich Headers

Programming Language:
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x44f540xdc.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x470000x2514.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x4b0000x594.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x3e6900x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x3e8800x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3e5500x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x360000x428.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x34ca00x34e00ab738233743b45f3b7591eb1dd3be364False0.49415447695035464data6.316762075438403IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x360000xfeba0x10000e1f4e0d258bf1ec0866661a96dda4388False0.3555908203125data5.332702349758107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x460000xab00x2004492b54b160136623df598777f78a65aFalse0.30859375data2.6499731830800375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x470000x25140x2600d1669707f79bd09b20a2da1a455dae97False0.48828125PEX Binary Archive5.414011644199359IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x4a0000x1f40x200d554f566bbd80063e0c23db106eea2e7False0.517578125data4.169880245115774IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x4b0000x5940x600345304e8d0e4920b0855150856d152c6False0.626953125data5.257851510935078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLLImport
KERNEL32.dllDeleteProcThreadAttributeList, CompareStringOrdinal, GetLastError, AddVectoredExceptionHandler, SetThreadStackGuarantee, SwitchToThread, CreateWaitableTimerExW, SetWaitableTimer, WaitForSingleObject, Sleep, QueryPerformanceCounter, AcquireSRWLockExclusive, RtlCaptureContext, RtlVirtualUnwind, RtlLookupFunctionEntry, SetLastError, GetCurrentDirectoryW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetCurrentProcess, GetCommandLineW, SetFileInformationByHandle, DuplicateHandle, GetStdHandle, GetCurrentProcessId, WriteFileEx, SleepEx, TerminateProcess, TryAcquireSRWLockExclusive, HeapFree, HeapReAlloc, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseMutex, GetModuleHandleA, GetProcAddress, GetProcessHeap, FreeEnvironmentStringsW, FindNextFileW, FindClose, CreateFileW, GetFileInformationByHandle, GetFileInformationByHandleEx, CreateDirectoryW, FindFirstFileW, DeleteFileW, CopyFileExW, GetConsoleMode, GetModuleHandleW, FormatMessageW, GetModuleFileNameW, GetFullPathNameW, CreateNamedPipeW, ReadFileEx, GetSystemDirectoryW, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, MultiByteToWideChar, WriteConsoleW, CreateThread, GetCurrentThread, GetSystemTimeAsFileTime, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, FreeLibrary, ReleaseSRWLockExclusive, CloseHandle, HeapAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EncodePointer, RaiseException, RtlPcToFileHeader, RtlUnwindEx, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, InitializeSListHead, GetCurrentThreadId, LoadLibraryExW
ADVAPI32.dllSystemFunction036
bcrypt.dllBCryptGenRandom
ntdll.dllNtCreateFile, RtlNtStatusToDosError, NtWriteFile
api-ms-win-crt-string-l1-1-0.dllstrcpy_s, wcsncmp
api-ms-win-crt-runtime-l1-1-0.dll_initialize_onexit_table, abort, _seh_filter_exe, _set_app_type, _crt_atexit, _register_thread_local_exe_atexit_callback, _configure_narrow_argv, _initialize_narrow_environment, _get_initial_narrow_environment, _initterm, _cexit, _initterm_e, _c_exit, _register_onexit_function, __p___argv, __p___argc, exit, _exit, terminate
api-ms-win-crt-math-l1-1-0.dll__setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll__p__commode, _set_fmode
api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, calloc, malloc, free

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:10:17:08
Start date:24/04/2024
Path:C:\Users\user\Desktop\self_updater.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\self_updater.exe"
Imagebase:0x7ff76b1a0000
File size:295'424 bytes
MD5 hash:A6E4BD1B55655A29A1B25F2A567A65B7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:1
Start time:10:17:08
Start date:24/04/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff66e660000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:1.9%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:16.9%
    Total number of Nodes:413
    Total number of Limit Nodes:10
    execution_graph 22528 7ff76b1cf624 22551 7ff76b1cf888 22528->22551 22531 7ff76b1cf645 __scrt_acquire_startup_lock 22534 7ff76b1cf785 22531->22534 22539 7ff76b1cf663 __scrt_release_startup_lock 22531->22539 22532 7ff76b1cf77b 22562 7ff76b1cfbb0 7 API calls 22532->22562 22563 7ff76b1cfbb0 7 API calls 22534->22563 22536 7ff76b1cf790 22538 7ff76b1cf798 _exit 22536->22538 22537 7ff76b1cf688 22539->22537 22540 7ff76b1cf70e _get_initial_narrow_environment __p___argv __p___argc 22539->22540 22543 7ff76b1cf706 _register_thread_local_exe_atexit_callback 22539->22543 22557 7ff76b1a3b40 22540->22557 22543->22540 22545 7ff76b1cf737 22545->22536 22546 7ff76b1cf73b 22545->22546 22547 7ff76b1cf745 22546->22547 22548 7ff76b1cf740 _cexit 22546->22548 22561 7ff76b1cfa0c 7 API calls 22547->22561 22548->22547 22550 7ff76b1cf74e 22550->22537 22552 7ff76b1cf890 22551->22552 22553 7ff76b1cf89c __scrt_dllmain_crt_thread_attach 22552->22553 22554 7ff76b1cf8a9 22553->22554 22556 7ff76b1cf63d 22553->22556 22554->22556 22564 7ff76b1d08b8 7 API calls 2 library calls 22554->22564 22556->22531 22556->22532 22565 7ff76b1ab260 RtlAddVectoredExceptionHandler 22557->22565 22559 7ff76b1a3b6c 22560 7ff76b1cfd00 GetModuleHandleW 22559->22560 22560->22545 22561->22550 22562->22534 22563->22536 22564->22556 22566 7ff76b1ab374 22565->22566 22567 7ff76b1ab299 SetThreadStackGuarantee 22565->22567 22618 7ff76b1d53a0 22566->22618 22568 7ff76b1ab2bd 22567->22568 22569 7ff76b1ab2ae GetLastError 22567->22569 22595 7ff76b1c0b10 22568->22595 22569->22568 22571 7ff76b1ab437 22569->22571 22574 7ff76b1d53a0 21 API calls 22571->22574 22573 7ff76b1ab2ce 22577 7ff76b1ab302 22573->22577 22578 7ff76b1ab3ae 22573->22578 22575 7ff76b1ab3a9 22574->22575 22576 7ff76b1ab427 22575->22576 22629 7ff76b1a6170 HeapFree 22575->22629 22630 7ff76b1a6170 HeapFree 22576->22630 22605 7ff76b1abc90 22577->22605 22621 7ff76b1cbc70 22578->22621 22583 7ff76b1ab48b 22585 7ff76b1ab366 22583->22585 22631 7ff76b1a5d00 21 API calls 22583->22631 22584 7ff76b1ab30f 22586 7ff76b1ab317 22584->22586 22616 7ff76b1b31b0 21 API calls 22584->22616 22585->22559 22613 7ff76b1a48a0 22586->22613 22590 7ff76b1ab4fb 22591 7ff76b1ab522 22590->22591 22632 7ff76b1a6170 HeapFree 22590->22632 22591->22559 22596 7ff76b1c0b26 22595->22596 22603 7ff76b1c0b60 22596->22603 22633 7ff76b1c1050 22596->22633 22598 7ff76b1c0b42 22599 7ff76b1c0b62 GetCurrentThread SetThreadDescription 22598->22599 22600 7ff76b1c0b56 22598->22600 22602 7ff76b1c0b82 22599->22602 22599->22603 22641 7ff76b1a6170 HeapFree 22600->22641 22642 7ff76b1a4ea0 HeapFree 22602->22642 22603->22573 22645 7ff76b1cac30 21 API calls 22605->22645 22607 7ff76b1abcbf 22609 7ff76b1abd23 22607->22609 22611 7ff76b1abd3e 22607->22611 22646 7ff76b1d4bb0 21 API calls 22607->22646 22609->22584 22610 7ff76b1abd9e 22610->22584 22611->22610 22647 7ff76b1a4ea0 HeapFree 22611->22647 22648 7ff76b1a4890 22613->22648 22616->22586 22617 7ff76b1d4df0 24 API calls 22617->22585 22931 7ff76b1b4680 22618->22931 22623 7ff76b1cbdcb 22621->22623 22624 7ff76b1cbcba 22621->22624 22622 7ff76b1cbe3b 22622->22575 22623->22622 22623->22624 22625 7ff76b1af410 21 API calls 22623->22625 23062 7ff76b1a53d0 22623->23062 22624->22622 23066 7ff76b1af4a0 22624->23066 23071 7ff76b1af410 22624->23071 22625->22623 22629->22576 22630->22583 22631->22590 22632->22591 22634 7ff76b1c107f 22633->22634 22636 7ff76b1c10ad 22633->22636 22635 7ff76b1c11ce 22634->22635 22634->22636 22637 7ff76b1c1220 22635->22637 22644 7ff76b1a4ea0 HeapFree 22635->22644 22640 7ff76b1c1190 22636->22640 22643 7ff76b1a4ea0 HeapFree 22636->22643 22637->22598 22640->22598 22641->22603 22642->22603 22643->22640 22644->22637 22645->22607 22647->22610 22651 7ff76b1a2000 22648->22651 22782 7ff76b1ae9e0 22651->22782 22653 7ff76b1a2063 22794 7ff76b1ab990 22653->22794 22659 7ff76b1a208d 22660 7ff76b1a2f15 22659->22660 22661 7ff76b1a209e 22659->22661 22826 7ff76b1d5510 22660->22826 22839 7ff76b1b6960 28 API calls 22661->22839 22665 7ff76b1a2d02 22669 7ff76b1a2d24 22665->22669 22848 7ff76b1a4ea0 HeapFree 22665->22848 22667 7ff76b1a20c7 22668 7ff76b1a25a3 22667->22668 22671 7ff76b1ae9e0 28 API calls 22667->22671 22668->22665 22847 7ff76b1a4ea0 HeapFree 22668->22847 22781 7ff76b1a2e91 22669->22781 22849 7ff76b1acf30 32 API calls 22669->22849 22733 7ff76b1a2149 22671->22733 22675 7ff76b1a2d94 22676 7ff76b1a2f5e 22675->22676 22677 7ff76b1a2d9d 22675->22677 22855 7ff76b1d57a0 21 API calls 22676->22855 22680 7ff76b1a2f92 22677->22680 22681 7ff76b1a2e28 22677->22681 22856 7ff76b1d57a0 21 API calls 22680->22856 22850 7ff76b1a3b80 21 API calls 22681->22850 22684 7ff76b1a247d 22844 7ff76b1b5fd0 FindClose 22684->22844 22685 7ff76b1a2e54 22688 7ff76b1a2fbf 22685->22688 22689 7ff76b1a2e5d 22685->22689 22687 7ff76b1a2573 22846 7ff76b1b5fd0 FindClose 22687->22846 22857 7ff76b1d57a0 21 API calls 22688->22857 22693 7ff76b1a2e7b CloseHandle 22689->22693 22851 7ff76b1a4ea0 HeapFree 22689->22851 22852 7ff76b1a11e0 HeapFree 22693->22852 22704 7ff76b1a2f2b 22853 7ff76b1d5310 21 API calls 22704->22853 22708 7ff76b1a4ea0 HeapFree 22708->22733 22712 7ff76b1a22e3 22712->22687 22845 7ff76b1a44e0 HeapFree 22712->22845 22714 7ff76b1acfe0 21 API calls 22714->22733 22722 7ff76b1ad170 21 API calls 22722->22733 22724 7ff76b1a44e0 HeapFree 22724->22733 22726 7ff76b1a2f3c 22854 7ff76b1d5310 21 API calls 22726->22854 22729 7ff76b1ae9e0 28 API calls 22729->22733 22733->22684 22733->22687 22733->22704 22733->22708 22733->22712 22733->22714 22733->22722 22733->22724 22733->22726 22733->22729 22840 7ff76b1acf50 FindNextFileW FindNextFileW GetLastError GetLastError 22733->22840 22841 7ff76b1b7010 50 API calls 22733->22841 22842 7ff76b1b6f40 28 API calls 22733->22842 22843 7ff76b1a11e0 HeapFree 22733->22843 22781->22585 22781->22617 22858 7ff76b1ae7c0 22782->22858 22785 7ff76b1aea48 22785->22653 22786 7ff76b1aea25 22875 7ff76b1ae300 22786->22875 22790 7ff76b1d53a0 21 API calls 22791 7ff76b1aeabe 22790->22791 22891 7ff76b1a6170 HeapFree 22791->22891 22793 7ff76b1aeadb 22793->22653 22795 7ff76b1ab9a2 22794->22795 22796 7ff76b1ab9aa CreateWaitableTimerExW 22794->22796 22795->22796 22797 7ff76b1aba38 Sleep 22795->22797 22796->22797 22798 7ff76b1ab9c5 22796->22798 22802 7ff76b1a206f 22797->22802 22799 7ff76b1aba3a CloseHandle 22798->22799 22803 7ff76b1ab9e9 SetWaitableTimer 22798->22803 22799->22797 22805 7ff76b1ac400 22802->22805 22803->22799 22804 7ff76b1aba1a WaitForSingleObject FindCloseChangeNotification 22803->22804 22804->22797 22804->22802 22898 7ff76b1ac430 GetCommandLineW 22805->22898 22808 7ff76b1a48e0 22923 7ff76b1acd30 21 API calls 22808->22923 22810 7ff76b1a4917 22814 7ff76b1a4986 22810->22814 22815 7ff76b1a492a 22810->22815 22811 7ff76b1a4acb 22812 7ff76b1a4aea 22811->22812 22926 7ff76b1a4ea0 HeapFree 22811->22926 22812->22659 22817 7ff76b1a4b75 22814->22817 22822 7ff76b1a4a03 22814->22822 22815->22811 22924 7ff76b1a4ea0 HeapFree 22815->22924 22818 7ff76b1a4bc6 22817->22818 22929 7ff76b1a4ea0 HeapFree 22817->22929 22818->22659 22821 7ff76b1a4b32 22821->22812 22928 7ff76b1a4ea0 HeapFree 22821->22928 22823 7ff76b1a4aec 22822->22823 22925 7ff76b1acd30 21 API calls 22822->22925 22823->22821 22927 7ff76b1a4ea0 HeapFree 22823->22927 22827 7ff76b1d53a0 21 API calls 22826->22827 22828 7ff76b1d5584 22827->22828 22930 7ff76b1d54c0 21 API calls 22828->22930 22839->22667 22840->22733 22841->22733 22842->22733 22843->22733 22845->22687 22847->22668 22848->22669 22849->22675 22850->22685 22851->22693 22852->22781 22859 7ff76b1ae7e4 22858->22859 22860 7ff76b1ae8bb 22858->22860 22861 7ff76b1ae804 22859->22861 22892 7ff76b1b5670 21 API calls 22859->22892 22860->22785 22860->22786 22890 7ff76b1d4d10 24 API calls 22860->22890 22861->22860 22863 7ff76b1ae835 AcquireSRWLockExclusive 22861->22863 22864 7ff76b1ae85a 22863->22864 22865 7ff76b1cbc70 21 API calls 22864->22865 22866 7ff76b1ae88c 22865->22866 22867 7ff76b1ae8bf 22866->22867 22868 7ff76b1ae894 22866->22868 22873 7ff76b1ae8af 22867->22873 22894 7ff76b1a6170 HeapFree 22867->22894 22893 7ff76b1a6170 HeapFree 22868->22893 22871 7ff76b1ae8ee ReleaseSRWLockExclusive 22871->22860 22872 7ff76b1ae907 22871->22872 22872->22860 22895 7ff76b1aa560 HeapFree 22872->22895 22873->22871 22876 7ff76b1ae350 AcquireSRWLockExclusive 22875->22876 22877 7ff76b1ae340 22875->22877 22879 7ff76b1ae34b 22876->22879 22878 7ff76b1ae3f8 22877->22878 22877->22879 22897 7ff76b1d5330 21 API calls 22878->22897 22881 7ff76b1cbc70 21 API calls 22879->22881 22883 7ff76b1ae3a5 22881->22883 22885 7ff76b1ae3ad 22883->22885 22896 7ff76b1a6170 HeapFree 22883->22896 22887 7ff76b1ae3d2 22885->22887 22888 7ff76b1ae3c4 ReleaseSRWLockExclusive 22885->22888 22887->22785 22887->22790 22888->22887 22890->22786 22891->22793 22892->22861 22893->22873 22894->22873 22895->22860 22896->22885 22899 7ff76b1ac481 22898->22899 22900 7ff76b1ac8f5 22898->22900 22899->22900 22904 7ff76b1ac492 22899->22904 22918 7ff76b1b8b20 26 API calls 22900->22918 22902 7ff76b1ac8fe 22905 7ff76b1ac922 22902->22905 22919 7ff76b1a6170 HeapFree 22902->22919 22916 7ff76b1af530 HeapFree 22904->22916 22907 7ff76b1a207e 22905->22907 22907->22808 22908 7ff76b1ac75f 22911 7ff76b1ac94b 22908->22911 22920 7ff76b1af530 HeapFree 22908->22920 22910 7ff76b1ac964 22910->22907 22922 7ff76b1a4ea0 HeapFree 22910->22922 22911->22910 22921 7ff76b1a4ea0 HeapFree 22911->22921 22915 7ff76b1ac572 22915->22908 22917 7ff76b1af530 HeapFree 22915->22917 22916->22915 22917->22915 22918->22902 22919->22905 22920->22911 22921->22910 22922->22907 22923->22810 22924->22815 22925->22822 22926->22812 22927->22823 22928->22812 22929->22818 22932 7ff76b1b4699 22931->22932 22933 7ff76b1b468d 22931->22933 22941 7ff76b1b2d20 22932->22941 22944 7ff76b1d5310 21 API calls 22933->22944 22945 7ff76b1b4930 22941->22945 22943 7ff76b1b2d29 22946 7ff76b1b4953 22945->22946 22947 7ff76b1b49ab 22946->22947 22949 7ff76b1b4a30 21 API calls 22946->22949 22954 7ff76b1b4a30 22947->22954 22949->22947 22951 7ff76b1b4a0f 22951->22943 22953 7ff76b1b4a24 22953->22943 22955 7ff76b1b4a69 22954->22955 22973 7ff76b1b4b7d 22954->22973 22957 7ff76b1b4a8f AcquireSRWLockShared 22955->22957 22958 7ff76b1b4c9d 22955->22958 22962 7ff76b1b4af6 22957->22962 22964 7ff76b1b4b14 ReleaseSRWLockShared 22957->22964 22959 7ff76b1af310 19 API calls 22958->22959 22961 7ff76b1b4c8e 22959->22961 22960 7ff76b1b4cec 22963 7ff76b1b49e9 22960->22963 23023 7ff76b1a6170 HeapFree 22960->23023 22961->22960 23022 7ff76b1a6170 HeapFree 22961->23022 22979 7ff76b1b4050 22962->22979 22963->22951 22978 7ff76b1a4ea0 HeapFree 22963->22978 22969 7ff76b1b4b82 22964->22969 22970 7ff76b1b4b6e 22964->22970 22972 7ff76b1cbc70 19 API calls 22969->22972 23014 7ff76b1b4d80 21 API calls 22970->23014 22974 7ff76b1b4bcf 22972->22974 23017 7ff76b1af310 22973->23017 22975 7ff76b1b4bd7 22974->22975 23015 7ff76b1a6170 HeapFree 22974->23015 23016 7ff76b1a6170 HeapFree 22975->23016 22978->22953 22980 7ff76b1b407a 22979->22980 22982 7ff76b1b4074 22979->22982 22980->22982 23047 7ff76b1af710 21 API calls 22980->23047 23024 7ff76b1b3040 22982->23024 22984 7ff76b1b41be 23032 7ff76b1b4530 22984->23032 22985 7ff76b1b41b5 22985->22984 22991 7ff76b1b41fa AcquireSRWLockExclusive 22985->22991 22989 7ff76b1b42b5 22998 7ff76b1b42bc 22989->22998 23051 7ff76b1aa5b0 HeapFree 22989->23051 22990 7ff76b1b41d6 22990->22985 22992 7ff76b1b4361 22990->22992 22993 7ff76b1b421f 22991->22993 23005 7ff76b1b423e 22991->23005 23053 7ff76b1d57a0 21 API calls 22992->23053 22994 7ff76b1b4530 19 API calls 22993->22994 22994->23005 22996 7ff76b1b432f 22996->22964 22998->22996 23052 7ff76b1aa560 HeapFree 22998->23052 22999 7ff76b1b4257 ReleaseSRWLockExclusive 23000 7ff76b1b42be 22999->23000 23009 7ff76b1b4289 22999->23009 23049 7ff76b1b5670 21 API calls 23000->23049 23005->22999 23006 7ff76b1b42c9 23008 7ff76b1b438b 23006->23008 23006->23009 23010 7ff76b1b439a 23008->23010 23054 7ff76b1aa560 HeapFree 23008->23054 23009->22989 23050 7ff76b1aa560 HeapFree 23009->23050 23055 7ff76b1d57a0 21 API calls 23010->23055 23015->22975 23016->22973 23018 7ff76b1cbc70 21 API calls 23017->23018 23019 7ff76b1af341 23018->23019 23020 7ff76b1af349 23019->23020 23061 7ff76b1a6170 HeapFree 23019->23061 23020->22961 23022->22960 23023->22963 23025 7ff76b1b3072 23024->23025 23029 7ff76b1b30a0 23024->23029 23031 7ff76b1b30ea 23025->23031 23056 7ff76b1c0ba0 21 API calls 23025->23056 23026 7ff76b1abc90 21 API calls 23028 7ff76b1b30cd 23026->23028 23030 7ff76b1d53a0 21 API calls 23028->23030 23028->23031 23029->23026 23029->23031 23030->23031 23031->22984 23031->22985 23048 7ff76b1b5670 21 API calls 23031->23048 23046 7ff76b1af310 21 API calls 23032->23046 23033 7ff76b1b45bc 23035 7ff76b1b45d0 23033->23035 23057 7ff76b1a6170 HeapFree 23033->23057 23036 7ff76b1b4603 23035->23036 23037 7ff76b1b4605 23035->23037 23038 7ff76b1b45e6 23035->23038 23036->22989 23037->23036 23045 7ff76b1af310 21 API calls 23037->23045 23039 7ff76b1b45f1 23038->23039 23040 7ff76b1b4656 23038->23040 23058 7ff76b1b21b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive 23039->23058 23059 7ff76b1b21b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive 23040->23059 23043 7ff76b1b45f9 23043->23036 23060 7ff76b1a6170 HeapFree 23043->23060 23045->23043 23046->23033 23048->22990 23049->23006 23050->22989 23051->22998 23052->22996 23054->23010 23056->23029 23057->23035 23058->23043 23059->23043 23060->23036 23061->23020 23063 7ff76b1cb220 23062->23063 23064 7ff76b1cbc70 21 API calls 23063->23064 23065 7ff76b1cb29e 23064->23065 23065->22623 23076 7ff76b1ae480 23066->23076 23068 7ff76b1af4be 23069 7ff76b1af4df 23068->23069 23102 7ff76b1a6170 HeapFree 23068->23102 23069->22622 23191 7ff76b1aec40 23071->23191 23074 7ff76b1af44f 23074->22622 23077 7ff76b1ae651 23076->23077 23078 7ff76b1ae4a9 23076->23078 23123 7ff76b1d52b0 21 API calls 23077->23123 23103 7ff76b1cd170 23078->23103 23081 7ff76b1ae65d 23083 7ff76b1d53a0 21 API calls 23081->23083 23086 7ff76b1ae692 23083->23086 23084 7ff76b1ae4d0 23084->23081 23087 7ff76b1ae4df 23084->23087 23085 7ff76b1ae518 23095 7ff76b1ae53b 23085->23095 23117 7ff76b1ad740 21 API calls 23085->23117 23086->23068 23088 7ff76b1ae561 23087->23088 23089 7ff76b1ae4e9 23087->23089 23110 7ff76b1aeb50 23088->23110 23096 7ff76b1ae4f8 23089->23096 23119 7ff76b1d4bf0 21 API calls 23089->23119 23093 7ff76b1ae5fc 23093->23068 23095->23093 23122 7ff76b1d4bf0 21 API calls 23095->23122 23096->23093 23120 7ff76b1ad740 21 API calls 23096->23120 23097 7ff76b1ae5ab 23097->23093 23121 7ff76b1d4bf0 21 API calls 23097->23121 23102->23069 23104 7ff76b1cd191 23103->23104 23105 7ff76b1cd1a7 23103->23105 23104->23105 23124 7ff76b1d5840 21 API calls 23104->23124 23108 7ff76b1ae4c2 23105->23108 23125 7ff76b1d58c0 21 API calls 23105->23125 23108->23084 23108->23085 23111 7ff76b1aeb68 23110->23111 23115 7ff76b1ae571 23110->23115 23113 7ff76b1aec2f 23111->23113 23111->23115 23126 7ff76b1c0260 23111->23126 23158 7ff76b1d5840 21 API calls 23113->23158 23115->23093 23115->23097 23118 7ff76b1a6170 HeapFree 23115->23118 23117->23095 23118->23097 23120->23097 23127 7ff76b1c0287 GetStdHandle 23126->23127 23139 7ff76b1c02b6 23126->23139 23128 7ff76b1c029a 23127->23128 23127->23139 23129 7ff76b1c02d0 GetConsoleMode 23128->23129 23130 7ff76b1c02a3 GetLastError 23128->23130 23131 7ff76b1c0351 23129->23131 23132 7ff76b1c02e8 23129->23132 23130->23139 23182 7ff76b1b8150 21 API calls 23131->23182 23134 7ff76b1c02fc 23132->23134 23140 7ff76b1c037c 23132->23140 23136 7ff76b1c0304 23134->23136 23137 7ff76b1c04da 23134->23137 23135 7ff76b1c0370 23135->23139 23136->23139 23142 7ff76b1c050f 23136->23142 23149 7ff76b1c0400 23136->23149 23138 7ff76b1d53a0 17 API calls 23137->23138 23138->23142 23139->23111 23140->23139 23141 7ff76b1c03e4 23140->23141 23183 7ff76b1a4ed0 21 API calls 23140->23183 23159 7ff76b1c05d0 23141->23159 23184 7ff76b1d58c0 21 API calls 23142->23184 23146 7ff76b1c0526 23185 7ff76b1d57a0 21 API calls 23146->23185 23147 7ff76b1c03ca 23147->23141 23147->23146 23149->23139 23150 7ff76b1c0556 23149->23150 23152 7ff76b1c0485 23149->23152 23186 7ff76b1d4940 21 API calls 23150->23186 23154 7ff76b1c05d0 17 API calls 23152->23154 23153 7ff76b1c0576 23187 7ff76b1d4940 21 API calls 23153->23187 23156 7ff76b1c0494 23154->23156 23156->23139 23156->23153 23157 7ff76b1c0596 CloseHandle 23157->23111 23160 7ff76b1c05e1 23159->23160 23161 7ff76b1c0629 MultiByteToWideChar 23160->23161 23162 7ff76b1c0656 23161->23162 23163 7ff76b1c07c7 23161->23163 23164 7ff76b1c0801 23162->23164 23165 7ff76b1c0664 WriteConsoleW 23162->23165 23166 7ff76b1d53a0 16 API calls 23163->23166 23189 7ff76b1d58c0 21 API calls 23164->23189 23168 7ff76b1c0693 23165->23168 23169 7ff76b1c077e GetLastError 23165->23169 23166->23164 23172 7ff76b1c06a6 23168->23172 23173 7ff76b1c07b5 23168->23173 23177 7ff76b1c071d 23168->23177 23169->23177 23170 7ff76b1c0714 23170->23177 23190 7ff76b1d58c0 21 API calls 23170->23190 23172->23170 23176 7ff76b1c06ba WriteConsoleW 23172->23176 23175 7ff76b1d5510 16 API calls 23173->23175 23175->23163 23176->23170 23179 7ff76b1c06ee GetLastError 23176->23179 23177->23139 23188 7ff76b1a6170 HeapFree 23179->23188 23182->23135 23183->23147 23186->23153 23187->23157 23188->23170 23192 7ff76b1aecfd 23191->23192 23194 7ff76b1aec58 23191->23194 23192->23074 23219 7ff76b1a6170 HeapFree 23192->23219 23193 7ff76b1c0260 21 API calls 23193->23194 23194->23192 23194->23193 23195 7ff76b1aed1f 23194->23195 23220 7ff76b1d5840 21 API calls 23195->23220 23219->23074

    Executed Functions

    Function 00007FF76B1A2000 Relevance: 14.3, APIs: 2, Strings: 7, Instructions: 761COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff76b1a2000-7ff76b1a2098 call 7ff76b1ae9e0 call 7ff76b1ab990 call 7ff76b1ac400 call 7ff76b1a48e0 9 7ff76b1a2f15-7ff76b1a2f21 call 7ff76b1d5510 0->9 10 7ff76b1a209e-7ff76b1a20d7 call 7ff76b1b6960 0->10 14 7ff76b1a2f26 9->14 15 7ff76b1a2cba-7ff76b1a2ccb 10->15 16 7ff76b1a20dd-7ff76b1a217e call 7ff76b1d3b80 call 7ff76b1ae9e0 call 7ff76b1d3b80 10->16 17 7ff76b1a3007-7ff76b1a3049 call 7ff76b1a1520 14->17 19 7ff76b1a2d02-7ff76b1a2d0c 15->19 20 7ff76b1a2ccd-7ff76b1a2cd1 15->20 44 7ff76b1a2180-7ff76b1a2193 call 7ff76b1acf50 16->44 24 7ff76b1a2d24-7ff76b1a2d27 19->24 25 7ff76b1a2d0e-7ff76b1a2d1f call 7ff76b1a4ea0 19->25 23 7ff76b1a2ce9-7ff76b1a2cf0 20->23 28 7ff76b1a2ce0-7ff76b1a2ce7 23->28 29 7ff76b1a2cf2-7ff76b1a2d00 call 7ff76b1a4ea0 23->29 31 7ff76b1a2e91-7ff76b1a2ea5 24->31 32 7ff76b1a2d2d-7ff76b1a2d97 call 7ff76b1acf30 24->32 25->24 28->19 28->23 29->28 39 7ff76b1a2f5e-7ff76b1a2f90 call 7ff76b1d57a0 32->39 40 7ff76b1a2d9d-7ff76b1a2e22 call 7ff76b1adcc0 32->40 39->17 48 7ff76b1a2f92-7ff76b1a2fbd call 7ff76b1d57a0 40->48 49 7ff76b1a2e28-7ff76b1a2e57 call 7ff76b1a3b80 40->49 53 7ff76b1a2199-7ff76b1a21aa 44->53 54 7ff76b1a247d-7ff76b1a2494 call 7ff76b1b5fd0 44->54 48->17 60 7ff76b1a2fbf-7ff76b1a2ff1 call 7ff76b1d57a0 49->60 61 7ff76b1a2e5d-7ff76b1a2e67 49->61 58 7ff76b1a21b0-7ff76b1a2207 call 7ff76b1d3b80 call 7ff76b1ad170 call 7ff76b1acee0 53->58 59 7ff76b1a2573-7ff76b1a258a call 7ff76b1b5fd0 53->59 68 7ff76b1a2496-7ff76b1a24a4 call 7ff76b1a44e0 54->68 69 7ff76b1a24a9-7ff76b1a253c call 7ff76b1b1ce0 * 2 call 7ff76b1b6960 54->69 87 7ff76b1a2f2b-7ff76b1a2f37 call 7ff76b1d5310 58->87 88 7ff76b1a220d-7ff76b1a2215 58->88 59->15 76 7ff76b1a2590-7ff76b1a25a3 call 7ff76b1a44e0 59->76 60->17 66 7ff76b1a2e69-7ff76b1a2e76 call 7ff76b1a4ea0 61->66 67 7ff76b1a2e7b-7ff76b1a2e8c CloseHandle call 7ff76b1a11e0 61->67 66->67 67->31 68->69 94 7ff76b1a25a8-7ff76b1a25d2 call 7ff76b1d3b80 69->94 95 7ff76b1a253e-7ff76b1a2548 69->95 76->15 87->17 91 7ff76b1a223f-7ff76b1a2249 88->91 92 7ff76b1a2217-7ff76b1a2239 88->92 97 7ff76b1a224b-7ff76b1a2258 call 7ff76b1a4ea0 91->97 98 7ff76b1a225d-7ff76b1a226f call 7ff76b1ad150 91->98 92->91 96 7ff76b1a2441-7ff76b1a244b 92->96 100 7ff76b1a25d4-7ff76b1a25e1 call 7ff76b1a4ea0 94->100 110 7ff76b1a25e6-7ff76b1a25e9 94->110 95->100 101 7ff76b1a254e 95->101 105 7ff76b1a245f-7ff76b1a246a 96->105 106 7ff76b1a244d-7ff76b1a245a call 7ff76b1a4ea0 96->106 97->98 116 7ff76b1a2553 98->116 117 7ff76b1a2275-7ff76b1a227d 98->117 100->110 101->110 105->44 109 7ff76b1a2470-7ff76b1a2478 call 7ff76b1a44e0 105->109 106->105 109->44 114 7ff76b1a2612-7ff76b1a2649 call 7ff76b1d3b80 110->114 115 7ff76b1a25eb-7ff76b1a25f5 110->115 132 7ff76b1a264b-7ff76b1a2658 call 7ff76b1a4ea0 114->132 133 7ff76b1a265d-7ff76b1a26d2 call 7ff76b1ae9e0 call 7ff76b1d3b80 114->133 115->15 119 7ff76b1a25fb-7ff76b1a260d call 7ff76b1a4ea0 115->119 120 7ff76b1a255a-7ff76b1a2565 116->120 122 7ff76b1a22f0-7ff76b1a2322 call 7ff76b1acfe0 call 7ff76b1b6f40 117->122 123 7ff76b1a227f-7ff76b1a2292 117->123 119->15 120->59 125 7ff76b1a2567-7ff76b1a256e call 7ff76b1a44e0 120->125 143 7ff76b1a2324-7ff76b1a2331 call 7ff76b1a4ea0 122->143 144 7ff76b1a2336-7ff76b1a2340 122->144 123->122 128 7ff76b1a2294-7ff76b1a22c6 call 7ff76b1acfe0 call 7ff76b1b7010 123->128 125->59 147 7ff76b1a22c8-7ff76b1a22d5 call 7ff76b1a4ea0 128->147 148 7ff76b1a22da-7ff76b1a22dd 128->148 132->133 152 7ff76b1a26e0-7ff76b1a26f7 call 7ff76b1acf50 133->152 143->144 150 7ff76b1a2423-7ff76b1a242e 144->150 151 7ff76b1a2346-7ff76b1a2376 call 7ff76b1ad170 call 7ff76b1acee0 144->151 147->148 148->150 154 7ff76b1a22e3 148->154 150->44 155 7ff76b1a2434-7ff76b1a243c call 7ff76b1a44e0 150->155 166 7ff76b1a2f3c-7ff76b1a2f48 call 7ff76b1d5310 151->166 167 7ff76b1a237c-7ff76b1a2403 call 7ff76b1ae9e0 151->167 164 7ff76b1a2a21-7ff76b1a2a38 call 7ff76b1b5fd0 152->164 165 7ff76b1a26fd-7ff76b1a270e 152->165 154->120 155->44 177 7ff76b1a2a3a-7ff76b1a2a48 call 7ff76b1a44e0 164->177 178 7ff76b1a2a4d-7ff76b1a2aef call 7ff76b1b1ce0 call 7ff76b1acf30 164->178 169 7ff76b1a2714-7ff76b1a276b call 7ff76b1d3b80 call 7ff76b1ad170 call 7ff76b1acee0 165->169 170 7ff76b1a2c8e-7ff76b1a2ca5 call 7ff76b1b5fd0 165->170 166->17 183 7ff76b1a2405-7ff76b1a2412 call 7ff76b1a4ea0 167->183 184 7ff76b1a2417-7ff76b1a241e call 7ff76b1a11e0 167->184 197 7ff76b1a2771-7ff76b1a2782 169->197 198 7ff76b1a2f4d-7ff76b1a2f59 call 7ff76b1d5310 169->198 170->15 182 7ff76b1a2ca7-7ff76b1a2cb5 call 7ff76b1a44e0 170->182 177->178 199 7ff76b1a2af1-7ff76b1a2afe call 7ff76b1a4ea0 178->199 200 7ff76b1a2b03-7ff76b1a2b06 178->200 182->15 183->184 184->150 202 7ff76b1a27b0 197->202 203 7ff76b1a2784 197->203 198->17 199->200 200->15 201 7ff76b1a2b0c-7ff76b1a2c25 CloseHandle call 7ff76b1ae9e0 call 7ff76b1ba6c0 call 7ff76b1d3b80 call 7ff76b1ba860 * 3 call 7ff76b1ba7c0 call 7ff76b1b1e50 200->201 276 7ff76b1a2ea6-7ff76b1a2f10 call 7ff76b1a1080 call 7ff76b1a12b0 call 7ff76b1a1520 201->276 277 7ff76b1a2c2b-7ff76b1a2c45 call 7ff76b1a12b0 201->277 207 7ff76b1a27b5-7ff76b1a27db call 7ff76b1d3b80 202->207 208 7ff76b1a3002 call 7ff76b1ca380 203->208 209 7ff76b1a278a-7ff76b1a27a1 call 7ff76b1a4e90 203->209 220 7ff76b1a27ef-7ff76b1a2808 call 7ff76b1ad150 207->220 221 7ff76b1a27dd-7ff76b1a27ea call 7ff76b1a4ea0 207->221 208->17 209->207 218 7ff76b1a27a3-7ff76b1a3000 call 7ff76b1d5290 209->218 218->17 231 7ff76b1a2c47-7ff76b1a2c58 220->231 232 7ff76b1a280e-7ff76b1a2822 220->232 221->220 233 7ff76b1a2c75-7ff76b1a2c80 231->233 234 7ff76b1a2c5a-7ff76b1a2c6c call 7ff76b1a4ea0 231->234 236 7ff76b1a2824-7ff76b1a2847 232->236 237 7ff76b1a284d-7ff76b1a2850 232->237 233->170 240 7ff76b1a2c82-7ff76b1a2c89 call 7ff76b1a44e0 233->240 234->233 236->237 241 7ff76b1a29ec-7ff76b1a2a0e call 7ff76b1a4ea0 236->241 242 7ff76b1a28f0-7ff76b1a2935 call 7ff76b1acfe0 call 7ff76b1b1ce0 237->242 243 7ff76b1a2856-7ff76b1a2863 237->243 240->170 241->152 254 7ff76b1a2a14-7ff76b1a2a1c call 7ff76b1a44e0 241->254 265 7ff76b1a2937-7ff76b1a2944 call 7ff76b1a4ea0 242->265 266 7ff76b1a2949-7ff76b1a298e call 7ff76b1b7f40 242->266 243->242 249 7ff76b1a2869-7ff76b1a28ae call 7ff76b1acfe0 call 7ff76b1b1ce0 243->249 270 7ff76b1a28b0-7ff76b1a28bd call 7ff76b1a4ea0 249->270 271 7ff76b1a28c2-7ff76b1a28da call 7ff76b1a1740 249->271 254->152 265->266 278 7ff76b1a2990-7ff76b1a299d call 7ff76b1a4ea0 266->278 279 7ff76b1a29a2-7ff76b1a29ac 266->279 270->271 285 7ff76b1a28e0 271->285 286 7ff76b1a29ce-7ff76b1a29d9 271->286 276->31 277->15 278->279 283 7ff76b1a29c0-7ff76b1a29c8 279->283 284 7ff76b1a29ae-7ff76b1a29bb call 7ff76b1a4ea0 279->284 283->286 290 7ff76b1a2c6e 283->290 284->283 285->233 286->152 291 7ff76b1a29df-7ff76b1a29e7 call 7ff76b1a44e0 286->291 290->233 291->152
    APIs
      • Part of subcall function 00007FF76B1AB990: CreateWaitableTimerExW.KERNEL32(?,?,?,?,?,?,00007FF76B1A206F), ref: 00007FF76B1AB9BA
      • Part of subcall function 00007FF76B1AB990: SetWaitableTimer.KERNELBASE ref: 00007FF76B1ABA10
      • Part of subcall function 00007FF76B1AB990: WaitForSingleObject.KERNEL32 ref: 00007FF76B1ABA22
      • Part of subcall function 00007FF76B1AB990: FindCloseChangeNotification.KERNELBASE ref: 00007FF76B1ABA2D
      • Part of subcall function 00007FF76B1AB990: Sleep.KERNEL32(?,?,?,?,?,?,00007FF76B1A206F), ref: 00007FF76B1ABA89
    • CloseHandle.KERNEL32 ref: 00007FF76B1A2E7F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CloseTimerWaitable$ChangeCreateFindHandleNotificationObjectSingleSleepWait
    • String ID: Download$Download$DownloadsClangenApplying updated files$a Display implementation returned an error unexpectedly/rustc/7cf61ebde7b22796c69757901dd346d0fe70bd97\library\alloc\src\string.rs$auto-updatedStarting game$called `Result::unwrap()` on an `Err` value$cmd.exe/CstartClangen.exe
    • API String ID: 3431879209-302005439
    • Opcode ID: 530b4051f85cb137c2640e3ec11604f1ba58faa2dd0f99c45bd66fb6216bca5c
    • Instruction ID: 4455a70104cd261af6c67e72aee2772f25870e5519ac683a0b0b61dd8b295203
    • Opcode Fuzzy Hash: 530b4051f85cb137c2640e3ec11604f1ba58faa2dd0f99c45bd66fb6216bca5c
    • Instruction Fuzzy Hash: 30925662615AC6D8FB74AF29E8507E96361FB4278CF804135DA4C0BEAADF3DE245C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1AB260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143threadCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorExceptionGuaranteeHandlerLastStackThreadVectored
    • String ID: main
    • API String ID: 1207050972-3207122276
    • Opcode ID: d6936c2398ac65e231b754b425a5d3696dd2cab96e428a23b6a25428cfa8fee7
    • Instruction ID: dd7f3d46cecaa6fbdd4969dba669e455fca7afb7b73baad99c61bcf835d7c12f
    • Opcode Fuzzy Hash: d6936c2398ac65e231b754b425a5d3696dd2cab96e428a23b6a25428cfa8fee7
    • Instruction Fuzzy Hash: E4714C22A04B85E9EB18EF68E8503E977A4FB4634CFD04535DA4D42AA9DF38E585C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1AEC40 Relevance: .5, Instructions: 452COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorHandleLast
    • String ID:
    • API String ID: 2586478127-0
    • Opcode ID: 3c8e6f28b6e6637481e2718ad6d752708c67d8b475c7eb4cc220ec60e0d66943
    • Instruction ID: 52e998bc683c9100881f3ccd7a41ae6b30dfcf9796481bee8003f0d8034a4e52
    • Opcode Fuzzy Hash: 3c8e6f28b6e6637481e2718ad6d752708c67d8b475c7eb4cc220ec60e0d66943
    • Instruction Fuzzy Hash: 34F1E262B18646E2EE18AB19B9003BAA751FB4679CFD48531DE1D53BA4DF3CF581C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CF624 Relevance: 12.1, APIs: 8, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
    • String ID:
    • API String ID: 1804101941-0
    • Opcode ID: 4b7976ab3a7e7515828f30066834e75d186cf6026e36aec12c915f118a6745c4
    • Instruction ID: aab527dfa8e7f1ff2d68995109aaef9028c79f089a4b17168b9cd0314af18575
    • Opcode Fuzzy Hash: 4b7976ab3a7e7515828f30066834e75d186cf6026e36aec12c915f118a6745c4
    • Instruction Fuzzy Hash: 91311A21A08647E1EA1CBB6CB4153B9E3619F4778CFD40035E65E476F7DF2CA8498A30
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1AB990 Relevance: 9.1, APIs: 6, Instructions: 79timesleepsynchronizationCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CloseTimerWaitable$ChangeCreateFindHandleNotificationObjectSingleSleepWait
    • String ID:
    • API String ID: 3431879209-0
    • Opcode ID: fc1fe2e16af9744694a1f90e09089568cedd9f92e0ee075a955cdac10e5f64b4
    • Instruction ID: f0c1245791939e03778bb901be628ad3a8f806e4540f3f7568c1899d1577ef99
    • Opcode Fuzzy Hash: fc1fe2e16af9744694a1f90e09089568cedd9f92e0ee075a955cdac10e5f64b4
    • Instruction Fuzzy Hash: 2A210B21F0A6DA92EE5CAB69B91573AB2519F87758FC45234DD1F42BF0DE3C74018310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C0260 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 218COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 366 7ff76b1c0260-7ff76b1c0285 367 7ff76b1c02b6-7ff76b1c02bc 366->367 368 7ff76b1c0287-7ff76b1c0298 GetStdHandle 366->368 371 7ff76b1c0429-7ff76b1c0438 367->371 369 7ff76b1c02c1-7ff76b1c02cb 368->369 370 7ff76b1c029a-7ff76b1c02a1 368->370 374 7ff76b1c041e-7ff76b1c0422 369->374 372 7ff76b1c02d0-7ff76b1c02e6 GetConsoleMode 370->372 373 7ff76b1c02a3-7ff76b1c02b1 GetLastError 370->373 375 7ff76b1c0351-7ff76b1c0377 call 7ff76b1b8150 372->375 376 7ff76b1c02e8-7ff76b1c02f6 372->376 373->374 374->371 375->371 378 7ff76b1c037c-7ff76b1c039e call 7ff76b1cd2a0 376->378 379 7ff76b1c02fc-7ff76b1c02fe 376->379 388 7ff76b1c03a4-7ff76b1c03ab 378->388 389 7ff76b1c0439-7ff76b1c043d 378->389 382 7ff76b1c0304-7ff76b1c0310 379->382 383 7ff76b1c04da-7ff76b1c050a call 7ff76b1d53a0 379->383 386 7ff76b1c0316-7ff76b1c0337 382->386 387 7ff76b1c03ee-7ff76b1c03f2 382->387 390 7ff76b1c050f-7ff76b1c0521 call 7ff76b1d58c0 383->390 392 7ff76b1c03f4-7ff76b1c03fa 386->392 393 7ff76b1c033d-7ff76b1c034c 386->393 391 7ff76b1c0417 387->391 395 7ff76b1c03b1-7ff76b1c03de call 7ff76b1a4ed0 call 7ff76b1cd2a0 388->395 396 7ff76b1c044e-7ff76b1c0461 388->396 394 7ff76b1c0441-7ff76b1c0447 call 7ff76b1c05d0 389->394 401 7ff76b1c0526-7ff76b1c0551 call 7ff76b1d57a0 390->401 391->374 392->390 398 7ff76b1c0400-7ff76b1c0415 call 7ff76b1cd2a0 392->398 393->371 407 7ff76b1c044c 394->407 395->401 418 7ff76b1c03e4-7ff76b1c03ec 395->418 402 7ff76b1c04c2 396->402 403 7ff76b1c0463-7ff76b1c0466 396->403 398->391 411 7ff76b1c0470-7ff76b1c047f 398->411 413 7ff76b1c0556-7ff76b1c0571 call 7ff76b1d4940 401->413 406 7ff76b1c04c9-7ff76b1c04d5 402->406 403->402 410 7ff76b1c0468-7ff76b1c046e 403->410 406->371 407->371 414 7ff76b1c04b0-7ff76b1c04bd 410->414 411->413 417 7ff76b1c0485-7ff76b1c049d call 7ff76b1c05d0 411->417 419 7ff76b1c0576-7ff76b1c05cf call 7ff76b1d4940 CloseHandle 413->419 414->371 417->406 424 7ff76b1c049f-7ff76b1c04aa 417->424 418->394 424->414 424->419
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Handle$CloseConsoleErrorLastMode
    • String ID: called `Result::unwrap()` on an `Err` value
    • API String ID: 1170577072-2333694755
    • Opcode ID: f63e01cc2ab66731026f09ccb1b31abaabfa351fcc2c39ce0f63af8fcbc40e3a
    • Instruction ID: 902821f63e7d01e2b82e559d4eee85f1b652ad85914be32ca6077039ad743b9b
    • Opcode Fuzzy Hash: f63e01cc2ab66731026f09ccb1b31abaabfa351fcc2c39ce0f63af8fcbc40e3a
    • Instruction Fuzzy Hash: E8A19262A08B96E4FB14AB69F8443FDA760BB0679CFC44531DE9D126A9DF3CD185C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C05D0 Relevance: 7.7, APIs: 5, Instructions: 155COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ConsoleErrorLastWrite$ByteCharMultiWide
    • String ID:
    • API String ID: 1956605914-0
    • Opcode ID: e4c5046e0223f60c82e2aafaece7b8b738f2cb250fa9fa7a01166a66f2fbcd3d
    • Instruction ID: c0f7a2c92c3c9c2a894f3c0ca2a7196ebd0ff0734bdaf7560b232da4b0911c60
    • Opcode Fuzzy Hash: e4c5046e0223f60c82e2aafaece7b8b738f2cb250fa9fa7a01166a66f2fbcd3d
    • Instruction Fuzzy Hash: 4251B362A08742D2F728AB19B4443BAE351FB86788FE44131D6CD42AF5DF7CD1858B20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B4050 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 235COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 462 7ff76b1b4050-7ff76b1b4072 463 7ff76b1b4074-7ff76b1b4078 462->463 464 7ff76b1b407a-7ff76b1b4095 462->464 465 7ff76b1b40a5-7ff76b1b40d7 463->465 466 7ff76b1b4097-7ff76b1b409b 464->466 467 7ff76b1b409d-7ff76b1b40a2 call 7ff76b1af710 464->467 471 7ff76b1b40df-7ff76b1b4102 465->471 472 7ff76b1b40d9-7ff76b1b40dd 465->472 466->465 467->465 476 7ff76b1b4104-7ff76b1b410f 471->476 477 7ff76b1b411a-7ff76b1b411f 471->477 473 7ff76b1b4112-7ff76b1b4118 472->473 475 7ff76b1b4126-7ff76b1b4149 call 7ff76b1b3040 473->475 480 7ff76b1b415e-7ff76b1b418f 475->480 481 7ff76b1b414b-7ff76b1b4152 475->481 476->473 477->475 483 7ff76b1b4191-7ff76b1b41b3 480->483 484 7ff76b1b41be-7ff76b1b41c6 480->484 481->480 482 7ff76b1b4154-7ff76b1b415b 481->482 482->480 485 7ff76b1b41b5-7ff76b1b41bc 483->485 486 7ff76b1b41cb-7ff76b1b41dd call 7ff76b1b5670 483->486 487 7ff76b1b4292-7ff76b1b42b0 call 7ff76b1b4530 484->487 489 7ff76b1b41e3-7ff76b1b41f4 485->489 486->489 496 7ff76b1b4361-7ff76b1b4389 call 7ff76b1d57a0 486->496 491 7ff76b1b42b5-7ff76b1b42ba 487->491 489->487 493 7ff76b1b41fa-7ff76b1b4219 AcquireSRWLockExclusive 489->493 494 7ff76b1b4300-7ff76b1b4304 491->494 495 7ff76b1b42bc 491->495 497 7ff76b1b421f-7ff76b1b4242 call 7ff76b1b4530 493->497 498 7ff76b1b433c-7ff76b1b4343 call 7ff76b1d4d80 493->498 499 7ff76b1b430f-7ff76b1b431f 494->499 502 7ff76b1b4306-7ff76b1b430a call 7ff76b1aa5b0 494->502 495->499 510 7ff76b1b43c6-7ff76b1b43e9 496->510 512 7ff76b1b4244-7ff76b1b4251 497->512 513 7ff76b1b4257-7ff76b1b4287 ReleaseSRWLockExclusive 497->513 519 7ff76b1b434b-7ff76b1b4352 call 7ff76b1d4d80 498->519 504 7ff76b1b4321-7ff76b1b4325 499->504 505 7ff76b1b432f-7ff76b1b433b 499->505 502->499 504->505 511 7ff76b1b4327-7ff76b1b432a call 7ff76b1aa560 504->511 517 7ff76b1b43fe-7ff76b1b4407 510->517 518 7ff76b1b43eb-7ff76b1b43f3 510->518 511->505 512->513 512->519 514 7ff76b1b4289-7ff76b1b4290 513->514 515 7ff76b1b42be-7ff76b1b42d0 call 7ff76b1b5670 513->515 520 7ff76b1b42d6-7ff76b1b42e3 514->520 515->520 529 7ff76b1b438b-7ff76b1b438f 515->529 518->517 522 7ff76b1b43f5-7ff76b1b43f9 call 7ff76b1aa5b0 518->522 519->513 531 7ff76b1b4358-7ff76b1b435c 519->531 526 7ff76b1b42e5-7ff76b1b42e9 520->526 527 7ff76b1b42f4-7ff76b1b42fe 520->527 522->517 526->527 530 7ff76b1b42eb-7ff76b1b42ef call 7ff76b1aa560 526->530 527->494 527->499 532 7ff76b1b4391-7ff76b1b4395 call 7ff76b1aa560 529->532 533 7ff76b1b439a-7ff76b1b43c1 call 7ff76b1d57a0 529->533 530->527 531->513 532->533 533->510
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ExclusiveLock$AcquireRelease
    • String ID: Box<dyn Any><unnamed>$cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs
    • API String ID: 17069307-3513654867
    • Opcode ID: 9e56891dbaaa2be37ae945aff01b3c740409319bc1c15ef59940a5850b45ce90
    • Instruction ID: cc7d40f86e4c4ddea9602a88ad398eadec53d6bd29588808fbfacd71f06beb4d
    • Opcode Fuzzy Hash: 9e56891dbaaa2be37ae945aff01b3c740409319bc1c15ef59940a5850b45ce90
    • Instruction Fuzzy Hash: 2CB16F22A08A42E9EB69EB68F4403B8B7A0FB5675CFC48135DA4D437A4DF3CE555C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1AE300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF76B1AEA43), ref: 00007FF76B1AE353
    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF76B1AEA43), ref: 00007FF76B1AE3CC
    Strings
    • lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs, xrefs: 00007FF76B1AE3F8
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ExclusiveLock$AcquireRelease
    • String ID: lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs
    • API String ID: 17069307-2303981482
    • Opcode ID: ed33352e7b6040fd366c7ab2bdab19be1b2995ea5d4f83659e79aff401a97841
    • Instruction ID: 0d578acfca2bc32b7622b016ba7c1de1d20471d0095f5d3aae596b6089bc1087
    • Opcode Fuzzy Hash: ed33352e7b6040fd366c7ab2bdab19be1b2995ea5d4f83659e79aff401a97841
    • Instruction Fuzzy Hash: 0F413D32A08A45EAEB44EB59E4803BC7770FB45798F944531CE1D53BA5CF38EA99C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B4A30 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Lock$AcquireExclusiveReleaseShared
    • String ID:
    • API String ID: 3474408661-0
    • Opcode ID: 5e341088182c183f0d7d68509e4669679a9df31a7ef7eee532a90243b0e016df
    • Instruction ID: 5aafff9f47b7356930ac24bcc704acfc3a103a11499a8d3300aa4c6669604f23
    • Opcode Fuzzy Hash: 5e341088182c183f0d7d68509e4669679a9df31a7ef7eee532a90243b0e016df
    • Instruction Fuzzy Hash: 0A914B32A08B81E8E714DB68E8503EC7BB4FB5635CF844135DA4C57AA9DF7C9199C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C0B10 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Thread$CurrentDescription
    • String ID:
    • API String ID: 654298328-0
    • Opcode ID: 7464b5da271eee3547e64a4047024a25f405b5475353236b9fc7ec4c266b1c63
    • Instruction ID: e2810dce00180af8bb835e3888d2d4d4cd679f546fe4fbc0a6d0d212dd241aea
    • Opcode Fuzzy Hash: 7464b5da271eee3547e64a4047024a25f405b5475353236b9fc7ec4c266b1c63
    • Instruction Fuzzy Hash: 3A018455A0C996D1E914B719F8043AEE762AB83BC8F904032EE4D17BB9DE1CE9424B10
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF76B1BA970 Relevance: 65.3, APIs: 30, Strings: 6, Instructions: 2309COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: EnvironmentStrings$CloseFreeHandle
    • String ID: .exeprogram not found$PATHRUST_MIN_STACKfatal runtime error: assertion failed: thread_info.stack_guard.get().is_none() && thread_info.thread.get().is_none()$\?\\$]?\\$assertion failed: self.height > 0$exe\\.\NUL\cmd.exemaximum number of ProcThreadAttributes exceeded
    • API String ID: 1070102993-3723273602
    • Opcode ID: c0a569ba85f51ca923f5c5b309cb1ea40d53f37039219e3267504b114ac614ab
    • Instruction ID: b8f587001ad862794bbe4e3e8d6a5e3f79fc3b3d08cab10589a2975298470550
    • Opcode Fuzzy Hash: c0a569ba85f51ca923f5c5b309cb1ea40d53f37039219e3267504b114ac614ab
    • Instruction Fuzzy Hash: 91436362A19BC1D8EB789F29EC403FE6361FB4678DF945135DA4D4BBA9DF3892408310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C2A50 Relevance: 33.9, APIs: 9, Strings: 10, Instructions: 607libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressProc$CurrentProcess
    • String ID: ($($SymAddrIncludeInlineTrace$SymFromAddrW$SymFromInlineContextW$SymGetLineFromAddrW64$SymGetLineFromInlineContextW$SymQueryInlineTrace$X$X
    • API String ID: 2190909847-3202392857
    • Opcode ID: e30f1d612a7b3f430123cc6f6944f8b97de3b68347d457c5f1d03cbb938c8741
    • Instruction ID: 249d876b30793c7e827bdb8893298cf251a53a1d046fda0db4d78f53a4e2284d
    • Opcode Fuzzy Hash: e30f1d612a7b3f430123cc6f6944f8b97de3b68347d457c5f1d03cbb938c8741
    • Instruction Fuzzy Hash: 2F42D031A08A86E2E7799B18F4557FAB360FB86798F804135EA8D037A4DF3DD146CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C26B0 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 213libraryloadersynchronizationCOMMON
    Download Yara Rule
    APIs
    • WaitForSingleObjectEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C26F8
    • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C2711
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C274A
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C2782
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C27BB
    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C27D4
    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C2812
    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C286C
    • CreateMutexA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C28FE
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C2923
    • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00007FF76B1C2969
    • ReleaseMutex.KERNEL32(?,?,?,?,?,?), ref: 00007FF76B1C29EE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressProc$Mutex$CurrentProcessRelease$CloseCreateHandleLibraryLoadObjectSingleWait
    • String ID: SymAddrIncludeInlineTrace$SymGetOptions$SymInitializeW$SymSetOptions$dbghelp.dll
    • API String ID: 2119853198-1171149474
    • Opcode ID: 5c143e11d80fa01238cad2a36c58b413d208c860972f4d8c067e61fe3478eec1
    • Instruction ID: 4de3d84e8412e56faea7bc5de57f1a606bf71eee2b2b03acba16968c24199450
    • Opcode Fuzzy Hash: 5c143e11d80fa01238cad2a36c58b413d208c860972f4d8c067e61fe3478eec1
    • Instruction Fuzzy Hash: 6691D321A08A56E6FB19AB29F8402B4B3A0BF5676CFC45234DD5D066F4DF3CE185C760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CFBB0 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: 2f7c665012475e383b50a7e4feef5da496d97ff880124e9ebb431658ca87039e
    • Instruction ID: 577233cf288ea2a3248bfcaa86e57ef51c5f50ef9a8fa71bc4e9d6e9a270887e
    • Opcode Fuzzy Hash: 2f7c665012475e383b50a7e4feef5da496d97ff880124e9ebb431658ca87039e
    • Instruction Fuzzy Hash: C4313D72604A81D5EB649F64F8503EDB364FB85708F80413ADA4E47BA9DF3CD548C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B82A0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 231windowCOMMON
    Download Yara Rule
    APIs
    Strings
    • assertion failed: self.is_char_boundary(new_len)/rustc/7cf61ebde7b22796c69757901dd346d0fe70bd97\library\alloc\src\string.rs, xrefs: 00007FF76B1B8635
    • NTDLL.DLL, xrefs: 00007FF76B1B82F8
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorFormatHandleLastMessageModule
    • String ID: NTDLL.DLL$assertion failed: self.is_char_boundary(new_len)/rustc/7cf61ebde7b22796c69757901dd346d0fe70bd97\library\alloc\src\string.rs
    • API String ID: 1273946083-3255755980
    • Opcode ID: dc9a0ff53819d05abff7ad6778eb36332ce663dcdb25176ca01a1c0113792c81
    • Instruction ID: 820718cea7a257a283ede0e94cdc71069f247d84048cd8b756d1740fb7f69e5c
    • Opcode Fuzzy Hash: dc9a0ff53819d05abff7ad6778eb36332ce663dcdb25176ca01a1c0113792c81
    • Instruction Fuzzy Hash: 6CA1A732909BC3E5E779AF18F8447F8A6A0FB46788FC04135DA9D06AA4DF7C9685C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B9A40 Relevance: 8.0, APIs: 5, Instructions: 501COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CryptCurrentProcessRandom
    • String ID:
    • API String ID: 2610850170-0
    • Opcode ID: c3a735419c04b427e6235cb2523904521c08a23222624fd95fdaf660f038e33d
    • Instruction ID: 38fad5d695754896ac8b54ec42f937fbe438845a599e5955091c71c575f5975b
    • Opcode Fuzzy Hash: c3a735419c04b427e6235cb2523904521c08a23222624fd95fdaf660f038e33d
    • Instruction Fuzzy Hash: 15220432A08A91D9E7689F39E8003E97BA0FB067ACF844235DA5D47BE9DF3DD1458310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1BFCC0 Relevance: 7.8, APIs: 5, Instructions: 266threadCOMMON
    Download Yara Rule
    APIs
    • InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,00000006,?,00000000,00000000,00000000,?,00000002,?), ref: 00007FF76B1BFD0D
    • InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,00000006,?,00000000,00000000,00000000,?,00000002,?), ref: 00007FF76B1BFDE8
    • UpdateProcThreadAttribute.KERNEL32(?,?,?,?,?,?,?,?,00000006,?,00000000,00000000,00000000,?,00000002,?), ref: 00007FF76B1BFE4A
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AttributeProcThread$InitializeList$Update
    • String ID:
    • API String ID: 3806694049-0
    • Opcode ID: 3f891653aa825eb9896c4be18cd4e604ece7826b97c5aa8137a607a2f2d07589
    • Instruction ID: 76f053b73088606683dc14d0c1f5996f842e8e88726dd6c570e4d887a15d0cee
    • Opcode Fuzzy Hash: 3f891653aa825eb9896c4be18cd4e604ece7826b97c5aa8137a607a2f2d07589
    • Instruction Fuzzy Hash: 95A1F366B18651E1EA58AB2DB8007B9A361BF46BACFD44231DE2D037E5DF3DE1418320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CFA8C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
    • String ID:
    • API String ID: 2933794660-0
    • Opcode ID: 4e93f7aa9f3647e63532af7c9a3772d2089fa29f58837dfee3430276709b2387
    • Instruction ID: 61228a07d5590bd2b6197752183602b3c95949442c1deaf21490524e94e7c82a
    • Opcode Fuzzy Hash: 4e93f7aa9f3647e63532af7c9a3772d2089fa29f58837dfee3430276709b2387
    • Instruction Fuzzy Hash: 31115A26B14F05DAEB00DFA4F8542B873A4FB5A758F840E35EA2D427A4DF3CD1588350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B6960 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 241fileCOMMON
    Download Yara Rule
    APIs
    Strings
    • *fatal runtime error: I/O error: operation failed to complete synchronously, xrefs: 00007FF76B1B6A13
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorFileFindFirstLast
    • String ID: *fatal runtime error: I/O error: operation failed to complete synchronously
    • API String ID: 873889042-4008212719
    • Opcode ID: 8e95f0ae28ca3cf809c66deda672534361a78f7da1a6f862b70e750a47e51a5e
    • Instruction ID: 6771bc78ca02b46d2ec28172559171612d1938cb5c04025c824e65da225c8574
    • Opcode Fuzzy Hash: 8e95f0ae28ca3cf809c66deda672534361a78f7da1a6f862b70e750a47e51a5e
    • Instruction Fuzzy Hash: FAB19372604781D9E778AF65B8443E9A761FB56798F844234CE9C0BBE6CF7DE2418320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B6730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74filenativeCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CreateFile
    • String ID: 0
    • API String ID: 823142352-4108050209
    • Opcode ID: 1f5587e6a1e539bc8a9299c409c0ef51a7c478529580d9e67c296f333410daec
    • Instruction ID: 4076b4b0526e66fcf7ffff4209c4027cfcfa6e7ce5e4b9887b41f35fb4ec6aab
    • Opcode Fuzzy Hash: 1f5587e6a1e539bc8a9299c409c0ef51a7c478529580d9e67c296f333410daec
    • Instruction Fuzzy Hash: 0F31AD71A08785D6E7249B15F45076BF7A1FB95788FA04135EA8C47BA8DB3CE089CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B7CB0 Relevance: 4.6, APIs: 3, Instructions: 140fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CloseFind$FileFirstHandle
    • String ID:
    • API String ID: 1310327803-0
    • Opcode ID: 80f011b68834025ddfa1f61b05ef0b423719805564b2731f054c41e10fb18034
    • Instruction ID: 70ae7c197f69f64a561b50b70a4e3f369693f8bdfee89cff26af714c35cd7104
    • Opcode Fuzzy Hash: 80f011b68834025ddfa1f61b05ef0b423719805564b2731f054c41e10fb18034
    • Instruction Fuzzy Hash: 6851A332A04A81D6E7789F65F8853F9B3A1FB46798F504136CE5D4ABA5CF3CA581C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B8150 Relevance: 4.6, APIs: 3, Instructions: 84filenativesynchronizationCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorFileObjectSingleStatusWaitWrite
    • String ID:
    • API String ID: 3447438843-0
    • Opcode ID: eb09fd271d010e560206acd353a80b97ef9794b1cf1333827320dc82e794b2ae
    • Instruction ID: ec6b27cc1fb955636af75e7213e6b569cab6317c2a848dd507325138160acd60
    • Opcode Fuzzy Hash: eb09fd271d010e560206acd353a80b97ef9794b1cf1333827320dc82e794b2ae
    • Instruction Fuzzy Hash: 91315232608BC5D6EB649B68F4503AAB3A5FB85794F908135E6DD43BA4DF3CD085CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C9260 Relevance: 4.6, Strings: 3, Instructions: 813COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID: .llvm./rust/deps\rustc-demangle-0.1.23\src\lib.rs$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`
    • API String ID: 0-487299250
    • Opcode ID: 81fc0bb4c3b1ff33ec179745e0f23ef89c81ce5d0feb31fe5fc3840f289c6949
    • Instruction ID: a8a2d31700700e3cd12048f4769825db32f00f05acdfd8876913061450c516fd
    • Opcode Fuzzy Hash: 81fc0bb4c3b1ff33ec179745e0f23ef89c81ce5d0feb31fe5fc3840f289c6949
    • Instruction Fuzzy Hash: 2A624862E1C5A1E1E61EAB18B4242BAE751BB437DCFD44132DA5E076E6DF3CD904CB20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C3CD0 Relevance: 2.0, Strings: 1, Instructions: 763COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID: called `Result::unwrap()` on an `Err` value
    • API String ID: 0-2333694755
    • Opcode ID: d68fad7b39bfdf4c578b6fb2b532da45912ff277e0d1555ae71e116505d6a641
    • Instruction ID: 34840434a089ca8e51d68b81fe96735fa365e26bbce4ddb03e6128839a44ece7
    • Opcode Fuzzy Hash: d68fad7b39bfdf4c578b6fb2b532da45912ff277e0d1555ae71e116505d6a641
    • Instruction Fuzzy Hash: 51524762E1C692E4EA6CAB1DB4053B9E751AB4379CFC44131DA9E06AF5DF3CE540CB20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1AC430 Relevance: 1.9, APIs: 1, Instructions: 398COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CommandLine
    • String ID:
    • API String ID: 3253501508-0
    • Opcode ID: 844decedbaa837878010cfaa839551df27b44ee64a0a4f3d49fa6c395bb9e05a
    • Instruction ID: 4c8bfe0f8b5d845be814f77ec877978f2b7fc2def78445cbe9a31227a324c1dc
    • Opcode Fuzzy Hash: 844decedbaa837878010cfaa839551df27b44ee64a0a4f3d49fa6c395bb9e05a
    • Instruction Fuzzy Hash: 1102CE62F04A41E5EB18AF69E8403BDA7A0FB1678CF808535DE5D57BA9DF38F1808350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1A69A0 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
    Download Yara Rule
    Strings
    • __rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...], xrefs: 00007FF76B1CC9F6
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID: __rust_begin_short_backtrace__rust_end_short_backtrace [... omitted frame ...]
    • API String ID: 0-995930526
    • Opcode ID: 24379d1c2ebbadc21cf1e8ca2c49d255fd141b423caa978de448b0efec41e044
    • Instruction ID: 4345cd35639afd7790d3043e12cd93f67a3c91f2bf9a18795ebbb08baddcdec9
    • Opcode Fuzzy Hash: 24379d1c2ebbadc21cf1e8ca2c49d255fd141b423caa978de448b0efec41e044
    • Instruction Fuzzy Hash: A5221A62B18696E1EA19972DB000BB9E751EB577C8FC04732EE8D12EA5DF3CE245C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B5810 Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 14ac4927e505c4f6aa781bd607a9469e5a821b8fbf5627c5552f9330d94c81d3
    • Instruction ID: 128586d9cc128fc4df797bb0f00a2b13b41977da7c542ad65715cde61f16ea7a
    • Opcode Fuzzy Hash: 14ac4927e505c4f6aa781bd607a9469e5a821b8fbf5627c5552f9330d94c81d3
    • Instruction Fuzzy Hash: CBE01211F4A51AE6ED4D675EBC50164B5945F89BA5ED44538CE0D86370EE7C58C34320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CD4A0 Relevance: .4, Instructions: 386COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 52843f1eca68d6a779899b64636ee7b6a2e58c99602275efc37fdde2f1557059
    • Instruction ID: 159255b6059f23b78d9e778882e1d4061609ff0abaf6d6ef46f98c5667b59ee6
    • Opcode Fuzzy Hash: 52843f1eca68d6a779899b64636ee7b6a2e58c99602275efc37fdde2f1557059
    • Instruction Fuzzy Hash: 3ED19E96E6CB9651F727533D64022B4E6105FA37E8B41D337FDA970BE1EB2CE2429210
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CDBA0 Relevance: .4, Instructions: 362COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 644e70d3fb7c65d9d407019c930283e087c5e7ee85078521807f28daf183145c
    • Instruction ID: a03e15d4d57a04a71750a88fd73c49ba4b2f6ec76b443822c5d1e48f6f7196eb
    • Opcode Fuzzy Hash: 644e70d3fb7c65d9d407019c930283e087c5e7ee85078521807f28daf183145c
    • Instruction Fuzzy Hash: E2C17F22B6C6A1E2FA58DB29B814BB9A651F712B98FC08630DD4E43BD0DF3CF5519710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B8DC0 Relevance: .4, Instructions: 360COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cd543841c77471fcb559c0387deec644fe0ff909e8754954326cc5700ac1e31d
    • Instruction ID: e17801bb08e797e4bee13ada8db1c34c4794260209bffc7120e997286ef45b01
    • Opcode Fuzzy Hash: cd543841c77471fcb559c0387deec644fe0ff909e8754954326cc5700ac1e31d
    • Instruction Fuzzy Hash: 4CD16B52D0C7D7E5FA69AA2CA8646B9F6819713BACFD44330CA6D171E1CB3C59839320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B5860 Relevance: .3, Instructions: 336COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 682fb22f5141cdb78e5009e42f6fc980a948712962f4942fa13b689a086268a7
    • Instruction ID: 6b049fff0b5d2b9171733dc8468a3b7b61e46cbd24a7e65f06c26d434fc7a46d
    • Opcode Fuzzy Hash: 682fb22f5141cdb78e5009e42f6fc980a948712962f4942fa13b689a086268a7
    • Instruction Fuzzy Hash: 3EC10752A1CA52E1FA6D5B2DF160239E652FF16798FD09132DB9F036F4EF6CE5408220
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CFD54 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9bc933b88206a89432bb9de169a6bf0952246a86e69e8a1840aadcb0ab781e13
    • Instruction ID: eb31900c27b8d76db4908c2f4a29ab2665235cfefb5886fda2daf19a322abf57
    • Opcode Fuzzy Hash: 9bc933b88206a89432bb9de169a6bf0952246a86e69e8a1840aadcb0ab781e13
    • Instruction Fuzzy Hash: BDA0022190CD46F4EA1CAB08F950035B334EB5330DBC10531C01D810709F7CA544C760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D105C Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 312COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: BlockFrameHandler3::Unwindterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStateabortstd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 9366333-393685449
    • Opcode ID: 4db23257a1ffe9602b1ae6b05eadb8d77a8eba41a8fa1286e9baab5ad55bcb10
    • Instruction ID: 4b858a9c63fa4cba7d9319f3ad4fef913b61c7d3a5fb391dcf532360788030f4
    • Opcode Fuzzy Hash: 4db23257a1ffe9602b1ae6b05eadb8d77a8eba41a8fa1286e9baab5ad55bcb10
    • Instruction Fuzzy Hash: 44D1B272A08752D6EB28AF69E4402ADB7A0FB4679CFD00235EE4D57B66CF38E151C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B71E0 Relevance: 16.8, APIs: 11, Instructions: 328COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Handle$ErrorLast$CloseCurrentDuplicateFileInformationProcess
    • String ID:
    • API String ID: 780345077-0
    • Opcode ID: fcdb98fa43bcfcaf4a7cf7f95531ab42402ee7eb9e775a187d3c7e4a74268bac
    • Instruction ID: fded00aa45a7f76587a22703aa8ee929bca1dcadf1473fe9c92e199996fcd75d
    • Opcode Fuzzy Hash: fcdb98fa43bcfcaf4a7cf7f95531ab42402ee7eb9e775a187d3c7e4a74268bac
    • Instruction Fuzzy Hash: 94D19062B04B41D9EB58AF29E8403AC6BA1FB4579CF944036EE4D57BA8DF3CE445C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1BF431 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 229COMMON
    Download Yara Rule
    APIs
    Strings
    • failed to spawn thread, xrefs: 00007FF76B1BF822
    • cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs, xrefs: 00007FF76B1BF8A0
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Handle$Close$CurrentDuplicateErrorLastProcess
    • String ID: cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs$failed to spawn thread
    • API String ID: 1869159801-1840047577
    • Opcode ID: 3768b047db84bf36f1a201df8fb6ffc46e238987e66d82805ec25a2eef6fbe95
    • Instruction ID: a4c3119c8ad90348c0782457abb15533214ec0eed36ee33ba76e7de8207eda77
    • Opcode Fuzzy Hash: 3768b047db84bf36f1a201df8fb6ffc46e238987e66d82805ec25a2eef6fbe95
    • Instruction Fuzzy Hash: 0CC19126908B81D9E709AF68E8403AD77A0FB4634CFD44139EA4C43BA5DF3CE084C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1CF410 Relevance: 12.2, APIs: 8, Instructions: 150COMMON
    Download Yara Rule
    APIs
    • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF54B
    • _set_fmode.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF557
    • __p__commode.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF563
    • _RTC_Initialize.LIBCMT ref: 00007FF76B1CF578
    • _configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF590
    • __setusermatherr.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF5AE
    • _configthreadlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF5C4
    • _initialize_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 00007FF76B1CF5D2
      • Part of subcall function 00007FF76B1CFBB0: IsProcessorFeaturePresent.KERNEL32 ref: 00007FF76B1CFBCC
      • Part of subcall function 00007FF76B1CFBB0: RtlCaptureContext.KERNEL32 ref: 00007FF76B1CFBF9
      • Part of subcall function 00007FF76B1CFBB0: RtlLookupFunctionEntry.KERNEL32 ref: 00007FF76B1CFC13
      • Part of subcall function 00007FF76B1CFBB0: RtlVirtualUnwind.KERNEL32 ref: 00007FF76B1CFC54
      • Part of subcall function 00007FF76B1CFBB0: IsDebuggerPresent.KERNEL32 ref: 00007FF76B1CFCA8
      • Part of subcall function 00007FF76B1CFBB0: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF76B1CFCC5
      • Part of subcall function 00007FF76B1CFBB0: UnhandledExceptionFilter.KERNEL32 ref: 00007FF76B1CFCD0
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionInitializeLookupProcessorUnwindVirtual__p__commode__setusermatherr_configthreadlocale_configure_narrow_argv_initialize_narrow_environment_set_app_type_set_fmode
    • String ID:
    • API String ID: 29627993-0
    • Opcode ID: 045e8b5eed07a9d748c48f644600d479bfe3312b0cd4c2ab463d0cfb90c6f4e9
    • Instruction ID: 49eefc284ec8c8ad85b584b6a27913923fe3ac6378587f42e7421fecb74ea88e
    • Opcode Fuzzy Hash: 045e8b5eed07a9d748c48f644600d479bfe3312b0cd4c2ab463d0cfb90c6f4e9
    • Instruction Fuzzy Hash: E2418091E1C146F2FA2C7BADB0556B8D3519F13788FC00131EA2D476E6DF1CA94A8A31
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B9280 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 451COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorLast$FullNamePath
    • String ID: \\?\\\?\UNC\
    • API String ID: 2482867836-3975371117
    • Opcode ID: 82e59c754d98a8ecbe457e8138b033daf94a3c10d81d4b27b5380f03cf14760e
    • Instruction ID: 46ad1bdecc9dbfb5c866b6a5ad81455086e8053878e7ad4ee3b53bccd6b65ab5
    • Opcode Fuzzy Hash: 82e59c754d98a8ecbe457e8138b033daf94a3c10d81d4b27b5380f03cf14760e
    • Instruction Fuzzy Hash: 8B12C762A08681E5EB78AF19E4543B8A354FB56BDCFD04135DA1C477E6DF38D6828320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B2AC0 Relevance: 10.6, APIs: 7, Instructions: 140fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CloseHandle$FileSleep$ErrorLastReadWrite
    • String ID:
    • API String ID: 4082512061-0
    • Opcode ID: 0c52dfe888c4c7a10e73f3b637704110da0204bb6e597128e2bf2fc60ffc9a92
    • Instruction ID: 9adb3c62dca16307a4114bb5f7db9625411c59ad2f129f8c1912a53807791e51
    • Opcode Fuzzy Hash: 0c52dfe888c4c7a10e73f3b637704110da0204bb6e597128e2bf2fc60ffc9a92
    • Instruction Fuzzy Hash: F8516122604AD6E4E735AF29EC007F96760FB4579CF844132ED5C07BA8CF78928AC350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D235C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF76B1D260E,?,?,?,00007FF76B1D2300,?,?,?,00007FF76B1D0899), ref: 00007FF76B1D23E1
    • GetLastError.KERNEL32(?,?,?,00007FF76B1D260E,?,?,?,00007FF76B1D2300,?,?,?,00007FF76B1D0899), ref: 00007FF76B1D23EF
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF76B1D260E,?,?,?,00007FF76B1D2300,?,?,?,00007FF76B1D0899), ref: 00007FF76B1D2419
    • FreeLibrary.KERNEL32(?,?,?,00007FF76B1D260E,?,?,?,00007FF76B1D2300,?,?,?,00007FF76B1D0899), ref: 00007FF76B1D2487
    • GetProcAddress.KERNEL32(?,?,?,00007FF76B1D260E,?,?,?,00007FF76B1D2300,?,?,?,00007FF76B1D0899), ref: 00007FF76B1D2493
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: cb260bd937c65e242a68903e736a124fea4f73a3765b753fa9b9c6204c1ec33f
    • Instruction ID: e1fe5e15beee4346ee9334b2b4904d1196d34c5f380b7b7c9aa06db23c469932
    • Opcode Fuzzy Hash: cb260bd937c65e242a68903e736a124fea4f73a3765b753fa9b9c6204c1ec33f
    • Instruction Fuzzy Hash: 3431C421B1AA42E1EE29EF0AF400575A394BF4ABA8FD90534DD2D477B4EF3CE4418360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B57B0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressProc$HandleModule
    • String ID: WaitOnAddress$WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
    • API String ID: 667068680-1826242509
    • Opcode ID: 27b1b8f2a122d04b867da6f154c84ee9e1ca1c9e4c0363349d757333e655d78d
    • Instruction ID: babf20d14651efe1fbe0f4bd5c830e449b8356a51c92bb72acbd6460cf9a9635
    • Opcode Fuzzy Hash: 27b1b8f2a122d04b867da6f154c84ee9e1ca1c9e4c0363349d757333e655d78d
    • Instruction Fuzzy Hash: F5F0FE10F0A607E2FD4DBB0AF994574B2A16F4AB98BD85535C94D06370EF3CA5468320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B6100 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CloseErrorHandleLast
    • String ID:
    • API String ID: 918212764-0
    • Opcode ID: 919eda4852ac05a2f183bfb42560dcb6aed247972bfc7f49e1ec108d0b900e36
    • Instruction ID: 57249e7609e438e2513e4527bc77e6cc37eb8ada55bacb2bce6f603f7f5246ec
    • Opcode Fuzzy Hash: 919eda4852ac05a2f183bfb42560dcb6aed247972bfc7f49e1ec108d0b900e36
    • Instruction Fuzzy Hash: 4561E62290C24AE2F778AB19B504B79FBA1AB67798F840170DD5E036E5CF3DE944C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D152C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CallEncodePointerTranslatorabort
    • String ID: MOC$RCC
    • API String ID: 292945357-2084237596
    • Opcode ID: ebac8a4507f754e44c2ea5af6660bb82e0796862396a14e6eee0b8d41a579373
    • Instruction ID: ebf362b0f9052cfdfcbcf12ca209e7357ebea92b77e6588b2be9c5c24ab9df23
    • Opcode Fuzzy Hash: ebac8a4507f754e44c2ea5af6660bb82e0796862396a14e6eee0b8d41a579373
    • Instruction Fuzzy Hash: D8619232908BC5D5EB649B19F4407AAF7A0FB86788F844225EB9D43B65DF7CE190CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D18DC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_recordabort
    • String ID: csm$csm
    • API String ID: 4198837600-3733052814
    • Opcode ID: 466989bb71a8ea23887ea4057c09fb05afca9bb959bcfb556cb456a0ad34e15e
    • Instruction ID: 2bae6164861b961d218a83a9c02a10f80db00a49602577ac6c2a14b3da7e6f96
    • Opcode Fuzzy Hash: 466989bb71a8ea23887ea4057c09fb05afca9bb959bcfb556cb456a0ad34e15e
    • Instruction Fuzzy Hash: 2C518332A08292D6EB7CAB19A544369B7A0FB42B8CFD44135DA9D47BE5CF3CE460C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B5E30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorFileFindLastNext
    • String ID: .
    • API String ID: 32741936-248832578
    • Opcode ID: 86a8e2d15f33eb580f2a18ae36d98b8a049f8e48fa8fdc23ee8cce633b930277
    • Instruction ID: 61fc5a51bf87ff0ad72d38e372c15c371f41b975854c88f637da60dbb2bb93c0
    • Opcode Fuzzy Hash: 86a8e2d15f33eb580f2a18ae36d98b8a049f8e48fa8fdc23ee8cce633b930277
    • Instruction Fuzzy Hash: 6241A122A18642E2FA78AB19F45037AF760FB46798F848135DF9D426E1EF3CE491C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C1230 Relevance: 7.8, APIs: 5, Instructions: 264COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorLast$FullNamePath
    • String ID:
    • API String ID: 2482867836-0
    • Opcode ID: 02a2b469bfe0cd203cb85d2176ac0b081d7d4556e7ff3479cda31afaea49fe2c
    • Instruction ID: 2e5cc634a714cfe0b265d0707455750743d36c967e208162cb83c6b32d23ff00
    • Opcode Fuzzy Hash: 02a2b469bfe0cd203cb85d2176ac0b081d7d4556e7ff3479cda31afaea49fe2c
    • Instruction Fuzzy Hash: B1B19E62A04BD2D5EB39AF29E8043E9A358FB06B9CF844131DE5D5B7A5CF3CD2518310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C1760 Relevance: 7.8, APIs: 5, Instructions: 262COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorLast$FullNamePath
    • String ID:
    • API String ID: 2482867836-0
    • Opcode ID: 7fe263e6b4eec2224ad380847dbf759fb68a03e07a408829a7520380af5b5c08
    • Instruction ID: 4b541e2ae20deff428dabb45373cd3704627938e8c0a0b036220463b30ccdfb5
    • Opcode Fuzzy Hash: 7fe263e6b4eec2224ad380847dbf759fb68a03e07a408829a7520380af5b5c08
    • Instruction Fuzzy Hash: F1B19062A04BD1D5E779AF29A8443E9A365FB06BDCF908031DE5C1B7A9DF3CD2518310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1AC060 Relevance: 7.7, APIs: 5, Instructions: 191COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorLast$EnvironmentVariable
    • String ID:
    • API String ID: 2691138088-0
    • Opcode ID: a538f91335d07f080f458b9ec3de09e658a5f90ec25ba0f97c1bc8fdf4e7dfff
    • Instruction ID: 32e7724cacb32ab899e2d4d6edec0e25885c624fd334784628d0a8830108bfaf
    • Opcode Fuzzy Hash: a538f91335d07f080f458b9ec3de09e658a5f90ec25ba0f97c1bc8fdf4e7dfff
    • Instruction Fuzzy Hash: DF81B462B04AC1D5EB79AF69BC043E9A354FB067ACF844135DE5C1BAA5DF38A2858310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B8B20 Relevance: 7.7, APIs: 5, Instructions: 155COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorLast$FileModuleName
    • String ID:
    • API String ID: 1026760046-0
    • Opcode ID: 35b729bc5b2faef23462f7f580b3249dfd3c2dee02791afbcd3fed5f6c4c9c37
    • Instruction ID: 994b73ccc45ddd89e1a246146664852d2b01f283a0d94542fad661ce3c3fc0f0
    • Opcode Fuzzy Hash: 35b729bc5b2faef23462f7f580b3249dfd3c2dee02791afbcd3fed5f6c4c9c37
    • Instruction Fuzzy Hash: DE51C152A05B82EAEB29AF29F8447E9A254BB06BACFC44531DD1C477E5DF3C92858210
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1ABDE0 Relevance: 7.7, APIs: 5, Instructions: 154COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorLast$CurrentDirectory
    • String ID:
    • API String ID: 3993060814-0
    • Opcode ID: c7e4a2eabca3ae27c6855f893a186cc77744f66eee6899f4d39c442f1123e74c
    • Instruction ID: 0c0410a65020bec15d1edb540686bcdd863c30f356a260ede8738fc1eedf3667
    • Opcode Fuzzy Hash: c7e4a2eabca3ae27c6855f893a186cc77744f66eee6899f4d39c442f1123e74c
    • Instruction Fuzzy Hash: 8951D412A04BC5E5EB39AF69B8447A9A254BB067ACFC44131DE5C46BE5DF3CE2848310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1BF342 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ErrorHandleLast$CurrentDuplicateProcess
    • String ID:
    • API String ID: 3697983210-0
    • Opcode ID: a6ad88a9eb947a9be9580e1552350e558f5ef02581152435a4b984705802f174
    • Instruction ID: 55ace1d39d812e90bfb8675ba9bc2cadf235f6d6a7c81910b426ad9f7cfa36b3
    • Opcode Fuzzy Hash: a6ad88a9eb947a9be9580e1552350e558f5ef02581152435a4b984705802f174
    • Instruction Fuzzy Hash: 4C115135A08745D6FB28AF68B4443A9B750FB0A7ACF840634D96E067E4DF7CE448C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D0678 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm
    • API String ID: 2395640692-1018135373
    • Opcode ID: 27591038149c9af5ffa8d572dab95272378691d4b3eec5ffb0208b8300f09546
    • Instruction ID: e9f9dc88809036add1774739d736a24b444d8333b111db81e08580f9514d5a16
    • Opcode Fuzzy Hash: 27591038149c9af5ffa8d572dab95272378691d4b3eec5ffb0208b8300f09546
    • Instruction Fuzzy Hash: C151C031B09602EADB18EB19F458A79B391EB41B8CFE18130DA8D47768DF7DE841CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B1EF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Strings
    • lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs, xrefs: 00007FF76B1B1F60
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ExclusiveLock$Release$Acquire
    • String ID: lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs
    • API String ID: 1021914862-2303981482
    • Opcode ID: 7fdfd6061eb74f23f46a935c5f81b3f65ee50a0c0bce0bc39f2a1b5c47bb8538
    • Instruction ID: b9d860adef9613f3e7284190140641423706da4e525f2c73320ec9bb105da2a1
    • Opcode Fuzzy Hash: 7fdfd6061eb74f23f46a935c5f81b3f65ee50a0c0bce0bc39f2a1b5c47bb8538
    • Instruction Fuzzy Hash: 99514F21E18A47E6FB59AB6CF8403B8B761AB5671CFC44235CA1D062B1DF7CA589C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C1E40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: NtWaitForKeyedEvent$ntdll
    • API String ID: 1646373207-2815205136
    • Opcode ID: 5605c037a7f1637b5a2055bd2c68ebdc6f6dc87fa6c6936eab38aba99def1047
    • Instruction ID: da73fc5505f54dab480760718ec0a82776a551f53751d7c51e585f73482cd883
    • Opcode Fuzzy Hash: 5605c037a7f1637b5a2055bd2c68ebdc6f6dc87fa6c6936eab38aba99def1047
    • Instruction Fuzzy Hash: 9A11D321F14B59E8EB08EB55F8906A8B364BB5A7A8FC44231DD5C03BB4EF3CA185C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C1D60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: NtReleaseKeyedEvent$ntdll
    • API String ID: 1646373207-31681898
    • Opcode ID: 66ca23fc0375b2fad908a5f4ee6f1490cd6860924373dda1255e45f67e84ed0b
    • Instruction ID: 15301406f67339e055e46606711fd422415d2bf3a429f9e42fa3c3fc6fd32b91
    • Opcode Fuzzy Hash: 66ca23fc0375b2fad908a5f4ee6f1490cd6860924373dda1255e45f67e84ed0b
    • Instruction Fuzzy Hash: DF11D321F18B15E8EB08EB55F8906A8B764BB5A7A8FC44231DD5C03BB0EF3CA195C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D09C4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: terminate
    • String ID: MOC$RCC$csm
    • API String ID: 1821763600-2671469338
    • Opcode ID: e49db6fce0e62a705b3c6109e8bff775fdd04af1617c30532567f6d03f532d2b
    • Instruction ID: 4ef6b96baf945e9ef51e999aaccf71d9efb2ae646b9bb3f10e7ef2de9de66857
    • Opcode Fuzzy Hash: e49db6fce0e62a705b3c6109e8bff775fdd04af1617c30532567f6d03f532d2b
    • Instruction Fuzzy Hash: 7DF08136908247D2EB2CBB18F15916CB360EB89748FD89131D7090767ACF3DE890C761
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C1D00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: NtCreateKeyedEvent$ntdll
    • API String ID: 1646373207-1373576770
    • Opcode ID: f7a5984812882c593a168cede2d152d5d06132866907aad3018c4feb248cb540
    • Instruction ID: 81d3e143a1cb2e770d1720489f5d084fd7e525dbabab1ba7e199eac20ae087a7
    • Opcode Fuzzy Hash: f7a5984812882c593a168cede2d152d5d06132866907aad3018c4feb248cb540
    • Instruction Fuzzy Hash: 1CF08260B0A655E1E919EB4ABC949B1A6506F5EBD9BC44835CD0D43770EE7CA4498310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1C1C90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressHandleModuleProc
    • String ID: SetThreadDescription$kernel32
    • API String ID: 1646373207-1950310818
    • Opcode ID: 9868180155e8931076107b8065a7bf8abff35a57433a7bc67fcd419b7df7e6bf
    • Instruction ID: 55c5273575d93b75b551622f2f3416d0524dcbb828a22b9c0909316bd1867f3a
    • Opcode Fuzzy Hash: 9868180155e8931076107b8065a7bf8abff35a57433a7bc67fcd419b7df7e6bf
    • Instruction Fuzzy Hash: 46E06D10B4AA12E2ED0DAB0ABCA4564B2906F4EBD8BC48135CC0D02371EF2CA8558320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1B7010 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
    Download Yara Rule
    APIs
    • GetFileInformationByHandleEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF76B1A22B9), ref: 00007FF76B1B708D
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF76B1A22B9), ref: 00007FF76B1B70A9
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF76B1A22B9), ref: 00007FF76B1B70BC
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF76B1A22B9), ref: 00007FF76B1B7132
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: Handle$Close$ErrorFileInformationLast
    • String ID:
    • API String ID: 4143594976-0
    • Opcode ID: 8a07d68d36f7574e3910cc60e3d45fc0ae667bce7b77ff743a67128da87d72e2
    • Instruction ID: 4afa139961dd234cefa29406d8305bfbd07d5870ae1b844b6a0ea5d98c90050c
    • Opcode Fuzzy Hash: 8a07d68d36f7574e3910cc60e3d45fc0ae667bce7b77ff743a67128da87d72e2
    • Instruction Fuzzy Hash: 8731B321F04656E8FB25AB69E8043FCA2B0AF5639CF940132CD1C12AF8DF38A585C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1ABAA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
    Download Yara Rule
    APIs
    Strings
    • use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 00007FF76B1ABBBC
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: AddressCloseHandleWait
    • String ID: use of std::thread::current() is not possible after the thread's local data has been destroyed
    • API String ID: 592885855-1431102515
    • Opcode ID: 491c28aeaf2714e82fc8cc9131e4b8f3fc4f5d8aa86424585c62a59521a3ce2e
    • Instruction ID: 1ab8df6176cfcbe23b61a93fbd918dd197602a252f9a81f1bf878406c8d47efe
    • Opcode Fuzzy Hash: 491c28aeaf2714e82fc8cc9131e4b8f3fc4f5d8aa86424585c62a59521a3ce2e
    • Instruction Fuzzy Hash: C9519222A14A55E4FB15AB69F8007AEB770BB46778FC44231DE6C13BE4DF38A545C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1D05D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
    Download Yara Rule
    APIs
    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF76B1C36CE), ref: 00007FF76B1D0620
    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF76B1C36CE), ref: 00007FF76B1D0661
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: 6a81bbdcec365e21280b58dc8c61b272a021d984169798c78d8d9c09953759dc
    • Instruction ID: 99dccde1f260a38134944092099d2bd9a251f673d4be07e52589836b43d0ac56
    • Opcode Fuzzy Hash: 6a81bbdcec365e21280b58dc8c61b272a021d984169798c78d8d9c09953759dc
    • Instruction Fuzzy Hash: 9A116D32608B8492EB659F19F414269B7E0FB89B98F984234EE8C07768DF3CD551CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF76B1A1080 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2090051465.00007FF76B1A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76B1A0000, based on PE: true
    • Associated: 00000000.00000002.2090036461.00007FF76B1A0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090081670.00007FF76B1D6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090101256.00007FF76B1E6000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2090115520.00007FF76B1E7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff76b1a0000_self_updater.jbxd
    Similarity
    • API ID: CloseHandle
    • String ID:
    • API String ID: 2962429428-0
    • Opcode ID: b0f6824349de5c88cb93edb3be6d05ecf4bebeffc60c20bc8f98a448d2f6a5a4
    • Instruction ID: d6ae547990999cb7ac063f582ae85527465c32c038040e4e995da10dac0bb067
    • Opcode Fuzzy Hash: b0f6824349de5c88cb93edb3be6d05ecf4bebeffc60c20bc8f98a448d2f6a5a4
    • Instruction Fuzzy Hash: 2911B026A04F15D9E7149B6AE84437C7770F79ABA8F804A21CE2E577F4CF38E891C210
    Uniqueness

    Uniqueness Score: -1.00%