Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Mol2sxTjLw.exe

Overview

General Information

Sample name:Mol2sxTjLw.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030
Analysis ID:1431956
MD5:f1f1e44ce2d94e04b8bcfd71e77f3e08
SHA1:878526629858534871c263cde4b97da4a9c5eb9a
SHA256:2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found direct / indirect Syscall (likely to bypass EDR)
Contains functionality to dynamically determine API calls
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (might use process or thread times for sandbox detection)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • Mol2sxTjLw.exe (PID: 3484 cmdline: "C:\Users\user\Desktop\Mol2sxTjLw.exe" MD5: F1F1E44CE2D94E04B8BCFD71E77F3E08)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Mol2sxTjLw.exeVirustotal: Detection: 7%Perma Link
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AB6270 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,_Init_thread_header,GetSystemTimeAsFileTime,GetCurrentProcessId,0_2_00007FF726AB6270
Source: Mol2sxTjLw.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: .d?.v {.xqTM.}W.G\p.DIim.pM].VF.jM.u m C[.k.vg KqvC&] y f.y?n9 gP.tW.sd er Q.WeP.XScA }.H?O.TJUtQN@x b.}S.q.oP.gh U+ D.h.{m) q.{TEI?GGF.pDbkr%. source: Mol2sxTjLw.exe, 00000000.00000000.1639430585.00007FF726D93000.00000002.00000001.01000000.00000003.sdmp, Mol2sxTjLw.exe, 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D9000 FindFirstFileExW,FindNextFileW,FindNextFileW,GetLastError,GetLastError,FindClose,_Init_thread_header,0_2_00007FF7269D9000
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AB5120 GetCommandLineW,FindFirstFileW,FindNextFileW,FindClose,_Init_thread_header,GetModuleFileNameW,GetLongPathNameW,GetLastError,_Init_thread_header,_Init_thread_header,_Init_thread_header,_Init_thread_header,0_2_00007FF726AB5120
Source: Mol2sxTjLw.exeString found in binary or memory: http://llvm.org/):
Source: Mol2sxTjLw.exeString found in binary or memory: https://github.com/llvm/llvm-project/issues/
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269354300_2_00007FF726935430
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72699B7D00_2_00007FF72699B7D0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269AEFD00_2_00007FF7269AEFD0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A31FC00_2_00007FF726A31FC0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72695C7D00_2_00007FF72695C7D0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269C97B00_2_00007FF7269C97B0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B48000_2_00007FF7269B4800
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D40100_2_00007FF7269D4010
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A8CFF00_2_00007FF726A8CFF0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269BAFE00_2_00007FF7269BAFE0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A33F900_2_00007FF726A33F90
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269470D00_2_00007FF7269470D0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269628D00_2_00007FF7269628D0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A8A0A00_2_00007FF726A8A0A0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AC39000_2_00007FF726AC3900
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A331000_2_00007FF726A33100
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72697C8F00_2_00007FF72697C8F0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AFE8500_2_00007FF726AFE850
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72695D0400_2_00007FF72695D040
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269460800_2_00007FF726946080
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A308800_2_00007FF726A30880
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72697D8700_2_00007FF72697D870
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B5DC00_2_00007FF7269B5DC0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726951DD00_2_00007FF726951DD0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A7C5F00_2_00007FF726A7C5F0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726988DF00_2_00007FF726988DF0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269BAFE00_2_00007FF7269BAFE0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72697D5500_2_00007FF72697D550
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726985D300_2_00007FF726985D30
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B3D800_2_00007FF7269B3D80
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269CD5700_2_00007FF7269CD570
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726946EB00_2_00007FF726946EB0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AFDEF00_2_00007FF726AFDEF0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72697CEF00_2_00007FF72697CEF0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726963E400_2_00007FF726963E40
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A726500_2_00007FF726A72650
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AAEE300_2_00007FF726AAEE30
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72695E6200_2_00007FF72695E620
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269A8E600_2_00007FF7269A8E60
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726962E600_2_00007FF726962E60
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726982E700_2_00007FF726982E70
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B73D00_2_00007FF7269B73D0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72695DBD00_2_00007FF72695DBD0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A30BB00_2_00007FF726A30BB0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72697CBB00_2_00007FF72697CBB0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269CCC000_2_00007FF7269CCC00
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AFEC100_2_00007FF726AFEC10
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A86C000_2_00007FF726A86C00
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D2BE00_2_00007FF7269D2BE0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A813500_2_00007FF726A81350
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B63800_2_00007FF7269B6380
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A8FB800_2_00007FF726A8FB80
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABEB600_2_00007FF726ABEB60
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269523700_2_00007FF726952370
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72694FCA00_2_00007FF72694FCA0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AB0D100_2_00007FF726AB0D10
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AAE4F00_2_00007FF726AAE4F0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726B14C900_2_00007FF726B14C90
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A324800_2_00007FF726A32480
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AB8C700_2_00007FF726AB8C70
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D39C00_2_00007FF7269D39C0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269801A00_2_00007FF7269801A0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269A99B00_2_00007FF7269A99B0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B62000_2_00007FF7269B6200
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726963A100_2_00007FF726963A10
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A911E00_2_00007FF726A911E0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72698F1500_2_00007FF72698F150
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AB51200_2_00007FF726AB5120
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A589200_2_00007FF726A58920
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D61800_2_00007FF7269D6180
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269469900_2_00007FF726946990
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A851700_2_00007FF726A85170
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF72697A1600_2_00007FF72697A160
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269C89700_2_00007FF7269C8970
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A32AC00_2_00007FF726A32AC0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269DB2A00_2_00007FF7269DB2A0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726B172A00_2_00007FF726B172A0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269AAB100_2_00007FF7269AAB10
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A95AF00_2_00007FF726A95AF0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269B1A200_2_00007FF7269B1A20
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A8C2200_2_00007FF726A8C220
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A7F2800_2_00007FF726A7F280
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABBA700_2_00007FF726ABBA70
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726964A600_2_00007FF726964A60
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726A72A700_2_00007FF726A72A70
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: String function: 00007FF7269CFF40 appears 48 times
Source: Mol2sxTjLw.exeBinary or memory string: llvm.ppc.altivec.vbpermd
Source: Mol2sxTjLw.exeBinary or memory string: llvm.s390.vbperm
Source: Mol2sxTjLw.exe, 00000000.00000000.1639430585.00007FF726D93000.00000002.00000001.01000000.00000003.sdmp, Mol2sxTjLw.exe, 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: P iiL-.M.r|.y.h.M.O1 OBui;V.VbP iVXniWGu.OREE q Cuup.y.R mfd u.B ty.D1
Source: Mol2sxTjLw.exeBinary or memory string: llvm.ppc.altivec.vbpermq
Source: classification engineClassification label: mal52.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AC0D00 GetLastError,FormatMessageA,LocalFree,0_2_00007FF726AC0D00
Source: Mol2sxTjLw.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Mol2sxTjLw.exeVirustotal: Detection: 7%
Source: Mol2sxTjLw.exeString found in binary or memory: --help
Source: Mol2sxTjLw.exeString found in binary or memory: --help
Source: Mol2sxTjLw.exeString found in binary or memory: -help
Source: Mol2sxTjLw.exeString found in binary or memory: -help
Source: Mol2sxTjLw.exeString found in binary or memory: --help'
Source: Mol2sxTjLw.exeString found in binary or memory: --help'
Source: Mol2sxTjLw.exeString found in binary or memory: --help
Source: Mol2sxTjLw.exeString found in binary or memory: --help
Source: Mol2sxTjLw.exeString found in binary or memory: <subcommand> --help" to get more help on a specific subcommand
Source: Mol2sxTjLw.exeString found in binary or memory: <subcommand> --help" to get more help on a specific subcommand
Source: Mol2sxTjLw.exeString found in binary or memory: --help'
Source: Mol2sxTjLw.exeString found in binary or memory: --help'
Source: Mol2sxTjLw.exeString found in binary or memory: --help'H
Source: Mol2sxTjLw.exeString found in binary or memory: --help'H
Source: Mol2sxTjLw.exeString found in binary or memory: --help
Source: Mol2sxTjLw.exeString found in binary or memory: --help
Source: Mol2sxTjLw.exeString found in binary or memory: cated.v2i64.v4i1cde.vcx1q.prediccde.vcx2q.predicrget-enforcementbranch-target-enn-return-addresssign-return-addrage Info SectionObjective-C Imagrbage CollectionObjective-C Garbectorizer.unrollf16.dpbf16ps.128avx512bf16.dpbf1f16.dpbf16ps.256f16.dpbf16ps.512cvtneps2bf16.256avx512bf16.cvtnecvtneps2bf16.512cvtneps2bf16.128avx512bf16.mask.vtne2ps2bf16.128vtne2ps2bf16.256vtne2ps2bf16.512.mask.cmp.pd.128.mask.cmp.pd.256.mask.cmp.pd.512.mask.cmp.ps.128.mask.cmp.ps.256.mask.cmp.ps.512512.mask.vfmadd.add.
Source: Mol2sxTjLw.exeString found in binary or memory: cated.v2i64.v4i1cde.vcx1q.prediccde.vcx2q.predicrget-enforcementbranch-target-enn-return-addresssign-return-addrage Info SectionObjective-C Imagrbage CollectionObjective-C Garbectorizer.unrollf16.dpbf16ps.128avx512bf16.dpbf1f16.dpbf16ps.256f16.dpbf16ps.512cvtneps2bf16.256avx512bf16.cvtnecvtneps2bf16.512cvtneps2bf16.128avx512bf16.mask.vtne2ps2bf16.128vtne2ps2bf16.256vtne2ps2bf16.512.mask.cmp.pd.128.mask.cmp.pd.256.mask.cmp.pd.512.mask.cmp.ps.128.mask.cmp.ps.256.mask.cmp.ps.512512.mask.vfmadd.add.sub.2.mask3.vfnmsub..mask.vfmaddsub.maskz.vfmaddsub.mask3.vfmaddsub.mask3.vfmsubadd.512.mask.pcmpeq.512.mask.pcmpgt.f.b.avx512.mask.pshuavx512.mask.cvtud2dq.256d2ps.256sk.vcvtph2ps.128sk.vcvtph2ps.256sk.cvttpd2dq.256avx512.mask.cvttsk.cvttps2dq.128sk.cvttps2dq.256var.mask.pmul.hr.sw.h.w.2.mask.pmulhu.w.2.mask.pmaddw.d.avx512.mask.pmadmask.pmaddubs.w.2.mask.packsswb.avx512.mask.pack2.mask.packssdw.2.mask.packuswb.2.mask.packusdw.bqmask.vpermilvar..d.q.wiv2.mask.dbpsadbw.avx512.mask.dbps512.mask.vpshld.512.mask.vpshrd.ldv.rdv.2.maskz.vpshldv.2.maskz.vpshrdv..pmultishift.qb.2.mask.conflict.avx512.mask.conf512.mask.storeu.avx512.mask.stor512.mask.store.pe.b.e.w.e.d.e.q.u.nd.bnd.wnd.dnd.qnd.p.mask.compress.b.mask.compress.w.mask.compress.d.mask.compress.q.mask.compress.p.broadcastf32x4..broadcastf64x2..broadcastf32x8..broadcastf64x4..broadcasti32x4..broadcasti64x2..broadcasti32x8..broadcasti64x4.v.avx512.mask.pavg
Source: Mol2sxTjLw.exeString found in binary or memory: --relative-address
Source: Mol2sxTjLw.exeString found in binary or memory: use-dbg-addr
Source: Mol2sxTjLw.exeString found in binary or memory: full-stop
Source: Mol2sxTjLw.exeString found in binary or memory: Alias for --help
Source: Mol2sxTjLw.exeString found in binary or memory: Alias for --help
Source: Mol2sxTjLw.exeString found in binary or memory: -help
Source: Mol2sxTjLw.exeString found in binary or memory: <subcommand> --help" to get more help on a specific subcommand
Source: Mol2sxTjLw.exeString found in binary or memory: <subcommand> --help" to get more help on a specific subcommand
Source: Mol2sxTjLw.exeString found in binary or memory: Display list of available options (--help-list-hidden for more)
Source: Mol2sxTjLw.exeString found in binary or memory: Display list of available options (--help-list-hidden for more)
Source: Mol2sxTjLw.exeString found in binary or memory: Display available options (--help-hidden for more)
Source: Mol2sxTjLw.exeString found in binary or memory: Display available options (--help-hidden for more)
Source: Mol2sxTjLw.exeString found in binary or memory: See each individual command --help for more details.
Source: Mol2sxTjLw.exeString found in binary or memory: See each individual command --help for more details.
Source: Mol2sxTjLw.exeString found in binary or memory: --help'
Source: Mol2sxTjLw.exeString found in binary or memory: --help'
Source: Mol2sxTjLw.exeString found in binary or memory: <command> -help
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeSection loaded: winhttp.dllJump to behavior
Source: Mol2sxTjLw.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Mol2sxTjLw.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Mol2sxTjLw.exeStatic file information: File size 5901312 > 1048576
Source: Mol2sxTjLw.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x37d200
Source: Mol2sxTjLw.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x141400
Source: Mol2sxTjLw.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: .d?.v {.xqTM.}W.G\p.DIim.pM].VF.jM.u m C[.k.vg KqvC&] y f.y?n9 gP.tW.sd er Q.WeP.XScA }.H?O.TJUtQN@x b.}S.q.oP.gh U+ D.h.{m) q.{TEI?GGF.pDbkr%. source: Mol2sxTjLw.exe, 00000000.00000000.1639430585.00007FF726D93000.00000002.00000001.01000000.00000003.sdmp, Mol2sxTjLw.exe, 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmp
Source: Mol2sxTjLw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Mol2sxTjLw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Mol2sxTjLw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Mol2sxTjLw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Mol2sxTjLw.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABA0F0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EnterCriticalSection,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,SetConsoleCtrlHandler,0_2_00007FF726ABA0F0
Source: Mol2sxTjLw.exeStatic PE information: section name: .00cfg
Source: Mol2sxTjLw.exeStatic PE information: section name: .voltbl
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABA0F0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EnterCriticalSection,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,SetConsoleCtrlHandler,0_2_00007FF726ABA0F0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABFDF0 WaitForSingleObject,TerminateProcess,WaitForSingleObject,CloseHandle,GetProcessTimes,K32GetProcessMemoryInfo,GetExitCodeProcess,GetLastError,CloseHandle,SetLastError,CloseHandle,0_2_00007FF726ABFDF0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeAPI coverage: 1.4 %
Source: C:\Users\user\Desktop\Mol2sxTjLw.exe TID: 5016Thread sleep time: -1000000s >= -30000sJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D9000 FindFirstFileExW,FindNextFileW,FindNextFileW,GetLastError,GetLastError,FindClose,_Init_thread_header,0_2_00007FF7269D9000
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726AB5120 GetCommandLineW,FindFirstFileW,FindNextFileW,FindClose,_Init_thread_header,GetModuleFileNameW,GetLongPathNameW,GetLastError,_Init_thread_header,_Init_thread_header,_Init_thread_header,_Init_thread_header,0_2_00007FF726AB5120
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF7269D8FC0 GetSystemInfo,0_2_00007FF7269D8FC0
Source: Mol2sxTjLw.exeBinary or memory string: IR.yd.l.dG P.jD.Jg2MJ oG D Il.GQEMU+.R`c.{0pnJC.u n d u U qo G w.f.
Source: Mol2sxTjLw.exeBinary or memory string: QEMU+.R`c.{0p
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABA0F0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EnterCriticalSection,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,SetConsoleCtrlHandler,0_2_00007FF726ABA0F0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726ABA0F0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EnterCriticalSection,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,SetConsoleCtrlHandler,0_2_00007FF726ABA0F0
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726CACD8C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF726CACD8C

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeNtClose: Indirect: 0x7FF726DB76F1
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeNtQuerySystemInformation: Indirect: 0x7FF726DB7825Jump to behavior
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeNtCreateThreadEx: Indirect: 0x7FF726DB7AA6Jump to behavior
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeNtQueueApcThread: Indirect: 0x7FF726DB78AAJump to behavior
Source: C:\Users\user\Desktop\Mol2sxTjLw.exeCode function: 0_2_00007FF726CAD868 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF726CAD868

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		2
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Abuse Elevation Control Mechanism		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials3
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Mol2sxTjLw.exe4%ReversingLabs
Mol2sxTjLw.exe7%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/llvm/llvm-project/issues/Mol2sxTjLw.exefalse
    		high
    http://llvm.org/):Mol2sxTjLw.exefalse
      		high

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1431956
      Start date and time:2024-04-26 04:06:16 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 3m 11s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:1
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:Mol2sxTjLw.exe
      (renamed file extension from none to exe, renamed because original name is a hash value)
      Original Sample Name:2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030
      Detection:MAL
      Classification:mal52.evad.winEXE@1/0@0/0
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:Failed
      Cookbook Comments:
      • Stop behavior analysis, all processes terminated

      Simulations

      Behavior and APIs

      TimeTypeDescription
      04:07:04API Interceptor1x Sleep call for process: Mol2sxTjLw.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32+ executable (GUI) x86-64, for MS Windows
      Entropy (8bit):6.535112381346819
      TrID:
      • Win64 Executable GUI (202006/5) 92.65%
      • Win64 Executable (generic) (12005/4) 5.51%
      • Generic Win/DOS Executable (2004/3) 0.92%
      • DOS Executable Generic (2002/1) 0.92%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:Mol2sxTjLw.exe
      File size:5'901'312 bytes
      MD5:f1f1e44ce2d94e04b8bcfd71e77f3e08
      SHA1:878526629858534871c263cde4b97da4a9c5eb9a
      SHA256:2ac6056ec233651a6d250a79e90067501fcb160d575451484da5e96f7c930030
      SHA512:748e33a5b8cb7aeb31e51a79c116fb78e8ce572f490ec0c93d00c8241060e6138a03da12ab0c2f3e03fefc9435a761e36996b6c42f3572ed4bebc809130456e3
      SSDEEP:49152:NvX/aPftKKrS0T4Ma/9rYzypYrBbXBzFOh3nf5X0R2VAbXBFibvV7pWS7l0k5to+:0PfAJG01a4p509hsmtUv2O
      TLSH:16567C0BF25A50EDC8ADC179631B6136E6797C8907317DEF5784AB212E22BE16F39700
      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....w.d..........".......7...........7........@..............................Z.......Z...`........................................

      File Icon

      Icon Hash:34f3d3d3d3d3c0d5

      Static PE Info

      General

      Entrypoint:0x14037d1e0
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x140000000
      Subsystem:windows gui
      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Time Stamp:0x648977D9 [Wed Jun 14 08:18:33 2023 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:6
      OS Version Minor:0
      File Version Major:6
      File Version Minor:0
      Subsystem Version Major:6
      Subsystem Version Minor:0
      Import Hash:b54b1ef811f6b0401efda3c7b931445c

      Entrypoint Preview

      Instruction
      dec eax
      sub esp, 28h
      call 00007F03607D2044h
      dec eax
      add esp, 28h
      jmp 00007F03607D1837h
      int3
      int3
      dec eax
      mov dword ptr [esp+08h], ebx
      push edi
      dec eax
      sub esp, 20h
      dec eax
      mov eax, dword ptr [000CFF43h]
      mov edi, 00000001h
      dec eax
      cmp eax, edi
      je 00007F03607D1A35h
      dec eax
      test eax, eax
      jne 00007F03607D1A2Bh
      dec eax
      lea ecx, dword ptr [000C168Dh]
      call dword ptr [000C24CFh]
      dec eax
      mov ebx, eax
      dec eax
      test eax, eax
      jne 00007F03607D19C7h
      dec eax
      mov ebx, edi
      jmp 00007F03607D19FAh
      dec eax
      lea edx, dword ptr [000C15FBh]
      dec eax
      mov ecx, ebx
      call dword ptr [000C24C2h]
      dec eax
      test eax, eax
      je 00007F03607D19A8h
      dec eax
      lea edx, dword ptr [000C15CEh]
      dec eax
      mov dword ptr [000CFEFFh], eax
      dec eax
      mov ecx, ebx
      call dword ptr [000C24A6h]
      dec eax
      test eax, eax
      je 00007F03607D198Ch
      dec eax
      mov dword ptr [000CFEF2h], eax
      xor eax, eax
      dec eax
      cmpxchg dword ptr [000CFED7h], ebx
      jne 00007F03607D19C7h
      dec eax
      cmp ebx, edi
      je 00007F03607D19CCh
      dec eax
      cmp eax, edi
      je 00007F03607D19C7h
      inc eax
      mov al, bh
      jmp 00007F03607D19C4h
      xor al, al
      dec eax
      mov ebx, dword ptr [esp+30h]
      dec eax
      add esp, 20h
      pop edi
      ret
      int3
      dec eax
      mov dword ptr [esp+08h], ebx
      dec eax
      mov dword ptr [esp+10h], esi
      dec eax
      mov dword ptr [esp+18h], edi
      dec esp
      arpl word ptr [FFC82D96h], ax
      dec eax

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x43eb2e0x12c.rdata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4630000x1e768.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x44e0000x1104c.pdata
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a50000x8f58.reloc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x3c2b180x28.rdata
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3c29d00x138.rdata
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x43f4280x7c8.rdata
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x43ea700x60.rdata
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x37d0740x37d2007f1c88e32eb19c02d56e14e64749cfdeunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0x37f0000xc51940xc520057bc3f135ebadf0bab01caea9d15d9d6False0.2477533489220038data5.685241725640412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0x4450000x81b00x28002de76f79725762a8261d83c49a27e17dFalse0.21640625DIY-Thermocam raw data (Lepton 2.x), scale -8169-14400, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 0.0130774.438603483086372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .pdata0x44e0000x1104c0x11200ce94da9e35ab152f5a868b5d1184a5b0False0.5118470574817519data6.0165755401348475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .00cfg0x4600000x280x20061b26ac82f5ef59e2f85a690ab847e8bFalse0.056640625data0.38705962180443587IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .tls0x4610000x210x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .voltbl0x4620000x1c0x20023f0a60c1fae6a32fd2809c95392fbdfFalse0.080078125data0.48861744622245973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .rsrc0x4630000x1413000x1414006fcd83c3bb1d66a802525b568a2a8efeFalse0.6834417558365758data5.710708507362896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .reloc0x5a50000x8f580x90001e13149911cc83d93f1fac6aec76bebbFalse0.07294379340277778data5.436495275113697IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountryZLIB Complexity
      RT_ICON0x4630a00x1e6b3PNG image data, 4096 x 4096, 8-bit/color RGBA, non-interlacedEnglishUnited States0.46371042176652355
      RT_GROUP_ICON0x4817540x14dataEnglishUnited States1.1

      Imports

      DLLImport
      KERNEL32.dllAcquireSRWLockExclusive, AcquireSRWLockShared, AssignProcessToJobObject, CloseHandle, CreateDirectoryW, CreateEventW, CreateFileMappingW, CreateFileW, CreateJobObjectW, CreateProcessW, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FindFirstFileW, FindNextFileW, FlushFileBuffers, FormatMessageA, FreeLibrary, GetCommandLineW, GetConsoleMode, GetConsoleScreenBufferInfo, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDriveTypeW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileType, GetFinalPathNameByHandleW, GetLastError, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleW, GetNativeSystemInfo, GetProcAddress, GetProcessAffinityMask, GetProcessGroupAffinity, GetProcessTimes, GetStdHandle, GetSystemInfo, GetSystemTime, GetSystemTimeAsFileTime, GetVolumePathNameW, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, K32GetProcessMemoryInfo, LeaveCriticalSection, LoadLibraryExA, LoadLibraryW, LocalFree, MapViewOfFile, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SearchPathW, SetConsoleCtrlHandler, SetConsoleTextAttribute, SetCurrentDirectoryW, SetErrorMode, SetEvent, SetFileTime, SetInformationJobObject, SetLastError, SetProcessAffinityMask, SetThreadGroupAffinity, SetUnhandledExceptionFilter, SystemTimeToFileTime, TerminateProcess, UnhandledExceptionFilter, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteConsoleW
      ADVAPI32.dllCryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RegCloseKey, RegGetValueW, RegOpenKeyExA

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      No network behavior found

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:04:07:03
      Start date:26/04/2024
      Path:C:\Users\user\Desktop\Mol2sxTjLw.exe
      Wow64 process (32bit):false
      Commandline:"C:\Users\user\Desktop\Mol2sxTjLw.exe"
      Imagebase:0x7ff726930000
      File size:5'901'312 bytes
      MD5 hash:F1F1E44CE2D94E04B8BCFD71E77F3E08
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Disassembly

      Reset < >

        Execution Graph

        Execution Coverage:0.5%
        Dynamic/Decrypted Code Coverage:0%
        Signature Coverage:46.3%
        Total number of Nodes:54
        Total number of Limit Nodes:4
        execution_graph 31682 7ff726932039 8 API calls 31647 7ff7269cd1c0 41 API calls 31683 7ff726958d40 18 API calls 31688 7ff726aba340 140 API calls 31651 7ff726cad1e0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter __security_init_cookie 31689 7ff7269cc650 33 API calls 31691 7ff726931050 21 API calls 31654 7ff726abb9b0 10 API calls 31657 7ff72694fca0 73 API calls _Init_thread_header 31695 7ff726951020 72 API calls _Init_thread_header 31658 7ff7269dafb0 13 API calls 31698 7ff7269d5930 52 API calls 31607 7ff726935430 31608 7ff726935485 31607->31608 31631 7ff726945300 31608->31631 31610 7ff726935549 31611 7ff7269c7000 70 API calls 31610->31611 31612 7ff726935595 31611->31612 31613 7ff7269d44d0 8 API calls 31612->31613 31614 7ff7269355c7 31613->31614 31615 7ff7269356a2 31614->31615 31617 7ff7269355d2 31614->31617 31616 7ff7269d15a0 20 API calls 31615->31616 31618 7ff7269356a7 31616->31618 31622 7ff726935620 31617->31622 31625 7ff726935736 31617->31625 31619 7ff7269d15a0 20 API calls 31618->31619 31619->31625 31620 7ff72693581d 31621 7ff7269d15a0 20 API calls 31620->31621 31630 7ff72693566a 31621->31630 31622->31620 31624 7ff726935665 31622->31624 31623 7ff726cac390 8 API calls 31626 7ff726935b9c 31623->31626 31627 7ff7269d15a0 20 API calls 31624->31627 31625->31623 31628 7ff72693568b 31625->31628 31627->31630 31629 7ff726935e33 VirtualProtect 31629->31628 31630->31628 31630->31629 31642 7ff7269ce250 20 API calls 31631->31642 31633 7ff726945315 31638 7ff726945321 31633->31638 31643 7ff7269d15a0 20 API calls _Init_thread_header 31633->31643 31636 7ff726945371 31645 7ff7269cdbd0 8 API calls 31636->31645 31644 7ff7269d15a0 20 API calls _Init_thread_header 31638->31644 31639 7ff72694537f 31646 7ff7269ce530 20 API calls 31639->31646 31641 7ff7269453c3 31642->31633 31643->31638 31644->31636 31645->31639 31646->31641 31660 7ff726954cb0 9 API calls 31662 7ff7269a4d00 43 API calls _Init_thread_header 31710 7ff72693248a 17 API calls 31712 7ff7269bc790 33 API calls 31715 7ff72694c690 20 API calls 31719 7ff726abba70 25 API calls 31721 7ff726957f60 71 API calls 31675 7ff7269ba2f0 21 API calls _Init_thread_header

        Executed Functions

        Function 00007FF726935430 Relevance: 28.7, APIs: 1, Strings: 15, Instructions: 659memoryCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 0 7ff726935430-7ff726935483 1 7ff72693548f-7ff7269354a9 call 7ff726cadd90 0->1 2 7ff726935485-7ff726935488 0->2 10 7ff72693550e-7ff7269355a5 call 7ff726945300 call 7ff7269c7000 1->10 4 7ff72693548a call 7ff726945790 2->4 5 7ff7269354ab-7ff7269354c7 2->5 4->1 7 7ff7269354c9-7ff7269354de call 7ff726cac038 5->7 8 7ff7269354e0-7ff7269354e9 call 7ff726cac038 5->8 15 7ff7269354ec-7ff726935509 call 7ff726cadd80 7->15 8->15 23 7ff7269355a7-7ff7269355ac call 7ff726cadfa0 10->23 24 7ff7269355ae 10->24 15->10 26 7ff7269355b0-7ff7269355cc call 7ff7269d44d0 23->26 24->26 30 7ff7269356a2-7ff7269356c2 call 7ff7269d15a0 26->30 31 7ff7269355d2-7ff7269355ec call 7ff726cadf90 26->31 36 7ff7269356d8-7ff7269356db 30->36 37 7ff7269356c4-7ff7269356d6 call 7ff7269cff40 30->37 38 7ff72693580b-7ff726935812 31->38 39 7ff7269355f2-7ff726935603 call 7ff726cadf90 31->39 42 7ff7269356dd-7ff7269356ed call 7ff726cadd80 36->42 43 7ff7269356f0-7ff7269356fb 36->43 37->43 41 7ff726935862-7ff72693586a 38->41 52 7ff726935609-7ff72693561a call 7ff726cadf90 39->52 53 7ff726935814-7ff72693581b 39->53 46 7ff7269358cd-7ff7269358ed 41->46 47 7ff72693586c-7ff72693588c 41->47 42->43 50 7ff7269356fd-7ff726935712 call 7ff7269cff40 43->50 51 7ff726935714-7ff72693572c 43->51 57 7ff72693593a-7ff726935947 46->57 54 7ff72693588e-7ff726935891 47->54 55 7ff7269358ef-7ff726935909 call 7ff726cadd90 47->55 56 7ff726935731-7ff726935748 call 7ff7269d15a0 50->56 51->56 78 7ff72693585b 52->78 79 7ff726935620-7ff726935631 call 7ff726cadf90 52->79 53->41 64 7ff726935897-7ff7269358b3 54->64 65 7ff726935e8b-7ff726935e8e 54->65 55->57 82 7ff72693574a-7ff726935766 call 7ff7269cff40 56->82 83 7ff726935768-7ff72693577d 56->83 62 7ff726935949-7ff726935968 call 7ff726954430 57->62 63 7ff72693596a-7ff72693597f 57->63 85 7ff72693598d-7ff7269359d8 call 7ff726cadfa0 62->85 73 7ff726935981 63->73 74 7ff726935986 63->74 70 7ff72693590b-7ff726935915 call 7ff726cac038 64->70 71 7ff7269358b5-7ff7269358cb call 7ff726cac038 64->71 75 7ff726935e59-7ff726935e84 65->75 76 7ff726935e90-7ff726935ee0 65->76 95 7ff726935918-7ff726935935 call 7ff726cadd80 70->95 71->95 73->74 74->85 84 7ff726935e85-7ff726935e8a 75->84 78->41 100 7ff726935637-7ff726935648 call 7ff726cadf90 79->100 101 7ff72693581d-7ff726935834 call 7ff7269d15a0 79->101 90 7ff726935781-7ff726935795 82->90 83->90 84->65 103 7ff7269359da-7ff7269359f5 call 7ff726954430 85->103 104 7ff7269359f7-7ff726935a14 85->104 97 7ff726935797-7ff7269357a9 call 7ff7269cff40 90->97 98 7ff7269357ab-7ff7269357ae 90->98 95->57 106 7ff7269357c3-7ff7269357ce 97->106 105 7ff7269357b0-7ff7269357c0 call 7ff726cadd80 98->105 98->106 100->101 128 7ff72693564e-7ff72693565f call 7ff726cadf90 100->128 129 7ff72693583a-7ff726935856 call 7ff7269cff40 101->129 130 7ff726935baf-7ff726935bd3 101->130 131 7ff726935a31-7ff726935a67 103->131 115 7ff726935a1e-7ff726935a2c call 7ff726cadd90 104->115 116 7ff726935a16 104->116 105->106 109 7ff7269357e7-7ff7269357fc 106->109 110 7ff7269357d0-7ff7269357e5 call 7ff7269cff40 106->110 121 7ff726935801-7ff726935806 109->121 110->121 115->131 116->115 127 7ff726935b7f-7ff726935bae call 7ff7269c7590 call 7ff726cac390 121->127 128->101 156 7ff726935665-7ff726935685 call 7ff7269d15a0 128->156 132 7ff726935bd7-7ff726935be2 129->132 130->132 133 7ff726935a69-7ff726935a7c 131->133 134 7ff726935aa2-7ff726935acb 131->134 138 7ff726935c02-7ff726935c17 132->138 139 7ff726935be4-7ff726935c00 call 7ff7269cff40 132->139 140 7ff726935a9d call 7ff726cac07c 133->140 141 7ff726935a7e-7ff726935a8d 133->141 142 7ff726935acd-7ff726935add 134->142 143 7ff726935b03-7ff726935b0c 134->143 150 7ff726935c1b-7ff726935c2f 138->150 139->150 140->134 141->84 151 7ff726935a93-7ff726935a9a 141->151 153 7ff726935afe call 7ff726cac07c 142->153 154 7ff726935adf-7ff726935aee 142->154 147 7ff726935b18 143->147 148 7ff726935b0e-7ff726935b16 143->148 157 7ff726935b20-7ff726935b44 147->157 148->157 159 7ff726935c31-7ff726935c43 call 7ff7269cff40 150->159 160 7ff726935c45-7ff726935c48 150->160 151->140 153->143 154->84 161 7ff726935af4-7ff726935afb 154->161 169 7ff72693568b-7ff72693569d call 7ff7269cff40 156->169 170 7ff726935e33-7ff726935e4a VirtualProtect 156->170 157->127 179 7ff726935b46-7ff726935b59 157->179 167 7ff726935c5d-7ff726935c68 159->167 166 7ff726935c4a-7ff726935c5a call 7ff726cadd80 160->166 160->167 161->153 166->167 174 7ff726935c6a-7ff726935c86 call 7ff7269cff40 167->174 175 7ff726935c88-7ff726935ca8 167->175 178 7ff726935e4b-7ff726935e56 169->178 170->178 177 7ff726935cac-7ff726935cb7 174->177 175->177 184 7ff726935cb9-7ff726935cd5 call 7ff7269cff40 177->184 185 7ff726935cd7-7ff726935cec 177->185 178->75 186 7ff726935b7a call 7ff726cac07c 179->186 187 7ff726935b5b-7ff726935b6a 179->187 189 7ff726935cf0-7ff726935d04 184->189 185->189 186->127 187->84 190 7ff726935b70-7ff726935b77 187->190 193 7ff726935d1a-7ff726935d1d 189->193 194 7ff726935d06-7ff726935d18 call 7ff7269cff40 189->194 190->186 196 7ff726935d32-7ff726935d3d 193->196 197 7ff726935d1f-7ff726935d2f call 7ff726cadd80 193->197 194->196 198 7ff726935d5d-7ff726935e30 196->198 199 7ff726935d3f-7ff726935d58 196->199 197->196 198->170 199->198
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: ProtectVirtual
        • String ID: <command> [args...]$ <merge|show|overlap> [args...]$--help$-help$6}h$: No command specified!$GE: $OVERVIEW: LLVM profile data tools$USAGE: $cified!$ls$merge$overlap$rgs...]$show
        • API String ID: 544645111-1968154355
        • Opcode ID: 237a9df9ace36cb324f413c71c3cbef107e073be6914d4ae12211dafabbbf0b7
        • Instruction ID: 3d7423ef41a5c3e8834ebd6cdc39eed99620ec2e541dd2c62c8d62ad2786cc02
        • Opcode Fuzzy Hash: 237a9df9ace36cb324f413c71c3cbef107e073be6914d4ae12211dafabbbf0b7
        • Instruction Fuzzy Hash: 9F52C662B1878582EA20AB25ED443BFA761FB89BD4F804136DE8D47B95DF3CE451CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Function 00007FF726A30BB0 Relevance: 118.3, Strings: 94, Instructions: 754COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: %$4$aarc$agon$amdg$amdi$amdi$arm6$arme$ch64$cv32$cv64$hexa$hsai$hsai$i386$i486$i586$i686$il64$imba$kali$le32$le64$loongarc$m68k$mbeb$mips$mips64$mips64eb$mips64el$mips64r6$mips64r6el$mipsallegrex$mipsallegrexel$mipseb$mipsel$mipsisa32r6$mipsisa32r6el$mipsisa64r6$mipsisa64r6el$mipsn32$mipsn32el$mipsn32r6$mipsn32r6el$mipsr6$mipsr6el$msp4$ngarch32$ngarch64$nvpt$nvpt$powerpc$powerpcspe$ppc$ppc32$r600$rc64$rcel$rcv9$rendersc$risc$rv32$rv64$s390$script32$script64$spar$spar$spar$spir$spir$spir$spir$spirv32v1.0$spirv32v1.1$spirv32v1.2$spirv32v1.3$spirv32v1.4$spirv32v1.5$spirv64v1.0$spirv64v1.1$spirv64v1.2$spirv64v1.3$spirv64v1.4$spirv64v1.5$syst$tcel$temz$thum$thum$thum$tx64$xcor
        • API String ID: 0-2280737712
        • Opcode ID: 0ccceccd13d77beb86a0183e031d424eba6a83f58cf04197a4ccc01a6963f241
        • Instruction ID: 790478d7f16849babf900fe65a5d65eb174f4cf870703223665d8e6b26db2df4
        • Opcode Fuzzy Hash: 0ccceccd13d77beb86a0183e031d424eba6a83f58cf04197a4ccc01a6963f241
        • Instruction Fuzzy Hash: E3827C72608AC681EB70DB14EC50BABB7B0F789784F909136CA8D47A94DF7DD924CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABEB60 Relevance: 81.4, APIs: 30, Strings: 16, Instructions: 894COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: ErrorLast$AttributesFileFormatInit_thread_headerMessage
        • String ID: ($,$.exe$/$/$@$Couldn't execute program '$Unable to set memory limit$can't dup stderr to stdout$can't redirect stderr$can't redirect stdin$can't redirect stdout$ecutable$h$o UTF-16$program not executable
        • API String ID: 1355836787-947015913
        • Opcode ID: 3db701f36fe53e6491a9c10759a049aa5c070e142b4331107db988afbb280b63
        • Instruction ID: 5fe812a4bbb76ff9fea4e7948a7f78b0152032ac4b8f50a61b65ccaeb085d721
        • Opcode Fuzzy Hash: 3db701f36fe53e6491a9c10759a049aa5c070e142b4331107db988afbb280b63
        • Instruction Fuzzy Hash: EEA29D32A08AC581EA30AB15EC583AFE361FB95794F844236CA9D07BD9DF7CD485CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A32AC0 Relevance: 59.1, Strings: 47, Instructions: 364COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 642 7ff726a32ac0-7ff726a32ad9 643 7ff726a32adb-7ff726a32adf 642->643 644 7ff726a32af3-7ff726a32b0b 642->644 645 7ff726a32b0d-7ff726a32b13 643->645 647 7ff726a32ae1-7ff726a32ae5 643->647 644->645 646 7ff726a32b3e-7ff726a32b42 644->646 648 7ff726a32b35-7ff726a32b39 645->648 649 7ff726a32b15-7ff726a32b19 645->649 650 7ff726a330e9 646->650 651 7ff726a32aeb-7ff726a32aee 647->651 652 7ff726a32c91-7ff726a32ca9 647->652 648->650 654 7ff726a32b47-7ff726a32b60 649->654 655 7ff726a32b1b-7ff726a32b1f 649->655 653 7ff726a330ec-7ff726a330fd 650->653 651->653 656 7ff726a32caf-7ff726a32cb3 652->656 657 7ff726a33006-7ff726a3300a 652->657 660 7ff726a3300f-7ff726a33012 654->660 661 7ff726a32b66-7ff726a32b73 654->661 658 7ff726a32b9d-7ff726a32ba1 655->658 659 7ff726a32b21-7ff726a32b2e 655->659 662 7ff726a32cd1-7ff726a32cd5 656->662 663 7ff726a32cb5-7ff726a32ccb 656->663 657->650 665 7ff726a32ba3-7ff726a32bb9 658->665 667 7ff726a32bbf-7ff726a32bc3 658->667 664 7ff726a32b30 659->664 659->665 660->650 661->650 666 7ff726a32b79-7ff726a32b92 661->666 669 7ff726a32cf9-7ff726a32cfd 662->669 670 7ff726a32cd7-7ff726a32cf3 662->670 663->662 668 7ff726a33031-7ff726a33035 663->668 664->650 665->667 674 7ff726a33017-7ff726a3301a 665->674 666->665 673 7ff726a32b94-7ff726a32b98 666->673 675 7ff726a32bd0-7ff726a32beb 667->675 676 7ff726a32bc5-7ff726a32bc9 667->676 668->650 671 7ff726a32d12-7ff726a32d16 669->671 672 7ff726a32cff-7ff726a32d0c 669->672 670->669 677 7ff726a3303a-7ff726a3303e 670->677 681 7ff726a32d18-7ff726a32d2e 671->681 682 7ff726a32d34-7ff726a32d38 671->682 672->671 680 7ff726a3304c-7ff726a33050 672->680 673->650 674->650 683 7ff726a32bf1-7ff726a32c03 675->683 684 7ff726a3301f-7ff726a33023 675->684 678 7ff726a32c09-7ff726a32c1e 676->678 679 7ff726a32bcb 676->679 677->650 687 7ff726a33028-7ff726a3302c 678->687 688 7ff726a32c24-7ff726a32c28 678->688 679->652 680->650 681->682 685 7ff726a33055-7ff726a33059 681->685 689 7ff726a32d3a-7ff726a32d40 682->689 690 7ff726a32d52-7ff726a32d56 682->690 683->678 686 7ff726a33043-7ff726a33047 683->686 684->650 685->650 686->650 687->650 691 7ff726a32c2a-7ff726a32c42 688->691 692 7ff726a32c48-7ff726a32c4c 688->692 693 7ff726a3305e-7ff726a33062 689->693 694 7ff726a32d46-7ff726a32d4c 689->694 695 7ff726a32d58-7ff726a32d6e 690->695 696 7ff726a32d74-7ff726a32d78 690->696 691->692 697 7ff726a33067-7ff726a3306b 691->697 699 7ff726a32c6d-7ff726a32c71 692->699 700 7ff726a32c4e-7ff726a32c67 692->700 693->650 694->690 698 7ff726a33073-7ff726a33077 694->698 695->696 701 7ff726a3306d-7ff726a33071 695->701 702 7ff726a32d7a-7ff726a32d92 696->702 703 7ff726a32d98-7ff726a32d9c 696->703 697->650 698->650 699->652 705 7ff726a32c73-7ff726a32c8b 699->705 700->699 704 7ff726a33079-7ff726a3307d 700->704 701->650 702->703 706 7ff726a3307f-7ff726a33083 702->706 707 7ff726a32dba-7ff726a32dbe 703->707 708 7ff726a32d9e-7ff726a32db4 703->708 704->650 705->652 709 7ff726a33085-7ff726a33089 705->709 706->650 711 7ff726a32ddf-7ff726a32de3 707->711 712 7ff726a32dc0-7ff726a32dd9 707->712 708->707 710 7ff726a3308b-7ff726a3308f 708->710 709->650 710->650 714 7ff726a32de5-7ff726a32dfd 711->714 715 7ff726a32e03-7ff726a32e07 711->715 712->711 713 7ff726a33091-7ff726a33095 712->713 713->650 714->715 716 7ff726a33097-7ff726a3309b 714->716 717 7ff726a32e09-7ff726a32e1e 715->717 718 7ff726a32e24-7ff726a32e28 715->718 716->650 717->718 719 7ff726a3309d-7ff726a330a1 717->719 720 7ff726a32e2a-7ff726a32e42 718->720 721 7ff726a32e48-7ff726a32e4c 718->721 719->650 720->721 722 7ff726a330a3-7ff726a330a7 720->722 723 7ff726a32e4e-7ff726a32e5b 721->723 724 7ff726a32e61-7ff726a32e65 721->724 722->650 723->724 725 7ff726a330a9-7ff726a330ad 723->725 726 7ff726a32e67-7ff726a32e6d 724->726 727 7ff726a32e9d-7ff726a32ea1 724->727 725->650 728 7ff726a330af-7ff726a330b3 726->728 729 7ff726a32e73-7ff726a32e7a 726->729 730 7ff726a32edb-7ff726a32edf 727->730 731 7ff726a32ea3-7ff726a32eb9 727->731 728->650 729->727 732 7ff726a32e7c-7ff726a32e94 729->732 735 7ff726a32f0c-7ff726a32f10 730->735 736 7ff726a32ee1-7ff726a32f06 730->736 733 7ff726a32ebf-7ff726a32ed5 731->733 734 7ff726a330b5-7ff726a330b9 731->734 740 7ff726a32e9a 732->740 741 7ff726a330d3-7ff726a330d7 732->741 733->730 742 7ff726a330c1-7ff726a330c5 733->742 734->650 738 7ff726a32f12-7ff726a32f2d 735->738 739 7ff726a32f33-7ff726a32f36 735->739 736->735 737 7ff726a330bb-7ff726a330bf 736->737 737->650 738->739 743 7ff726a330c7-7ff726a330cb 738->743 744 7ff726a32f38-7ff726a32f50 739->744 745 7ff726a32f56-7ff726a32f5a 739->745 740->727 741->650 742->650 743->650 744->745 746 7ff726a330cd-7ff726a330d1 744->746 747 7ff726a32f7e-7ff726a32f82 745->747 748 7ff726a32f5c-7ff726a32f78 745->748 746->650 747->651 750 7ff726a32f88-7ff726a32f8e 747->750 748->747 749 7ff726a330d9-7ff726a330dd 748->749 749->650 751 7ff726a330df-7ff726a330e3 750->751 752 7ff726a32f94-7ff726a32f98 750->752 751->650 753 7ff726a32f9a-7ff726a32fa7 752->753 754 7ff726a32fad-7ff726a32fb1 752->754 753->754 755 7ff726a330e5 753->755 754->651 756 7ff726a32fb7-7ff726a32fc8 754->756 755->650 756->653 757 7ff726a32fce-7ff726a32fd2 756->757 757->653 758 7ff726a32fd8-7ff726a33001 757->758 758->653
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: amplific$andr$anyh$callable$closesth$code$comp$core$cygn$doma$eabi$eabi$eabi$eclr$fication$fication$geometry$gnu_ilp3$gnuabi64$gnuabi64$gnuabin3$gnue$gnueabih$gnuf$gnus$gnux$hull$intersec$itan$libr$lx32$maca$mesh$miss$msvc$musl$musl$musleabi$musleabi$nium$pixe$pute$rary$raygener$roid$simulato$vert
        • API String ID: 0-2338488602
        • Opcode ID: 2235c59471a9cfd6533a92e7be23ce71659e4a4e101a8108d3baa70d6f17dced
        • Instruction ID: 5d56cc152cfd3aa604cb26ff1183e770870830bdf89f8d54ee836c01091438f1
        • Opcode Fuzzy Hash: 2235c59471a9cfd6533a92e7be23ce71659e4a4e101a8108d3baa70d6f17dced
        • Instruction Fuzzy Hash: FCE194B3F0D5C381FA796A10AD15E3BD670EF56B40E80A133DA8E17990CD7D66709B21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AFDEF0 Relevance: 56.5, Strings: 45, Instructions: 288COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 759 7ff726afdef0-7ff726afdf34 760 7ff726afe09c-7ff726afe0ab 759->760 761 7ff726afdf3a-7ff726afdf45 759->761 762 7ff726afe0c0-7ff726afe0d6 760->762 763 7ff726afe0ad-7ff726afe0b1 760->763 761->760 765 7ff726afe0d8-7ff726afe0db 762->765 766 7ff726afe13a-7ff726afe146 762->766 764 7ff726afe0b3-7ff726afe0b9 763->764 763->765 764->766 767 7ff726afe0bb-7ff726afe0be 764->767 768 7ff726afe116-7ff726afe11a 765->768 769 7ff726afe0dd-7ff726afe0fa 765->769 770 7ff726afe199-7ff726afe1a9 766->770 767->765 773 7ff726afe1b1-7ff726afe28c call 7ff726afe6e0 768->773 774 7ff726afe120-7ff726afe126 768->774 771 7ff726afe0fc-7ff726afe114 769->771 772 7ff726afe17b-7ff726afe182 769->772 770->773 771->768 776 7ff726afe192 771->776 772->770 779 7ff726afe292-7ff726afe29a 773->779 780 7ff726afe5ba 773->780 774->773 777 7ff726afe12c-7ff726afe138 774->777 776->770 777->770 782 7ff726afe434-7ff726afe454 779->782 783 7ff726afe2a0-7ff726afe2a4 779->783 781 7ff726afe5bd-7ff726afe5e8 call 7ff726cac390 780->781 785 7ff726afe456-7ff726afe471 782->785 786 7ff726afe4cc-7ff726afe4d3 782->786 787 7ff726afe481-7ff726afe48d 783->787 788 7ff726afe2aa-7ff726afe2c7 783->788 790 7ff726afe544-7ff726afe54b 785->790 791 7ff726afe477-7ff726afe47c 785->791 796 7ff726afe5ae-7ff726afe5b6 786->796 794 7ff726afe48f-7ff726afe493 787->794 795 7ff726afe4d8-7ff726afe4f4 787->795 792 7ff726afe4c0-7ff726afe4c7 788->792 793 7ff726afe2cd-7ff726afe2e5 788->793 790->796 791->781 792->796 797 7ff726afe53b-7ff726afe542 793->797 798 7ff726afe2eb-7ff726afe303 793->798 799 7ff726afe495-7ff726afe499 794->799 800 7ff726afe50b-7ff726afe51d 794->800 795->781 801 7ff726afe4fa-7ff726afe506 795->801 796->780 797->796 802 7ff726afe54d-7ff726afe554 798->802 803 7ff726afe309-7ff726afe321 798->803 799->781 804 7ff726afe49f-7ff726afe4a9 799->804 805 7ff726afe556-7ff726afe55d 800->805 806 7ff726afe51f-7ff726afe52c 800->806 801->796 802->796 808 7ff726afe55f-7ff726afe566 803->808 809 7ff726afe327-7ff726afe33f 803->809 804->781 810 7ff726afe4af-7ff726afe4bb 804->810 805->796 806->781 807 7ff726afe532-7ff726afe539 806->807 807->796 808->796 811 7ff726afe345-7ff726afe35d 809->811 812 7ff726afe568-7ff726afe56f 809->812 810->796 813 7ff726afe363-7ff726afe37b 811->813 814 7ff726afe571-7ff726afe578 811->814 812->796 815 7ff726afe381-7ff726afe399 813->815 816 7ff726afe57a-7ff726afe581 813->816 814->796 817 7ff726afe583-7ff726afe58a 815->817 818 7ff726afe39f-7ff726afe3b7 815->818 816->796 817->796 819 7ff726afe3bd-7ff726afe3d5 818->819 820 7ff726afe58c-7ff726afe593 818->820 821 7ff726afe595-7ff726afe59c 819->821 822 7ff726afe3db-7ff726afe3f0 819->822 820->796 821->796 823 7ff726afe3f6-7ff726afe40b 822->823 824 7ff726afe59e-7ff726afe5a5 822->824 825 7ff726afe411-7ff726afe426 823->825 826 7ff726afe5a7 823->826 824->796 825->791 827 7ff726afe428-7ff726afe42f 825->827 826->796 827->796
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: aarch64$arm64$v7-a$v7-m$v7-r$v7e-m$v7em$v7hl$v8-a$v8-m.base$v8-m.main$v8-r$v8.1$v8.1-a$v8.1-m.main$v8.1m.ma$v8.2$v8.2-a$v8.3$v8.3-a$v8.4$v8.4-a$v8.5$v8.5-a$v8.6$v8.6-a$v8.7$v8.7-a$v8.8$v8.8-a$v8.9$v8.9-a$v8a$v8l$v8m.base$v8m.main$v9-a$v9.1$v9.1-a$v9.2$v9.2-a$v9.3$v9.3-a$v9.4$v9.4-a
        • API String ID: 0-2414714687
        • Opcode ID: 0fe01d6bf5c766af112b75fc655b332d3eb98abb2271b21c0b2ee79ff1bfa753
        • Instruction ID: 69db1bf1f60da90cb25980df4b59599b4c8ed10dad416687777ae34bc3a9a33e
        • Opcode Fuzzy Hash: 0fe01d6bf5c766af112b75fc655b332d3eb98abb2271b21c0b2ee79ff1bfa753
        • Instruction Fuzzy Hash: 22D15D72A0CA9292E674AB20AC10FBBBB71FB55744FC09033C64D07A94DF3ED5548BA1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A32480 Relevance: 51.6, Strings: 41, Instructions: 394COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 828 7ff726a32480-7ff726a3249f 829 7ff726a324a1-7ff726a324a5 828->829 830 7ff726a324b2-7ff726a324cd 828->830 831 7ff726a32579-7ff726a32591 829->831 832 7ff726a324ab-7ff726a324ad 829->832 833 7ff726a324cf-7ff726a324d3 830->833 834 7ff726a32510-7ff726a32514 830->834 836 7ff726a325ab-7ff726a325af 831->836 837 7ff726a32593-7ff726a3259b 831->837 838 7ff726a32aa3-7ff726a32ab7 832->838 839 7ff726a324e8-7ff726a32500 833->839 840 7ff726a324d5-7ff726a324e2 833->840 835 7ff726a32666-7ff726a3266f 834->835 841 7ff726a32672-7ff726a3267c 835->841 836->838 842 7ff726a3259d-7ff726a325a7 837->842 843 7ff726a325b4-7ff726a325c1 837->843 845 7ff726a32519-7ff726a3251d 839->845 846 7ff726a32502-7ff726a32506 839->846 840->839 844 7ff726a32662 840->844 847 7ff726a3268a-7ff726a3268d 841->847 848 7ff726a3267e-7ff726a32684 841->848 849 7ff726a325a9 842->849 850 7ff726a325c7-7ff726a325dc 842->850 843->850 851 7ff726a328b8-7ff726a328bc 843->851 844->835 845->838 852 7ff726a32508-7ff726a3250c 846->852 853 7ff726a32522-7ff726a3253b 846->853 858 7ff726a326bd-7ff726a326bf 847->858 859 7ff726a3268f-7ff726a326a5 847->859 848->847 856 7ff726a32894-7ff726a32898 848->856 857 7ff726a325e8-7ff726a325fe 849->857 860 7ff726a325e2-7ff726a325e5 850->860 861 7ff726a328a6-7ff726a328aa 850->861 851->838 855 7ff726a32541-7ff726a32557 852->855 862 7ff726a3250e 852->862 854 7ff726a328ca-7ff726a328ce 853->854 853->855 854->838 863 7ff726a3255d-7ff726a32573 855->863 864 7ff726a328c1-7ff726a328c5 855->864 856->838 867 7ff726a3289d-7ff726a328a1 857->867 868 7ff726a32604-7ff726a32607 857->868 869 7ff726a326cd-7ff726a326d0 858->869 870 7ff726a326c1-7ff726a326c7 858->870 865 7ff726a326ab-7ff726a326af 859->865 866 7ff726a328af-7ff726a328b3 859->866 860->857 861->838 862->831 863->831 871 7ff726a329e0-7ff726a329e4 863->871 864->838 865->869 872 7ff726a326b1-7ff726a326b7 865->872 866->838 867->838 873 7ff726a32609-7ff726a3261c 868->873 874 7ff726a32622-7ff726a32626 868->874 876 7ff726a326ee-7ff726a326f1 869->876 877 7ff726a326d2-7ff726a326e8 869->877 870->869 875 7ff726a329d7-7ff726a329db 870->875 871->838 872->858 883 7ff726a32a0d-7ff726a32a11 872->883 873->874 884 7ff726a329f2-7ff726a329f6 873->884 878 7ff726a32628-7ff726a3263e 874->878 879 7ff726a32644-7ff726a32648 874->879 875->838 881 7ff726a3272b-7ff726a3272e 876->881 882 7ff726a326f3-7ff726a32709 876->882 877->876 880 7ff726a329ce-7ff726a329d2 877->880 878->879 885 7ff726a32a16-7ff726a32a1a 878->885 886 7ff726a3264e-7ff726a32657 879->886 887 7ff726a328d3-7ff726a328e7 879->887 880->838 890 7ff726a32730-7ff726a3273d 881->890 891 7ff726a32743-7ff726a32746 881->891 888 7ff726a329e9-7ff726a329ed 882->888 889 7ff726a3270f-7ff726a32725 882->889 883->838 884->838 885->838 892 7ff726a3265d 886->892 893 7ff726a3290f-7ff726a32924 886->893 895 7ff726a328ed-7ff726a32901 887->895 896 7ff726a32a1f-7ff726a32a23 887->896 888->838 889->881 894 7ff726a32a04-7ff726a32a08 889->894 890->891 897 7ff726a329fb-7ff726a329ff 890->897 898 7ff726a3275a-7ff726a3275d 891->898 899 7ff726a32748-7ff726a3274c 891->899 900 7ff726a32953-7ff726a3296b 892->900 893->838 903 7ff726a3292a-7ff726a32933 893->903 894->838 901 7ff726a32907-7ff726a3290d 895->901 902 7ff726a32a42-7ff726a32a45 895->902 896->838 897->838 906 7ff726a32779-7ff726a32784 898->906 907 7ff726a3275f-7ff726a32773 898->907 904 7ff726a3274e-7ff726a32754 899->904 905 7ff726a327a5-7ff726a327a8 899->905 911 7ff726a32971-7ff726a32977 900->911 912 7ff726a32a25-7ff726a32a28 900->912 901->893 908 7ff726a32935-7ff726a3294b 901->908 902->838 903->900 903->908 904->898 909 7ff726a32a47-7ff726a32a4b 904->909 914 7ff726a327aa-7ff726a327c0 905->914 915 7ff726a327c6-7ff726a327c9 905->915 906->905 913 7ff726a32786-7ff726a3279f 906->913 907->906 910 7ff726a32a30-7ff726a32a34 907->910 908->838 916 7ff726a32951 908->916 909->838 910->838 917 7ff726a32979-7ff726a3298c 911->917 918 7ff726a329c4-7ff726a329c9 911->918 912->838 913->905 919 7ff726a32a3c-7ff726a32a40 913->919 914->915 920 7ff726a32a2a-7ff726a32a2e 914->920 921 7ff726a327cb-7ff726a327df 915->921 922 7ff726a327e5-7ff726a327e8 915->922 916->900 926 7ff726a32a81-7ff726a32a85 917->926 927 7ff726a32992-7ff726a329a5 917->927 918->841 919->838 920->838 921->922 923 7ff726a32a36-7ff726a32a3a 921->923 924 7ff726a327ea-7ff726a32802 922->924 925 7ff726a32826-7ff726a32829 922->925 923->838 928 7ff726a32808-7ff726a32820 924->928 929 7ff726a32a4d-7ff726a32a51 924->929 930 7ff726a3283d-7ff726a3283f 925->930 931 7ff726a3282b-7ff726a3282f 925->931 926->838 932 7ff726a32a99-7ff726a32a9d 927->932 933 7ff726a329ab-7ff726a329be 927->933 928->925 934 7ff726a32a7b-7ff726a32a7f 928->934 929->838 937 7ff726a3284d-7ff726a32858 930->937 938 7ff726a32841-7ff726a32847 930->938 935 7ff726a3288c-7ff726a3288f 931->935 936 7ff726a32831-7ff726a32837 931->936 932->838 933->918 939 7ff726a32a9f 933->939 934->838 935->838 936->930 940 7ff726a32a93-7ff726a32a97 936->940 942 7ff726a3285a-7ff726a32876 937->942 943 7ff726a3287c-7ff726a32886 937->943 938->937 941 7ff726a32a87-7ff726a32a8b 938->941 939->838 940->838 941->838 942->943 944 7ff726a32a8d-7ff726a32a91 942->944 943->935 945 7ff726a32a53-7ff726a32a79 943->945 944->838 945->838
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: amdh$amdp$anan$aris$chos$cloudabi$cont$cuda$darw$dermodel$dows$dragonfl$driverki$ebsd$elfiamcu$emscript$free$fuch$haik$herm$hsia$hurd$kfreebsd$linu$maco$mesa$mini$nacl$nbsd$netb$nvcl$open$rtem$shadermo$sola$tiki$tvos$wasi$watc$win3$wind
        • API String ID: 0-149123974
        • Opcode ID: 5d24597d54c6f5cdc070b48c71008b70beb476a4748eb81515d637c3f265a63b
        • Instruction ID: 30d7801e0e8296912c10c6a41947e06aaf257e13523da4d2b721a2356f6cc7c3
        • Opcode Fuzzy Hash: 5d24597d54c6f5cdc070b48c71008b70beb476a4748eb81515d637c3f265a63b
        • Instruction Fuzzy Hash: 73E1C4A3E0C1D342FA756E205D91E3BEA70EF15B60E959233DD6E136D0CE3869709A60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABA0F0 Relevance: 43.8, APIs: 14, Strings: 11, Instructions: 94libraryloaderCOMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        • LoadLibraryW.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA0FD
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA120
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA133
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA146
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA159
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA16C
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA17F
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA192
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA1A5
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA1B8
        • GetProcAddress.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA1CB
        • InitializeCriticalSection.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA259
        • EnterCriticalSection.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA26D
        • SetUnhandledExceptionFilter.KERNEL32(?,?,?,00000000,00007FF726ABAAF4,?,?,?,00000001,00007FF726ABE7ED,?,?,?,?,00007FF7269C70CD), ref: 00007FF726ABA281
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: AddressProc$CriticalSection$EnterExceptionFilterInitializeLibraryLoadUnhandled
        • String ID: Dbghelp.dll$EnumerateLoadedModules64$MiniDumpWriteDump$StackWalk64$SymFunctionTableAccess64$SymGetLineFromAddr64$SymGetModuleBase64$SymGetModuleInfo64$SymGetSymFromAddr64$SymInitialize$SymSetOptions
        • API String ID: 4289314834-3758892603
        • Opcode ID: fbcc272d06590f3041c9d5dfd7c7e331e08e211b9acde4b3a3ab0ccf1a568de6
        • Instruction ID: 16d671be1708209ae46b24a8b5cf4d59c28fd45fa66f4ebd2f08c2a29d6f5384
        • Opcode Fuzzy Hash: fbcc272d06590f3041c9d5dfd7c7e331e08e211b9acde4b3a3ab0ccf1a568de6
        • Instruction Fuzzy Hash: 9F412B65D0DA4A91FE02FB25FD801A6A3A4EF59781FC05237C80D167B0EF6CA185CB61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269DB2A0 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 418COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1306 7ff7269db2a0-7ff7269db303 GetLogicalProcessorInformationEx 1307 7ff7269db710-7ff7269db71a 1306->1307 1308 7ff7269db309-7ff7269db312 GetLastError 1306->1308 1309 7ff7269db725-7ff7269db72d 1307->1309 1308->1307 1310 7ff7269db318-7ff7269db33f GetLogicalProcessorInformationEx 1308->1310 1311 7ff7269db735-7ff7269db760 call 7ff726cac390 1309->1311 1312 7ff7269db72f 1309->1312 1316 7ff7269db345-7ff7269db34c 1310->1316 1317 7ff7269db468-7ff7269db48a GetLogicalProcessorInformationEx 1310->1317 1312->1311 1316->1317 1318 7ff7269db352-7ff7269db369 1316->1318 1317->1307 1323 7ff7269db490-7ff7269db499 GetLastError 1317->1323 1319 7ff7269db381-7ff7269db386 1318->1319 1321 7ff7269db370-7ff7269db37b 1319->1321 1322 7ff7269db388-7ff7269db38f 1319->1322 1321->1317 1321->1319 1322->1321 1324 7ff7269db391-7ff7269db39c 1322->1324 1323->1307 1325 7ff7269db49f-7ff7269db4c3 GetLogicalProcessorInformationEx 1323->1325 1326 7ff7269db3a0-7ff7269db3c8 1324->1326 1331 7ff7269db59a-7ff7269db5c3 GetCurrentProcess GetProcessGroupAffinity 1325->1331 1332 7ff7269db4c9-7ff7269db4d0 1325->1332 1327 7ff7269db40a-7ff7269db426 1326->1327 1328 7ff7269db3ca-7ff7269db403 1326->1328 1333 7ff7269db42c-7ff7269db443 call 7ff7269c9b10 1327->1333 1334 7ff7269db428-7ff7269db42a 1327->1334 1328->1326 1330 7ff7269db405 1328->1330 1330->1321 1331->1307 1345 7ff7269db5c9-7ff7269db5d2 GetLastError 1331->1345 1332->1331 1335 7ff7269db4d6-7ff7269db4e6 1332->1335 1333->1328 1334->1333 1336 7ff7269db445-7ff7269db463 call 7ff7269c9b10 1334->1336 1338 7ff7269db50a-7ff7269db50d 1335->1338 1336->1328 1342 7ff7269db50f-7ff7269db518 1338->1342 1343 7ff7269db4fb-7ff7269db504 1338->1343 1346 7ff7269db4e8-7ff7269db4f6 1342->1346 1347 7ff7269db51a-7ff7269db595 1342->1347 1343->1331 1343->1338 1345->1307 1348 7ff7269db5d8-7ff7269db5f1 1345->1348 1346->1343 1347->1346 1349 7ff7269db5f3-7ff7269db607 call 7ff7269dba10 1348->1349 1350 7ff7269db609 1348->1350 1351 7ff7269db60b-7ff7269db624 GetCurrentProcess GetProcessGroupAffinity 1349->1351 1350->1351 1354 7ff7269db6d4-7ff7269db6dc 1351->1354 1355 7ff7269db62a-7ff7269db666 GetCurrentProcess GetProcessAffinityMask 1351->1355 1354->1307 1358 7ff7269db6de-7ff7269db6ed 1354->1358 1356 7ff7269db678 1355->1356 1357 7ff7269db668-7ff7269db672 1355->1357 1360 7ff7269db67c-7ff7269db698 1356->1360 1357->1356 1359 7ff7269db761 1357->1359 1361 7ff7269db6ef-7ff7269db6fe 1358->1361 1362 7ff7269db70b call 7ff726cac07c 1358->1362 1366 7ff7269db761 call 7ff726ab6510 1359->1366 1364 7ff7269db69e-7ff7269db6b4 1360->1364 1365 7ff7269db7d9-7ff7269db7dc 1360->1365 1367 7ff7269db704-7ff7269db708 1361->1367 1368 7ff7269db8e9-7ff7269db8fe 1361->1368 1362->1307 1370 7ff7269db79f-7ff7269db7a7 call 7ff726cac038 1364->1370 1371 7ff7269db6ba-7ff7269db6cf call 7ff726cac038 1364->1371 1365->1309 1369 7ff7269db7e2-7ff7269db7ec 1365->1369 1372 7ff7269db766-7ff7269db768 1366->1372 1367->1362 1381 7ff7269db945-7ff7269db949 1368->1381 1382 7ff7269db900-7ff7269db911 1368->1382 1375 7ff7269db7ee-7ff7269db7fd 1369->1375 1376 7ff7269db80a-7ff7269db815 call 7ff726cac07c 1369->1376 1390 7ff7269db7aa-7ff7269db7d2 call 7ff726cadd90 1370->1390 1371->1390 1378 7ff7269db76e-7ff7269db775 1372->1378 1379 7ff7269db81a-7ff7269db89c 1372->1379 1375->1368 1383 7ff7269db803-7ff7269db807 1375->1383 1376->1309 1378->1379 1386 7ff7269db77b-7ff7269db79d call 7ff7269db960 1378->1386 1387 7ff7269db8c5-7ff7269db8e7 call 7ff7269c9b10 1379->1387 1388 7ff7269db89e 1379->1388 1391 7ff7269db913-7ff7269db922 1382->1391 1392 7ff7269db92b-7ff7269db93a call 7ff726cac07c 1382->1392 1383->1376 1386->1365 1395 7ff7269db8a0-7ff7269db8c0 1387->1395 1388->1395 1390->1365 1398 7ff7269db924-7ff7269db928 1391->1398 1399 7ff7269db94a-7ff7269db950 1391->1399 1392->1381 1395->1360 1398->1392
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Process$InformationLogicalProcessor$AffinityCurrentErrorLast$Group$Mask
        • String ID: 33333333$UUUUUUUU
        • API String ID: 2875734032-3483174168
        • Opcode ID: f860fced3b8bfe3a75b47358b931bc39645deab4d35eddee48ec6908058e847c
        • Instruction ID: 4422beef02bb76788cd0b1680b739f38e8b6b7b7b343c23097aa7a2e155e8175
        • Opcode Fuzzy Hash: f860fced3b8bfe3a75b47358b931bc39645deab4d35eddee48ec6908058e847c
        • Instruction Fuzzy Hash: C702B7A1A1DA4582EA14AF55EC5837BE761FB84BD4F84423BEA8E03798DF3CD145CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABFDF0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185synchronizationtimeCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1405 7ff726abfdf0-7ff726abfe5a 1406 7ff726abfe61-7ff726abfe70 WaitForSingleObject 1405->1406 1407 7ff726abfe5c 1405->1407 1408 7ff726abfe72-7ff726abfe7a 1406->1408 1409 7ff726abfeb9-7ff726abfebc 1406->1409 1407->1406 1410 7ff726abfe80-7ff726abfe83 1408->1410 1411 7ff726abffc8-7ff726abffdd 1408->1411 1412 7ff726abfec2-7ff726abfee7 GetProcessTimes 1409->1412 1413 7ff726abff63-7ff726abff80 GetExitCodeProcess GetLastError 1409->1413 1410->1411 1415 7ff726abfe89-7ff726abfe9a TerminateProcess 1410->1415 1414 7ff726ac005e-7ff726ac0084 call 7ff726cac390 1411->1414 1412->1413 1416 7ff726abfee9-7ff726abfeff K32GetProcessMemoryInfo 1412->1416 1417 7ff726abff82-7ff726abff86 CloseHandle 1413->1417 1418 7ff726abff8c-7ff726abff8f 1413->1418 1421 7ff726abfea0-7ff726abfeb3 WaitForSingleObject CloseHandle 1415->1421 1422 7ff726ac0085-7ff726ac0088 1415->1422 1416->1413 1423 7ff726abff01-7ff726abff5c 1416->1423 1417->1418 1419 7ff726abff91-7ff726abff97 1418->1419 1420 7ff726abffdf-7ff726abfff0 SetLastError 1418->1420 1427 7ff726ac004e-7ff726ac0056 1419->1427 1428 7ff726abff9d-7ff726abffc3 1419->1428 1420->1427 1429 7ff726abfff2-7ff726ac0049 call 7ff726cac038 call 7ff726ac0d00 call 7ff726cac07c 1420->1429 1421->1409 1425 7ff726ac00f3-7ff726ac010c CloseHandle 1422->1425 1426 7ff726ac008a-7ff726ac00ee call 7ff726cac038 call 7ff726ac0d00 call 7ff726cac07c 1422->1426 1423->1413 1430 7ff726abff5e 1423->1430 1434 7ff726ac005a 1425->1434 1426->1425 1427->1434 1428->1427 1429->1427 1430->1413 1434->1414
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Process$CloseHandleObjectSingleWait$CodeErrorExitInfoLastMemoryTerminateTimes
        • String ID: program$%$/
        • API String ID: 4249095958-2761700234
        • Opcode ID: 4a08588205c64f127ce973b60c26ba3ed77de9d8b330805d76077c59f1c4a634
        • Instruction ID: 984edda34c42f9a9239861eac34258de2cdea45b16d21adc905e7205f9619d47
        • Opcode Fuzzy Hash: 4a08588205c64f127ce973b60c26ba3ed77de9d8b330805d76077c59f1c4a634
        • Instruction Fuzzy Hash: AA81E262A08B8681EB10AF25EC4077BB7A1FF85B84F449136DE8D063A5DF7DE485CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB5120 Relevance: 23.4, APIs: 12, Strings: 1, Instructions: 610COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1486 7ff726ab5120-7ff726ab5176 GetCommandLineW 1487 7ff726ab5d89-7ff726ab5d9c call 7ff726cac188 1486->1487 1488 7ff726ab517c-7ff726ab51d2 call 7ff7269d7cc0 1486->1488 1487->1488 1493 7ff726ab5da2-7ff726ab5dba call 7ff726cac3b0 call 7ff726cac1f0 1487->1493 1496 7ff726ab51ef-7ff726ab5249 call 7ff7269ba250 1488->1496 1497 7ff726ab51d4-7ff726ab51ea 1488->1497 1493->1488 1507 7ff726ab524f-7ff726ab5286 1496->1507 1508 7ff726ab57ab-7ff726ab57af 1496->1508 1499 7ff726ab5b1f-7ff726ab5b2a 1497->1499 1504 7ff726ab5b32-7ff726ab5b58 call 7ff726cac390 1499->1504 1505 7ff726ab5b2c 1499->1505 1505->1504 1512 7ff726ab5290-7ff726ab529b 1507->1512 1510 7ff726ab57b1-7ff726ab57f0 call 7ff726cadfa0 1508->1510 1511 7ff726ab5822-7ff726ab5841 1508->1511 1528 7ff726ab57f2-7ff726ab580b call 7ff7269c9cc0 1510->1528 1529 7ff726ab586e-7ff726ab5871 1510->1529 1515 7ff726ab5dbf-7ff726ab5dd2 call 7ff726cac188 1511->1515 1516 7ff726ab5847-7ff726ab5855 1511->1516 1513 7ff726ab52b0 1512->1513 1514 7ff726ab529d-7ff726ab52a2 call 7ff726cadfa0 1512->1514 1521 7ff726ab52b2-7ff726ab52de 1513->1521 1514->1521 1515->1516 1531 7ff726ab5dd8-7ff726ab5df0 call 7ff726cac3b0 call 7ff726cac1f0 1515->1531 1520 7ff726ab5859-7ff726ab5869 1516->1520 1525 7ff726ab5b0c-7ff726ab5b17 1520->1525 1526 7ff726ab5775-7ff726ab5788 call 7ff726cac188 1521->1526 1527 7ff726ab52e4-7ff726ab5329 call 7ff7269caf90 1521->1527 1525->1499 1535 7ff726ab5b19 1525->1535 1526->1527 1543 7ff726ab578e-7ff726ab57a6 call 7ff726cac3b0 call 7ff726cac1f0 1526->1543 1546 7ff726ab532f-7ff726ab5338 1527->1546 1547 7ff726ab5460-7ff726ab5468 1527->1547 1532 7ff726ab5873-7ff726ab5889 call 7ff726cadd80 1528->1532 1529->1532 1533 7ff726ab588e-7ff726ab58eb call 7ff7269d3720 GetModuleFileNameW 1529->1533 1531->1516 1532->1533 1552 7ff726ab58ed-7ff726ab58ef 1533->1552 1553 7ff726ab592b-7ff726ab5939 GetLastError 1533->1553 1535->1499 1543->1527 1554 7ff726ab5360-7ff726ab5364 1546->1554 1555 7ff726ab533a-7ff726ab5342 1546->1555 1550 7ff726ab5737-7ff726ab574d call 7ff7269c9b10 1547->1550 1551 7ff726ab546e-7ff726ab547b 1547->1551 1584 7ff726ab5756-7ff726ab576c call 7ff7269c9b10 1550->1584 1558 7ff726ab571b-7ff726ab5722 1551->1558 1552->1553 1560 7ff726ab58f1-7ff726ab590a GetLongPathNameW 1552->1560 1564 7ff726ab593b call 7ff726a99b60 1553->1564 1562 7ff726ab5372-7ff726ab53c0 call 7ff7269d7ad0 1554->1562 1563 7ff726ab5366-7ff726ab536c 1554->1563 1555->1547 1561 7ff726ab5348-7ff726ab5350 1555->1561 1566 7ff726ab5728-7ff726ab572f 1558->1566 1567 7ff726ab580d-7ff726ab5820 1558->1567 1560->1553 1569 7ff726ab590c-7ff726ab5916 1560->1569 1561->1562 1570 7ff726ab5352 1561->1570 1579 7ff726ab53c6-7ff726ab53e0 FindFirstFileW 1562->1579 1580 7ff726ab5708-7ff726ab5713 1562->1580 1563->1547 1563->1562 1574 7ff726ab5940-7ff726ab594a 1564->1574 1566->1512 1576 7ff726ab5735 1566->1576 1567->1520 1577 7ff726ab5b59-7ff726ab5b7e call 7ff7269d7cc0 1569->1577 1578 7ff726ab591c-7ff726ab5929 1569->1578 1570->1547 1581 7ff726ab5967-7ff726ab5a16 call 7ff7269d39c0 call 7ff7269d35d0 call 7ff7269cd740 1574->1581 1582 7ff726ab594c-7ff726ab5962 1574->1582 1576->1508 1597 7ff726ab5b80-7ff726ab5b92 1577->1597 1598 7ff726ab5b97-7ff726ab5baa 1577->1598 1578->1564 1585 7ff726ab5480-7ff726ab548d 1579->1585 1586 7ff726ab53e6-7ff726ab5422 1579->1586 1580->1558 1588 7ff726ab5715 1580->1588 1622 7ff726ab5a20-7ff726ab5a56 call 7ff726ab20c0 1581->1622 1623 7ff726ab5a18 1581->1623 1587 7ff726ab5ad6-7ff726ab5ae9 1582->1587 1584->1526 1585->1584 1599 7ff726ab5493-7ff726ab54a0 1585->1599 1592 7ff726ab54a5-7ff726ab54bc 1586->1592 1593 7ff726ab5428-7ff726ab5455 call 7ff7269c9cc0 1586->1593 1595 7ff726ab5af1-7ff726ab5b04 1587->1595 1596 7ff726ab5aeb 1587->1596 1588->1558 1606 7ff726ab54d4-7ff726ab54f6 call 7ff7269d3720 1592->1606 1607 7ff726ab54be-7ff726ab54cc call 7ff726cadd80 1592->1607 1593->1607 1595->1525 1603 7ff726ab5b06 1595->1603 1596->1595 1597->1574 1604 7ff726ab5bb3 1598->1604 1605 7ff726ab5bac-7ff726ab5bb1 call 7ff726cadfa0 1598->1605 1599->1580 1603->1525 1611 7ff726ab5bb5-7ff726ab5be0 call 7ff7269d44d0 1604->1611 1605->1611 1619 7ff726ab5500-7ff726ab5557 call 7ff7269d7cc0 1606->1619 1607->1606 1624 7ff726ab5be2-7ff726ab5c1a 1611->1624 1625 7ff726ab5c2e-7ff726ab5c5a 1611->1625 1645 7ff726ab5680-7ff726ab568b 1619->1645 1646 7ff726ab555d-7ff726ab55fe call 7ff7269d35d0 call 7ff726ab20c0 1619->1646 1641 7ff726ab5a91-7ff726ab5ac5 1622->1641 1642 7ff726ab5a58-7ff726ab5a6b 1622->1642 1623->1622 1626 7ff726ab5c5c-7ff726ab5c77 call 7ff726cadd90 1624->1626 1627 7ff726ab5c1c-7ff726ab5c2c call 7ff726945680 1624->1627 1629 7ff726ab5c7f-7ff726ab5c90 1625->1629 1626->1629 1627->1629 1634 7ff726ab5c92-7ff726ab5c9a 1629->1634 1635 7ff726ab5c9c 1629->1635 1640 7ff726ab5ca4-7ff726ab5cb8 1634->1640 1635->1640 1647 7ff726ab5cba-7ff726ab5cdb call 7ff7269c9cc0 1640->1647 1648 7ff726ab5cdd 1640->1648 1643 7ff726ab5df5-7ff726ab5e08 call 7ff726cac188 1641->1643 1644 7ff726ab5acb-7ff726ab5ad2 1641->1644 1649 7ff726ab5a6d-7ff726ab5a7c 1642->1649 1650 7ff726ab5a8c call 7ff726cac07c 1642->1650 1643->1644 1670 7ff726ab5e0e-7ff726ab5e26 call 7ff726cac3b0 call 7ff726cac1f0 1643->1670 1644->1587 1652 7ff726ab5693-7ff726ab5696 1645->1652 1653 7ff726ab568d 1645->1653 1679 7ff726ab56b3-7ff726ab56cd call 7ff7269c9b10 1646->1679 1680 7ff726ab5604-7ff726ab5623 1646->1680 1657 7ff726ab5cdf-7ff726ab5d24 call 7ff726cadd90 1647->1657 1648->1657 1658 7ff726ab5a82-7ff726ab5a89 1649->1658 1659 7ff726ab5e2b 1649->1659 1650->1641 1662 7ff726ab56d2-7ff726ab56ee FindClose 1652->1662 1663 7ff726ab5698-7ff726ab56ab FindNextFileW 1652->1663 1653->1652 1667 7ff726ab5e31-7ff726ab5e44 call 7ff726cac188 1657->1667 1673 7ff726ab5d2a-7ff726ab5d45 1657->1673 1658->1650 1659->1667 1671 7ff726ab56f0 1662->1671 1672 7ff726ab56f6-7ff726ab5700 1662->1672 1663->1619 1669 7ff726ab56b1 1663->1669 1667->1673 1684 7ff726ab5e4a-7ff726ab5e62 call 7ff726cac3b0 call 7ff726cac1f0 1667->1684 1669->1662 1670->1644 1671->1672 1672->1580 1673->1574 1677 7ff726ab5d4b-7ff726ab5d5e 1673->1677 1682 7ff726ab5d7f-7ff726ab5d84 call 7ff726cac07c 1677->1682 1683 7ff726ab5d60-7ff726ab5d6f 1677->1683 1679->1680 1680->1645 1686 7ff726ab5625 1680->1686 1682->1574 1683->1659 1689 7ff726ab5d75-7ff726ab5d7c 1683->1689 1684->1673 1693 7ff726ab5627-7ff726ab562f 1686->1693 1694 7ff726ab566e-7ff726ab5676 1686->1694 1689->1682 1697 7ff726ab5631-7ff726ab564f call 7ff7269c9cc0 1693->1697 1698 7ff726ab5657-7ff726ab565d 1693->1698 1694->1645 1697->1698 1698->1694 1699 7ff726ab565f-7ff726ab5669 call 7ff726cadda0 1698->1699 1699->1694
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Name$CommandFileInit_thread_headerLineLongModulePath
        • String ID: \\?\
        • API String ID: 2344869028-4282027825
        • Opcode ID: 83cfd1d6df5f49e16826f8b643feb21dff7d949258ea90d555f1763d5ceb6160
        • Instruction ID: af42bea04f374317256bade2c40ad464d5440ea5ace8a20379720eda559143dc
        • Opcode Fuzzy Hash: 83cfd1d6df5f49e16826f8b643feb21dff7d949258ea90d555f1763d5ceb6160
        • Instruction Fuzzy Hash: 91625A72A0CAC681EA71EF15EC547ABA360FB94784F804136DA8D47A99DF3CE584CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726B172A0 Relevance: 18.8, Strings: 14, Instructions: 1253COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: (0x$ has a sh_offset (0x$ has an invalid sh_size ($ has invalid sh_entsize: expected $"$) + sh_size (0x$) that cannot be represented$) that is greater than the file size (0x$) which is not a multiple of its sh_entsize ($), but unable to locate the extended symbol index table$, but got $found an extended symbol index ($section $unable to read an extended symbol table at index
        • API String ID: 0-2279413966
        • Opcode ID: 1a703a97410a61ab90fad26c6de289e9a53753964d9f488cb2aeac03a8c7b528
        • Instruction ID: 7d935df1aadaa0b9ef7289517239b0fb404ce9e6ac6be55744398e65cc33448a
        • Opcode Fuzzy Hash: 1a703a97410a61ab90fad26c6de289e9a53753964d9f488cb2aeac03a8c7b528
        • Instruction Fuzzy Hash: 7AE26772A0CBC591EA759B14E8483EFB7A1FB95384F905126CACD03A99DF7CD188CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB8C70 Relevance: 16.6, APIs: 2, Strings: 7, Instructions: 826COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: CurrentInit_thread_headerProcess
        • String ID: $ $LLVM_DISABLE_SYMBOLIZATION$LLVM_SYMBOLIZER_PATH$llvm-symbolizer$symbolizer-input$symbolizer-output
        • API String ID: 3343153627-368381080
        • Opcode ID: e27624b1eac9a984c850d73ac8a914f1dd14c7bca464020323c444169c299318
        • Instruction ID: f93cf8215b1729d0ce883a8582ef27082f1c482ba402ef26571ad38b922d0e36
        • Opcode Fuzzy Hash: e27624b1eac9a984c850d73ac8a914f1dd14c7bca464020323c444169c299318
        • Instruction Fuzzy Hash: C2927E32A0CAC685EA70AB15EC447EBA3A0FB95754F840136DA9D07B99DF7CE184CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726B14C90 Relevance: 15.8, Strings: 12, Instructions: 812COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: $ is empt$ is empty$ is non-null terminated$-$: expected SHT_STRTAB, but got $SHT_STRTAB string table section $[index $[unknown$invalid sh_type for string table section $n index]$rminated
        • API String ID: 0-3476031541
        • Opcode ID: 16e3a3277b7ca7db68c07f2a0290a21f3017fbfa6a055085ccd896109d01b61a
        • Instruction ID: baf8051834818f2506cb6a3011935159975b4ba1e9431df247df0996a07fc3af
        • Opcode Fuzzy Hash: 16e3a3277b7ca7db68c07f2a0290a21f3017fbfa6a055085ccd896109d01b61a
        • Instruction Fuzzy Hash: 9F82E3A2608BC591EB20EB15EC583AFA361FB857C4F905536DA8D07B85DF7CD188CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72697D870 Relevance: 15.5, Strings: 12, Instructions: 525COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 2875 7ff72697d870-7ff72697d8b1 2876 7ff72697d8b3-7ff72697d8c6 call 7ff7269cff40 2875->2876 2877 7ff72697d8d1-7ff72697d8d4 2875->2877 2883 7ff72697d8c8-7ff72697d8cf 2876->2883 2884 7ff72697d8f5-7ff72697d905 call 7ff7269cff40 2876->2884 2878 7ff72697d8ec-7ff72697d8f3 2877->2878 2879 7ff72697d8d6-7ff72697d8e9 call 7ff726cadd80 2877->2879 2878->2883 2878->2884 2879->2878 2885 7ff72697d90a-7ff72697d919 2883->2885 2884->2885 2888 7ff72697d91b-7ff72697d933 call 7ff7269cff40 2885->2888 2889 7ff72697d935-7ff72697d959 2885->2889 2891 7ff72697d95c-7ff72697d96c call 7ff7269cf340 2888->2891 2889->2891 2895 7ff72697d96e-7ff72697d975 2891->2895 2896 7ff72697d977-7ff72697d987 call 7ff7269cff40 2891->2896 2897 7ff72697d98c-7ff72697d99b 2895->2897 2896->2897 2899 7ff72697d99d-7ff72697d9b5 call 7ff7269cff40 2897->2899 2900 7ff72697d9b7-7ff72697d9ca 2897->2900 2902 7ff72697d9cd-7ff72697d9e5 call 7ff7269cf340 2899->2902 2900->2902 2906 7ff72697d9e7-7ff72697d9ee 2902->2906 2907 7ff72697d9f0-7ff72697da00 call 7ff7269cff40 2902->2907 2908 7ff72697da05-7ff72697da14 2906->2908 2907->2908 2910 7ff72697da2d-7ff72697da42 2908->2910 2911 7ff72697da16-7ff72697da2b call 7ff7269cff40 2908->2911 2913 7ff72697da46-7ff72697da50 2910->2913 2911->2913 2915 7ff72697da98-7ff72697da9f 2913->2915 2916 7ff72697da52-7ff72697da59 2913->2916 2918 7ff72697dac3-7ff72697dacb 2915->2918 2919 7ff72697daa1-7ff72697dac1 2915->2919 2917 7ff72697da70-7ff72697da83 call 7ff7269cf340 2916->2917 2929 7ff72697da85-7ff72697da96 call 7ff7269cff40 2917->2929 2930 7ff72697da60-7ff72697da63 2917->2930 2921 7ff72697dacd-7ff72697dae8 2918->2921 2922 7ff72697dae9-7ff72697db07 2918->2922 2919->2918 2920 7ff72697db0e-7ff72697db1d 2919->2920 2924 7ff72697db39-7ff72697db53 2920->2924 2925 7ff72697db1f-7ff72697db37 call 7ff7269cff40 2920->2925 2922->2920 2928 7ff72697db56-7ff72697db5d 2924->2928 2925->2928 2933 7ff72697db7f 2928->2933 2934 7ff72697db5f-7ff72697db7d 2928->2934 2932 7ff72697da67-7ff72697da6e 2929->2932 2930->2932 2932->2915 2932->2917 2936 7ff72697db81-7ff72697db8e call 7ff7269cf300 2933->2936 2934->2936 2940 7ff72697db99-7ff72697dba9 call 7ff7269cff40 2936->2940 2941 7ff72697db90-7ff72697db97 2936->2941 2942 7ff72697dbae-7ff72697dbb6 2940->2942 2941->2942 2944 7ff72697dbcd-7ff72697dbd4 2942->2944 2945 7ff72697dbd6-7ff72697dbfb 2944->2945 2946 7ff72697dbc0-7ff72697dbc7 2944->2946 2945->2946 2947 7ff72697dbfd-7ff72697dc0c 2945->2947 2946->2918 2946->2944 2948 7ff72697dc0e-7ff72697dc2a call 7ff7269cff40 2947->2948 2949 7ff72697dc2c-7ff72697dc56 2947->2949 2951 7ff72697dc59-7ff72697dc79 call 7ff726cadfa0 2948->2951 2949->2951 2955 7ff72697dc7b-7ff72697dc90 call 7ff7269cff40 2951->2955 2956 7ff72697dc92-7ff72697dc95 2951->2956 2958 7ff72697dcb0-7ff72697dcc0 2955->2958 2957 7ff72697dc97-7ff72697dcac call 7ff726cadd80 2956->2957 2956->2958 2957->2958 2962 7ff72697dcdc-7ff72697dce1 2958->2962 2963 7ff72697dcc2-7ff72697dcda call 7ff7269cff40 2958->2963 2966 7ff72697dce6-7ff72697dcf9 call 7ff7269cf300 2962->2966 2963->2966 2970 7ff72697dcfb-7ff72697dd02 2966->2970 2971 7ff72697dd04-7ff72697dd14 call 7ff7269cff40 2966->2971 2972 7ff72697dd19-7ff72697dd28 2970->2972 2971->2972 2974 7ff72697dd2a-7ff72697dd42 call 7ff7269cff40 2972->2974 2975 7ff72697dd44-7ff72697dd5b 2972->2975 2977 7ff72697dd5e-7ff72697dd6d call 7ff7269cf300 2974->2977 2975->2977 2981 7ff72697dd78-7ff72697dd88 call 7ff7269cff40 2977->2981 2982 7ff72697dd6f-7ff72697dd76 2977->2982 2983 7ff72697dd8d-7ff72697dd96 2981->2983 2982->2983 2985 7ff72697ddc0-7ff72697ddf8 call 7ff7269cf300 2983->2985 2988 7ff72697ddfa-7ff72697de01 2985->2988 2989 7ff72697de10-7ff72697de20 call 7ff7269cff40 2985->2989 2990 7ff72697de25-7ff72697de42 2988->2990 2989->2990 2992 7ff72697de44-7ff72697de71 call 7ff726cac0b0 call 7ff726cadda0 2990->2992 2993 7ff72697deb0-7ff72697deb3 2990->2993 3006 7ff72697de9a-7ff72697de9d 2992->3006 3007 7ff72697de73-7ff72697de75 2992->3007 2994 7ff72697ddad-7ff72697ddba 2993->2994 2995 7ff72697deb9 2993->2995 2994->2946 2994->2985 2997 7ff72697debc-7ff72697dec2 2995->2997 2999 7ff72697dee3-7ff72697def1 2997->2999 3001 7ff72697def3-7ff72697df06 call 7ff7269cf340 2999->3001 3002 7ff72697df20-7ff72697df3e call 7ff72695cf10 2999->3002 3013 7ff72697df0c-7ff72697df13 3001->3013 3014 7ff72697e000-7ff72697e010 call 7ff7269cff40 3001->3014 3015 7ff72697df90-7ff72697df98 3002->3015 3016 7ff72697df40-7ff72697df54 3002->3016 3006->2997 3011 7ff72697de9f 3006->3011 3010 7ff72697de80-7ff72697de98 3007->3010 3010->3006 3010->3010 3012 7ff72697dda0-7ff72697dda8 call 7ff726cac07c 3011->3012 3012->2994 3019 7ff72697e015-7ff72697e01d 3013->3019 3014->3019 3017 7ff72697df9a-7ff72697df9d 3015->3017 3018 7ff72697dfc0 3015->3018 3022 7ff72697df68-7ff72697df73 3016->3022 3017->3018 3025 7ff72697df9f-7ff72697dfad 3017->3025 3026 7ff72697dfc7-7ff72697dfd5 3018->3026 3027 7ff72697e055-7ff72697e062 call 7ff7269cf340 3019->3027 3023 7ff72697df75-7ff72697df83 3022->3023 3024 7ff72697df60-7ff72697df66 3022->3024 3023->3024 3024->3015 3024->3022 3025->3026 3029 7ff72697dfaf-7ff72697dfb6 3025->3029 3031 7ff72697dfd7-7ff72697dfed call 7ff7269cff40 3026->3031 3032 7ff72697e01f-7ff72697e039 call 7ff726cadd80 3026->3032 3037 7ff72697e068-7ff72697e07d call 7ff7269cff40 3027->3037 3038 7ff72697ded0-7ff72697ded3 3027->3038 3029->3026 3040 7ff72697e03b-7ff72697e04d call 7ff7269cff40 3031->3040 3041 7ff72697dfef-7ff72697dff6 3031->3041 3032->3040 3032->3041 3042 7ff72697ded7-7ff72697dedd 3037->3042 3038->3042 3046 7ff72697e050 3040->3046 3041->3046 3042->2999 3042->3012 3046->3027
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: # Counter Values:$# Func H$# Func Hash:$# Num Counters:$# Num Value Kinds:$# NumValueSites:$# ValueK$# ValueKind = $** External Symbol **$c Hash:$ds:$eKind =
        • API String ID: 0-2073926981
        • Opcode ID: 5c1e852f5d5fd404b87e22ffdee72f47b3565d6f75e9175f43c34916a2e72bea
        • Instruction ID: 72875fd08237789f63a5df68884f803780f2b082967afcaa5954735a1381ecb4
        • Opcode Fuzzy Hash: 5c1e852f5d5fd404b87e22ffdee72f47b3565d6f75e9175f43c34916a2e72bea
        • Instruction Fuzzy Hash: 3522A862B0965581EE25AB1ADC4027BA760FB89FC4F85403BDE8E077D5DE3CE444CB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AC0D00 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 497windowCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Concurrency::cancel_current_taskErrorFormatFreeLastLocalMessage
        • String ID: (0x$0$0123456789ABCDEF$: Unknow$wn error
        • API String ID: 2211550869-1876815273
        • Opcode ID: b499fb46336316a6e3819437ab9ad0778570bdd89c4f00d615371faba2b56e5e
        • Instruction ID: d3b3e2cea88c0d3febdd751edb1070d18e4016c2a3b4f8215d5b67033a36be5c
        • Opcode Fuzzy Hash: b499fb46336316a6e3819437ab9ad0778570bdd89c4f00d615371faba2b56e5e
        • Instruction Fuzzy Hash: 5222D062708BC181EB20EB19EC147ABA361FB55794F804636DAAD07BC6DF7DE484CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D9000 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Find$ErrorFileLast$CloseCurrentDirectoryFirstNext
        • String ID: .$.
        • API String ID: 3458012863-3769392785
        • Opcode ID: b563e2f7cc334077acc01c9c16dc62711087a5e03da8952e94883c8414167cd4
        • Instruction ID: cfe039bb6d2a544d6e19d707b02b4cc0bb033b155b2371cab56e5755db7dcac1
        • Opcode Fuzzy Hash: b563e2f7cc334077acc01c9c16dc62711087a5e03da8952e94883c8414167cd4
        • Instruction Fuzzy Hash: 86F16C62A08AC184EA70BB15EC583FBA360FB85794F804636DBDD12A99DF3CD184CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A31FC0 Relevance: 12.6, Strings: 10, Instructions: 140COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: 64ec$arm6$arm6$kalimba3$kalimba4$kalimba5$mips$powerpcs$r6el$spir
        • API String ID: 0-1622657226
        • Opcode ID: 37505e1a22a6f2d1f86a9399e49f035e865dbe598971cd01fc898d3ec01a9647
        • Instruction ID: 717c3be86493faf48a0c4ef2b58aa39d12bf1d607b8c055a519cdc1c4736113d
        • Opcode Fuzzy Hash: 37505e1a22a6f2d1f86a9399e49f035e865dbe598971cd01fc898d3ec01a9647
        • Instruction Fuzzy Hash: 3851E322A1C5C182FA70AB54ED54B7AE6B1EBC2780FD08133D68D03A98DE3DE555CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A30880 Relevance: 11.4, Strings: 9, Instructions: 167COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: mips$mips$mips$mipsel$mipsisa3$mipsisa6$mipsr6$mipsr6el$sn32
        • API String ID: 0-1372953735
        • Opcode ID: 003c546cad711431938a11c69675a7d8a677270d616e439d9d4d8521d622d38f
        • Instruction ID: cfa3dad08df75918951431903964db941a55d3fb2fbd7062c4eec02239452245
        • Opcode Fuzzy Hash: 003c546cad711431938a11c69675a7d8a677270d616e439d9d4d8521d622d38f
        • Instruction Fuzzy Hash: 6C816232918AC686E6719B29E8517ABF3B0FB84744F405136DB8D43A95EF3CE195CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABBA70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124registryCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: EnvironmentExpandStringsValue
        • String ID: DumpFolder$SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
        • API String ID: 2654294330-1401551644
        • Opcode ID: 4ff6eabffe0c8f3193e5a0dadde95e54f3a724bc0867937144b59ff9f56e1b85
        • Instruction ID: a1c9eaaaad6af2e3529320cd962282753b3a0fdf986509c105c692c212f1aead
        • Opcode Fuzzy Hash: 4ff6eabffe0c8f3193e5a0dadde95e54f3a724bc0867937144b59ff9f56e1b85
        • Instruction Fuzzy Hash: 2351846261CA8581EB60EB62FC947ABE7A1FB84784F804136DE8D47A99CF7CD045CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AFEC10 Relevance: 10.1, Strings: 8, Instructions: 105COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: _46hcraa$aarc$aarch64_$arme$ch64$mbeb$thum$thum
        • API String ID: 0-2372471509
        • Opcode ID: 6e0041820c8904dab7b9bb4e0ff6ae0a325f741c2fdc6cf2cc717a5239751501
        • Instruction ID: 0eb08bc2bf2d447e86d40e3a1ddb669f7b93fe32f242a6e50ed33cc634133a0f
        • Opcode Fuzzy Hash: 6e0041820c8904dab7b9bb4e0ff6ae0a325f741c2fdc6cf2cc717a5239751501
        • Instruction Fuzzy Hash: 453149667144A541EB989B35CD10D3F7AF2FB84F80F889433EA0D47A84CD2EE50197A2
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72694FCA0 Relevance: 9.6, APIs: 2, Strings: 3, Instructions: 834COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header$Concurrency::cancel_current_task
        • String ID: ($Cannot merge MemProf profile with Clang generated profile.$Merge IR generated profile with Clang generated profile.
        • API String ID: 1801012595-3942102893
        • Opcode ID: a87198f76f89ae145f4d61fd19ec21106bd91d7a5c7853343bf0286357bef463
        • Instruction ID: 078db61738d49590c8f4e019db665a16770f7bff418f04b4318171f15ba27b82
        • Opcode Fuzzy Hash: a87198f76f89ae145f4d61fd19ec21106bd91d7a5c7853343bf0286357bef463
        • Instruction Fuzzy Hash: BF926D32A08AC681EA20EB15EC543EBA360FB85794F804636DADD07799DF7CE585CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB6270 Relevance: 9.1, APIs: 6, Instructions: 65encryptiontimeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Crypt$ContextTime$AcquireCurrentFileInit_thread_headerProcessRandomReleaseSystem
        • String ID:
        • API String ID: 2604069323-0
        • Opcode ID: d59b388c44af764cece726bc5e1a73a31028c2b1c203ece1b764f194ad9e80db
        • Instruction ID: 4bd233ae188933f99caf815030a4f8d51e231ede6bdeb2e35c1388dbab5f9ecc
        • Opcode Fuzzy Hash: d59b388c44af764cece726bc5e1a73a31028c2b1c203ece1b764f194ad9e80db
        • Instruction Fuzzy Hash: 84214F62A0CA4686FB50BB15EC506BBB371FB98B90F901137DA4D47A64DE3CE846CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AFE850 Relevance: 8.9, Strings: 7, Instructions: 197COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: aarc$aarch64_$arm6$arm6$arm64_32$ch64$thum
        • API String ID: 0-1501599320
        • Opcode ID: 15711ea6ecc459a7afd04f65b7ff0539c823105e8c921a081b6fc619ada2f95e
        • Instruction ID: d940d0cba2d8d9ea7162290f47eb107d301950c3b8878a74192abcae2a882631
        • Opcode Fuzzy Hash: 15711ea6ecc459a7afd04f65b7ff0539c823105e8c921a081b6fc619ada2f95e
        • Instruction Fuzzy Hash: 1F81F961608A8151EE74AB15DC50A3BE3F1FB847A4F908333E6AE037D4DE2EE5418F52
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A72A70 Relevance: 6.6, Strings: 5, Instructions: 364COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: ___Z$____$____Z$_block_invoke$invocation function for block in
        • API String ID: 0-2021201366
        • Opcode ID: 45dbda355c18307aa34d754526c07a1e7f918eea2fa5ce68520e14de1e515a72
        • Instruction ID: fef978d0e5eb64915716af0d99230913ea6ddcf5b04a8603879a91b8f80497a8
        • Opcode Fuzzy Hash: 45dbda355c18307aa34d754526c07a1e7f918eea2fa5ce68520e14de1e515a72
        • Instruction Fuzzy Hash: 09E10B21709A8642EA669B11EC90BBFE3B5EB45B90FC44136DB9D07791DF3CE151CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72698F150 Relevance: 6.5, Strings: 5, Instructions: 295COMMON
        Download Yara Rule
        Strings
        • profile-symbol-list-cutoff, xrefs: 00007FF72698F523
        • v, xrefs: 00007FF72698F4EF
        • generate-merged-base-profiles, xrefs: 00007FF72698F561
        • Cutoff value about how many symbols in profile symbol list will be used. This is very useful for performance debugging, xrefs: 00007FF72698F4E3
        • When generating nested context-sensitive profiles, always generate extra base profile for function with all its context profiles merged into it., xrefs: 00007FF72698F545
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: Cutoff value about how many symbols in profile symbol list will be used. This is very useful for performance debugging$When generating nested context-sensitive profiles, always generate extra base profile for function with all its context profiles merged into it.$generate-merged-base-profiles$profile-symbol-list-cutoff$v
        • API String ID: 0-420232138
        • Opcode ID: 99a06e4e1f5c385000b7a71a62f6859cd67511500c09d758769cc1018c07c792
        • Instruction ID: 63d4b56d29d7da209cb732900be39ab67e26a487e9b4aa7f192c7cc1bd2fd459
        • Opcode Fuzzy Hash: 99a06e4e1f5c385000b7a71a62f6859cd67511500c09d758769cc1018c07c792
        • Instruction Fuzzy Hash: BDC1C1A2A09B8185EA50EF11EC443AAB7A4FB84BC4F95543BEE8D03795DF3CD484CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726988DF0 Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 829COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Concurrency::cancel_current_task
        • String ID: ======== Dump profile symbol list ========$unordered_map/set too long
        • API String ID: 118556049-1450276711
        • Opcode ID: 787593f02f81c33c732fad3e2da643243c67e4cd13a4f557002d166c57b6fe35
        • Instruction ID: aa7a5be269ca115b9d2abc1556a7455901bad45188449aa4139e3fff0b742f60
        • Opcode Fuzzy Hash: 787593f02f81c33c732fad3e2da643243c67e4cd13a4f557002d166c57b6fe35
        • Instruction Fuzzy Hash: 5072E862A09B8585EA10EF19EC4437AA7A0FB45B94F84463BDEAD077D5DF3CE481CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72699B7D0 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 537COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header
        • String ID: Could not create remapper: $adcg*704
        • API String ID: 3738618077-1870079897
        • Opcode ID: a3f837424b5f909f2368c711d4bf0ca0d1c8a28d523e483bec383cb6e49b505d
        • Instruction ID: 52e7796ae0fa86b92f931d918953ad1b4c729105deae8aa4030c3fb36eb97d72
        • Opcode Fuzzy Hash: a3f837424b5f909f2368c711d4bf0ca0d1c8a28d523e483bec383cb6e49b505d
        • Instruction Fuzzy Hash: 0C32D462A09BC181EB60EB15EC547FBA364FB54788F818636DA9D07795EF3CD184CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D2BE0 Relevance: 5.5, Strings: 4, Instructions: 464COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: $ $ $
        • API String ID: 0-3535155489
        • Opcode ID: 464e835d217ae0c70a7af64fecf74d3b9bd18d04c5c32d438c166557133b916a
        • Instruction ID: a0adb828421f22bf3cdd32e78acd081eb17cca3002de97292b73b489846e865d
        • Opcode Fuzzy Hash: 464e835d217ae0c70a7af64fecf74d3b9bd18d04c5c32d438c166557133b916a
        • Instruction Fuzzy Hash: 35223132608AC185E660FB15EC987ABA761FB85B80F80843ACBCD47B95CF38D545DB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A7C5F0 Relevance: 5.4, Strings: 3, Instructions: 1685COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: __uuidof$srN$throw
        • API String ID: 0-1997068531
        • Opcode ID: f6c77c071cf532023e716424db44ec6741b06e553c6e4000f68a11fff50193fe
        • Instruction ID: 8a4b6dce84206f19393832b2a8a0f4bcd3dee92eb46abb52a726cdd903e64481
        • Opcode Fuzzy Hash: f6c77c071cf532023e716424db44ec6741b06e553c6e4000f68a11fff50193fe
        • Instruction Fuzzy Hash: 2FE2A262A09B8285FA65AB15EC50ABFE7B0FB45B80F844137DA8E07795DF3CE541CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A33100 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: mach$spir$wasm$xcof
        • API String ID: 0-3906802617
        • Opcode ID: bcb05a51e83e7e5f6836311c2ed59403d66ba185cae96b7b90fe25175dfed985
        • Instruction ID: edbba383c953eaa42262835f0a0adfa0e75731d6b344a39a27a80e730e693abe
        • Opcode Fuzzy Hash: bcb05a51e83e7e5f6836311c2ed59403d66ba185cae96b7b90fe25175dfed985
        • Instruction Fuzzy Hash: C9218AB2B0E0C242EEB092215D38E3FEDF1DB91B10FC04173CA2682CD0EE3C94148662
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269A99B0 Relevance: 4.7, Strings: 3, Instructions: 999COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: <invalid$memprof/memprof_$no entries in callstack map after symbolization
        • API String ID: 0-2626238654
        • Opcode ID: 2bee0b407bab733d7ad16ecc2c707380d6637f8303679381276a91f192d23ea1
        • Instruction ID: 4bd7c2b9e824b71d081014a722bfb0278c297c38f5af4902af02ce39c9a35c07
        • Opcode Fuzzy Hash: 2bee0b407bab733d7ad16ecc2c707380d6637f8303679381276a91f192d23ea1
        • Instruction Fuzzy Hash: DE92C572B19A8286DA60DB15D8407EAB3A1F784BA4F804337DAEE537D4DF38D945CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A7F280 Relevance: 4.0, Strings: 3, Instructions: 228COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: enum$struct$union
        • API String ID: 0-1076304440
        • Opcode ID: d736a2c3cb40734918442d521e2abaab1a2ffc16a84d23fa8e6975c636d7664d
        • Instruction ID: 68bad86140dd62caba233c239988b5f8f2a9da660a03a200910862b17ea226e9
        • Opcode Fuzzy Hash: d736a2c3cb40734918442d521e2abaab1a2ffc16a84d23fa8e6975c636d7664d
        • Instruction Fuzzy Hash: CD91D422B09A8586EA66AB11FD04BBFA3A5EB447D4FC44137DA5E07784DF3CE241CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A8A0A0 Relevance: 3.5, Strings: 2, Instructions: 967COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: 'block-literal'$yptn
        • API String ID: 0-137333645
        • Opcode ID: 8e0ed3df8173837006b289698a9d598bcb13af8fcb31f61c36f6f8999b9cb398
        • Instruction ID: 66b5083f210fd25b6a9136be505bcef245c0cd73b819626afe503505d52b9921
        • Opcode Fuzzy Hash: 8e0ed3df8173837006b289698a9d598bcb13af8fcb31f61c36f6f8999b9cb398
        • Instruction Fuzzy Hash: 8592D522609B8586EB65AB25EC447BBB3B4FB44B90F844136DBAE47795DF3CE140CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269801A0 Relevance: 3.3, Strings: 2, Instructions: 793COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: ($gfffffff
        • API String ID: 0-1609257259
        • Opcode ID: 2ba096716ff6435272d6c1700d891756d0946a70e8546cc4b8c068e648dee93a
        • Instruction ID: dcd699f4868d924c5f6f723a94338481efa6b9c3cbd8400fc155c8db17d79f52
        • Opcode Fuzzy Hash: 2ba096716ff6435272d6c1700d891756d0946a70e8546cc4b8c068e648dee93a
        • Instruction Fuzzy Hash: 7662C1A2B09A8185EA20EF15EC4477AA794EB04FD4F84473BDA9D47785EF7CE181C720
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269A8E60 Relevance: 3.2, Strings: 2, Instructions: 656COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: memprof raw profile got different call stack for same id$memprof raw profile has different segment information
        • API String ID: 0-1590913111
        • Opcode ID: cd7e652b15d96e0e9b6c64d293b2809dabe01dcd26b83ab3967e18d5f220aa8a
        • Instruction ID: 1c4d289457a96f22d8b39b26461fa437126ebade5fe9374b59e41a98ac5d9c2a
        • Opcode Fuzzy Hash: cd7e652b15d96e0e9b6c64d293b2809dabe01dcd26b83ab3967e18d5f220aa8a
        • Instruction Fuzzy Hash: 0852C572B19A8185EA60EB05DC407BBB3A1FB84B94F804237DADE43794DF38E945CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B6380 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$A
        • API String ID: 0-443916768
        • Opcode ID: 605bfbdabc8fd2f64119da3fa837ed95b8f87109047cd7d068eba55872cec97b
        • Instruction ID: 8444541fef7a6dd9134af7848431bbc896bd968c3abae43cd489738176423b83
        • Opcode Fuzzy Hash: 605bfbdabc8fd2f64119da3fa837ed95b8f87109047cd7d068eba55872cec97b
        • Instruction Fuzzy Hash: 5D12CA72608A8682EB24DB15EC506BBE761E745B94FA44037CB9E47B95CF3DF441CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A33F90 Relevance: 2.9, Strings: 2, Instructions: 354COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: -$-
        • API String ID: 0-2078519666
        • Opcode ID: c11ae1e9dabcd5aa3f600dd67870e75794c4a1e426ca4495e9f9d13e8e4d1268
        • Instruction ID: 54e564538ad896b5925cae119eec3d0b8ae88917295d7b88c600eea0aa3a43fa
        • Opcode Fuzzy Hash: c11ae1e9dabcd5aa3f600dd67870e75794c4a1e426ca4495e9f9d13e8e4d1268
        • Instruction Fuzzy Hash: 1512D13260CBC585DAB18B15F8407EBB3A5FB99394F50422ADADD47B99EF7CC0948B10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A81350 Relevance: 2.2, Strings: 1, Instructions: 904COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: std
        • API String ID: 0-2826573480
        • Opcode ID: 21152e131dbf32d28299c000e68e5c3b464c2222493f311a523f90dde1306f8f
        • Instruction ID: 02096353cb8c708d2c7ef78e8d9ef89a6aaceda46028bc8c8beacae472404f48
        • Opcode Fuzzy Hash: 21152e131dbf32d28299c000e68e5c3b464c2222493f311a523f90dde1306f8f
        • Instruction Fuzzy Hash: 8082076261978682EA65AB11EC40BBBF7B4FB44794F944536DB9E07780EF3CE640CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726946080 Relevance: 2.0, APIs: 1, Instructions: 504COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header
        • String ID:
        • API String ID: 3738618077-0
        • Opcode ID: 03cf08a649a94d0f9886583098e5f6737cd512ad112a9e333639cad1b8efdde6
        • Instruction ID: a3c8ff1471ee1009a138683e6315d9a8c521b8b063fb5d8b6175c66d46bfbd14
        • Opcode Fuzzy Hash: 03cf08a649a94d0f9886583098e5f6737cd512ad112a9e333639cad1b8efdde6
        • Instruction Fuzzy Hash: B1229FB2B08B8982DA50EF15F8406EBAB65F7857C4F949037EA8D07B68DE3CD545CB40
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269AAB10 Relevance: 1.9, Strings: 1, Instructions: 612COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: memprof callstack record does not contain id:
        • API String ID: 0-1725947181
        • Opcode ID: c9d340d2d9ec7961826678867e681d6e05cdd4a63d4b92304c6ca8aeaa5e00c7
        • Instruction ID: a14f958e8fc68664b6b02705ab468c9154df03742a0010d83137bf042b670f37
        • Opcode Fuzzy Hash: c9d340d2d9ec7961826678867e681d6e05cdd4a63d4b92304c6ca8aeaa5e00c7
        • Instruction Fuzzy Hash: 08528332719A8586DA609B15E8407BFB3A5FB44794F844237CADD43BD8DF38E945CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B73D0 Relevance: 1.8, APIs: 1, Instructions: 313COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header
        • String ID:
        • API String ID: 3738618077-0
        • Opcode ID: 334087813f4d970d8f24d9379e25f7fe88580ebaa195a24c92d209ba29340a5a
        • Instruction ID: a1010f1f38266285681949c207e890ff665892a0dabd6246150b6d66e869a8bf
        • Opcode Fuzzy Hash: 334087813f4d970d8f24d9379e25f7fe88580ebaa195a24c92d209ba29340a5a
        • Instruction Fuzzy Hash: B6A196A1F8467443DC04DF4A6C525AAE709BB48BD4B48E533EE4C6BB99DD3CDA42C308
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72695C7D0 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: gfffffff
        • API String ID: 0-1523873471
        • Opcode ID: f5e99b6033a4986bd1e5f92f2193611779d36d93b8d4e7ae09860b6ec0320ef3
        • Instruction ID: 1547ce1d896d8257a61d0ad4fe2f4dcea14b120b688a2d93b5d282f204c6d27f
        • Opcode Fuzzy Hash: f5e99b6033a4986bd1e5f92f2193611779d36d93b8d4e7ae09860b6ec0320ef3
        • Instruction Fuzzy Hash: 8B12F362A15A81C2EB14EF19D9443BA7761EB54B94F84873ACBAD077D5EF78E181C300
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A8CFF0 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: typename
        • API String ID: 0-291471645
        • Opcode ID: eb82070c9842f15bfb5189a9d8692f77c33469d3e07c89279ed405845686b4a3
        • Instruction ID: f3cfe43f8a63290a04f211a7b08e7527f06bfa5cc2ba0b449122d42a9381664d
        • Opcode Fuzzy Hash: eb82070c9842f15bfb5189a9d8692f77c33469d3e07c89279ed405845686b4a3
        • Instruction Fuzzy Hash: A8F1E072B05B5582EA65EB05ED44B6AA3B8EF44BC0F848132DA9E077D4EF3CE941C710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726952370 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Concurrency::cancel_current_task
        • String ID: gfffffff
        • API String ID: 118556049-1523873471
        • Opcode ID: 11a289049a9b1fa03782b0b25e810e9f03da382683e64461dd6289c22a8f3cf7
        • Instruction ID: 49e19697b3ef813869071af7d0085cb20cfd96f2428374879ae31a3a2f0484a3
        • Opcode Fuzzy Hash: 11a289049a9b1fa03782b0b25e810e9f03da382683e64461dd6289c22a8f3cf7
        • Instruction Fuzzy Hash: 9C02CF23A06B8581EB00EF15EC847AA7760EB54B94F828736EEAD07394DF38E1C5C710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726951DD0 Relevance: 1.6, Strings: 1, Instructions: 397COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: Multiple errors:
        • API String ID: 0-2037660629
        • Opcode ID: 6e342d4e6981d4f6faedba58b6d95e9e0ad273899bf80be5c83b8cc4f8be74ef
        • Instruction ID: 4b8e343582f1823bc98841059db8a0b68821725402522528475a3e4ab3637fc4
        • Opcode Fuzzy Hash: 6e342d4e6981d4f6faedba58b6d95e9e0ad273899bf80be5c83b8cc4f8be74ef
        • Instruction Fuzzy Hash: 07E1E152F19A8582EA149B25DD403BAA350FB55BB4F918337DEBE033D5DF38E192C610
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AAE4F0 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: .opd
        • API String ID: 0-1203918779
        • Opcode ID: cc39d18105e2bbe762ff0942c249f4587c9c6520ce3a040ea2b5fea004ab94f0
        • Instruction ID: 91e6172081c0dec7a4904a0665c961101574faef575102455a5704aaa9f77c01
        • Opcode Fuzzy Hash: cc39d18105e2bbe762ff0942c249f4587c9c6520ce3a040ea2b5fea004ab94f0
        • Instruction Fuzzy Hash: 27E19022609BC481DA60AF15E8407AAB7B0FB89B94F858533DFCD07759DF38D884CB90
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B5DC0 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
        • API String ID: 0-442858466
        • Opcode ID: 86f213a1873ede3e55da46e4b8fff523c902963a88d54741d7358d946062d1e7
        • Instruction ID: 903f2238e31bb17e81f383fe789a0971fd2f44fdb5858f503d13f84018b4e38a
        • Opcode Fuzzy Hash: 86f213a1873ede3e55da46e4b8fff523c902963a88d54741d7358d946062d1e7
        • Instruction Fuzzy Hash: 6CB1E072B15A4682EA28FF16EC5077AF750EB95B90F94813ACA9E477D0DE3CE440CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D8FC0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: InfoSystem
        • String ID:
        • API String ID: 31276548-0
        • Opcode ID: 7543c4f9afe357dad474a1012b02c03aa86c451865f4bbeb709eb75fe58fdbb6
        • Instruction ID: 12492db9e76c4c2af9fbb827904f21618df9cfdb0f4e41d2775dd4e43cec4edb
        • Opcode Fuzzy Hash: 7543c4f9afe357dad474a1012b02c03aa86c451865f4bbeb709eb75fe58fdbb6
        • Instruction Fuzzy Hash: F2D0EC22A0895482EA10AB54FC610ABB3A0EF98BA0F810432E98D07724CD6CE4C28F40
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269C97B0 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: Allocation failed
        • API String ID: 0-2506524949
        • Opcode ID: 95c03cd85836b003fa09de8b9719cbed3c513db497dc8402fba6340980d61ed7
        • Instruction ID: d28dbeeda026e9082e71251c2d149f8f0ad825cf7d911549f49e754200aedb43
        • Opcode Fuzzy Hash: 95c03cd85836b003fa09de8b9719cbed3c513db497dc8402fba6340980d61ed7
        • Instruction Fuzzy Hash: 2E41ED23B0491246E664AB26AD00E6AA754FB5CBB4F945336CE7D03BD0DE39E847CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726982E70 Relevance: .9, Instructions: 884COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 1e0da624eb01d14e2b1b1c0a228d3c4725499db89182e5ad570340462a994d32
        • Instruction ID: 3eb46e52d80f15fbb587b8dd1b39131a097d03be5c09be3397665dcb06f311d6
        • Opcode Fuzzy Hash: 1e0da624eb01d14e2b1b1c0a228d3c4725499db89182e5ad570340462a994d32
        • Instruction Fuzzy Hash: DB72C392B0DA9181EE10AA56DC0427BE351FB45FD4F84463BEE9D47BD9DE3CE4818B20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B4800 Relevance: .8, Instructions: 832COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 675b8680e6656d8ee6438ff21b3e4f3138a595bedcf9691fee8585f7940a7f09
        • Instruction ID: 39f0169555bb5c384b95c429459d022e4781d6c3c7d01b45ba4db81ac9810464
        • Opcode Fuzzy Hash: 675b8680e6656d8ee6438ff21b3e4f3138a595bedcf9691fee8585f7940a7f09
        • Instruction Fuzzy Hash: 4E720772A1864587EB20DF259C0477EB750FBA6BA4F848336DAAA437D4DF38B554CB00
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269C8970 Relevance: .7, Instructions: 676COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ffc151aa177f04060d9889f6a7f8c63f99dbde3931970ce43604e2d5efc10e56
        • Instruction ID: 00ed80a2d26b0b4e10caa199d5f028157239011bfef54eb93b53d4d7538d7da6
        • Opcode Fuzzy Hash: ffc151aa177f04060d9889f6a7f8c63f99dbde3931970ce43604e2d5efc10e56
        • Instruction Fuzzy Hash: BB227FFBE345A14BE3158F5AA541F1B7E61B39078CF91B018EF4767F14E239DA128A40
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269CCC00 Relevance: .4, Instructions: 393COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3c92051d8efbc830cc971e50e4469bb014b225a5e51364dcff7adddc370abd1e
        • Instruction ID: 894515a3df68c03c501e1ae4b7c40b2d22e9ad585a649cf4d09ca327e6c68c16
        • Opcode Fuzzy Hash: 3c92051d8efbc830cc971e50e4469bb014b225a5e51364dcff7adddc370abd1e
        • Instruction Fuzzy Hash: 0FE1D722B09A41C6EA64AB29DC107BAA7A0FB48B94F844137DF5E477D0DF28E855CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D39C0 Relevance: .4, Instructions: 391COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: b810894f52c704ec0206ff0c2e1c132b2c91daee66a5ad61f773813027abc13f
        • Instruction ID: bbd23cddbf3f203de69514724218cf85bdb941a5213d47c33decb4f313cfd819
        • Opcode Fuzzy Hash: b810894f52c704ec0206ff0c2e1c132b2c91daee66a5ad61f773813027abc13f
        • Instruction Fuzzy Hash: A0021B1690C68240FB6B761D8D4C37BD6A0CF13746F54923ADE9E062E6CF6DE582DA20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A58920 Relevance: .4, Instructions: 375COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9476ca31d4c64a60032575a734e89988b5a046f44a780e7704671abc60e09880
        • Instruction ID: 6c142fef112a74b796da1f8508a8b852e7fafe8e7edf9776677f7f380856ecc9
        • Opcode Fuzzy Hash: 9476ca31d4c64a60032575a734e89988b5a046f44a780e7704671abc60e09880
        • Instruction Fuzzy Hash: D0E12552E18BD543EA21CF25AD01ABEE770FB64788F859232DF8D06646EB38E5D1C710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A8C220 Relevance: .4, Instructions: 361COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f46ca6749c12a0c41490ac274863164ca634cfbc38545922de95e611efb9f6cc
        • Instruction ID: 08d2e44e437b0d6a43ebbc5580a1fe5f35d8dd64974761e543e854166dae83e0
        • Opcode Fuzzy Hash: f46ca6749c12a0c41490ac274863164ca634cfbc38545922de95e611efb9f6cc
        • Instruction Fuzzy Hash: 4CE1C762709B8182EA65AB11EC44BBBB765EB44BD4F844136DAAE477C4DF3CE141CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AC3900 Relevance: .3, Instructions: 327COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9664eb91f307d17994120c2d1e8fbbaa7f24b53e34d4d8c107dccad92a630922
        • Instruction ID: ffad166ff0cc657ec3c524088de9c69b2ea178ca6ad249e063124627cd32680d
        • Opcode Fuzzy Hash: 9664eb91f307d17994120c2d1e8fbbaa7f24b53e34d4d8c107dccad92a630922
        • Instruction Fuzzy Hash: 9DE15E32618BC586DA109B69F85035BF7A1F7893A0F644225EBDD42BA9DF7DD085CF00
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A86C00 Relevance: .3, Instructions: 327COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 80c9026033579c71356e97d148df86091492a70cc5cff011c444caae31909f9d
        • Instruction ID: 494f4b49216073a50b9d0bf37c37eb04789b3b8befe5f5c65d14c0f8e1273fec
        • Opcode Fuzzy Hash: 80c9026033579c71356e97d148df86091492a70cc5cff011c444caae31909f9d
        • Instruction Fuzzy Hash: D9C1C162B09A8586EA65AB15EC40BBFA7B0EB44B90F944136DB9E47780DF3CF541CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72697A160 Relevance: .3, Instructions: 326COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ba4dcb14cb72e79e87d75f142db56227227937370e510a2daa79fde086ce49b9
        • Instruction ID: c6ca8104f111536f1764eac1810bd09cecef089b742e06e8ecbedd198f365eb6
        • Opcode Fuzzy Hash: ba4dcb14cb72e79e87d75f142db56227227937370e510a2daa79fde086ce49b9
        • Instruction Fuzzy Hash: 45C1E962B18A4581DA11EB25EC407BBA350FB857A4F908636EEAE437D4DF3CE585CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72695DBD0 Relevance: .3, Instructions: 325COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c2d837cd9b2f7693ff70d31723e61888ac8b041e4c380ce9377465b6475309b7
        • Instruction ID: cc8077b6ed47fe279d66688a5a46a2e9ec4cf2f2c0db28da972d7ac4969bb8cd
        • Opcode Fuzzy Hash: c2d837cd9b2f7693ff70d31723e61888ac8b041e4c380ce9377465b6475309b7
        • Instruction Fuzzy Hash: CBC1C162B14B9982EA10DF1AEC045AEA761F714BD4F808236DFAE573C5CF78E485C714
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB0D10 Relevance: .3, Instructions: 325COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 84dc72dcd8f8fae9b39c82c8372a211413c53e15efa4931ae2c391d8d8966537
        • Instruction ID: e57ae310d264bc87a9aea39f828d35348795663dc2ffba2c95d04bd068c8f623
        • Opcode Fuzzy Hash: 84dc72dcd8f8fae9b39c82c8372a211413c53e15efa4931ae2c391d8d8966537
        • Instruction Fuzzy Hash: 52D1C453E08B8482E611CB29D9015BDA360FB69BA4F859722DFAD137D2EF38E1D5C710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269BAFE0 Relevance: .3, Instructions: 322COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c0ae1e7852ba62ab7fb5aa06299014776c5ec824b2e379af178ff0e86128ad20
        • Instruction ID: 465cfc664c35d88e6923a2f362f513c2a86d3120c45febcbc80ebb5aaffb844c
        • Opcode Fuzzy Hash: c0ae1e7852ba62ab7fb5aa06299014776c5ec824b2e379af178ff0e86128ad20
        • Instruction Fuzzy Hash: 0FE12B32609AC181EA70EB11EC587EFA365FB84B94F84413ACA8D47B99DF7CD085CB54
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72695D040 Relevance: .3, Instructions: 315COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ee7feada95fd6af65e3a6cfbdace2017854c01b946ab04ed7469ef6975cb506b
        • Instruction ID: 9edaaf0eddca1c3e5cb8613a0c1d6e9c94243c2abf4795474fe8e12c3914c1fb
        • Opcode Fuzzy Hash: ee7feada95fd6af65e3a6cfbdace2017854c01b946ab04ed7469ef6975cb506b
        • Instruction Fuzzy Hash: 74D1D222A18A8582EA109F19DD045FEA360F759B98F859236DFDD132D5EF38F1CAC710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72695E620 Relevance: .3, Instructions: 300COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d219ab1346ad103a72136c0eb7527b20254134baae9c9dbc8ed693a69303b300
        • Instruction ID: 9e204a3bad99ada3c44165672fd68cfa568c68416033368c49781a88f45b66f7
        • Opcode Fuzzy Hash: d219ab1346ad103a72136c0eb7527b20254134baae9c9dbc8ed693a69303b300
        • Instruction Fuzzy Hash: 6EB1C162B18B8982FA10DF16AC415BAA354E714BE4F858637DFEE17385DE3EE041C790
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A95AF0 Relevance: .3, Instructions: 299COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7be5e0fb955e2cb9c7a6b1c02c123d433ce6c80f5f7aac7308550de260ab904c
        • Instruction ID: dc6fe89596c20408c10f1de9f5584b1b252ac9b0d843092fa7de7ca50152a5ac
        • Opcode Fuzzy Hash: 7be5e0fb955e2cb9c7a6b1c02c123d433ce6c80f5f7aac7308550de260ab904c
        • Instruction Fuzzy Hash: 72D1C472608A848AD725EF15EC406AAB770F785784F940136EB9E47B98EF3DE640CF00
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D4010 Relevance: .3, Instructions: 291COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 255c0740533a1b290c99347d006bb036fb270b18ebbbc5cd7f23ddee4428aea7
        • Instruction ID: 07c2ab35f9d6c6b731bb1d219d3e50faf62b1f5f6ebdd8dca51f6c0b7db56549
        • Opcode Fuzzy Hash: 255c0740533a1b290c99347d006bb036fb270b18ebbbc5cd7f23ddee4428aea7
        • Instruction Fuzzy Hash: 77D1B921A0C38244F76F7A599D1C7BA9D90CF63B84F44423ACB990B7E6CF6DA185C760
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A911E0 Relevance: .3, Instructions: 289COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a09343d637f6ef2daf343fcc53563eb6a6c199aa7766768f12700adf6ba88744
        • Instruction ID: 5b01f6840e0e98c9a1d1573a491ce90ff3dadb3ba0e1911daecd6bf89106642c
        • Opcode Fuzzy Hash: a09343d637f6ef2daf343fcc53563eb6a6c199aa7766768f12700adf6ba88744
        • Instruction Fuzzy Hash: 28C14D62B0A68142EA65A715AD00BBFE7B5EB457D0FD40136DA9E077C1EF3CEA41CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AAEE30 Relevance: .3, Instructions: 272COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: e6c24745f5d7c445cd93b2becb872d1e32f5011120fd4cca9a71bd227e031d94
        • Instruction ID: a218fbfc94331091c086aadbba1276f8106aeb8e0e912529bde51b37adae2efa
        • Opcode Fuzzy Hash: e6c24745f5d7c445cd93b2becb872d1e32f5011120fd4cca9a71bd227e031d94
        • Instruction Fuzzy Hash: 75B1C432A09A8585EA24AF19ED003BAB3B0FB54798F844233DE8D17795DF3CE585CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D6180 Relevance: .3, Instructions: 268COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 65fd9828a93059340d5fe71b4d20544b554ed8b68ff946b2002e0e52e819bf4d
        • Instruction ID: 7f88d3a39b155bcb765447d99f6be851a053b1b5117f319947569a517ddaa09a
        • Opcode Fuzzy Hash: 65fd9828a93059340d5fe71b4d20544b554ed8b68ff946b2002e0e52e819bf4d
        • Instruction Fuzzy Hash: 93D1153260CAC291EA70AB11E8547EBE3A4FB85784F94413ADBCD07A59DF7CD089DB14
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A8FB80 Relevance: .3, Instructions: 267COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2fbe25fff2abbc05a8932db65442528b7810d8f8d8409e67079d5a1b4923a597
        • Instruction ID: 655d55492fd1818b929d3fae164fc0127a0debe3519e2e557e5464791c8186d6
        • Opcode Fuzzy Hash: 2fbe25fff2abbc05a8932db65442528b7810d8f8d8409e67079d5a1b4923a597
        • Instruction Fuzzy Hash: 85B1D622A09B8342EF65AB11AC40BBBE2A5EF45BD0F944136DA9D077C5DF3CE541CB20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A85170 Relevance: .3, Instructions: 254COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9b34f743769e33bd8170930bb992328d68c955085acb8441ff049ed66d6f230f
        • Instruction ID: 22921c30b6965509b5ecc712a0e72ddf4172a7e7f4f76ee1d8a03b24615a0508
        • Opcode Fuzzy Hash: 9b34f743769e33bd8170930bb992328d68c955085acb8441ff049ed66d6f230f
        • Instruction Fuzzy Hash: 72A1FB22A0978586EBA5AF15AC407BFE7A1EB84B94F840136DE9E07784DF3CE551CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726962E60 Relevance: .3, Instructions: 252COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 658f60de41e95a11fed2580dcc01c5b4c92e7e72d0af88d8f40c57abb6a52829
        • Instruction ID: c3dc75ae25b513cf34caf98142fbf4c0c97e1ccf3f04af9c227fab6d5016f4b3
        • Opcode Fuzzy Hash: 658f60de41e95a11fed2580dcc01c5b4c92e7e72d0af88d8f40c57abb6a52829
        • Instruction Fuzzy Hash: C6A1C022A15F8585EA52EB39DC5163BB364FF567C4F42D32BEE5E22650DF38E4828700
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B3D80 Relevance: .2, Instructions: 231COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: f5442804429211f87c1d5e8effadf212f6e549938ea8e78cd908e63f315c3d1f
        • Instruction ID: 65e14bbe771d792c9e56786c1fdc3a3924aaa87cd78e0d2fd2b787f9cac2fe60
        • Opcode Fuzzy Hash: f5442804429211f87c1d5e8effadf212f6e549938ea8e78cd908e63f315c3d1f
        • Instruction Fuzzy Hash: 6E71FB62B1464643EB54EE16AC1427FF652EB95BD0F88823BDE9E477C4DE3CE8019B10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269628D0 Relevance: .2, Instructions: 207COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 01abe0dd8cf27e65e8f0201d6e002b961e78fcb80ced531ce4ae69ce846ad42f
        • Instruction ID: e3186f8fd1eb9147f83ed9f2b5cd2941a19ec942171d78911abad0405909736e
        • Opcode Fuzzy Hash: 01abe0dd8cf27e65e8f0201d6e002b961e78fcb80ced531ce4ae69ce846ad42f
        • Instruction Fuzzy Hash: 16812953E29B8141DA129B399C511BAA360FFD6BD4F50973BDE9E23391EF38E581C600
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726985D30 Relevance: .2, Instructions: 207COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 8db798f9dba8ee9a919ba30d2de066c09c01fe636c87599217614e0428a0ceb8
        • Instruction ID: 5817d57bbd4eb080b2770175d343722ff0a33f22026160ce0a2043cf2e3e87ea
        • Opcode Fuzzy Hash: 8db798f9dba8ee9a919ba30d2de066c09c01fe636c87599217614e0428a0ceb8
        • Instruction Fuzzy Hash: D871D0F1A1964692EA60AE059D042BAE753EB55FC4FC4423ADF9E07781DE3CF905CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72697CBB0 Relevance: .2, Instructions: 207COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7ae32ec992b0a09d619c8bc15b7c50a4406576796c83bcbd8fd86b045e3239df
        • Instruction ID: bb31e28f6221f2ac831f3145790e33d4cc49269abed2a37b4d515eabe04d4b06
        • Opcode Fuzzy Hash: 7ae32ec992b0a09d619c8bc15b7c50a4406576796c83bcbd8fd86b045e3239df
        • Instruction Fuzzy Hash: C881D1A2714A05CAFE61AB16DC0476BAB64FB49BD4F84813BEE8D0B794DE3CD541CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72697CEF0 Relevance: .2, Instructions: 193COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 90a5bd18fe944d145f98409c7674ddd1fd33efb3f9b91061aee746c814359086
        • Instruction ID: 3763f70e38cc608ea2961c44fe5e2ab764f53f92a65b335ab0a03823d59889af
        • Opcode Fuzzy Hash: 90a5bd18fe944d145f98409c7674ddd1fd33efb3f9b91061aee746c814359086
        • Instruction Fuzzy Hash: 4771AF6272865186EA25AB16DC0436BAB90FB4ABC4F80913BEEDD47785DF3DD101CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72697C8F0 Relevance: .2, Instructions: 182COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c190279b81858a2543755868a29043998ef9ec335caa70a2f0a246358776d3f0
        • Instruction ID: aff953285b7b903a9fa02a7025081ff256c16d6723550b9abe8940ea37e72d0c
        • Opcode Fuzzy Hash: c190279b81858a2543755868a29043998ef9ec335caa70a2f0a246358776d3f0
        • Instruction Fuzzy Hash: D661A372718B45C6EA55AB26DC003AAA7A1FB49BD4F80513BEE8D07B44DF3CE151CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72697D550 Relevance: .2, Instructions: 178COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d4a13eb7cbaaa7fd6bfbc693e01c93c03547ade0e4bd78759ce0543d67fc80d1
        • Instruction ID: ac9c70a4fc80336381fff01a15be672dac0a33747f396ab664773428e550df32
        • Opcode Fuzzy Hash: d4a13eb7cbaaa7fd6bfbc693e01c93c03547ade0e4bd78759ce0543d67fc80d1
        • Instruction Fuzzy Hash: BA61D8A2708A8581EA51EF19DC403BBB790FB84B94F849236DE9E537D4DF38D949CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726963E40 Relevance: .2, Instructions: 174COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 42c811b6780832f41fbaa7d1d8f98580e0492c7377d6a479e891913604b807e3
        • Instruction ID: 563256760621458e090019cd470dcf8b308c5b5feccdd9889c54c0d9c54516eb
        • Opcode Fuzzy Hash: 42c811b6780832f41fbaa7d1d8f98580e0492c7377d6a479e891913604b807e3
        • Instruction Fuzzy Hash: 42513863B1574147EB259A329D0022AAAA1FF95BD0F48D339DF6B53B81EF3CE0558710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726946990 Relevance: .2, Instructions: 166COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 56356264ff5d9f786e01c6ad7269cc06c844ccad726b2286a67cceaecda63175
        • Instruction ID: 392f49b28a9736c970daeeca825553e3a84562ef96d9f5b12918deb1774c17a0
        • Opcode Fuzzy Hash: 56356264ff5d9f786e01c6ad7269cc06c844ccad726b2286a67cceaecda63175
        • Instruction Fuzzy Hash: D8516AE2B45A6843ED08DB5A6C228BADB56E3D8FC0785E037EE4E57394DD3CD645C200
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269AEFD0 Relevance: .2, Instructions: 165COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 4f833a07b69cc64efa917a4b762666a10a94aac88684601427120dfb977dbb90
        • Instruction ID: ed4a2e590443be65766523c2c471dbad31fae710984ef081bcee7f7066f65511
        • Opcode Fuzzy Hash: 4f833a07b69cc64efa917a4b762666a10a94aac88684601427120dfb977dbb90
        • Instruction Fuzzy Hash: 665114A3B15A4182EA459F25DC003B9A690E744BB4F80933BCEBE173D8EF78D991C710
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726964A60 Relevance: .2, Instructions: 158COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3890630d99347d38a884470a7af5bfa8cb0aab664709641698bdcf190af8bf70
        • Instruction ID: 402acaeb673c1fa63660404f2f562b861a263e5abd62d3548f8475b3a87a1b26
        • Opcode Fuzzy Hash: 3890630d99347d38a884470a7af5bfa8cb0aab664709641698bdcf190af8bf70
        • Instruction Fuzzy Hash: DA517B73E2E76146DA229B71ED10AA9A610EF13FC4B95C336DE5D23AC5DF30D4928704
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A72650 Relevance: .2, Instructions: 154COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5062850c9fc2ca1f92da2fc79e9f8a5b03707a4e8660c7f7bcd0698a380a4f33
        • Instruction ID: 007d706f7f1f6d2275ec52b2a80a918ddf7278d081006fad33b06af7e2f3f050
        • Opcode Fuzzy Hash: 5062850c9fc2ca1f92da2fc79e9f8a5b03707a4e8660c7f7bcd0698a380a4f33
        • Instruction Fuzzy Hash: 21510822B0C6C542FA669B24EC40BAFA7A1EB44794F845236DEAD437C8DF2DE541CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726946EB0 Relevance: .2, Instructions: 151COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 08437b7bba205a07da11589563883baa253979146a0f540571b7698a3dc96eec
        • Instruction ID: 92ee2602658998da266a299766b90a532cd34980f132810e32a2d1243d495645
        • Opcode Fuzzy Hash: 08437b7bba205a07da11589563883baa253979146a0f540571b7698a3dc96eec
        • Instruction Fuzzy Hash: EA414862F41A2587DA24EF16BC12BABE764F754BC8F885022EF8D4BB51DE3CE541C604
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269CD570 Relevance: .1, Instructions: 130COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3adedc40d8be8c01d2473806a1f0789a3003cf65887a970c9d60731358c20fe6
        • Instruction ID: 2fb9d1f5e0ff8304c133473415f20b420a16ca005194480f50466764c3e0258d
        • Opcode Fuzzy Hash: 3adedc40d8be8c01d2473806a1f0789a3003cf65887a970c9d60731358c20fe6
        • Instruction Fuzzy Hash: A84101A2B16A8583FE49DE1A9D143797651E7487B4F84873ACE7E033C0DE3CE895CA10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726963A10 Relevance: .1, Instructions: 119COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 88149ea2517c0ffc31827766d4ca7d4b89d2f7af9dcf1f4b4e6cb9b3ae329e76
        • Instruction ID: 3e1e8916a7389ebd5b4141d7292b7e75a0d11347105d4dc42391d1c827ea15a6
        • Opcode Fuzzy Hash: 88149ea2517c0ffc31827766d4ca7d4b89d2f7af9dcf1f4b4e6cb9b3ae329e76
        • Instruction Fuzzy Hash: 4C413752B18B4541FE10AA2A9C112BBF291DF55BF0F54A33EDEBD07BC1EE3DA4419A10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B6200 Relevance: .1, Instructions: 109COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 41c1c4fa0aca6c16a172649c6f70414ea8877c7622f33cddfb8076576715455a
        • Instruction ID: 4b4b3127484002d6f39553719816f70cbee42cd7060ab3ced22ac6b7b8de4fb6
        • Opcode Fuzzy Hash: 41c1c4fa0aca6c16a172649c6f70414ea8877c7622f33cddfb8076576715455a
        • Instruction Fuzzy Hash: 7041C4F3F19A4643EA58DA50DC109796722FB92BF0BE0E33ACA6A077C4DF2C74418610
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269470D0 Relevance: .1, Instructions: 95COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 645f91ae4e229d71b80288715c2ea3a9f5e2166dfefa8600bc7b9c4c9a15cc1e
        • Instruction ID: 319b6f7a9d1cea77b5ff9e2c44a3a707988de08464f5a6db42206f02d192542d
        • Opcode Fuzzy Hash: 645f91ae4e229d71b80288715c2ea3a9f5e2166dfefa8600bc7b9c4c9a15cc1e
        • Instruction Fuzzy Hash: 5D2107D274521943AD08AFA76E618BBC255BB98BC0745B033DE4D5FF94DD3CE151C200
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269B1A20 Relevance: .1, Instructions: 84COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3024f791a60bcf654e32cbf337686ee0e594fbc30427d05e970742da49c9df52
        • Instruction ID: aa05e3ff0cadaf9da142e36df27fb32020a2c9015ecb0806638389e23a0450f0
        • Opcode Fuzzy Hash: 3024f791a60bcf654e32cbf337686ee0e594fbc30427d05e970742da49c9df52
        • Instruction Fuzzy Hash: 9E2149A3B1586903FA28DE026D51936E641EB84FF0B98913ACD5E17BD0ED38A841CD10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D8B50 Relevance: 24.2, APIs: 16, Instructions: 157fileCOMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: ErrorFileLast$HandleView$CloseCurrentInit_thread_headerProcessUnmap$CreateDuplicateMappingQueryVirtual
        • String ID:
        • API String ID: 1008269210-0
        • Opcode ID: 51fb7619efac73553371b278ba13fa55993630ccd7263edf129eab70f8755630
        • Instruction ID: 16872141a1751f759a63aec14670c95c4ce9d148a219b1cdacebebea0fdb2223
        • Opcode Fuzzy Hash: 51fb7619efac73553371b278ba13fa55993630ccd7263edf129eab70f8755630
        • Instruction Fuzzy Hash: 38615E21A09A0696EF10BB61EC5467BA3A0FB44B90FD0453BDA5E437A1DF3CE945CB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABA340 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 294threadCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 1792 7ff726aba340-7ff726aba426 call 7ff726cadda0 1795 7ff726aba428-7ff726aba42c 1792->1795 1796 7ff726aba42e-7ff726aba44f RtlCaptureContext 1792->1796 1797 7ff726aba452-7ff726aba4ec GetCurrentThread GetCurrentProcess 1795->1797 1796->1797 1798 7ff726aba4f2-7ff726aba556 call 7ff726cadd80 * 2 1797->1798 1799 7ff726aba5fd-7ff726aba628 call 7ff726cac390 1797->1799 1808 7ff726aba560-7ff726aba5a5 1798->1808 1810 7ff726aba5d4-7ff726aba5fb call 7ff726ab8c70 1808->1810 1811 7ff726aba5a7-7ff726aba5b0 1808->1811 1810->1799 1816 7ff726aba629-7ff726aba63d 1810->1816 1811->1810 1812 7ff726aba5b2-7ff726aba5cc 1811->1812 1812->1808 1814 7ff726aba5ce 1812->1814 1814->1810 1817 7ff726aba64a-7ff726aba694 1816->1817 1817->1799 1819 7ff726aba69a-7ff726aba6a3 1817->1819 1819->1799 1820 7ff726aba6a9-7ff726aba6f1 call 7ff7269cf4c0 1819->1820 1824 7ff726aba7a0-7ff726aba7af 1820->1824 1825 7ff726aba6f7-7ff726aba733 call 7ff726cadda0 1820->1825 1826 7ff726aba7b1-7ff726aba7c6 call 7ff7269cff40 1824->1826 1827 7ff726aba7f8-7ff726aba80f 1824->1827 1834 7ff726aba7d0-7ff726aba7df 1825->1834 1835 7ff726aba739-7ff726aba790 call 7ff7269cf4c0 1825->1835 1826->1817 1827->1817 1837 7ff726aba7e1-7ff726aba7f6 call 7ff7269cff40 1834->1837 1838 7ff726aba814-7ff726aba82b 1834->1838 1841 7ff726aba830-7ff726aba871 1835->1841 1837->1841 1838->1841 1844 7ff726aba947-7ff726aba94f 1841->1844 1845 7ff726aba877-7ff726aba900 call 7ff7269cf4c0 1841->1845 1847 7ff726aba640-7ff726aba645 call 7ff7269cfea0 1844->1847 1848 7ff726aba955-7ff726aba960 1844->1848 1845->1844 1852 7ff726aba902-7ff726aba942 call 7ff7269cf4c0 1845->1852 1847->1817 1848->1817 1852->1844
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Current$CaptureContextProcessThread
        • String ID: $ <unknown module>$($, %s() + 0x%llX byte(s)$, %s(0x%016llX) + 0x%llX byte(s)$, %s, line %lu + 0x%lX byte(s)$, <unknown module>$0x%016llX
        • API String ID: 2575623420-2378759734
        • Opcode ID: 9bc3b0c22a99c9d9eff0e964a6668da6a5293d3ec7c5b5305d712701bc36a914
        • Instruction ID: a684579c0dd2b340e0a12a5a37d03c689cfc3f3d803fdc9763df0f23cabeb7f7
        • Opcode Fuzzy Hash: 9bc3b0c22a99c9d9eff0e964a6668da6a5293d3ec7c5b5305d712701bc36a914
        • Instruction Fuzzy Hash: EFE14C62A1CBC585EA61AF15EC007ABA3A0FBD9780F804236DACE46B95DF3CD145CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABABA0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 9COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 2611 7ff726ababa0-7ff726ababab 2612 7ff726ababc1-7ff726ababc3 2611->2612 2613 7ff726ababad-7ff726ababba InitializeCriticalSection 2611->2613 2613->2612
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: CriticalInitializeSection
        • String ID: .%%%%%%.dmp$=$=$Could not write crash dump file: $CustomDumpFlags$DumpType$Exception Code: 0x%08X$SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps$Wrote crash dump file "$p file "
        • API String ID: 32694325-3937492824
        • Opcode ID: 52a00c60c8e276db3e2a911259c251c1aa7f17fb5fa7cd2569d02b0f7624b746
        • Instruction ID: 4be25918fd47df617fe9c0761e79a9f9b9e181774326b1308481005a9feca761
        • Opcode Fuzzy Hash: 52a00c60c8e276db3e2a911259c251c1aa7f17fb5fa7cd2569d02b0f7624b746
        • Instruction Fuzzy Hash: 11D0A921C0CA8E84FF02B320ACD07B6D6A0CB39300FE00033D10F082A2DE1D65D48F62
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AC2030 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 327fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: CurrentProcess$CreateDuplicateFileHandle
        • String ID: NUL$ile for $input$output
        • API String ID: 627569853-3189213456
        • Opcode ID: c064e05e91c5e35c62888da31757dfe013a9d564793eeb3e802817bdab640d52
        • Instruction ID: b343689eb07991b72e3c39513701c8382b56369e56c9fa8009b97970d48e7b57
        • Opcode Fuzzy Hash: c064e05e91c5e35c62888da31757dfe013a9d564793eeb3e802817bdab640d52
        • Instruction Fuzzy Hash: 02F19372608AC181EB20EB15EC447AFA761FB85BA4F804636DAAD07BD5DF7CD184CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D7740 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 199COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: CurrentDirectoryErrorInit_thread_headerLast
        • String ID: //?/$UNC\$\\?\$\\?\
        • API String ID: 3955425628-3199060882
        • Opcode ID: ae59c6ec1b98319f96cc2b0b4db4ad16b31cfa1499534cc9d767164fe07ac8ef
        • Instruction ID: ee257def082af57697fe6ffdc00ae2209973479eb96d95a620c833b197823438
        • Opcode Fuzzy Hash: ae59c6ec1b98319f96cc2b0b4db4ad16b31cfa1499534cc9d767164fe07ac8ef
        • Instruction Fuzzy Hash: 24917322A0CA8281EA60BB11EC583BBE761EB85794F804537DBCE07A95CF7DD585CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726ABCAF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header$CriticalEnterSection
        • String ID: >$Display statistics as json data$Enable statistics output from program (available with Asserts)$stats$stats-json
        • API String ID: 640747144-2065831512
        • Opcode ID: df629f1e5dcb8515119b94026f9390af8feeed83411a3016fadc307583017d19
        • Instruction ID: ab9c55839e419eae9d4337721b2da296a2e75834c500c2b4ea26815dbb7deeaf
        • Opcode Fuzzy Hash: df629f1e5dcb8515119b94026f9390af8feeed83411a3016fadc307583017d19
        • Instruction Fuzzy Hash: 6141E531919A4AD5EA41EB14EC906ABB3B0FB94350FD00133E64E426A5DF3CE989CF21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D50C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 189COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID: \\.\
        • API String ID: 0-2900601889
        • Opcode ID: c2caaacee5c02b0cf18657034be1123e210c6481ab94a277a1d38b1f294ab22a
        • Instruction ID: 6df66d5763b3e84b6e182b450ca0728378500c315c82225d6beae69869671899
        • Opcode Fuzzy Hash: c2caaacee5c02b0cf18657034be1123e210c6481ab94a277a1d38b1f294ab22a
        • Instruction Fuzzy Hash: D3919132A08BC685EB60AB15EC583BBB364FB85754F90423ADADD43695DF7CE085CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D5960 Relevance: 9.2, APIs: 6, Instructions: 247COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header
        • String ID:
        • API String ID: 3738618077-0
        • Opcode ID: 7640adcdbde831af2c48903be685c90c9770137b8e460e216112116f9ea7a61f
        • Instruction ID: f52f61f193f33946bc5f76d8cc3a253721f91140b5649a215cf159d1975f2e51
        • Opcode Fuzzy Hash: 7640adcdbde831af2c48903be685c90c9770137b8e460e216112116f9ea7a61f
        • Instruction Fuzzy Hash: D7D14931A0C64685EA21FB24EC842BBA360FB94794FD04137DB8D476A5DE3CE984CF61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB67F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header
        • String ID: ;$Comma separated list of debug counter skip and count$Print out debug counter info after all counters accumulated$print-debug-counter
        • API String ID: 3738618077-2671949431
        • Opcode ID: 7eafd3ac2c10f579ea0d60ae920bd44b0ee471b0f619cca9b15a1a950036cfe4
        • Instruction ID: b161b85bf9ea9c4e0fe7c555ba580a269a0b07d177167be6ac2c9f96eeb4f899
        • Opcode Fuzzy Hash: 7eafd3ac2c10f579ea0d60ae920bd44b0ee471b0f619cca9b15a1a950036cfe4
        • Instruction Fuzzy Hash: A0413B32918B8685EA00EB14FC403ABB7B4FB98344F900237E68C466A4DF7DE556CF21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB6510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57libraryloaderCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: AddressHandleInit_thread_headerModuleProc
        • String ID: RtlGetVersion$ntdll.dll
        • API String ID: 220378049-1489217083
        • Opcode ID: 01395aa5fb9e00bde2f525c47c134d6d5ad053b0a12298080d0673a6a29a3254
        • Instruction ID: 6a87f21eb384720790254f3742ed6b8396b2efa14c791b2f56a741d24813b3f0
        • Opcode Fuzzy Hash: 01395aa5fb9e00bde2f525c47c134d6d5ad053b0a12298080d0673a6a29a3254
        • Instruction Fuzzy Hash: 2421B272E0890B81FF20B724EC514B7A261EF98710FE45337C62E462E5CE2CB4918E35
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726AB6380 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
        Download Yara Rule
        APIs
        • _Init_thread_header.LIBCMT ref: 00007FF726AB63E3
        • GetModuleHandleW.KERNEL32(?,?,?,?,00007FF7269D8F8F,?,?,?,?,?,?,?,-00000018,00007FF7269D8E71), ref: 00007FF726AB63F8
        • GetProcAddress.KERNEL32(?,?,?,?,00007FF7269D8F8F,?,?,?,?,?,?,?,-00000018,00007FF7269D8E71), ref: 00007FF726AB6408
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: AddressHandleInit_thread_headerModuleProc
        • String ID: RtlGetVersion$ntdll.dll
        • API String ID: 220378049-1489217083
        • Opcode ID: fa031930c8ed301832df1a66374401442054c2566c38c63588a875a8775506ec
        • Instruction ID: b26794ca8f77cbc09a36773d874b71eedb85b87bd9cd56e1526d4b239d401c93
        • Opcode Fuzzy Hash: fa031930c8ed301832df1a66374401442054c2566c38c63588a875a8775506ec
        • Instruction Fuzzy Hash: BD111D32A0864A86FF15FB15EC905B6B361EB98750FD08137CA0D472A0DE3CE445CF21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D9BB0 Relevance: 7.6, APIs: 5, Instructions: 131fileCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header$CreateCurrentDirectoryErrorFileLast
        • String ID:
        • API String ID: 2661925990-0
        • Opcode ID: 291ef8997e0c22b153d526582dd0f7c5c5c901e15e429f9d3233f3c7c812bb74
        • Instruction ID: 917339e3add75d9edb8e5852457d6afc86baa5662f3cc3879781d6731716dcc1
        • Opcode Fuzzy Hash: 291ef8997e0c22b153d526582dd0f7c5c5c901e15e429f9d3233f3c7c812bb74
        • Instruction Fuzzy Hash: F1613031A08A8689EA61FB14EC543BBB360FB94354FD04637DA8D426A5DF3CE485CF61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D85E0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header$AttributesCurrentDirectoryErrorFileLast
        • String ID:
        • API String ID: 442476566-0
        • Opcode ID: 4a91a104c7b358ce53a2d6eb1eac132a19192ef84c3f13e480e5761ff1aaaa21
        • Instruction ID: c583ecaf279c214f854483e11203d1c8f4ba6785150a5e2d364b03200c5f724e
        • Opcode Fuzzy Hash: 4a91a104c7b358ce53a2d6eb1eac132a19192ef84c3f13e480e5761ff1aaaa21
        • Instruction Fuzzy Hash: FB513631A18A0695FA21BB14ED943BBB360FB44B54FD04537D68D422A1DF3CE985CF61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D7E20 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header$CloseCreateCurrentDirectoryErrorFileHandleLast
        • String ID:
        • API String ID: 3825668548-0
        • Opcode ID: 12c523a931c8552ce2892a815677203797a91d2e1a19c8a61bf4324c36964938
        • Instruction ID: 3373f99d7198c29283ba883608764e1a54beb8585147d8a9edbef0a092831f09
        • Opcode Fuzzy Hash: 12c523a931c8552ce2892a815677203797a91d2e1a19c8a61bf4324c36964938
        • Instruction Fuzzy Hash: AF514E31A08A4681EA21BB15EC5437BA361FB847A0FC04637DA9D077E4CF3DE885CB61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D9A20 Relevance: 7.6, APIs: 5, Instructions: 95timeCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Time$FileSystem$CloseErrorHandleLast
        • String ID:
        • API String ID: 2155180559-0
        • Opcode ID: 36058778d295e7f024c3eca28ef4beff74af5ce699b0092d9583bc6ad1a634aa
        • Instruction ID: e7c4c71555cdea690851b778b54f58a62fe2dafbcebfd38048dc9ca7b693228a
        • Opcode Fuzzy Hash: 36058778d295e7f024c3eca28ef4beff74af5ce699b0092d9583bc6ad1a634aa
        • Instruction Fuzzy Hash: 44419B22A0CBC645EB24EB15FC553BBA351EB84794F94403ADBCE43A99CF6CE445CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269A69F0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 280COMMON
        Download Yara Rule
        APIs
        • _Init_thread_header.LIBCMT ref: 00007FF7269A6A67
          • Part of subcall function 00007FF726CAC188: EnterCriticalSection.KERNEL32(?,?,?,00007FF7269B900E), ref: 00007FF726CAC198
          • Part of subcall function 00007FF726CAC1F0: EnterCriticalSection.KERNEL32(?,?,?,00007FF726AB2053,?,?,?,00007FF7269C17B9), ref: 00007FF726CAC200
          • Part of subcall function 00007FF726CAC1F0: LeaveCriticalSection.KERNEL32(?,?,?,00007FF726AB2053,?,?,?,00007FF7269C17B9), ref: 00007FF726CAC240
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: CriticalSection$Enter$Init_thread_headerLeave
        • String ID: !$Path to profiled binary is empty!
        • API String ID: 1766094999-1469474377
        • Opcode ID: dd056dfc9918a3398d3b7786b4f478c0956d198cd734c4222e1eef418ad5e205
        • Instruction ID: 54c97e7428d1e9a09f58d094329f76bc9ada45c9e4b5695d2d9924d0c5d481fb
        • Opcode Fuzzy Hash: dd056dfc9918a3398d3b7786b4f478c0956d198cd734c4222e1eef418ad5e205
        • Instruction Fuzzy Hash: 07E17F72A08A8681EB21EF14EC513FAA3A0FB94744F90853ADACD07795DF7DE584CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269DAD60 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header$CriticalEnterSection
        • String ID:
        • API String ID: 640747144-0
        • Opcode ID: d4e032091d8839bf8b4d9966ee54002209330d60828db4cde761e3397479414b
        • Instruction ID: 891fc5a48624528ed7467078ad9ed95f33cc49c20c50fc394a470abc5070f05f
        • Opcode Fuzzy Hash: d4e032091d8839bf8b4d9966ee54002209330d60828db4cde761e3397479414b
        • Instruction Fuzzy Hash: BC515BB1A4964A85EB11BB18ED841B7A3A0EF44791FC0423BDA4D432A0DE3CF891CF21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726A99B60 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2283aa5cf33fb716afb908f5cbb69020ea3ffae443ed4747b9c96cd8f9f48a79
        • Instruction ID: bd2010a8f53f17c936ec61fcae96eec8dd38dbd9fa0b74ccd014e32cd0f4a302
        • Opcode Fuzzy Hash: 2283aa5cf33fb716afb908f5cbb69020ea3ffae443ed4747b9c96cd8f9f48a79
        • Instruction Fuzzy Hash: 6B515031A0960696FA11EB19DC946BAA371FF55755FE44933CA0E432A0DF3CFA42CE21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269DAA30 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
        Download Yara Rule
        APIs
        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7269D3AA7), ref: 00007FF7269DAA76
        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7269D3AA7), ref: 00007FF7269DAAEF
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7269D3AA7), ref: 00007FF7269DAB42
        • _Init_thread_header.LIBCMT ref: 00007FF7269DAB83
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: ByteCharMultiWide$ErrorInit_thread_headerLast
        • String ID:
        • API String ID: 2959056455-0
        • Opcode ID: 211a1e1c3cf25273f420cdaca2cc9cf79598356025b05eee94ed52e2d6f510df
        • Instruction ID: 5ce24b20a880a35e56eaa57182fd12d92192dd9e56da7a79547c1590dc7fb7e0
        • Opcode Fuzzy Hash: 211a1e1c3cf25273f420cdaca2cc9cf79598356025b05eee94ed52e2d6f510df
        • Instruction Fuzzy Hash: 83419521A08B4695EA10FF16ED4467AA361FB94790F84863BDF4D03791DF3CE5A1CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269DA8B0 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: ByteCharMultiWide$ErrorInit_thread_headerLast
        • String ID:
        • API String ID: 2959056455-0
        • Opcode ID: 6a007e9e3ccb236e7f93b031392c2f5255d08e62e39c625a742e1a85e37dba9a
        • Instruction ID: bbcde4f3a7112b768381160edc7749ca7e2c536ecdd2669ae8ecf143b2257d14
        • Opcode Fuzzy Hash: 6a007e9e3ccb236e7f93b031392c2f5255d08e62e39c625a742e1a85e37dba9a
        • Instruction Fuzzy Hash: 05419371A08A4591EA10FB56EC4467AA3A0FB44B90FC1453BCB8D43790DF3DE5A1CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D84C0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: CriticalEnterErrorFinalHandleInit_thread_headerLastNamePathSection
        • String ID:
        • API String ID: 953378473-0
        • Opcode ID: 7be586784710530923c52922c0b6db321241bc058ef2e3fc7d5d7e99453bf397
        • Instruction ID: c05f05d03d332e31d71b0cfa87a65de50fe7d4e1b9735771fcbe5f6e95cf3738
        • Opcode Fuzzy Hash: 7be586784710530923c52922c0b6db321241bc058ef2e3fc7d5d7e99453bf397
        • Instruction Fuzzy Hash: 01316721A09A4691FA10FB56EE4467AA361FB44B90FD4847BCB5E83791DF3CF490CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7269D8E90 Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: File$BuffersCloseFlushHandleInit_thread_headerUnmapView
        • String ID:
        • API String ID: 3367882763-0
        • Opcode ID: 12c819d90866a52623a809c0c8f58d4ed6309c6e3dbfe7b910f4f32135169886
        • Instruction ID: 2f4758c3d4f1ad0fee3047565347eb57ee852561db8004566f1f6c0c7243db56
        • Opcode Fuzzy Hash: 12c819d90866a52623a809c0c8f58d4ed6309c6e3dbfe7b910f4f32135169886
        • Instruction Fuzzy Hash: C5314021A19A4685FE11BB29EE4917AA362EF50B81FD04137DA8D022A1CF3CF441CE21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF726B425E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.1676859084.00007FF726931000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF726930000, based on PE: true
        • Associated: 00000000.00000002.1676845783.00007FF726930000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677088897.00007FF726CAF000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677157368.00007FF726D75000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677175722.00007FF726D76000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677194444.00007FF726D7E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677216629.00007FF726D93000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677236629.00007FF726DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.1677251869.00007FF726DBD000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_7ff726930000_Mol2sxTjLw.jbxd
        Similarity
        • API ID: Init_thread_header
        • String ID: RVA 0x%x for %s not found$RVA 0x%x not found
        • API String ID: 3738618077-2855063148
        • Opcode ID: 1409565409cf9d48d6118784d2128a6f9aeec7be1d91609a0495a751286c9747
        • Instruction ID: a8ee8c73c34b61ad0e4d363c21ee252c54fce3cd87e8c0ce55852fbf5f81fbb1
        • Opcode Fuzzy Hash: 1409565409cf9d48d6118784d2128a6f9aeec7be1d91609a0495a751286c9747
        • Instruction Fuzzy Hash: 45515F32A08A4685EA11AF15EC906AEB7A0FB84794FA44533DA4D03765DF3CE495DF10
        Uniqueness

        Uniqueness Score: -1.00%