Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WAdE7vk6kk.exe

Overview

General Information

Sample name:WAdE7vk6kk.exe
renamed because original name is a hash value
Original sample name:7801c18c1bfe85c29be22a73508b587abd132302247b859fd865eb028546cfba.exe
Analysis ID:1432271
MD5:23d0437f7b646ed9239eeced668e0f12
SHA1:b5a54b5b909ffd7baf306c37bc5acc2d4e813f73
SHA256:7801c18c1bfe85c29be22a73508b587abd132302247b859fd865eb028546cfba
Tags:exe
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found decision node followed by non-executed suspicious APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • WAdE7vk6kk.exe (PID: 5796 cmdline: "C:\Users\user\Desktop\WAdE7vk6kk.exe" MD5: 23D0437F7B646ED9239EECED668E0F12)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: WAdE7vk6kk.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008EB0FC CertOpenStore,GetLastError,CryptStringToBinaryA,CertCloseStore,CertFindCertificateInStore,CertCloseStore,__fread_nolock,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,CertFreeCertificateContext,CertCloseStore,CertFreeCertificateContext,0_2_008EB0FC
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E9FB0 BCryptGenRandom,0_2_008E9FB0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009140E0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,0_2_009140E0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00914140 CryptHashData,0_2_00914140
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00914160 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_00914160
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00914640 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,0_2_00914640
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008EAB90 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_008EAB90
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00916C50 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_00916C50
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0090F0F0 CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,0_2_0090F0F0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0090F5C0 CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,0_2_0090F5C0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00915E90 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_00915E90
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00915EF0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_00915EF0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00915E30 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,0_2_00915E30
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E9E40 BCryptGenRandom,0_2_008E9E40
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E9F00 BCryptGenRandom,0_2_008E9F00
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: -----BEGIN PUBLIC KEY-----0_2_008CE890
Source: WAdE7vk6kk.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_008F9840
Source: WAdE7vk6kk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 104.21.65.101:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: WAdE7vk6kk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\General\SmartDropper\Release\SmartDropper.pdb source: WAdE7vk6kk.exe
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009382C5 FindFirstFileExW,0_2_009382C5
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00905080 recv,WSAGetLastError,0_2_00905080
Source: global trafficDNS traffic detected: DNS query: helloitelemetry.cc
Source: WAdE7vk6kk.exeString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: WAdE7vk6kk.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: WAdE7vk6kk.exeString found in binary or memory: https://curl.se/docs/hsts.html
Source: WAdE7vk6kk.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: WAdE7vk6kk.exeString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: WAdE7vk6kk.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: WAdE7vk6kk.exeString found in binary or memory: https://helloitelemetry.cc/2xpIMc81Kn
Source: WAdE7vk6kk.exe, 00000000.00000002.1660805540.0000000000F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://helloitelemetry.cc/2xpIMc81Kn/9a6b4fe2-a803-4bfe-88e9-f61599aa8c1b/update
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownHTTPS traffic detected: 104.21.65.101:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00914640 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,0_2_00914640
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E70C00_2_008E70C0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008EB0FC0_2_008EB0FC
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008C72100_2_008C7210
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009080400_2_00908040
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008AC1800_2_008AC180
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B01D00_2_008B01D0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0093A3BD0_2_0093A3BD
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A43F00_2_008A43F0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0090E3700_2_0090E370
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A24700_2_008A2470
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009345B90_2_009345B9
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008AC6900_2_008AC690
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E66C00_2_008E66C0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0093C6CE0_2_0093C6CE
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B26100_2_008B2610
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008D26300_2_008D2630
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0090A7D00_2_0090A7D0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B47D00_2_008B47D0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A67200_2_008A6720
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A68C00_2_008A68C0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0091C81A0_2_0091C81A
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0091E8500_2_0091E850
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008C08700_2_008C0870
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B29B00_2_008B29B0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008BE9F00_2_008BE9F0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A6A600_2_008A6A60
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00922B250_2_00922B25
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00916C000_2_00916C00
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E8C400_2_008E8C40
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00908C600_2_00908C60
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A6D900_2_008A6D90
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008DCDC00_2_008DCDC0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00918D100_2_00918D10
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B4D200_2_008B4D20
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B2D300_2_008B2D30
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00922E840_2_00922E84
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008ACE000_2_008ACE00
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008ECF800_2_008ECF80
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B30A00_2_008B30A0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E13800_2_008E1380
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008F53C00_2_008F53C0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0092F3CF0_2_0092F3CF
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A93000_2_008A9300
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008FD3700_2_008FD370
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008FF4900_2_008FF490
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B34100_2_008B3410
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B96A00_2_008B96A0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B37900_2_008B3790
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009017A00_2_009017A0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0090F7C00_2_0090F7C0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A1A400_2_008A1A40
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A3A700_2_008A3A70
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008AFB300_2_008AFB30
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008F5C800_2_008F5C80
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00911CF00_2_00911CF0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008ABD100_2_008ABD10
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008ADE100_2_008ADE10
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A1E400_2_008A1E40
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008B1FA00_2_008B1FA0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008A5F300_2_008A5F30
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008D9D40 appears 71 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008D9CE0 appears 37 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008D57B0 appears 68 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008D5720 appears 288 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 00917F40 appears 57 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008D5650 appears 398 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008DC090 appears 43 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 008DA2C0 appears 32 times
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: String function: 00912D50 appears 33 times
Source: WAdE7vk6kk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.evad.winEXE@1/0@1/2
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeMutant created: \Sessions\1\BaseNamedObjects\6ojlDCjfteCozqTBJdTa
Source: WAdE7vk6kk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: WAdE7vk6kk.exeString found in binary or memory: iphlpapi.dllif_nametoindexws2_32FreeAddrInfoExWGetAddrInfoExCancelGetAddrInfoExWkernel32LoadLibraryExA\/AddDllDirectoryh1h2h3%10s %512s %u %10s %512s %u "%64[^"]" %u %urt%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %d
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: WAdE7vk6kk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: WAdE7vk6kk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\General\SmartDropper\Release\SmartDropper.pdb source: WAdE7vk6kk.exe
Source: WAdE7vk6kk.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: WAdE7vk6kk.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: WAdE7vk6kk.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: WAdE7vk6kk.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: WAdE7vk6kk.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008D7DB0 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,0_2_008D7DB0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00917418 push ecx; ret 0_2_0091742B

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-75344
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-75618
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009382C5 FindFirstFileExW,0_2_009382C5
Source: WAdE7vk6kk.exe, 00000000.00000002.1660805540.0000000000F6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00923CD5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00923CD5
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008D7DB0 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,0_2_008D7DB0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0093B4D9 GetProcessHeap,0_2_0093B4D9
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00917861 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00917861
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00923CD5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00923CD5
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00917CE9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00917CE9
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00917E7D SetUnhandledExceptionFilter,0_2_00917E7D
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00916D70 cpuid 0_2_00916D70
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0093A907
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: EnumSystemLocalesW,0_2_0093ABB3
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: EnumSystemLocalesW,0_2_0093ABFE
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: EnumSystemLocalesW,0_2_0093AC99
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0093AD24
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetLocaleInfoW,0_2_0093AF77
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0093B0A0
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetLocaleInfoW,0_2_0093B1A6
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0093B27C
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: EnumSystemLocalesW,0_2_0093349E
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: GetLocaleInfoW,0_2_00933A61
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_0092792E GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0092792E
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_009363E8 GetTimeZoneInformation,0_2_009363E8
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008E9570 socket,socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,closesocket,0_2_008E9570
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_00904690 htons,htons,htons,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,0_2_00904690
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008FC85A bind,WSAGetLastError,0_2_008FC85A
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008FCA50 bind,WSAGetLastError,0_2_008FCA50
Source: C:\Users\user\Desktop\WAdE7vk6kk.exeCode function: 0_2_008F53C0 getsockname,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,htons,0_2_008F53C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping2
System Time Discovery		1
Exploitation of Remote Services		12
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts11
Native API		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Obfuscated Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS22
System Information Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WAdE7vk6kk.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://curl.se/docs/http-cookies.html0%Avira URL Cloudsafe
https://curl.se/docs/alt-svc.html0%Avira URL Cloudsafe
https://curl.se/docs/alt-svc.html#0%Avira URL Cloudsafe
https://curl.se/docs/http-cookies.html#0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html#0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html0%VirustotalBrowse
https://curl.se/docs/http-cookies.html0%VirustotalBrowse
https://curl.se/docs/alt-svc.html0%VirustotalBrowse
https://curl.se/docs/http-cookies.html#0%VirustotalBrowse
https://curl.se/docs/hsts.html#0%VirustotalBrowse
https://curl.se/docs/alt-svc.html#0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
helloitelemetry.cc
104.21.65.101
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://curl.se/docs/hsts.htmlWAdE7vk6kk.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/alt-svc.html#WAdE7vk6kk.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/http-cookies.html#WAdE7vk6kk.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/alt-svc.htmlWAdE7vk6kk.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/http-cookies.htmlWAdE7vk6kk.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/hsts.html#WAdE7vk6kk.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    104.21.65.101
    		helloitelemetry.ccUnited States
    		13335CLOUDFLARENETUSfalse

    Private

    IP
    127.0.0.1

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1432271
    Start date and time:2024-04-26 18:53:09 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 25s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:1
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:WAdE7vk6kk.exe
    renamed because original name is a hash value
    Original Sample Name:7801c18c1bfe85c29be22a73508b587abd132302247b859fd865eb028546cfba.exe
    Detection:MAL
    Classification:mal48.evad.winEXE@1/0@1/2
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 98%
    • Number of executed functions: 29
    • Number of non-executed functions: 165
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated

    Warnings

    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, ctldl.windowsupdate.com

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    CLOUDFLARENETUSHousecallpro Chase Bank ACH.htmGet hashmaliciousUnknownBrowse
    • 104.17.24.14
    Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.htmlGet hashmaliciousHTMLPhisherBrowse
    • 104.17.25.14
    http://url9212.charteredarena.org/ls/click?upn=u001.kjyKVeM-2Fb1rGOGHOnr1jOBOY3L3JqbNTsl6-2FG2Q28FBbMvScULOdn5hj4fYmOT1gSvNV_eFFQU5nW4TX33oYM-2FvMZ4H4nrQnEbWOt7nYb46lhhradIe8kQ30nH41Yux5-2ByqjXVzNOeRGeH70TSwGBG-2FsCyfS-2BqFuy7r7yA-2BMVhshonhVyPepAGojJAWOStPfHQEXVhS9QapMz6-2FLiLkIDitr77rwl6cV3-2BOVbi0qMHcpubANPDna-2BAJRWKHhsn2J-2BHsm2h-2B1n0PvhIvECyeSGKW-2FdmoYnwMnfXv-2F0VHDQdAF4JyTklFAWOdWvqmq9QaL29M0Lqvm9PdkAaDucmiv1yWhzGJ-2FSlIlic4yMaUzKSM2tXbVKRT-2BcTJHrLGjV82z-2BxMi-2FPWDvS9vQSeDz0xjN0gvzYnMQqfZiJ7fdvgXYvIvcGvziknMmHkQ7sUHmtLIGr6gsv-2FI2qInnZxnaJ1Ow7w3sMmgc-2FLcAEaJe5QnWJ5qez1H3mc7J1f4VLI4PyjCxv7syUPC13rDkwMklRiABfKztYQ3n9LW3FeH4hgMGYJgJovBs-2FKlVUipIzO24iLrfZpg-2FS6-2Fvp-2BRnBXh4Gim5LY7NxdelnIZomgKJ8r1gxfM163jd5ekCcUFZcZJn8BUr-2FrBOq6vvyf5Ut44ln9oAHSsmy2ecvwUHxQ-2Bo0mJA2r9a8FeSV3APNVBZowUa1ZGpOSvbZRLc6uZxrFl3fSWY774fhm-2Fl3qG7s-2BRWj2lGIHB3NEqH1X520Diu5Le7soeKgWoeaLCSrT5v7lt-2B7XayjukGYP4Yz5jSqZD2gXDxl443sgS6brqBQ3LKHfRN7s2NZ-2F6nWblHw6-2BLG-2FTduGCq0lMfhnVz7mFWLyKhJHvoE3C2dN6qv1-2FpHnRcIGopoYVEdZ-2F182c7Ll7OsxlzgTKemGKriHFjxwOhwkIoHVdgcJWnLS8-3DGet hashmaliciousUnknownBrowse
    • 1.1.1.1
    Dragons Dogma 2 v1.0 Plus 36 Trainer.exeGet hashmaliciousUnknownBrowse
    • 104.21.85.118
    Dragons Dogma 2 v1.0 Plus 36 Trainer.exeGet hashmaliciousUnknownBrowse
    • 104.21.85.118
    https://gelw.nalverd.com/AvGEoxV/Get hashmaliciousHTMLPhisherBrowse
    • 104.17.2.184
    Packing List PDF.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
    • 172.67.74.152
    POattach.htmlGet hashmaliciousHTMLPhisherBrowse
    • 104.18.11.207
    file.exeGet hashmaliciousUnknownBrowse
    • 172.64.41.3
    file.exeGet hashmaliciousUnknownBrowse
    • 172.64.41.3

    JA3 Fingerprints

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    bd0bf25947d4a37404f0424edf4db9adFilezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    SecuriteInfo.com.Win64.MalwareX-gen.31381.20021.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    SecuriteInfo.com.Win64.MalwareX-gen.32147.15984.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    file.exeGet hashmaliciousMicroClipBrowse
    • 104.21.65.101
    infected.zipGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    SecuriteInfo.com.W64.Trojan.GKA.gen.Eldorado.9795.9321.exeGet hashmaliciousUnknownBrowse
    • 104.21.65.101
    uNa2pw53jv.htaGet hashmaliciousUnknownBrowse
    • 104.21.65.101

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):6.7903658978566614
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:WAdE7vk6kk.exe
    File size:952'320 bytes
    MD5:23d0437f7b646ed9239eeced668e0f12
    SHA1:b5a54b5b909ffd7baf306c37bc5acc2d4e813f73
    SHA256:7801c18c1bfe85c29be22a73508b587abd132302247b859fd865eb028546cfba
    SHA512:dd3feec22875a48b47b86643847ca20d763519d01299cd002f5440497c78c4e69d1a2ad684929ad6ffca14593a78e7de4826d0a443abe5b93cc920ceb301fc40
    SSDEEP:24576:DKEQPb5rLit7pKfGUuWh+8dnF2fhSMXlohXR:cJLgQ9+8tMQR
    TLSH:3915CF21F69180B7E2C540B114BA9B7A0E3DA938471145CBA3E46D79DE302D1AF3F79E
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........jj..jj..jj..!...ej..!....j..!...}j....T.mj..8...xj..8...rj.......j..8...!j..!...{j..jj...j......hj....V.kj..jj>.kj......kj.

    File Icon

    Icon Hash:2f232d67b7934633

    Static PE Info

    General

    Entrypoint:0x4771bd
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Time Stamp:0x6626792D [Mon Apr 22 14:50:21 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:3ca006110d0cd191c49738b27e876bed

    Entrypoint Preview

    Instruction
    call 00007FAC810A7602h
    jmp 00007FAC810A6A0Fh
    push ebp
    mov ebp, esp
    mov eax, dword ptr [ebp+08h]
    push esi
    mov ecx, dword ptr [eax+3Ch]
    add ecx, eax
    movzx eax, word ptr [ecx+14h]
    lea edx, dword ptr [ecx+18h]
    add edx, eax
    movzx eax, word ptr [ecx+06h]
    imul esi, eax, 28h
    add esi, edx
    cmp edx, esi
    je 00007FAC810A6BABh
    mov ecx, dword ptr [ebp+0Ch]
    cmp ecx, dword ptr [edx+0Ch]
    jc 00007FAC810A6B9Ch
    mov eax, dword ptr [edx+08h]
    add eax, dword ptr [edx+0Ch]
    cmp ecx, eax
    jc 00007FAC810A6B9Eh
    add edx, 28h
    cmp edx, esi
    jne 00007FAC810A6B7Ch
    xor eax, eax
    pop esi
    pop ebp
    ret
    mov eax, edx
    jmp 00007FAC810A6B8Bh
    push esi
    call 00007FAC810A7909h
    test eax, eax
    je 00007FAC810A6BB2h
    mov eax, dword ptr fs:[00000018h]
    mov esi, 004E18ECh
    mov edx, dword ptr [eax+04h]
    jmp 00007FAC810A6B96h
    cmp edx, eax
    je 00007FAC810A6BA2h
    xor eax, eax
    mov ecx, edx
    lock cmpxchg dword ptr [esi], ecx
    test eax, eax
    jne 00007FAC810A6B82h
    xor al, al
    pop esi
    ret
    mov al, 01h
    pop esi
    ret
    push ebp
    mov ebp, esp
    cmp dword ptr [ebp+08h], 00000000h
    jne 00007FAC810A6B99h
    mov byte ptr [004E18F0h], 00000001h
    call 00007FAC810A66B3h
    call 00007FAC810A9C8Ch
    test al, al
    jne 00007FAC810A6B96h
    xor al, al
    pop ebp
    ret
    call 00007FAC810BE919h
    test al, al
    jne 00007FAC810A6B9Ch
    push 00000000h
    call 00007FAC810A9C93h
    pop ecx
    jmp 00007FAC810A6B7Bh
    mov al, 01h
    pop ebp
    ret
    push ebp
    mov ebp, esp
    cmp byte ptr [004E18F1h], 00000000h
    je 00007FAC810A6B96h
    mov al, 01h

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0xde3280xb4.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0xe50000x2af0.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe80000x68c4.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0xda7200x70.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xda7900x40.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0xa20000x32c.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000xa035e0xa040069f4811d3047b881399ecc48ce34ab72False0.5438752315717629data6.605391804551208IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0xa20000x3d3120x3d4003fd94b1885310c400b82d2d47b975b74False0.4292051977040816data6.502157555043873IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0xe00000x4c4c0x1600e92611e19517bb586b0b93d7931bc47bFalse0.23046875DOS executable (block device driver 7AH\221<)4.023189064467823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0xe50000x2af00x2c00673650df9d5b500414e8d8c208c828aaFalse0.35502485795454547data4.8845775812114445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0xe80000x68c40x6a009ba375aed75e63f1a5e61ff521c72387False0.6949439858490566data6.649061730403181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_ICON0xe51e00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsRussianRussia0.6317567567567568
    RT_ICON0xe53080x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsRussianRussia0.5823699421965318
    RT_ICON0xe58700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsRussianRussia0.5120967741935484
    RT_ICON0xe5b580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsRussianRussia0.5455776173285198
    RT_ICON0xe64000x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536RussianRussia0.36341463414634145
    RT_ICON0xe6a680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688RussianRussia0.42350746268656714
    RT_GROUP_ICON0xe79100x5adataRussianRussia0.7333333333333333
    RT_MANIFEST0xe79700x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

    Imports

    DLLImport
    KERNEL32.dllGetCPInfo, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, QueryPerformanceCounter, GetTickCount, SetEvent, WaitForSingleObject, CreateEventA, QueryPerformanceFrequency, GetSystemDirectoryA, FreeLibrary, GetModuleHandleA, GetProcAddress, LoadLibraryA, Sleep, SetLastError, FormatMessageW, MoveFileExA, WaitForSingleObjectEx, GetEnvironmentVariableA, GetCurrentProcessId, GetStdHandle, GetFileType, ReadFile, PeekNamedPipe, WaitForMultipleObjects, SleepEx, VerSetConditionMask, VerifyVersionInfoW, CreateFileA, GetFileSizeEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, RaiseException, InitializeCriticalSectionAndSpinCount, TlsAlloc, GetStringTypeW, TlsSetValue, TlsFree, LoadLibraryExW, GetDriveTypeW, GetFileInformationByHandle, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, CreateThread, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, SetFilePointerEx, GetModuleFileNameW, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapReAlloc, GetTimeZoneInformation, FlushFileBuffers, GetFileAttributesExW, SetStdHandle, SetEndOfFile, GetCurrentDirectoryW, GetFullPathNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, DeleteFileW, HeapSize, WriteConsoleW, LCMapStringEx, DecodePointer, EncodePointer, DeleteCriticalSection, InitializeCriticalSectionEx, LeaveCriticalSection, EnterCriticalSection, WideCharToMultiByte, ExitProcess, CloseHandle, lstrcatW, GetLastError, MultiByteToWideChar, CreateFileW, CreateMutexW, GetTempPathW, TlsGetValue, WriteFile
    WININET.dllInternetCrackUrlA
    bcrypt.dllBCryptGenRandom
    ADVAPI32.dllCryptAcquireContextA, CryptGetHashParam, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptDestroyKey, CryptImportKey, CryptEncrypt, CryptReleaseContext
    WS2_32.dllWSASetLastError, closesocket, WSAWaitForMultipleEvents, gethostname, WSAEventSelect, WSAEnumNetworkEvents, WSACreateEvent, WSACloseEvent, send, getsockopt, ioctlsocket, WSAGetLastError, getpeername, sendto, recvfrom, freeaddrinfo, getaddrinfo, recv, listen, htonl, getsockname, connect, bind, accept, select, __WSAFDIsSet, socket, htons, WSAIoctl, setsockopt, WSACleanup, WSAStartup, WSAResetEvent, ntohs
    CRYPT32.dllCertGetCertificateChain, CertFindExtension, CertCreateCertificateChainEngine, CryptQueryObject, CertFreeCertificateChain, CertGetNameStringA, CertAddCertificateContextToStore, CryptDecodeObjectEx, PFXImportCertStore, CryptStringToBinaryA, CertFreeCertificateContext, CertFindCertificateInStore, CertEnumCertificatesInStore, CertFreeCertificateChainEngine, CertOpenStore, CertCloseStore
    WLDAP32.dll
    Normaliz.dllIdnToAscii, IdnToUnicode

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    RussianRussia
    EnglishUnited States

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Apr 26, 2024 18:53:59.432842970 CEST49732443192.168.2.4104.21.65.101
    Apr 26, 2024 18:53:59.432881117 CEST44349732104.21.65.101192.168.2.4
    Apr 26, 2024 18:53:59.432960033 CEST49732443192.168.2.4104.21.65.101
    Apr 26, 2024 18:53:59.445995092 CEST49732443192.168.2.4104.21.65.101
    Apr 26, 2024 18:53:59.446012020 CEST44349732104.21.65.101192.168.2.4
    Apr 26, 2024 18:53:59.712516069 CEST44349732104.21.65.101192.168.2.4
    Apr 26, 2024 18:53:59.712615967 CEST49732443192.168.2.4104.21.65.101
    Apr 26, 2024 18:54:00.113500118 CEST49732443192.168.2.4104.21.65.101
    Apr 26, 2024 18:54:00.113547087 CEST44349732104.21.65.101192.168.2.4
    Apr 26, 2024 18:54:00.113564014 CEST49732443192.168.2.4104.21.65.101
    Apr 26, 2024 18:54:00.113795996 CEST44349732104.21.65.101192.168.2.4
    Apr 26, 2024 18:54:00.113852024 CEST49732443192.168.2.4104.21.65.101

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Apr 26, 2024 18:53:59.264991999 CEST5829553192.168.2.41.1.1.1
    Apr 26, 2024 18:53:59.429769039 CEST53582951.1.1.1192.168.2.4

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Apr 26, 2024 18:53:59.264991999 CEST192.168.2.41.1.1.10x69deStandard query (0)helloitelemetry.ccA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Apr 26, 2024 18:53:59.429769039 CEST1.1.1.1192.168.2.40x69deNo error (0)helloitelemetry.cc104.21.65.101A (IP address)IN (0x0001)false
    Apr 26, 2024 18:53:59.429769039 CEST1.1.1.1192.168.2.40x69deNo error (0)helloitelemetry.cc172.67.161.148A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    System Behavior

    General

    Target ID:0
    Start time:18:53:58
    Start date:26/04/2024
    Path:C:\Users\user\Desktop\WAdE7vk6kk.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Desktop\WAdE7vk6kk.exe"
    Imagebase:0x8a0000
    File size:952'320 bytes
    MD5 hash:23D0437F7B646ED9239EECED668E0F12
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:1.2%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:20.5%
      Total number of Nodes:1023
      Total number of Limit Nodes:32
      execution_graph 74626 903a10 74627 903a62 74626->74627 74628 903b3d 74627->74628 74629 903abe 74627->74629 74631 903a6f 74627->74631 74644 905080 recv 74628->74644 74633 903ad6 74629->74633 74634 903b0d 74629->74634 74655 8d57b0 74631->74655 74633->74631 74638 903aef 74633->74638 74637 903b1c 74634->74637 74634->74638 74635 8d57b0 68 API calls 74636 903b65 74635->74636 74639 903b05 74636->74639 74672 8c9e60 74636->74672 74640 8d57b0 68 API calls 74637->74640 74641 8d57b0 68 API calls 74638->74641 74642 903a7e 74640->74642 74641->74639 74642->74635 74645 9050d4 WSAGetLastError 74644->74645 74654 9050e4 74644->74654 74646 9050ec 74645->74646 74645->74654 74676 8e7ea0 45 API calls 2 library calls 74646->74676 74647 8d57b0 68 API calls 74649 905138 74647->74649 74678 916d32 74649->74678 74650 9050fc 74677 8d5650 68 API calls 2 library calls 74650->74677 74653 90514e 74653->74642 74654->74647 74656 8d584e 74655->74656 74659 8d57d7 74655->74659 74657 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74656->74657 74658 8d5861 74657->74658 74658->74642 74659->74656 74686 8dc130 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 74659->74686 74661 8d5803 74687 8dc210 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 74661->74687 74663 8d5828 74664 8d5868 74663->74664 74665 8d583b 74663->74665 74689 917983 5 API calls std::_Locinfo::_Locinfo_dtor 74664->74689 74688 8d55b0 67 API calls 74665->74688 74668 8d586d 74669 8d5878 74668->74669 74690 8d5ea0 68 API calls 74668->74690 74669->74642 74671 8d588d 74671->74642 74673 8c9e6d QueryPerformanceCounter 74672->74673 74674 8c9ed1 GetTickCount 74672->74674 74675 8c9e92 __alldvrm __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74673->74675 74674->74639 74675->74639 74676->74650 74677->74654 74679 916d3b IsProcessorFeaturePresent 74678->74679 74680 916d3a 74678->74680 74682 91789e 74679->74682 74680->74653 74685 917861 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 74682->74685 74684 917981 74684->74653 74685->74684 74686->74661 74687->74663 74688->74656 74689->74668 74690->74671 74691 917176 74700 917e3a GetModuleHandleW 74691->74700 74693 91717e 74694 917182 74693->74694 74695 9171b4 74693->74695 74699 91718d 74694->74699 74701 92d29f 21 API calls __purecall 74694->74701 74702 92d2bd 21 API calls __purecall 74695->74702 74697 9171bc 74700->74693 74701->74699 74702->74697 74703 8a1000 74706 8c0fd9 74703->74706 74705 8a1005 74712 9243cf 74706->74712 74708 8c0fe6 74709 8c0feb 74708->74709 74726 8c0c12 30 API calls 2 library calls 74708->74726 74709->74705 74713 9243f0 74712->74713 74714 9243db 74712->74714 74727 933cda 74713->74727 74733 91fe0a 14 API calls __dosmaperr 74714->74733 74718 9243e0 74734 923ed1 29 API calls __wsopen_s 74718->74734 74720 924413 74720->74708 74723 924404 74736 91fe0a 14 API calls __dosmaperr 74723->74736 74725 92440f 74725->74708 74737 933736 74727->74737 74729 933cf6 74730 9243fb 74729->74730 74743 924d69 39 API calls __purecall 74729->74743 74730->74720 74735 91fe0a 14 API calls __dosmaperr 74730->74735 74733->74718 74735->74723 74736->74725 74738 933766 74737->74738 74742 933762 std::_Locinfo::_Locinfo_dtor 74737->74742 74738->74742 74744 93366b 74738->74744 74741 933780 GetProcAddress 74741->74742 74742->74729 74750 93367c ___vcrt_InitializeCriticalSectionEx 74744->74750 74745 933712 74745->74741 74745->74742 74746 93369a LoadLibraryExW 74747 9336b5 GetLastError 74746->74747 74748 933719 74746->74748 74747->74750 74748->74745 74749 93372b FreeLibrary 74748->74749 74749->74745 74750->74745 74750->74746 74751 9336e8 LoadLibraryExW 74750->74751 74751->74748 74751->74750 74752 8ca340 74753 8ca36c 74752->74753 74754 8ca372 74752->74754 74809 8de1b0 74753->74809 74755 8c9e60 2 API calls 74754->74755 74757 8ca3bc 74755->74757 74763 8caa00 74757->74763 74760 8ca3dd 74762 8ca3f8 74765 8caa33 __fread_nolock 74763->74765 74768 8caaf7 74765->74768 74769 8caad2 InitializeCriticalSectionEx 74765->74769 74787 8cab5e __fread_nolock 74765->74787 74766 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74767 8ca3d6 74766->74767 74767->74760 74814 8d5650 68 API calls 2 library calls 74767->74814 74771 8cab1d 74768->74771 74772 8cab13 closesocket 74768->74772 74815 8e9570 socket 74769->74815 74774 8cab24 DeleteCriticalSection 74771->74774 74776 8cab34 74771->74776 74772->74771 74773 8caaec 74773->74768 74777 8cabc1 74773->74777 74774->74776 74775 8cab5b closesocket 74775->74787 74776->74775 74776->74787 74778 8cad3b 74777->74778 74791 8cac20 MultiByteToWideChar 74777->74791 74802 8caca7 74777->74802 74873 8e9dd0 49 API calls 74778->74873 74779 8cacbc EnterCriticalSection LeaveCriticalSection 74780 8cacec 74779->74780 74781 8cad74 74779->74781 74785 8cad67 74780->74785 74786 8cacf0 CloseHandle 74780->74786 74783 8cad78 GetAddrInfoExCancel WaitForSingleObject CloseHandle 74781->74783 74784 8cad94 74781->74784 74783->74784 74788 8cad9d 74784->74788 74789 8cada6 74784->74789 74875 8e9e00 CloseHandle 74785->74875 74790 8cadaf 74786->74790 74872 91fe0a 14 API calls __dosmaperr 74787->74872 74876 8e9e10 WaitForSingleObjectEx CloseHandle 74788->74876 74877 8ca8b0 DeleteCriticalSection closesocket __fread_nolock 74789->74877 74803 8cadc8 closesocket 74790->74803 74791->74778 74797 8cac43 MultiByteToWideChar 74791->74797 74792 8cab84 74792->74766 74793 8cad46 74793->74792 74874 91fe0a 14 API calls __dosmaperr 74793->74874 74797->74778 74801 8cac65 74797->74801 74799 8cad6f 74799->74790 74800 8cada3 74800->74789 74847 8cb080 74801->74847 74802->74779 74802->74787 74803->74787 74806 8cacfc GetAddrInfoExW 74806->74792 74807 8cad2b 74806->74807 74851 8cae00 74807->74851 74810 8de1ee socket 74809->74810 74811 8de1b9 74809->74811 74812 8de1ff 74810->74812 74813 8de203 closesocket 74810->74813 74811->74754 74812->74754 74813->74754 74814->74762 74816 8e97a8 74815->74816 74817 8e95a7 htonl setsockopt 74815->74817 74818 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74816->74818 74819 8e9796 closesocket closesocket closesocket 74817->74819 74820 8e9603 bind 74817->74820 74821 8e97ba 74818->74821 74819->74816 74820->74819 74822 8e961a getsockname 74820->74822 74821->74773 74822->74819 74823 8e9634 74822->74823 74823->74819 74824 8e963f listen 74823->74824 74824->74819 74825 8e9651 socket 74824->74825 74825->74819 74826 8e9664 connect 74825->74826 74826->74819 74827 8e967b 74826->74827 74878 90eab0 ioctlsocket 74827->74878 74829 8e9683 74829->74819 74879 8e70c0 74829->74879 74831 8e96ad accept 74831->74819 74832 8e96c7 74831->74832 74833 8c9e60 2 API calls 74832->74833 74834 8e96d1 74833->74834 74909 8e9e40 74834->74909 74837 8e96fa send 74840 8e9710 74837->74840 74838 8e70c0 15 API calls 74839 8e9732 recv 74838->74839 74839->74840 74841 8e9747 WSAGetLastError 74839->74841 74840->74819 74840->74838 74843 8e97c9 74840->74843 74842 8c9e60 2 API calls 74841->74842 74842->74840 74843->74819 74844 8e97e8 closesocket 74843->74844 74845 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74844->74845 74846 8e9800 74845->74846 74846->74773 74848 8cb098 74847->74848 74914 923c3f 74848->74914 74850 8cac7d CreateEventA 74850->74802 74850->74806 74852 8caf4e 74851->74852 74871 8cae2e _Yarn 74851->74871 74854 8caf84 74852->74854 74855 8caf77 FreeAddrInfoEx 74852->74855 74853 8caf40 WSASetLastError 74853->74852 74856 8caf8e WSAGetLastError 74854->74856 74857 8cafa9 EnterCriticalSection 74854->74857 74855->74854 74860 8caf94 WSAGetLastError 74856->74860 74861 8caf9d 74856->74861 74858 8cafb8 LeaveCriticalSection 74857->74858 74859 8cb02b 74857->74859 74862 8cafc8 DeleteCriticalSection 74858->74862 74868 8cafd8 74858->74868 74863 8cb051 LeaveCriticalSection 74859->74863 74864 8cb033 send 74859->74864 74860->74857 74860->74861 74861->74857 74862->74868 74866 8cb06b SetEvent 74863->74866 74867 8cb072 74863->74867 74864->74863 74865 8cb04c WSAGetLastError 74864->74865 74865->74863 74866->74867 74867->74792 74869 8cafff closesocket 74868->74869 74870 8cb006 __fread_nolock 74868->74870 74869->74870 74870->74792 74871->74852 74871->74853 74872->74792 74873->74793 74874->74802 74875->74799 74876->74800 74877->74790 74878->74829 74880 8e70e4 74879->74880 74887 8e70fc 74879->74887 74882 8e714a 74880->74882 74880->74887 74881 8e741c 74883 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74881->74883 74891 8e729f WSASetLastError 74882->74891 74893 8e7278 74882->74893 74886 8e742d 74883->74886 74884 8e73f6 74885 8e7415 Sleep 74884->74885 74889 8e73fd 74884->74889 74885->74881 74886->74831 74887->74881 74887->74884 74888 8e7126 WSASetLastError 74887->74888 74887->74889 74890 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74888->74890 74889->74884 74889->74885 74892 8e7143 74890->74892 74903 8e72ad 74891->74903 74892->74831 74894 8e72c6 74893->74894 74898 8e7284 74893->74898 74897 8e72de select 74894->74897 74895 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74896 8e72bf 74895->74896 74896->74831 74900 8e7322 74897->74900 74913 8e7570 WSASetLastError Sleep 74898->74913 74902 8e7328 74900->74902 74908 8e7344 74900->74908 74901 8e7297 74901->74900 74902->74903 74904 8e732d WSAGetLastError 74902->74904 74903->74895 74904->74903 74905 8e7363 __WSAFDIsSet 74906 8e738f __WSAFDIsSet 74905->74906 74905->74908 74907 8e73ad __WSAFDIsSet 74906->74907 74906->74908 74907->74908 74908->74884 74908->74905 74908->74906 74908->74907 74910 8e96ef 74909->74910 74912 8e9e55 74909->74912 74910->74819 74910->74837 74911 8e9e8c BCryptGenRandom 74911->74912 74912->74910 74912->74911 74913->74901 74915 923c53 __wsopen_s 74914->74915 74918 920128 74915->74918 74917 923c6e __wsopen_s 74917->74850 74919 920177 74918->74919 74920 920154 74918->74920 74919->74920 74922 92017f 74919->74922 74929 923e54 29 API calls 2 library calls 74920->74929 74930 922606 43 API calls __wsopen_s 74922->74930 74923 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74924 9202a9 74923->74924 74924->74917 74926 920200 74931 921db0 14 API calls ___free_lconv_mon 74926->74931 74928 92016c 74928->74923 74929->74928 74930->74926 74931->74928 74932 8ebf60 74933 8ebf79 74932->74933 74934 8ebf87 74933->74934 74944 8ebfc4 74933->74944 74951 8d6d70 7 API calls __ehhandler$___std_fs_change_permissions@12 74933->74951 74937 8ebfa8 74946 8ec10a 74937->74946 74952 8ec160 74937->74952 74938 8ec0a6 74950 8ec09e 74938->74950 75050 8ecbd0 73 API calls __ehhandler$___std_fs_change_permissions@12 74938->75050 74944->74938 74945 8ec122 WSAGetLastError 74944->74945 74944->74946 74944->74950 74997 8d6d70 7 API calls __ehhandler$___std_fs_change_permissions@12 74944->74997 74998 8ec5b0 74944->74998 75049 8e7440 15 API calls __ehhandler$___std_fs_change_permissions@12 74944->75049 75051 8d5650 68 API calls 2 library calls 74945->75051 74949 8ec111 74946->74949 75052 8d5650 68 API calls 2 library calls 74946->75052 74948 8ec134 74951->74937 74953 8ec196 74952->74953 75053 909c00 74953->75053 74955 8ec1bc 74956 8ec1ce 74955->74956 75075 8d5720 74955->75075 74958 8ec20b 74956->74958 74959 8ec1d7 GetModuleHandleA GetProcAddress 74956->74959 74962 909c00 13 API calls 74958->74962 74970 8ec220 74958->74970 74959->74958 74960 8ec1f2 74959->74960 74961 909c00 13 API calls 74960->74961 74963 8ec200 74961->74963 74964 8ec233 74962->74964 74963->74958 74965 8ec575 74964->74965 74964->74970 75096 8d5650 68 API calls 2 library calls 74965->75096 74968 8ec290 74974 8ec30f 74968->74974 75088 92f82c 29 API calls 3 library calls 74968->75088 74969 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 74972 8ec59a 74969->74972 74973 8ec2af 74970->74973 75087 8eaff0 68 API calls __ehhandler$___std_fs_change_permissions@12 74970->75087 74972->74944 74973->74974 74975 8d5720 68 API calls 74973->74975 74976 8ec2d4 74973->74976 74974->74969 74975->74976 74977 8ec304 74976->74977 74978 8ec39d 74976->74978 74984 8ec319 _Yarn 74976->74984 75089 8d5650 68 API calls 2 library calls 74977->75089 74980 8ec445 74978->74980 74981 8ec430 74978->74981 74983 8ec482 74980->74983 74988 8ec501 74980->74988 75090 8d5650 68 API calls 2 library calls 74981->75090 75091 8e7800 45 API calls 2 library calls 74983->75091 74985 8d5720 68 API calls 74984->74985 74985->74978 74987 8ec4a8 74989 8ec4e9 74987->74989 74990 8ec4b1 74987->74990 74988->74974 75095 8d5650 68 API calls 2 library calls 74988->75095 75094 8d5650 68 API calls 2 library calls 74989->75094 74991 8ec4b9 74990->74991 74992 8ec4d1 74990->74992 75092 8d5650 68 API calls 2 library calls 74991->75092 75093 8d5650 68 API calls 2 library calls 74992->75093 74997->74944 75001 8ec5ea 74998->75001 74999 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75000 8ec906 74999->75000 75000->74944 75002 8ecbb0 75001->75002 75004 8ec6a3 75001->75004 75005 8ec68b 75001->75005 75006 8ec696 75001->75006 75123 8d5650 68 API calls 2 library calls 75002->75123 75004->75006 75008 8ec8e1 75004->75008 75015 8ec6ec _Yarn 75004->75015 75107 8d5650 68 API calls 2 library calls 75005->75107 75006->74999 75108 8d5650 68 API calls 2 library calls 75008->75108 75010 8ecaee 75010->75006 75118 8e7800 45 API calls 2 library calls 75010->75118 75012 8ecb0c 75013 8ecb68 75012->75013 75014 8ecb15 75012->75014 75122 8d5650 68 API calls 2 library calls 75013->75122 75017 8ecb1d 75014->75017 75018 8ecb50 75014->75018 75015->75002 75015->75006 75015->75010 75024 8ec922 75015->75024 75029 8ec8df 75015->75029 75100 932061 75015->75100 75020 8ecb38 75017->75020 75021 8ecb25 75017->75021 75121 8d5650 68 API calls 2 library calls 75018->75121 75120 8d5650 68 API calls 2 library calls 75020->75120 75119 8d5650 68 API calls 2 library calls 75021->75119 75109 8d5650 68 API calls 2 library calls 75024->75109 75026 8ecab2 75027 8ecabc 75026->75027 75028 8ecad5 75026->75028 75027->75006 75116 90eae0 121 API calls 2 library calls 75027->75116 75028->75006 75117 90eeb0 85 API calls 2 library calls 75028->75117 75029->75006 75029->75026 75030 8eca62 75029->75030 75040 8ec9c5 __fread_nolock 75029->75040 75113 8e7800 45 API calls 2 library calls 75030->75113 75034 8eca75 75114 8d5650 68 API calls 2 library calls 75034->75114 75036 8eca8c CertFreeCertificateContext 75037 8eca93 75036->75037 75037->75026 75038 8eca9b 75037->75038 75115 8d5650 68 API calls 2 library calls 75038->75115 75041 8eca4e 75040->75041 75043 8eca23 75040->75043 75047 8eca45 75040->75047 75112 8d5650 68 API calls 2 library calls 75041->75112 75110 8ce890 80 API calls 2 library calls 75043->75110 75045 8eca31 75045->75047 75111 8d5650 68 API calls 2 library calls 75045->75111 75047->75036 75047->75037 75049->74944 75050->74950 75051->74948 75052->74950 75054 909c24 GetModuleHandleA GetProcAddress 75053->75054 75055 909c47 75053->75055 75054->75055 75056 909e0b 75055->75056 75059 909c57 __fread_nolock 75055->75059 75057 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75056->75057 75058 909e1d 75057->75058 75058->74955 75060 909cf1 VerSetConditionMask VerSetConditionMask 75059->75060 75061 909d1d VerSetConditionMask 75060->75061 75062 909d3b 75061->75062 75063 909d2e VerSetConditionMask 75061->75063 75064 909d5c VerifyVersionInfoW 75062->75064 75069 909d53 75062->75069 75063->75062 75064->75069 75065 909df0 75066 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75065->75066 75067 909e04 75066->75067 75067->74955 75068 909d9c 75068->75065 75071 909dc7 75068->75071 75072 909de9 VerifyVersionInfoW 75068->75072 75069->75065 75069->75068 75070 909c00 5 API calls 75069->75070 75070->75068 75073 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75071->75073 75072->75065 75074 909de2 75073->75074 75074->74955 75076 8d578a 75075->75076 75077 8d5740 75075->75077 75078 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75076->75078 75077->75076 75097 8dc210 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75077->75097 75080 8d579c 75078->75080 75080->74956 75081 8d5767 75082 8d5777 75081->75082 75083 8d57a3 75081->75083 75098 8d55b0 67 API calls 75082->75098 75099 917983 5 API calls std::_Locinfo::_Locinfo_dtor 75083->75099 75086 8d57a8 75087->74968 75088->74973 75089->74974 75090->74974 75091->74987 75092->74974 75093->74974 75094->74974 75095->74974 75096->74974 75097->75081 75098->75076 75099->75086 75101 93209f 75100->75101 75105 93206f _strftime 75100->75105 75125 91fe0a 14 API calls __dosmaperr 75101->75125 75103 93208a RtlAllocateHeap 75104 93209d 75103->75104 75103->75105 75104->75015 75105->75101 75105->75103 75124 92c68e EnterCriticalSection LeaveCriticalSection std::_Facet_Register 75105->75124 75107->75006 75108->75006 75109->75006 75110->75045 75111->75047 75112->75047 75113->75034 75114->75047 75115->75006 75116->75006 75117->75006 75118->75012 75119->75006 75120->75006 75121->75006 75122->75006 75123->75006 75124->75105 75125->75104 75126 903580 75127 9035c3 75126->75127 75128 9035cd 75126->75128 75127->75128 75129 903720 75127->75129 75166 904c00 75127->75166 75132 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75128->75132 75255 8e7440 15 API calls __ehhandler$___std_fs_change_permissions@12 75129->75255 75135 9037f8 75132->75135 75133 903733 75136 903750 75133->75136 75137 90373c 75133->75137 75139 903789 75136->75139 75141 903761 75136->75141 75138 8d57b0 68 API calls 75137->75138 75138->75128 75145 905450 3 API calls 75139->75145 75140 905160 76 API calls 75147 903695 WSASetLastError 75140->75147 75148 903678 75141->75148 75256 905450 SleepEx getsockopt 75141->75256 75142 903618 connect 75143 90362f WSAGetLastError 75142->75143 75225 905160 75143->75225 75144 9036eb 75144->75128 75254 9052b0 closesocket 75144->75254 75146 90379b 75145->75146 75146->75148 75151 9037a6 75146->75151 75253 8e7ea0 45 API calls 2 library calls 75147->75253 75148->75128 75148->75140 75148->75144 75155 8c9e60 2 API calls 75151->75155 75154 903640 75157 8d57b0 68 API calls 75154->75157 75158 9037b0 75155->75158 75156 9036c5 75159 8d5720 68 API calls 75156->75159 75160 903659 75157->75160 75162 905160 76 API calls 75158->75162 75159->75144 75160->75129 75161 903667 75160->75161 75252 905320 73 API calls __ehhandler$___std_fs_change_permissions@12 75161->75252 75164 9037c1 75162->75164 75165 8d57b0 68 API calls 75164->75165 75165->75128 75167 8c9e60 2 API calls 75166->75167 75168 904c3c 75167->75168 75259 9053c0 75168->75259 75170 904c57 75183 904cc5 75170->75183 75262 8d6a00 75170->75262 75172 90503e closesocket 75189 904cf8 75172->75189 75173 904c81 75175 904d22 75173->75175 75176 904c8c 75173->75176 75174 8d57b0 68 API calls 75177 905060 75174->75177 75179 904d4d 75175->75179 75180 904d2e setsockopt 75175->75180 75274 91fe0a 14 API calls __dosmaperr 75176->75274 75178 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75177->75178 75182 9035ec 75178->75182 75186 8d5720 68 API calls 75179->75186 75180->75179 75182->75128 75182->75142 75182->75143 75182->75148 75183->75172 75183->75189 75184 904c91 75275 91fe0a 14 API calls __dosmaperr 75184->75275 75188 904d66 75186->75188 75187 904c9e 75276 91fe0a 14 API calls __dosmaperr 75187->75276 75192 904dd6 75188->75192 75194 904d90 setsockopt 75188->75194 75189->75174 75191 904ca5 75277 8e7ea0 45 API calls 2 library calls 75191->75277 75198 909c00 13 API calls 75192->75198 75203 904e1d 75192->75203 75194->75192 75196 904db4 WSAGetLastError 75194->75196 75195 904cb7 75278 8d5650 68 API calls 2 library calls 75195->75278 75279 8e7ea0 45 API calls 2 library calls 75196->75279 75198->75203 75199 904e41 getsockopt 75204 904e63 75199->75204 75205 904e6d setsockopt 75199->75205 75200 904e24 75206 904ea0 setsockopt 75200->75206 75222 904f54 75200->75222 75202 904dca 75207 8d5720 68 API calls 75202->75207 75203->75199 75203->75200 75204->75200 75204->75205 75205->75200 75208 904ec8 WSAGetLastError 75206->75208 75209 904eda 75206->75209 75207->75192 75211 904f4e 75208->75211 75217 904f06 WSAIoctl 75209->75217 75210 904fa5 75280 904690 160 API calls 2 library calls 75210->75280 75214 8d5720 68 API calls 75211->75214 75212 904fea 75281 90eab0 ioctlsocket 75212->75281 75214->75222 75215 904ff4 75215->75189 75219 905160 76 API calls 75215->75219 75220 904f3e WSAGetLastError 75217->75220 75217->75222 75218 904fc2 75218->75212 75221 904fcb 75218->75221 75223 905015 75219->75223 75220->75211 75221->75183 75222->75183 75222->75210 75222->75212 75224 8c9e60 2 API calls 75223->75224 75224->75189 75226 90528d 75225->75226 75227 90519d __fread_nolock 75225->75227 75228 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75226->75228 75229 9051b6 getsockname 75227->75229 75230 90529f 75228->75230 75231 9051d3 WSAGetLastError 75229->75231 75232 90521a 75229->75232 75230->75154 75285 8e7ea0 45 API calls 2 library calls 75231->75285 75234 8d6a00 20 API calls 75232->75234 75236 905236 75234->75236 75235 9051ee 75286 8d5650 68 API calls 2 library calls 75235->75286 75236->75226 75238 90523d 75236->75238 75287 91fe0a 14 API calls __dosmaperr 75238->75287 75239 9051fb 75241 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75239->75241 75243 905213 75241->75243 75242 905243 75288 91fe0a 14 API calls __dosmaperr 75242->75288 75243->75154 75245 90524a 75289 8e7ea0 45 API calls 2 library calls 75245->75289 75247 90525f 75290 8d5650 68 API calls 2 library calls 75247->75290 75249 90526d 75250 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75249->75250 75251 905286 75250->75251 75251->75154 75252->75148 75253->75156 75254->75128 75255->75133 75257 90548f WSAGetLastError 75256->75257 75258 905497 75256->75258 75257->75258 75258->75148 75260 905400 socket 75259->75260 75261 9053d0 75259->75261 75260->75261 75261->75170 75264 8d6a6d 75262->75264 75265 8d6a0f 75262->75265 75263 8d6a99 75263->75173 75264->75263 75284 8dc130 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75264->75284 75266 8d6a50 75265->75266 75282 908b60 19 API calls __dosmaperr 75265->75282 75283 91fe0a 14 API calls __dosmaperr 75266->75283 75270 8d6a88 75270->75173 75271 8d6a30 75271->75266 75273 8d6a37 htons 75271->75273 75272 8d6a62 75272->75173 75273->75173 75274->75184 75275->75187 75276->75191 75277->75195 75278->75183 75279->75202 75280->75218 75281->75215 75282->75271 75283->75272 75284->75270 75285->75235 75286->75239 75287->75242 75288->75245 75289->75247 75290->75249 75291 903900 send 75292 90397d WSAGetLastError 75291->75292 75294 90398d 75291->75294 75293 903995 75292->75293 75292->75294 75302 8e7ea0 45 API calls 2 library calls 75293->75302 75295 8d57b0 68 API calls 75294->75295 75297 9039da 75295->75297 75299 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75297->75299 75298 9039a5 75303 8d5650 68 API calls 2 library calls 75298->75303 75301 903a02 75299->75301 75302->75298 75303->75294 75304 917041 75305 91704d ___scrt_is_nonwritable_in_current_image 75304->75305 75330 91723d 75305->75330 75307 9171a7 75362 917ce9 4 API calls 2 library calls 75307->75362 75308 917054 75308->75307 75319 91707e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock __purecall 75308->75319 75310 9171ae 75355 92d2f9 75310->75355 75314 9171bc 75315 91709d 75316 91711e 75338 917e04 75316->75338 75318 917124 75342 8a5340 75318->75342 75319->75315 75319->75316 75358 92d2d3 39 API calls 4 library calls 75319->75358 75322 917139 75359 917e3a GetModuleHandleW 75322->75359 75324 917140 75324->75310 75325 917144 75324->75325 75326 91714d 75325->75326 75360 92d2ae 21 API calls __purecall 75325->75360 75361 9173ae 75 API calls ___scrt_uninitialize_crt 75326->75361 75329 917155 75329->75315 75331 917246 75330->75331 75364 916d70 IsProcessorFeaturePresent 75331->75364 75333 917252 75365 91a34e 10 API calls 2 library calls 75333->75365 75335 917257 75336 91725b 75335->75336 75366 91a36d 7 API calls 2 library calls 75335->75366 75336->75308 75367 918ba0 75338->75367 75341 917e2a 75341->75318 75369 8c18a0 AcquireSRWLockExclusive 75342->75369 75344 8a5353 CreateMutexW GetLastError 75345 8a537a 75344->75345 75346 8a5372 ExitProcess 75344->75346 75372 8a4c20 75345->75372 75349 8a53a3 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75349->75322 75675 92d0eb 75355->75675 75358->75316 75359->75324 75360->75326 75361->75329 75362->75310 75363 92d2bd 21 API calls __purecall 75363->75314 75364->75333 75365->75335 75366->75336 75368 917e17 GetStartupInfoW 75367->75368 75368->75341 75454 8c18d0 75369->75454 75371 8c18b7 ReleaseSRWLockExclusive 75371->75344 75522 8bd4c0 72 API calls 2 library calls 75372->75522 75374 8a4c76 75523 8a3d80 30 API calls 4 library calls 75374->75523 75377 8a52c2 75574 923ee1 29 API calls 2 library calls 75377->75574 75378 8a4cbc std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75378->75377 75524 8c16f0 56 API calls 75378->75524 75379 8a4d29 75525 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75379->75525 75382 8a4d48 75526 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75382->75526 75383 8a52c7 75575 8b93e0 30 API calls 75383->75575 75385 8a4d55 75527 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75385->75527 75388 8a4d62 75528 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75388->75528 75389 8a52e6 75576 8b9480 30 API calls 3 library calls 75389->75576 75392 8a4d74 75529 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75392->75529 75393 8a52f9 75577 9185af RaiseException 75393->75577 75396 8a4d87 75530 8c1750 75396->75530 75397 8a530d 75578 923ee1 29 API calls 2 library calls 75397->75578 75400 8a4d90 75402 8a521f 75400->75402 75554 8a97d0 30 API calls 2 library calls 75400->75554 75401 8a5312 75579 923ee1 29 API calls 2 library calls 75401->75579 75573 8c16d0 126 API calls 75402->75573 75404 8a5317 75580 923ee1 29 API calls 2 library calls 75404->75580 75408 8a4db7 75555 8ac980 43 API calls 75408->75555 75409 8a529a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75411 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75409->75411 75410 8a522b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75410->75404 75410->75409 75412 8a52bb 75411->75412 75412->75349 75453 923ee1 29 API calls 2 library calls 75412->75453 75414 8a4e02 75556 8a7f30 47 API calls 5 library calls 75414->75556 75416 8a4e15 75557 8a7e60 30 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75416->75557 75418 8a4e20 75558 8a6160 30 API calls 4 library calls 75418->75558 75420 8a4e66 75559 8a8a70 30 API calls 4 library calls 75420->75559 75422 8a4e6e 75560 8a5b20 30 API calls 2 library calls 75422->75560 75424 8a4e97 75561 8a5b20 30 API calls 2 library calls 75424->75561 75427 8a50ee 75565 8bd4c0 72 API calls 2 library calls 75427->75565 75429 8a50f9 75566 8a3d80 30 API calls 4 library calls 75429->75566 75431 8a514e 75431->75397 75434 8a5185 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75431->75434 75432 8a4ee3 75432->75383 75432->75427 75436 8a6160 30 API calls 75432->75436 75439 8a8a70 30 API calls 75432->75439 75451 8a5206 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75432->75451 75452 8a508d std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 75432->75452 75562 8a5470 30 API calls 2 library calls 75432->75562 75567 8c16f0 56 API calls 75434->75567 75436->75432 75437 8a5194 75568 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75437->75568 75439->75432 75440 8a51ad 75569 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75440->75569 75442 8a51ba 75570 8c4660 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 75442->75570 75444 8a51c7 75445 8c1750 183 API calls 75444->75445 75446 8a51d0 75445->75446 75571 8c16d0 126 API calls 75446->75571 75450 8a51d9 75450->75401 75450->75451 75572 8a5b20 30 API calls 2 library calls 75451->75572 75452->75377 75452->75432 75563 8a6160 30 API calls 4 library calls 75452->75563 75564 8a43f0 191 API calls 3 library calls 75452->75564 75455 8c18e1 75454->75455 75457 8c18e4 75454->75457 75455->75371 75456 8c193a 75456->75371 75457->75456 75459 8d7f00 75457->75459 75460 8d7f1e WSAStartup 75459->75460 75461 8d7f61 75459->75461 75462 8d7f47 75460->75462 75463 8d7f32 75460->75463 75496 909fe0 75461->75496 75467 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75462->75467 75463->75461 75466 8d7f41 WSACleanup 75463->75466 75465 8d7f66 75468 8d7f6e GetModuleHandleA 75465->75468 75469 8d8134 75465->75469 75466->75462 75470 8d7f5a 75467->75470 75471 8d7f8a 75468->75471 75472 8d7f95 GetProcAddress 75468->75472 75473 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75469->75473 75470->75456 75474 8d80b9 GetModuleHandleA 75471->75474 75475 8d7faf _strpbrk 75472->75475 75476 8d8142 75473->75476 75477 8d80ca GetProcAddress GetProcAddress GetProcAddress 75474->75477 75478 8d80f1 75474->75478 75479 8d7fde 75475->75479 75480 8d7fb6 75475->75480 75476->75456 75477->75478 75481 909c00 13 API calls 75478->75481 75484 8d8003 GetSystemDirectoryA 75479->75484 75485 8d7fe2 GetProcAddress 75479->75485 75482 8d7fcc LoadLibraryA 75480->75482 75495 8d7fba 75480->75495 75483 8d8100 75481->75483 75482->75495 75486 909c00 13 API calls 75483->75486 75488 8d8019 75484->75488 75484->75495 75485->75484 75487 8d7fee LoadLibraryExA 75485->75487 75490 8d8118 QueryPerformanceFrequency 75486->75490 75487->75495 75491 8d802c GetSystemDirectoryA 75488->75491 75488->75495 75489 8d80a8 GetProcAddress 75489->75471 75489->75474 75490->75469 75492 8d803b 75491->75492 75491->75495 75492->75492 75493 8d807d 75492->75493 75494 8d808a LoadLibraryA 75493->75494 75493->75495 75494->75495 75495->75474 75495->75489 75497 90a045 75496->75497 75498 909fe9 75496->75498 75497->75465 75499 909c00 13 API calls 75498->75499 75500 909ff8 75499->75500 75505 8d7db0 GetModuleHandleA 75500->75505 75502 90a00d 75503 90a019 GetProcAddress 75502->75503 75504 90a029 75502->75504 75503->75504 75504->75465 75506 8d7dca GetProcAddress 75505->75506 75507 8d7dc6 75505->75507 75508 8d7de9 _strpbrk 75506->75508 75507->75502 75509 8d7df0 75508->75509 75510 8d7e12 75508->75510 75513 8d7df4 75509->75513 75514 8d7e03 LoadLibraryA 75509->75514 75511 8d7e38 GetSystemDirectoryA 75510->75511 75512 8d7e16 GetProcAddress 75510->75512 75516 8d7e50 75511->75516 75517 8d7ee5 75511->75517 75512->75511 75515 8d7e26 LoadLibraryExA 75512->75515 75513->75502 75514->75502 75515->75502 75516->75517 75518 8d7e73 GetSystemDirectoryA 75516->75518 75517->75502 75518->75517 75519 8d7e82 75518->75519 75520 8d7edc LoadLibraryA 75519->75520 75521 8d7ec1 75519->75521 75520->75517 75521->75502 75522->75374 75523->75378 75524->75379 75525->75382 75526->75385 75527->75388 75528->75392 75529->75396 75531 8c175a 75530->75531 75532 8c1760 75530->75532 75531->75400 75533 8c1789 75532->75533 75534 8c1773 75532->75534 75538 8c179f 75533->75538 75586 8c4c00 57 API calls 75533->75586 75585 8d5650 68 API calls 2 library calls 75534->75585 75537 8c177e 75537->75400 75539 8c17a8 75538->75539 75581 8c5020 70 API calls 75538->75581 75539->75400 75541 8c17dd 75542 8c17e6 75541->75542 75550 8c180e 75541->75550 75587 8c5210 126 API calls 75542->75587 75544 8c1871 75590 8c54c0 94 API calls 75544->75590 75545 8c17ec 75545->75400 75548 8c1888 75548->75400 75550->75544 75551 8c185c 75550->75551 75582 8c5490 75550->75582 75588 8c5370 94 API calls __ehhandler$___std_fs_change_permissions@12 75550->75588 75589 8c54c0 94 API calls 75551->75589 75553 8c1866 75553->75400 75554->75408 75555->75414 75556->75416 75557->75418 75558->75420 75559->75422 75560->75424 75561->75432 75562->75432 75563->75452 75564->75452 75565->75429 75566->75431 75567->75437 75568->75440 75569->75442 75570->75444 75571->75450 75572->75402 75573->75410 75575->75389 75576->75393 75577->75397 75581->75541 75591 8c7210 75582->75591 75584 8c54ad 75584->75550 75585->75537 75586->75538 75587->75545 75588->75550 75589->75553 75590->75548 75592 8c7867 75591->75592 75593 8c7269 75591->75593 75594 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75592->75594 75593->75592 75596 8c727f 75593->75596 75597 8c7299 75593->75597 75595 8c7883 75594->75595 75595->75584 75600 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75596->75600 75598 8c72a5 75597->75598 75599 8c72c2 75597->75599 75602 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75598->75602 75603 8c72f0 75599->75603 75605 8c5bf0 68 API calls 75599->75605 75601 8c7292 75600->75601 75601->75584 75604 8c72bb 75602->75604 75634 8c7120 75603->75634 75604->75584 75605->75599 75607 8c72ff 75608 8c734c 75607->75608 75622 8c736a 75607->75622 75611 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75608->75611 75609 8c7586 75615 8c7599 WSAWaitForMultipleEvents 75609->75615 75625 8c77e3 75609->75625 75630 8c75b3 75609->75630 75614 8c7363 75611->75614 75612 8c74c1 getsockopt 75618 8c7471 75612->75618 75613 8e70c0 15 API calls 75613->75609 75614->75584 75615->75630 75616 8c74f9 send 75616->75618 75617 8c7577 75617->75609 75617->75613 75618->75612 75618->75616 75618->75617 75619 8c77d3 WSAResetEvent 75619->75625 75620 8c73ec getsockopt 75620->75622 75621 8c7434 WSAEventSelect 75621->75617 75621->75622 75622->75618 75622->75620 75622->75621 75623 8c7421 send 75622->75623 75642 8c5bf0 75622->75642 75623->75622 75624 8c5bf0 68 API calls 75624->75630 75625->75592 75626 8c7120 7 API calls 75625->75626 75628 8c783c 75626->75628 75627 8c7780 WSAEnumNetworkEvents 75629 8c77ad WSAEventSelect 75627->75629 75627->75630 75628->75592 75631 8c7856 75628->75631 75629->75627 75629->75630 75630->75619 75630->75624 75630->75627 75630->75629 75666 8e7570 WSASetLastError Sleep 75631->75666 75633 8c7864 75633->75592 75635 8c7144 75634->75635 75636 8c7136 75634->75636 75637 8c71f6 75635->75637 75638 8c9e60 2 API calls 75635->75638 75636->75607 75637->75607 75639 8c7158 75638->75639 75641 8c717f 75639->75641 75667 8df160 5 API calls __ehhandler$___std_fs_change_permissions@12 75639->75667 75641->75607 75643 8c5c01 75642->75643 75644 8c5c1a 75643->75644 75645 8c5cb7 75643->75645 75659 8c5cc3 75643->75659 75646 8c5c6c 75644->75646 75647 8c5c9e 75644->75647 75648 8c5c28 75644->75648 75649 8c5c3a 75644->75649 75650 8c5c85 75644->75650 75651 8c5c53 75644->75651 75644->75659 75674 8d5650 68 API calls 2 library calls 75645->75674 75671 8d5360 5 API calls __ehhandler$___std_fs_change_permissions@12 75646->75671 75673 8d5360 5 API calls __ehhandler$___std_fs_change_permissions@12 75647->75673 75668 8d5360 5 API calls __ehhandler$___std_fs_change_permissions@12 75648->75668 75669 8d5360 5 API calls __ehhandler$___std_fs_change_permissions@12 75649->75669 75672 8d5360 5 API calls __ehhandler$___std_fs_change_permissions@12 75650->75672 75670 8d5360 5 API calls __ehhandler$___std_fs_change_permissions@12 75651->75670 75659->75622 75660 8c5c34 75660->75622 75661 8c5c91 75661->75622 75662 8c5c46 75662->75622 75663 8c5caa 75663->75622 75664 8c5c5f 75664->75622 75665 8c5c78 75665->75622 75666->75633 75667->75641 75668->75660 75669->75662 75670->75664 75671->75665 75672->75661 75673->75663 75674->75659 75676 92d12a 75675->75676 75677 92d118 75675->75677 75687 92cfb6 75676->75687 75702 92d1b3 GetModuleHandleW 75677->75702 75680 92d11d 75680->75676 75703 92d20e GetModuleHandleExW 75680->75703 75681 9171b4 75681->75363 75686 92d17c 75688 92cfc2 ___scrt_is_nonwritable_in_current_image 75687->75688 75709 9240c1 EnterCriticalSection 75688->75709 75690 92cfcc 75710 92d003 75690->75710 75692 92cfd9 75714 92cff7 75692->75714 75695 92d182 75719 92d1f5 75695->75719 75697 92d18c 75698 92d1a0 75697->75698 75699 92d190 GetCurrentProcess TerminateProcess 75697->75699 75700 92d20e __purecall 3 API calls 75698->75700 75699->75698 75701 92d1a8 ExitProcess 75700->75701 75702->75680 75704 92d26e 75703->75704 75705 92d24d GetProcAddress 75703->75705 75707 92d274 FreeLibrary 75704->75707 75708 92d129 75704->75708 75705->75704 75706 92d261 75705->75706 75706->75704 75707->75708 75708->75676 75709->75690 75711 92d00f ___scrt_is_nonwritable_in_current_image __purecall 75710->75711 75713 92d073 __purecall 75711->75713 75717 92ee53 14 API calls 3 library calls 75711->75717 75713->75692 75718 924109 LeaveCriticalSection 75714->75718 75716 92cfe5 75716->75681 75716->75695 75717->75713 75718->75716 75722 937f86 75719->75722 75721 92d1fa __purecall 75721->75697 75723 937f95 __purecall 75722->75723 75724 937fa2 75723->75724 75726 9337bb 75723->75726 75724->75721 75727 933736 std::_Locinfo::_Locinfo_dtor 5 API calls 75726->75727 75728 9337d7 75727->75728 75728->75724 75729 8eb0fc 75730 8eb102 75729->75730 75731 909c00 13 API calls 75730->75731 75739 8eb12a 75730->75739 75731->75739 75732 8eb191 75733 8eb7b6 75732->75733 75740 8eb1d9 75732->75740 75836 92f82c 29 API calls 3 library calls 75732->75836 75737 8eb7cd 75733->75737 75738 8eb804 75733->75738 75735 909c00 13 API calls 75735->75739 75736 8eb3db 75742 8eb3f3 75736->75742 75751 8eb523 75736->75751 75855 8d5650 68 API calls 2 library calls 75737->75855 75748 909c00 13 API calls 75738->75748 75760 8ebc62 __fread_nolock 75738->75760 75739->75732 75739->75735 75743 8eb1eb 75739->75743 75740->75736 75747 8eb3ad 75740->75747 75745 8eb3f7 CertOpenStore 75742->75745 75822 8eb469 75743->75822 75865 8d5650 68 API calls 2 library calls 75743->75865 75744 8eb7db 75752 8eb7ed 75744->75752 75753 8eb7e6 CertFreeCertificateContext 75744->75753 75754 8eb476 CryptStringToBinaryA 75745->75754 75755 8eb411 75745->75755 75746 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75756 8ebf10 75746->75756 75837 8d5650 68 API calls 2 library calls 75747->75837 75757 8eb830 75748->75757 75750 8eb547 75790 8eb5c1 75750->75790 75845 927039 66 API calls __wsopen_s 75750->75845 75751->75750 75844 923c91 14 API calls ___free_lconv_mon 75751->75844 75761 8eb7f1 CertCloseStore 75752->75761 75752->75822 75753->75752 75771 8eb4d9 CertFindCertificateInStore 75754->75771 75772 8eb4b9 75754->75772 75838 92f82c 29 API calls 3 library calls 75755->75838 75757->75760 75824 8eb83b __fread_nolock 75757->75824 75765 8ebcaf 75760->75765 75770 8d5720 68 API calls 75760->75770 75828 8eba76 75760->75828 75761->75822 75762 8eb41b GetLastError 75839 8d5650 68 API calls 2 library calls 75762->75839 75764 8ebeaf 75863 8d5650 68 API calls 2 library calls 75764->75863 75774 8ebcb8 75765->75774 75831 8ebccd 75765->75831 75769 8eb559 75777 8eb575 75769->75777 75846 927fe7 36 API calls __wsopen_s 75769->75846 75770->75765 75782 8eb4fb 75771->75782 75783 8eb501 75771->75783 75778 8eb4bd 75772->75778 75779 8eb510 CertCloseStore 75772->75779 75858 8d5650 68 API calls 2 library calls 75774->75858 75775 8eb3d3 75775->75822 75841 923c91 14 API calls ___free_lconv_mon 75775->75841 75776 8eb444 75776->75775 75840 923c91 14 API calls ___free_lconv_mon 75776->75840 75784 8eb6a2 75777->75784 75815 8eb582 75777->75815 75849 927039 66 API calls __wsopen_s 75777->75849 75842 923c91 14 API calls ___free_lconv_mon 75778->75842 75779->75822 75780 8ebec4 75864 923c91 14 API calls ___free_lconv_mon 75780->75864 75843 923c91 14 API calls ___free_lconv_mon 75782->75843 75783->75733 75783->75779 75850 92721d 69 API calls __wsopen_s 75784->75850 75789 8eb707 75795 8eb76b CertFindCertificateInStore 75789->75795 75796 8eb723 GetLastError 75789->75796 75790->75789 75794 8eb610 MultiByteToWideChar 75790->75794 75800 8eb635 75790->75800 75793 8eb4c3 CertCloseStore 75793->75822 75794->75800 75795->75733 75803 8eb787 GetLastError 75795->75803 75801 8eb72e 75796->75801 75802 8eb74b 75796->75802 75797 8ebe4d CertFreeCertificateContext 75798 8ebe54 75797->75798 75798->75822 75861 8e7800 45 API calls 2 library calls 75798->75861 75806 909c00 13 API calls 75800->75806 75852 8d5650 68 API calls 2 library calls 75801->75852 75853 8d5650 68 API calls 2 library calls 75802->75853 75854 8d5650 68 API calls 2 library calls 75803->75854 75812 8eb649 PFXImportCertStore 75806->75812 75811 8eb6b1 75851 8d5650 68 API calls 2 library calls 75811->75851 75812->75789 75813 8eb7a0 CertCloseStore 75813->75822 75814 8ebe6b 75862 8d5650 68 API calls 2 library calls 75814->75862 75815->75784 75847 92695d 43 API calls __fread_nolock 75815->75847 75819 8eba13 75827 8eba5e 75819->75827 75819->75828 75821 8eb1fb 75821->75740 75821->75745 75821->75764 75821->75822 75822->75746 75823 8eb5a1 75823->75784 75825 8eb5ad 75823->75825 75824->75819 75824->75824 75824->75828 75832 8eba15 75824->75832 75848 92721d 69 API calls __wsopen_s 75825->75848 75857 8d5650 68 API calls 2 library calls 75827->75857 75828->75797 75828->75798 75829 8eb5b3 75829->75790 75829->75811 75831->75828 75834 8ebddf 75831->75834 75859 91fbdb 42 API calls 2 library calls 75831->75859 75856 8d5650 68 API calls 2 library calls 75832->75856 75860 8d5650 68 API calls 2 library calls 75834->75860 75836->75821 75837->75775 75838->75762 75839->75776 75840->75775 75841->75822 75842->75793 75843->75783 75844->75750 75845->75769 75846->75777 75847->75823 75848->75829 75849->75815 75850->75811 75851->75822 75852->75822 75853->75822 75854->75813 75855->75744 75856->75822 75857->75822 75858->75822 75859->75831 75860->75822 75861->75814 75862->75822 75863->75780 75864->75743 75865->75822 75866 8ca7d0 75867 8ca886 75866->75867 75868 8ca7e1 EnterCriticalSection LeaveCriticalSection 75866->75868 75869 8ca80f 75868->75869 75870 8ca829 75868->75870 75871 8ca81c 75869->75871 75872 8ca813 CloseHandle 75869->75872 75873 8ca82d GetAddrInfoExCancel WaitForSingleObject FindCloseChangeNotification 75870->75873 75874 8ca849 75870->75874 75884 8e9e00 CloseHandle 75871->75884 75878 8ca864 75872->75878 75873->75874 75875 8ca85b 75874->75875 75876 8ca852 75874->75876 75886 8ca8b0 DeleteCriticalSection closesocket __fread_nolock 75875->75886 75885 8e9e10 WaitForSingleObjectEx CloseHandle 75876->75885 75882 8ca87a closesocket 75878->75882 75881 8ca824 75881->75878 75882->75867 75883 8ca858 75883->75875 75884->75881 75885->75883 75886->75878 75887 8d12b0 75895 9314af 75887->75895 75888 8d12c7 75889 8d12be 75889->75888 75902 8cef50 GetEnvironmentVariableA 75889->75902 75891 8d142d 75892 8d1437 75891->75892 75903 8cef50 GetEnvironmentVariableA 75891->75903 75901 9314bc _strftime 75895->75901 75896 9314fc 75905 91fe0a 14 API calls __dosmaperr 75896->75905 75897 9314e7 RtlAllocateHeap 75899 9314fa 75897->75899 75897->75901 75899->75889 75901->75896 75901->75897 75904 92c68e EnterCriticalSection LeaveCriticalSection std::_Facet_Register 75901->75904 75902->75891 75903->75892 75904->75901 75905->75899 75906 8e8530 75907 8e855a FormatMessageW 75906->75907 75912 8e8595 75906->75912 75909 8e8586 75907->75909 75907->75912 75908 916d32 __ehhandler$___std_fs_change_permissions@12 5 API calls 75910 8e85df 75908->75910 75913 92bd2a 41 API calls 2 library calls 75909->75913 75912->75908 75913->75912 75914 8eab70 75917 8e9fb0 75914->75917 75916 8eab7d 75918 918ba0 __fread_nolock 75917->75918 75919 8e9fbf BCryptGenRandom 75918->75919 75919->75916

      Executed Functions

      Function 008EB0FC Relevance: 102.5, APIs: 16, Strings: 42, Instructions: 1027COMMON
      Download Yara Rule
      Strings
      • LocalMachine, xrefs: 008EB23F
      • (memory blob), xrefs: 008EB3B3, 008EB529
      • schannel: Failed to import cert file %s, last error is 0x%lx, xrefs: 008EB750
      • Microsoft Unified Security Protocol Provider, xrefs: 008EBE37
      • USE_STRONG_CRYPTO, xrefs: 008EBD6C
      • schannel: TLS 1.3 not supported on Windows prior to 11, xrefs: 008EB1EB
      • :, xrefs: 008EB35A
      • SHA256, xrefs: 008EBACD
      • SCH_USE_STRONG_CRYPTO, xrefs: 008EBD80
      • schannel: Failed to open cert store %lx %s, last error is 0x%lx, xrefs: 008EB436
      • schannel: Failed to read cert file %s, xrefs: 008EB6BE
      • $, xrefs: 008EBBD3
      • schannel: Failed to import cert file %s, password is bad, xrefs: 008EB732
      • schannel: Unknown TLS 1.3 cipher: %.*s, xrefs: 008EBA17
      • schannel: unable to allocate memory, xrefs: 008EB7CD
      • schannel: Failed setting algorithm cipher list, xrefs: 008EBDDF
      • schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time, xrefs: 008EBCB8
      • TLS_AES_128_CCM_8_SHA256, xrefs: 008EB9A1
      • schannel: All available TLS 1.3 ciphers were disabled, xrefs: 008EBA5E
      • Users, xrefs: 008EB293
      • LocalMachineGroupPolicy, xrefs: 008EB2C7
      • , xrefs: 008EBADE
      • SHA384, xrefs: 008EBAC8
      • schannel: Failed to get certificate location or file for %s, xrefs: 008EBEB9
      • CurrentUserGroupPolicy, xrefs: 008EB2AD
      • Services, xrefs: 008EB279
      • (unknown), xrefs: 008EB429, 008EB431
      • @, xrefs: 008EBB42
      • P12, xrefs: 008EB39B
      • AES, xrefs: 008EBB1A, 008EBB57
      • CurrentService, xrefs: 008EB25C
      • TLS_AES_256_GCM_SHA384, xrefs: 008EB91A
      • schannel: certificate format compatibility error for %s, xrefs: 008EB3C5
      • CurrentUser, xrefs: 008EB222
      • LocalMachineEnterprise, xrefs: 008EB2E1
      • , xrefs: 008EBAA5
      • schannel: Failed to get certificate from file %s, last error is 0x%lx, xrefs: 008EB792
      • schannel: AcquireCredentialsHandle failed: %s, xrefs: 008EBE6C
      • TLS_AES_128_GCM_SHA256, xrefs: 008EB944
      • schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list., xrefs: 008EBCA4
      • TLS_AES_128_CCM_SHA256, xrefs: 008EB9D4
      • TLS_CHACHA20_POLY1305_SHA256, xrefs: 008EB972
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: $ $$$(memory blob)$(unknown)$:$@$AES$CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$P12$SCH_USE_STRONG_CRYPTO$SHA256$SHA384$Services$TLS_AES_128_CCM_8_SHA256$TLS_AES_128_CCM_SHA256$TLS_AES_128_GCM_SHA256$TLS_AES_256_GCM_SHA384$TLS_CHACHA20_POLY1305_SHA256$USE_STRONG_CRYPTO$Users$schannel: AcquireCredentialsHandle failed: %s$schannel: All available TLS 1.3 ciphers were disabled$schannel: Failed setting algorithm cipher list$schannel: Failed to get certificate from file %s, last error is 0x%lx$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%lx$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %lx %s, last error is 0x%lx$schannel: Failed to read cert file %s$schannel: TLS 1.3 not supported on Windows prior to 11$schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time$schannel: Unknown TLS 1.3 cipher: %.*s$schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list.$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
      • API String ID: 0-4057228240
      • Opcode ID: 55c5baefc110950a741d707dff9c77ae3687b7fb346cc0dadd82c3427ea130b3
      • Instruction ID: 25fb540acc946de3206303a382ca5e5e7b4513bfc4a6e555f497882a0706b48b
      • Opcode Fuzzy Hash: 55c5baefc110950a741d707dff9c77ae3687b7fb346cc0dadd82c3427ea130b3
      • Instruction Fuzzy Hash: D182E2706083859BD7219F269C45BABBBE4FF96708F04052DF988E7292E771D908C793
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E9570 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 202networkCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 528 8e9570-8e95a1 socket 529 8e97a8-8e97bd call 916d32 528->529 530 8e95a7-8e95fd htonl setsockopt 528->530 532 8e9796-8e97a6 closesocket * 3 530->532 533 8e9603-8e9614 bind 530->533 532->529 533->532 535 8e961a-8e962e getsockname 533->535 535->532 536 8e9634-8e9639 535->536 536->532 537 8e963f-8e964b listen 536->537 537->532 538 8e9651-8e965e socket 537->538 538->532 539 8e9664-8e9675 connect 538->539 539->532 540 8e967b-8e9688 call 90eab0 539->540 540->532 543 8e968e-8e96c1 call 8e70c0 accept 540->543 543->532 546 8e96c7-8e96f4 call 8c9e60 call 8e9e40 543->546 546->532 551 8e96fa-8e9709 send 546->551 552 8e9710-8e9745 call 8e70c0 recv 551->552 555 8e97be-8e97c0 552->555 556 8e9747-8e977d WSAGetLastError call 8c9e60 call 8c9f10 552->556 557 8e97c9-8e97d5 555->557 558 8e97c2-8e97c4 555->558 556->532 566 8e977f 556->566 557->532 560 8e97d7-8e97dd 557->560 558->552 560->532 562 8e97df-8e97e6 560->562 562->532 565 8e97e8-8e97fb closesocket call 916d32 562->565 570 8e9800-8e9803 565->570 568 8e9788-8e9790 566->568 569 8e9781-8e9786 566->569 568->532 568->552 569->532 569->568
      APIs
      • socket.WS2_32 ref: 008E959A
      • htonl.WS2_32(7F000001), ref: 008E95BF
      • setsockopt.WS2_32(00000000,0000FFFF,000000FB,00000006,00000004), ref: 008E95F4
      • bind.WS2_32(00000000,?,00000010), ref: 008E960B
      • getsockname.WS2_32(00000000,?,00000002), ref: 008E9625
      • listen.WS2_32(00000000,00000001), ref: 008E9642
      • socket.WS2_32(00000002,00000001,00000000), ref: 008E9657
      • connect.WS2_32(00000000,?,00000010), ref: 008E966C
        • Part of subcall function 0090EAB0: ioctlsocket.WS2_32(00000018,8004667E,?), ref: 0090EACB
        • Part of subcall function 008E70C0: WSASetLastError.WS2_32(00002726,?), ref: 008E712B
      • accept.WS2_32(00000000,00000000,00000000), ref: 008E96B5
        • Part of subcall function 008C9E60: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008C50BC,?,00000000,00000000,00000008,008A478C,00000000), ref: 008C9E73
        • Part of subcall function 008C9E60: __alldvrm.LIBCMT ref: 008C9E8D
        • Part of subcall function 008C9E60: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C9EB4
      • send.WS2_32(?,?,00000009,00000000), ref: 008E9703
      • recv.WS2_32(FFFFFFFF,?,00000009,00000000), ref: 008E973C
      • WSAGetLastError.WS2_32(?,?,?,?,?,00000001,000003E8,00000000), ref: 008E9747
      • closesocket.WS2_32(00000000), ref: 008E979D
      • closesocket.WS2_32(?), ref: 008E97A1
      • closesocket.WS2_32(FFFFFFFF), ref: 008E97A6
      • closesocket.WS2_32(00000000), ref: 008E97E9
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: closesocket$ErrorLastsocket$CounterPerformanceQueryUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@acceptbindconnectgetsocknamehtonlioctlsocketlistenrecvsendsetsockopt
      • String ID: 3'
      • API String ID: 3942543284-280543908
      • Opcode ID: 1d0bd088e14862ce629754fb3a690e614a64cd6ecaa8147364501d1f0c32c475
      • Instruction ID: 1c7d860edb58ac1dd606649e030e9033a6d85a0f9aa10bf1bf07e2664dbe2c21
      • Opcode Fuzzy Hash: 1d0bd088e14862ce629754fb3a690e614a64cd6ecaa8147364501d1f0c32c475
      • Instruction Fuzzy Hash: 70611470518341ABD3109F2ACC85F6AB7A8FF46724F500B19F5A8D61E1E7B1E988CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008D7DB0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 148libraryloaderCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 674 8d7db0-8d7dc4 GetModuleHandleA 675 8d7dca-8d7dee GetProcAddress call 928020 674->675 676 8d7dc6-8d7dc9 674->676 679 8d7df0-8d7df2 675->679 680 8d7e12-8d7e14 675->680 683 8d7df4-8d7e02 679->683 684 8d7e03-8d7e11 LoadLibraryA 679->684 681 8d7e38-8d7e4a GetSystemDirectoryA 680->681 682 8d7e16-8d7e24 GetProcAddress 680->682 686 8d7eef-8d7ef6 681->686 687 8d7e50-8d7e52 681->687 682->681 685 8d7e26-8d7e37 LoadLibraryExA 682->685 689 8d7e55-8d7e5a 687->689 689->689 690 8d7e5c-8d7e71 689->690 692 8d7ee5-8d7eec 690->692 693 8d7e73-8d7e80 GetSystemDirectoryA 690->693 692->686 693->692 694 8d7e82-8d7e84 693->694 696 8d7e87-8d7e8c 694->696 696->696 697 8d7e8e-8d7e9e 696->697 698 8d7ea0-8d7ea5 697->698 698->698 699 8d7ea7-8d7ead 698->699 700 8d7eb0-8d7ebb 699->700 700->700 701 8d7ebd-8d7ebf 700->701 702 8d7edc-8d7ee3 LoadLibraryA 701->702 703 8d7ec1-8d7edb 701->703 702->692
      APIs
      • GetModuleHandleA.KERNEL32(kernel32,00000000,?,secur32.dll,0090A00D,secur32.dll,00000004,00000000,00000000,00000002,00000002,008D7F66), ref: 008D7DBA
      • GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 008D7DD2
      • _strpbrk.LIBCMT ref: 008D7DE4
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AddressHandleModuleProc_strpbrk
      • String ID: AddDllDirectory$LoadLibraryExA$kernel32$secur32.dll
      • API String ID: 1657965159-2329295995
      • Opcode ID: b3c3ff36658e28895f88b34725be5d06ceca4218f6ccb0313fcdaa5b03913650
      • Instruction ID: f49224051618c8d38a2918a5dbf0285f6afc9b020d7774602d6c2af5db1071f2
      • Opcode Fuzzy Hash: b3c3ff36658e28895f88b34725be5d06ceca4218f6ccb0313fcdaa5b03913650
      • Instruction Fuzzy Hash: E931187A30C3005BDB101F79BC44B777746FFC2626F2441BAF542C6342FE62980A9260
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008C7210 Relevance: 14.0, APIs: 9, Instructions: 488COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 993 8c7210-8c7263 994 8c786e-8c7889 call 916d32 993->994 995 8c7269-8c7270 993->995 995->994 997 8c7276-8c727d 995->997 999 8c727f-8c7298 call 916d32 997->999 1000 8c7299-8c72a3 997->1000 1001 8c72a5-8c72c1 call 916d32 1000->1001 1002 8c72c2-8c72d5 1000->1002 1006 8c72f4-8c7308 call 8c7120 1002->1006 1007 8c72d7-8c72ee call 8c5bf0 1002->1007 1014 8c730a-8c730f 1006->1014 1015 8c7316-8c7331 1006->1015 1013 8c72f0 1007->1013 1013->1006 1014->1015 1016 8c736f-8c7380 1015->1016 1017 8c7333-8c734a 1015->1017 1018 8c7478-8c7482 1016->1018 1019 8c7386-8c738f 1016->1019 1024 8c734c-8c7369 call 916d32 1017->1024 1025 8c736a 1017->1025 1021 8c757e-8c7580 1018->1021 1022 8c7488-8c7499 1018->1022 1019->1018 1023 8c7395-8c73a9 call 8c5bf0 1019->1023 1026 8c7586-8c758d 1021->1026 1027 8c7691-8c76a7 call 8e70c0 1021->1027 1028 8c74a0-8c74bf 1022->1028 1042 8c745e-8c746b 1023->1042 1043 8c73af-8c73b3 1023->1043 1025->1016 1031 8c77e3-8c77e8 1026->1031 1032 8c7593-8c7597 1026->1032 1045 8c76a9 1027->1045 1046 8c76b3 1027->1046 1033 8c7506-8c7516 1028->1033 1034 8c74c1-8c74f0 getsockopt 1028->1034 1038 8c77ea-8c77f4 1031->1038 1039 8c77f7-8c77fd 1031->1039 1040 8c7599-8c75ad WSAWaitForMultipleEvents 1032->1040 1054 8c751c-8c752a 1033->1054 1055 8c7673-8c7678 1033->1055 1034->1033 1041 8c74f2-8c74f7 1034->1041 1038->1039 1051 8c77ff-8c7803 1039->1051 1052 8c7805-8c780d 1039->1052 1048 8c75b3-8c75c5 1040->1048 1041->1033 1049 8c74f9-8c7500 send 1041->1049 1042->1023 1047 8c7471 1042->1047 1050 8c73b6-8c73d7 1043->1050 1045->1046 1046->1040 1058 8c76b9-8c76bd 1046->1058 1047->1018 1060 8c75cb-8c75dc 1048->1060 1061 8c7753-8c7758 1048->1061 1049->1033 1062 8c73d9-8c73e1 1050->1062 1063 8c73e5-8c73ea 1050->1063 1051->1052 1056 8c780f-8c7811 1052->1056 1057 8c7867 1052->1057 1064 8c752c-8c7531 1054->1064 1065 8c7534-8c753a 1054->1065 1067 8c767a-8c7684 1055->1067 1068 8c7687 1055->1068 1056->1057 1066 8c7813-8c781a 1056->1066 1057->994 1058->1048 1071 8c75e0-8c760a 1060->1071 1069 8c775a-8c7763 1061->1069 1070 8c77d3-8c77df WSAResetEvent 1061->1070 1062->1063 1072 8c73ec-8c7418 getsockopt 1063->1072 1073 8c7434-8c7445 WSAEventSelect 1063->1073 1064->1065 1076 8c753c-8c7544 1065->1076 1077 8c7547-8c754a 1065->1077 1066->1057 1078 8c781c-8c7827 1066->1078 1067->1068 1068->1027 1069->1070 1080 8c7765-8c7779 call 8c5bf0 1069->1080 1070->1031 1088 8c76c6-8c76d8 1071->1088 1089 8c7610-8c764e 1071->1089 1074 8c741a-8c741f 1072->1074 1075 8c742b-8c7430 1072->1075 1073->1055 1079 8c744b-8c7458 1073->1079 1074->1075 1082 8c7421-8c7425 send 1074->1082 1075->1073 1076->1077 1084 8c754c-8c754f 1077->1084 1085 8c7552-8c7571 1077->1085 1078->1057 1083 8c7829-8c782f 1078->1083 1079->1042 1079->1050 1093 8c77c8-8c77d1 1080->1093 1094 8c777b-8c777f 1080->1094 1082->1075 1083->1057 1090 8c7831-8c7841 call 8c7120 1083->1090 1084->1085 1085->1028 1091 8c7577 1085->1091 1105 8c76df-8c771e 1088->1105 1106 8c76da-8c76dd 1088->1106 1095 8c7650-8c7652 1089->1095 1096 8c76c2 1089->1096 1090->1057 1107 8c7843-8c7849 1090->1107 1091->1021 1093->1070 1093->1080 1098 8c7780-8c7797 WSAEnumNetworkEvents 1094->1098 1095->1096 1099 8c7654-8c7656 1095->1099 1096->1088 1102 8c77ad-8c77c2 WSAEventSelect 1098->1102 1103 8c7799-8c779d 1098->1103 1099->1096 1104 8c7658-8c766e 1099->1104 1102->1098 1109 8c77c4 1102->1109 1103->1102 1108 8c779f-8c77a1 1103->1108 1110 8c7721-8c774d 1104->1110 1105->1110 1106->1110 1107->1057 1111 8c784b-8c7854 1107->1111 1108->1102 1112 8c77a3-8c77a7 1108->1112 1109->1093 1110->1061 1110->1071 1114 8c785a 1111->1114 1115 8c7856-8c7858 1111->1115 1112->1102 1116 8c77a9 1112->1116 1117 8c785c-8c7864 call 8e7570 1114->1117 1115->1114 1115->1117 1116->1102 1117->1057
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 47a6c8bf1bc912a015fd1db1a4c1a53fc93bfe03d13a339c51e15f19f0e03765
      • Instruction ID: 511cea6485c3ae75803973d7604d8466fd56d06b4029a7073aa6c1e8ce21518e
      • Opcode Fuzzy Hash: 47a6c8bf1bc912a015fd1db1a4c1a53fc93bfe03d13a339c51e15f19f0e03765
      • Instruction Fuzzy Hash: 44124770A083869FDB25CF29C880B6ABBE4FF98304F44482EF999D7251E774D944DB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E70C0 Relevance: 12.3, APIs: 8, Instructions: 262networksleepCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1181 8e70c0-8e70e2 1182 8e70fc-8e710e 1181->1182 1183 8e70e4-8e70ef 1181->1183 1185 8e741c-8e7433 call 916d32 1182->1185 1186 8e7114-8e7116 1182->1186 1183->1182 1184 8e70f1-8e70f5 1183->1184 1187 8e714a-8e7171 1184->1187 1188 8e70f7-8e70fa 1184->1188 1190 8e711c 1186->1190 1191 8e7408-8e740d 1186->1191 1196 8e7175-8e7181 1187->1196 1188->1182 1188->1184 1194 8e711e-8e7120 1190->1194 1195 8e7126-8e7149 WSASetLastError call 916d32 1190->1195 1192 8e7415-8e7416 Sleep 1191->1192 1192->1185 1194->1195 1197 8e73fd-8e73ff 1194->1197 1199 8e7268-8e7272 1196->1199 1200 8e7187 1196->1200 1197->1192 1203 8e7401 1197->1203 1199->1196 1205 8e7278-8e727a 1199->1205 1201 8e729f-8e72aa WSASetLastError 1200->1201 1202 8e718d-8e719b 1200->1202 1208 8e72ad-8e72c5 call 916d32 1201->1208 1206 8e725d-8e7264 1202->1206 1207 8e71a1-8e71b3 1202->1207 1203->1191 1209 8e7403-8e7406 1203->1209 1210 8e727c-8e727e 1205->1210 1211 8e72c6-8e731c call 90e990 select 1205->1211 1206->1199 1212 8e71b5-8e71b9 1207->1212 1213 8e71e1-8e71e7 1207->1213 1209->1191 1209->1192 1210->1211 1216 8e7280-8e7282 1210->1216 1228 8e7322-8e7326 1211->1228 1217 8e71cb-8e71cd 1212->1217 1218 8e71bb 1212->1218 1221 8e71e9-8e71ed 1213->1221 1222 8e7221-8e7226 1213->1222 1216->1211 1223 8e7284-8e729a call 8e7570 1216->1223 1217->1213 1227 8e71cf-8e71d2 1217->1227 1226 8e71c0-8e71c4 1218->1226 1229 8e71fe-8e7200 1221->1229 1230 8e71ef 1221->1230 1222->1206 1225 8e7228-8e722c 1222->1225 1223->1228 1232 8e723e-8e7240 1225->1232 1233 8e722e 1225->1233 1226->1217 1234 8e71c6-8e71c9 1226->1234 1227->1213 1235 8e71d4-8e71dd 1227->1235 1236 8e7328-8e732b 1228->1236 1237 8e7344-8e734d 1228->1237 1239 8e721d 1229->1239 1240 8e7202-8e7205 1229->1240 1238 8e71f0-8e71f7 1230->1238 1232->1206 1243 8e7242-8e7245 1232->1243 1242 8e7230-8e7237 1233->1242 1234->1217 1234->1226 1235->1213 1244 8e733d-8e733f 1236->1244 1245 8e732d-8e733a WSAGetLastError 1236->1245 1247 8e7352-8e735d 1237->1247 1238->1229 1246 8e71f9-8e71fc 1238->1246 1239->1222 1240->1239 1241 8e7207-8e7216 1240->1241 1241->1239 1242->1232 1248 8e7239-8e723c 1242->1248 1243->1206 1249 8e7247-8e7256 1243->1249 1244->1208 1245->1244 1246->1229 1246->1238 1250 8e73ea-8e73f0 1247->1250 1251 8e7363-8e7370 __WSAFDIsSet 1247->1251 1248->1232 1248->1242 1249->1206 1250->1247 1254 8e73f6 1250->1254 1252 8e738f-8e73a1 __WSAFDIsSet 1251->1252 1253 8e7372-8e737b 1251->1253 1257 8e73ad-8e73bf __WSAFDIsSet 1252->1257 1258 8e73a3-8e73a7 1252->1258 1255 8e737d-8e7382 1253->1255 1256 8e7385-8e738a 1253->1256 1254->1197 1255->1256 1256->1252 1259 8e738c 1256->1259 1261 8e73e3-8e73e7 1257->1261 1262 8e73c1-8e73ca 1257->1262 1258->1257 1260 8e73a9 1258->1260 1259->1252 1260->1257 1261->1250 1265 8e73e9 1261->1265 1263 8e73cc-8e73d1 1262->1263 1264 8e73d4-8e73d9 1262->1264 1263->1264 1264->1261 1266 8e73db-8e73e0 1264->1266 1265->1250 1266->1261
      APIs
      • WSASetLastError.WS2_32(00002726,?), ref: 008E712B
      • WSASetLastError.WS2_32(00002726,00000000,?,?,?), ref: 008E72A4
      • select.WS2_32(?,?,?,?,00000000), ref: 008E731C
      • WSAGetLastError.WS2_32(?,?), ref: 008E732D
      • __WSAFDIsSet.WS2_32(?,?), ref: 008E7369
      • __WSAFDIsSet.WS2_32(?,?), ref: 008E739A
      • __WSAFDIsSet.WS2_32(?,?), ref: 008E73B8
      • Sleep.KERNEL32(FFFFFFFE), ref: 008E7416
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$Sleepselect
      • String ID:
      • API String ID: 2806104629-0
      • Opcode ID: 5736aa34ff85e22117446059a19dc5c7302fa858a695a6e071624531c785528a
      • Instruction ID: 4f5b1d5da3f062c3ad58c3c40271ae7482814bc9ef98059440b6f1a0a2086d95
      • Opcode Fuzzy Hash: 5736aa34ff85e22117446059a19dc5c7302fa858a695a6e071624531c785528a
      • Instruction Fuzzy Hash: 7991B470A0C3858BD7399F2AD8947AEB6E5FF9A314F540E2DE999C3290E734C940C746
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00905080 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58networkCOMMON
      Download Yara Rule
      APIs
      Strings
      • Recv failure: %s, xrefs: 009050FD
      • nw_in_read(len=%zu) -> %d, err=%d, xrefs: 00905129
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastrecv
      • String ID: Recv failure: %s$nw_in_read(len=%zu) -> %d, err=%d
      • API String ID: 2514157807-3768538270
      • Opcode ID: 229c0d7a9d06f4a9a8780aa85135231a14886c312c19cd3da819e7ac00faa560
      • Instruction ID: fc098c3b5efe9893403a1baa5eafddf50a580fab85fcd6d0b82a36da216257bc
      • Opcode Fuzzy Hash: 229c0d7a9d06f4a9a8780aa85135231a14886c312c19cd3da819e7ac00faa560
      • Instruction Fuzzy Hash: F611D0756042109FC720AF18CC81FDABBE8FF49310F4142A5F9989B2E2D7B09860CF92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E9FB0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
      Download Yara Rule
      APIs
      • BCryptGenRandom.BCRYPT(00000000,?,?,00000002), ref: 008E9FCE
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CryptRandom
      • String ID:
      • API String ID: 2662593985-0
      • Opcode ID: 0050baf5407a558830084acfa21fa3293cc706640d50a7682ee15c97f80ce3ad
      • Instruction ID: c23fc344aaeb89032e0ed96d9ad97da42d65b8cc6a4687dc7b65e3f4e7abfa2c
      • Opcode Fuzzy Hash: 0050baf5407a558830084acfa21fa3293cc706640d50a7682ee15c97f80ce3ad
      • Instruction Fuzzy Hash: 30D0123A6DC305BEEB112AB0DC03F4BBBA1ABC4B10F90C918F298540E2D6768464A702
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008D7F00 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 187libraryloadernetworkCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 368 8d7f00-8d7f1c 369 8d7f1e-8d7f30 WSAStartup 368->369 370 8d7f61-8d7f68 call 909fe0 368->370 371 8d7f47-8d7f60 call 916d32 369->371 372 8d7f32-8d7f38 369->372 378 8d7f6e-8d7f88 GetModuleHandleA 370->378 379 8d8134-8d8148 call 916d32 370->379 375 8d7f3a-8d7f3f 372->375 376 8d7f41 WSACleanup 372->376 375->370 375->376 376->371 381 8d7f8a-8d7f90 378->381 382 8d7f95-8d7fb4 GetProcAddress call 928020 378->382 384 8d80b9-8d80c8 GetModuleHandleA 381->384 390 8d7fde-8d7fe0 382->390 391 8d7fb6-8d7fb8 382->391 388 8d80ca-8d80ec GetProcAddress * 3 384->388 389 8d80f1-8d8133 call 909c00 * 2 QueryPerformanceFrequency 384->389 388->389 389->379 396 8d8003-8d8013 GetSystemDirectoryA 390->396 397 8d7fe2-8d7fec GetProcAddress 390->397 393 8d7fcc-8d7fd9 LoadLibraryA 391->393 394 8d7fba-8d7fc7 391->394 398 8d809d-8d80a6 393->398 394->398 396->398 401 8d8019-8d802a 396->401 397->396 400 8d7fee-8d7ffe LoadLibraryExA 397->400 398->384 402 8d80a8-8d80b2 GetProcAddress 398->402 400->398 407 8d802c-8d8039 GetSystemDirectoryA 401->407 408 8d8093-8d809a 401->408 402->384 406 8d80b4 402->406 406->384 407->408 409 8d803b-8d803d 407->409 408->398 411 8d8040-8d8045 409->411 411->411 412 8d8047-8d8054 411->412 413 8d8057-8d805c 412->413 413->413 414 8d805e-8d8069 413->414 415 8d8070-8d807b 414->415 415->415 416 8d807d-8d807f 415->416 417 8d808a-8d808b LoadLibraryA 416->417 418 8d8081-8d8088 416->418 419 8d8091 417->419 418->419 419->408
      APIs
      • WSAStartup.WS2_32(00000202,?), ref: 008D7F28
      • WSACleanup.WS2_32 ref: 008D7F41
      • GetModuleHandleA.KERNEL32(kernel32,00000000,00000000), ref: 008D7F78
      • GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 008D7F9C
      • _strpbrk.LIBCMT ref: 008D7FAA
      • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 008D7FD1
      • GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 008D7FE8
      • LoadLibraryExA.KERNELBASE(iphlpapi.dll,00000000,00000800), ref: 008D7FFA
      • GetSystemDirectoryA.KERNEL32(00000000,00000000), ref: 008D8007
      • GetSystemDirectoryA.KERNEL32(00000000,?), ref: 008D8031
      • LoadLibraryA.KERNEL32(00000000), ref: 008D808B
      • GetProcAddress.KERNEL32(00000000,if_nametoindex), ref: 008D80AE
      • GetModuleHandleA.KERNEL32(ws2_32), ref: 008D80BE
      • GetProcAddress.KERNEL32(00000000,FreeAddrInfoExW), ref: 008D80D0
      • GetProcAddress.KERNEL32(00000000,GetAddrInfoExCancel), ref: 008D80DD
      • GetProcAddress.KERNEL32(00000000,GetAddrInfoExW), ref: 008D80EA
      • QueryPerformanceFrequency.KERNEL32(00984C30), ref: 008D8129
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AddressProc$LibraryLoad$DirectoryHandleModuleSystem$CleanupFrequencyPerformanceQueryStartup_strpbrk
      • String ID: AddDllDirectory$FreeAddrInfoExW$GetAddrInfoExCancel$GetAddrInfoExW$LoadLibraryExA$if_nametoindex$iphlpapi.dll$kernel32$ws2_32
      • API String ID: 1610348501-760012282
      • Opcode ID: c44deb4d3751ccc84e6bef27777a5e6ec69e9cd3cc3f3ad8db29a6c2411b86bc
      • Instruction ID: d55876c5aa4885b2cdafd53230956a36ab0f0a4d9da93a8927c2a4c5a1546e2b
      • Opcode Fuzzy Hash: c44deb4d3751ccc84e6bef27777a5e6ec69e9cd3cc3f3ad8db29a6c2411b86bc
      • Instruction Fuzzy Hash: 50510634A88702ABE7316B30AC07F6A3795FF85B48F48022AF945D63C1EE759C09D751
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00904C00 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 334networkCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 421 904c00-904c5e call 8c9e60 call 9053c0 426 904c60-904c86 call 8d6a00 421->426 427 904ccd-904cd7 421->427 438 904d22-904d2c 426->438 439 904c8c-904cc8 call 91fe0a * 3 call 8e7ea0 call 8d5650 426->439 428 905050-90507d call 8d57b0 call 916d32 427->428 429 904cdd-904ce6 427->429 431 904cec-904cf2 429->431 432 90503e-90503f closesocket 429->432 435 905036-90503b call 8c4b40 431->435 436 904cf8-904d1d call 8c4b40 call 8c4da0 * 2 431->436 437 905045 432->437 435->432 436->437 446 90504c 437->446 442 904d4d 438->442 443 904d2e-904d4b setsockopt 438->443 439->427 449 904d52-904d6f call 8d5720 442->449 443->449 446->428 460 904d71-904d74 449->460 461 904d76-904d7a 449->461 460->461 464 904de3 460->464 461->464 465 904d7c-904d8e 461->465 468 904de8-904e0e 464->468 465->468 469 904d90-904db2 setsockopt 465->469 472 904e10-904e22 call 909c00 468->472 473 904e3c-904e3f 468->473 469->468 474 904db4-904de1 WSAGetLastError call 8e7ea0 call 8d5720 469->474 489 904e30-904e3a 472->489 490 904e24-904e2e 472->490 477 904e41-904e61 getsockopt 473->477 478 904e88-904e8d 473->478 474->468 483 904e63-904e6b 477->483 484 904e6d-904e82 setsockopt 477->484 485 904e93-904e9a 478->485 486 904f57-904f5e 478->486 483->478 483->484 484->478 485->486 487 904ea0-904ec6 setsockopt 485->487 491 904f60-904f91 call 8c4da0 * 2 486->491 492 904f98-904f9e 486->492 493 904ec8-904ed8 WSAGetLastError 487->493 494 904eda-904f3c call 8d7b60 * 2 WSAIoctl 487->494 489->477 490->478 521 904f93 491->521 522 904fdc-904fde 491->522 496 904fa0-904fa3 492->496 497 904fa5-904fc9 call 9142c0 call 904690 492->497 499 904f4e-904f54 call 8d5720 493->499 494->486 519 904f3e-904f49 WSAGetLastError 494->519 496->497 501 904fea-905009 call 90eab0 496->501 497->501 520 904fcb-904fce 497->520 499->486 501->446 514 90500b-905034 call 905160 call 8c9e60 501->514 514->428 519->499 520->427 524 904fd4-904fd7 520->524 521->492 522->492 526 904fe0-904fe5 522->526 524->427 526->427
      APIs
        • Part of subcall function 008C9E60: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008C50BC,?,00000000,00000000,00000008,008A478C,00000000), ref: 008C9E73
        • Part of subcall function 008C9E60: __alldvrm.LIBCMT ref: 008C9E8D
        • Part of subcall function 008C9E60: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C9EB4
        • Part of subcall function 008D6A00: htons.WS2_32(?), ref: 008D6A3C
      • setsockopt.WS2_32(000000FF,00000029,0000001B,?,00000004), ref: 00904D40
      • setsockopt.WS2_32(000000FF,00000006,00000001,?), ref: 00904DAA
      • WSAGetLastError.WS2_32(?,00000100), ref: 00904DBE
      • getsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 00904E59
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 00904E82
      • setsockopt.WS2_32(00000002,0000FFFF,00000008,00004020,00000004), ref: 00904EBE
      • WSAGetLastError.WS2_32 ref: 00904EC8
        • Part of subcall function 008E7EA0: GetLastError.KERNEL32(00000000,?,74FFFF94,008D450F,00000000,74FFFF94,00000100), ref: 008E7EA3
      • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 00904F34
      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,00000007,?), ref: 00904F3E
        • Part of subcall function 00905160: getsockname.WS2_32(?,?,?), ref: 009051C9
        • Part of subcall function 00905160: WSAGetLastError.WS2_32(?,00000000,?), ref: 009051D3
        • Part of subcall function 008C9E60: GetTickCount.KERNEL32 ref: 008C9ED1
      Strings
      • Trying %s:%d..., xrefs: 00904D4D
      • cf_socket_open() -> %d, fd=%d, xrefs: 00905054
      • @, xrefs: 00904DF4
      • Failed to set SIO_KEEPALIVE_VALS on fd %d: errno %d, xrefs: 00904F49
      • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00904CBA
      • Trying [%s]:%d..., xrefs: 00904D46, 00904D5F
      • Could not set TCP_NODELAY: %s, xrefs: 00904DCB
      • Failed to set SO_KEEPALIVE on fd %d: errno %d, xrefs: 00904ED3
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$setsockopt$CountCounterIoctlPerformanceQueryTickUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@getsocknamegetsockopthtons
      • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$Could not set TCP_NODELAY: %s$Failed to set SIO_KEEPALIVE_VALS on fd %d: errno %d$Failed to set SO_KEEPALIVE on fd %d: errno %d$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
      • API String ID: 1240117639-1059032316
      • Opcode ID: 18e7d373668360cea4f384f24db9e96320780660e3dd1f7bcfcaab23afde3007
      • Instruction ID: 012c849fc6633c8c584ff70bd21db9fbbd00ec042fed206b6bfa157b08f6dd4c
      • Opcode Fuzzy Hash: 18e7d373668360cea4f384f24db9e96320780660e3dd1f7bcfcaab23afde3007
      • Instruction Fuzzy Hash: 4AC1B1B1504341AFE710AF24CC45FABBBE8FF45704F440929FA889B292D775E954CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008EC160 Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 311libraryloaderCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 571 8ec160-8ec1c1 call 8cefa0 call 8cef80 call 909c00 578 8ec1c3-8ec1ce call 8d5720 571->578 579 8ec1d1-8ec1d5 571->579 578->579 581 8ec20b 579->581 582 8ec1d7-8ec1f0 GetModuleHandleA GetProcAddress 579->582 583 8ec20d-8ec218 581->583 582->581 585 8ec1f2-8ec205 call 909c00 582->585 586 8ec21a-8ec21e 583->586 587 8ec224-8ec238 call 909c00 583->587 585->581 594 8ec207-8ec209 585->594 586->587 589 8ec220-8ec222 586->589 595 8ec23e 587->595 596 8ec575-8ec580 call 8d5650 587->596 592 8ec240-8ec251 589->592 597 8ec289-8ec299 call 8eaff0 592->597 598 8ec253-8ec26c call 8cf9c0 call 8cf560 592->598 594->583 595->592 607 8ec585 596->607 605 8ec29f-8ec2a4 597->605 606 8ec588-8ec5a0 call 916d32 597->606 615 8ec26e-8ec278 598->615 616 8ec27b-8ec287 call 8cf9f0 598->616 609 8ec2a9-8ec2bd call 92f82c 605->609 610 8ec2a6 605->610 607->606 620 8ec4f7-8ec4fc 609->620 621 8ec2c3-8ec2c7 609->621 610->609 615->616 616->597 616->621 620->606 622 8ec2c9-8ec2d4 call 8d5720 621->622 623 8ec2d7-8ec2db 621->623 622->623 625 8ec3a2-8ec3ca 623->625 626 8ec2e1-8ec302 call 8ce560 623->626 629 8ec3d2-8ec411 625->629 633 8ec319-8ec3a0 call 918620 call 8d7b70 call 8ce600 call 8d5720 626->633 634 8ec304-8ec314 call 8d5650 626->634 630 8ec41a-8ec42e 629->630 631 8ec413 629->631 638 8ec445-8ec475 630->638 639 8ec430-8ec440 call 8d5650 630->639 631->630 633->629 634->607 645 8ec478-8ec480 638->645 639->607 647 8ec482-8ec4af call 8e7800 645->647 648 8ec501-8ec538 call 8d4c40 645->648 659 8ec4e9-8ec4f4 call 8d5650 647->659 660 8ec4b1-8ec4b7 647->660 661 8ec55e-8ec573 call 8d5650 648->661 662 8ec53a-8ec53c 648->662 659->620 663 8ec4b9-8ec4cc call 8d5650 660->663 664 8ec4d1-8ec4e4 call 8d5650 660->664 661->606 662->661 665 8ec53e-8ec55c 662->665 663->606 664->606 665->606
      APIs
        • Part of subcall function 00909C00: GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo,00000000), ref: 00909C2E
        • Part of subcall function 00909C00: GetProcAddress.KERNEL32(00000000), ref: 00909C35
      • GetModuleHandleA.KERNEL32(ntdll,wine_get_version,?,?,?,?,?,?,00000000,?), ref: 008EC1E1
      • GetProcAddress.KERNEL32(00000000), ref: 008EC1E8
        • Part of subcall function 00909C00: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 00909D01
        • Part of subcall function 00909C00: VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 00909D0B
        • Part of subcall function 00909C00: VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00909D28
        • Part of subcall function 00909C00: VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00909D34
        • Part of subcall function 008E7800: GetLastError.KERNEL32(00000000,?,00000000), ref: 008E7825
      Strings
      • ntdll, xrefs: 008EC1DC
      • ALPN: curl offers %s, xrefs: 008EC392
      • schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 008EC575
      • schannel: initial InitializeSecurityContext failed: %s, xrefs: 008EC4B9, 008EC4E9
      • schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc., xrefs: 008EC1C3
      • schannel: SNI or certificate check failed: %s, xrefs: 008EC4D1
      • schannel: unable to allocate memory, xrefs: 008EC430
      • schannel: failed to send initial handshake data: sent %zd of %lu bytes, xrefs: 008EC560
      • wine_get_version, xrefs: 008EC1D7
      • schannel: using IP address, SNI is not supported by OS., xrefs: 008EC2C9
      • Error setting ALPN, xrefs: 008EC304
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ConditionMask$AddressHandleModuleProc$ErrorLast
      • String ID: ALPN: curl offers %s$Error setting ALPN$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
      • API String ID: 2965389212-3097429119
      • Opcode ID: b9a862132b53d9ecd40e0cb2a7a2a1a281d7b9c4a172acb5b3266fa4cc4ebddc
      • Instruction ID: 68c07400e3d87900b877c1842dcb7459656fdceb2e918b76f08e70b163bdcb5c
      • Opcode Fuzzy Hash: b9a862132b53d9ecd40e0cb2a7a2a1a281d7b9c4a172acb5b3266fa4cc4ebddc
      • Instruction Fuzzy Hash: 9AB1BEB1904340AFE720DF25D846F9BBBE8FB95308F40482AF585D7282D375E955CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008CAA00 Relevance: 22.8, APIs: 15, Instructions: 271synchronizationCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 706 8caa00-8caa48 708 8caa4e-8caad0 call 918ba0 706->708 709 8cab7f-8cab8a call 91fe0a 706->709 718 8cab05-8cab11 708->718 719 8caad2-8caaf1 InitializeCriticalSectionEx call 8e9570 708->719 714 8cab8c-8caba4 call 916d32 709->714 721 8cab1d-8cab22 718->721 722 8cab13-8cab16 closesocket 718->722 726 8caba5-8cabbb 719->726 727 8caaf7-8caafe 719->727 724 8cab24-8cab34 DeleteCriticalSection 721->724 725 8cab37-8cab48 721->725 722->721 724->725 730 8cab4a-8cab50 call 8e9810 725->730 731 8cab53-8cab59 725->731 726->718 736 8cabc1-8cabdf 726->736 727->718 730->731 733 8cab5e-8cab7c call 918ba0 731->733 734 8cab5b-8cab5c closesocket 731->734 733->709 734->733 743 8cacae-8cacb6 736->743 744 8cabe5-8cabf3 736->744 747 8cacbc-8cace6 EnterCriticalSection LeaveCriticalSection 743->747 748 8cadd2-8cadf5 743->748 745 8cabf9-8cac00 744->745 746 8cad3b-8cad4e call 8e9dd0 744->746 745->746 751 8cac06-8cac0d 745->751 764 8cad34-8cad36 746->764 765 8cad50-8cad62 call 91fe0a 746->765 749 8cacec-8cacee 747->749 750 8cad74-8cad76 747->750 748->709 755 8cad67-8cad72 call 8e9e00 749->755 756 8cacf0-8cacf7 CloseHandle 749->756 753 8cad78-8cad8e GetAddrInfoExCancel WaitForSingleObject CloseHandle 750->753 754 8cad94-8cad9b 750->754 751->746 757 8cac13-8cac1a 751->757 753->754 760 8cad9d-8cada3 call 8e9e10 754->760 761 8cada6-8cadbb call 8ca8b0 754->761 762 8cadbe-8cadcc call 8c4b40 closesocket 755->762 756->762 757->746 763 8cac20-8cac3d MultiByteToWideChar 757->763 760->761 761->762 762->748 763->746 769 8cac43-8cac5f MultiByteToWideChar 763->769 764->714 765->743 769->746 775 8cac65-8caca5 call 8cb080 CreateEventA 769->775 781 8cacfc-8cad29 GetAddrInfoExW 775->781 782 8caca7 775->782 781->764 783 8cad2b-8cad2f call 8cae00 781->783 782->743 783->764
      APIs
      • InitializeCriticalSectionEx.KERNEL32(00000000,00000000,00000001,?,?,?,00000090), ref: 008CAAD7
        • Part of subcall function 008E9570: socket.WS2_32 ref: 008E959A
        • Part of subcall function 008E9570: htonl.WS2_32(7F000001), ref: 008E95BF
        • Part of subcall function 008E9570: setsockopt.WS2_32(00000000,0000FFFF,000000FB,00000006,00000004), ref: 008E95F4
        • Part of subcall function 008E9570: bind.WS2_32(00000000,?,00000010), ref: 008E960B
        • Part of subcall function 008E9570: getsockname.WS2_32(00000000,?,00000002), ref: 008E9625
        • Part of subcall function 008E9570: listen.WS2_32(00000000,00000001), ref: 008E9642
        • Part of subcall function 008E9570: socket.WS2_32(00000002,00000001,00000000), ref: 008E9657
        • Part of subcall function 008E9570: connect.WS2_32(00000000,?,00000010), ref: 008E966C
        • Part of subcall function 008E9570: accept.WS2_32(00000000,00000000,00000000), ref: 008E96B5
      • closesocket.WS2_32(?), ref: 008CAB14
      • DeleteCriticalSection.KERNEL32(?,?,?,?,00000090), ref: 008CAB25
      • closesocket.WS2_32(?), ref: 008CAB5C
      • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,000000FF,00000000,00000000), ref: 008CAC2E
      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000), ref: 008CAC53
      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 008CAC9B
      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CACC9
      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CACDC
      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CACF1
      • GetAddrInfoExW.WS2_32(?,?,0000000C,00000000,00000034,0000002C,00000000,00000018,008CAE00,00000030), ref: 008CAD1E
      • GetAddrInfoExCancel.WS2_32(?), ref: 008CAD7C
      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CAD86
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CAD8E
      • closesocket.WS2_32(?), ref: 008CADCC
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CriticalSection$closesocket$AddrByteCharCloseHandleInfoMultiWidesocket$CancelCreateDeleteEnterEventInitializeLeaveObjectSingleWaitacceptbindconnectgetsocknamehtonllistensetsockopt
      • String ID:
      • API String ID: 3142031234-0
      • Opcode ID: f9a70bdbed1953990a3c869dadb206ffd75bb73a1ba2946d2ebba7e82f8c9e82
      • Instruction ID: bbb49d7c3781717d7e9fe2086031f6ff8b741cb551c7bee81512e01857771544
      • Opcode Fuzzy Hash: f9a70bdbed1953990a3c869dadb206ffd75bb73a1ba2946d2ebba7e82f8c9e82
      • Instruction Fuzzy Hash: 91B1E0B0504709AFE7209F28CC49F967BB8FF05319F00052CF959CA6A2DBB1E454DBA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008EC5B0 Relevance: 19.7, APIs: 1, Strings: 10, Instructions: 426encryptionCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 785 8ec5b0-8ec5fb call 8cefa0 788 8ec8ef 785->788 789 8ec601-8ec605 785->789 790 8ec8f4-8ec90c call 916d32 788->790 789->788 791 8ec60b-8ec60f 789->791 793 8ec638-8ec63d 791->793 794 8ec611-8ec632 791->794 795 8ec63f-8ec661 793->795 796 8ec667-8ec674 793->796 794->793 801 8ecbb0-8ecbc3 call 8d5650 794->801 795->796 795->801 799 8ec6a9-8ec6ae 796->799 800 8ec676-8ec689 796->800 803 8ec6f2-8ec6ff call 8d7b80 call 932061 799->803 804 8ec6b0-8ec6d6 call 8d4c10 799->804 812 8ec68b-8ec69e call 8d5650 800->812 813 8ec6a3-8ec6a6 800->813 801->790 819 8ec705-8ec7aa 803->819 814 8ec6dc-8ec6de 804->814 815 8ec90d-8ec915 804->815 812->790 813->799 817 8ec6e4-8ec6e6 814->817 818 8ec8e1-8ec8ec call 8d5650 814->818 821 8ec91e-8ec920 815->821 822 8ec917 815->822 817->818 823 8ec6ec-8ec6ef 817->823 818->788 819->801 825 8ec7b0-8ec811 call 918620 819->825 821->790 822->821 823->803 831 8ecb9a 825->831 832 8ec817-8ec81d 825->832 835 8ecb9e-8ecbab 831->835 833 8ecaee-8ecaf3 832->833 834 8ec823-8ec829 832->834 838 8ecaf9-8ecb13 call 8e7800 833->838 839 8ecb80-8ecb95 833->839 836 8ec82b-8ec82d 834->836 837 8ec833-8ec839 834->837 835->790 836->837 836->838 840 8ec840-8ec844 837->840 848 8ecb68-8ecb7b call 8d5650 838->848 849 8ecb15-8ecb1b 838->849 839->790 842 8ec87a-8ec87f 840->842 843 8ec846-8ec84a 840->843 846 8ec88c-8ec893 842->846 847 8ec881-8ec887 842->847 843->842 845 8ec84c-8ec86c call 8d4c40 843->845 867 8ec922-8ec938 call 8d5650 845->867 868 8ec872-8ec874 845->868 846->840 854 8ec895-8ec89a 846->854 847->846 848->790 852 8ecb1d-8ecb23 849->852 853 8ecb50-8ecb63 call 8d5650 849->853 860 8ecb38-8ecb4b call 8d5650 852->860 861 8ecb25-8ecb33 call 8d5650 852->861 853->790 855 8ec93a 854->855 856 8ec8a0-8ec8a6 854->856 865 8ec941-8ec94a 855->865 856->855 863 8ec8ac-8ec8b1 856->863 860->790 861->788 863->865 871 8ec8b7-8ec8d9 call 918620 863->871 865->835 873 8ec950-8ec952 865->873 867->788 868->842 868->867 871->803 880 8ec8df 871->880 876 8ec95f-8ec96e call 8cefc0 873->876 877 8ec954-8ec958 873->877 882 8ec978 876->882 883 8ec970-8ec976 876->883 877->876 880->873 884 8ec97e-8ec984 882->884 883->884 885 8ec98a-8ec9b3 884->885 886 8ecab2-8ecaba 884->886 892 8ec9b9-8ec9bf 885->892 893 8eca62-8eca81 call 8e7800 call 8d5650 885->893 887 8ecabc-8ecac0 886->887 888 8ecad5-8ecad9 886->888 887->821 889 8ecac6-8ecad0 call 90eae0 887->889 888->821 890 8ecadf-8ecae9 call 90eeb0 888->890 889->790 890->790 892->893 896 8ec9c5-8ec9c8 892->896 911 8eca84 893->911 900 8ec9ce-8ec9d7 896->900 901 8eca88-8eca8a 896->901 900->901 903 8ec9dd-8eca0b call 918ba0 call 910fb0 900->903 905 8eca8c-8eca8d CertFreeCertificateContext 901->905 906 8eca93-8eca99 901->906 916 8eca0d-8eca16 903->916 917 8eca48-8eca4c 903->917 905->906 906->886 909 8eca9b-8ecaad call 8d5650 906->909 909->790 911->901 918 8eca4e-8eca60 call 8d5650 916->918 919 8eca18-8eca21 916->919 917->911 918->911 919->918 921 8eca23-8eca38 call 8ce890 919->921 921->917 925 8eca3a-8eca45 call 8d5650 921->925 925->917
      APIs
      • CertFreeCertificateContext.CRYPT32(?), ref: 008ECA8D
      Strings
      • SSL: failed retrieving public key from server certificate, xrefs: 008ECA4E
      • schannel: SNI or certificate check failed: %s, xrefs: 008ECB50
      • schannel: failed to send next handshake data: sent %zd of %lu bytes, xrefs: 008EC92A
      • schannel: next InitializeSecurityContext failed: %s, xrefs: 008ECB25, 008ECB68
      • schannel: Failed to read remote certificate context: %s, xrefs: 008ECA76
      • schannel: unable to allocate memory, xrefs: 008ECBB0
      • schannel: failed to receive handshake, SSL/TLS connection failed, xrefs: 008EC8E1
      • SSL: public key does not match pinned public key, xrefs: 008ECA3A, 008ECA9B
      • schannel: unable to re-allocate memory, xrefs: 008EC68B
      • schannel: %s, xrefs: 008ECB38
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CertCertificateContextFree
      • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: %s$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
      • API String ID: 3080675121-413892695
      • Opcode ID: d984f8c3bc9c4aee4e7556e153d2467d84adafbecef54f8055f6045c1d9b92dd
      • Instruction ID: bba316034b52befe12c8f44c58973f95fa7992de1e084c1caa1b189889eebe4f
      • Opcode Fuzzy Hash: d984f8c3bc9c4aee4e7556e153d2467d84adafbecef54f8055f6045c1d9b92dd
      • Instruction Fuzzy Hash: 1BF1BCB19043849FDB20DF1AD885B6B7BE8FB85308F44452DF889DB252D775E805CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008CAE00 Relevance: 18.2, APIs: 12, Instructions: 210networkCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 929 8cae00-8cae28 930 8cae2e-8cae32 929->930 931 8caf71-8caf75 929->931 932 8cae38-8cae3d 930->932 933 8caf40-8caf4c WSASetLastError 930->933 934 8caf84-8caf8c 931->934 935 8caf77-8caf7e FreeAddrInfoEx 931->935 937 8cae3f 932->937 938 8cae56 932->938 936 8caf6b-8caf6e 933->936 939 8caf8e-8caf92 WSAGetLastError 934->939 940 8cafa9-8cafb6 EnterCriticalSection 934->940 935->934 936->931 943 8cae42-8cae4b 937->943 944 8cae58-8cae5e 938->944 945 8caf94-8caf9b WSAGetLastError 939->945 946 8cafa6 939->946 941 8cafb8-8cafc6 LeaveCriticalSection 940->941 942 8cb02b-8cb031 940->942 948 8cafc8-8cafd8 DeleteCriticalSection 941->948 949 8cafdb-8cafec 941->949 950 8cb051-8cb069 LeaveCriticalSection 942->950 951 8cb033-8cb04a send 942->951 943->943 952 8cae4d-8cae54 943->952 953 8cae65-8cae68 944->953 954 8cae60-8cae63 944->954 945->940 947 8caf9d-8cafa4 945->947 946->940 947->940 948->949 967 8cafee-8caff4 call 8e9810 949->967 968 8caff7-8caffd 949->968 958 8cb06b-8cb06c SetEvent 950->958 959 8cb072-8cb079 950->959 951->950 957 8cb04c-8cb04e WSAGetLastError 951->957 952->944 955 8cae6e 953->955 956 8caf29 953->956 960 8cae71-8cae75 954->960 955->960 961 8caf2d-8caf32 956->961 957->950 958->959 960->956 962 8cae7b-8cae80 960->962 961->932 965 8caf38-8caf3a 961->965 962->956 966 8cae86-8cae88 962->966 969 8caf3c 965->969 970 8caf63 965->970 966->956 971 8cae8e-8caea1 966->971 967->968 973 8cafff-8cb000 closesocket 968->973 974 8cb006-8cb028 call 918ba0 968->974 969->933 976 8caf67 970->976 980 8caf4e-8caf61 call 8e9810 971->980 981 8caea7-8caee3 call 918620 971->981 973->974 976->936 980->976 987 8caf0b-8caf1e 981->987 988 8caee5-8caef1 981->988 991 8caf20 987->991 992 8caf23-8caf27 987->992 989 8caf04-8caf07 988->989 990 8caef3-8caf02 988->990 989->987 990->989 990->990 991->992 992->961
      APIs
      • WSASetLastError.WS2_32(00002AF9,00000000,00000018,?,?,00000000,00000000,00000018), ref: 008CAF46
      • FreeAddrInfoEx.WS2_32(?), ref: 008CAF78
      • WSAGetLastError.WS2_32(00000000,00000018,?,?,00000000,00000000,00000018), ref: 008CAF8E
      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CAF94
      • EnterCriticalSection.KERNEL32(?,00000000,00000018,?,?,00000000,00000000,00000018), ref: 008CAFAC
      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CAFBB
      • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CAFC9
      • closesocket.WS2_32(?), ref: 008CB000
      • send.WS2_32(?,?), ref: 008CB042
      • WSAGetLastError.WS2_32 ref: 008CB04C
      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CB05B
      • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000090), ref: 008CB06C
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$Leave$AddrDeleteEnterEventFreeInfoclosesocketsend
      • String ID:
      • API String ID: 3970713018-0
      • Opcode ID: 62a90ce77b9c9d2270f1a9c81c691c08baf47b7bb948b24f3493227c349a4782
      • Instruction ID: 285ad80fbb57b0435e0af18b050853af3595bb91ef05b35c1c7082cf97a092e4
      • Opcode Fuzzy Hash: 62a90ce77b9c9d2270f1a9c81c691c08baf47b7bb948b24f3493227c349a4782
      • Instruction Fuzzy Hash: 3D8168B461470A8BDB24CF69D884F5ABBB5FF44718F144A2CF895D3250DB70E948CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00903580 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 173networkCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1120 903580-9035bd 1121 9037e1 1120->1121 1122 9035c3-9035cb 1120->1122 1125 9037e4 1121->1125 1123 9035d5-9035df 1122->1123 1124 9035cd-9035d0 1122->1124 1127 903720-90373a call 8e7440 1123->1127 1128 9035e5-9035f3 call 904c00 1123->1128 1126 9037e6-9037fe call 916d32 1124->1126 1125->1126 1135 903750-903753 1127->1135 1136 90373c-90374b call 8d57b0 1127->1136 1137 903685-90368c 1128->1137 1138 9035f9-9035fc 1128->1138 1142 903755-90375f 1135->1142 1143 903789-9037a0 call 905450 1135->1143 1136->1125 1139 9036ee-9036f7 1137->1139 1140 90368e-9036eb call 905160 WSASetLastError call 8e7ea0 call 8d5720 1137->1140 1144 903602-903616 1138->1144 1145 9037dd 1138->1145 1151 903712-903716 1139->1151 1152 9036f9-903708 call 9052b0 1139->1152 1140->1139 1142->1143 1148 903761-903764 1142->1148 1158 90367d-90367f 1143->1158 1161 9037a6-9037db call 8c9e60 call 905160 call 8d57b0 1143->1161 1149 903618-90362b connect 1144->1149 1150 90362f-903661 WSAGetLastError call 905160 call 8d57b0 1144->1150 1145->1121 1157 90376a-903784 call 905450 1148->1157 1148->1158 1149->1150 1150->1127 1173 903667-90367b call 905320 1150->1173 1155 903719-90371b 1151->1155 1152->1151 1155->1126 1157->1137 1158->1137 1158->1155 1161->1125 1173->1158
      APIs
      • connect.WS2_32(000000FF,?,00000000), ref: 00903625
      • WSAGetLastError.WS2_32 ref: 0090362F
      • WSASetLastError.WS2_32(?), ref: 009036AA
      Strings
      • not connected yet, xrefs: 0090373C
      • connect to %s port %u from %s port %d failed: %s, xrefs: 009036E0
      • local address %s port %d..., xrefs: 0090364D
      • connected, xrefs: 009037C5
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$connect
      • String ID: connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
      • API String ID: 375857812-3816509080
      • Opcode ID: bb5443f0dee8c0fb0d48f4a6774335c76e4ec419660a5e95ae30e38573c84272
      • Instruction ID: e982fbb8386f45ad0f50e6fada2264496c5691c2a16cb78c5647094bd9cf6993
      • Opcode Fuzzy Hash: bb5443f0dee8c0fb0d48f4a6774335c76e4ec419660a5e95ae30e38573c84272
      • Instruction Fuzzy Hash: 3E6111B0404745AFD7219B34DC45FA7B7ACFF4A314F044A1DF5A9862D2E732A984CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093366B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1267 93366b-933677 1268 933709-93370c 1267->1268 1269 933712 1268->1269 1270 93367c-93368d 1268->1270 1271 933714-933718 1269->1271 1272 93369a-9336b3 LoadLibraryExW 1270->1272 1273 93368f-933692 1270->1273 1276 9336b5-9336be GetLastError 1272->1276 1277 933719-933729 1272->1277 1274 933732-933734 1273->1274 1275 933698 1273->1275 1274->1271 1279 933706 1275->1279 1280 9336c0-9336d2 call 931475 1276->1280 1281 9336f7-933704 1276->1281 1277->1274 1278 93372b-93372c FreeLibrary 1277->1278 1278->1274 1279->1268 1280->1281 1284 9336d4-9336e6 call 931475 1280->1284 1281->1279 1284->1281 1287 9336e8-9336f5 LoadLibraryExW 1284->1287 1287->1277 1287->1281
      APIs
      • FreeLibrary.KERNEL32(00000000,?,0093377A,0091FAC6,?,00000000,CE3BFFFF,00000000,?,009339E4,00000022,FlsSetValue,009543F0,009543F8,CE3BFFFF), ref: 0093372C
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FreeLibrary
      • String ID: api-ms-$ext-ms-
      • API String ID: 3664257935-537541572
      • Opcode ID: 30ced2dda7259c91ba8d73dbe4706304dbb5f4954eed88a274adef9d6847b0da
      • Instruction ID: 04698d95fb06620c4fa1f7ba3d72c898e8d03450087f286caffda570afe9a221
      • Opcode Fuzzy Hash: 30ced2dda7259c91ba8d73dbe4706304dbb5f4954eed88a274adef9d6847b0da
      • Instruction Fuzzy Hash: B1212BB5A95211BBDB218B65DC46A6A37ACEB427B4F244110F916A73A0D770EF00DFD0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008CA7D0 Relevance: 10.6, APIs: 7, Instructions: 67synchronizationCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1288 8ca7d0-8ca7db 1289 8ca886-8ca8a0 1288->1289 1290 8ca7e1-8ca80d EnterCriticalSection LeaveCriticalSection 1288->1290 1291 8ca80f-8ca811 1290->1291 1292 8ca829-8ca82b 1290->1292 1294 8ca81c-8ca827 call 8e9e00 1291->1294 1295 8ca813-8ca81a CloseHandle 1291->1295 1296 8ca82d-8ca843 GetAddrInfoExCancel WaitForSingleObject FindCloseChangeNotification 1292->1296 1297 8ca849-8ca850 1292->1297 1301 8ca870-8ca885 call 8c4b40 closesocket 1294->1301 1295->1301 1296->1297 1298 8ca85b-8ca86d call 8ca8b0 1297->1298 1299 8ca852-8ca858 call 8e9e10 1297->1299 1298->1301 1299->1298 1301->1289
      APIs
      • EnterCriticalSection.KERNEL32(?,00000001,0000002B,00000001,?,008D0F4E,00000001,00000001), ref: 008CA7F0
      • LeaveCriticalSection.KERNEL32(?), ref: 008CA803
      • CloseHandle.KERNEL32(00000000), ref: 008CA814
      • GetAddrInfoExCancel.WS2_32(?), ref: 008CA831
      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008CA83B
      • FindCloseChangeNotification.KERNELBASE(?), ref: 008CA843
      • closesocket.WS2_32(?), ref: 008CA87E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CloseCriticalSection$AddrCancelChangeEnterFindHandleInfoLeaveNotificationObjectSingleWaitclosesocket
      • String ID:
      • API String ID: 1235024322-0
      • Opcode ID: a2f64f4ce0e47e0562fb664922cbcab003a30e6cae5eb54181f48ae4f8bfb000
      • Instruction ID: bdc99e33460b385ff8c68da3e252f89765bc8650fc55077edae4a2ceae70401f
      • Opcode Fuzzy Hash: a2f64f4ce0e47e0562fb664922cbcab003a30e6cae5eb54181f48ae4f8bfb000
      • Instruction Fuzzy Hash: 4F2181B5504606EBDB049F64EC48F55BBB8FF05305F140438F925C2661D772E865EBD2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00905160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93networkCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • getsockname.WS2_32(?,?,?), ref: 009051C9
      • WSAGetLastError.WS2_32(?,00000000,?), ref: 009051D3
        • Part of subcall function 008E7EA0: GetLastError.KERNEL32(00000000,?,74FFFF94,008D450F,00000000,74FFFF94,00000100), ref: 008E7EA3
      Strings
      • ssloc inet_ntop() failed with errno %d: %s, xrefs: 00905262
      • getsockname() failed with errno %d: %s, xrefs: 009051F0
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$getsockname
      • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
      • API String ID: 3066790409-2605427207
      • Opcode ID: 870b07930902754b9f90584cd123d491a15788c34eced7ed99522f7a55ebc3d7
      • Instruction ID: 2e7be0f3633a7989407157880d763a28fd0a8d830b4aff53da4d3f9a790fc27f
      • Opcode Fuzzy Hash: 870b07930902754b9f90584cd123d491a15788c34eced7ed99522f7a55ebc3d7
      • Instruction Fuzzy Hash: DF3177B66042046FD760EF54DC42FEB73D8FF98310F848569F549C7192EE3595488BA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A5340 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88synchronizationCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1338 8a5340-8a5370 call 8c18a0 CreateMutexW GetLastError 1341 8a537a call 8a4c20 1338->1341 1342 8a5372-8a5374 ExitProcess 1338->1342 1344 8a537f-8a5382 1341->1344 1345 8a53af-8a53b5 1344->1345 1346 8a5384-8a5391 1344->1346 1347 8a5393-8a53a1 1346->1347 1348 8a53a5-8a53ac call 916f46 1346->1348 1349 8a53b8-8a53c7 call 923ee1 1347->1349 1350 8a53a3 1347->1350 1348->1345 1355 8a5409-8a540a 1349->1355 1356 8a53c9-8a53d7 1349->1356 1350->1348 1357 8a53eb-8a5402 call 916f46 1356->1357 1358 8a53d9-8a53e7 1356->1358 1357->1355 1359 8a540b-8a5410 call 923ee1 1358->1359 1360 8a53e9 1358->1360 1360->1357
      APIs
        • Part of subcall function 008C18A0: AcquireSRWLockExclusive.KERNEL32(009817DC,?,008A5353,00000003), ref: 008C18A6
        • Part of subcall function 008C18A0: ReleaseSRWLockExclusive.KERNEL32(009817DC), ref: 008C18C1
      • CreateMutexW.KERNELBASE(00000000,00000000,6ojlDCjfteCozqTBJdTa), ref: 008A535F
      • GetLastError.KERNEL32 ref: 008A5365
      • ExitProcess.KERNEL32 ref: 008A5374
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExclusiveLock$AcquireCreateErrorExitLastMutexProcessRelease
      • String ID: 6ojlDCjfteCozqTBJdTa
      • API String ID: 3365695903-4135014239
      • Opcode ID: a2d2c51209f6676da930920eb1088e536fc0e307196115e55fce6f483976805c
      • Instruction ID: e6cc2b08c248675a92d45eca47c5d865be0a8b9ddb3803d93511df0ea552a6d3
      • Opcode Fuzzy Hash: a2d2c51209f6676da930920eb1088e536fc0e307196115e55fce6f483976805c
      • Instruction Fuzzy Hash: F4113A725155045BFB1C6B38EC4AB5D7284EF82321F144618F566C7ED1D7A4EDC08256
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00903900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71networkCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastsend
      • String ID: Send failure: %s$send(len=%zu) -> %d, err=%d
      • API String ID: 1802528911-343019339
      • Opcode ID: 796b60c2752cedc2824b3b545f8358aaf9e08a198ccf6bc40fb510befcbe2333
      • Instruction ID: 6074eba4c15168f40cd632d47aa48abe7cb3694766d01cfc9c2253c8d768f1a3
      • Opcode Fuzzy Hash: 796b60c2752cedc2824b3b545f8358aaf9e08a198ccf6bc40fb510befcbe2333
      • Instruction Fuzzy Hash: 01216B756082109FC721DF18D881FEAF7E8FF89710F40466AF9989B381C7B5A950CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00909FE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35libraryloaderCOMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00909C00: GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo,00000000), ref: 00909C2E
        • Part of subcall function 00909C00: GetProcAddress.KERNEL32(00000000), ref: 00909C35
        • Part of subcall function 008D7DB0: GetModuleHandleA.KERNEL32(kernel32,00000000,?,secur32.dll,0090A00D,secur32.dll,00000004,00000000,00000000,00000002,00000002,008D7F66), ref: 008D7DBA
      • GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceA), ref: 0090A01F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AddressHandleModuleProc
      • String ID: InitSecurityInterfaceA$secur32.dll$security.dll
      • API String ID: 1646373207-3788156360
      • Opcode ID: 4601e7e5038d82b08d8eb25691b37eaebd7ce1111e9e1f21f9a0c997640fdb98
      • Instruction ID: b01bd2959bbb30f3e402380e9f1f36e188df3b7888775339163a802059dcc70b
      • Opcode Fuzzy Hash: 4601e7e5038d82b08d8eb25691b37eaebd7ce1111e9e1f21f9a0c997640fdb98
      • Instruction Fuzzy Hash: E6F037B0B543416FEF2497395C1BB2521D9ABC1741F544438750AE72D2FA74CC01D711
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00905450 Relevance: 4.5, APIs: 3, Instructions: 33networkCOMMON
      Download Yara Rule
      APIs
      • SleepEx.KERNELBASE ref: 00905467
      • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000000), ref: 00905485
      • WSAGetLastError.WS2_32 ref: 0090548F
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastSleepgetsockopt
      • String ID:
      • API String ID: 3033474312-0
      • Opcode ID: eb19ab58648c33dd74a7ff2d06a1d9f9e3830ef7def15b447c9ed40389b10531
      • Instruction ID: 1f26af4d5e62860fe8021102293177c0b8c2d16d9324e3a6ae5e70769a96ef78
      • Opcode Fuzzy Hash: eb19ab58648c33dd74a7ff2d06a1d9f9e3830ef7def15b447c9ed40389b10531
      • Instruction Fuzzy Hash: 76F05434218702AFE714DF11DC55BAB7BE8BF81702F218828F555C61E4D779D4489F52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092D182 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetCurrentProcess.KERNEL32(0092D2CE,?,0092D17C,00000000,?,?,0092D2CE,1354808E,?,0092D2CE), ref: 0092D193
      • TerminateProcess.KERNEL32(00000000,?,0092D17C,00000000,?,?,0092D2CE,1354808E,?,0092D2CE), ref: 0092D19A
      • ExitProcess.KERNEL32 ref: 0092D1AC
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Process$CurrentExitTerminate
      • String ID:
      • API String ID: 1703294689-0
      • Opcode ID: 6727d2e21fe4255736615345c9a9f61158f352db9156ffe57f1d04484c7024b6
      • Instruction ID: d3f5ecf537882ef064b62990e0a832c01363bf20d8cb9b3f6688996d972136c3
      • Opcode Fuzzy Hash: 6727d2e21fe4255736615345c9a9f61158f352db9156ffe57f1d04484c7024b6
      • Instruction Fuzzy Hash: 11D09E3545A114AFDF193F60ED0DE893F6ABF453417914010BA2946036DB71D992EA80
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008DE1B0 Relevance: 3.0, APIs: 2, Instructions: 34networkCOMMON
      Download Yara Rule
      APIs
      • socket.WS2_32(00000017,00000002,00000000), ref: 008DE1F4
        • Part of subcall function 008DE1B0: closesocket.WS2_32(00000000), ref: 008DE204
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: closesocketsocket
      • String ID:
      • API String ID: 2760038618-0
      • Opcode ID: 6dc7793b9bd2e6d02d00d0ec257f1b551b95cb05eba3ee849b693bf95715235e
      • Instruction ID: cc064ae49d6d67289c8eb2af7e9e99bde587b6d13e0dfe984428e0a7ff99719f
      • Opcode Fuzzy Hash: 6dc7793b9bd2e6d02d00d0ec257f1b551b95cb05eba3ee849b693bf95715235e
      • Instruction Fuzzy Hash: 10F059716087405FDE115728B949FD537D0AF16710F0841E5F5A58B2E3C3709C80D741
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E8530 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
      Download Yara Rule
      APIs
      • FormatMessageW.KERNELBASE(00001200,00000000,?,00000000,74FFFF6C,00000100,00000000,?,?), ref: 008E857C
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FormatMessage
      • String ID:
      • API String ID: 1306739567-0
      • Opcode ID: 85b209ab17bd61707537e2dbb53de6d5bf8ab5c146c0f65f4e7e1f02dc04dbb8
      • Instruction ID: 75de40f273f13b8636b92b7894573cbbe07fcbe25d731938ebb742152f47d45e
      • Opcode Fuzzy Hash: 85b209ab17bd61707537e2dbb53de6d5bf8ab5c146c0f65f4e7e1f02dc04dbb8
      • Instruction Fuzzy Hash: 2311C4716183C0AEE3329B249C49BAEB7D8BF96700F040A5EE498C61D1EF70D84487A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00933736 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9a72897b072131a8ec4099c442ec24de082037d61aaeb61df301bd64ad44fb1d
      • Instruction ID: 914eaa7bb879d65d7d9189fb9d43da9de146399723e2e68fb0b4f17aac09bcda
      • Opcode Fuzzy Hash: 9a72897b072131a8ec4099c442ec24de082037d61aaeb61df301bd64ad44fb1d
      • Instruction Fuzzy Hash: DD012DF32583109F8B928F6CEC50D5A33A9EFC0B24B20C125F906D7258DA34D904DB50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009053C0 Relevance: 1.5, APIs: 1, Instructions: 48networkCOMMON
      Download Yara Rule
      APIs
      • socket.WS2_32(?,?,00000000), ref: 0090540C
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: socket
      • String ID:
      • API String ID: 98920635-0
      • Opcode ID: eb3cf255d89f497049de7d3b58820c40b67b0aac1ad60acf7ee58526d7b747bf
      • Instruction ID: f09d7406d3efc4c39a7879a7faf0e0577a1a03fd0129b60c7f121d8b69f88f2f
      • Opcode Fuzzy Hash: eb3cf255d89f497049de7d3b58820c40b67b0aac1ad60acf7ee58526d7b747bf
      • Instruction Fuzzy Hash: 54018075604711AFDB219F69D880B8BB7F4FF8A321F504929F554972A0C330A890DFA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009314AF Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RtlAllocateHeap.NTDLL(00000008,?,CE3BFFFF,?,00931CC7,00000001,00000364,00000006,000000FF,0092008C,CE3BFFFF,?,0091FB5A,00923E52,FF85FFFF,CE3BFFFF), ref: 009314F0
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: d946552bd6a2f9368a3d4be0ce847a93e53183e017bb3910b01dc482fb9902dd
      • Instruction ID: 881ef0ec8a8d6a18124af741f26d4f3ec6dfed80c6c8c1a686af7f259c789fa4
      • Opcode Fuzzy Hash: d946552bd6a2f9368a3d4be0ce847a93e53183e017bb3910b01dc482fb9902dd
      • Instruction Fuzzy Hash: 9FF0823660462A679B216BA2DD09F5B3B4CEF82771F19C121FC09A62B5DE34D8009EF0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00932061 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RtlAllocateHeap.NTDLL(00000000,009389A5,8B2FEB1F,?,009389A5,00000220,?,0092008C,8B2FEB1F), ref: 00932093
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: c5eb9967de43c4fc2d49d3c569ed844b59a554fa1fe732440172899fac825db6
      • Instruction ID: 684168c3d09becfa0c496565a436c79e228931ca3eb13503b570ab832b32dee2
      • Opcode Fuzzy Hash: c5eb9967de43c4fc2d49d3c569ed844b59a554fa1fe732440172899fac825db6
      • Instruction Fuzzy Hash: DBE0923520932597E6392BB69C09B5F364D9F827A0F160220FC0AA61A6DB20CC48DEE5
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
      Download Yara Rule
      APIs
      • ioctlsocket.WS2_32(00000018,8004667E,?), ref: 0090EACB
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ioctlsocket
      • String ID:
      • API String ID: 3577187118-0
      • Opcode ID: a31405328a3f1ad2ff07eca0df6402a7f18da9f83d83d49d53fe77443b4e5f5e
      • Instruction ID: 266ffa3fd4112d8d80646a4cd74eadb2c8e3044e9a40734cafa9f870480a686c
      • Opcode Fuzzy Hash: a31405328a3f1ad2ff07eca0df6402a7f18da9f83d83d49d53fe77443b4e5f5e
      • Instruction Fuzzy Hash: 3DC00275818206FFCB019F70D94489EBBE9FB84355F21C93EB199D2030EA3095A4DB16
      Uniqueness

      Uniqueness Score: -1.00%

      Non-executed Functions

      Function 008F53C0 Relevance: 40.8, APIs: 10, Strings: 13, Instructions: 564networkCOMMON
      Download Yara Rule
      APIs
      • getsockname.WS2_32(?,?,?), ref: 008F5658
      • WSAGetLastError.WS2_32(?,00000100), ref: 008F566F
      • WSAGetLastError.WS2_32 ref: 008F573D
      • bind.WS2_32(?,?,?), ref: 008F57F4
      • WSAGetLastError.WS2_32 ref: 008F5802
      • getsockname.WS2_32(?,?,00000080), ref: 008F585D
      • getsockname.WS2_32(?,?,?), ref: 008F58E4
      • listen.WS2_32(?,00000001), ref: 008F58F8
      • WSAGetLastError.WS2_32(?,00000100), ref: 008F590F
      • htons.WS2_32(?), ref: 008F5989
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$getsockname$bindhtonslisten
      • String ID: %s %s$%s |%d|%s|%hu|$,%d,%d$EPRT$Failure sending EPRT command: %s$Failure sending PORT command: %s$PORT$bind() failed, we ran out of ports$bind(port=%hu) failed: %s$bind(port=%hu) on non-local address failed: %s$failed to resolve the address provided to PORT: %s$getsockname() failed: %s$socket failure: %s
      • API String ID: 1959895113-3876000827
      • Opcode ID: cbcd9d768169070527d80faa75efb23027f5be21bd1c153c34de52c32d598f43
      • Instruction ID: 4359f350d6b42078b7216c9f5dc09cc577378c4b43ffbb5a0da96a5b3dc2bece
      • Opcode Fuzzy Hash: cbcd9d768169070527d80faa75efb23027f5be21bd1c153c34de52c32d598f43
      • Instruction Fuzzy Hash: 6312E171608709AFD720DF34D881FBB77E8FB99714F440929FA89C7282E674D94487A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090F7C0 Relevance: 39.7, APIs: 1, Strings: 21, Instructions: 1231COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: GMT$%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s$%02x:$%s%x$%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s$-----BEGIN CERTIFICATE-----$-----END CERTIFICATE-----$0$Cert$Expire Date$FALSE$GMT$Issuer$Public Key Algorithm$Serial Number$Signature$Signature Algorithm$Start Date$Subject$TRUE$Version
      • API String ID: 0-3836130663
      • Opcode ID: d1869ecf09fc81d63791860ce09a8ef1ace4982b9c8e96d98bcb0f41d4774903
      • Instruction ID: 58ef5e1dc02fa9b2543664764bfa697b42f86b623253f3b06fde2f144cabd5de
      • Opcode Fuzzy Hash: d1869ecf09fc81d63791860ce09a8ef1ace4982b9c8e96d98bcb0f41d4774903
      • Instruction Fuzzy Hash: 4C827A72A083495FDB35CA648855BEF7BDCABC4344F08092DF986C7242E275DEC58B92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00908040 Relevance: 35.8, Strings: 28, Instructions: 752COMMON
      Download Yara Rule
      Strings
      • SOCKS5 GSSAPI per-message authentication is not supported., xrefs: 009082EF
      • SOCKS5 connect to %s:%d (remotely resolved), xrefs: 009087FA
      • Can't complete SOCKS5 connection to %s. (%d), xrefs: 00908921
      • SOCKS5 GSS-API protection not yet implemented., xrefs: 0090887A
      • SOCKS5 connect request, xrefs: 0090884A
      • Received invalid version in initial SOCKS5 response., xrefs: 00908224
      • initial SOCKS5 response, xrefs: 009081FC
      • Unable to negotiate SOCKS5 GSS-API context., xrefs: 009082C9
      • SOCKS5 connect to [%s]:%d (locally resolved), xrefs: 009086F9
      • SOCKS5 connect request address, xrefs: 009089D3
      • SOCKS5 connect to %s:%d (locally resolved), xrefs: 009086A7
      • SOCKS5: connecting to HTTP proxy %s port %d, xrefs: 009080D8
      • Excessive password length for proxy auth, xrefs: 009083E3
      • User was rejected by the SOCKS5 server (%d %d)., xrefs: 009084A8
      • SOCKS5 reply has wrong version, version should be 5., xrefs: 009088E6
      • Excessive user name length for proxy auth, xrefs: 0090838B
      • SOCKS5 connect request ack, xrefs: 009088BE
      • SOCKS5 connection to %s not supported, xrefs: 0090871E
      • No authentication method was acceptable., xrefs: 00908319
      • SOCKS5 sub-negotiation response, xrefs: 00908476
      • initial SOCKS5 request, xrefs: 00908188, 009081C8
      • warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %u, xrefs: 0090812C
      • Failed to resolve "%s" for SOCKS5 connect., xrefs: 00908622
      • SOCKS5: the destination hostname is too long to be resolved remotely by the proxy., xrefs: 009080F9
      • Undocumented SOCKS5 mode attempted to be used by server., xrefs: 0090833F
      • SOCKS5 sub-negotiation request, xrefs: 00908435
      • SOCKS5 request granted., xrefs: 009089F9
      • SOCKS5 reply has wrong address type., xrefs: 009089A9
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: Can't complete SOCKS5 connection to %s. (%d)$Excessive password length for proxy auth$Excessive user name length for proxy auth$Failed to resolve "%s" for SOCKS5 connect.$No authentication method was acceptable.$Received invalid version in initial SOCKS5 response.$SOCKS5 GSS-API protection not yet implemented.$SOCKS5 GSSAPI per-message authentication is not supported.$SOCKS5 connect request$SOCKS5 connect request ack$SOCKS5 connect request address$SOCKS5 connect to %s:%d (locally resolved)$SOCKS5 connect to %s:%d (remotely resolved)$SOCKS5 connect to [%s]:%d (locally resolved)$SOCKS5 connection to %s not supported$SOCKS5 reply has wrong address type.$SOCKS5 reply has wrong version, version should be 5.$SOCKS5 request granted.$SOCKS5 sub-negotiation request$SOCKS5 sub-negotiation response$SOCKS5: connecting to HTTP proxy %s port %d$SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.$Unable to negotiate SOCKS5 GSS-API context.$Undocumented SOCKS5 mode attempted to be used by server.$User was rejected by the SOCKS5 server (%d %d).$initial SOCKS5 request$initial SOCKS5 response$warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %u
      • API String ID: 0-3353562403
      • Opcode ID: ff37cdda2c9fe2bbfc93cf1cc3f004ee664907c6749f7cf584664211f01bbc97
      • Instruction ID: a1136ebdb6a5ed99db2db45e3e048dfbafcff0699a05b9ae9c26a6372730584f
      • Opcode Fuzzy Hash: ff37cdda2c9fe2bbfc93cf1cc3f004ee664907c6749f7cf584664211f01bbc97
      • Instruction Fuzzy Hash: D9420671B047459ED7209F28DC42B6BBBD8FF95304F84492EF4DA86282EB36D944CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00904690 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 376networkCOMMON
      Download Yara Rule
      APIs
      Strings
      • Bind to local port %d failed, trying next, xrefs: 00904A90
      • Couldn't bind to interface '%s', xrefs: 00904901
      • Couldn't bind to '%s', xrefs: 00904A02
      • getsockname() failed with errno %d: %s, xrefs: 00904B14
      • Local Interface %s is ip %s using address family %i, xrefs: 0090486E
      • Name '%s' family %i resolved to '%s' family %i, xrefs: 0090498C
      • bind failed with errno %d: %s, xrefs: 00904B4C
      • Local port: %hu, xrefs: 00904B65
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: htons$bind
      • String ID: Bind to local port %d failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
      • API String ID: 2160648544-3492813788
      • Opcode ID: f517c9ef1edfbdd328785236be5f79df17ed69f6929f337269c47a3f78759cec
      • Instruction ID: 10ebcd1d117b10b70fa9bb8be0cc3a2b95216f333d34c48036e190b1006818b8
      • Opcode Fuzzy Hash: f517c9ef1edfbdd328785236be5f79df17ed69f6929f337269c47a3f78759cec
      • Instruction Fuzzy Hash: 5DD1D3B5608341AFD720DF64D885FBB77ECAF96304F04092DF989C6282E725D9088767
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090F0F0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 149encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptQueryObject.CRYPT32(00000002,?,00000002,0000000E,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0090F1D1
      • CertAddCertificateContextToStore.CRYPT32(?,?,00000004,00000000), ref: 0090F1F2
      • CertFreeCertificateContext.CRYPT32(00000000), ref: 0090F1FE
      • GetLastError.KERNEL32(?,00000100), ref: 0090F218
      Strings
      • schannel: unexpected content type '%lu' when extracting certificate from CA file '%s', xrefs: 0090F235
      • -----BEGIN CERTIFICATE-----, xrefs: 0090F14C
      • schannel: failed to add certificate from CA file '%s' to certificate store: %s, xrefs: 0090F229
      • schannel: did not add any certificates from CA file '%s', xrefs: 0090F2A4
      • schannel: CA file '%s' is not correctly formatted, xrefs: 0090F284
      • schannel: failed to extract certificate from CA file '%s': %s, xrefs: 0090F268
      • schannel: added %d certificate(s) from CA file '%s', xrefs: 0090F2B8
      • -----END CERTIFICATE-----, xrefs: 0090F17A
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CertCertificateContext$CryptErrorFreeLastObjectQueryStore
      • String ID: -----END CERTIFICATE-----$-----BEGIN CERTIFICATE-----$schannel: CA file '%s' is not correctly formatted$schannel: added %d certificate(s) from CA file '%s'$schannel: did not add any certificates from CA file '%s'$schannel: failed to add certificate from CA file '%s' to certificate store: %s$schannel: failed to extract certificate from CA file '%s': %s$schannel: unexpected content type '%lu' when extracting certificate from CA file '%s'
      • API String ID: 854292303-2991118681
      • Opcode ID: b2c7962a1f925750c265d7ab32e49c7d3e81d0d1f60c3cc5d2a07ece84228569
      • Instruction ID: 57acfb8d71237cd3cc6fe36936984dd4cd0a54bdb6483f69d9c164296cbbdd4e
      • Opcode Fuzzy Hash: b2c7962a1f925750c265d7ab32e49c7d3e81d0d1f60c3cc5d2a07ece84228569
      • Instruction Fuzzy Hash: E141D275648301AFD3209F18DC16F6BBBE9FB88708F400929F698D22D1D775DA058B92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090A7D0 Relevance: 19.7, APIs: 1, Strings: 10, Instructions: 412COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: %s%02x%02x$AAAA$CNAME: %s$Could not DoH-resolve: %s$DoH A: %u.%u.%u.%u$DoH AAAA: $DoH Host name: %s$DoH: %s type %s for %s$TTL: %u seconds$bad error code
      • API String ID: 0-103626726
      • Opcode ID: 4410a8c9923c1d81396d99b44d6162e6e7802118879d0115f2944de4be3af189
      • Instruction ID: 40df5dacd34182aadb9aaa66bfc0b6bfb9b369cf4da6704cdda8003b46ff1702
      • Opcode Fuzzy Hash: 4410a8c9923c1d81396d99b44d6162e6e7802118879d0115f2944de4be3af189
      • Instruction Fuzzy Hash: E4E1B2719083509FD7209F28D885BABB7E9FF84304F45492DF88997282E735A945CBD3
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090F5C0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 157encryptionCOMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00909C00: GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo,00000000), ref: 00909C2E
        • Part of subcall function 00909C00: GetProcAddress.KERNEL32(00000000), ref: 00909C35
      • CertGetNameStringA.CRYPT32(?,00000006,00010002,00000000,?,?), ref: 0090F60E
      Strings
      • schannel: Null certificate context., xrefs: 0090F64B
      • schannel: CertFindExtension() returned no extension., xrefs: 0090F675
      • 2.5.29.17, xrefs: 0090F666, 0090F69E
      • schannel: Empty DNS name., xrefs: 0090F701
      • schannel: Not enough memory to list all host names., xrefs: 0090F797
      • schannel: Null certificate info., xrefs: 0090F659
      • schannel: CryptDecodeObjectEx() returned no alternate name information., xrefs: 0090F6B2
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AddressCertHandleModuleNameProcString
      • String ID: 2.5.29.17$schannel: CertFindExtension() returned no extension.$schannel: CryptDecodeObjectEx() returned no alternate name information.$schannel: Empty DNS name.$schannel: Not enough memory to list all host names.$schannel: Null certificate context.$schannel: Null certificate info.
      • API String ID: 4138448956-2160583098
      • Opcode ID: bae3cf83364b7d7480e3d77a74c75911a162f58e360ed30b71f8c201f59e47fd
      • Instruction ID: 03de3a83390d274abc89c570843ecf3429039a3c912c831c5357f625a7546e96
      • Opcode Fuzzy Hash: bae3cf83364b7d7480e3d77a74c75911a162f58e360ed30b71f8c201f59e47fd
      • Instruction Fuzzy Hash: 4351E035208301AFD7208F04D861F6AB7E5BF94B08F54446DF9845A6E2D3B69A89CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A43F0 Relevance: 16.3, APIs: 7, Strings: 2, Instructions: 514filestringnetworkCOMMON
      Download Yara Rule
      APIs
      • InternetCrackUrlA.WININET(?,?,00000000,?), ref: 008A44A1
      • GetTempPathW.KERNEL32(00000104,?), ref: 008A4664
      • lstrcatW.KERNEL32(?,?), ref: 008A468E
      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000004,00000080,00000000), ref: 008A46AD
        • Part of subcall function 008C16F0: AcquireSRWLockExclusive.KERNEL32(009817DC,?,008A46C7), ref: 008C16F6
        • Part of subcall function 008C16F0: ReleaseSRWLockExclusive.KERNEL32(009817DC,00000001), ref: 008C171A
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001), ref: 008A4797
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001), ref: 008A4A51
      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001), ref: 008A4A59
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CloseHandle$ExclusiveLock$AcquireCrackCreateFileInternetPathReleaseTemplstrcat
      • String ID: Failed converting UTF-8 string to UTF-16$https
      • API String ID: 2923213595-529563813
      • Opcode ID: 057cbbf667c2e2a7af20b43a5e428ec9d7aed36cab3de55f4643ae80e9a55412
      • Instruction ID: 53056a4c98cd965447b05868ad851aab373089f13be7479fef980d64a8ee6ec8
      • Opcode Fuzzy Hash: 057cbbf667c2e2a7af20b43a5e428ec9d7aed36cab3de55f4643ae80e9a55412
      • Instruction Fuzzy Hash: B122F271A002688BEF25CF24CC94BA9B7B5FF86304F1452E8E559A7681D7B09EC1CF54
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008CE890 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 375COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __vfprintf_l
      • String ID: -----END PUBLIC KEY-----$ public key hash: sha256//%s$-----BEGIN PUBLIC KEY-----$;sha256//$Z$Z$sha256//
      • API String ID: 86772892-1456817947
      • Opcode ID: 48513863b099068ab87eb5db5c6f417db70c9cf7703c47ab0ffd6e439c889381
      • Instruction ID: c536d33e8232ceafad7f4a9b56ff1bf60626a434df2beedc7f16d98a0a09aab7
      • Opcode Fuzzy Hash: 48513863b099068ab87eb5db5c6f417db70c9cf7703c47ab0ffd6e439c889381
      • Instruction Fuzzy Hash: A6C1F332A087445BD7259F288C84F7E7BB5FF82324F48065CE896D7292D731DD0A8792
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FD370 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 227COMMON
      Download Yara Rule
      APIs
      • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 008FD441
      • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 008FD513
      • sendto.WS2_32(?,?,00000004,00000000,?,?), ref: 008FD653
      Strings
      • Received unexpected DATA packet block %d, expecting block %d, xrefs: 008FD494
      • Received last DATA packet block %d again., xrefs: 008FD3E1
      • tftp_rx: internal error, xrefs: 008FD679
      • Timeout waiting for block %d ACK. Retries = %d, xrefs: 008FD561
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: sendto
      • String ID: Received last DATA packet block %d again.$Received unexpected DATA packet block %d, expecting block %d$Timeout waiting for block %d ACK. Retries = %d$tftp_rx: internal error
      • API String ID: 1876886790-2298932677
      • Opcode ID: e76f0922b0743d36cb6ea566f255cddfb48633fca6dba9525f96e43ea6a95070
      • Instruction ID: 411b803f2909c2f86369f0343997fa6a4fec46564577f079c2aac7b11b7daa9c
      • Opcode Fuzzy Hash: e76f0922b0743d36cb6ea566f255cddfb48633fca6dba9525f96e43ea6a95070
      • Instruction Fuzzy Hash: 8491CFB56007409FD3259F38D882BEBB7E5FF59300F44881EE69EC72A1D679A444CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00915EF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 68encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000040), ref: 00915F03
      • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00915F28
      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00915F37
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Context$AcquireCreateHashRelease
      • String ID:
      • API String ID: 4045725610-3916222277
      • Opcode ID: d6f4527148711d4ab9262c3cc263f94529167e76b19e24ad8ac33b1dbb895391
      • Instruction ID: b349d0f2b22907d9009976dca4eb2e5049d61222622f28e27a2cb36755ba9777
      • Opcode Fuzzy Hash: d6f4527148711d4ab9262c3cc263f94529167e76b19e24ad8ac33b1dbb895391
      • Instruction Fuzzy Hash: B7219D74248301BBF7209F10EC0AF6A7BE9BB84B05F804828FA44D51E0E771DC48EB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E1380 Relevance: 15.5, Strings: 12, Instructions: 536COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: %s$%x$0$Content-Length$Content-Length: %lld$Content-Length: 0$Content-Type$Content-Type: application/x-www-form-urlencoded$Failed sending HTTP POST request$Failed sending HTTP request$Failed sending POST request$Failed sending PUT request
      • API String ID: 0-3561796879
      • Opcode ID: a17ba12f8e4b09b9583e32527e7d6adf41fc30862225e64b6d2fa23257e5ac5d
      • Instruction ID: 0dfcfe82bff5d98c8325896884f64b75cee70a8dd0d3c1038281f624468c61d7
      • Opcode Fuzzy Hash: a17ba12f8e4b09b9583e32527e7d6adf41fc30862225e64b6d2fa23257e5ac5d
      • Instruction Fuzzy Hash: 440227B17007456BEB20AB66DC86FA6B7D8FF56308F440529F81AD2283E771E914C792
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F5C80 Relevance: 14.3, Strings: 11, Instructions: 526COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: ACCT rejected by server: %03d$AUTH %s$CCC$Entry path is '%s'$Failed to clear the command channel (CCC)$Failed to figure out path$Got a %03d ftp-server response when 220 was expected$PROT %c$SYST$We got a 421 - timeout$unsupported parameter to CURLOPT_FTPSSLAUTH: %d
      • API String ID: 0-1387434259
      • Opcode ID: 42a4a3754824b370aa5e467defe29742217eabf2770e112923b4610aae7674da
      • Instruction ID: 12ef76de021993ddb509466ac95f44f553d84662f77c2a83309e443c399c2ab1
      • Opcode Fuzzy Hash: 42a4a3754824b370aa5e467defe29742217eabf2770e112923b4610aae7674da
      • Instruction Fuzzy Hash: 39F19F75B006081BD710AB38EC82BFE7795FFC9365F98053AF649C7242EA3686848753
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090E370 Relevance: 12.9, Strings: 10, Instructions: 364COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: alnum$alpha$blank$digit$graph$lower$print$space$upper$xdigit
      • API String ID: 0-2602438971
      • Opcode ID: 7a74d0d3abad8d34bddd07dbd2f7dcabc3f2eb58ba993c4cf1bc840cde38d652
      • Instruction ID: 57d099f05a4723b76ec936a368a2b28c23ea7faa2376eb2d77bb66dd470cdffc
      • Opcode Fuzzy Hash: 7a74d0d3abad8d34bddd07dbd2f7dcabc3f2eb58ba993c4cf1bc840cde38d652
      • Instruction Fuzzy Hash: 59B1E9667182840EDB219F3898A17F67BDB9FA6314FC84CA9D8C5CB2D2E617C84DC351
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00911CF0 Relevance: 12.1, Strings: 9, Instructions: 866COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: GMT$%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s$%02x:$%s%x$%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s$0$FALSE$GMT$TRUE
      • API String ID: 0-199526482
      • Opcode ID: 828a850089f71a9d4d7ee44bbb975b370ec501c510e41ef5ca28aac8a5b5e531
      • Instruction ID: 260cba449e93017da8672771ad8cce84f245768982d85ef59d45bb55184241df
      • Opcode Fuzzy Hash: 828a850089f71a9d4d7ee44bbb975b370ec501c510e41ef5ca28aac8a5b5e531
      • Instruction Fuzzy Hash: 51429A72B082596FCB259B348844BEBB7EDEBC5300F18492DF996C7242E235CD95C792
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00916C50 Relevance: 12.1, APIs: 8, Instructions: 67encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptAcquireContextA.ADVAPI32(?), ref: 00916C73
      • CryptCreateHash.ADVAPI32(00000000,00008002,00000000,00000000,00000001), ref: 00916C8F
      • CryptReleaseContext.ADVAPI32(00000001,00000000), ref: 00916C9E
      • CryptHashData.ADVAPI32(?,?,00000000,00000000,F0000040,?,00000000,00000000), ref: 00916CCC
      • CryptGetHashParam.ADVAPI32(?,00000002,00000000,?), ref: 00916CE9
      • CryptGetHashParam.ADVAPI32(?,00000002,?,00000000,00000000), ref: 00916D06
      • CryptDestroyHash.ADVAPI32(?), ref: 00916D15
      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00916D26
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Hash$Context$ParamRelease$AcquireCreateDataDestroy
      • String ID:
      • API String ID: 1945989244-0
      • Opcode ID: 9feb31539ce770d6e13ecea64d7fd062944aa031d2a8518fcb231aa87783ed2a
      • Instruction ID: 52a10065a4885a2a937aa4203b535ea0f382076c3cdd9a224cc02da3e839def9
      • Opcode Fuzzy Hash: 9feb31539ce770d6e13ecea64d7fd062944aa031d2a8518fcb231aa87783ed2a
      • Instruction Fuzzy Hash: C8213878648301BBE7109F10EC0AF5A7BE9FB44B05F804828FA84E51E1D7B1D848EB66
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008D2630 Relevance: 11.6, Strings: 9, Instructions: 345COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: ALL_PROXY$NO_PROXY$Uses proxy env variable %s == '%s'$_proxy$all_proxy$http_proxy$memory shortage$no_proxy$space-separated NOPROXY patterns are deprecated
      • API String ID: 0-2679089201
      • Opcode ID: 53588cdce45fdfbfc03707ceaec1df6e5ecbd486f48234f914ed18f34dcf3e61
      • Instruction ID: 77000d7868c43bd9dd64c1cae74be7d8775c0561909195ebd5339e30cb6aa841
      • Opcode Fuzzy Hash: 53588cdce45fdfbfc03707ceaec1df6e5ecbd486f48234f914ed18f34dcf3e61
      • Instruction Fuzzy Hash: 4BD190705047459FDB319F259845BA77BE8FFA2304F04492EE8D9C7312EA71EA08DB62
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093A907 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 254COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • GetACP.KERNEL32(?,?,?,?,?,?,0092DBEF,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 0093A9C6
      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0092DBEF,?,?,?,00000055,?,-00000050,?,?), ref: 0093A9FD
      • _wcschr.LIBVCRUNTIME ref: 0093AA91
      • _wcschr.LIBVCRUNTIME ref: 0093AA9F
      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0093AB60
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
      • String ID: utf8
      • API String ID: 4147378913-905460609
      • Opcode ID: e0854d8c9444c3e64360d18d7970acf3791fc8faefaba5ff84d521bfb804aed8
      • Instruction ID: 274a5eca438b58a7dda60c805b60ef3ecaecdc729ff26408be95d990b44b9fbf
      • Opcode Fuzzy Hash: e0854d8c9444c3e64360d18d7970acf3791fc8faefaba5ff84d521bfb804aed8
      • Instruction Fuzzy Hash: C771F976600702AAD729AB75CC42BBB73ADEF89700F11442AF595D7181EB74ED40CF62
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008EAB90 Relevance: 10.6, APIs: 7, Instructions: 72encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000040,00000000,?,?,?,00000000,?,00000020,?), ref: 008EABDB
      • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 008EABFB
      • CryptHashData.ADVAPI32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,0090EBC6), ref: 008EAC13
      • CryptGetHashParam.ADVAPI32(?,00000004,?,?,00000000), ref: 008EAC2F
      • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 008EAC50
      • CryptDestroyHash.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,0090EBC6,?,?), ref: 008EAC5F
      • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,0090EBC6,?,?), ref: 008EAC70
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
      • String ID:
      • API String ID: 3606780921-0
      • Opcode ID: 8b957bebad77c8dada48f4b8fa4b65b2ffc35acd8afb00dfa9760c339c99e958
      • Instruction ID: 2bb303b016199e79a143260b548b5434b3e501eb62ba5d261b90998649385181
      • Opcode Fuzzy Hash: 8b957bebad77c8dada48f4b8fa4b65b2ffc35acd8afb00dfa9760c339c99e958
      • Instruction Fuzzy Hash: 3A2128B0648301ABEB209F11DD09F5B7BE8FB85B44F544818F684E60E0D771E908DBA6
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093C6CE Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __floor_pentium4
      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
      • API String ID: 4168288129-2761157908
      • Opcode ID: 4bdc00e93b2453f2c949e9a9571a1b0c717897413315d9360a135020ce5fd37b
      • Instruction ID: a3a09e1122ff88b2ee2179176e083b4e80b0dcf6d49192638a5d4d048c6e23ab
      • Opcode Fuzzy Hash: 4bdc00e93b2453f2c949e9a9571a1b0c717897413315d9360a135020ce5fd37b
      • Instruction Fuzzy Hash: 4FD24B71E096288FDB65CF28DC507EAB7B9EB85305F1445EAD80DE7240E778AE818F41
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E66C0 Relevance: 10.2, Strings: 8, Instructions: 222COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
      • API String ID: 0-3476178709
      • Opcode ID: d7506c7adc219b022287bd0430c43a95e8ef1a880020dfbfa64ee77d5bba1c0b
      • Instruction ID: 535359b1ec1339221330cef1b9bcbb31f9df9f6338ff41b86f5ab2408a60ca4f
      • Opcode Fuzzy Hash: d7506c7adc219b022287bd0430c43a95e8ef1a880020dfbfa64ee77d5bba1c0b
      • Instruction Fuzzy Hash: A45159B2B1475A1BEB08892EDC42B6F72C9F795398F480A3DF946D7382F598DC104297
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FF490 Relevance: 9.3, Strings: 7, Instructions: 589COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: %.*s%%25%s]$%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s$bad locale name$file$file://%s%s%s$https$xn--
      • API String ID: 0-4019807016
      • Opcode ID: 9982dfc964006ffdd4583f37f3901e70a94b662beebd4aaa85f4c7bd0ccc3396
      • Instruction ID: 0a94b71e3df0a2b512b135aaaebe8b86c536149fe0891e01f21d1e3ed75304e0
      • Opcode Fuzzy Hash: 9982dfc964006ffdd4583f37f3901e70a94b662beebd4aaa85f4c7bd0ccc3396
      • Instruction Fuzzy Hash: 9512CCB1A04309ABDB249F24C841B6AB7E0FF98358F444939FA49C7392E735DD54CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00914640 Relevance: 9.1, APIs: 6, Instructions: 114encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptAcquireContextA.ADVAPI32 ref: 0091466B
      • CryptImportKey.ADVAPI32(?,?,00000014,00000000,00000000,?,F0000040,?,0000000E,0000000E,00000000,0000000E,?,?,0000000E,?), ref: 0091472A
      • CryptReleaseContext.ADVAPI32(?,00000000,?,008F8D72,?,?), ref: 0091473A
      • CryptEncrypt.ADVAPI32(?,00000000,00000000,00000000,?,?,?,?,008F8D72,?,?), ref: 00914774
      • CryptDestroyKey.ADVAPI32(?,?,008F8D72,?,?), ref: 0091477E
      • CryptReleaseContext.ADVAPI32(?,00000000,?,008F8D72,?,?), ref: 0091478A
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Context$Release$AcquireDestroyEncryptImport
      • String ID:
      • API String ID: 3016261861-0
      • Opcode ID: 8d1a0274383015ca98703347107b063f0f2f25d03a9013f55ea7f56050e0a51e
      • Instruction ID: 15028298c1ceb8fed1585647c319023451c40caf08da4c7d5b4265900d935cf4
      • Opcode Fuzzy Hash: 8d1a0274383015ca98703347107b063f0f2f25d03a9013f55ea7f56050e0a51e
      • Instruction Fuzzy Hash: FB419D791083809FE7118F68C846BDBBFE5EF9A704F10494CF5D897292C325E50AEB56
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093B0A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLocaleInfoW.KERNEL32(00000000,2000000B,0093B3B2,00000002,00000000,?,?,?,0093B3B2,?,00000000), ref: 0093B139
      • GetLocaleInfoW.KERNEL32(00000000,20001004,0093B3B2,00000002,00000000,?,?,?,0093B3B2,?,00000000), ref: 0093B162
      • GetACP.KERNEL32(?,?,0093B3B2,?,00000000), ref: 0093B177
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID: ACP$OCP
      • API String ID: 2299586839-711371036
      • Opcode ID: 65b50c07f525be3b3527ad18b4f013abc336d5985a8a2e2e22c01737a406d640
      • Instruction ID: d156a732232a89898cd05423574d4c56df8ce68359c367e7bf2d121d4209bd57
      • Opcode Fuzzy Hash: 65b50c07f525be3b3527ad18b4f013abc336d5985a8a2e2e22c01737a406d640
      • Instruction Fuzzy Hash: 3421C232708104A6DB35CF95CD25BA773AAFF54B54F568424EB0ACB214E732DD40DB50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00915E90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptGetHashParam.ADVAPI32(?,00000002,00000000,?,00000000), ref: 00915EAC
      • CryptGetHashParam.ADVAPI32(00000020,00000002,?,?,00000000), ref: 00915EC9
      • CryptDestroyHash.ADVAPI32(00000020), ref: 00915ED7
      • CryptReleaseContext.ADVAPI32(00000020,00000000), ref: 00915EE7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Hash$Param$ContextDestroyRelease
      • String ID:
      • API String ID: 2110207923-3916222277
      • Opcode ID: be10888db9245704f68c155ba3850171e2189c1b2a8db3a66b5dd7f18204410a
      • Instruction ID: 220e22009ef2867a48d892aac8c1584ea3ddd8746f0b4cd09ecbf9e75a09c187
      • Opcode Fuzzy Hash: be10888db9245704f68c155ba3850171e2189c1b2a8db3a66b5dd7f18204410a
      • Instruction Fuzzy Hash: 48F0E275618305EBEB208B50DE09F967BE9BB89B01F514809F695A2190D770E840EA61
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093B27C Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0093B384
      • IsValidCodePage.KERNEL32(00000000), ref: 0093B3C2
      • IsValidLocale.KERNEL32(?,00000001), ref: 0093B3D5
      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0093B41D
      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0093B438
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
      • String ID:
      • API String ID: 415426439-0
      • Opcode ID: f518c824e8a8c5e8cac1d0a40c98cf6725f3a2b54836107c49e4559e1fa05c88
      • Instruction ID: 5e13e7cf9fe87d08b151fb0157359e164ab3070993fe0f05a33302ee098f1a26
      • Opcode Fuzzy Hash: f518c824e8a8c5e8cac1d0a40c98cf6725f3a2b54836107c49e4559e1fa05c88
      • Instruction Fuzzy Hash: 96518B71A01619ABDB10DFA5CC85BBEB7BCFF49700F18442AFA11EB191E7709A408F61
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008ACE00 Relevance: 6.7, Strings: 5, Instructions: 409COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: array$object$object key$object separator$value
      • API String ID: 0-2448007618
      • Opcode ID: b3e930ec74aa8c2c4c011cd9b80c171407f760fdef4c886d30c18c87c73931d6
      • Instruction ID: 2cbb3cbfb99d44c045f814228c088467ca170fd8b76fcb8d14d7c095a32535b0
      • Opcode Fuzzy Hash: b3e930ec74aa8c2c4c011cd9b80c171407f760fdef4c886d30c18c87c73931d6
      • Instruction Fuzzy Hash: 45F1B331D0424CDBEF10DBA8C944BEDBBB5FB56304F144199D906E7A82EB746A48CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009017A0 Relevance: 6.6, Strings: 5, Instructions: 394COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: default$login$macdef$machine$password
      • API String ID: 0-1563471620
      • Opcode ID: 5d89724f7b84d567a280f6e3809e0685b0e2e338266eeb7837dd33b341636c29
      • Instruction ID: e679dab0911b227b86f89ca16b7e86fa755844fde1b7841c918556081e926829
      • Opcode Fuzzy Hash: 5d89724f7b84d567a280f6e3809e0685b0e2e338266eeb7837dd33b341636c29
      • Instruction Fuzzy Hash: 5CE1DF7050C3828FD721CF2898547ABBBE9AF96344F08095DF8D593382D364DA49C7A3
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091E850 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3b4c18befcab0573e6e81933e097b4fdd9469eef3e872716b6169ade49a467a6
      • Instruction ID: 95ce94a11f889d6e526b1659fe10c8ebc19fc8533a7ebae4de4f6b3ac974ba1f
      • Opcode Fuzzy Hash: 3b4c18befcab0573e6e81933e097b4fdd9469eef3e872716b6169ade49a467a6
      • Instruction Fuzzy Hash: C8021C71E012199BDF14CFA9D9806EEFBF5FF88314F248269E919A7381D731A941CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00917CE9 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
      Download Yara Rule
      APIs
      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00917CF5
      • IsDebuggerPresent.KERNEL32 ref: 00917DC1
      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00917DE1
      • UnhandledExceptionFilter.KERNEL32(?), ref: 00917DEB
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
      • String ID:
      • API String ID: 254469556-0
      • Opcode ID: e46ee77156b3d8d8ea46e18c5614983300c01d5c5146edf1370e962f70ffdf35
      • Instruction ID: eb6dece6dac878238081dbf3999def741360df35b7365311f6ba6fd6c4e7fd27
      • Opcode Fuzzy Hash: e46ee77156b3d8d8ea46e18c5614983300c01d5c5146edf1370e962f70ffdf35
      • Instruction Fuzzy Hash: 87312975D4921D9BDB11DFA4D989BCDBBF8BF08304F1040DAE409AB250EB719A84DF44
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00914160 Relevance: 6.0, APIs: 4, Instructions: 34encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptGetHashParam.ADVAPI32(?,00000002,00000000,?,00000000), ref: 0091417C
      • CryptGetHashParam.ADVAPI32(00000010,00000002,?,?,00000000), ref: 00914199
      • CryptDestroyHash.ADVAPI32(00000010), ref: 009141A7
      • CryptReleaseContext.ADVAPI32(00000010,00000000), ref: 009141B7
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Hash$Param$ContextDestroyRelease
      • String ID:
      • API String ID: 2110207923-0
      • Opcode ID: 653fcaa409ed8fcd86a1135bcb9780472e240affa0ec6f65587226077f8f4a50
      • Instruction ID: fa377d9616cc5491758c34b986f18f92f765cff2dc320648eaa6d33f03105a28
      • Opcode Fuzzy Hash: 653fcaa409ed8fcd86a1135bcb9780472e240affa0ec6f65587226077f8f4a50
      • Instruction Fuzzy Hash: A1F01774258305BFEB208F10DD09F967BEDFB59B41F904809FA85A2190C770EC40EB61
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A6A60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 286COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: /Kim
      • API String ID: 0-585551710
      • Opcode ID: 01c144d37a685d7b77dd799bc35c6e046e767cf6f655eaa26189f79ba193f031
      • Instruction ID: 4d7d5a9c1f719485db9214f7c20ec0bbc261fd57953e93deb8e44f3ff394fb42
      • Opcode Fuzzy Hash: 01c144d37a685d7b77dd799bc35c6e046e767cf6f655eaa26189f79ba193f031
      • Instruction Fuzzy Hash: 8B91C172F006188BDB18CEAD8C816ADFBB6FB8A320F19416EE489DB745E6745C06C750
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A6D90 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 263COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __aulldvrm
      • String ID: /Kim
      • API String ID: 1302938615-585551710
      • Opcode ID: 4200975c146bd562615440a2df342638a4c6a055c7c4a504002d5aecf9b1a1bc
      • Instruction ID: fd346073a69c6c2612ac094ef0170486ca2642789b73deb5b9631cf7a33be4dc
      • Opcode Fuzzy Hash: 4200975c146bd562615440a2df342638a4c6a055c7c4a504002d5aecf9b1a1bc
      • Instruction Fuzzy Hash: D7819172F046188FDB08CEADCC856ADFBB6FB89320F29416EE449DB745E6745C068B50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FCA50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137networkCOMMON
      Download Yara Rule
      APIs
      • bind.WS2_32(?,00000030,?), ref: 008FCB7D
      • WSAGetLastError.WS2_32(?,00000100), ref: 008FCB91
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastbind
      • String ID: bind() failed; %s
      • API String ID: 2328862993-1141498939
      • Opcode ID: b91855ca35d66d7b22e1c8ec29be4789e488c5cf5d16894fdd385441f31163f6
      • Instruction ID: 2757c5c1a358f586400c53f4b73e4dee263dcc14233086688d7be8f0c352b85a
      • Opcode Fuzzy Hash: b91855ca35d66d7b22e1c8ec29be4789e488c5cf5d16894fdd385441f31163f6
      • Instruction Fuzzy Hash: A3517870A047099FEB20DF28DD45BAA77E8FB45314F040429EA49C7291E375EA848BA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008ADE10 Relevance: 5.4, Strings: 4, Instructions: 384COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: array$object$object key$object separator
      • API String ID: 0-2277530871
      • Opcode ID: a7c10765cd0d1fa0c140aca46847e8701c3a6f0df0290438813d1e05728d248f
      • Instruction ID: 867dc80bec4b6dfbc63ac76181d505b92e01c3f928d4e56d1db0777ac1dd10b3
      • Opcode Fuzzy Hash: a7c10765cd0d1fa0c140aca46847e8701c3a6f0df0290438813d1e05728d248f
      • Instruction Fuzzy Hash: 10F1AE70D0430CDBEB14DBA8C854BEEBBB5FF56304F144659E402EB681EB746A49CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FC85A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125networkCOMMON
      Download Yara Rule
      APIs
      • bind.WS2_32(?,00000030,?), ref: 008FC984
      • WSAGetLastError.WS2_32(?,00000100), ref: 008FC998
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastbind
      • String ID: bind() failed; %s
      • API String ID: 2328862993-1141498939
      • Opcode ID: 48b5b427da1cc7acd10b124bc4322b930a23f4af7ae7b70adbc4b6b93e0c4187
      • Instruction ID: d605d6591f086b26f3e33e0cee3e4012e7c6a7372152d1067d3cd1e1b8da9d73
      • Opcode Fuzzy Hash: 48b5b427da1cc7acd10b124bc4322b930a23f4af7ae7b70adbc4b6b93e0c4187
      • Instruction Fuzzy Hash: F341AE706047099BD7208F38DC45BE6BBE4FF45310F000529FA9AC7292E7B5E554CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093AD24 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093AD78
      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093ADC2
      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093AE88
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: InfoLocale$ErrorLast
      • String ID:
      • API String ID: 661929714-0
      • Opcode ID: f54fadf430d4bbd6fddf51cca008eec20dc196c9829663a47d5388adfebe299b
      • Instruction ID: 6ed5364f5ae644633700b60fff9940c2ebf4bed231ece773470883dc62833a99
      • Opcode Fuzzy Hash: f54fadf430d4bbd6fddf51cca008eec20dc196c9829663a47d5388adfebe299b
      • Instruction Fuzzy Hash: C6618EB19142179FEB289F28CC82BBAB7ACFF44300F108169E955C6185FB38D985DF51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00923CD5 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00923DCD
      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00923DD7
      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00923DE4
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$DebuggerPresent
      • String ID:
      • API String ID: 3906539128-0
      • Opcode ID: d488d3e3858728cca5c15276c7f8dc5d171d28b2929541cffe9ea196c0915e3b
      • Instruction ID: 5aa038530e962dc6ce17b46a5d873bd188591100711747afc6663dea97d3ab10
      • Opcode Fuzzy Hash: d488d3e3858728cca5c15276c7f8dc5d171d28b2929541cffe9ea196c0915e3b
      • Instruction Fuzzy Hash: 0C31B37491122DABCB61DF68DC89BCDBBB8BF48310F5041DAE41DA6250EB749F858F44
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009140E0 Relevance: 4.5, APIs: 3, Instructions: 32encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000040), ref: 009140F1
      • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?), ref: 00914111
      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0091411E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Context$AcquireCreateHashRelease
      • String ID:
      • API String ID: 4045725610-0
      • Opcode ID: b48ae1bea03736cd6d156719869b1a066816a58121a3541a3365e5f64dcab2ed
      • Instruction ID: 028d807c4e4e29979d904664200324fcfcc8b732d60383df4391ce6399107b37
      • Opcode Fuzzy Hash: b48ae1bea03736cd6d156719869b1a066816a58121a3541a3365e5f64dcab2ed
      • Instruction Fuzzy Hash: 24F06D75358210BBFB301F14FC05FD677E9BB14B00F100419F680EA1E4D3A5AC809B44
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00915E30 Relevance: 4.5, APIs: 3, Instructions: 32encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000040), ref: 00915E41
      • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00915E61
      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00915E6E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Crypt$Context$AcquireCreateHashRelease
      • String ID:
      • API String ID: 4045725610-0
      • Opcode ID: 935537047c65cde39406a0c8bf55440b2edfe4114117c6f4291bc0272d0279b2
      • Instruction ID: 575c3d6c33712fa42a30edf800fec5800a30a8a032a923f2c5b686f8c222ce71
      • Opcode Fuzzy Hash: 935537047c65cde39406a0c8bf55440b2edfe4114117c6f4291bc0272d0279b2
      • Instruction Fuzzy Hash: 4AF06D79358614BBFB701F14FC05FD637D8BB44B00F114429F684EA0E4D364AC81AB54
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B96A0 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 438COMMON
      Download Yara Rule
      Strings
      • integral cannot be stored in charT, xrefs: 008B9C2C
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: integral cannot be stored in charT
      • API String ID: 0-1969026217
      • Opcode ID: 840ee0ddb84c957c3ff3cea4ee26d537ba6dc2ab9cd98336c1f6a989527d64f5
      • Instruction ID: 3d087ff40853bab126d8f084509e7fdce4f6c7ffe2f0e9f75dabd1673d16aeea
      • Opcode Fuzzy Hash: 840ee0ddb84c957c3ff3cea4ee26d537ba6dc2ab9cd98336c1f6a989527d64f5
      • Instruction Fuzzy Hash: FE028C71D002688BDB24CF68C8917EEBBB5FF45310F1481D9D989EB382DA359A85CF91
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008AFB30 Relevance: 3.2, APIs: 2, Instructions: 220COMMON
      Download Yara Rule
      APIs
      • ___std_exception_copy.LIBVCRUNTIME ref: 008AFD2F
      • ___std_exception_copy.LIBVCRUNTIME ref: 008AFD56
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ___std_exception_copy
      • String ID:
      • API String ID: 2659868963-0
      • Opcode ID: 657121310572d8c2616911a7a4b7110916b3efa695c51696e458ed1db41d5cff
      • Instruction ID: a7524cb99af30af654ad457be4ec40ca2613cdbd30de4c48bec627eb0d15a0b3
      • Opcode Fuzzy Hash: 657121310572d8c2616911a7a4b7110916b3efa695c51696e458ed1db41d5cff
      • Instruction Fuzzy Hash: 8071B372A0061A8FD718CF9DC840599B7F6FF89320B198639EA56DBB41E734E851CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092792E Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
      Download Yara Rule
      APIs
      • GetSystemTimeAsFileTime.KERNEL32(00000000,?,00000000,?,?,00000000,008DE0F4,00000000,00000000,?), ref: 00927943
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00927962
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
      • String ID:
      • API String ID: 1518329722-0
      • Opcode ID: 826dd288b07e70313a8146c9bd8ba3b7fd0051e8a723afdbc4b98324bc90a7db
      • Instruction ID: f3e9d0140dccf6ddd2aaa3919a395b74d397107ab93146f70627dc4468f0da53
      • Opcode Fuzzy Hash: 826dd288b07e70313a8146c9bd8ba3b7fd0051e8a723afdbc4b98324bc90a7db
      • Instruction Fuzzy Hash: 49F0F4B9A042257F87248BADD80499EFEEDEBC93707254259F809E3348E570CD41C290
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F9840 Relevance: 3.0, APIs: 2, Instructions: 35networkCOMMON
      Download Yara Rule
      APIs
      • htons.WS2_32(?), ref: 008F986D
      • GetCurrentProcessId.KERNEL32(?,?,0000002E,?,0000001B), ref: 008F98A5
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CurrentProcesshtons
      • String ID:
      • API String ID: 2530476045-0
      • Opcode ID: 900cb98f1558de74829384d5998daf1c10979ab23125e6faf3cb1c4bc16b21f9
      • Instruction ID: 4317e8765de6675b5e306beacbfae4d09fa73db1b821b36d128bc0a9084e0f69
      • Opcode Fuzzy Hash: 900cb98f1558de74829384d5998daf1c10979ab23125e6faf3cb1c4bc16b21f9
      • Instruction Fuzzy Hash: FB0108695183509BCB048F69C4806A6B7E4BF6A210F05D68AEC988F267D374D990C7A6
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009363E8 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0093682D,00000000,00000000,00000000), ref: 009366EC
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: InformationTimeZone
      • String ID:
      • API String ID: 565725191-0
      • Opcode ID: 076a819f7e491fec167679f802d3f1848276cf5a4888fbbb8c01f72c1d5b2c57
      • Instruction ID: 38bc79af6f343522ec3a971155db2574909f88e5a8cfd9f66617ea7141c357f8
      • Opcode Fuzzy Hash: 076a819f7e491fec167679f802d3f1848276cf5a4888fbbb8c01f72c1d5b2c57
      • Instruction Fuzzy Hash: FFC11572E00215BBDB10AF64DC16BAE7BB9EF84750F54806AF901EB291E7709E41DF90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A1E40 Relevance: 1.8, Strings: 1, Instructions: 583COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: gfff
      • API String ID: 0-1553575800
      • Opcode ID: f9722053659011b1791138b4c4e9b9eae2f4aa91f3641b36b374fb36e06a008c
      • Instruction ID: 145f80124429ffec8dc6216857a873122bc963c4607aba816eae6a9427d2419b
      • Opcode Fuzzy Hash: f9722053659011b1791138b4c4e9b9eae2f4aa91f3641b36b374fb36e06a008c
      • Instruction Fuzzy Hash: 0C127E71F046198BEF18CFADD8906AEB7F2FB9A304F248129D816E7750E7359941CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E8C40 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: GMT
      • API String ID: 0-2739267314
      • Opcode ID: 20265963df2ee9317537891458a561f4fbc555ac571ab19e47c389819111ff58
      • Instruction ID: af50408846f33a6b059387e6f033c9bdff1e2563866130a85431712a4798353f
      • Opcode Fuzzy Hash: 20265963df2ee9317537891458a561f4fbc555ac571ab19e47c389819111ff58
      • Instruction Fuzzy Hash: DF02E4716046858FC724DE2EC89026EB7E2FBC7324F544B29E5A9CB3D1DA71DC458B42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B4D20 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: gfff
      • API String ID: 0-1553575800
      • Opcode ID: 0a9490d04741dc43a486ac086fa90a3f6511487217f7e7eb4ea042d7de28d2f1
      • Instruction ID: 900a7c86c1e4f540ced579bf4f388c331a69e657276da465837c44ec33627bb5
      • Opcode Fuzzy Hash: 0a9490d04741dc43a486ac086fa90a3f6511487217f7e7eb4ea042d7de28d2f1
      • Instruction Fuzzy Hash: 1C124835A0060A8BDF189EACD9963FDB7A6FB44324F295139E816DB3A2D735CD408741
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092F3CF Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0092F3CA,?,?,00000008,?,?,0093E202,00000000), ref: 0092F5FC
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExceptionRaise
      • String ID:
      • API String ID: 3997070919-0
      • Opcode ID: 60ec30db8f7895c192116e2f4696b571926ca221cf010a2b14f8a2cb4e1e692e
      • Instruction ID: f1ac63880b474010929451b112f62005a5b2a81965ae2e1ec875377e0b8be113
      • Opcode Fuzzy Hash: 60ec30db8f7895c192116e2f4696b571926ca221cf010a2b14f8a2cb4e1e692e
      • Instruction Fuzzy Hash: 2CB14B326106189FD719CF28D49AB657BF0FF45364F258678E899CF2A5C335E982CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00916D70 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
      Download Yara Rule
      APIs
      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00916D86
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FeaturePresentProcessor
      • String ID:
      • API String ID: 2325560087-0
      • Opcode ID: 82e8159e0e8aa39ecb4ce0a4a0d2a661b69108f8d8e062ea069822ecfff434f9
      • Instruction ID: 54cbecbff8494b42e8f7fd29aea2c6508c9b00ec3cd6591c26d1881628d3fdb8
      • Opcode Fuzzy Hash: 82e8159e0e8aa39ecb4ce0a4a0d2a661b69108f8d8e062ea069822ecfff434f9
      • Instruction Fuzzy Hash: 8C5188B2F246098FDB14CF99E8816EABBF8FB48344F14852AD805EB350D3359985DF50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00922E84 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: 0
      • API String ID: 0-4108050209
      • Opcode ID: ad57ffaa04648aa44d7c6db20210871a33189c0013fc0b3f974e464947557a28
      • Instruction ID: 65054b223519106d18a1d4759d68143bef2c31ae8bc1777fef62d3d6f8e0a093
      • Opcode Fuzzy Hash: ad57ffaa04648aa44d7c6db20210871a33189c0013fc0b3f974e464947557a28
      • Instruction Fuzzy Hash: 88D1E630A047269FCB24CF68E680ABEF7B5FF45310F14861DD5569B299C738AE41CB51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009382C5 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 80c7b636214d8ae475f93fcf013d3df3ebf0c8af72549eae548b849ecfb1bf47
      • Instruction ID: 501110c9640b733ca4e2066616e71efcd86cdcb67454962ecfeaf02d6dc08446
      • Opcode Fuzzy Hash: 80c7b636214d8ae475f93fcf013d3df3ebf0c8af72549eae548b849ecfb1bf47
      • Instruction Fuzzy Hash: 7931C176900319AFCB24DFA9CC89EBBB77DEB84754F148199F91597244EE30AE408F60
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00922B25 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: 0
      • API String ID: 0-4108050209
      • Opcode ID: c3f791d3874749472a93864dd80d6a1623f7d383475895b5a55cb4a5e9c6ffe0
      • Instruction ID: ebd7632fd842e7639da84381a1c12c1e05a40f4c88f4da7391f4f246c115f804
      • Opcode Fuzzy Hash: c3f791d3874749472a93864dd80d6a1623f7d383475895b5a55cb4a5e9c6ffe0
      • Instruction Fuzzy Hash: C1C1F330900726AFCB28CF28E584B7EB7B9FF45310F144A59D4929B699C335ED45CB51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093AF77 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093AFCB
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$InfoLocale
      • String ID:
      • API String ID: 3736152602-0
      • Opcode ID: 37627413ade7dda73170f73e2e3ebc8519c04d4358b1cc8279ae376e05b3e95d
      • Instruction ID: 0f9a65397ae2872c826a05dbd7bfaf53816b92b35a86bf13447e35c97a0c297a
      • Opcode Fuzzy Hash: 37627413ade7dda73170f73e2e3ebc8519c04d4358b1cc8279ae376e05b3e95d
      • Instruction Fuzzy Hash: A4219F72615206ABEB2C9B28DC46BBB77ACEF48314F10407AFA15D6185EB34ED44DF50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E9E40 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
      Download Yara Rule
      APIs
      • BCryptGenRandom.BCRYPT(00000000,?), ref: 008E9E9F
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CryptRandom
      • String ID:
      • API String ID: 2662593985-0
      • Opcode ID: dfc383883f5c03a870a172d736b1c8af3366864e2c6938ea8292963a077f4c15
      • Instruction ID: bbb487b96e75b2f7a5c0032b34f59331551140c76cceb69e5d8ebb48b6b92d76
      • Opcode Fuzzy Hash: dfc383883f5c03a870a172d736b1c8af3366864e2c6938ea8292963a077f4c15
      • Instruction Fuzzy Hash: 0E1194722083479AE714DE2AD881B3A77D8EB86714F10042EFAC1D7291D7F1DD458B52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093ABFE Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • EnumSystemLocalesW.KERNEL32(0093AD24,00000001,00000000,?,-00000050,?,0093B358,00000000,?,?,?,00000055,?), ref: 0093AC70
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystem
      • String ID:
      • API String ID: 2417226690-0
      • Opcode ID: 679db5a03b30747efb5f4e802da2cb42997231c70362d8b21b20daf6d58852ab
      • Instruction ID: ed1a96d8f817cf1a256e8e57234813e13413fa6c547752f5ee52d33b72860d41
      • Opcode Fuzzy Hash: 679db5a03b30747efb5f4e802da2cb42997231c70362d8b21b20daf6d58852ab
      • Instruction Fuzzy Hash: 7E11253A2043055FDB189F39C8916BABB96FF84358F18442DE9C687A40E375A942CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E9F00 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
      Download Yara Rule
      APIs
      • BCryptGenRandom.BCRYPT(00000000,?), ref: 008E9F50
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CryptRandom
      • String ID:
      • API String ID: 2662593985-0
      • Opcode ID: 54ca6b843040eceebde3576f4e0e07b6b194daf971115a57fd1568aa383cfda5
      • Instruction ID: dce23479dcfc01a85b18b76a6094349a9860e4d1d0f155088ad2ac0422a09c05
      • Opcode Fuzzy Hash: 54ca6b843040eceebde3576f4e0e07b6b194daf971115a57fd1568aa383cfda5
      • Instruction Fuzzy Hash: 211108725083865AE710CF26DC45F2BBBECFB96314F180A6AF5C0D3282DB74D9458752
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093B1A6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0093AF40,00000000,00000000,?), ref: 0093B1D2
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$InfoLocale
      • String ID:
      • API String ID: 3736152602-0
      • Opcode ID: dc2ec8f2030c6ed7bcef02519d43913a7ddeb6d3348270d39fff5044bfe6b4f6
      • Instruction ID: 7cb0337347f4a8ed91ff34133429042371bb56bb618a2a25fa948b14e3eacc4b
      • Opcode Fuzzy Hash: dc2ec8f2030c6ed7bcef02519d43913a7ddeb6d3348270d39fff5044bfe6b4f6
      • Instruction Fuzzy Hash: 8601D632640116ABDF185A658806BBF3768FB80354F154929EE52A3180EB34EE42CAA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093AC99 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • EnumSystemLocalesW.KERNEL32(0093AF77,00000001,00000000,?,-00000050,?,0093B320,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0093ACE3
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystem
      • String ID:
      • API String ID: 2417226690-0
      • Opcode ID: 4fdbeddf3c7867df5a7fb0e3b28f3a9ef851e3b4603d890b69b57807b8094a3c
      • Instruction ID: bd8f3f49c464370dc168170f7ad873db459e16c72eb3f3a4266ccc0ce7bf2c67
      • Opcode Fuzzy Hash: 4fdbeddf3c7867df5a7fb0e3b28f3a9ef851e3b4603d890b69b57807b8094a3c
      • Instruction Fuzzy Hash: 2BF0F6362043046FDB145F39D881A7ABB95FF81368F05842DF9C58BA90D6B2AC41DF50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093349E Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 009240C1: EnterCriticalSection.KERNEL32(-0006222A,?,0093175A,?,0097DDE0,00000008,0093191E,?,0091FAC6,?,?,0091FAC6,?,?,00923E52), ref: 009240D0
      • EnumSystemLocalesW.KERNEL32(00933491,00000001,0097DEA0,0000000C,00933906,00000000), ref: 009334D6
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CriticalEnterEnumLocalesSectionSystem
      • String ID:
      • API String ID: 1272433827-0
      • Opcode ID: 69839ed85e9fd696adfab9d0bfbf4e20e1c8ca1ba953b2c61b9b4aff16b4a59a
      • Instruction ID: 073b44ad76ce8d4368fe5079c9465a12950b3ef20d9779f4801cac25efa47cae
      • Opcode Fuzzy Hash: 69839ed85e9fd696adfab9d0bfbf4e20e1c8ca1ba953b2c61b9b4aff16b4a59a
      • Instruction Fuzzy Hash: 7BF0A932A58300EFD700EF98E842B9D7BB0EB88B20F10806AF5019B3A0C7799940CF40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093ABB3 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00931A82: GetLastError.KERNEL32(00000000,?,00935B8C), ref: 00931A86
        • Part of subcall function 00931A82: SetLastError.KERNEL32(00000000,?,?,00000028,00924D79), ref: 00931B28
      • EnumSystemLocalesW.KERNEL32(0093AB0C,00000001,00000000,?,?,0093B37A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 0093ABEA
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystem
      • String ID:
      • API String ID: 2417226690-0
      • Opcode ID: 6f3695718d1d536102e8d6e27d94cc18ae042277222f0a561091648095d8ad46
      • Instruction ID: d620e211d22a0d45963b7dd40e157c692b014881b9685274909b37802298fce2
      • Opcode Fuzzy Hash: 6f3695718d1d536102e8d6e27d94cc18ae042277222f0a561091648095d8ad46
      • Instruction Fuzzy Hash: 43F0553A30020557CB089F39C845A6ABFA9EFC2724F0A8059EA05CB250D2319842CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00933A61 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0092E765,?,20001004,00000000,00000002,?,?,0092DD57), ref: 00933A95
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID:
      • API String ID: 2299586839-0
      • Opcode ID: 0afd321319a50d9d09cc8cc8147892ff28e47bbe3b306ba009ae97506cdcc6cc
      • Instruction ID: 35e49837af462ce70b773f8f61d46ea420736da36e4c8979a2d1ded6dceabc16
      • Opcode Fuzzy Hash: 0afd321319a50d9d09cc8cc8147892ff28e47bbe3b306ba009ae97506cdcc6cc
      • Instruction Fuzzy Hash: F7E04F3658422CBBCF126F61DC08F9E7E6AFF44B51F548410FD4565120CB369E20AEA4
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00914140 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
      Download Yara Rule
      APIs
      • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 00914151
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CryptDataHash
      • String ID:
      • API String ID: 4245837645-0
      • Opcode ID: 3fb23e9b078b142e718b9f0aca863e10163b856fe8db546ae2bb40b351b1892d
      • Instruction ID: 4de6d12bc1f25ddb6118a3a39b05a05eec29a1bbbc0e6b5d5d93e270cdf08274
      • Opcode Fuzzy Hash: 3fb23e9b078b142e718b9f0aca863e10163b856fe8db546ae2bb40b351b1892d
      • Instruction Fuzzy Hash: ECC04836108341EFDF02CF80DE09F1ABBE2BF88700F088848B29445070C332D824EB02
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00917E7D Relevance: 1.5, APIs: 1, Instructions: 3COMMON
      Download Yara Rule
      APIs
      • SetUnhandledExceptionFilter.KERNEL32(Function_00077E89,00917034), ref: 00917E82
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled
      • String ID:
      • API String ID: 3192549508-0
      • Opcode ID: 6a3b3e26001e184ef40f36084a334b64369f61b7d329e98b6b37829b82343922
      • Instruction ID: 9933763fd3b40f74b029d6383f2bf27abf1d21278c4149d129fa4cdd97cee713
      • Opcode Fuzzy Hash: 6a3b3e26001e184ef40f36084a334b64369f61b7d329e98b6b37829b82343922
      • Instruction Fuzzy Hash:
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A9300 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: null
      • API String ID: 0-634125391
      • Opcode ID: 55554683ea1c1d2df59f6fbc89112442eba82cf04d81416edca89d0ae08e8804
      • Instruction ID: aba1b7fdb89b901f6ed2b05440e122a3fcbde4515679f2e9cb21c7cc6c5b399b
      • Opcode Fuzzy Hash: 55554683ea1c1d2df59f6fbc89112442eba82cf04d81416edca89d0ae08e8804
      • Instruction Fuzzy Hash: FC51D171F44108ABDB04EF69E4527EDB3A4FF89320F5001AFE84A87E81DB316965CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093B4D9 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: HeapProcess
      • String ID:
      • API String ID: 54951025-0
      • Opcode ID: cd587e1e25460d7adede3c03fefef2e585f8945b98fe06da57a09592aa3cf066
      • Instruction ID: f35f3ef03f4b6ae930e6f78c43bf66f9e22faf8364f32b2ca603c38c71f85260
      • Opcode Fuzzy Hash: cd587e1e25460d7adede3c03fefef2e585f8945b98fe06da57a09592aa3cf066
      • Instruction Fuzzy Hash: EDA0017463A381CF97848F36AA096093AA9BA4A6917458469A905C5271EA349490AB11
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009345B9 Relevance: .6, Instructions: 637COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b549c03ed0ffde4ca6c45403fe29279b0cdec93c13fba65f907e90420120f5ad
      • Instruction ID: c4bc6ef718202c58647c58390f024acd3f0374e8a2e92996a5e753db7b46aa8a
      • Opcode Fuzzy Hash: b549c03ed0ffde4ca6c45403fe29279b0cdec93c13fba65f907e90420120f5ad
      • Instruction Fuzzy Hash: 33326521D79F010DD7639A35D822335A28CAFB73C9F12D737E82AB59A5EB28D4C35601
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008DCDC0 Relevance: .6, Instructions: 611COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ba28ed8e10ca91efb737dd52da7196c512cc28e5c6038ccaf397f525e636cfe2
      • Instruction ID: 2b00395427293e53c450164719c04c774ef88e576d2fddd97a1ecbec9ff90a6b
      • Opcode Fuzzy Hash: ba28ed8e10ca91efb737dd52da7196c512cc28e5c6038ccaf397f525e636cfe2
      • Instruction Fuzzy Hash: 76229BB1A083458FC710CF18D48076AFBE2FB99354F584A2EE995C7381E775E945CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A2470 Relevance: .6, Instructions: 563COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1cbff6acf865763156968c38cb51033225257fa71f288ec30da4b3c0a39bf616
      • Instruction ID: 127a23f87f61d42c9522959ec291eb0fbd4e31831f1bf8c9f95e228ed422963c
      • Opcode Fuzzy Hash: 1cbff6acf865763156968c38cb51033225257fa71f288ec30da4b3c0a39bf616
      • Instruction Fuzzy Hash: 7D128C32F0012A8BDB28CEADC8916EDFBF2EB89310F098169D815E7791D7749D45CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B01D0 Relevance: .4, Instructions: 407COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: dcd7af5db093c02e9cd79deefddaff1ef7b1549cd3f9d7a0976d0bb33990a5dd
      • Instruction ID: a153e14b480e01f95d150a1bbfe3d5d35a0f49d585b391ee82430af6f4ab14a1
      • Opcode Fuzzy Hash: dcd7af5db093c02e9cd79deefddaff1ef7b1549cd3f9d7a0976d0bb33990a5dd
      • Instruction Fuzzy Hash: 3EE18C71E002198FDF18CFACD8956EEBBB1FB99300F14816AE916EB351E6319945CF90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008BE9F0 Relevance: .4, Instructions: 357COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: aaf559921e6ba5fad264cc04191001b4f6220c6041342b03cdd79942ae2a6fec
      • Instruction ID: 35859285a498fe258b0f5a96e9bf8efde311d2b597c80a34b64c3327c046104d
      • Opcode Fuzzy Hash: aaf559921e6ba5fad264cc04191001b4f6220c6041342b03cdd79942ae2a6fec
      • Instruction Fuzzy Hash: 19C1CF72A00108AFDB19DF68DC91BEEBBB9FF48310F144229F915AB281D735A950CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093A3BD Relevance: .3, Instructions: 327COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast
      • String ID:
      • API String ID: 1452528299-0
      • Opcode ID: fbf46b540c8084e4634433caaed69e441350bd2de82439f703a4ce974521de39
      • Instruction ID: ea6e5d90a6f6debb4c70974745125db521457e48e90b6c5e1a9bd3b4865842d0
      • Opcode Fuzzy Hash: fbf46b540c8084e4634433caaed69e441350bd2de82439f703a4ce974521de39
      • Instruction Fuzzy Hash: 02B118356007059BDB389B25CC96BBBB3ADEF44308F14892DE9C3C6590EAB5E985CF11
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B2610 Relevance: .3, Instructions: 315COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e79878cf4f4aa089fc8998b2f96fa2c72349fcab100edb2fb5b438ba56d01313
      • Instruction ID: 0c22e1dd613810a0547032b079b158d417df30d33e71f678fd8d5ac6027aef0f
      • Opcode Fuzzy Hash: e79878cf4f4aa089fc8998b2f96fa2c72349fcab100edb2fb5b438ba56d01313
      • Instruction Fuzzy Hash: B0D15475A0024ADFDB01CFA8C980AEDFBB1FB59300F148299E845EB345D735A945CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B3410 Relevance: .3, Instructions: 305COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e19d61dd63542cf3313b5e3e9cffdb9b964d0b9cd36a3fb05c0253fc45b95949
      • Instruction ID: e8b35fe605a902196ec2527ec8a08a1b98d1f0832cc7364eade2c47262445001
      • Opcode Fuzzy Hash: e19d61dd63542cf3313b5e3e9cffdb9b964d0b9cd36a3fb05c0253fc45b95949
      • Instruction Fuzzy Hash: 38C14575A0024ADFDB01CFA8C5907EDFBB1FB59304F288299D845EB346D774AA45CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B29B0 Relevance: .3, Instructions: 300COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 60c1be1db331325e095325549c38ca3807b7915a4193dc03d770319c92bfcf4f
      • Instruction ID: cd11734fa4ec148353a8b413595889558e099ca41e34c2c70aaf6d199403ee03
      • Opcode Fuzzy Hash: 60c1be1db331325e095325549c38ca3807b7915a4193dc03d770319c92bfcf4f
      • Instruction Fuzzy Hash: 5FC1443190065ACFCB01CFA8C490AEDFBB1FF59300F188299E805EB345D735AA45CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B2D30 Relevance: .3, Instructions: 293COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ddc55d9072b2f1fb47010b2e1b4aad70341607647c6840fff98c5b42a1f91ad7
      • Instruction ID: 8a87863e25bd785cbd02bf890f2529a0a7ad0bc98fa1c546f0ea00e03f5c6d32
      • Opcode Fuzzy Hash: ddc55d9072b2f1fb47010b2e1b4aad70341607647c6840fff98c5b42a1f91ad7
      • Instruction Fuzzy Hash: CAC13575A0064ACFDB11CFA8C480BEDBBB1FF59300F188299E845EB345D735AA45CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B30A0 Relevance: .3, Instructions: 293COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c2df4ab28acf98e7b16b9c4e9d7269ee2e52e57c0c0bab845de74e0cdf5b478f
      • Instruction ID: 05bf83ccade14e92e5a0ac66a06c9ee1220f3c641a03da5e038b296d3b6ed13a
      • Opcode Fuzzy Hash: c2df4ab28acf98e7b16b9c4e9d7269ee2e52e57c0c0bab845de74e0cdf5b478f
      • Instruction Fuzzy Hash: CCC14575A0424ACFDB01CFA8C4807AEFBB1FF59300F588299E445EB345DB75AA45CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A1A40 Relevance: .3, Instructions: 292COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: acca96596111d253f8734a38d056aa3829b1c9a791ad935315a01eecf0899d49
      • Instruction ID: 5585742de5ec78be0813651698938ff96560923f19b2021a744f1d194f9ee7ab
      • Opcode Fuzzy Hash: acca96596111d253f8734a38d056aa3829b1c9a791ad935315a01eecf0899d49
      • Instruction Fuzzy Hash: 68A18472F001195BDF0CCE6DCD913ADB7A6EB88320F19C13AE81ADB391E6749D018B94
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B3790 Relevance: .3, Instructions: 282COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ee66f930993886b9ab54dc39326ff2134f4a588f718631f597695a8f8fcdf3db
      • Instruction ID: 39b4479f065618ae2343c8d2cc6979bd80ccfa979e97b232534dd083b6698ee0
      • Opcode Fuzzy Hash: ee66f930993886b9ab54dc39326ff2134f4a588f718631f597695a8f8fcdf3db
      • Instruction Fuzzy Hash: 4FC14475A0465ADFDB05CFA8C480BEDFBB1FB49300F588299E841EB345D774AA44CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B1FA0 Relevance: .3, Instructions: 256COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e54e3a5ec72f974b8d52ad95862fa6b4eeabb3920fbd48f357e8ffb2de26e8bc
      • Instruction ID: 4261f5c0171bf0e9d64b5a5947b1e3d075007e73573d65cadfc6461d4d150ccd
      • Opcode Fuzzy Hash: e54e3a5ec72f974b8d52ad95862fa6b4eeabb3920fbd48f357e8ffb2de26e8bc
      • Instruction Fuzzy Hash: D2B17975A0424ACFDB05CFA8C4807EDFBB1FB59310F588299E841EB346D734A945CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008AC690 Relevance: .2, Instructions: 233COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 75ff99532976aaafce43a504aa39de2f8681e50e7af1b15f242e413549f655a2
      • Instruction ID: c46438f89db281bc9ed779c24dbf25600f3c9c836c2c95e8686c38a87e47a6f7
      • Opcode Fuzzy Hash: 75ff99532976aaafce43a504aa39de2f8681e50e7af1b15f242e413549f655a2
      • Instruction Fuzzy Hash: 4A819272F012199BDB04CFADD8916ADBBB2FF89314F248279E855E7780DA349946CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00908C60 Relevance: .2, Instructions: 229COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9c1a9ee28f2bc07f3d077f2794045157cfdaf7f465cde766696bc8a6dc2f9e0f
      • Instruction ID: 28b8367d2a4835bf3fa0923fafbff62e8f0d1099f029c25f8ee0407d8f7d0861
      • Opcode Fuzzy Hash: 9c1a9ee28f2bc07f3d077f2794045157cfdaf7f465cde766696bc8a6dc2f9e0f
      • Instruction Fuzzy Hash: 1A81D632B047118FCB24DE2CC88026BB7D6ABD5324F144B6DE9E5C72D5EB719D498B82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008AC180 Relevance: .2, Instructions: 188COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9f671786a64b5028cee4749d3cb495c78d59653692313b767c6320cb97f8a2f2
      • Instruction ID: 24a9599a2fb67018a7b3ff1176c80beb59adfab88bb175680530627e8bfadaaa
      • Opcode Fuzzy Hash: 9f671786a64b5028cee4749d3cb495c78d59653692313b767c6320cb97f8a2f2
      • Instruction Fuzzy Hash: 6951F332F052199BEB04CAADD8807EEBBB2FF85310F148279E855E7745DA349806CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B47D0 Relevance: .2, Instructions: 180COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: eb6a625e4b4742529fdb03b9d7b6062c331a3cc8343e8c5345df1146cb13bfa9
      • Instruction ID: d0c6c8d2a292845de86984fa8e4ef699aae99606fe13af76ab01c47b4533acc8
      • Opcode Fuzzy Hash: eb6a625e4b4742529fdb03b9d7b6062c331a3cc8343e8c5345df1146cb13bfa9
      • Instruction Fuzzy Hash: 6051E972F0021987CF14CF5CD8853EEBAB2FB88314F16913AD819EB391D6349D418B95
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A5F30 Relevance: .2, Instructions: 180COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7a6ff02ac6ca3327a9c2f16c5e7b50f376c33e8f98c49ecafbddaf398ef4e05b
      • Instruction ID: f678a77d50f227f434fb93ec9543963e6729a6762bfb6bf790a617b989c09ae3
      • Opcode Fuzzy Hash: 7a6ff02ac6ca3327a9c2f16c5e7b50f376c33e8f98c49ecafbddaf398ef4e05b
      • Instruction Fuzzy Hash: C9615039B141588FC704DF18D451AA9BBE4FF9A310F55C1CEE88A4F392CA329D91CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008ECF80 Relevance: .2, Instructions: 174COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d0d37efa093f4aadaec7121781f5c81c17abcb2737553431fae638d68ca90b03
      • Instruction ID: 3c244ed371254d8037bb0335be11ecfb8195a24979a3217554028c98c2351695
      • Opcode Fuzzy Hash: d0d37efa093f4aadaec7121781f5c81c17abcb2737553431fae638d68ca90b03
      • Instruction Fuzzy Hash: CC512631A083858BD729CF2DD8517BAB7E5EFD6300F04852EE8C6C7252EA70958AC752
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008ABD10 Relevance: .2, Instructions: 162COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b4af99478af4571e7449d82288eee9fdad7531761e9df167f1209096ef473993
      • Instruction ID: aec590333070983d580350fd86ed4e4b0a90ed02fca43a0a1c9cec6203c74c82
      • Opcode Fuzzy Hash: b4af99478af4571e7449d82288eee9fdad7531761e9df167f1209096ef473993
      • Instruction Fuzzy Hash: A651D031F016198BDB18CFADE8816EDBBA2EF99310B14867EE959D7382DB2099058750
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091C81A Relevance: .2, Instructions: 156COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ac2493993a56939b99abf5690e6aca0f3321dbda2db475ebb8378acc5f1ec2a2
      • Instruction ID: a229d392d0447a482abff3eb370bf98db7a2ea5947845a205d48b769986d2d8f
      • Opcode Fuzzy Hash: ac2493993a56939b99abf5690e6aca0f3321dbda2db475ebb8378acc5f1ec2a2
      • Instruction Fuzzy Hash: 3F519472E00119EFDF04CF98C8806EEBBB6FF88300F598499E555AB241D774AA80CF90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A6720 Relevance: .1, Instructions: 142COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a5bcaafec95e04b3087227ef3f613ab1b97360f5514d8a59ebb92732b3ed6f1d
      • Instruction ID: 0873775481fd498dd89f787cc3c299d19cba83555865de64821ba912739a932f
      • Opcode Fuzzy Hash: a5bcaafec95e04b3087227ef3f613ab1b97360f5514d8a59ebb92732b3ed6f1d
      • Instruction Fuzzy Hash: C141AE51604269CBFF148E1494B03F677D4FF57358F6800AED9C58F687E92A095BC3A1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A68C0 Relevance: .1, Instructions: 141COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3a8a6b414b97d5f2b146b176990361cb0b83d539fca2a05e60f5b9562c29e842
      • Instruction ID: 7d486341642c62a073efd7ba09b1238e7af5d701420dae8265c7ac4b8320c8f8
      • Opcode Fuzzy Hash: 3a8a6b414b97d5f2b146b176990361cb0b83d539fca2a05e60f5b9562c29e842
      • Instruction Fuzzy Hash: 86417E35B0424A4BEF1C8E2D94912FE7FA1FB97214B1C016ED4C6DB706F6318826D760
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A3A70 Relevance: .1, Instructions: 132COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 64894ba239832e253ec55fa97a96a7b41020ffd6dabcd7743ae8c46c1603b0ca
      • Instruction ID: 9b4653a7ff47985d7010d33e6ccc92557624f3a8d849119bb9a2d7b946d5649f
      • Opcode Fuzzy Hash: 64894ba239832e253ec55fa97a96a7b41020ffd6dabcd7743ae8c46c1603b0ca
      • Instruction Fuzzy Hash: 08416D317051595BEB1CCE2D54A12FDBBA2FB9722471440AFE4C6CB742DA205A07D7B0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008C0870 Relevance: .1, Instructions: 124COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 27398a6bd04e7b042c2df0dd4eefd57469496f7df0cf8f294bdbd0d9e34c2454
      • Instruction ID: c8775df2c00077f4e803e0092e373f6a99639336786d103d7e9bd5f66c226f4a
      • Opcode Fuzzy Hash: 27398a6bd04e7b042c2df0dd4eefd57469496f7df0cf8f294bdbd0d9e34c2454
      • Instruction Fuzzy Hash: C14160327215128BD708CE39C895BA5F7E1FB98320F558769E42ACB2C1DB35E9148B84
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00918D10 Relevance: .1, Instructions: 76COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
      • Instruction ID: 9f29e03944fa2be45c4dfa0b40b35aca60aba06f2728b378c095b90e9a84cc8e
      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
      • Instruction Fuzzy Hash: D51129BF30068A47D614862DF8B46F7939DEBE6320B7D4366D0418B6D8C92295C5B600
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00916C00 Relevance: .0, Instructions: 38COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1b6663c87e7b9c5c81edbc85a31dee72c2074cb08ee2059fbd346c7440ecd882
      • Instruction ID: 3aceaf1cab1136e8727843e8d550043041497cff289d974d6573213d390ea45e
      • Opcode Fuzzy Hash: 1b6663c87e7b9c5c81edbc85a31dee72c2074cb08ee2059fbd346c7440ecd882
      • Instruction Fuzzy Hash: 81F0A022102A2047AF13943D70D0AF397C7DFE7A18BA128A594D943AD18A4F384FE3E4
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E7800 Relevance: 136.8, APIs: 3, Strings: 88, Instructions: 271COMMON
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(00000000,?,00000000), ref: 008E7825
      Strings
      • SEC_E_BAD_PKGID, xrefs: 008E78CD
      • SEC_I_INCOMPLETE_CREDENTIALS, xrefs: 008E7BE9
      • SEC_E_PKINIT_CLIENT_FAILURE, xrefs: 008E7A6A
      • SEC_E_NO_IP_ADDRESSES, xrefs: 008E7A2E
      • SEC_E_MUST_BE_KDC, xrefs: 008E79FC
      • SEC_I_SIGNATURE_NEEDED, xrefs: 008E7C11
      • SEC_E_UNSUPPORTED_FUNCTION, xrefs: 008E7B1E
      • SEC_E_ENCRYPT_FAILURE, xrefs: 008E793E
      • SEC_E_CONTEXT_EXPIRED, xrefs: 008E78FE
      • SEC_E_NO_CREDENTIALS, xrefs: 008E7A1A
      • SEC_E_KDC_CERT_REVOKED, xrefs: 008E79AC
      • CRYPT_E_REVOCATION_OFFLINE, xrefs: 008E7B8A
      • SEC_E_ALGORITHM_MISMATCH, xrefs: 008E788B
      • SEC_E_OUT_OF_SEQUENCE, xrefs: 008E7A60
      • SEC_E_REVOCATION_OFFLINE_C, xrefs: 008E7A92
      • SEC_E_KDC_UNABLE_TO_REFER, xrefs: 008E79C0
      • SEC_I_CONTEXT_EXPIRED, xrefs: 008E7BD5
      • SEC_E_LOGON_DENIED, xrefs: 008E79D4
      • SEC_E_POLICY_NLTM_ONLY, xrefs: 008E7A7E
      • SEC_E_UNKNOWN_CREDENTIALS, xrefs: 008E7B14
      • SEC_E_INCOMPLETE_CREDENTIALS, xrefs: 008E7948
      • SEC_E_CROSSREALM_DELEGATION_FAILURE, xrefs: 008E7905
      • SEC_E_CANNOT_PACK, xrefs: 008E78E2
      • SEC_E_QOP_NOT_SUPPORTED, xrefs: 008E7A88
      • SEC_E_CANNOT_INSTALL, xrefs: 008E78DB
      • SEC_I_LOCAL_LOGON, xrefs: 008E7BF3
      • SEC_E_INCOMPLETE_MESSAGE, xrefs: 008E7952
      • SEC_E_MESSAGE_ALTERED, xrefs: 008E79E8
      • CRYPT_E_REVOKED, xrefs: 008E7B50
      • SEC_E_NO_AUTHENTICATING_AUTHORITY, xrefs: 008E7A10
      • SEC_E_WRONG_PRINCIPAL, xrefs: 008E7B46
      • CRYPT_E_NO_REVOCATION_DLL, xrefs: 008E7B76
      • SEC_E_UNTRUSTED_ROOT, xrefs: 008E7B32
      • SEC_E_BUFFER_TOO_SMALL, xrefs: 008E78D4
      • SEC_E_DELEGATION_REQUIRED, xrefs: 008E792A
      • SEC_E_BAD_BINDINGS, xrefs: 008E78C6
      • SEC_E_CRYPTO_SYSTEM_INVALID, xrefs: 008E790C
      • SEC_I_COMPLETE_AND_CONTINUE, xrefs: 008E7BC1
      • SEC_E_INSUFFICIENT_MEMORY, xrefs: 008E795C
      • SEC_I_COMPLETE_NEEDED, xrefs: 008E7BCB
      • SEC_E_NO_TGT_REPLY, xrefs: 008E7A56
      • SEC_E_DELEGATION_POLICY, xrefs: 008E7920
      • SEC_E_DECRYPT_FAILURE, xrefs: 008E7916
      • SEC_E_INVALID_PARAMETER, xrefs: 008E797A
      • SEC_E_NO_IMPERSONATION, xrefs: 008E7A24
      • SEC_E_NO_KERB_KEY, xrefs: 008E7A38
      • SEC_I_CONTINUE_NEEDED, xrefs: 008E78B1, 008E7BDF
      • SEC_I_NO_LSA_CONTEXT, xrefs: 008E7BFD
      • SEC_E_SECURITY_QOS_FAILED, xrefs: 008E7AB0
      • SEC_E_SMARTCARD_CERT_EXPIRED, xrefs: 008E7AC4
      • SEC_E_NO_S4U_PROT_SUPPORT, xrefs: 008E7A4C
      • CRYPT_E_NOT_IN_REVOCATION_DATABASE, xrefs: 008E7B94
      • %s (0x%08X), xrefs: 008E7C44
      • SEC_E_STRONG_CRYPTO_NOT_SUPPORTED, xrefs: 008E7AE2
      • SEC_E_ISSUING_CA_UNTRUSTED, xrefs: 008E798E
      • SEC_E_KDC_CERT_EXPIRED, xrefs: 008E79A2
      • SEC_E_INVALID_HANDLE, xrefs: 008E7970
      • SEC_E_REVOCATION_OFFLINE_KDC, xrefs: 008E7A9C
      • SEC_E_MAX_REFERRALS_EXCEEDED, xrefs: 008E79DE
      • Unknown error, xrefs: 008E7C1B, 008E7C43
      • SEC_E_CERT_WRONG_USAGE, xrefs: 008E78F7
      • SEC_E_SMARTCARD_LOGON_REQUIRED, xrefs: 008E7AD8
      • SEC_E_PKINIT_NAME_MISMATCH, xrefs: 008E7A74
      • No error, xrefs: 008E7B9E
      • SEC_E_CERT_EXPIRED, xrefs: 008E78E9
      • SEC_E_TARGET_UNKNOWN, xrefs: 008E7AEC
      • SEC_E_TOO_MANY_PRINCIPALS, xrefs: 008E7B00
      • SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log., xrefs: 008E7C31
      • SEC_E_MULTIPLE_ACCOUNTS, xrefs: 008E79F2
      • %s (0x%08X) - %s, xrefs: 008E78B2
      • SEC_E_WRONG_CREDENTIAL_HANDLE, xrefs: 008E7B3C
      • SEC_E_SHUTDOWN_IN_PROGRESS, xrefs: 008E7ABA
      • SEC_E_UNFINISHED_CONTEXT_DELETED, xrefs: 008E7B0A
      • SEC_I_RENEGOTIATE, xrefs: 008E7C07
      • SEC_E_NO_PA_DATA, xrefs: 008E7A42
      • SEC_E_TIME_SKEW, xrefs: 008E7AF6
      • SEC_E_SMARTCARD_CERT_REVOKED, xrefs: 008E7ACE
      • CRYPT_E_NO_REVOCATION_CHECK, xrefs: 008E7B80
      • SEC_E_UNSUPPORTED_PREAUTH, xrefs: 008E7B28
      • SEC_E_CERT_UNKNOWN, xrefs: 008E78F0
      • SEC_E_KDC_UNKNOWN_ETYPE, xrefs: 008E79CA
      • SEC_E_DOWNGRADE_DETECTED, xrefs: 008E7934
      • SEC_E_INVALID_TOKEN, xrefs: 008E7984
      • SEC_E_ISSUING_CA_UNTRUSTED_KDC, xrefs: 008E7998
      • SEC_E_SECPKG_NOT_FOUND, xrefs: 008E7AA6
      • SEC_E_INTERNAL_ERROR, xrefs: 008E7966
      • SEC_E_NOT_OWNER, xrefs: 008E7A06
      • SEC_E_KDC_INVALID_REQUEST, xrefs: 008E79B6
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast
      • String ID: %s (0x%08X)$%s (0x%08X) - %s$CRYPT_E_NOT_IN_REVOCATION_DATABASE$CRYPT_E_NO_REVOCATION_CHECK$CRYPT_E_NO_REVOCATION_DLL$CRYPT_E_REVOCATION_OFFLINE$CRYPT_E_REVOKED$No error$SEC_E_ALGORITHM_MISMATCH$SEC_E_BAD_BINDINGS$SEC_E_BAD_PKGID$SEC_E_BUFFER_TOO_SMALL$SEC_E_CANNOT_INSTALL$SEC_E_CANNOT_PACK$SEC_E_CERT_EXPIRED$SEC_E_CERT_UNKNOWN$SEC_E_CERT_WRONG_USAGE$SEC_E_CONTEXT_EXPIRED$SEC_E_CROSSREALM_DELEGATION_FAILURE$SEC_E_CRYPTO_SYSTEM_INVALID$SEC_E_DECRYPT_FAILURE$SEC_E_DELEGATION_POLICY$SEC_E_DELEGATION_REQUIRED$SEC_E_DOWNGRADE_DETECTED$SEC_E_ENCRYPT_FAILURE$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_E_INCOMPLETE_CREDENTIALS$SEC_E_INCOMPLETE_MESSAGE$SEC_E_INSUFFICIENT_MEMORY$SEC_E_INTERNAL_ERROR$SEC_E_INVALID_HANDLE$SEC_E_INVALID_PARAMETER$SEC_E_INVALID_TOKEN$SEC_E_ISSUING_CA_UNTRUSTED$SEC_E_ISSUING_CA_UNTRUSTED_KDC$SEC_E_KDC_CERT_EXPIRED$SEC_E_KDC_CERT_REVOKED$SEC_E_KDC_INVALID_REQUEST$SEC_E_KDC_UNABLE_TO_REFER$SEC_E_KDC_UNKNOWN_ETYPE$SEC_E_LOGON_DENIED$SEC_E_MAX_REFERRALS_EXCEEDED$SEC_E_MESSAGE_ALTERED$SEC_E_MULTIPLE_ACCOUNTS$SEC_E_MUST_BE_KDC$SEC_E_NOT_OWNER$SEC_E_NO_AUTHENTICATING_AUTHORITY$SEC_E_NO_CREDENTIALS$SEC_E_NO_IMPERSONATION$SEC_E_NO_IP_ADDRESSES$SEC_E_NO_KERB_KEY$SEC_E_NO_PA_DATA$SEC_E_NO_S4U_PROT_SUPPORT$SEC_E_NO_TGT_REPLY$SEC_E_OUT_OF_SEQUENCE$SEC_E_PKINIT_CLIENT_FAILURE$SEC_E_PKINIT_NAME_MISMATCH$SEC_E_POLICY_NLTM_ONLY$SEC_E_QOP_NOT_SUPPORTED$SEC_E_REVOCATION_OFFLINE_C$SEC_E_REVOCATION_OFFLINE_KDC$SEC_E_SECPKG_NOT_FOUND$SEC_E_SECURITY_QOS_FAILED$SEC_E_SHUTDOWN_IN_PROGRESS$SEC_E_SMARTCARD_CERT_EXPIRED$SEC_E_SMARTCARD_CERT_REVOKED$SEC_E_SMARTCARD_LOGON_REQUIRED$SEC_E_STRONG_CRYPTO_NOT_SUPPORTED$SEC_E_TARGET_UNKNOWN$SEC_E_TIME_SKEW$SEC_E_TOO_MANY_PRINCIPALS$SEC_E_UNFINISHED_CONTEXT_DELETED$SEC_E_UNKNOWN_CREDENTIALS$SEC_E_UNSUPPORTED_FUNCTION$SEC_E_UNSUPPORTED_PREAUTH$SEC_E_UNTRUSTED_ROOT$SEC_E_WRONG_CREDENTIAL_HANDLE$SEC_E_WRONG_PRINCIPAL$SEC_I_COMPLETE_AND_CONTINUE$SEC_I_COMPLETE_NEEDED$SEC_I_CONTEXT_EXPIRED$SEC_I_CONTINUE_NEEDED$SEC_I_INCOMPLETE_CREDENTIALS$SEC_I_LOCAL_LOGON$SEC_I_NO_LSA_CONTEXT$SEC_I_RENEGOTIATE$SEC_I_SIGNATURE_NEEDED$Unknown error
      • API String ID: 1452528299-2809133380
      • Opcode ID: 7526998846c24c2c19073bc7588b7811084dae312df57faaffd0d73e74f548f5
      • Instruction ID: aeb86f8511aee22affb9b1e114eb8490a31669525a8696a59dffe7c198ec25ad
      • Opcode Fuzzy Hash: 7526998846c24c2c19073bc7588b7811084dae312df57faaffd0d73e74f548f5
      • Instruction Fuzzy Hash: A491CF62D0C3FA8782705A02A448D7F23D4F667728B6A49B7ED1EEB201D9214C41E6DB
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090EAE0 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 294encryptionCOMMON
      Download Yara Rule
      APIs
      • CertOpenStore.CRYPT32(00000002,00000000,00000000,00002000,00000000), ref: 0090EBF1
      • GetLastError.KERNEL32(?,00000100), ref: 0090EC07
      • CertCreateCertificateChainEngine.CRYPT32(?,?), ref: 0090EC9D
      • GetLastError.KERNEL32(?,00000100), ref: 0090ECB1
        • Part of subcall function 008E7F90: GetLastError.KERNEL32 ref: 008E7F93
      • CertGetCertificateChain.CRYPT32(00000010,00000000,?,?,?,20000000), ref: 0090ED16
      • GetLastError.KERNEL32(?,00000100,?,?,?,?,?,?,00000000,00000000), ref: 0090ED2A
      • CertFreeCertificateChainEngine.CRYPT32(?), ref: 0090EE5A
      • CertCloseStore.CRYPT32(?,00000000), ref: 0090EE6B
      • CertFreeCertificateChain.CRYPT32(?), ref: 0090EE7A
      • CertFreeCertificateContext.CRYPT32(?), ref: 0090EE89
      Strings
      • (memory blob), xrefs: 0090EC33
      • schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 0090EBA7
      • schannel: reusing certificate store from cache, xrefs: 0090EBCF
      • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID, xrefs: 0090EDD4
      • schannel: Failed to read remote certificate context: %s, xrefs: 0090EE3E
      • 0, xrefs: 0090EC87
      • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN, xrefs: 0090ED9A
      • schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN, xrefs: 0090EDEE
      • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED, xrefs: 0090ED7A
      • schannel: CertGetCertificateChain failed: %s, xrefs: 0090ED37
      • schannel: failed to create certificate store: %s, xrefs: 0090EC14
      • schannel: failed to create certificate chain engine: %s, xrefs: 0090ECBE
      • schannel: CertGetCertificateChain error mask: 0x%08lx, xrefs: 0090EE04
      • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT, xrefs: 0090EDB7
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Cert$Certificate$ChainErrorLast$Free$EngineStore$CloseContextCreateOpen
      • String ID: (memory blob)$0$schannel: CertGetCertificateChain error mask: 0x%08lx$schannel: CertGetCertificateChain failed: %s$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT$schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN$schannel: Failed to read remote certificate context: %s$schannel: failed to create certificate chain engine: %s$schannel: failed to create certificate store: %s$schannel: reusing certificate store from cache$schannel: this version of Windows is too old to support certificate verification via CA bundle file.
      • API String ID: 3686861598-929259813
      • Opcode ID: 65fc8de37f769e3e608ec1ba7eec459e4b6415e397c6cee1eefc25f3ec14f768
      • Instruction ID: fdb545ce470cdd8db77d0887dac51b9c0c2e0a1c254a05abdcc2b0d25651f75c
      • Opcode Fuzzy Hash: 65fc8de37f769e3e608ec1ba7eec459e4b6415e397c6cee1eefc25f3ec14f768
      • Instruction Fuzzy Hash: 4CA1EDB1A48704AFE710DF24DC5AFAB77ECAF85704F440829F948E62D2E675D9048B62
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FAD50 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 369networkCOMMON
      Download Yara Rule
      APIs
      • WSACreateEvent.WS2_32 ref: 008FAE21
      • WSAGetLastError.WS2_32(?,00001CB4,0000FFFF), ref: 008FAE31
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CreateErrorEventLast
      • String ID: $Q$Time-out$WSACloseEvent failed (%d)$WSACreateEvent failed (%d)$WSAEnumNetworkEvents failed (%d)
      • API String ID: 545576003-2343531540
      • Opcode ID: 772ff45e26417dc70ca69d742a991e9bbe91440378ddbe8c7696873163aa26a2
      • Instruction ID: e04a1897afb7142a7ef744830c721d26dbb03cd2f328135484b9c16f4d5093ab
      • Opcode Fuzzy Hash: 772ff45e26417dc70ca69d742a991e9bbe91440378ddbe8c7696873163aa26a2
      • Instruction Fuzzy Hash: 24D1EFB05083499BD3248F38C855BBBB7E8FF85314F54062DFA99C2291EB75D885CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E4710 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 254COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __vfprintf_l
      • String ID: %s auth using %s with user '%s'$%s:%s$%sAuthorization: Basic %s$AWS_SIGV4$Authorization$Authorization: Bearer %s$Basic$Bearer$Digest$NTLM$Negotiate$Proxy$Proxy-$Proxy-authorization$Server
      • API String ID: 86772892-3819500859
      • Opcode ID: de8279cc8ee67cf5ffdc95b14fb298cc01d2bfb72a3e543ab40625008259d97f
      • Instruction ID: 869ca2185f69566eefdefb3ba1b8c908d3be0bc39c60febd275c0de857b2af0c
      • Opcode Fuzzy Hash: de8279cc8ee67cf5ffdc95b14fb298cc01d2bfb72a3e543ab40625008259d97f
      • Instruction Fuzzy Hash: 2F810331604344AFD724AB59EC40B7BBBE4FF86314F04052AF848D7252E765AD08D7A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E6920 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 337COMMON
      Download Yara Rule
      APIs
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6973
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6A0B
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6A2E
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6A41
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6A7F
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6ADD
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6B06
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6B19
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6C5B
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6C6A
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6C8E
      Strings
      • %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 008E69B1
      • %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s, xrefs: 008E6D71
      • ** Resuming transfer from byte position %lld, xrefs: 008E699E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
      • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %lld
      • API String ID: 885266447-1872798829
      • Opcode ID: 4f83439e7c996e45c94852b534e3bcfb6c1a6efcb52c47e955a071b05e7c96fb
      • Instruction ID: 37dd0899f3afd5fd9356624c07fd4dd99466c72133793df528caa2d61f94abec
      • Opcode Fuzzy Hash: 4f83439e7c996e45c94852b534e3bcfb6c1a6efcb52c47e955a071b05e7c96fb
      • Instruction Fuzzy Hash: 4AD1A071A08785AFD7209B65CC41FABB7E9FFD9344F00492CF999D2251E635B8208B52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090F2F0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 172fileCOMMON
      Download Yara Rule
      APIs
      • CloseHandle.KERNEL32(?), ref: 0090F4B1
      • GetLastError.KERNEL32(?,00000100), ref: 0090F4F6
        • Part of subcall function 008E7F90: GetLastError.KERNEL32 ref: 008E7FF5
        • Part of subcall function 008E7F90: SetLastError.KERNEL32(00000000), ref: 008E8000
      • GetLastError.KERNEL32(?,00000100,00000000), ref: 0090F344
        • Part of subcall function 008E7F90: GetLastError.KERNEL32 ref: 008E7F93
        • Part of subcall function 0090F0F0: CryptQueryObject.CRYPT32(00000002,?,00000002,0000000E,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0090F1D1
        • Part of subcall function 0090F0F0: CertAddCertificateContextToStore.CRYPT32(?,?,00000004,00000000), ref: 0090F1F2
        • Part of subcall function 0090F0F0: CertFreeCertificateContext.CRYPT32(00000000), ref: 0090F1FE
        • Part of subcall function 0090F0F0: GetLastError.KERNEL32(?,00000100), ref: 0090F218
      • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000), ref: 0090F382
      • GetLastError.KERNEL32(?,00000100), ref: 0090F39B
      Strings
      • schannel: failed to read from CA file '%s': %s, xrefs: 0090F507
      • schannel: failed to open CA file '%s': %s, xrefs: 0090F3A9
      • schannel: CA file exceeds max size of %u bytes, xrefs: 0090F422
      • schannel: invalid path name for CA file '%s': %s, xrefs: 0090F352
      • schannel: failed to determine size of CA file '%s': %s, xrefs: 0090F3F1
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$CertCertificateContext$CloseCreateCryptFileFreeHandleObjectQueryStore
      • String ID: schannel: CA file exceeds max size of %u bytes$schannel: failed to determine size of CA file '%s': %s$schannel: failed to open CA file '%s': %s$schannel: failed to read from CA file '%s': %s$schannel: invalid path name for CA file '%s': %s
      • API String ID: 2812708033-3430970913
      • Opcode ID: f912897674098c3c174c43caec18c4e5a266e215d6ffd26a96376f2b9368118b
      • Instruction ID: 1e21cf3ac0ad96fc41c4dcf051ce6b982c787117f89711f7fcf1ac12da4b2939
      • Opcode Fuzzy Hash: f912897674098c3c174c43caec18c4e5a266e215d6ffd26a96376f2b9368118b
      • Instruction Fuzzy Hash: 5951E7B1908300AFD720AF649C59F6B77ECFB89710F44093AF949E21A1D774EA04C7A6
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B9E80 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 246COMMON
      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 008B9EBF
      • std::_Lockit::_Lockit.LIBCPMT ref: 008B9EE1
      • std::_Lockit::~_Lockit.LIBCPMT ref: 008B9F01
      • std::_Facet_Register.LIBCPMT ref: 008BA06A
      • std::_Lockit::~_Lockit.LIBCPMT ref: 008BA082
      • Concurrency::cancel_current_task.LIBCPMT ref: 008BA0A4
      • Concurrency::cancel_current_task.LIBCPMT ref: 008BA0A9
      • Concurrency::cancel_current_task.LIBCPMT ref: 008BA0AE
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_Register
      • String ID: false$integral cannot be stored in charT$true
      • API String ID: 3742692055-2775345652
      • Opcode ID: e855b75f51012ffa227b642cd1b2c1abbb5f285039c81010de870b6f1d35ac40
      • Instruction ID: a9690b9f6e51de778d3657ffed4a1325f3c91347a3f4767a57ee01925444c275
      • Opcode Fuzzy Hash: e855b75f51012ffa227b642cd1b2c1abbb5f285039c81010de870b6f1d35ac40
      • Instruction Fuzzy Hash: EB91D070A04309DFCB24DF68D881BAABBB4FF44714F10415DE845EB382EB75AA44CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008D7310 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 448networkCOMMON
      Download Yara Rule
      APIs
        • Part of subcall function 008C9E60: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008C50BC,?,00000000,00000000,00000008,008A478C,00000000), ref: 008C9E73
        • Part of subcall function 008C9E60: __alldvrm.LIBCMT ref: 008C9E8D
        • Part of subcall function 008C9E60: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C9EB4
      • WSASetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 008D74BE
      Strings
      • %s connect timeout after %lldms, move on!, xrefs: 008D7438
      • %s trying next, xrefs: 008D756E
      • all eyeballers failed, xrefs: 008D7714
      • %s done, xrefs: 008D755D, 008D769D
      • %s connect -> %d, connected=%d, xrefs: 008D7469
      • Failed to connect to %s port %u after %lld ms: %s, xrefs: 008D77DE
      • Connection timeout after %lld ms, xrefs: 008D7836
      • %s starting (timeout=%lldms), xrefs: 008D76F6
      • %s assess started=%d, result=%d, xrefs: 008D7740
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CounterErrorLastPerformanceQueryUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
      • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed
      • API String ID: 4159349166-3359130258
      • Opcode ID: 43b27b9371ba92c8808599c66985926f8f63dbe9cd9ffeec5ef13438620f5b2a
      • Instruction ID: 2f0a9ea50840913485bb0cfe501824f7b4aba9bad7b7798a8fd6b70b6159ed21
      • Opcode Fuzzy Hash: 43b27b9371ba92c8808599c66985926f8f63dbe9cd9ffeec5ef13438620f5b2a
      • Instruction Fuzzy Hash: 42F18D70A087449FE7219F28D841B2BBBF4FF95708F444A5EF88597342E771E9848B92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008DE6A0 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 394networkCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: htons
      • String ID: .localhost$.onion$.onion.$127.0.0.1$::1$Hostname %s was found in DNS cache$Not resolving .onion address (RFC 7686)$localhost
      • API String ID: 4207154920-2421204314
      • Opcode ID: 9f6f06ff0e972363a4b67190680153cb8b550b0bb43f0f12398e3ae8405d7394
      • Instruction ID: 7fccbc0df6da07fbd3d9d3a20f19b34134edbad72835d0487af7ee007e397441
      • Opcode Fuzzy Hash: 9f6f06ff0e972363a4b67190680153cb8b550b0bb43f0f12398e3ae8405d7394
      • Instruction Fuzzy Hash: 7BE1E2719043459FE711EF24D845BAAB7E8FF55308F04462EF888DB382E775A948CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008ECBD0 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 209encryptionCOMMON
      Download Yara Rule
      APIs
      • CertFreeCertificateContext.CRYPT32(?), ref: 008ECE46
      Strings
      • schannel: failed to setup confidentiality, xrefs: 008ECC50
      • schannel: failed to setup memory allocation, xrefs: 008ECC67
      • schannel: failed to setup sequence detection, xrefs: 008ECC28
      • schannel: failed to retrieve ALPN result, xrefs: 008ECCC8
      • schannel: server selected an ALPN protocol too late, xrefs: 008ECD11
      • schannel: failed to setup stream orientation, xrefs: 008ECC7E
      • schannel: failed to setup replay detection, xrefs: 008ECC3C
      • schannel: failed to retrieve remote cert context, xrefs: 008ECE57
      • schannel: failed to store credential handle, xrefs: 008ECD96
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CertCertificateContextFree
      • String ID: schannel: failed to retrieve ALPN result$schannel: failed to retrieve remote cert context$schannel: failed to setup confidentiality$schannel: failed to setup memory allocation$schannel: failed to setup replay detection$schannel: failed to setup sequence detection$schannel: failed to setup stream orientation$schannel: failed to store credential handle$schannel: server selected an ALPN protocol too late
      • API String ID: 3080675121-1264606989
      • Opcode ID: 38b24c0ce7f1167de745d62a064f82a807fb4a75d039cf057bb69a8317a4665d
      • Instruction ID: 85ff4d9980030864629b0550931a14524efb68691177dbed49eb80854ea6f4cb
      • Opcode Fuzzy Hash: 38b24c0ce7f1167de745d62a064f82a807fb4a75d039cf057bb69a8317a4665d
      • Instruction Fuzzy Hash: C171F471A047816BD711DB19DC45F9B7BE8FF56304F440429F848D2282D775E91AC7A3
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FBDE0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 205networkCOMMON
      Download Yara Rule
      APIs
      • send.WS2_32(?,?,00000006,00000000), ref: 008FBF4C
      • WSAGetLastError.WS2_32 ref: 008FBF56
      • send.WS2_32(?,?,?,00000000), ref: 008FC00D
      • WSAGetLastError.WS2_32 ref: 008FC017
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastsend
      • String ID: %c%.*s%c%s$%c%c$%c%c%c%c$%c%c%c%c%s%c%c$%c%s$Sending data failed (%d)
      • API String ID: 1802528911-3373344002
      • Opcode ID: d08c3fbd565826d147a29b4fe4ee3016e73cb19272fdd15b68bc350cf678ce37
      • Instruction ID: ce745bc88bf292adde4c1b76d93bb5f3eaeca036e813ed4460caa1f168d8c071
      • Opcode Fuzzy Hash: d08c3fbd565826d147a29b4fe4ee3016e73cb19272fdd15b68bc350cf678ce37
      • Instruction Fuzzy Hash: 9C61F9B56843096BE720DF24DC42FF77398FF84704F444529FA89D72C2DE61A9058BA1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00909C00 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 172libraryloaderCOMMON
      Download Yara Rule
      APIs
      • GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo,00000000), ref: 00909C2E
      • GetProcAddress.KERNEL32(00000000), ref: 00909C35
      • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 00909D01
      • VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 00909D0B
      • VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00909D28
      • VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00909D34
      • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 00909D5C
      • VerifyVersionInfoW.KERNEL32(?,00000004,00000000), ref: 00909DE9
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ConditionMask$InfoVerifyVersion$AddressHandleModuleProc
      • String ID: RtlVerifyVersionInfo$ntdll
      • API String ID: 574519269-1699696460
      • Opcode ID: 700e46d9a681fed70bae45e5a46b1123ced5da7d2a30e6d73001cfe5eaa36524
      • Instruction ID: cb35ffc728a01e84e1cf9320b2fcdb755732f51ce72d9d3e825a239424726c88
      • Opcode Fuzzy Hash: 700e46d9a681fed70bae45e5a46b1123ced5da7d2a30e6d73001cfe5eaa36524
      • Instruction Fuzzy Hash: 3451E271A5D381AFE7209B24DC46FAF7BD8AFC9700F08481EF588972D2C6759884DB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B54E0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72COMMON
      Download Yara Rule
      APIs
      • _AnonymousOriginator.LIBCPMT ref: 008B5553
      • _AnonymousOriginator.LIBCPMT ref: 008B5573
      • _AnonymousOriginator.LIBCPMT ref: 008B5578
      • _AnonymousOriginator.LIBCPMT ref: 008B557D
      • _AnonymousOriginator.LIBCPMT ref: 008B5583
      • _AnonymousOriginator.LIBCPMT ref: 008B5589
      • _AnonymousOriginator.LIBCPMT ref: 008B5594
      • _AnonymousOriginator.LIBCPMT ref: 008B559F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AnonymousOriginator
      • String ID: Number is too big.$width is not positive.
      • API String ID: 514277716-39947810
      • Opcode ID: 08cd0c58888d646efb167d346df06a785346f148a7fc1b0a598186b891389822
      • Instruction ID: 08bde79793647e1c63d06a3192f4330b80de678401b700571408f7d5abcfea0b
      • Opcode Fuzzy Hash: 08cd0c58888d646efb167d346df06a785346f148a7fc1b0a598186b891389822
      • Instruction Fuzzy Hash: EB114230700A8E578F64FF68AC427EF336AFE41706B254954BC19D2312EA76E8359752
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FD72D Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 317networkCOMMON
      Download Yara Rule
      APIs
      • sendto.WS2_32(?,?,?,00000000,?,?), ref: 008FDAA7
      • WSAGetLastError.WS2_32(?,00000100,?,00000000,?,?), ref: 008FDABB
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastsendto
      • String ID: %lld$%s%c%s%c$TFTP buffer too small for options$TFTP file name too long$blksize$timeout$tsize
      • API String ID: 687199322-1106908834
      • Opcode ID: afb3fdf9654fb18320ded9dd8dd63c1432ae968ea0afff85bc9c450bcaf728cf
      • Instruction ID: 189e764d6b5296777fa126d00411e7be774660c954a349512d2a94da794eef04
      • Opcode Fuzzy Hash: afb3fdf9654fb18320ded9dd8dd63c1432ae968ea0afff85bc9c450bcaf728cf
      • Instruction Fuzzy Hash: 88C1F6311043469FCB15CF34C851FF5BBA6FF92308F18869CE6999B253D672A50ACB51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091A758 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • IsInExceptionSpec.LIBVCRUNTIME ref: 0091A855
      • type_info::operator==.LIBVCRUNTIME ref: 0091A877
      • ___TypeMatch.LIBVCRUNTIME ref: 0091A986
      • IsInExceptionSpec.LIBVCRUNTIME ref: 0091AA58
      • _UnwindNestedFrames.LIBCMT ref: 0091AADC
      • CallUnexpected.LIBVCRUNTIME ref: 0091AAF7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
      • String ID: csm$csm$csm
      • API String ID: 2123188842-393685449
      • Opcode ID: fb87a5d1b637c8106b5d08d4e30cdccd351ed981f29cd6c1b8b456973d93bcdb
      • Instruction ID: cc28f3f6deb1b28b2d1e988a7ab655a07adfd43f6addb9d6bcd0e06ad94261b7
      • Opcode Fuzzy Hash: fb87a5d1b637c8106b5d08d4e30cdccd351ed981f29cd6c1b8b456973d93bcdb
      • Instruction Fuzzy Hash: 20B17C71A0220DEFCF15DFA4C981AEEB7BAFF44310B544059E8156B212D771DE92CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090DA90 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 458COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: _strcspn
      • String ID: %s: %s$Date$Host$X-%s-Date$host:%s$x-%s-date:%s
      • API String ID: 3709121408-2873700390
      • Opcode ID: 87423112cb469b38dbbd2bac381139290ed5c487e2b23264c785e428e1e44e95
      • Instruction ID: 6d8a351746a526b463ca6b87f0e6f5974e4c369719ce85c948311b96f981a152
      • Opcode Fuzzy Hash: 87423112cb469b38dbbd2bac381139290ed5c487e2b23264c785e428e1e44e95
      • Instruction Fuzzy Hash: 1CE15D706093428FDB359F68C841BBAB7E9AF96304F18485DE8C59B3C2E772D905C752
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0090EEB0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 183encryptionCOMMON
      Download Yara Rule
      APIs
      • CertFreeCertificateContext.CRYPT32(?,?,?,?,00000001), ref: 0090F0C0
      Strings
      • schannel: CertGetNameString() returned no certificate name information, xrefs: 0090EF50
      • schannel: CertGetNameString() returned certificate name information of unexpected size, xrefs: 0090EF90
      • schannel: server certificate name verification failed, xrefs: 0090F061
      • schannel: Failed to read remote certificate context: %s, xrefs: 0090F097
      • schannel: connection hostname (%s) validated against certificate name (%s), xrefs: 0090F005
      • schannel: connection hostname (%s) did not match against certificate name (%s), xrefs: 0090F017
      • schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names, xrefs: 0090F076
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CertCertificateContextFree
      • String ID: schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names$schannel: CertGetNameString() returned certificate name information of unexpected size$schannel: CertGetNameString() returned no certificate name information$schannel: Failed to read remote certificate context: %s$schannel: connection hostname (%s) did not match against certificate name (%s)$schannel: connection hostname (%s) validated against certificate name (%s)$schannel: server certificate name verification failed
      • API String ID: 3080675121-3999422989
      • Opcode ID: 59ceb93d7565824710f4537b07238846bd33896e25b89098c0486cb61a18cfcd
      • Instruction ID: df5825bea0cb2d923c0f645ac03f0b413d037ae75d86f6cb438e6e10a61215fa
      • Opcode Fuzzy Hash: 59ceb93d7565824710f4537b07238846bd33896e25b89098c0486cb61a18cfcd
      • Instruction Fuzzy Hash: DC51D371A043019FD7209F18DC51F6B77ADEBD5304F450969F889A7383E636EA098BA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00903E70 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 120COMMON
      Download Yara Rule
      Strings
      • QUIC, xrefs: 00903F54, 00903F5C
      • UDP, xrefs: 00903F48
      • cf_udp_connect(), open failed -> %d, xrefs: 00903EB8
      • %s socket %d connected: [%s:%d] -> [%s:%d], xrefs: 00903F5D
      • cf_udp_connect(), opened socket=%d (%s:%d), xrefs: 00903F8E
      • cf_udp_connect(), opened socket=%d (unconnected), xrefs: 00903FB5
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: %s socket %d connected: [%s:%d] -> [%s:%d]$QUIC$UDP$cf_udp_connect(), open failed -> %d$cf_udp_connect(), opened socket=%d (%s:%d)$cf_udp_connect(), opened socket=%d (unconnected)
      • API String ID: 0-3567288102
      • Opcode ID: 93e299dec797b941b55be4ba56e3ea3ee70a024529c373576d1bc0cdc586e34d
      • Instruction ID: 68658fee5fe345e855d939c2871dd0953660da2d817e83e68b16a64d3f124a99
      • Opcode Fuzzy Hash: 93e299dec797b941b55be4ba56e3ea3ee70a024529c373576d1bc0cdc586e34d
      • Instruction Fuzzy Hash: AD410236204642BFD7219A38DC40FE7BBADFF85325F044626F61C86292D771A954C7A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092ACB6 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 0092A957: CreateFileW.KERNEL32(00000000,00000000,?,0092AD5F,?,?,00000000,?,0092AD5F,00000000,0000000C), ref: 0092A974
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092ADCA
      • __dosmaperr.LIBCMT ref: 0092ADD1
      • GetFileType.KERNEL32(00000000), ref: 0092ADDD
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0092ADE7
      • __dosmaperr.LIBCMT ref: 0092ADF0
      • CloseHandle.KERNEL32(00000000), ref: 0092AE10
      • CloseHandle.KERNEL32(00000017), ref: 0092AF5D
      • GetLastError.KERNEL32 ref: 0092AF8F
      • __dosmaperr.LIBCMT ref: 0092AF96
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
      • String ID:
      • API String ID: 4237864984-0
      • Opcode ID: 6eff921d1b977243b9ea833684b760f2758e0d11c764cb3aec6ef67ca6a1a092
      • Instruction ID: 05f859000a57049800c9e54ad07b5cb4553ee649c84ccb3b60af621ae2a1ca97
      • Opcode Fuzzy Hash: 6eff921d1b977243b9ea833684b760f2758e0d11c764cb3aec6ef67ca6a1a092
      • Instruction Fuzzy Hash: D6A14633A141289FCF19EF68EC91BAD3BA5AB46320F140159F811DF3E5C7398946DB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00902D90 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 209COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __vfprintf_l
      • String ID: %sAuthorization: NTLM %s$HTTP$NTLM$Proxy-$|
      • API String ID: 86772892-996852314
      • Opcode ID: e036e370d0786bde1521b11cc26b281dd2f5cdb61471e54dc29e2230284a0041
      • Instruction ID: f6acd97b2ff1697c1b8a5bf8fea864150e06d9f9655fb49ce0deb1b05682ad8a
      • Opcode Fuzzy Hash: e036e370d0786bde1521b11cc26b281dd2f5cdb61471e54dc29e2230284a0041
      • Instruction Fuzzy Hash: 198146B1A083009FD711DF68C844B5BBBE8FF89704F044929F984D7251E776EA098BA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FBC40 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 133networkCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLasthtonssend
      • String ID: Sending data failed (%d)
      • API String ID: 2027122571-2319402659
      • Opcode ID: 80cda4a20c51bdc630344caf6bdf3a70545b49f7ce8cc98e16dadf3918bc1e53
      • Instruction ID: ce9504c21f9eb5d63bb707510e35a653b1d7623b9df047b9f4a32172716c7743
      • Opcode Fuzzy Hash: 80cda4a20c51bdc630344caf6bdf3a70545b49f7ce8cc98e16dadf3918bc1e53
      • Instruction Fuzzy Hash: C04102742043099FD306DF38C84197A7BA5FFA9314F64056DFA96DB392DB30A911CBA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008C14DC Relevance: 12.2, APIs: 8, Instructions: 175COMMON
      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 008C1525
      • __alloca_probe_16.LIBCMT ref: 008C1551
      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 008C1590
      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008C15AD
      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 008C15EC
      • __alloca_probe_16.LIBCMT ref: 008C1609
      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008C164B
      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 008C166E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ByteCharMultiStringWide$__alloca_probe_16
      • String ID:
      • API String ID: 2040435927-0
      • Opcode ID: 3b612ac42fdcf05b1edd6ec9055cfaa0604c7760dd74cf31a53301e13749feb3
      • Instruction ID: c3794bd55c70dcd23d7b0e9629bd3d2cd289ab0d72127a5840ed23772e06fd9a
      • Opcode Fuzzy Hash: 3b612ac42fdcf05b1edd6ec9055cfaa0604c7760dd74cf31a53301e13749feb3
      • Instruction Fuzzy Hash: BE51D1B660020AABEF205F64CC89FAB7BB9FF56744F194029F911D6191D730CC11CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009321B4 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: _strrchr
      • String ID:
      • API String ID: 3213747228-0
      • Opcode ID: 210623a5775994222a134d05cdf39e0a9e88a8154b3b790a379b2d9aea97e268
      • Instruction ID: 557158b62a230180923a4c245efb5eeb17f0ab9b2eea583e167eb4fda5288565
      • Opcode Fuzzy Hash: 210623a5775994222a134d05cdf39e0a9e88a8154b3b790a379b2d9aea97e268
      • Instruction Fuzzy Hash: 0EB17832A04366AFDB15CF68CC81BEEBBA9EF55710F144165E914AF282D378D941CFA0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008AD9E0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 280COMMON
      Download Yara Rule
      APIs
      • ___std_exception_copy.LIBVCRUNTIME ref: 008ADD56
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ___std_exception_copy
      • String ID: at line $, column $e$parse_error$value
      • API String ID: 2659868963-4259614038
      • Opcode ID: 117f1533affcabfd8a07ade7338505c48c376e0491b302f240d3456ba0a12f6e
      • Instruction ID: 78d62f1ed0984459d823358adaf8e81bc8f86b8741075cb0e6ee7a1d0f824d06
      • Opcode Fuzzy Hash: 117f1533affcabfd8a07ade7338505c48c376e0491b302f240d3456ba0a12f6e
      • Instruction Fuzzy Hash: 35B1DE71A002089BEB18CF68CD85B9DBBB1FF86314F20829CE415EBB86D7755A85CF51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F39B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 206networkCOMMON
      Download Yara Rule
      APIs
      Strings
      • FTP response timeout, xrefs: 008F3BFA
      • QUOT string not accepted: %s, xrefs: 008F3BB2
      • FTP response aborted due to select/poll error: %d, xrefs: 008F3B93
      • *, xrefs: 008F3B4F
      • We got a 421 - timeout, xrefs: 008F3BCD
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast
      • String ID: *$FTP response aborted due to select/poll error: %d$FTP response timeout$QUOT string not accepted: %s$We got a 421 - timeout
      • API String ID: 1452528299-64802194
      • Opcode ID: 97c11a1519710ec626c40a29205de6493a056fb5ada7a77e49311915f66021e4
      • Instruction ID: 041cd97a6b4a67290239aee2aa3f07a4d9fd2df13b9e25a13570f6a100da4566
      • Opcode Fuzzy Hash: 97c11a1519710ec626c40a29205de6493a056fb5ada7a77e49311915f66021e4
      • Instruction Fuzzy Hash: F05125716047499BD7109A29EC41B7BB7D4FF95328F48053AFE84C2252E725DB0987A3
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F4F30 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 157COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: %s%s%s$Couldn't set desired mode$Got a %03d response code instead of the assumed 200$LIST$NLST
      • API String ID: 0-3982560815
      • Opcode ID: c10c77370d0a5374298b7769d3dd3ae7991bdf4726f6efc828bfbe2108f45fd4
      • Instruction ID: ee66280cfb10a0a43ddde5d86dae3aab9316e8867b5c61bbbd262f038766b4f9
      • Opcode Fuzzy Hash: c10c77370d0a5374298b7769d3dd3ae7991bdf4726f6efc828bfbe2108f45fd4
      • Instruction Fuzzy Hash: 9D4127B2740B086BE7209A79AC41BBB73C9EBD5366F54043AF745D7242EB61EC0943A1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009041B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 149networkCOMMON
      Download Yara Rule
      APIs
      • closesocket.WS2_32(?), ref: 0090424D
      • getpeername.WS2_32(?,?,?), ref: 009042C1
      • WSAGetLastError.WS2_32(?,00000000,00000080), ref: 009042CB
      Strings
      • accepted_set(sock=%d, remote=%s port=%d), xrefs: 00904388
      • getpeername() failed with errno %d: %s, xrefs: 009042E8
      • ssrem inet_ntop() failed with errno %d: %s, xrefs: 00904336
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastclosesocketgetpeername
      • String ID: accepted_set(sock=%d, remote=%s port=%d)$getpeername() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
      • API String ID: 3555504163-558929429
      • Opcode ID: fcbf7035fdabdf93c7613cd7d538575f1a25d9e700db100f8fe61e0334c26602
      • Instruction ID: 0ecca31912569b46261250cf953f889ace2e6f7086a1b4bd1d67b8649d39e637
      • Opcode Fuzzy Hash: fcbf7035fdabdf93c7613cd7d538575f1a25d9e700db100f8fe61e0334c26602
      • Instruction Fuzzy Hash: A851CDB1604344AFD721EF28D841FEBB7E8FF89304F40491AF99993242D771E9448BA2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091A1F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
      Download Yara Rule
      APIs
      • _ValidateLocalCookies.LIBCMT ref: 0091A227
      • ___except_validate_context_record.LIBVCRUNTIME ref: 0091A22F
      • _ValidateLocalCookies.LIBCMT ref: 0091A2B8
      • __IsNonwritableInCurrentImage.LIBCMT ref: 0091A2E3
      • _ValidateLocalCookies.LIBCMT ref: 0091A338
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
      • String ID: csm
      • API String ID: 1170836740-1018135373
      • Opcode ID: 6b6c77caf8f1e1f12b1858bb57ef580b8daa05aa67a6704b77f595485cb09755
      • Instruction ID: 8c3ffba01053b2f1b6d5c71a3b33091ace3dcf3d312a419e2299f06106e0e8e6
      • Opcode Fuzzy Hash: 6b6c77caf8f1e1f12b1858bb57ef580b8daa05aa67a6704b77f595485cb09755
      • Instruction Fuzzy Hash: D441B334B0120CABCF00DF68C884ADEBBB5BF89324F148555E8255B392D7369D95CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E7EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMON
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(00000000,?,74FFFF94,008D450F,00000000,74FFFF94,00000100), ref: 008E7EA3
      • _strrchr.LIBCMT ref: 008E7F2A
      • _strrchr.LIBCMT ref: 008E7F45
      • GetLastError.KERNEL32 ref: 008E7F71
      • SetLastError.KERNEL32(00000000), ref: 008E7F7C
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast$_strrchr
      • String ID: Unknown error %d (%#x)
      • API String ID: 3313833583-2414550090
      • Opcode ID: 3b577cee4961c42c11cb764e308675448c6b1e4deee727578f971f2ee344b315
      • Instruction ID: 5df44797e529d1856e7e94ba25a9cb3a514646d529de799974a4ed381041016b
      • Opcode Fuzzy Hash: 3b577cee4961c42c11cb764e308675448c6b1e4deee727578f971f2ee344b315
      • Instruction Fuzzy Hash: DF21F47560C285AEEA116729AC81F7F7B98FF93749F040168F905D6263EF109C41C2F2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008CA910 Relevance: 10.6, APIs: 7, Instructions: 78networkCOMMON
      Download Yara Rule
      APIs
        • Part of subcall function 008E9840: getaddrinfo.WS2_32(?,?,?,?), ref: 008E9861
      • WSAGetLastError.WS2_32 ref: 008CA964
      • WSAGetLastError.WS2_32 ref: 008CA96A
      • EnterCriticalSection.KERNEL32(?), ref: 008CA982
      • LeaveCriticalSection.KERNEL32(?), ref: 008CA991
      • send.WS2_32(?,?,00000001,00000000), ref: 008CA9C0
      • WSAGetLastError.WS2_32 ref: 008CA9CA
      • LeaveCriticalSection.KERNEL32(?), ref: 008CA9D9
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CriticalErrorLastSection$Leave$Entergetaddrinfosend
      • String ID:
      • API String ID: 1962273317-0
      • Opcode ID: 560d16db0bd406c359fd35f8f41fae6f1f17344abb32c8cbd17e4cbc2386e5ad
      • Instruction ID: d38b907e8741fa47ce07758555e859a9e067330ec5f97d482bb78fb53119c28d
      • Opcode Fuzzy Hash: 560d16db0bd406c359fd35f8f41fae6f1f17344abb32c8cbd17e4cbc2386e5ad
      • Instruction Fuzzy Hash: E82116711147099BD724AF65CC46F57BBE8FB44308F01092DF5A2D2260E7B1E949DB62
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092FEEA Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: dd65a7ccc9d46bf032d871d6189a4df17ed0767b5b7bf6a06b6f926531b31b0e
      • Instruction ID: 9edc926579e8cf076b73f7b068289d11ac1458e7b690bf75eb5d3b032a7c71dd
      • Opcode Fuzzy Hash: dd65a7ccc9d46bf032d871d6189a4df17ed0767b5b7bf6a06b6f926531b31b0e
      • Instruction Fuzzy Hash: E0B10470A08249AFDF15DFA8D8A1BAE7BB8BF86300F144168E51497392C7759D82CF60
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008C00E0 Relevance: 9.1, APIs: 6, Instructions: 123COMMON
      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 008C0129
      • std::_Lockit::_Lockit.LIBCPMT ref: 008C014B
      • std::_Lockit::~_Lockit.LIBCPMT ref: 008C016B
      • __Getctype.LIBCPMT ref: 008C0201
      • std::_Facet_Register.LIBCPMT ref: 008C0220
      • std::_Lockit::~_Lockit.LIBCPMT ref: 008C0238
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
      • String ID:
      • API String ID: 1102183713-0
      • Opcode ID: 40f955ff7cbad570a8850e170ab61842adf8ce13c125e5d99ef6df8d6f78b022
      • Instruction ID: 428135abc27e7ab7d8f8f8020122534a06423afe27383626974a2cc1a921c6fe
      • Opcode Fuzzy Hash: 40f955ff7cbad570a8850e170ab61842adf8ce13c125e5d99ef6df8d6f78b022
      • Instruction Fuzzy Hash: 4C416A71A04218DFDB11DF98D841FAAB7B8FB44750F18816EE845EB342EB30EA45CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00925DC9 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __freea$__alloca_probe_16
      • String ID: a/p$am/pm
      • API String ID: 3509577899-3206640213
      • Opcode ID: c184f7d5d31617523deb16f83f3dd2235728d6843b56b6ebb57c1fe4049838b7
      • Instruction ID: 81a6b883e3925dcc65b0041c3bcd463e7c7c1b680d8e169bf0cbf24a26542b9b
      • Opcode Fuzzy Hash: c184f7d5d31617523deb16f83f3dd2235728d6843b56b6ebb57c1fe4049838b7
      • Instruction Fuzzy Hash: 9AC11171A08236DFCF288F68E985BBA77B8FF45300F148049E901ABA5AD335AD51CB51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008CA670 Relevance: 9.1, APIs: 6, Instructions: 71synchronizationCOMMON
      Download Yara Rule
      APIs
      • WaitForSingleObject.KERNEL32(?,000000FF,00000000,?,008C5915,?), ref: 008CA69B
      • CloseHandle.KERNEL32(?), ref: 008CA6A3
      • EnterCriticalSection.KERNEL32(?,00000001,0000002B,00000001,?,008D0F4E,00000001,00000001), ref: 008CA7F0
      • LeaveCriticalSection.KERNEL32(?), ref: 008CA803
      • CloseHandle.KERNEL32(00000000), ref: 008CA814
      • closesocket.WS2_32(?), ref: 008CA87E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CloseCriticalHandleSection$EnterLeaveObjectSingleWaitclosesocket
      • String ID:
      • API String ID: 817826440-0
      • Opcode ID: b296fee6d020da87cb17cfaff944be9887449b910e4ad2e1de8e3f8987f81bd2
      • Instruction ID: d3af5cfd3d932baa6112a39998756518abd3b648fe2a4eec59377524717ed217
      • Opcode Fuzzy Hash: b296fee6d020da87cb17cfaff944be9887449b910e4ad2e1de8e3f8987f81bd2
      • Instruction Fuzzy Hash: EA21B075604605AFDB189F28D848F56BBB4FF46319F18042CF965C3261C771E860EB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091A3EA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,0091A3E1,0091859D,00917ECD), ref: 0091A3F8
      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0091A406
      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0091A41F
      • SetLastError.KERNEL32(00000000,0091A3E1,0091859D,00917ECD), ref: 0091A471
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastValue___vcrt_
      • String ID:
      • API String ID: 3852720340-0
      • Opcode ID: 6d39446b99cbe29154bedb0cfd656d9f6c3da50c6a2fc10d2eba3d8b3c1e04e3
      • Instruction ID: 5a5e2c5ba61cc711dd9fef23bfb338c9d92dddd07b9b117a2e24e21517c988ea
      • Opcode Fuzzy Hash: 6d39446b99cbe29154bedb0cfd656d9f6c3da50c6a2fc10d2eba3d8b3c1e04e3
      • Instruction Fuzzy Hash: 0D01D83631E7195FA62427747CC9BEA2749EBD1BB4F20032AF910512F1EFD14CC5A245
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E6DB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 197COMMON
      Download Yara Rule
      APIs
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6E90
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6F7D
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
      • String ID: %2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd
      • API String ID: 885266447-1743532675
      • Opcode ID: cfd2f6526e8855c625f99442c3ae3c3b3aeb7c1ab16a5f6bc72df08229260671
      • Instruction ID: 94cbe6a5ed77c00110961247696d083ec714b6f08448715191b362cc5e88fe55
      • Opcode Fuzzy Hash: cfd2f6526e8855c625f99442c3ae3c3b3aeb7c1ab16a5f6bc72df08229260671
      • Instruction Fuzzy Hash: CF516576B043055BE7089E2DCC41B6EBBD6EBD8754F49463DF848E3392E9B6DC448282
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008D2AE0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 137COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 008C9E60: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008C50BC,?,00000000,00000000,00000008,008A478C,00000000), ref: 008C9E73
        • Part of subcall function 008C9E60: __alldvrm.LIBCMT ref: 008C9E8D
        • Part of subcall function 008C9E60: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C9EB4
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008D2B3A
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008D2B99
      Strings
      • Connection %lld seems to be dead, xrefs: 008D2C30
      • Too old connection (%lld seconds since creation), disconnect it, xrefs: 008D2BB9, 008D2BC0
      • Too old connection (%lld seconds idle), disconnect it, xrefs: 008D2B56, 008D2B5D
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery__alldvrm
      • String ID: Connection %lld seems to be dead$Too old connection (%lld seconds idle), disconnect it$Too old connection (%lld seconds since creation), disconnect it
      • API String ID: 3283211967-2187007202
      • Opcode ID: ea8236b1b5589baf4c1a2a8a20b6c2ac92908c94489dfe6943d872f19803eb1a
      • Instruction ID: 0c87c763ae7dd3bf7eec285a707912dc0b34f39e67d61f43e76a9fb001f30f99
      • Opcode Fuzzy Hash: ea8236b1b5589baf4c1a2a8a20b6c2ac92908c94489dfe6943d872f19803eb1a
      • Instruction Fuzzy Hash: 16412821B44640ABE7117B7D8C42FBB77A8FFF9314F04561EF558D6242EA60A8C583A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FDB60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
      Download Yara Rule
      APIs
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008FDBC5
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008FDC1F
      Strings
      • Connection time-out, xrefs: 008FDB8C
      • gfff, xrefs: 008FDBDF
      • set timeouts for state %d; Total % lld, retry %d maxtry %d, xrefs: 008FDC3E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
      • String ID: Connection time-out$gfff$set timeouts for state %d; Total % lld, retry %d maxtry %d
      • API String ID: 885266447-2826722092
      • Opcode ID: 53af6d9049ee8f26a5829656fdb8cd62f0a5f496e95890be90b03addc5b5f4e3
      • Instruction ID: 317a8ddaaba1daa8c3284fd11cbea0361c28f6403e0f1061b5f8dd9ec892f38a
      • Opcode Fuzzy Hash: 53af6d9049ee8f26a5829656fdb8cd62f0a5f496e95890be90b03addc5b5f4e3
      • Instruction Fuzzy Hash: E82136B22007085BE7206E69DC41B77B6EEFB84321F100A3DFB85C62C1E7B6E9048791
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091B482 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FreeLibrary.KERNEL32(00000000,?,?,?,0091B543,?,?,00981C6C,00000000,?,0091B66E,00000004,InitializeCriticalSectionEx,009517B4,InitializeCriticalSectionEx,00000000), ref: 0091B512
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FreeLibrary
      • String ID: api-ms-
      • API String ID: 3664257935-2084034818
      • Opcode ID: fbdca14e89c8317ec7acc434f7a6fd336a4653c106e9a389b0d8f81e0013e2e5
      • Instruction ID: b0af7a1daa8b41cdd68e8ef58796442908b499cecbce0ba0c8529460c3b2dd9e
      • Opcode Fuzzy Hash: fbdca14e89c8317ec7acc434f7a6fd336a4653c106e9a389b0d8f81e0013e2e5
      • Instruction Fuzzy Hash: E511E535B55229ABEB328B6D9C44F9933EAAF02770F254110FA11EB2E1E770ED4097D1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092D20E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,1354808E,?,?,00000000,00941254,000000FF,?,0092D1A8,0092D2CE,?,0092D17C,00000000), ref: 0092D243
      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0092D255
      • FreeLibrary.KERNEL32(00000000,?,?,00000000,00941254,000000FF,?,0092D1A8,0092D2CE,?,0092D17C,00000000), ref: 0092D277
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AddressFreeHandleLibraryModuleProc
      • String ID: CorExitProcess$mscoree.dll
      • API String ID: 4061214504-1276376045
      • Opcode ID: bf61f093d944c61ec0b89d7fc353f8cef60394a775c5c733034cba78c5f075b6
      • Instruction ID: 2b6816748fa66cf2815ff623bdee4dc6f2f52407f11545b612c528e59f63b4a5
      • Opcode Fuzzy Hash: bf61f093d944c61ec0b89d7fc353f8cef60394a775c5c733034cba78c5f075b6
      • Instruction Fuzzy Hash: 6D01A275918669EBDB128F50DC05FAEBBB8FB48B15F008525F822A22E0DB74D904CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093150C Relevance: 7.7, APIs: 5, Instructions: 197COMMON
      Download Yara Rule
      APIs
      • __alloca_probe_16.LIBCMT ref: 00931591
      • __alloca_probe_16.LIBCMT ref: 0093165A
      • __freea.LIBCMT ref: 009316C1
        • Part of subcall function 00932061: RtlAllocateHeap.NTDLL(00000000,009389A5,8B2FEB1F,?,009389A5,00000220,?,0092008C,8B2FEB1F), ref: 00932093
      • __freea.LIBCMT ref: 009316D4
      • __freea.LIBCMT ref: 009316E1
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __freea$__alloca_probe_16$AllocateHeap
      • String ID:
      • API String ID: 1423051803-0
      • Opcode ID: 59415a15e130f1908093a402c0124329d8b1d6ead25e6f965a833e395b43dc61
      • Instruction ID: 65ea0332eb35056d306353bb29c1d7d44bceea6e8ea1d34c07cb75699452e4d1
      • Opcode Fuzzy Hash: 59415a15e130f1908093a402c0124329d8b1d6ead25e6f965a833e395b43dc61
      • Instruction Fuzzy Hash: F751D3B260020AAFDB205FA5DC82EBF76ADEF84758F190529FC04D6161EB70DC508E60
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008BE3A0 Relevance: 7.7, APIs: 5, Instructions: 195COMMON
      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 008BE420
      • std::_Lockit::_Lockit.LIBCPMT ref: 008BE442
      • std::_Lockit::~_Lockit.LIBCPMT ref: 008BE463
      • std::_Facet_Register.LIBCPMT ref: 008BE4F9
      • std::_Lockit::~_Lockit.LIBCPMT ref: 008BE511
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
      • String ID:
      • API String ID: 459529453-0
      • Opcode ID: cb37d8e14e6c60f53059e37048544e725d96995cf76af5cd0303b3d1de5e2f8d
      • Instruction ID: afc14aa34f1a266a5f93873245bfadfb9911e4c78416e57a4bc3ca10a196760d
      • Opcode Fuzzy Hash: cb37d8e14e6c60f53059e37048544e725d96995cf76af5cd0303b3d1de5e2f8d
      • Instruction Fuzzy Hash: EF814674A002189FDB14DFA8C884BDEBBB4FF48714F148159E846AB392DB70AD45CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092B31A Relevance: 7.6, APIs: 5, Instructions: 143pipeCOMMON
      Download Yara Rule
      APIs
      • GetFileType.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,0092B59F,00000000,?), ref: 0092B33C
      • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0092B59F,00000000), ref: 0092B396
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0092B59F,00000000,?,?,00000000,?,?), ref: 0092B424
      • __dosmaperr.LIBCMT ref: 0092B42B
      • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0092B59F), ref: 0092B468
        • Part of subcall function 0092B718: __dosmaperr.LIBCMT ref: 0092B74D
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
      • String ID:
      • API String ID: 1206951868-0
      • Opcode ID: 73176e6e3a6323f1a29ec76ca2c935cec17a3b01ab8a6df954e1629086da2751
      • Instruction ID: 4186dc5337f074e8dc3702971f6d82aa8d64a05e5fc0e82fc201f8287caa0df5
      • Opcode Fuzzy Hash: 73176e6e3a6323f1a29ec76ca2c935cec17a3b01ab8a6df954e1629086da2751
      • Instruction Fuzzy Hash: 4B415E75900218AFDB24EFA5EC859AFBBF9FF88300B104929F856D3625D730A840DB60
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008DBA40 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 385networkCOMMON
      Download Yara Rule
      APIs
      • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 008DBDBD
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 008DBDD9
      Strings
      • We are completely uploaded and fine, xrefs: 008DBED5
      • Failed to alloc scratch buffer, xrefs: 008DBC35
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Ioctlsetsockopt
      • String ID: Failed to alloc scratch buffer$We are completely uploaded and fine
      • API String ID: 1903391676-2419666956
      • Opcode ID: 7bd8b58bd7afeb32721e4a54562ab6548010c93ac3116ef740384d68265838d3
      • Instruction ID: 7fc1fef607fa3170bdc2da0c6c6dd17b01ec58274b21a127cf049964f0bb4c52
      • Opcode Fuzzy Hash: 7bd8b58bd7afeb32721e4a54562ab6548010c93ac3116ef740384d68265838d3
      • Instruction Fuzzy Hash: 82E17B71604B45CFD720DF28C881BEAB7E5FF85314F050A2EE699C7252EB31A945CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F3530 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 239COMMON
      Download Yara Rule
      APIs
      Strings
      • path contains control characters, xrefs: 008F3583
      • Request has same path as previous transfer, xrefs: 008F37F7
      • Uploading to a URL without a file name, xrefs: 008F3685
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: _strrchr
      • String ID: Request has same path as previous transfer$Uploading to a URL without a file name$path contains control characters
      • API String ID: 3213747228-4131979473
      • Opcode ID: 1596d79a685f7e3e374774bd58fae9b81bdbdb9915e95d080ee40ddd904f9e5d
      • Instruction ID: 2ad1ccafcba316c1e65e414c57f4a36d52f41a9577f925cad7cf6d605b4fc999
      • Opcode Fuzzy Hash: 1596d79a685f7e3e374774bd58fae9b81bdbdb9915e95d080ee40ddd904f9e5d
      • Instruction Fuzzy Hash: 5B81E2B06043499BDB219F38DC45BBA7BE5FB91305F18043CEA8AD6382D736DA09D761
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008EA8A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183encryptionCOMMON
      Download Yara Rule
      APIs
      • CertCloseStore.CRYPT32(?,00000000), ref: 008EAA88
      Strings
      • schannel: shutting down SSL/TLS connection with %s port %d, xrefs: 008EA8D7
      • schannel: failed to send close msg: %s (bytes written: %zd), xrefs: 008EAA0F
      • schannel: ApplyControlToken failure: %s, xrefs: 008EA956
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CertCloseStore
      • String ID: schannel: ApplyControlToken failure: %s$schannel: failed to send close msg: %s (bytes written: %zd)$schannel: shutting down SSL/TLS connection with %s port %d
      • API String ID: 3257488527-3473387036
      • Opcode ID: 9f9bc7f70aaaba2103854603b143fad699e5cbc6c85cdf984bded0ac6c46ddc1
      • Instruction ID: 8e2870e2eefd6fbb8856f11377051a3a7aff7f26f8ffa982f6906a46f41491e4
      • Opcode Fuzzy Hash: 9f9bc7f70aaaba2103854603b143fad699e5cbc6c85cdf984bded0ac6c46ddc1
      • Instruction Fuzzy Hash: 097152B0204341AFE724CF29C985B1BBBE8FB84704F00492CF49A97291E775E948CB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F2EA0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 167networkCOMMON
      Download Yara Rule
      APIs
      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?), ref: 008F3010
      Strings
      • FTP response timeout, xrefs: 008F3061
      • FTP response aborted due to select/poll error: %d, xrefs: 008F3017
      • We got a 421 - timeout, xrefs: 008F3032
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast
      • String ID: FTP response aborted due to select/poll error: %d$FTP response timeout$We got a 421 - timeout
      • API String ID: 1452528299-3016466939
      • Opcode ID: 51068a8901632c87a266077f0cfa7e5fb206709f454dd7e4531a48fa5ad65e55
      • Instruction ID: 675e2d60967fc9caa19bc052808a95f187f233b97886b282704446ae7dec79a2
      • Opcode Fuzzy Hash: 51068a8901632c87a266077f0cfa7e5fb206709f454dd7e4531a48fa5ad65e55
      • Instruction Fuzzy Hash: B75102716047089BD311AA2DEC40B6BB7E4FFC5318F54457AFA44C2262EB35DA0987A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FD180 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
      Download Yara Rule
      APIs
      • recvfrom.WS2_32(?,?,?,00000000,?), ref: 008FD1D0
      Strings
      • TFTP error: %s, xrefs: 008FD2E8
      • Received too short packet, xrefs: 008FD211
      • Internal error: Unexpected packet, xrefs: 008FD311
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: recvfrom
      • String ID: Internal error: Unexpected packet$Received too short packet$TFTP error: %s
      • API String ID: 846543921-343195773
      • Opcode ID: 10e8aa2fa519fefc8a9eaaeb0aa113729562524063d8a3c936fcb994a27ec696
      • Instruction ID: 0113475ffeaf563598358d37d7b616e20dd6f2c2f134d6faca56e0af9f84c212
      • Opcode Fuzzy Hash: 10e8aa2fa519fefc8a9eaaeb0aa113729562524063d8a3c936fcb994a27ec696
      • Instruction Fuzzy Hash: 7041F971904309AFD3149F349C81BB6F7E9FB44315F44422AF759D2242E774E558C7A2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008F2C90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104networkCOMMON
      Download Yara Rule
      APIs
      • getsockname.WS2_32 ref: 008F2CD2
      • accept.WS2_32(?,FFFFFFFF,?), ref: 008F2CEF
        • Part of subcall function 0090EAB0: ioctlsocket.WS2_32(00000018,8004667E,?), ref: 0090EACB
        • Part of subcall function 009041B0: getpeername.WS2_32(?,?,?), ref: 009042C1
        • Part of subcall function 009041B0: WSAGetLastError.WS2_32(?,00000000,00000080), ref: 009042CB
      Strings
      • Connection accepted from server, xrefs: 008F2D2F
      • Error accept()ing server connect, xrefs: 008F2D04
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastacceptgetpeernamegetsocknameioctlsocket
      • String ID: Connection accepted from server$Error accept()ing server connect
      • API String ID: 121512582-1795061160
      • Opcode ID: 79ef1b9af421cca2e2a23cd343a47d38fb97435d02a9e07b4be9165fc4f8c8f9
      • Instruction ID: fe13e816a9d89f5f5173c66f52202cc60876d940bcfe30f20939876c899df5ce
      • Opcode Fuzzy Hash: 79ef1b9af421cca2e2a23cd343a47d38fb97435d02a9e07b4be9165fc4f8c8f9
      • Instruction Fuzzy Hash: 1731B471704205AFE620EF24DC81FBBB7A8FF95750F80452AF594C61C1DB74984597A3
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008BD370 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
      Download Yara Rule
      APIs
      • ___std_exception_copy.LIBVCRUNTIME ref: 008BD3FF
        • Part of subcall function 009185AF: RaiseException.KERNEL32(E06D7363,00000001,00000003,008A124C,?,?,?,008A124C,?,0097E228), ref: 0091860F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ExceptionRaise___std_exception_copy
      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 3109751735-1866435925
      • Opcode ID: d1dcb18f243f9d541738a2b89f0461472e92715e4ba24d788541291c44f7a6fc
      • Instruction ID: 4170b6e02fd5fb660134d6504dd34afa51ff39f8be65e8bd5f83bc98d5ee71c0
      • Opcode Fuzzy Hash: d1dcb18f243f9d541738a2b89f0461472e92715e4ba24d788541291c44f7a6fc
      • Instruction Fuzzy Hash: B51190B26007086BC714DF68C801B9EB7E8FB94310F14852AF9599B781FB70A954CB52
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008FBA90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
      Download Yara Rule
      APIs
      • send.WS2_32(?,?,00000003,00000000), ref: 008FBABD
      • WSAGetLastError.WS2_32 ref: 008FBAC7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLastsend
      • String ID: SENT$Sending data failed (%d)
      • API String ID: 1802528911-3459338696
      • Opcode ID: 7fb3adb7330eaaaa4ffd72af7644fdb35e9243810b4e98162736a532be451867
      • Instruction ID: 6aa9ecf669d51e75ee913b1d8da0f829ae2be82d1c5100adb061e79f07b90b6a
      • Opcode Fuzzy Hash: 7fb3adb7330eaaaa4ffd72af7644fdb35e9243810b4e98162736a532be451867
      • Instruction Fuzzy Hash: 55F0B472249341BFC201DF58DC45E6BBBA8EFA9314F04094CF2A4C71A2D761961897A3
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00930275 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetConsoleOutputCP.KERNEL32(1354808E,00000000,00000000,00000000), ref: 009302D8
        • Part of subcall function 00935D0A: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009316B7,?,00000000,-00000008), ref: 00935D6B
      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0093052A
      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00930570
      • GetLastError.KERNEL32 ref: 00930613
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
      • String ID:
      • API String ID: 2112829910-0
      • Opcode ID: 27fc4509e18dd982e36532fd87e9f34117efb3c4296a336c9ee06a628fcea800
      • Instruction ID: 20eb89dff4c8277cc1858e653f61f7116080464ee37010f8aa7329df745b986d
      • Opcode Fuzzy Hash: 27fc4509e18dd982e36532fd87e9f34117efb3c4296a336c9ee06a628fcea800
      • Instruction Fuzzy Hash: D4D18AB5D042489FCF15CFA8D890AEDBBB9FF89314F24452AE416EB351D630A946CF60
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091A501 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AdjustPointer
      • String ID:
      • API String ID: 1740715915-0
      • Opcode ID: 4ea76b6cbe1aff4048f0c352d79186bda3e0cb7c499297c6bb1bf3ee47f078d0
      • Instruction ID: de8df5b9a9f418333e287c9993fd7a8b2a975372bb767f2eb13e71637fdf4316
      • Opcode Fuzzy Hash: 4ea76b6cbe1aff4048f0c352d79186bda3e0cb7c499297c6bb1bf3ee47f078d0
      • Instruction Fuzzy Hash: B051FF7270620EAFDB298F10D841BFA77A9EF90750F18442DE80697291E735ECC1DB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0092BE78 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ae0d4d6b8133f007118728df5ec7517823b14a374dd7d68f832d638cdbf2fe1a
      • Instruction ID: 481a77b4bc799724bad52c49c29b7131941d9d0246f3a34c0173123d73b79582
      • Opcode Fuzzy Hash: ae0d4d6b8133f007118728df5ec7517823b14a374dd7d68f832d638cdbf2fe1a
      • Instruction Fuzzy Hash: CE41F672B00718AFD724AF78DC41BDABBF9EB88710F11452AF155DB285E3709A808BC0
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00924E7B Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 727e94102de4f153469021aabf08a1abe1f143f5cc944c5d1f21022aa6d0a927
      • Instruction ID: 9978b4c2db1fb466eced4c1249aff584f1043b5e379e2f58d5bd3392fbfbb0c3
      • Opcode Fuzzy Hash: 727e94102de4f153469021aabf08a1abe1f143f5cc944c5d1f21022aa6d0a927
      • Instruction Fuzzy Hash: 7721C331604629BFDB10AF61ED40EAA7BADFF913647114924FD15D7195D734EC408B90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008C9E60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
      Download Yara Rule
      APIs
      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008C50BC,?,00000000,00000000,00000008,008A478C,00000000), ref: 008C9E73
      • __alldvrm.LIBCMT ref: 008C9E8D
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C9EB4
      • GetTickCount.KERNEL32 ref: 008C9ED1
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: CountCounterPerformanceQueryTickUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
      • String ID:
      • API String ID: 1296068966-0
      • Opcode ID: f52d074f396870aa551ae9e5731aab85846c105b43f61e7f70abfc39298a71b9
      • Instruction ID: bd0c6274aa13258ffc73434ab11cdb7a1d5992f974f13f21169babfc373ecf4f
      • Opcode Fuzzy Hash: f52d074f396870aa551ae9e5731aab85846c105b43f61e7f70abfc39298a71b9
      • Instruction Fuzzy Hash: 2E11A07161830AAFC744EFA8FD45B6AFBE9FB88300F44852DF148C2260E6319948EB55
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E7F90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53COMMON
      Download Yara Rule
      APIs
      Strings
      • Unknown error %lu (0x%08lX), xrefs: 008E7FD2
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorLast
      • String ID: Unknown error %lu (0x%08lX)
      • API String ID: 1452528299-1512744739
      • Opcode ID: b533e451805ac09171b4078d960fb9ffae9f6b2535be0e9f9d2e3071d55f9976
      • Instruction ID: eefa8ec39b42bf1b156f11403fac63225e6d4bbb6480c7db239fb06739be38f9
      • Opcode Fuzzy Hash: b533e451805ac09171b4078d960fb9ffae9f6b2535be0e9f9d2e3071d55f9976
      • Instruction Fuzzy Hash: 0A01F77220C349AFD6106B659C84E6BBB9CFFD2365F500129F401C3222EF609C41D6B2
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00937987 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
      Download Yara Rule
      APIs
      • GetFullPathNameW.KERNEL32(?,?,?,00000000,00937AE6,00000000,?,0093E5F6,00937AE6,00937AE6,?,?,00000000,00000104,?,00000001), ref: 0093799D
      • GetLastError.KERNEL32(?,0093E5F6,00937AE6,00937AE6,?,?,00000000,00000104,?,00000001,00000000,00000000,?,00937AE6,?,00000104), ref: 009379A7
      • __dosmaperr.LIBCMT ref: 009379AE
      • GetFullPathNameW.KERNEL32(?,?,?,00000000,?,?,0093E5F6,00937AE6,00937AE6,?,?,00000000,00000104,?,00000001,00000000), ref: 009379D8
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FullNamePath$ErrorLast__dosmaperr
      • String ID:
      • API String ID: 1391015842-0
      • Opcode ID: c54603411eab5783770b06da83475bd7af6e11ffdfd5446c2910761bcc8840b0
      • Instruction ID: 551497031dd090ffcf097f470860beabd2ba7cf54b20c1eb22788cbf404b4f1e
      • Opcode Fuzzy Hash: c54603411eab5783770b06da83475bd7af6e11ffdfd5446c2910761bcc8840b0
      • Instruction Fuzzy Hash: F5F04476208204AFDB315FA2DC05F57FBADFF85360B108529F555C6520DB31E850DB51
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009379ED Relevance: 6.0, APIs: 4, Instructions: 42COMMON
      Download Yara Rule
      APIs
      • GetFullPathNameW.KERNEL32(?,?,?,00000000,00937AE6,00000000,?,0093E668,00937AE6,?,?,00000000,00000104,?,00000001,00000000), ref: 00937A03
      • GetLastError.KERNEL32(?,0093E668,00937AE6,?,?,00000000,00000104,?,00000001,00000000,00000000,?,00937AE6,?,00000104,?), ref: 00937A0D
      • __dosmaperr.LIBCMT ref: 00937A14
      • GetFullPathNameW.KERNEL32(?,?,?,00000000,?,?,0093E668,00937AE6,?,?,00000000,00000104,?,00000001,00000000,00000000), ref: 00937A3E
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: FullNamePath$ErrorLast__dosmaperr
      • String ID:
      • API String ID: 1391015842-0
      • Opcode ID: 0af11c8815f9aefff353bd4b02d9d1a3a51e9d25b8808b90518931c5fe16b944
      • Instruction ID: 75f145504dd61a6cbc194ed1899c2d2427c1aff0044dac45d12fb5a864a3e2ed
      • Opcode Fuzzy Hash: 0af11c8815f9aefff353bd4b02d9d1a3a51e9d25b8808b90518931c5fe16b944
      • Instruction Fuzzy Hash: 49F06876204205AFEB305FA6DC04E5BFFADFF85760B108829F655C2520DB32E8519F50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0093EC9A Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0093BCC4,00000000,00000001,0000000C,00000000,?,00930667,00000000,00000000,00000000), ref: 0093ECB1
      • GetLastError.KERNEL32(?,0093BCC4,00000000,00000001,0000000C,00000000,?,00930667,00000000,00000000,00000000,00000000,00000000,?,00930C41,?), ref: 0093ECBD
        • Part of subcall function 0093EC83: CloseHandle.KERNEL32(FFFFFFFE,0093ECCD,?,0093BCC4,00000000,00000001,0000000C,00000000,?,00930667,00000000,00000000,00000000,00000000,00000000), ref: 0093EC93
      • ___initconout.LIBCMT ref: 0093ECCD
        • Part of subcall function 0093EC45: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0093EC74,0093BCB1,00000000,?,00930667,00000000,00000000,00000000,00000000), ref: 0093EC58
      • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0093BCC4,00000000,00000001,0000000C,00000000,?,00930667,00000000,00000000,00000000,00000000), ref: 0093ECE2
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
      • String ID:
      • API String ID: 2744216297-0
      • Opcode ID: 5f3c41a00502272513c814ff0fa58cbb4c843e9b87d62a84e8fb351b47cc85fe
      • Instruction ID: 26104688966cb6dab0bfa5619403de3b27d3826b561d77b4cb2cc8d96f12a304
      • Opcode Fuzzy Hash: 5f3c41a00502272513c814ff0fa58cbb4c843e9b87d62a84e8fb351b47cc85fe
      • Instruction Fuzzy Hash: ACF0153A004118BFCF622F95DC08E9E3F66FF893A1F054010FA5885271CA328960EF90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008DC4AD Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
      Download Yara Rule
      APIs
      Strings
      • 0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 008DC571
      • 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 008DC56C
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __aulldvrm
      • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
      • API String ID: 1302938615-2201779707
      • Opcode ID: 1efff8ac18f76823b0a88cd9f2514c312e7b9963be170630904f7db49d1833b2
      • Instruction ID: 1f75649423a182cb5bc8503fa620092abea53265b9b8873768476a321b30b559
      • Opcode Fuzzy Hash: 1efff8ac18f76823b0a88cd9f2514c312e7b9963be170630904f7db49d1833b2
      • Instruction Fuzzy Hash: 4AA15A7060938B9FD724DE598890B6BBBE1FF95349F540B2EE899C6341E770D904CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008E9FE0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 215COMMON
      Download Yara Rule
      Strings
      • select/poll on SSL socket, errno: %d, xrefs: 008EA21A
      • schannel: timed out sending data (bytes sent: %zd), xrefs: 008EA235
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
      • API String ID: 0-3891197721
      • Opcode ID: cd720e8f75999d8a90fa823833676284baab43c72f6f17d97675d5a63203be8f
      • Instruction ID: 5b6e8a41e0211fd940e7bb7287f9f0784cf7b1005727506ebaaeb964b770c326
      • Opcode Fuzzy Hash: cd720e8f75999d8a90fa823833676284baab43c72f6f17d97675d5a63203be8f
      • Instruction Fuzzy Hash: C78158B56083409FD714CF29C841A1ABBE5FF89728F104A2DF969D73A1D772E904CB82
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008B6D70 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 202COMMON
      Download Yara Rule
      APIs
      • std::locale::_Init.LIBCPMT ref: 008B6E17
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Initstd::locale::_
      • String ID: false$true
      • API String ID: 1620887387-2658103896
      • Opcode ID: 7e0a47a5d6faa8e34d25c6cbdffaecd847393f41ff6681b298370cfc0acd9c81
      • Instruction ID: 28a34bbd8d102fab1be38b3cb1684ed923317af5d66d25473a35b4edcc1735bd
      • Opcode Fuzzy Hash: 7e0a47a5d6faa8e34d25c6cbdffaecd847393f41ff6681b298370cfc0acd9c81
      • Instruction Fuzzy Hash: 0E71CFB1A00208DFDF18CF68D895BEEBBB1FF85314F148259E8159B396EB359950CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00924B7D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
      Download Yara Rule
      APIs
      • __startOneArgErrorHandling.LIBCMT ref: 00924C0D
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ErrorHandling__start
      • String ID: pow
      • API String ID: 3213639722-2276729525
      • Opcode ID: 695d61f084148ed39cb88a5159a07033f870d0154c1978368837b337d9e898c9
      • Instruction ID: ce232ca6013f2814d3af3ae127cdd3b09cea9d1083d1784bcfd6df916b3f70e7
      • Opcode Fuzzy Hash: 695d61f084148ed39cb88a5159a07033f870d0154c1978368837b337d9e898c9
      • Instruction Fuzzy Hash: 0851B061A1DA0186CB12BB18ED023BD2BE89B44715F714D68F0D5462EDEF398CC1EF42
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008EBF60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON
      Download Yara Rule
      Strings
      • select/poll on SSL/TLS socket, errno: %d, xrefs: 008EC129
      • SSL/TLS connection timeout, xrefs: 008EC144
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID:
      • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
      • API String ID: 0-3791222319
      • Opcode ID: 59dc9256f207af3b2726f5d22906cfe3b4dea1c56062ee6f0abb460b4204fb92
      • Instruction ID: 25c03a2c883872a24b957112d0cbf17468b9c2d41832fc774cec486b42cb847e
      • Opcode Fuzzy Hash: 59dc9256f207af3b2726f5d22906cfe3b4dea1c56062ee6f0abb460b4204fb92
      • Instruction Fuzzy Hash: 2C514635A003809BD720862EBC82B6BB7D4FBC7734F54092AEC04C2242E726D949C763
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A16A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 182COMMON
      Download Yara Rule
      APIs
      • ___std_exception_destroy.LIBVCRUNTIME ref: 008A1871
      • ___std_exception_destroy.LIBVCRUNTIME ref: 008A1880
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: ___std_exception_destroy
      • String ID: [json.exception.
      • API String ID: 4194217158-791563284
      • Opcode ID: 13a8433c8e67b2ac8a2879d7d4384e2bdb138977e551b0a870f84a27668ecd30
      • Instruction ID: 6bf8b796a90d74a63f3a990f5515f1bfadcec8e91227596f45a884465aa1cd34
      • Opcode Fuzzy Hash: 13a8433c8e67b2ac8a2879d7d4384e2bdb138977e551b0a870f84a27668ecd30
      • Instruction Fuzzy Hash: 73510071A002199BEB14CFA8D885B9EFBB9FF86710F50052DE401D7B81DBB49949CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Function 0091AB02 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0091AB27
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: EncodePointer
      • String ID: MOC$RCC
      • API String ID: 2118026453-2084237596
      • Opcode ID: e40d59b921ab0e41da11e07a31369587613d665c2e31d870948f6d7628e85ef4
      • Instruction ID: 03e61f7f28ad2f3b385dce2939578431e6919d50b468b5c7f384268294ea8cf1
      • Opcode Fuzzy Hash: e40d59b921ab0e41da11e07a31369587613d665c2e31d870948f6d7628e85ef4
      • Instruction Fuzzy Hash: 3A414971A0120DEFCF16DF94C981AEEBBB9BF48304F144059F91967211D3359D90DB92
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00903450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: closesocket
      • String ID: cf_socket_close(%d)$destroy
      • API String ID: 2781271927-1402715136
      • Opcode ID: 210eade511bf4d22a61d0b64ac8969a87f892828bf3fe4bf5fb97cab3a2e950f
      • Instruction ID: 3648ad8dac4e6fad39b1a07d91cb24795e690101ae2e71b81052e11db522a722
      • Opcode Fuzzy Hash: 210eade511bf4d22a61d0b64ac8969a87f892828bf3fe4bf5fb97cab3a2e950f
      • Instruction Fuzzy Hash: 7C317C70504B44AFD2209B29DC85F97B7ACFF46324F148A19F46D8B292DB70F99487A1
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008A13B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 008A13DB
      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 008A142A
        • Part of subcall function 008C0EC4: _Yarn.LIBCPMT ref: 008C0EE3
        • Part of subcall function 008C0EC4: _Yarn.LIBCPMT ref: 008C0F07
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
      • String ID: bad locale name
      • API String ID: 1908188788-1405518554
      • Opcode ID: 13637d68087da35d31f3fbfe6c29bab828c2780bf2804df1951dd93be621184d
      • Instruction ID: 5161461abf26f35cd4c2a80440f5cd653497324b8e55078d060a0fe5ab548320
      • Opcode Fuzzy Hash: 13637d68087da35d31f3fbfe6c29bab828c2780bf2804df1951dd93be621184d
      • Instruction Fuzzy Hash: 67118C71904B449FD320CF69C801B47BBF4EB19714F008A1EE889C7B81D7B5A504CBA6
      Uniqueness

      Uniqueness Score: -1.00%

      Function 008EEC90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: __allrem
      • String ID: %c%03d$%s %s
      • API String ID: 2933888876-883683383
      • Opcode ID: 232b8b54568d3fc607fc0f52480d2ea8e12382cbcab2aa29d588cc51e85552d2
      • Instruction ID: f1df9d40aff0598044dffb678acd40f2686532ad1e2946a94009781d0be02672
      • Opcode Fuzzy Hash: 232b8b54568d3fc607fc0f52480d2ea8e12382cbcab2aa29d588cc51e85552d2
      • Instruction Fuzzy Hash: 2201F2B37401097FE605AA699C42FABB76CFF95319F050011FA0AD6153E221F96287F7
      Uniqueness

      Uniqueness Score: -1.00%

      Function 009044E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
      Download Yara Rule
      APIs
      • getsockopt.WS2_32(?,0000FFFF,00001001,00004020,?), ref: 0090454E
      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 00904576
        • Part of subcall function 00909C00: GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo,00000000), ref: 00909C2E
        • Part of subcall function 00909C00: GetProcAddress.KERNEL32(00000000), ref: 00909C35
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1660595256.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
      • Associated: 00000000.00000002.1660578005.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660638207.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660663663.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1660675636.0000000000985000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_8a0000_WAdE7vk6kk.jbxd
      Similarity
      • API ID: AddressHandleModuleProcgetsockoptsetsockopt
      • String ID: @
      • API String ID: 1224256098-2726393805
      • Opcode ID: 828837d305835303aa5b14ecb2b6a46ef8bcb864e3e9e1fe54bdef0746d00ad5
      • Instruction ID: c004decd2ab7e5ffe06631f5cdefffceab9e5e3edc2acc14c7f8f00797fffa4d
      • Opcode Fuzzy Hash: 828837d305835303aa5b14ecb2b6a46ef8bcb864e3e9e1fe54bdef0746d00ad5
      • Instruction Fuzzy Hash: 4A0148B0108301AFE7209F00EC46B6A7BE8BB84B04F404428FA849A2E1D3B5C958EB42
      Uniqueness

      Uniqueness Score: -1.00%