Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
build.exe

Overview

General Information

Sample Name:build.exe
Analysis ID:588110
MD5:29fa3f046d74ecb98b88f2db96b69856
SHA1:cef05eec8df455e3ab98c81527622cc7426b4973
SHA256:66f48ee8e668dc77d5a87585f16c870e6232d1340e8cf093f536c5340891936b
Infos:

Detection

BlackCat
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Yara detected BlackCat Ransomware
Malicious sample detected (through community Yara rule)
Found Tor onion address
Deletes shadow drive data (may be related to ransomware)
Uses 32bit PE files
Yara signature match
PE file contains an invalid checksum
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • build.exe (PID: 6328 cmdline: "C:\Users\user\Desktop\build.exe" MD5: 29FA3F046D74ECB98B88F2DB96B69856)
  • cleanup

Malware Configuration

Threatname: BlackCat

{"config_id": "", "public_key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkOBBovKJud3BzJyaBY2tik4hSIRHS6tHvupmLHLbnNkVD6aIksfd/L+EvWdS8AQyQ/L0/NdyLpubkySYLd6zI0mFNMIvwaBdnePbog2OVIRB/BkMUo0G0xfnjpVj+CPOIm1ougYn/1OJL8xP+ryPptxtAZLBU9aEZMk2IeQNNYsWIz2AfXgmkQ+6l+Zc42aqru3ne9nAX6jR9JvavSYjJ6Srk6EX8tPb1JGu1hjXKDoGC6HpvxNhvUTjIu94y/2A9NU805lrINdmq0YSKEB4M5uEc+lm/Vq+8o+HqambGA3dQkGl7kSzgm8zO0sIegg/rKKxra1UtNdhcrRFNo3TwIDAQAB", "extension": "4v9zkhj", "note_file_name": "RECOVER-${EXTENSION}-FILES.txt", "note_full_text": ">> What happened?\n\nImportant files on your network was ENCRYPTED and now they have \"${EXTENSION}\" extension.\nIn order to recover your files you need to follow instructions below.\n\n>> Sensitive Data\n\nSensitive data on your network was DOWNLOADED.\nIf you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.\n\nData includes:\n- Employees personal data, CVs, DL, SSN.\n- Complete network map including credentials for local and remote services.\n- Private financial information including: clients data, bills, budgets, annual reports, bank statements.\n- Manufacturing documents including: datagrams, schemas, drawings in solidworks format\n- And more...\n\n>> CAUTION\n\nDO NOT MODIFY ENCRYPTED FILES YOURSELF.\nDO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA.\nYOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.\n\n>> What should I do next?\n\n1) Download and install Tor Browser from: https://torproject.org/\n2) Navigate to: http://xnffv7gqnvmhbo6abr5ctt6go2zzcbefuhjqbq6ijczpwjn2nmkhzsad.onion/?access-key=${ACCESS_KEY}", "note_short_text": "Important files on your network was DOWNLOADED and ENCRYPTED.\nSee \"${NOTE_FILE_NAME}\" file to get further instructions.", "default_file_mode": "Auto", "default_file_cipher": "Best", "credentials": [], "kill_services": ["mepocs", "memtas", "veeam", "svc$", "backup", "sql", "vss", "msexchange", "sql$", "mysql", "mysql$", "sophos", "MSExchange", "MSExchange$", "WSBExchange", "PDVFSService", "BackupExecVSSProvider", "BackupExecAgentAccelerator", "BackupExecAgentBrowser", "BackupExecDiveciMediaService", "BackupExecJobuser", "BackupExecManagementService", "BackupExecRPCService", "GxBlr", "GxVss", "GxClMgrS", "GxCVD", "GxCIMgr", "GXMMM", "GxVssHWProv", "GxFWD", "SAPService", "SAP", "SAP$", "SAPD$", "SAPHostControl", "SAPHostExec", "QBCFMonitorService", "QBDBMgrN", "QBIDPService", "AcronisAgent", "VeeamNFSSvc", "VeeamDeploymentService", "VeeamTransportSvc", "MVArmor", "MVarmor64", "VSNAPVSS", "AcrSch2Svc"], "kill_processes": ["agntsvc", "dbeng50", "dbsnmp", "encsvc", "excel", "firefox", "infopath", "isqlplussvc", "msaccess", "mspub", "mydesktopqos", "mydesktopservice", "notepad", "ocautoupds", "ocomm", "ocssd", "onenote", "oracle", "outlook", "powerpnt", "sqbcoreservice", "sql", "steam", "synctime", "tbirdconfig", "thebat", "thunderbird", "visio", "winword", "wordpad", "xfssvccon", "*sql*", "bedbh", "vxmon", "benetns", "bengien", "pvlsvr", "beserver", "raw_agent_svc", "vsnapvss", "CagService", "QBIDPService", "QBDBMgrN", "QBCFMonitorService", "SAP", "TeamViewer_Service", "TeamViewer", "tv_w32", "tv_x64", "CVMountd", "cvd", "cvfwd", "CVODS", "saphostexec", "saposcol", "sapstartsrv", "avagent", "avscc", "DellSystemDetect", "EnterpriseClient", "VeeamNFSSvc", "VeeamTransportSvc", "VeeamDeploymentSvc"], "exclude_directory_names": ["system volume information", "intel", "$windows.~ws", "application data", "$recycle.bin", "mozilla", "$windows.~bt", "public", "msocache", "windows", "default", "all users", "tor browser", "programdata", "boot", "config.msi", "google", "perflogs", "appdata", "windows.old"], "exclude_file_names": ["desktop.ini", "autorun.inf", "ntldr", "bootsect.bak", "thumbs.db", "boot.ini", "ntuser.dat", "iconcache.db", "bootfont.bin", "ntuser.ini", "ntuser.dat.log"], "exclude_file_extensions": ["themepack", "nls", "diagpkg", "msi", "lnk", "exe", "cab", "scr", "bat", "drv", "rtp", "msp", "prf", "msc", "ico", "key", "ocx", "diagcab", "diagcfg", "pdb", "wpx", "hlp", "icns", "rom", "dll", "msstyles", "mod", "ps1", "ics", "hta", "bin", "cmd", "ani", "386", "lock", "cur", "idx", "sys", "com", "deskthemepack", "shs", "ldf", "theme", "mpa", "nomedia", "spl", "cpl", "adv", "icl", "msu"], "exclude_file_path_wildcard": [], "enable_network_discovery": true, "enable_self_propagation": true, "enable_set_wallpaper": true, "enable_esxi_vm_kill": true, "enable_esxi_vm_snapshot_kill": true, "strict_include_paths": [], "esxi_vm_kill_exclude": []}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
build.exeJoeSecurity_BlackCatYara detected BlackCat RansomwareJoe Security
    build.exeINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
    • 0x2c62b4:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
    • 0x2da230:$s1: CoGetObject
    • 0x2c6278:$s2: Elevation:Administrator!new:
    build.exeINDICATOR_SUSPICOUS_EXE_References_VEEAMDetects executables containing many references to VEEAM. Observed in ransomwareunknown
    • 0x2060f7:$s1: VeeamNFSSvc
    • 0x206410:$s1: VeeamNFSSvc
    • 0x20611e:$s9: VeeamTransportSvc
    • 0x20641e:$s9: VeeamTransportSvc
    • 0x206105:$s10: VeeamDeploymentService

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000002.370213883.000000000098A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BlackCatYara detected BlackCat RansomwareJoe Security
      00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_BlackCatYara detected BlackCat RansomwareJoe Security
        00000001.00000000.368462823.00000000005F1000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_BlackCatYara detected BlackCat RansomwareJoe Security
          Process Memory Space: build.exe PID: 6328JoeSecurity_BlackCatYara detected BlackCat RansomwareJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.build.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
            • 0x2c62b4:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
            • 0x2da230:$s1: CoGetObject
            • 0x2c6278:$s2: Elevation:Administrator!new:
            1.2.build.exe.400000.0.unpackINDICATOR_SUSPICOUS_EXE_References_VEEAMDetects executables containing many references to VEEAM. Observed in ransomwareunknown
            • 0x2060f7:$s1: VeeamNFSSvc
            • 0x206410:$s1: VeeamNFSSvc
            • 0x20611e:$s9: VeeamTransportSvc
            • 0x20641e:$s9: VeeamTransportSvc
            • 0x206105:$s10: VeeamDeploymentService
            1.0.build.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
            • 0x2c62b4:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
            • 0x2da230:$s1: CoGetObject
            • 0x2c6278:$s2: Elevation:Administrator!new:
            1.0.build.exe.400000.0.unpackINDICATOR_SUSPICOUS_EXE_References_VEEAMDetects executables containing many references to VEEAM. Observed in ransomwareunknown
            • 0x2060f7:$s1: VeeamNFSSvc
            • 0x206410:$s1: VeeamNFSSvc
            • 0x20611e:$s9: VeeamTransportSvc
            • 0x20641e:$s9: VeeamTransportSvc
            • 0x206105:$s10: VeeamDeploymentService

            Sigma Signatures

            No Sigma rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: build.exeAvira: detected
            Found malware configuration
            Source: build.exeMalware Configuration Extractor: BlackCat {"config_id": "", "public_key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkOBBovKJud3BzJyaBY2tik4hSIRHS6tHvupmLHLbnNkVD6aIksfd/L+EvWdS8AQyQ/L0/NdyLpubkySYLd6zI0mFNMIvwaBdnePbog2OVIRB/BkMUo0G0xfnjpVj+CPOIm1ougYn/1OJL8xP+ryPptxtAZLBU9aEZMk2IeQNNYsWIz2AfXgmkQ+6l+Zc42aqru3ne9nAX6jR9JvavSYjJ6Srk6EX8tPb1JGu1hjXKDoGC6HpvxNhvUTjIu94y/2A9NU805lrINdmq0YSKEB4M5uEc+lm/Vq+8o+HqambGA3dQkGl7kSzgm8zO0sIegg/rKKxra1UtNdhcrRFNo3TwIDAQAB", "extension": "4v9zkhj", "note_file_name": "RECOVER-${EXTENSION}-FILES.txt", "note_full_text": ">> What happened?\n\nImportant files on your network was ENCRYPTED and now they have \"${EXTENSION}\" extension.\nIn order to recover your files you need to follow instructions below.\n\n>> Sensitive Data\n\nSensitive data on your network was DOWNLOADED.\nIf you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.\n\nData includes:\n- Employees personal data, CVs, DL, SSN.\n- Complete network map including credentials for local and remote services.\n- Private financial information including: clients data, bills, budgets, annual reports, bank statements.\n- Manufacturing documents including: datagrams, schemas, drawings in solidworks format\n- And more...\n\n>> CAUTION\n\nDO NOT MODIFY ENCRYPTED FILES YOURSELF.\nDO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA.\nYOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.\n\n>> What should I do next?\n\n1) Download and install Tor Browser from: https://torproject.org/\n2) Navigate to: http://xnffv7gqnvmhbo6abr5ctt6go2zzcbefuhjqbq6ijczpwjn2nmkhzsad.onion/?access-key=${ACCESS_KEY}", "note_short_text": "Important files on your network was DOWNLOADED and ENCRYPTED.\nSee \"${NOTE_FILE_NAME}\" file to get further instructions.", "default_file_mode": "Auto", "default_file_cipher": "Best", "credentials": [], "kill_services": ["mepocs", "memtas", "veeam", "svc$", "backup", "sql", "vss", "msexchange", "sql$", "mysql", "mysql$", "sophos", "MSExchange", "MSExchange$", "WSBExchange", "PDVFSService", "BackupExecVSSProvider", "BackupExecAgentAccelerator", "BackupExecAgentBrowser", "BackupExecDiveciMediaService", "BackupExecJobuser", "BackupExecManagementService", "BackupExecRPCService", "GxBlr", "GxVss", "GxClMgrS", "GxCVD", "GxCIMgr", "GXMMM", "GxVssHWProv", "GxFWD", "SAPService", "SAP", "SAP$", "SAPD$", "SAPHostControl", "SAPHostExec", "QBCFMonitorService", "QBDBMgrN", "QBIDPService", "AcronisAgent", "VeeamNFSSvc", "VeeamDeploymentService", "VeeamTransportSvc", "MVArmor", "MVarmor64", "VSNAPVSS", "AcrSch2Svc"], "kill_processes": ["agntsvc", "dbeng50", "dbsnmp", "encsvc", "excel", "firefox", "infopath", "isqlplussvc", "msaccess", "mspub", "mydesktopqos", "mydesktopservice", "notepad", "ocautoupds", "ocomm", "ocssd", "onenote", "oracle", "outlook", "powerpnt", "sqbcoreservice", "sql", "steam", "synctime", "tbirdconfig", "thebat", "thunderbird", "visio", "winword", "wordpad", "xfssvccon", "*sql*", "bedbh", "vxmon", "benetns", "bengien", "pvlsvr", "beserver", "ra
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005DA7E0 TlsGetValue,TlsGetValue,TlsGetValue,GetProcessHeap,HeapAlloc,TlsSetValue,BCryptGenRandom,TlsGetValue,GetLastError,TlsSetValue,HeapFree,TlsSetValue,1_2_005DA7E0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00405AD0 BCryptGenRandom,GetProcessHeap,HeapAlloc,HeapFree,1_2_00405AD0
            Source: build.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: build.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT

            Networking

            barindex
            Found Tor onion address
            Source: build.exeString found in binary or memory: A.\nYOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.\n\n>> What should I do next?\n\n1) Download and install Tor Browser from: https://torproject.org/\n2) Navigate to: http://xnffv7gqnvmhbo6abr5ctt6go2zzcbefuhjqbq6ijczpwjn2nmkhzsad.onion/?acce
            Source: build.exeString found in binary or memory: http://xnffv7gqnvmhbo6abr5ctt6go2zzcbefuhjqbq6ijczpwjn2nmkhzsad.onion/?acce
            Source: build.exeString found in binary or memory: https://github.com/clap-rs/clap/issues
            Source: build.exeString found in binary or memory: https://github.com/rust-lang/rust/issues/39364
            Source: build.exeString found in binary or memory: https://torproject.org/

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Yara detected BlackCat Ransomware
            Source: Yara matchFile source: build.exe, type: SAMPLE
            Source: Yara matchFile source: 00000001.00000002.370213883.000000000098A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000000.368462823.00000000005F1000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: build.exe PID: 6328, type: MEMORYSTR
            Deletes shadow drive data (may be related to ransomware)
            Source: build.exeBinary or memory string: locker::core::os::windows::recycle_binsrc/core/os/windows/recycle_bin.rsvssadmin.exe Delete Shadows /all /quietshadow_copy::remove_all_vss=
            Source: build.exe, 00000001.00000000.368462823.00000000005F1000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: locker::core::os::windows::recycle_binsrc/core/os/windows/recycle_bin.rsvssadmin.exe Delete Shadows /all /quietshadow_copy::remove_all_vss=
            Source: build.exe, 00000001.00000000.368462823.00000000005F1000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: locker::core::os::windows::recycle_binsrc/core/os/windows/recycle_bin.rsvssadmin.exe Delete Shadows /all /quietshadow_copy::remove_all_vss=[
            Source: build.exeBinary or memory string: locker::core::os::windows::recycle_binsrc/core/os/windows/recycle_bin.rsvssadmin.exe Delete Shadows /all /quietshadow_copy::remove_all_vss=
            Source: build.exeBinary or memory string: locker::core::os::windows::recycle_binsrc/core/os/windows/recycle_bin.rsvssadmin.exe Delete Shadows /all /quietshadow_copy::remove_all_vss=[

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: build.exe, type: SAMPLEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
            Source: build.exe, type: SAMPLEMatched rule: Detects executables containing many references to VEEAM. Observed in ransomware Author: unknown
            Source: 1.2.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
            Source: 1.2.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing many references to VEEAM. Observed in ransomware Author: unknown
            Source: 1.0.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
            Source: 1.0.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing many references to VEEAM. Observed in ransomware Author: unknown
            Source: build.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: build.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
            Source: build.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICOUS_EXE_References_VEEAM description = Detects executables containing many references to VEEAM. Observed in ransomware
            Source: 1.2.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
            Source: 1.2.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICOUS_EXE_References_VEEAM description = Detects executables containing many references to VEEAM. Observed in ransomware
            Source: 1.0.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
            Source: 1.0.build.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICOUS_EXE_References_VEEAM description = Detects executables containing many references to VEEAM. Observed in ransomware
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004248401_2_00424840
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004560501_2_00456050
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005930701_2_00593070
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004608101_2_00460810
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005E98301_2_005E9830
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0059C0C01_2_0059C0C0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004358F01_2_004358F0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004188801_2_00418880
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0040A8B01_2_0040A8B0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004299401_2_00429940
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004239601_2_00423960
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004341601_2_00434160
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004361201_2_00436120
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004481201_2_00448120
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0045B1301_2_0045B130
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004609F01_2_004609F0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005ED1981_2_005ED198
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004161901_2_00416190
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0042D1B41_2_0042D1B4
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004552401_2_00455240
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0040FA601_2_0040FA60
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004542101_2_00454210
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0040BA301_2_0040BA30
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00419AD01_2_00419AD0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005832C01_2_005832C0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0045A2E01_2_0045A2E0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005ED2981_2_005ED298
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005963401_2_00596340
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004F43501_2_004F4350
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0041BB601_2_0041BB60
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0045BB301_2_0045BB30
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004083D01_2_004083D0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00404B801_2_00404B80
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004563801_2_00456380
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004F7B991_2_004F7B99
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0040EBB01_2_0040EBB0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00418C201_2_00418C20
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005DDC301_2_005DDC30
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004184C01_2_004184C0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00417CC01_2_00417CC0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0043B4801_2_0043B480
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00463CA01_2_00463CA0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0045C4B01_2_0045C4B0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005E84A01_2_005E84A0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00456D641_2_00456D64
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00404D001_2_00404D00
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005DBD001_2_005DBD00
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0052DD301_2_0052DD30
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00462D301_2_00462D30
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004485801_2_00448580
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004415801_2_00441580
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005E95901_2_005E9590
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00412D991_2_00412D99
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00439E601_2_00439E60
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00570E701_2_00570E70
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005D9E601_2_005D9E60
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004126001_2_00412600
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004386101_2_00438610
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005C56301_2_005C5630
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005EC6D01_2_005EC6D0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0040D6801_2_0040D680
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004426B01_2_004426B0
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0040FF401_2_0040FF40
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00404F401_2_00404F40
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004147601_2_00414760
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005827601_2_00582760
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_0041FFC01_2_0041FFC0
            Source: C:\Users\user\Desktop\build.exeCode function: String function: 00456690 appears 87 times
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005C5500: GetFileInformationByHandle,memset,DeviceIoControl,GetLastError,GetLastError,1_2_005C5500
            Source: build.exeStatic PE information: Section: .text IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\build.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: build.exeString found in binary or memory: {before-help}{bin} {version} {author-section}{about-section} {usage-heading} {usage} {all-args}{after-help}/cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0-beta.5/src/output/help.rs{before-help}{bin} {version} {author-section}{about-section} {us
            Source: build.exeString found in binary or memory: author-section}about}about-with-newline}about-section}usage-heading}usage}all-args}options}positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: about-section}usage-heading}usage}all-args}options}positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: version}author}author-with-newline}author-section}about}about-with-newline}about-section}usage-heading}usage}all-args}options}positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: before-help}
            Source: build.exeString found in binary or memory: after-help}before-help}
            Source: build.exeString found in binary or memory: all-args}options}positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: usage-heading}usage}all-args}options}positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: cmd.exe /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"iisreset.exe /stop
            Source: build.exeString found in binary or memory: cmd.exe /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"iisreset.exe /stop
            Source: build.exeString found in binary or memory: /cargo/registry/src/github.com-1ecc6299db9ec823/num-bigint-dig-0.7.0/src/algorithms/add.rs
            Source: build.exeString found in binary or memory: --helpDumpStack.log.tmppagefile.sysswapfile.sys
            Source: build.exeString found in binary or memory: --helpDumpStack.log.tmppagefile.sysswapfile.sys
            Source: build.exeString found in binary or memory: {before-help}{bin} {version}{author-section}{about-section}{usage-heading} {usage}{all-args}{after-help}/cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0-beta.5/src/output/help.rs{before-help}{bin} {version}{author-section}{about-section}{us
            Source: build.exeString found in binary or memory: {before-help}{bin} {version}
            Source: build.exeString found in binary or memory: {all-args}{after-help}/cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0-beta.5/src/output/help.rs{before-help}{bin} {version}
            Source: build.exeString found in binary or memory: {usage}{after-help}
            Source: build.exeString found in binary or memory: T{before-help}{bin} {version}
            Source: build.exeString found in binary or memory: version}author}author-with-newline}author-section}about}about-with-newline}about-section}usage-heading}usage}all-args}options}positionals}subcommands}after-help}before-help}
            Source: build.exeString found in binary or memory: --helpDumpStack.log.tmppagefile.sysswapfile.sys
            Source: build.exeString found in binary or memory: --helpDumpStack.log.tmppagefile.sysswapfile.sys
            Source: build.exeString found in binary or memory: 3Z--helpDumpStack.log.tmppagefile.sysswapfile.sys
            Source: build.exeString found in binary or memory: 3Z--helpDumpStack.log.tmppagefile.sysswapfile.sys
            Source: build.exeString found in binary or memory: cmd.exe /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"iisreset.exe /stop
            Source: build.exeString found in binary or memory: cmd.exe /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"iisreset.exe /stop
            Source: build.exeString found in binary or memory: Ocmd.exe /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"iisreset.exe /stop
            Source: build.exeString found in binary or memory: Ocmd.exe /c for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"iisreset.exe /stop
            Source: build.exeString found in binary or memory: /cargo/registry/src/github.com-1ecc6299db9ec823/num-bigint-dig-0.7.0/src/algorithms/add.rs
            Source: build.exeString found in binary or memory: /cargo/registry/src/github.com-1ecc6299db9ec823/num-bigint-dig-0.7.0/src/algorithms/add.rsd2gZ
            Source: classification engineClassification label: mal80.rans.evad.winEXE@1/0@0/0
            Source: build.exeStatic file information: File size 2996224 > 1048576
            Source: build.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: build.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1ee200
            Source: build.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
            Source: build.exeStatic PE information: real checksum: 0x2e8325 should be: 0x2de88b
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005EEBB0 push dword ptr [eax+04h]; ret 1_2_005EEBDF
            Source: build.exeStatic PE information: section name: .eh_fram
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00401500 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00401500
            Source: C:\Users\user\Desktop\build.exeAPI coverage: 1.0 %
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_004F7B99 GetSystemInfo,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapAlloc,memcpy,memcpy,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,HeapFree,memset,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,CloseHandle,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,CloseHandle,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,CloseHandle,1_2_004F7B99
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_00401500 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00401500
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005DD5A0 HeapReAlloc,RtlReAllocateHeap,HeapAlloc,GetProcessHeap,HeapAlloc,memcpy,HeapFree,GetProcessHeap,HeapAlloc,1_2_005DD5A0
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\build.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\build.exeCode function: 1_2_005EDCE0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_005EDCE0

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts2
            Command and Scripting Interpreter            		Path InterceptionPath Interception1
            Disable or Modify Tools            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium2
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts1
            Native API            		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            Security Software Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Proxy            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
            Obfuscated Files or Information            		Security Account Manager3
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            File Deletion            		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            build.exe100%AviraTR/Ransom.apvqw

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://xnffv7gqnvmhbo6abr5ctt6go2zzcbefuhjqbq6ijczpwjn2nmkhzsad.onion/?acce0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://xnffv7gqnvmhbo6abr5ctt6go2zzcbefuhjqbq6ijczpwjn2nmkhzsad.onion/?accebuild.exetrue
            • Avira URL Cloud: safe
            		unknown
            https://github.com/clap-rs/clap/issuesbuild.exefalse
              		high
              https://github.com/rust-lang/rust/issues/39364build.exefalse
                		high
                https://torproject.org/build.exefalse
                  		high

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox Version:34.0.0 Boulder Opal
                  Analysis ID:588110
                  Start date:13.03.2022
                  Start time:18:14:20
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 8m 6s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Sample file name:build.exe
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal80.rans.evad.winEXE@1/0@0/0
                  EGA Information:
                  • Successful, ratio: 100%
                  HDC Information:Failed
                  HCA Information:Failed
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing disassembly code.

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Entropy (8bit):6.706135342261108
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:build.exe
                  File size:2996224
                  MD5:29fa3f046d74ecb98b88f2db96b69856
                  SHA1:cef05eec8df455e3ab98c81527622cc7426b4973
                  SHA256:66f48ee8e668dc77d5a87585f16c870e6232d1340e8cf093f536c5340891936b
                  SHA512:d7fd73c4b2989359dde589968785ad466428813faa71ef8972ecbe23355b41b367e1ee1c246d22a8ac636afdd71639a40c2607dc8a63603713eea25fbf382ed3
                  SSDEEP:49152:0nD+4ZGKs6mI3TpA6VT+6dB2ars/YdN+/RgaJ2wgI:6DHdr7pV9tjw/5vwwgI
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i..b........../...........-...................@.......................... ......%.....@... ............................

                  File Icon

                  Icon Hash:00828e8e8686b000

                  Static PE Info

                  General

                  Entrypoint:0x4014c0
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                  Time Stamp:0x6216A169 [Wed Feb 23 21:04:41 2022 UTC]
                  TLS Callbacks:0x5ab160, 0x5ede70, 0x5ede20
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:676f66b42797477a467945daedd979f3

                  Entrypoint Preview

                  Instruction
                  sub esp, 0Ch
                  mov dword ptr [006DD558h], 00000001h
                  call 00007F0690E1CC53h
                  add esp, 0Ch
                  jmp 00007F0690C300DBh
                  lea esi, dword ptr [esi+00000000h]
                  sub esp, 0Ch
                  mov dword ptr [006DD558h], 00000000h
                  call 00007F0690E1CC33h
                  add esp, 0Ch
                  jmp 00007F0690C300BBh
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  push ebp
                  mov ebp, esp
                  push edi
                  push esi
                  push ebx
                  sub esp, 1Ch
                  mov dword ptr [esp], 005F1000h
                  call dword ptr [006DE604h]
                  sub esp, 04h
                  test eax, eax
                  je 00007F0690C304B5h
                  mov ebx, eax
                  mov dword ptr [esp], 005F1000h
                  call dword ptr [006DE650h]
                  sub esp, 04h
                  mov edi, dword ptr [006DE610h]
                  mov dword ptr [006DD598h], eax
                  mov dword ptr [esp+04h], 005F1013h
                  mov dword ptr [esp], ebx
                  call edi
                  sub esp, 08h
                  mov esi, eax
                  mov dword ptr [esp+04h], 005F1029h
                  mov dword ptr [esp], ebx
                  call edi
                  sub esp, 08h
                  mov dword ptr [005F0004h], eax
                  test esi, esi
                  je 00007F0690C30453h
                  mov dword ptr [esp+04h], 006DD01Ch
                  mov dword ptr [esp], 006C9000h
                  call esi
                  mov dword ptr [esp], 004015B0h
                  call 00007F0690E1CAC3h
                  lea esp, dword ptr [ebp-0Ch]
                  pop ebx
                  pop esi

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2de0000x1b90.idata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x2e10040x18.tls
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x2de4bc0x390.idata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x1ee17c0x1ee200False0.506830749589data6.40915323577IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .data0x1f00000x1200x200False0.2265625data1.3119915749IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .rdata0x1f10000xd7de40xd7e00False0.646803298712data6.92424259845IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .eh_fram0x2c90000x130bc0x13200False0.278722426471data4.80965066267IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .bss0x2dd0000x5ac0x0False0empty0.0IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .idata0x2de0000x1b900x1c00False0.377650669643data5.43252278903IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .CRT0x2e00000x580x200False0.130859375data0.704214402219IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                  .tls0x2e10000x200x200False0.056640625data0.190488766435IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

                  Imports

                  DLLImport
                  KERNEL32.dllFillConsoleOutputAttribute, FillConsoleOutputCharacterA, SetConsoleCursorPosition
                  ntdll.dllNtOpenProcessToken, NtQueryInformationToken, RtlCaptureContext
                  advapi32.dllAdjustTokenPrivileges, CloseServiceHandle, ControlService, CreateProcessWithLogonW, EnumDependentServicesW, EnumServicesStatusExW, GetUserNameW, LookupPrivilegeValueW, OpenProcessToken, OpenSCManagerW, OpenServiceW, QueryServiceStatusEx, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW
                  ole32.dllCoGetObject, CoInitializeEx, CoUninitialize
                  kernel32.dllAcquireSRWLockExclusive, AcquireSRWLockShared, AddVectoredExceptionHandler, AttachConsole, CancelIo, CloseHandle, CompareStringOrdinal, CopyFileExW, CreateEventW, CreateFileMappingA, CreateFileW, CreateMutexA, CreateNamedPipeW, CreatePipe, CreateProcessW, CreateThread, CreateToolhelp32Snapshot, DeleteFileW, DeviceIoControl, DuplicateHandle, EnterCriticalSection, ExitProcess, FileTimeToSystemTime, FindClose, FindFirstFileW, FindFirstVolumeW, FindNextFileW, FindNextVolumeW, FindVolumeClose, FormatMessageW, FreeConsole, FreeEnvironmentStringsW, FreeLibrary, GetCommandLineW, GetComputerNameExW, GetComputerNameW, GetConsoleMode, GetConsoleScreenBufferInfo, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFinalPathNameByHandleW, GetFullPathNameW, GetLastError, GetLogicalDrives, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOverlappedResult, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetTimeZoneInformation, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryW, HeapAlloc, HeapFree, HeapReAlloc, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, MapViewOfFile, Module32FirstW, Module32NextW, MoveFileExW, OpenProcess, Process32FirstW, Process32NextW, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleW, ReadFile, ReadProcessMemory, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, SetConsoleCursorInfo, SetConsoleMode, SetConsoleTextAttribute, SetFileAttributesW, SetFileInformationByHandle, SetFilePointerEx, SetHandleInformation, SetLastError, SetThreadStackGuarantee, SetUnhandledExceptionFilter, SetVolumeMountPointW, Sleep, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UnmapViewOfFile, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, Wow64DisableWow64FsRedirection, WriteConsoleW, WriteFile, lstrlenW
                  ws2_32.dllWSACleanup, WSAGetLastError, WSASocketW, WSAStartup, bind, closesocket, connect, freeaddrinfo, getaddrinfo, ioctlsocket, recv, recvfrom, send, sendto, setsockopt
                  userenv.dllGetUserProfileDirectoryW
                  bcrypt.dllBCryptGenRandom
                  user32.dllSystemParametersInfoW
                  rstrtmgr.dllRmEndSession, RmGetList, RmRegisterResources, RmStartSession
                  shell32.dllSHTestTokenMembership
                  netapi32.dllNetApiBufferFree, NetServerEnum, NetShareEnum
                  KERNEL32.dllDeleteCriticalSection, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, VirtualProtect, VirtualQuery
                  msvcrt.dll__dllonexit, __getmainargs, __initenv, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _fpreset, _initterm, _iob, _lock, _onexit, _unlock, calloc, ceil, exit, fprintf, free, fwrite, malloc, memcmp, memcpy, memmove, memset, signal, strlen, strncmp, _wcsicmp, abort, atexit, vfprintf, wcscat, wcscat_s, wcscpy, wcscpy_s, wcslen

                  Network Behavior

                  No network behavior found

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:1
                  Start time:18:15:33
                  Start date:13/03/2022
                  Path:C:\Users\user\Desktop\build.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\build.exe"
                  Imagebase:0x400000
                  File size:2996224 bytes
                  MD5 hash:29FA3F046D74ECB98B88F2DB96B69856
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_BlackCat, Description: Yara detected BlackCat Ransomware, Source: 00000001.00000002.370213883.000000000098A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_BlackCat, Description: Yara detected BlackCat Ransomware, Source: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_BlackCat, Description: Yara detected BlackCat Ransomware, Source: 00000001.00000000.368462823.00000000005F1000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                  Reputation:low

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:0.9%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:19%
                    Total number of Nodes:116
                    Total number of Limit Nodes:3
                    execution_graph 25622 412c40 140 API calls 25678 410f40 139 API calls 25680 411144 memcpy 25681 5dcd50 15 API calls 25682 402d50 145 API calls 25686 456d50 141 API calls 25625 567440 9 API calls 25626 462650 159 API calls 25627 481250 FreeConsole 25688 423960 144 API calls 25628 440860 163 API calls 25629 461c60 144 API calls 25689 553d7d 142 API calls 25630 401e70 HeapFree 25693 401500 8 API calls 25694 403700 153 API calls 25695 464700 137 API calls 25634 454210 286 API calls 25635 405c20 191 API calls 25637 403e20 137 API calls 25638 41b620 147 API calls 25701 42cf20 137 API calls 25639 461420 160 API calls 25641 403c30 139 API calls 25642 40ba30 146 API calls 25702 401f30 138 API calls 25643 418430 138 API calls 25644 5cc420 150 API calls 25645 4014c0 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 25646 444ac0 161 API calls 25649 405ad0 140 API calls 25650 4022d0 141 API calls 25610 4151d0 25611 4151dc 25610->25611 25615 415224 25610->25615 25613 5dd5a0 8 API calls 25611->25613 25613->25615 25614 41524c 25620 40a490 136 API calls 25614->25620 25615->25614 25616 41522d 25615->25616 25619 40a470 136 API calls 25615->25619 25618 415256 25619->25614 25620->25618 25651 4146d0 139 API calls 25554 5013f0 25555 501448 25554->25555 25556 5013fc 25554->25556 25559 501470 25555->25559 25560 501451 25555->25560 25602 40a470 136 API calls 25555->25602 25586 5dd5a0 25556->25586 25603 40a490 136 API calls 25559->25603 25562 50147a 25563 5014d6 25562->25563 25565 5dd5a0 8 API calls 25562->25565 25566 5014fe 25563->25566 25567 5014df 25563->25567 25604 40a470 136 API calls 25563->25604 25565->25563 25605 40a490 136 API calls 25566->25605 25569 501508 25570 501564 25569->25570 25573 5dd5a0 8 API calls 25569->25573 25572 50158f 25570->25572 25574 50156d 25570->25574 25606 40a470 136 API calls 25570->25606 25607 40a490 136 API calls 25572->25607 25573->25570 25576 501599 25579 5dd5a0 8 API calls 25576->25579 25581 5015f4 25576->25581 25578 50161c 25609 40a490 136 API calls 25578->25609 25579->25581 25581->25578 25582 5015fd 25581->25582 25608 40a470 136 API calls 25581->25608 25583 501626 25584 501634 HeapFree 25583->25584 25585 501646 25583->25585 25584->25585 25587 5dd5b0 25586->25587 25594 5dd5e8 25586->25594 25588 5dd5fc 25587->25588 25589 5dd5c6 25587->25589 25587->25594 25592 5dd60d 25588->25592 25593 5dd6a2 GetProcessHeap 25588->25593 25588->25594 25590 5dd639 25589->25590 25591 5dd5cb HeapReAlloc 25589->25591 25597 5dd658 HeapAlloc 25590->25597 25598 5dd642 GetProcessHeap 25590->25598 25591->25594 25595 5dd6bd HeapAlloc 25592->25595 25596 5dd616 HeapAlloc 25592->25596 25593->25592 25593->25594 25594->25555 25595->25594 25601 5dd62d 25595->25601 25596->25594 25596->25601 25597->25594 25600 5dd66e memcpy HeapFree 25597->25600 25598->25594 25599 5dd653 25598->25599 25599->25597 25600->25594 25601->25594 25602->25559 25603->25562 25604->25566 25605->25569 25606->25572 25607->25576 25608->25578 25609->25583 25654 406ae0 139 API calls 25656 41b8e0 575 API calls 25711 5cd3f0 146 API calls 25658 5dc6f0 138 API calls 25659 4376f0 173 API calls 25713 4615f0 164 API calls 25662 407480 150 API calls 25663 406880 138 API calls 25665 40f680 143 API calls 25714 406980 136 API calls 25715 40b580 137 API calls 25716 406380 157 API calls 25717 401b80 142 API calls 25718 412d80 138 API calls 25719 460d80 160 API calls 25666 403890 159 API calls 25668 40ea90 146 API calls 25721 402b90 155 API calls 25722 462590 149 API calls 25723 4f7b99 270 API calls 25724 4035a0 151 API calls 25671 4586a0 138 API calls 25672 4614a0 163 API calls 25725 4015b0 FreeLibrary 25674 4340b0 144 API calls 25675 4474b0 173 API calls 25726 4f75b0 AttachConsole

                    Executed Functions

                    Function 005DA7E0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 138memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • TlsGetValue.KERNEL32(0000001C), ref: 005DA7F4
                    • TlsGetValue.KERNEL32(00000000), ref: 005DA80B
                    • TlsGetValue.KERNEL32(0000001C,00000000), ref: 005DA833
                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 005DA850
                    • HeapAlloc.KERNEL32(?,00000000,00000020,00000000,00000000), ref: 005DA867
                    • TlsSetValue.KERNEL32(0000001C,00000000,?,00000000,00000020,00000000,00000000), ref: 005DA89F
                    • BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002,00000000,00000000), ref: 005DA8B7
                    • TlsGetValue.KERNEL32(00000000,00000000), ref: 005DA8E6
                    • GetLastError.KERNEL32(00000000,?,00000010,00000002,00000000,00000000), ref: 005DA8FE
                    • TlsSetValue.KERNEL32(00000000,00000001,00000000,00000100), ref: 005DA98B
                    • HeapFree.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000100), ref: 005DA999
                    • TlsSetValue.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000100), ref: 005DA9AE
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Value$Heap$AllocCryptErrorFreeLastProcessRandom
                    • String ID: bl
                    • API String ID: 3901418713-1169724770
                    • Opcode ID: e905c4b8cbd53edf467328fbf4273736bd3e45973517cf0b1f9bd24e77a4d24a
                    • Instruction ID: 9137e19786dcb750c1d1124ecc66f68cdebda08e7df89e9c6fe0a9bdfe7da2e2
                    • Opcode Fuzzy Hash: e905c4b8cbd53edf467328fbf4273736bd3e45973517cf0b1f9bd24e77a4d24a
                    • Instruction Fuzzy Hash: 9541BB70A013469BD724AF65CC09B6B7FE8FF84304F04451AF984E7392EB75E94187A2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005DD5A0 Relevance: 10.1, APIs: 8, Instructions: 127memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 38 5dd5a0-5dd5ae 39 5dd5ed-5dd5f2 38->39 40 5dd5b0-5dd5b7 38->40 42 5dd5f5-5dd5f7 39->42 41 5dd5b9-5dd5be 40->41 40->42 43 5dd5fc-5dd5fe 41->43 44 5dd5c0-5dd5c4 41->44 45 5dd6f1-5dd6fd 42->45 47 5dd600-5dd607 43->47 48 5dd632-5dd634 43->48 44->43 46 5dd5c6-5dd5c9 44->46 49 5dd639-5dd640 46->49 50 5dd5cb-5dd5e2 HeapReAlloc 46->50 51 5dd60d-5dd610 47->51 52 5dd6a2-5dd6ad GetProcessHeap 47->52 53 5dd6e0-5dd6e7 48->53 59 5dd658-5dd66c HeapAlloc 49->59 60 5dd642-5dd64d GetProcessHeap 49->60 50->53 56 5dd5e8 50->56 57 5dd6bd-5dd6cf HeapAlloc 51->57 58 5dd616-5dd627 HeapAlloc 51->58 54 5dd6af-5dd6b7 52->54 55 5dd6e9-5dd6ec 52->55 53->45 54->57 54->58 55->45 56->55 57->55 63 5dd6d1-5dd6dc 57->63 58->53 64 5dd62d 58->64 59->55 62 5dd66e-5dd6a0 memcpy HeapFree 59->62 60->55 61 5dd653 60->61 61->59 62->53 63->53 64->55
                    APIs
                    • HeapReAlloc.KERNEL32(00000000,?,00000004,00000004,?,00000004,00000000,?,005015F4), ref: 005DD5D7
                    • HeapAlloc.KERNEL32(00000000,00000000,00000004,00000004,?,00000004,00000000,?,005015F4,00000000,?,00000004,00000004), ref: 005DD61C
                    • GetProcessHeap.KERNEL32(00000004,?,00000004,00000000,?,005015F4), ref: 005DD644
                    • HeapAlloc.KERNEL32(?,00000000,?,00000004,?,00000004,00000000,?,005015F4), ref: 005DD662
                    • memcpy.MSVCRT ref: 005DD685
                    • HeapFree.KERNEL32(00000000,?,?,00000004,00000004), ref: 005DD698
                    • GetProcessHeap.KERNEL32(00000004,?,00000004,00000000,?,005015F4,00000000,?,00000004,00000004), ref: 005DD6A4
                    • HeapAlloc.KERNEL32(00000000,00000000,?,00000004,?,00000004,00000000,?,005015F4,00000000,?,00000004,00000004), ref: 005DD6C6
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Alloc$Process$Freememcpy
                    • String ID:
                    • API String ID: 4102440617-0
                    • Opcode ID: 8a891c19879f363900dfccca3f6d516a7ef370cad46127c636a0d20faadfcb57
                    • Instruction ID: 1193436bedf816ab85cf83b4c829841eee5298d51b5247fcc75a39f99df665cf
                    • Opcode Fuzzy Hash: 8a891c19879f363900dfccca3f6d516a7ef370cad46127c636a0d20faadfcb57
                    • Instruction Fuzzy Hash: 7F4142757403029BD7249FAEDC81B6BBBBAFB94350F14853BA9098B351EA74D840C7A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005D6F70 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 65 5d6f70-5d6f79 ExitProcess
                    APIs
                    • ExitProcess.KERNEL32(00000003,?,005D6F22,?,?,0047D490), ref: 005D6F74
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExitProcess
                    • String ID:
                    • API String ID: 621844428-0
                    • Opcode ID: ac5b9feee0f2076efad8373892dd508c165b07f5c63ab17762d7ff2a83da5e3f
                    • Instruction ID: 7e0603fb4f4460d439585c62c3ff6bcf055301b0a3915e18374622684cbb32bc
                    • Opcode Fuzzy Hash: ac5b9feee0f2076efad8373892dd508c165b07f5c63ab17762d7ff2a83da5e3f
                    • Instruction Fuzzy Hash:
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005013F0 Relevance: 1.5, APIs: 1, Instructions: 239memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 66 5013f0-5013fa 67 50146b-501470 call 40a470 66->67 68 5013fc-501434 66->68 75 501472-50148a call 40a490 67->75 69 501436-501439 68->69 70 50143b-501443 call 5dd5a0 68->70 69->70 74 501448-50144f 70->74 76 501451-501463 74->76 77 501464-501469 74->77 80 5014f9-5014fe call 40a470 75->80 81 50148c-5014c2 75->81 77->67 77->75 88 501500-50151a call 40a490 80->88 83 5014c4-5014c7 81->83 84 5014c9-5014dd call 5dd5a0 81->84 83->84 89 5014f2-5014f7 84->89 90 5014df-5014f1 84->90 93 50158a-50158f call 40a470 88->93 94 50151c-50154e 88->94 89->80 89->88 100 501591-5015aa call 40a490 93->100 96 501550-501553 94->96 97 501555-50156b call 5dd5a0 94->97 96->97 102 501583-501588 97->102 103 50156d-501582 97->103 106 501617-50161c call 40a470 100->106 107 5015ac-5015e0 100->107 102->93 102->100 113 50161e-501632 call 40a490 106->113 109 5015e2-5015e5 107->109 110 5015e7-5015fb call 5dd5a0 107->110 109->110 116 501610-501615 110->116 117 5015fd-50160f 110->117 119 501634-501645 HeapFree 113->119 120 501646 113->120 116->106 116->113 119->120
                    APIs
                    • HeapFree.KERNEL32(00000000), ref: 00501640
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: c17a6b61827b3efe857a716987b9f6d03bb094dcf3921b2f92011bda17f8e9aa
                    • Instruction ID: c10970a9db87d80faec3301cf90a2d42eb75822c68bfeda257bab14257005a8c
                    • Opcode Fuzzy Hash: c17a6b61827b3efe857a716987b9f6d03bb094dcf3921b2f92011bda17f8e9aa
                    • Instruction Fuzzy Hash: 7C711976F002159FDB18EF69C845A7EBBBAFFC4318F688029D90967381D631AC01CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 0042D1B4 Relevance: 196.9, APIs: 115, Strings: 13, Instructions: 4914memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?), ref: 004308E4
                    Strings
                    • help, xrefs: 0043062B
                    • >l, xrefs: 00432309
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0042FA60, 0042FB0E, 0042FD4E, 004305A4, 00430740, 00430856, 004310FC, 0043136E, 00431A02
                    • i{`, xrefs: 00432341
                    • Y_, xrefs: 004317EC, 004318A9
                    • Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues, xrefs: 00432248, 0043227D, 004322B5, 004322CE, 0043238E, 0043241C
                    • 'for<> as ::{shimclosure#]dyn + ; mut const unsafe extern ", xrefs: 00431113
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 0043243C
                    • dInvalid UTF-8 was detected in one or more arguments' allows at most occurrences, but provided, xrefs: 004311BF
                    • If App::_build hasn't been called, manually search through Arg shorts, xrefs: 00432337
                    • invalid raw bytesbyte index is not a valid boundary; it is inside U+ (bytes , xrefs: 00432358
                    • cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs, xrefs: 004322FF
                    • , xrefs: 00430B85
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: $'for<> as ::{shimclosure#]dyn + ; mut const unsafe extern "$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues$If App::_build hasn't been called, manually search through Arg shorts$a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs$cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs$dInvalid UTF-8 was detected in one or more arguments' allows at most occurrences, but provided$help$invalid raw bytesbyte index is not a valid boundary; it is inside U+ (bytes $i{`$>l$Y_
                    • API String ID: 3298025750-1114029384
                    • Opcode ID: 09945ef2411fa8afc10c8674c61707c264eca03e871cee64d0ed6693c10d9290
                    • Instruction ID: c5f1bf88f4202d861d6fdfb4e924ad9f89491bebf7b25e43a761ff2eefff3b95
                    • Opcode Fuzzy Hash: 09945ef2411fa8afc10c8674c61707c264eca03e871cee64d0ed6693c10d9290
                    • Instruction Fuzzy Hash: E8A38C71A083519FD724CF15C880BABB7E1FFD8304F548A2EE8899B361DB75A845CB46
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041BB60 Relevance: 125.2, APIs: 67, Strings: 15, Instructions: 2174COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • versionmodecipherprivate_keydata_sizechunk_sizefinished00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899Hash , xrefs: 0041D5B4, 0041D5C3
                    • i{`, xrefs: 0041E0C0
                    • >l, xrefs: 0041E101
                    • helpPrint help informationPrint version information/cargo/registry/src/github.com-1ecc6299db9ec823/indexmap-1.7.0/src/map.rs, xrefs: 0041D288, 0041D440
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0041D9AF
                    • sion, xrefs: 0041C00B
                    • sion, xrefs: 0041C037
                    • Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues, xrefs: 0041E082, 0041E0B6
                    • help, xrefs: 0041BCCE
                    • help, xrefs: 0041BD1E
                    • vers, xrefs: 0041C03C
                    • cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs, xrefs: 0041E0F7
                    • vers, xrefs: 0041C006
                    • Print this message or the help of the given subcommand(s), xrefs: 0041D7D4
                    • i{`, xrefs: 0041E08C
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcpymemmove
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues$Print this message or the help of the given subcommand(s)$cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs$help$help$helpPrint help informationPrint version information/cargo/registry/src/github.com-1ecc6299db9ec823/indexmap-1.7.0/src/map.rs$i{`$i{`$sion$sion$vers$vers$versionmodecipherprivate_keydata_sizechunk_sizefinished00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899Hash $>l
                    • API String ID: 167125708-3075466524
                    • Opcode ID: a82748fc17c1c0177fba07a8e834c77f8825f06ecfea0eaebc333c7883c2438b
                    • Instruction ID: 2f45805a5f8c7594596118255601dd5896f99231b1c5bfa28eddd5522aac3ced
                    • Opcode Fuzzy Hash: a82748fc17c1c0177fba07a8e834c77f8825f06ecfea0eaebc333c7883c2438b
                    • Instruction Fuzzy Hash: 4C237D74A087418FD724CF15C484BEBBBE1FF88304F14896EE9899B351D775A882CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043B480 Relevance: 94.9, APIs: 58, Strings: 4, Instructions: 1943memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?), ref: 0043B5C7
                    • GetProcessHeap.KERNEL32 ref: 0043B5EF
                    • HeapAlloc.KERNEL32(?,00000000,000000B8), ref: 0043B609
                    Strings
                    • assertion failed: edge.height == self.node.height - 1, xrefs: 0043CED8
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 0043CEA4
                    • , xrefs: 0043B53F
                    • called `Option::unwrap()` on a `None` value, xrefs: 0043CE4C, 0043CE65, 0043CF2B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocFreeProcess
                    • String ID: $a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs$assertion failed: edge.height == self.node.height - 1$called `Option::unwrap()` on a `None` value
                    • API String ID: 2113670309-1790005889
                    • Opcode ID: 32d03bf37e09dd60996c45e97f7f50953e4060f0bfa833828d1955252d95427a
                    • Instruction ID: f86940c5dda6e12d5bb1fcd52f7c3698750cd9e7d01f47e6fa751013c3d988cf
                    • Opcode Fuzzy Hash: 32d03bf37e09dd60996c45e97f7f50953e4060f0bfa833828d1955252d95427a
                    • Instruction Fuzzy Hash: 25035B75E0021A8FCB14CF98C880BEEB7B6FF48304F15916AD905BB351EB39A945CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00424840 Relevance: 72.5, APIs: 45, Strings: 2, Instructions: 1965memoryCOMMON
                    Download Yara Rule
                    APIs
                    • memcmp.MSVCRT ref: 00424933
                    • GetProcessHeap.KERNEL32 ref: 004249C0
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 004249D6
                    • GetProcessHeap.KERNEL32(0000001C), ref: 00424CA8
                    • HeapAlloc.KERNEL32(?,00000000,0000001C), ref: 00424CBF
                    • HeapFree.KERNEL32(00000000,00000000,00000000,00000000,0000001C,0000001C), ref: 00424D8E
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess$Freememcmp
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$DV_
                    • API String ID: 801167977-888580012
                    • Opcode ID: 1b80344818be54b39215215961402e53ea17da0bbb6b577da6a1a16b0b6521d6
                    • Instruction ID: 60802b9f694f237dead664176674cf4f8e10537a6ae53c44249ec0dfd1a0965e
                    • Opcode Fuzzy Hash: 1b80344818be54b39215215961402e53ea17da0bbb6b577da6a1a16b0b6521d6
                    • Instruction Fuzzy Hash: 97033C71E006298BCB24CF99D880BAEB7B1FF89304F5541AAD809BB351D774AD85CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00441580 Relevance: 70.2, APIs: 40, Strings: 6, Instructions: 1223memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 004426B0: HeapFree.KERNEL32(00000000,006C83A8), ref: 004427BA
                      • Part of subcall function 004426B0: HeapFree.KERNEL32(00000000,?), ref: 0044284C
                      • Part of subcall function 00438540: GetProcessHeap.KERNEL32(00000000,?,00000000,?,0043871B,?), ref: 00438566
                      • Part of subcall function 00438540: HeapAlloc.KERNEL32(?,00000000,?,00000000,?,00000000,?,0043871B,?), ref: 0043857B
                    • HeapFree.KERNEL32(00000000,00000001), ref: 0044167B
                    • GetProcessHeap.KERNEL32 ref: 00441810
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 00441826
                    • GetProcessHeap.KERNEL32(?), ref: 0044188D
                    • HeapAlloc.KERNEL32(?,00000000,00000000,?), ref: 004418A3
                      • Part of subcall function 00438540: memcpy.MSVCRT ref: 004385B8
                    • HeapFree.KERNEL32(00000000,00000001), ref: 00441A8E
                    • HeapFree.KERNEL32(00000000,?), ref: 0044252F
                    • HeapFree.KERNEL32(00000000,?), ref: 0044255C
                    • HeapFree.KERNEL32(00000000,00000000,?,?,00000000,00000004,?,?,?,?), ref: 004425CF
                    • HeapFree.KERNEL32(00000000,?), ref: 004425EF
                    • HeapFree.KERNEL32(00000000,?), ref: 0044260C
                    • HeapFree.KERNEL32(00000000,00000000), ref: 0044263E
                    Strings
                    • Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues, xrefs: 0044266B
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 00442687
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0044249D, 004424D5, 0044259F
                    • #W_, xrefs: 00442675
                    • , xrefs: 004422E6
                    • t^g, xrefs: 00441A38, 00441D29
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess$memcpy
                    • String ID: $#W_$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues$a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs$t^g
                    • API String ID: 288019571-2902324249
                    • Opcode ID: 952642d2193127af2b7d8b897f329deaab4fe3b91b80671bbb90b6b6f773fcfa
                    • Instruction ID: 5fe9fd8808b2b4121b906b50103e545308e4613d47dcba355fb1937c2fb7f992
                    • Opcode Fuzzy Hash: 952642d2193127af2b7d8b897f329deaab4fe3b91b80671bbb90b6b6f773fcfa
                    • Instruction Fuzzy Hash: 6CA2CF70E003599BEF24CFA5C9847EEBBB2EF48304F14402AE8557B391D7B89986CB55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004426B0 Relevance: 65.7, APIs: 38, Strings: 5, Instructions: 1185memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,006C83A8), ref: 004427BA
                      • Part of subcall function 005D6B50: GetProcessHeap.KERNEL32(?,?,?,?,?,00000000), ref: 005D6C25
                      • Part of subcall function 005D6B50: HeapAlloc.KERNEL32(?,00000000,00000000,?,?,?,?,?,00000000), ref: 005D6C3B
                      • Part of subcall function 005D6B50: memcpy.MSVCRT ref: 005D6C5E
                    • HeapFree.KERNEL32(00000000,?), ref: 0044284C
                    • HeapFree.KERNEL32(00000000,?), ref: 004428A5
                    • GetProcessHeap.KERNEL32 ref: 004428F1
                    • HeapAlloc.KERNEL32(?,00000000,5F5E24C4), ref: 00442907
                    • HeapFree.KERNEL32(00000000,?,?,5F5E24C4), ref: 00442B09
                    Strings
                    • attempt to join into collection with len > usize::MAX/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\str.rs, xrefs: 00442EBF
                    • L\_, xrefs: 0044301B
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0044275B, 00443519
                    • For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did you mea, xrefs: 00443538
                    • 0\_, xrefs: 00442CE8
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess$memcpy
                    • String ID: For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did you mea$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$0\_$L\_$attempt to join into collection with len > usize::MAX/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\str.rs
                    • API String ID: 288019571-4242526482
                    • Opcode ID: fa9afa7dc510c306ec4609a0ac8bd11e57d68bd8efa9d309fb846ae8b8fd0a33
                    • Instruction ID: 199df36a9d3f73e5eb3644e6969c203752b1bda1a059df00c27b07b09edc669d
                    • Opcode Fuzzy Hash: fa9afa7dc510c306ec4609a0ac8bd11e57d68bd8efa9d309fb846ae8b8fd0a33
                    • Instruction Fuzzy Hash: B8B29D71D002199BEB24DF94C984BEEBBB1FF44304F25812AE815BB391DB74AE45CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00439E60 Relevance: 55.5, APIs: 28, Strings: 8, Instructions: 1452memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00439F67
                    • HeapAlloc.KERNEL32(00000000,00000000,00000004), ref: 00439F82
                    • GetProcessHeap.KERNEL32 ref: 0043A14D
                    • HeapAlloc.KERNEL32(?,00000000,00000004), ref: 0043A164
                    Strings
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 0043B457
                    • >l, xrefs: 0043B42A
                    • , xrefs: 0043AB40
                    • ARGS:OPTIONS::, xrefs: 0043AA42
                    • For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did you mea, xrefs: 0043AD31, 0043AED9, 0043B22A
                    • SUBCOMMANDS, xrefs: 0043AEFA
                    • cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs, xrefs: 0043B420
                    • help, xrefs: 0043A295
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did you mea$ $ARGS:OPTIONS::$SUBCOMMANDS$a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs$cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs$help$>l
                    • API String ID: 1617791916-1889064371
                    • Opcode ID: 037e8337fa8589d3bb37589e271c0ee1ecacd219783e36c7549f6032d0d2d380
                    • Instruction ID: 3bef50c6f7dc02a91930e25cba0847d33c4c0f3c10fd99681979ef0762a638e4
                    • Opcode Fuzzy Hash: 037e8337fa8589d3bb37589e271c0ee1ecacd219783e36c7549f6032d0d2d380
                    • Instruction Fuzzy Hash: 0DD28871A083418BD724CF25C4807ABB7E2FFC8314F14992EE9D99B391D779A845CB86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00438610 Relevance: 55.3, APIs: 17, Strings: 19, Instructions: 1310COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$USAGE: <subcommands>$abou$auth$auth$author-section}about}about-with-newline}about-section}usage-heading}usage}all-args}options}positionals}subcommands}after-help}before-help}$bin}$hor}$hor}$ion}$ons}$ons}$opti$opti$usag$vers${${${0x
                    • API String ID: 1617791916-1422946603
                    • Opcode ID: a00a13b23968850856bb9e5d941cbcef134030e508fff5a636dfc030410987ff
                    • Instruction ID: c8ddbe9a5091413c0bcc5e9c52c6835596221ea06dee7446a9e25d8c9ec813d7
                    • Opcode Fuzzy Hash: a00a13b23968850856bb9e5d941cbcef134030e508fff5a636dfc030410987ff
                    • Instruction Fuzzy Hash: 84A2D271B083019BDB14DE15C841A2BB7E2BFD8714F14992EF89997391DB78EC05CB8A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00434160 Relevance: 45.0, APIs: 27, Strings: 2, Instructions: 1526memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 0041B310: GetProcessHeap.KERNEL32 ref: 0041B3A4
                      • Part of subcall function 0041B310: HeapAlloc.KERNEL32(?,00000000,?), ref: 0041B3B6
                    • GetProcessHeap.KERNEL32 ref: 004341DE
                    • HeapAlloc.KERNEL32(?,00000000,0000000C), ref: 004341F5
                    • GetProcessHeap.KERNEL32 ref: 004343AD
                    • HeapAlloc.KERNEL32(?,00000000,00000018), ref: 004343C4
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: t^g$C
                    • API String ID: 1617791916-2712559406
                    • Opcode ID: f4b5ae5c59b01dce38ab752d5f1664ba7369ca55d03ddcfb84a25ddac7a0dfc1
                    • Instruction ID: 4792b7d2a807088c2cda8a4c40e1ab9ff10ab5aa53291dc5eb9b2ac64f6afa2e
                    • Opcode Fuzzy Hash: f4b5ae5c59b01dce38ab752d5f1664ba7369ca55d03ddcfb84a25ddac7a0dfc1
                    • Instruction Fuzzy Hash: 75E26B75A08B418FC324CF28C480A5BB7E5FFC9350F149A6EE8999B361D774E845CB86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00419AD0 Relevance: 28.6, APIs: 22, Instructions: 1127memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00419B8E
                    • HeapAlloc.KERNEL32(?,00000000,00000018), ref: 00419BA5
                    • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000001), ref: 0041A697
                    • HeapAlloc.KERNEL32(?,00000000,00000008), ref: 0041A6A9
                    • HeapFree.KERNEL32(00000000,?), ref: 0041A7B8
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess$Free
                    • String ID:
                    • API String ID: 2487664458-0
                    • Opcode ID: adfe9c094d9d7d8376ef995912bd8a03c1a5887c03a82c1583e05a2c849ea6ed
                    • Instruction ID: 152d079942a65b771d48cbba2c6e6e71d020dbec75a8a7a0f9129c3bae857fe7
                    • Opcode Fuzzy Hash: adfe9c094d9d7d8376ef995912bd8a03c1a5887c03a82c1583e05a2c849ea6ed
                    • Instruction Fuzzy Hash: A8A2CF71A05B018FC715DF28C480A6BB7F6FFC9350F148A1EE8995B261DB34E895CB46
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005D9E60 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 413memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 8185 5d9e60-5d9e72 8186 5d9e7a call 5cb380 8185->8186 8187 5d9e7f-5d9e81 8186->8187 8188 5d9ea5-5d9eaf 8187->8188 8189 5d9e83-5d9ea3 call 458c60 8187->8189 8191 5d9eb1-5d9eb4 8188->8191 8192 5d9f12-5d9f15 8188->8192 8189->8188 8191->8192 8196 5d9eb6-5d9ece AcquireSRWLockShared 8191->8196 8193 5d9f17-5d9f68 call 4568c0 8192->8193 8194 5d9f90-5da004 call 4568c0 8192->8194 8205 5da0cc-5da0cf 8193->8205 8206 5d9f6e-5d9f71 8193->8206 8203 5da00a-5da00d 8194->8203 8204 5da105-5da108 8194->8204 8202 5d9ed0 call 5cb380 8196->8202 8209 5d9ed5-5d9ed7 8202->8209 8207 5da149-5da14b 8203->8207 8210 5da013-5da016 8203->8210 8204->8207 8208 5da10a-5da11e 8204->8208 8205->8207 8211 5da0d1-5da0e5 8205->8211 8206->8207 8212 5d9f77-5d9f7a 8206->8212 8216 5da14d-5da152 8207->8216 8223 5da139 8208->8223 8224 5da120-5da126 8208->8224 8209->8189 8214 5d9ed9-5d9ede 8209->8214 8210->8207 8215 5da01c-5da024 8210->8215 8227 5da0e7-5da0ed 8211->8227 8228 5da100-5da103 8211->8228 8212->8207 8213 5d9f80-5d9f8b 8212->8213 8217 5da027-5da041 8213->8217 8219 5d9ee4 8214->8219 8220 5da062-5da06c 8214->8220 8215->8217 8221 5da157-5da15a 8216->8221 8242 5da05c-5da05d 8217->8242 8243 5da043-5da049 8217->8243 8225 5d9ee6-5d9f02 8219->8225 8229 5da367 8220->8229 8230 5da072-5da075 8220->8230 8226 5da15d call 5ab2f0 8221->8226 8233 5da13c-5da144 HeapFree 8223->8233 8234 5da128 8224->8234 8235 5da12b-5da134 HeapFree 8224->8235 8250 5da0a9-5da0bc 8225->8250 8251 5d9f08-5d9f0d 8225->8251 8237 5da162-5da164 8226->8237 8238 5da0ef 8227->8238 8239 5da0f2-5da0fb HeapFree 8227->8239 8228->8233 8231 5da36e 8229->8231 8230->8231 8232 5da07b-5da07d 8230->8232 8252 5da375-5da37e 8231->8252 8232->8225 8240 5da083-5da09a call 5c60b0 8232->8240 8233->8207 8234->8235 8235->8223 8244 5da16a-5da16c 8237->8244 8245 5da256-5da25b 8237->8245 8238->8239 8239->8228 8240->8252 8265 5da0a0-5da0a4 8240->8265 8242->8233 8253 5da04e-5da057 HeapFree 8243->8253 8254 5da04b 8243->8254 8246 5da16e-5da1a5 8244->8246 8248 5da33e-5da35e call 458c60 8245->8248 8249 5da261-5da26c 8245->8249 8255 5da299 8246->8255 8256 5da1ab-5da1cb call 5d9620 8246->8256 8274 5da360-5da365 call 5d00f0 8248->8274 8259 5da26e 8249->8259 8260 5da27a-5da27d 8249->8260 8250->8216 8278 5da0c2-5da0c7 8250->8278 8251->8221 8261 5da3b9-5da3bf 8252->8261 8262 5da380-5da383 8252->8262 8253->8242 8254->8253 8271 5da2a0 call 5cd250 8255->8271 8282 5da1cd-5da1cf 8256->8282 8268 5da270 call 5ab400 8259->8268 8260->8207 8270 5da283-5da287 8260->8270 8266 5da3cf-5da3d6 8261->8266 8267 5da3c1-5da3cd 8261->8267 8262->8266 8272 5da385-5da388 8262->8272 8275 5da3f4-5da411 8265->8275 8276 5da3dd-5da3df 8266->8276 8267->8276 8277 5da275-5da277 8268->8277 8270->8244 8279 5da28d-5da294 8270->8279 8280 5da2a5-5da2a7 8271->8280 8272->8266 8281 5da38a-5da396 8272->8281 8274->8229 8275->8225 8284 5da3ef-5da3f2 8276->8284 8285 5da3e1-5da3ea HeapFree 8276->8285 8277->8260 8278->8221 8279->8246 8280->8189 8286 5da2ad-5da2b7 8280->8286 8281->8276 8287 5da1dd-5da1e4 8282->8287 8288 5da1d1-5da1d4 8282->8288 8284->8275 8285->8284 8286->8256 8290 5da2bd-5da2d0 AcquireSRWLockExclusive 8286->8290 8292 5da1e6-5da1e9 8287->8292 8293 5da1f2-5da200 ReleaseSRWLockShared 8287->8293 8288->8287 8291 5da1d6-5da1d8 call 401ea0 8288->8291 8294 5da416 8290->8294 8295 5da2d6-5da2f8 call 5cb340 call 5d9620 8290->8295 8291->8287 8292->8293 8298 5da1eb-5da1ed call 5cd350 8292->8298 8293->8274 8299 5da206-5da254 call 5ab670 call 5d0100 8293->8299 8308 5da2fa-5da304 8295->8308 8309 5da313-5da319 ReleaseSRWLockExclusive 8295->8309 8298->8293 8299->8245 8308->8309 8310 5da306-5da30d call 5cb340 8308->8310 8311 5da320 call 5cd250 8309->8311 8310->8309 8317 5da30f 8310->8317 8313 5da325-5da327 8311->8313 8315 5da329-5da32c 8313->8315 8316 5da398-5da3a0 8313->8316 8315->8189 8318 5da332-5da339 call 5cd350 8315->8318 8316->8282 8319 5da3a6-5da3a9 8316->8319 8317->8309 8318->8189 8319->8282 8320 5da3af-5da3b4 call 5cd350 8319->8320 8320->8282
                    APIs
                      • Part of subcall function 005CB380: TlsGetValue.KERNEL32(00000000,006C0178,?,005D9E7F), ref: 005CB38E
                      • Part of subcall function 005CB380: TlsGetValue.KERNEL32(00000000,00000000,006C0178,?,005D9E7F), ref: 005CB3C4
                    • AcquireSRWLockShared.KERNEL32(006DD130), ref: 005D9EC0
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DA057
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DA0FB
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DA134
                    • HeapFree.KERNEL32(00000000,?), ref: 005DA144
                    • ReleaseSRWLockShared.KERNEL32(006DD130), ref: 005DA1F7
                    • AcquireSRWLockExclusive.KERNEL32(00000011), ref: 005DA2C1
                    • ReleaseSRWLockExclusive.KERNEL32(00000011,00000011), ref: 005DA314
                    • HeapFree.KERNEL32(00000000,006C0210), ref: 005DA3EA
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 005D9F32, 005D9F93, 005DA21E
                    • Box<dyn Any><unnamed>, xrefs: 005DA14D
                    • full, xrefs: 005DA3B9
                    • cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs, xrefs: 005D9E86
                    • p\, xrefs: 005DA2E7
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$Lock$AcquireExclusiveReleaseSharedValue
                    • String ID: p\$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$Box<dyn Any><unnamed>$cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs$full
                    • API String ID: 2564028659-2531656488
                    • Opcode ID: c6233b8fcea3f03bfadcce2b330ba918407499fd06f34e1bf706de6626c30996
                    • Instruction ID: 35ab92d99807ddf1edceb0b4364fec5f4667369c5387322962c01d55083c2b2b
                    • Opcode Fuzzy Hash: c6233b8fcea3f03bfadcce2b330ba918407499fd06f34e1bf706de6626c30996
                    • Instruction Fuzzy Hash: 48F19D70D002498FEB25DF99C845BAEBFB6FF44304F14842BE8426B351D7769949CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005C5630 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 472COMMON
                    Download Yara Rule
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 005C58A6, 005C5931
                    • \\?\\\?\UNC\, xrefs: 005C586D
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$\\?\\\?\UNC\
                    • API String ID: 3298025750-2684557492
                    • Opcode ID: d65d513aae291c522cf25a85b9b6ab0789f739a1609f065f1eefd4cd1f5102b2
                    • Instruction ID: 04bbbc39adba12e4db8154e73587abccb0d6cf4a47466fd3520bff7aefcf15ff
                    • Opcode Fuzzy Hash: d65d513aae291c522cf25a85b9b6ab0789f739a1609f065f1eefd4cd1f5102b2
                    • Instruction Fuzzy Hash: 9B025875D00A1ACECB249FD5C884BAEBBB1FB88354F64812ED51567281F770ADC1CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00462D30 Relevance: 20.6, APIs: 11, Strings: 2, Instructions: 1121memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 005D9E60: AcquireSRWLockShared.KERNEL32(006DD130), ref: 005D9EC0
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,00606C44), ref: 00462D80
                    • HeapAlloc.KERNEL32(?,00000000,00000008,?,?,?,?,?,00606C44), ref: 00462D93
                    • memset.MSVCRT ref: 00462E13
                    • GetProcessHeap.KERNEL32 ref: 00462FE2
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 00462FF8
                    Strings
                    • Dl`, xrefs: 00462D30
                    • called `Option::unwrap()` on a `None` value, xrefs: 00463C06
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess$AcquireLockSharedmemset
                    • String ID: Dl`$called `Option::unwrap()` on a `None` value
                    • API String ID: 3477437257-3232184606
                    • Opcode ID: 480cccc01cecc82eba600a7ddb19f0ff40a27d0ac8eb18e123c25775c4bb1e08
                    • Instruction ID: 4854808d86286df17565083c4713c41b4865ddf5d910af1815b8c55ef0b184ce
                    • Opcode Fuzzy Hash: 480cccc01cecc82eba600a7ddb19f0ff40a27d0ac8eb18e123c25775c4bb1e08
                    • Instruction Fuzzy Hash: 6A92D1756083419FC714CF18C480A2AB7E2FF88315F158A6EE88997352E735EE55CB8B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040BA30 Relevance: 18.5, APIs: 2, Strings: 10, Instructions: 537COMMON
                    Download Yara Rule
                    APIs
                    • memmove.MSVCRT ref: 0040BB0A
                      • Part of subcall function 00570E70: GetProcessHeap.KERNEL32(0040D6D4,00000004,?), ref: 00570F10
                      • Part of subcall function 00570E70: HeapAlloc.KERNEL32(?,00000000,00000005,0040D6D4,00000004,?), ref: 00570F29
                      • Part of subcall function 00570E70: memset.MSVCRT ref: 00570F65
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemmovememset
                    • String ID: T7_$T7_$T7_$T7_$T7_$already mutably borrowed$aren$aren$called `Option::unwrap()` on a `None` value$egyl
                    • API String ID: 2660627060-1635305450
                    • Opcode ID: 5c86fd987144014954b7f57f9fe2edcc7d92ce767fa2ce3ac281b5f59bff0e75
                    • Instruction ID: 980e40c0ede6a354f3fdd3d05782114208437dc520cdb8578ec867dd7e1dc09b
                    • Opcode Fuzzy Hash: 5c86fd987144014954b7f57f9fe2edcc7d92ce767fa2ce3ac281b5f59bff0e75
                    • Instruction Fuzzy Hash: 81328071E006198FCB14CFA9C8906AEF7B2FF89310F19826ED855BB355DB74A941CB84
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00418C20 Relevance: 18.5, APIs: 14, Instructions: 968memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00418D07
                    • HeapAlloc.KERNEL32(?,00000000,00000018), ref: 00418D1E
                    • GetProcessHeap.KERNEL32 ref: 0041985C
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 0041986E
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID:
                    • API String ID: 1617791916-0
                    • Opcode ID: 7fd4ac0985e8dc4d91b5313471813c73ddc6fa5f3e9133ae0c91592a05ae9d1e
                    • Instruction ID: 52cfa53166ead0a85edc4aa35ed4570068047f4c17227f5f54bf23125e6d1d46
                    • Opcode Fuzzy Hash: 7fd4ac0985e8dc4d91b5313471813c73ddc6fa5f3e9133ae0c91592a05ae9d1e
                    • Instruction Fuzzy Hash: D692B076904B458FC315DF28C4906ABB7E6FFDA390F108B1EE8995B252DB30D885CB46
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00456D64 Relevance: 18.2, APIs: 5, Strings: 6, Instructions: 1711COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • d8n, xrefs: 00457552
                    • library\core\src\num\flt2dec\strategy\dragon.rsassertion failed: d.mant > 0assertion failed: d.mant.checked_add(d.plus).is_some(), xrefs: 00457FB7
                    • /t#, xrefs: 004579D1
                    • assertion failed: digits < 40assertion failed: other > 0, xrefs: 00458615
                    • ', xrefs: 00458290
                    • [Am-, xrefs: 0045721C
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcpy
                    • String ID: '$/t#$[Am-$assertion failed: digits < 40assertion failed: other > 0$d8n$library\core\src\num\flt2dec\strategy\dragon.rsassertion failed: d.mant > 0assertion failed: d.mant.checked_add(d.plus).is_some()
                    • API String ID: 3510742995-2828053966
                    • Opcode ID: 8911c90a7d62d9d13426933b82227c8bb9333c718c1ae008ea0b208d6d6987d2
                    • Instruction ID: 70414c5eac617ae2d6ecfd78f01302fadeb4630b491f5f887ffe406bf3e0e50d
                    • Opcode Fuzzy Hash: 8911c90a7d62d9d13426933b82227c8bb9333c718c1ae008ea0b208d6d6987d2
                    • Instruction Fuzzy Hash: C4F25C716083418FC714CF18D480AAAB7F1BFC8314F55896EE89597352EB35E94ACF86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00412600 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 395COMMON
                    Download Yara Rule
                    Strings
                    • H@_, xrefs: 00412AE8
                    • invalid or out-of-range date/cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/naive/date.rs, xrefs: 00412795
                    • FixedOffset::east out of bounds, xrefs: 004127B7
                    • ;, xrefs: 0041261E
                    • `NaiveDateTime + Duration` overflowed/cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/naive/datetime.rs1k, xrefs: 004127C8
                    • system time before Unix epoch/cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/sys.rs, xrefs: 004128D8
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: ;$FixedOffset::east out of bounds$H@_$`NaiveDateTime + Duration` overflowed/cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/naive/datetime.rs1k$invalid or out-of-range date/cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/naive/date.rs$system time before Unix epoch/cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/sys.rs
                    • API String ID: 0-590896373
                    • Opcode ID: 9f4ebdd09f7f8c9aa4a2ef44f79144cbfe41dd85c147e397809ba756dc536722
                    • Instruction ID: 1b79f521ca78fc7546847da228c3c8fb6c722017c89a3ccd16676d85b4f2856c
                    • Opcode Fuzzy Hash: 9f4ebdd09f7f8c9aa4a2ef44f79144cbfe41dd85c147e397809ba756dc536722
                    • Instruction Fuzzy Hash: 03E1D071A083059BD708CF19C9806ABFBE5FFC8304F04892EE5999B391E778D944CB86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005832C0 Relevance: 15.9, APIs: 9, Strings: 1, Instructions: 889memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00583378
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 0058338E
                    Strings
                    • assertion failed: !self.ranges.is_empty(), xrefs: 00583CE2
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: assertion failed: !self.ranges.is_empty()
                    • API String ID: 1617791916-4142735027
                    • Opcode ID: 52f0b74e5e2f93721671e26ef62af5c6b61ab34e9c99d11bce631f8debca83d3
                    • Instruction ID: 513a03a589e6b1133ad79df1838d9c458dba0f10748b2c707887cff8193aaa68
                    • Opcode Fuzzy Hash: 52f0b74e5e2f93721671e26ef62af5c6b61ab34e9c99d11bce631f8debca83d3
                    • Instruction Fuzzy Hash: 45728A75E0021A8FCB18DF98C8809AEBBB2FF88710F65856DD856B7351D730AE45CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00436120 Relevance: 15.7, APIs: 9, Strings: 1, Instructions: 692COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: index not found
                    • API String ID: 0-3314787632
                    • Opcode ID: 40f52bad22125b6d7c0c310b951ec09f4bcaaa1cd2b36ec9f08d966d5ce6e972
                    • Instruction ID: af5b28363b533c0d1639c33db878946e266838c1a9ec81543464e73bee6f1604
                    • Opcode Fuzzy Hash: 40f52bad22125b6d7c0c310b951ec09f4bcaaa1cd2b36ec9f08d966d5ce6e972
                    • Instruction Fuzzy Hash: 1E629C75E0061A9FCB14CF98C480AAEB7B1FF89314F26926AD815BB351D734AD42CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005DDC30 Relevance: 15.0, APIs: 7, Strings: 2, Instructions: 1519COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memmove
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$aren
                    • API String ID: 2162964266-710792703
                    • Opcode ID: b953520b0ead7ed13c6289199fc06fa1ae7e1bf326b839c007dcc48d70d06aaf
                    • Instruction ID: e6809c059e9d655be7a4074672d02ae7c56eec9fc169dd61773fe02020506e79
                    • Opcode Fuzzy Hash: b953520b0ead7ed13c6289199fc06fa1ae7e1bf326b839c007dcc48d70d06aaf
                    • Instruction Fuzzy Hash: 45D28D71E047168BC714DF69C8816AAFBF2FFC8310F19862EE895AB351D770A941CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0059C0C0 Relevance: 14.2, APIs: 6, Strings: 3, Instructions: 655memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • called `Result::unwrap()` on an `Err` value, xrefs: 0059C2AE
                    • attempt to divide by zeroLabelTooLongInternalPkcs8, xrefs: 0059C7C8
                    • capacity overflow/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\vec\spec_extend.rs, xrefs: 0059C46C, 0059C5AA, 0059C79C
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcpy$FreeHeap
                    • String ID: attempt to divide by zeroLabelTooLongInternalPkcs8$called `Result::unwrap()` on an `Err` value$capacity overflow/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\vec\spec_extend.rs
                    • API String ID: 4250714341-2466697788
                    • Opcode ID: 2dcdf8e6a399ae84ab8e2904e56ff2982774cb90cce06c2a0047a5df6f4be727
                    • Instruction ID: 7b69e4bb6960eed9056bccbcc527ad4da5770ca459147febae4b094d6682989f
                    • Opcode Fuzzy Hash: 2dcdf8e6a399ae84ab8e2904e56ff2982774cb90cce06c2a0047a5df6f4be727
                    • Instruction Fuzzy Hash: 26329475E002168FCF14CF99C990AAEBFB2FF89314F258569D90AAB351D731AD41CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00463CA0 Relevance: 12.4, APIs: 4, Strings: 4, Instructions: 391memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00463D74
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 00463D86
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: }truefalse{0x$BUG! Empty lengths!$Errorkind$assertion failed: max_length <= MAX_CODE_LENGTH
                    • API String ID: 1617791916-1742058515
                    • Opcode ID: 512be488f07f1d06b9cb87f854d21938e9d54b73de5f628cc8df219b5a55ab48
                    • Instruction ID: e3758752d216fd641d6a6ba725e40b1f5592c2fbdb72a587f9246a5e35705170
                    • Opcode Fuzzy Hash: 512be488f07f1d06b9cb87f854d21938e9d54b73de5f628cc8df219b5a55ab48
                    • Instruction Fuzzy Hash: 67E13431A083818BDB18CF14C8417AFB7F2EFC5314F14852EF98A5B391E6399A458B97
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401500 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressProc$HandleLibraryLoadModule
                    • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                    • API String ID: 384173800-1835852900
                    • Opcode ID: f0b63679d1bfb0480d696cfb7165efe60d4067dd1e22ec934afda6089116e476
                    • Instruction ID: 10bed35b0332d76f8c503436061b12b934528f716483c8d90d3935c539ca77b9
                    • Opcode Fuzzy Hash: f0b63679d1bfb0480d696cfb7165efe60d4067dd1e22ec934afda6089116e476
                    • Instruction Fuzzy Hash: 060192B0805244DBC3007F78AD0C22A7FF8FB80341F01442ED5899B255EB798448CBAB
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00429940 Relevance: 11.8, APIs: 2, Strings: 5, Instructions: 1263COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memset
                    • String ID: -$-$-$FFFF$FFFF
                    • API String ID: 2221118986-3894311268
                    • Opcode ID: 780cc51900b7bd68c1abdbb24f644499cde506963e7375aaade36aab957ef885
                    • Instruction ID: 6b480ae8fd93a8dce91518d6da2caf6930206616ec3e82321bc52be5c7a04016
                    • Opcode Fuzzy Hash: 780cc51900b7bd68c1abdbb24f644499cde506963e7375aaade36aab957ef885
                    • Instruction Fuzzy Hash: 8CA2E571F006298BDF14CE68E8903EEB7F2BF89310F59826AD855B7381D7389D468B45
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004358F0 Relevance: 11.1, APIs: 6, Strings: 1, Instructions: 557COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • invalid raw bytesbyte index is not a valid boundary; it is inside U+ (bytes , xrefs: 004360CA, 004360ED
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcmp
                    • String ID: invalid raw bytesbyte index is not a valid boundary; it is inside U+ (bytes
                    • API String ID: 1475443563-1176419386
                    • Opcode ID: 0f63c59a527cf24f6a5615e35daf5b3cbbcfe87b70547679bc5834ea471a2ca5
                    • Instruction ID: c8c4b2da910fed7cac49b1a5a5ffd3b9c55a8fb98f034c90e829d7b38cc48d44
                    • Opcode Fuzzy Hash: 0f63c59a527cf24f6a5615e35daf5b3cbbcfe87b70547679bc5834ea471a2ca5
                    • Instruction Fuzzy Hash: F6326470A087019FC714CF14C480A6BBBF2BFC9354F14992EE98A9B352D779E845CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405AD0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89memoryCOMMON
                    Download Yara Rule
                    APIs
                    • BCryptGenRandom.BCRYPT(00000000,?,00000040,00000002), ref: 00405B0A
                    • GetProcessHeap.KERNEL32(00000000,?,00000040,00000002), ref: 00405B2A
                    • HeapAlloc.KERNEL32(?,00000000,00000040,00000000,?,00000040,00000002), ref: 00405B41
                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000040,00000000,?,00000040,00000002), ref: 00405BBA
                    Strings
                    • getrandom::getrandom() failed./cargo/registry/src/github.com-1ecc6299db9ec823/ahash-0.7.6/src/random_state.rs, xrefs: 00405BE2
                    • 6&_, xrefs: 00405BEC
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocCryptFreeProcessRandom
                    • String ID: 6&_$getrandom::getrandom() failed./cargo/registry/src/github.com-1ecc6299db9ec823/ahash-0.7.6/src/random_state.rs
                    • API String ID: 388448229-1887853031
                    • Opcode ID: 09104d12f34a6917c32df97853fb4907bb5db60161b3f29a189289275573b1f8
                    • Instruction ID: c591c459d9f4428a1a68f0e0757698066540edb26b3b32c628cb0087b2071243
                    • Opcode Fuzzy Hash: 09104d12f34a6917c32df97853fb4907bb5db60161b3f29a189289275573b1f8
                    • Instruction Fuzzy Hash: CE31D230910F489BD705DF298C02B6777B9FFC6311F00562AF9487B191EB74E8818B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00570E70 Relevance: 10.0, APIs: 5, Strings: 1, Instructions: 1039memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(0040D6D4,00000004,?), ref: 00570F10
                    • HeapAlloc.KERNEL32(?,00000000,00000005,0040D6D4,00000004,?), ref: 00570F29
                    • memset.MSVCRT ref: 00570F65
                    • memmove.MSVCRT ref: 00571092
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemmovememset
                    • String ID: arensety
                    • API String ID: 2660627060-699636312
                    • Opcode ID: 7f50d254d5dfec0ad0aa69929fb58a73630192eba9a8e14f88f2efdf53096363
                    • Instruction ID: 1db613a8ec8745c7bdf13b3b2f4876ea766baec30a7e4014c9245f5af04b76ca
                    • Opcode Fuzzy Hash: 7f50d254d5dfec0ad0aa69929fb58a73630192eba9a8e14f88f2efdf53096363
                    • Instruction Fuzzy Hash: 85A22975E006198BDB18CFA9D8806EEFBF2BF88310F198169D819BB345D774AD41CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00423960 Relevance: 9.6, APIs: 5, Strings: 1, Instructions: 629memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemmovememset
                    • String ID: egyl
                    • API String ID: 2660627060-3671976516
                    • Opcode ID: 32c37f5bc0c86640b2ff6acee6b7e772c1d079882b4891aff88341d3064e37e2
                    • Instruction ID: ef7c3aeb1689e2ae49573a6184efb2b30226014b749839ce6539a46598b78499
                    • Opcode Fuzzy Hash: 32c37f5bc0c86640b2ff6acee6b7e772c1d079882b4891aff88341d3064e37e2
                    • Instruction Fuzzy Hash: A8428071A08B129BC708CF29C48066AF7E2FFD9310F558A2EE89997295DB74D941CB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00596340 Relevance: 9.5, APIs: 4, Strings: 2, Instructions: 466memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 005D9E60: AcquireSRWLockShared.KERNEL32(006DD130), ref: 005D9EC0
                    • GetProcessHeap.KERNEL32 ref: 005963A3
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 005963B9
                    • memcpy.MSVCRT ref: 005963CE
                    Strings
                    • capacity overflow/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\vec\spec_extend.rs, xrefs: 005969B3
                    • , xrefs: 005963F9
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AcquireAllocLockProcessSharedmemcpy
                    • String ID: $capacity overflow/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\vec\spec_extend.rs
                    • API String ID: 2859008134-2631154499
                    • Opcode ID: cbd4d3163b3e17e1f302a5e1b13c78885b0a6995d43e24323a00219c8f5bdf82
                    • Instruction ID: f88fe4613b01efd3efe7ec605906b7b54060210342497046be991b5d12c882f4
                    • Opcode Fuzzy Hash: cbd4d3163b3e17e1f302a5e1b13c78885b0a6995d43e24323a00219c8f5bdf82
                    • Instruction Fuzzy Hash: 8A12A175919B428BCB15CF28C44062BBBE1FFD6390F508B1DF89597262DB71D849CB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00593070 Relevance: 7.9, APIs: 3, Strings: 2, Instructions: 370memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,-000000F8,00000000,?,00430D2A,?), ref: 0059308C
                    • HeapAlloc.KERNEL32(?,00000000,*C,?,-000000F8,00000000,?,00430D2A,?), ref: 0059309E
                    • memcpy.MSVCRT ref: 005930C2
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID: *C$called `Option::unwrap()` on a `None` value
                    • API String ID: 4164033339-447915325
                    • Opcode ID: 87506b586f6c589b4a7f440218adda488c14857aac135702b9fc6a596b45d20d
                    • Instruction ID: c7d5153de12a3ef0c136a1bd5499361f9eada1c93a03b820a4c013bb1f5618df
                    • Opcode Fuzzy Hash: 87506b586f6c589b4a7f440218adda488c14857aac135702b9fc6a596b45d20d
                    • Instruction Fuzzy Hash: D0D1CB75A00216CFDF14CF95C8856AEBFB2FF48324F248639D4596B392D738AA45CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005C5500 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                    Download Yara Rule
                    APIs
                    • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,005AF2E8), ref: 005C5537
                    • memset.MSVCRT ref: 005C555A
                    • DeviceIoControl.KERNEL32 ref: 005C5581
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,005AF2E8), ref: 005C5590
                    • GetLastError.KERNEL32(?,000900A8,00000000,00000000,?,00004000,00000000,00000000), ref: 005C55A7
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$ControlDeviceFileHandleInformationmemset
                    • String ID:
                    • API String ID: 2171887305-0
                    • Opcode ID: 6d721a5972d585de7f5a9bf6330e7ee49170a752b6fa1ab6e4fa4b5f17695f74
                    • Instruction ID: 48af5b809005bb6fe9c33e4d008f6951f0f16d798e7ab877f8c6471f450ce82f
                    • Opcode Fuzzy Hash: 6d721a5972d585de7f5a9bf6330e7ee49170a752b6fa1ab6e4fa4b5f17695f74
                    • Instruction Fuzzy Hash: 433148B0508B409FE324CF56C841B57BBF4BFC8714F108A1DFA9997690E771E5848B92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005EDCE0 Relevance: 7.6, APIs: 5, Instructions: 55timethreadCOMMON
                    Download Yara Rule
                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32 ref: 005EDD19
                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004014D2), ref: 005EDD2A
                    • GetCurrentThreadId.KERNEL32 ref: 005EDD32
                    • GetTickCount.KERNEL32 ref: 005EDD3A
                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004014D2), ref: 005EDD49
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                    • String ID:
                    • API String ID: 1445889803-0
                    • Opcode ID: 572e1b97ec8f5cef14eff1b68bb41289407b43a485af2e01f8aa980c768fd249
                    • Instruction ID: be9a4b094a7ab1b2e03948106068a102cfc345b78fb937bc698d0d5cdf73c700
                    • Opcode Fuzzy Hash: 572e1b97ec8f5cef14eff1b68bb41289407b43a485af2e01f8aa980c768fd249
                    • Instruction Fuzzy Hash: FE119EB5A053048BC314EF79FD8855BBBE5FB98364F045C3AE444C7210EA36D449CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00454210 Relevance: 6.9, APIs: 5, Instructions: 646COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bef00c3c4d2a5eb43250ce9ba9b570e122a9c74c9af99637871a67425ec61e26
                    • Instruction ID: bc22a83db9dcf99b9505bc3122c38793ecffd4f9043c1367237d43a69ef7a5e6
                    • Opcode Fuzzy Hash: bef00c3c4d2a5eb43250ce9ba9b570e122a9c74c9af99637871a67425ec61e26
                    • Instruction Fuzzy Hash: 3D527E75E002059FCB14CF54D880AAEB7B2FF89318F29815AEC196B362D735AD85CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040D680 Relevance: 6.5, APIs: 2, Strings: 2, Instructions: 488COMMON
                    Download Yara Rule
                    APIs
                    • memmove.MSVCRT ref: 0040D744
                      • Part of subcall function 00570E70: GetProcessHeap.KERNEL32(0040D6D4,00000004,?), ref: 00570F10
                      • Part of subcall function 00570E70: HeapAlloc.KERNEL32(?,00000000,00000005,0040D6D4,00000004,?), ref: 00570F29
                      • Part of subcall function 00570E70: memset.MSVCRT ref: 00570F65
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemmovememset
                    • String ID: $@$egyl
                    • API String ID: 2660627060-3460815229
                    • Opcode ID: f606e2b5e3dadb3c3bab2931ca19b4925c56a83f041acb61c7ad63ab6acc3f3a
                    • Instruction ID: f5faaa45778c204426c8f97845f70218f18e15643e019fcfb306045df438b3db
                    • Opcode Fuzzy Hash: f606e2b5e3dadb3c3bab2931ca19b4925c56a83f041acb61c7ad63ab6acc3f3a
                    • Instruction Fuzzy Hash: C6227276E006298BDB14CFA9C8806EEF7B2BF88310F19863AD855B7385D7746D45CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00412D99 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 859COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: assertion failed: nextspec > 0$zzlzpzs
                    • API String ID: 0-3422939377
                    • Opcode ID: 4a6604a4856ee243ac956737b67894b126d59e787f4c63259ac337cb8be44666
                    • Instruction ID: 0c5eb810ef64212f9b3f004b0d591dc5037d2ceda89e030f95344e7557eb9aaa
                    • Opcode Fuzzy Hash: 4a6604a4856ee243ac956737b67894b126d59e787f4c63259ac337cb8be44666
                    • Instruction Fuzzy Hash: 4F62187160C3818FD715CF18C45079ABFE2AF86310F18895FE4D58B396D278E986DB4A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00416190 Relevance: 5.0, APIs: 1, Strings: 2, Instructions: 463COMMON
                    Download Yara Rule
                    Strings
                    • >l, xrefs: 00417740
                    • cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs, xrefs: 00417736
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: cannot access a Thread Local Storage value during or after destruction/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\thread\local.rs$>l
                    • API String ID: 0-4287895062
                    • Opcode ID: b904dbc7b111c8d936094b7022baca0d9c009426eb6867ade36cd6f2a84cd55a
                    • Instruction ID: 2d6e65ce0f11967a5d6e1f88f460149a76b4b64deaeff4d7b2b90f73199b3fad
                    • Opcode Fuzzy Hash: b904dbc7b111c8d936094b7022baca0d9c009426eb6867ade36cd6f2a84cd55a
                    • Instruction Fuzzy Hash: 5F1267B6A083529FD714CF29C48075BF7E2AFC8314F198A2EE89997351D774E845CB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005DBD00 Relevance: 4.5, APIs: 3, Instructions: 716COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21da443a5982dd790b370e7b52cb32aadb0bb1dcdb00da7e937c863ca778b286
                    • Instruction ID: e29d7233ece816576038aa44405600df525a0dc5b1419ceedb38d28650087926
                    • Opcode Fuzzy Hash: 21da443a5982dd790b370e7b52cb32aadb0bb1dcdb00da7e937c863ca778b286
                    • Instruction Fuzzy Hash: 0D42C1729183528FC725CA28C49026ABFE2BFD6350F198B1FF8A567351D330E946DB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005EC6D0 Relevance: 4.4, Strings: 3, Instructions: 688COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: $@$@
                    • API String ID: 0-3743272326
                    • Opcode ID: 3bdfea039ddd7d9cdad2cbe9bcba32675d63666eb4b859fd0986d5214d3af158
                    • Instruction ID: 1c12b525f2e29d6338bce2bf4a7a60399c370551f3aeaa29dbcad7f6da3aec27
                    • Opcode Fuzzy Hash: 3bdfea039ddd7d9cdad2cbe9bcba32675d63666eb4b859fd0986d5214d3af158
                    • Instruction Fuzzy Hash: 6B52D2B1E002198BDF08CFA9D8917EEBBF6BF88310F158529E959B7340D774AD058B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040A8B0 Relevance: 3.0, APIs: 2, Instructions: 534memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 0040A944
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 0040A958
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID:
                    • API String ID: 1617791916-0
                    • Opcode ID: da034dfae46a7d58c7fdd4afb19b786b5252ae67e0c8bd19f7346ccebb5ca1d9
                    • Instruction ID: 37bc6a9c2d9aaf4edd29b3d1417680bc64b9c2efc4a97509c143eccbff768a27
                    • Opcode Fuzzy Hash: da034dfae46a7d58c7fdd4afb19b786b5252ae67e0c8bd19f7346ccebb5ca1d9
                    • Instruction Fuzzy Hash: D1024872F003158BDB18CA68C89067E77A3ABD8340F28813AD555BB3C5D67D9C62C79B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0052DD30 Relevance: 3.0, Strings: 2, Instructions: 506COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: Xg$Xg
                    • API String ID: 0-1662626693
                    • Opcode ID: 4c181fc603d21090931d994c404b01ed279084290787ab4981d36f9029b02c6c
                    • Instruction ID: a185fec7522409b94415fd2bc5fa6dafb0a14c567363473f49f9a43321de5812
                    • Opcode Fuzzy Hash: 4c181fc603d21090931d994c404b01ed279084290787ab4981d36f9029b02c6c
                    • Instruction Fuzzy Hash: 1512E671E042658FCF14CF68D4916EDBBB2BF9A310F258269D859BB382D731AD41CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005ED298 Relevance: 2.6, Strings: 2, Instructions: 108COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: m'A$rHA
                    • API String ID: 0-1231652464
                    • Opcode ID: 3a5b62669ac0d55ea04fe15f4eaefb80245c29714875e2c06cabaf0e41f08a0a
                    • Instruction ID: 23765f0089ea7fc362b5c535c7c80fdd99a797d8ae8644af4bfd94f5b9f58c12
                    • Opcode Fuzzy Hash: 3a5b62669ac0d55ea04fe15f4eaefb80245c29714875e2c06cabaf0e41f08a0a
                    • Instruction Fuzzy Hash: 06312E757183164F970CDE2DE9D055BB7E2BBD8650F048A3DF585C3745DA30D80A8AA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0045B130 Relevance: 1.8, APIs: 1, Instructions: 519COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcmp
                    • String ID:
                    • API String ID: 1475443563-0
                    • Opcode ID: 68333a6b719b6b540b29c03bf773e56c12b7637890a9fd3c5b6cb8d52a381c0f
                    • Instruction ID: 047a547c1e02f0cd51d1c1e35d3ad83525dbfab01dca2a60d7659266fb54639c
                    • Opcode Fuzzy Hash: 68333a6b719b6b540b29c03bf773e56c12b7637890a9fd3c5b6cb8d52a381c0f
                    • Instruction Fuzzy Hash: 8D12D171E002198BCB14CE69C4902BEB7E2EF9A304F25872FEC56B7342D7749D468B94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0045A2E0 Relevance: 1.6, Strings: 1, Instructions: 323COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: truefalse{0x
                    • API String ID: 0-3548834255
                    • Opcode ID: 1edc9e4560c7c72f071963314a971d83539cba4d2dcd6e5ae5af00befeef3eba
                    • Instruction ID: b76a7356bdfd541e6fed2f88c442aef3bab37573468a40c3cbc03dece5d7f12e
                    • Opcode Fuzzy Hash: 1edc9e4560c7c72f071963314a971d83539cba4d2dcd6e5ae5af00befeef3eba
                    • Instruction Fuzzy Hash: D1C12A71A002165BD7189F2A8C46ABDBAB5EF84310F14427AFD49EF3D2E234DA50C7D5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0045C4B0 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                    Download Yara Rule
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0045C680, 0045C7B8
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 0-318435341
                    • Opcode ID: d5de244f4f89bd9f04ec245177f9d5148c7f1ef3cad085b42e93018d5a83dcd9
                    • Instruction ID: c8abf24d5330b2d17d195b40b0eaededcc28943561ff275b9f396353903cb694
                    • Opcode Fuzzy Hash: d5de244f4f89bd9f04ec245177f9d5148c7f1ef3cad085b42e93018d5a83dcd9
                    • Instruction Fuzzy Hash: 66817C316003294FEB249A29D8C1BBA77A7EF86715F00423AED499F3C2D6399909C7D5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040FA60 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: V@
                    • API String ID: 0-383300688
                    • Opcode ID: 34d92d153d03fd985ffc3f3ae66cd16ce82643fcfef53d9f53b6a886c3df9c10
                    • Instruction ID: 3473d3f87b3a1c7192df100d42091ca22f037023850037b76524c32494a1a30c
                    • Opcode Fuzzy Hash: 34d92d153d03fd985ffc3f3ae66cd16ce82643fcfef53d9f53b6a886c3df9c10
                    • Instruction Fuzzy Hash: DD911872E087159BD304DF6AC88035FF7E2AFC8750F1AC93DE9D897244D6B4A8519B82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404F40 Relevance: .8, Instructions: 811COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ebf9afc52400174a061b2c752bfb4be665081afa704ec3a97c68f93e43cbc0f6
                    • Instruction ID: 5fba85e1cbb89313166be1f6d86faaea612d6da8ff5ec67575fc3726afd23627
                    • Opcode Fuzzy Hash: ebf9afc52400174a061b2c752bfb4be665081afa704ec3a97c68f93e43cbc0f6
                    • Instruction Fuzzy Hash: 07723B72A1C7408BD348CF29C88155BF7E1BFC8764F458A2EF989D3612DB70D9498B86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00418880 Relevance: .3, Instructions: 326COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b1b6d0bf93e77c878096d5fcdfb25d9be3a917a60caa83563075a01c18e9cf59
                    • Instruction ID: 6f6974faa753a38ddb7a144d91ace7518e2d6635eb30ea76048602f28371123d
                    • Opcode Fuzzy Hash: b1b6d0bf93e77c878096d5fcdfb25d9be3a917a60caa83563075a01c18e9cf59
                    • Instruction Fuzzy Hash: 3AD1E4B5E006298FCB18CFA9C9806AEF7F2BF88310F19852AD955B7750D774AD418BD0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005E84A0 Relevance: .3, Instructions: 302COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0decb6ccb009eada558c671aa565dc5136658ee3d737c062d9301c1bc9437e98
                    • Instruction ID: 04aee5885059dab6706af30745ce45d5793cbe9f3979afb31372c02b50008dc0
                    • Opcode Fuzzy Hash: 0decb6ccb009eada558c671aa565dc5136658ee3d737c062d9301c1bc9437e98
                    • Instruction Fuzzy Hash: DCD12FB5E002298FDB08CFA9D8906AEB7F2FF8C310F16452ED859A7751D774A901CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00417CC0 Relevance: .3, Instructions: 294COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 32db822c72897489d41b893da4232d2601f9609682a7982cf7c311707915dc35
                    • Instruction ID: cd00e4f07c719bbdbdd1ac72cf86c8a0ec86a8aa3e17fba57936a06a9805bff8
                    • Opcode Fuzzy Hash: 32db822c72897489d41b893da4232d2601f9609682a7982cf7c311707915dc35
                    • Instruction Fuzzy Hash: 2CC11B75A05215CFCB18CF54C480AAAF7B2FF49314B29829ED919AB361D735EC82CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00455240 Relevance: .3, Instructions: 293COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 40f2d883fbb9600c4dffd08fef84c64a4b857724504e66d84cf150f10075191c
                    • Instruction ID: 6c6ccd4a1884164db89aaf733b6edd1d8bbb7767b759fb1b83b124ef66cd6f49
                    • Opcode Fuzzy Hash: 40f2d883fbb9600c4dffd08fef84c64a4b857724504e66d84cf150f10075191c
                    • Instruction Fuzzy Hash: 0DC11EB5E006198FDB44CFA9C89069EB7F2FF88310F2A816AD815A7355D774A942CFD0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00448120 Relevance: .3, Instructions: 273COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9864c895896fb543b6be5c4328496b0c01d4f3322083425d6114dedf15e92816
                    • Instruction ID: 3fae1ace384da4d4fce68bb2fdce08b45f0171f5b386afa3a9af8c7a02c4e7e4
                    • Opcode Fuzzy Hash: 9864c895896fb543b6be5c4328496b0c01d4f3322083425d6114dedf15e92816
                    • Instruction Fuzzy Hash: 20B16B76A00615CFDB14CF58C480AAEB7B1FF9D314F2981AED9196B361DB34AC41CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00448580 Relevance: .2, Instructions: 249COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5182e57cfdc03656840f92f6879d1df9e26463e68365141fdb9b3a930ea83c24
                    • Instruction ID: 08c5438d60c188ab80929ea3a128be837dca606e14163a8fdd1a0983be00c669
                    • Opcode Fuzzy Hash: 5182e57cfdc03656840f92f6879d1df9e26463e68365141fdb9b3a930ea83c24
                    • Instruction Fuzzy Hash: 56917272E006298BDB04CEADC8913EEB6F2AF88324F594239D925F7381D7395D058B94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00456050 Relevance: .2, Instructions: 241COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: aa9535738fa9e58e126d06672b192789fe0e40dac05ca6b9119f720f867a968e
                    • Instruction ID: 0bccd851a759c3d161ade1b584d3fede3814e5ef641df643f0cf6732a088d887
                    • Opcode Fuzzy Hash: aa9535738fa9e58e126d06672b192789fe0e40dac05ca6b9119f720f867a968e
                    • Instruction Fuzzy Hash: 5391B471F002158BDB08DF99C8907BEB7F2BBC4311F5A816ED8156B386DB385D098B94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005E9830 Relevance: .2, Instructions: 232COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 864f57649f6904dc9538245d2b0831e97ca83b2d7ed25ea67235ff18837f8f31
                    • Instruction ID: ee065d8a1b144769b6a7c3b42bd2f15b6916e9e6601db21abf1f5d1a8da0e07f
                    • Opcode Fuzzy Hash: 864f57649f6904dc9538245d2b0831e97ca83b2d7ed25ea67235ff18837f8f31
                    • Instruction Fuzzy Hash: 0CA107B6A083519BD704CF65C88135FF3E2AFC8714F0AC93EE99897245D7B4E9059B82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404D00 Relevance: .2, Instructions: 228COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ea9445b189451744a497203b350f65789df63cfbc302418df5774a2fd3a9360d
                    • Instruction ID: 05931ae6e8ac0605627e4ada758c21c528fb84cab9813e1addb88021d231c126
                    • Opcode Fuzzy Hash: ea9445b189451744a497203b350f65789df63cfbc302418df5774a2fd3a9360d
                    • Instruction Fuzzy Hash: 82A17772E102298B8F08CFEAD8915DEF7F2BF8C314B56816ED415FB200D67569028F94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004F4350 Relevance: .2, Instructions: 211COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 498589df098e180cbcfc1b47391334f2a12d9b1f39689a3f61c17299240ab79d
                    • Instruction ID: 6697365a98f6e39b65c6b1ee9a31f8aa11a894d5597854102dee30e006d3a10f
                    • Opcode Fuzzy Hash: 498589df098e180cbcfc1b47391334f2a12d9b1f39689a3f61c17299240ab79d
                    • Instruction Fuzzy Hash: 1F9109B6E083119BD304CF65C88034BF7E2AFC8750F1AC93DE9A997255D7B4E8459B82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004609F0 Relevance: .2, Instructions: 209COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 68fa68a26db5c889b10179eea1242b23c0998122eb026dc1f786013d8108fd74
                    • Instruction ID: a14d63f61948139d6cb0cf1074dc05817263a064bfd1b0f3c1db05bb0b93a63c
                    • Opcode Fuzzy Hash: 68fa68a26db5c889b10179eea1242b23c0998122eb026dc1f786013d8108fd74
                    • Instruction Fuzzy Hash: A6B123B19680F25AC7499F76E4F4437BBF1AF0F70138F119AE6C24A052D62496A09BB0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005E9590 Relevance: .2, Instructions: 202COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 98722a998f9be4f4483719df7330ccacf250c6f95f1c95ab8ef1bb11619f08ae
                    • Instruction ID: 4238b9153f2d71bcf7df1f6efda55518212e9bc23a6aea20973be30d3b654d72
                    • Opcode Fuzzy Hash: 98722a998f9be4f4483719df7330ccacf250c6f95f1c95ab8ef1bb11619f08ae
                    • Instruction Fuzzy Hash: 3F9107B6E087119BD304DF69C88035FF7E2EFC8750F1AC93DA99897244D6B4A8419A82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040FF40 Relevance: .2, Instructions: 202COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c28d569f735b95954de3a422c2ad9e613ca57b8f5f6e115970519eb3669eaf57
                    • Instruction ID: e59acf458c75c6f6e4ffb6cf579f362ae1d690a5ec813c31dafa8af6280f441f
                    • Opcode Fuzzy Hash: c28d569f735b95954de3a422c2ad9e613ca57b8f5f6e115970519eb3669eaf57
                    • Instruction Fuzzy Hash: E9910676E087119BD304DF6AC88035FF7E2AFC8750F1AC93DE99897254D6B4A8419A82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004184C0 Relevance: .2, Instructions: 174COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 789aac2500b3b66333bada3c1376c06cb0856c28aefabd8472c0ac137752efe2
                    • Instruction ID: f0c3e9ce5a75cbbf9842b58167b32f9bed8b4f68f303af4db0b9c93fd77d5dd0
                    • Opcode Fuzzy Hash: 789aac2500b3b66333bada3c1376c06cb0856c28aefabd8472c0ac137752efe2
                    • Instruction Fuzzy Hash: 06716C72E087159BD304DF65C88035FF3E2EFC8750F1AC93DE8D9A7284D674A8519A82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00460810 Relevance: .1, Instructions: 104COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b4c7ab707778f4cfbf6285f9c0bbc3d4088dd59cd1332eb247937cdfe9625936
                    • Instruction ID: f2017ddc3b48b23d103df1293c27e1ac581e92635eaa3e52e9f3a3f81dea7c9a
                    • Opcode Fuzzy Hash: b4c7ab707778f4cfbf6285f9c0bbc3d4088dd59cd1332eb247937cdfe9625936
                    • Instruction Fuzzy Hash: 614198D6C0EF4946EB03273EA4832A377507EB75E4B00DB43FCF475AA2EB1565586218
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005ED198 Relevance: .1, Instructions: 104COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 761526eb16a9fecece05c1d8f18392742579a54206e6b5a52a43904422d3fe76
                    • Instruction ID: 67bc4d5f048ce613b9cf72024cb61dcaed35916b6cdb2ea6858ea355f1ed205d
                    • Opcode Fuzzy Hash: 761526eb16a9fecece05c1d8f18392742579a54206e6b5a52a43904422d3fe76
                    • Instruction Fuzzy Hash: 35314F75B183164BD70CCE3DE99065BB7D3ABC8610F05CA3DB985C3784DA30DC0A8692
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004466D0 Relevance: 38.0, APIs: 20, Strings: 5, Instructions: 464memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 6688 4466d0-44671c call 444fe0 6691 446722-446727 6688->6691 6692 446d4c-446d51 call 40a470 6688->6692 6694 446756 6691->6694 6695 446729-446730 6691->6695 6700 446d53-446d58 6692->6700 6699 44675b-44676c memcpy 6694->6699 6697 446740-44674d HeapAlloc 6695->6697 6698 446732-446739 GetProcessHeap 6695->6698 6697->6699 6701 44674f-446751 6697->6701 6698->6701 6702 44673b 6698->6702 6703 44676e-446776 call 550100 6699->6703 6704 446779-4467a0 6699->6704 6705 446d74-446d7e call 40a490 6700->6705 6701->6705 6702->6697 6703->6704 6707 4467b4-4467c0 HeapAlloc 6704->6707 6708 4467a2-4467a9 GetProcessHeap 6704->6708 6709 446d34-446d39 6707->6709 6711 4467c6-446825 6707->6711 6708->6709 6710 4467af 6708->6710 6709->6705 6710->6707 6714 446834-44685f 6711->6714 6715 446827-446831 call 550100 6711->6715 6718 446865-4468c4 call 40a5e0 6714->6718 6719 446bc7-446bce 6714->6719 6715->6714 6728 4468c6-4468cd GetProcessHeap 6718->6728 6729 4468d8-4468e4 HeapAlloc 6718->6729 6720 446bd0-446bd5 6719->6720 6721 446c4a-446c8b call 445180 call 444780 6719->6721 6720->6721 6724 446bd7-446c1e call 40a5e0 6720->6724 6740 446c8d-446c94 GetProcessHeap 6721->6740 6741 446c9f-446cab HeapAlloc 6721->6741 6735 446c20-446c28 call 550100 6724->6735 6736 446c2b-446c47 6724->6736 6728->6700 6732 4468d3 6728->6732 6729->6700 6733 4468ea-44690e 6729->6733 6732->6729 6737 446910-446918 call 550100 6733->6737 6738 44691b-446944 6733->6738 6735->6736 6736->6721 6737->6738 6742 44694a-446951 6738->6742 6743 446aab-446ab2 6738->6743 6747 446c9a 6740->6747 6748 446d3b-446d4a call 40a490 6740->6748 6741->6748 6749 446cb1-446cf5 6741->6749 6750 446965-446971 HeapAlloc 6742->6750 6751 446953-44695a GetProcessHeap 6742->6751 6753 446ab4-446abb GetProcessHeap 6743->6753 6754 446ac6-446ad2 HeapAlloc 6743->6754 6747->6741 6748->6692 6755 446cf7-446cfb 6749->6755 6756 446d2c-446d33 6749->6756 6758 446d61-446d66 6750->6758 6759 446977-446989 6750->6759 6757 446960 6751->6757 6751->6758 6761 446ac1 6753->6761 6762 446d6f 6753->6762 6754->6762 6763 446ad8-446ae0 6754->6763 6755->6756 6766 446cfd-446d01 6755->6766 6757->6750 6758->6705 6767 446998-4469c0 6759->6767 6768 44698b-446995 call 550100 6759->6768 6761->6754 6762->6705 6764 446ae2-446aec call 550100 6763->6764 6765 446aef-446b17 6763->6765 6764->6765 6771 446b24-446b36 6765->6771 6772 446b19-446b21 call 550100 6765->6772 6773 446d11-446d16 6766->6773 6774 446d03-446d0c HeapFree 6766->6774 6776 4469c2-4469ca call 550100 6767->6776 6777 4469cd-4469f7 6767->6777 6768->6767 6780 446b3b-446b4e 6771->6780 6772->6771 6773->6756 6781 446d18-446d1c 6773->6781 6774->6773 6776->6777 6784 4469f9-446a00 GetProcessHeap 6777->6784 6785 446a0b-446a17 HeapAlloc 6777->6785 6790 446b50-446b57 GetProcessHeap 6780->6790 6791 446b62-446b6e HeapAlloc 6780->6791 6781->6756 6792 446d1e-446d27 HeapFree 6781->6792 6786 446a06 6784->6786 6787 446d68-446d6d 6784->6787 6785->6787 6788 446a1d-446a48 6785->6788 6786->6785 6787->6705 6794 446a57-446a7f 6788->6794 6795 446a4a-446a54 call 550100 6788->6795 6796 446b5d 6790->6796 6797 446d5a-446d5f 6790->6797 6791->6797 6798 446b74-446b7e 6791->6798 6792->6756 6800 446a81-446a89 call 550100 6794->6800 6801 446a8c-446aa6 6794->6801 6795->6794 6796->6791 6797->6705 6802 446b80-446b8a call 550100 6798->6802 6803 446b8d-446bb5 6798->6803 6800->6801 6801->6780 6802->6803 6803->6719 6804 446bb7-446bc2 HeapFree 6803->6804 6804->6719
                    APIs
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000001,?,?,?,00431146,00000001), ref: 00444FF4
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 0044500B
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445070
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445087
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 004450ED
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000000,?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445101
                    • GetProcessHeap.KERNEL32 ref: 00446732
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 00446744
                    • memcpy.MSVCRT ref: 0044675E
                    • GetProcessHeap.KERNEL32 ref: 004467A2
                    • HeapAlloc.KERNEL32(?,00000000,00000037), ref: 004467B9
                    • GetProcessHeap.KERNEL32(?,00000000,00000037), ref: 004468C6
                    • HeapAlloc.KERNEL32(?,00000000,00000010,?,00000000,00000037), ref: 004468DD
                    • GetProcessHeap.KERNEL32(?,00000000,00000010,?,00000000,00000037), ref: 00446953
                    • HeapAlloc.KERNEL32(?,00000000,00000008,?,00000000,00000010,?,00000000,00000037), ref: 0044696A
                    • GetProcessHeap.KERNEL32(?,00000000,00000008,?,00000000,00000010,?,00000000,00000037), ref: 004469F9
                    • HeapAlloc.KERNEL32(?,00000000,00000018,?,00000000,00000008,?,00000000,00000010,?,00000000,00000037), ref: 00446A10
                    • GetProcessHeap.KERNEL32(?,00000000,00000010,?,00000000,00000037), ref: 00446AB4
                    • HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000010,?,00000000,00000037), ref: 00446ACB
                    • GetProcessHeap.KERNEL32(?,00000000,00000001,?,00000000,00000010,?,00000000,00000037), ref: 00446B50
                    • HeapAlloc.KERNEL32(?,00000000,00000002,?,00000000,00000001,?,00000000,00000010,?,00000000,00000037), ref: 00446B67
                    • HeapFree.KERNEL32(00000000,?,?,00000000,00000002,?,00000000,00000001,?,00000000,00000010,?,00000000,00000037), ref: 00446BC2
                    • GetProcessHeap.KERNEL32(?,00000000,00000037), ref: 00446C8D
                    • HeapAlloc.KERNEL32(?,00000000,0000000C,?,00000000,00000037), ref: 00446CA4
                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,0000000C,?,00000000,00000037), ref: 00446D0C
                    • HeapFree.KERNEL32(00000000,0000000B,?,00000000,0000000C,?,00000000,00000037), ref: 00446D27
                    Strings
                    • Found argument '' which wasn't expected, or isn't valid in this context, xrefs: 004466F1
                    • ut ', xrefs: 00446977
                    • error:For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did y, xrefs: 0044711F
                    • , xrefs: 0044707B
                    • t^g, xrefs: 00446875
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess$Free$memcpy
                    • String ID: $Found argument '' which wasn't expected, or isn't valid in this context$error:For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did y$t^g$ut '
                    • API String ID: 678140940-4015595444
                    • Opcode ID: bccb788703fc0c1cea862510890f0c089314da61e8288c759e9ed33f6862ba26
                    • Instruction ID: f8947fafd702529e186252602f025e317317b8f667db0e1f0115de4548161e34
                    • Opcode Fuzzy Hash: bccb788703fc0c1cea862510890f0c089314da61e8288c759e9ed33f6862ba26
                    • Instruction Fuzzy Hash: 98228DB0E0074A8FEB11DFA5C884BAEBBB1FF86304F11815AD8056F352DB789945CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403890 Relevance: 35.3, APIs: 9, Strings: 11, Instructions: 287memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 7258 403890-4038a4 7259 403929-403949 call 473f00 7258->7259 7260 4038aa-4038b4 7258->7260 7263 40394b-403962 7259->7263 7262 4038ba-4038c2 7260->7262 7260->7263 7266 403964-403976 7262->7266 7267 4038c8-4038cd 7262->7267 7265 40397b-4039a1 call 473ea0 7263->7265 7276 4039a3-4039b1 7265->7276 7277 4039fd-403a33 call 473ea0 7265->7277 7266->7265 7269 403904-403910 7267->7269 7270 4038cf-4038d2 7267->7270 7274 4038f0-403902 HeapFree 7269->7274 7275 403912-403916 7269->7275 7272 4038d4-4038d8 7270->7272 7273 4038e8-4038ef 7270->7273 7272->7273 7278 4038da-4038e3 HeapFree 7272->7278 7274->7269 7274->7270 7275->7274 7279 403918-403927 HeapFree 7275->7279 7281 4039b3-4039b7 7276->7281 7282 4039c8-4039d1 7276->7282 7287 403b95-403bb5 call 473ea0 7277->7287 7288 403a39-403a4e AcquireSRWLockExclusive 7277->7288 7278->7273 7279->7274 7281->7282 7284 4039b9-4039c3 HeapFree 7281->7284 7285 4039d3-4039d8 call 401640 7282->7285 7286 4039dd-4039e0 7282->7286 7284->7282 7285->7286 7290 4039e2-4039e6 7286->7290 7291 4039f6-4039fc 7286->7291 7302 403bb7-403bbf 7287->7302 7293 403a54-403a5b 7288->7293 7294 403b45-403b51 call 5cb340 7288->7294 7290->7291 7292 4039e8-4039f1 HeapFree 7290->7292 7292->7291 7297 403a61-403a66 7293->7297 7298 403b57-403b7d call 458c60 7293->7298 7294->7297 7294->7298 7297->7302 7303 403a6c-403a70 7297->7303 7312 403b7f-403b86 call 5cb340 7298->7312 7304 403bc1 7302->7304 7305 403bc8-403bd9 7302->7305 7307 403a76-403a78 7303->7307 7308 403bec-403bfb 7303->7308 7304->7305 7309 403bdb-403bea 7305->7309 7310 403bfd-403c03 7305->7310 7313 403a8a-403a98 ReleaseSRWLockExclusive 7307->7313 7314 403a7a-403a84 7307->7314 7311 403c1c-403c26 call 456690 7308->7311 7309->7311 7315 403c05-403c08 call 534890 7310->7315 7316 403c0d-403c17 7310->7316 7312->7313 7328 403b8c-403b90 7312->7328 7319 403a9a-403a9d 7313->7319 7320 403a9f-403aa5 7313->7320 7314->7312 7314->7313 7315->7316 7316->7311 7319->7320 7324 403aaf-403ab4 7319->7324 7320->7324 7325 403aa7-403aaa call 534890 7320->7325 7326 403ab6-403ac2 7324->7326 7327 403afe-403b03 7324->7327 7325->7324 7330 403ad8-403adc 7326->7330 7331 403b05-403b0d 7327->7331 7332 403b1f-403b27 7327->7332 7328->7313 7333 403ad0-403ad6 7330->7333 7334 403ade-403ae3 7330->7334 7331->7332 7335 403b0f-403b1a HeapFree 7331->7335 7336 403b29-403b2d 7332->7336 7337 403b3d-403b44 7332->7337 7333->7327 7333->7330 7339 403ae5-403ae7 call 403860 7334->7339 7340 403aec-403af2 7334->7340 7335->7332 7336->7337 7338 403b2f-403b38 HeapFree 7336->7338 7338->7337 7339->7340 7340->7333 7342 403af4 7340->7342 7343 403af7 call 51d470 7342->7343 7344 403afc 7343->7344 7344->7333
                    APIs
                    • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 004038E3
                    • HeapFree.KERNEL32(00000000,?), ref: 004038F9
                    • HeapFree.KERNEL32(00000000,?), ref: 00403922
                    • HeapFree.KERNEL32(00000000,?), ref: 004039C3
                    • HeapFree.KERNEL32(00000000), ref: 004039F1
                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00403A3F
                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00403A8E
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 00403B1A
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ExclusiveLock$AcquireRelease
                    • String ID: 0!g$0!g$0!g$assertion failed: guard.canceled.is_none()$assertion failed: guard.queue.dequeue().is_none()$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$d#g$d#g$d#g$d#g
                    • API String ID: 1406246216-470745812
                    • Opcode ID: e9ba448135d2e283a9000e410d9e40b0f7c19fdfb729b3d6b4e0510e6d5e508b
                    • Instruction ID: b5f867496e630c6688cc6b476ab2be47c2e5ba48c613835aac03a8c621b26989
                    • Opcode Fuzzy Hash: e9ba448135d2e283a9000e410d9e40b0f7c19fdfb729b3d6b4e0510e6d5e508b
                    • Instruction Fuzzy Hash: C3A1E371A002069BDB249F65CC45BAB7FB9FF40315F14412AE414BB3D2D775EA05CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004474B0 Relevance: 32.0, APIs: 20, Strings: 1, Instructions: 480COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: called `Option::unwrap()` on a `None` value
                    • API String ID: 0-793901050
                    • Opcode ID: 71a2e3b5063e7f452ab07824d88e60d78393fda18d3810b4638e8fa77945ea94
                    • Instruction ID: 915aa8aefc65b12c0a3efcfd516feca4c05fd1567ac8bfa70bb2e9b06332a6ba
                    • Opcode Fuzzy Hash: 71a2e3b5063e7f452ab07824d88e60d78393fda18d3810b4638e8fa77945ea94
                    • Instruction Fuzzy Hash: 4F02C231A042029BEB24CF98CD84BBA77B6FF44304F15456AE905AB391D779ED43CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005AB2F0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 166memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 7738 5ab2f0-5ab2fc 7739 5ab30b-5ab31e call 5ab520 TlsGetValue 7738->7739 7740 5ab2fe-5ab307 TlsGetValue 7738->7740 7742 5ab320-5ab325 7739->7742 7744 5ab32f-5ab336 7739->7744 7741 5ab309 7740->7741 7740->7742 7741->7744 7742->7744 7746 5ab327-5ab32a 7742->7746 7748 5ab338-5ab340 TlsGetValue 7744->7748 7749 5ab351-5ab363 call 5ab520 TlsGetValue 7744->7749 7747 5ab3e0-5ab3e5 7746->7747 7750 5ab342-5ab349 7748->7750 7751 5ab365-5ab36c 7748->7751 7749->7750 7749->7751 7750->7747 7753 5ab34f 7750->7753 7755 5ab36e-5ab375 GetProcessHeap 7751->7755 7756 5ab37c-5ab388 HeapAlloc 7751->7756 7757 5ab3b3-5ab3d0 7753->7757 7758 5ab3e6-5ab42b call 40a490 AcquireSRWLockExclusive 7755->7758 7759 5ab377 7755->7759 7756->7758 7760 5ab38a-5ab3a0 7756->7760 7757->7747 7761 5ab3d2-5ab3d4 7757->7761 7769 5ab4b8-5ab4f2 ReleaseSRWLockExclusive call 455a80 7758->7769 7770 5ab431-5ab44a 7758->7770 7759->7756 7763 5ab3ac-5ab3ae TlsSetValue 7760->7763 7764 5ab3a2-5ab3a7 call 5ab520 7760->7764 7761->7747 7765 5ab3d6-5ab3d9 7761->7765 7763->7757 7764->7763 7765->7747 7768 5ab3db call 401ea0 7765->7768 7768->7747 7774 5ab4f4-5ab514 call 456690 7769->7774 7773 5ab450-5ab461 ReleaseSRWLockExclusive 7770->7773 7770->7774 7777 5ab463-5ab46a GetProcessHeap 7773->7777 7778 5ab471-5ab47d HeapAlloc 7773->7778 7780 5ab4a7-5ab4b6 call 40a490 7777->7780 7782 5ab46c 7777->7782 7779 5ab47f-5ab4a6 7778->7779 7778->7780 7780->7769 7782->7778
                    APIs
                    • TlsGetValue.KERNEL32(0000001B,006C0178,?,?,005DA162), ref: 005AB2FF
                    • TlsGetValue.KERNEL32(00000000,006C0178,?,?,005DA162), ref: 005AB316
                    • TlsGetValue.KERNEL32(0000001B,00000000,006C0178,?,?,005DA162), ref: 005AB339
                    • TlsGetValue.KERNEL32(00000000,00000000,006C0178,?,?,005DA162), ref: 005AB35C
                    • GetProcessHeap.KERNEL32(00000000,00000000,006C0178,?,?,005DA162), ref: 005AB36E
                    • HeapAlloc.KERNEL32(?,00000000,00000010,00000000,00000000,006C0178,?,?,005DA162), ref: 005AB381
                    • TlsSetValue.KERNEL32(0000001B,00000000,?,00000000,00000010,00000000,00000000,006C0178,?,?,005DA162), ref: 005AB3AE
                    • AcquireSRWLockExclusive.KERNEL32(006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB413
                    • ReleaseSRWLockExclusive.KERNEL32(006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB455
                    • GetProcessHeap.KERNEL32(006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB463
                    • HeapAlloc.KERNEL32(?,00000000,00000020,006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB476
                      • Part of subcall function 005AB520: AcquireSRWLockExclusive.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB530
                      • Part of subcall function 005AB520: TlsAlloc.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB53E
                      • Part of subcall function 005AB520: GetProcessHeap.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB557
                      • Part of subcall function 005AB520: HeapAlloc.KERNEL32(?,00000000,0000000C,006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?), ref: 005AB56A
                      • Part of subcall function 005AB520: ReleaseSRWLockExclusive.KERNEL32(006DD128,006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001), ref: 005AB5AA
                    • ReleaseSRWLockExclusive.KERNEL32(006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB4BD
                    Strings
                    • tk, xrefs: 005AB4CA
                    • Fk, xrefs: 005AB4FE
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 005AB4DF
                    • Fk, xrefs: 005AB4C5
                    • called `Option::unwrap()` on a `None` value, xrefs: 005AB4F4
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$ExclusiveLockValue$Alloc$ProcessRelease$Acquire
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$Fk$Fk$called `Option::unwrap()` on a `None` value$tk
                    • API String ID: 1340470989-1019560730
                    • Opcode ID: fc62dfc9fb342ccb3dfc565444970cc8c079f3bbc75cf0f1f2ceee2da3f5fd32
                    • Instruction ID: 7680f599b157790839abe6f1bcd1d357ff6b9af1b9b6fc7ebef52891da758a77
                    • Opcode Fuzzy Hash: fc62dfc9fb342ccb3dfc565444970cc8c079f3bbc75cf0f1f2ceee2da3f5fd32
                    • Instruction Fuzzy Hash: E6510270A003054BEF14AF669C49B6E7FE9FB85314F48442AE844DB293EB79D840C7E5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00444AC0 Relevance: 28.9, APIs: 16, Strings: 3, Instructions: 364memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 7785 444ac0-444b42 call 42ae70 7788 444fa2-444fc2 call 458c60 7785->7788 7789 444b48-444b5f call 444fe0 7785->7789 7796 444fc4 7788->7796 7794 444b65-444b6b 7789->7794 7795 444f83-444f88 call 40a470 7789->7795 7798 444b6d-444b74 7794->7798 7799 444b9a 7794->7799 7806 444f8a-444f8f 7795->7806 7800 444fc9-444fdf call 40a490 7796->7800 7802 444b84-444b91 HeapAlloc 7798->7802 7803 444b76-444b7d GetProcessHeap 7798->7803 7804 444b9f-444bb0 memcpy 7799->7804 7802->7804 7807 444b93-444b95 7802->7807 7803->7807 7808 444b7f 7803->7808 7809 444bb2-444bbc call 550100 7804->7809 7810 444bbf-444be2 7804->7810 7806->7800 7807->7800 7808->7802 7809->7810 7813 444be4-444beb GetProcessHeap 7810->7813 7814 444bf6-444c02 HeapAlloc 7810->7814 7813->7806 7817 444bf1 7813->7817 7814->7806 7815 444c08-444c33 7814->7815 7818 444c35-444c44 call 550100 7815->7818 7819 444c46 7815->7819 7817->7814 7821 444c49-444c71 7818->7821 7819->7821 7823 444cc2-444cc9 7821->7823 7824 444c73-444c7a 7821->7824 7825 444cdd-444ce9 HeapAlloc 7823->7825 7826 444ccb-444cd2 GetProcessHeap 7823->7826 7827 444c7c-444c83 GetProcessHeap 7824->7827 7828 444c8e-444c9a HeapAlloc 7824->7828 7825->7796 7830 444cef-444d3c 7825->7830 7826->7796 7829 444cd8 7826->7829 7831 444f7c-444f81 7827->7831 7832 444c89 7827->7832 7828->7831 7833 444ca0-444ca8 7828->7833 7829->7825 7834 444e75 7830->7834 7835 444d42-444d51 call 550100 7830->7835 7831->7800 7832->7828 7836 444d56 7833->7836 7837 444cae-444cbd call 550100 7833->7837 7838 444e78-444e91 7834->7838 7835->7838 7840 444d59-444d86 7836->7840 7837->7840 7842 444e95-444ecc call 445180 call 444780 7838->7842 7840->7795 7844 444d8c-444d8e 7840->7844 7864 444ee0-444eec HeapAlloc 7842->7864 7865 444ece-444ed5 GetProcessHeap 7842->7865 7847 444dc0 7844->7847 7848 444d90-444d97 7844->7848 7849 444dc5-444dd5 memcpy 7847->7849 7851 444da7-444db6 HeapAlloc 7848->7851 7852 444d99-444da0 GetProcessHeap 7848->7852 7853 444dd7-444de6 call 550100 7849->7853 7854 444de8 7849->7854 7851->7849 7857 444db8-444dbb 7851->7857 7856 444da2 7852->7856 7852->7857 7859 444deb-444e0f 7853->7859 7854->7859 7856->7851 7857->7800 7862 444e11-444e18 GetProcessHeap 7859->7862 7863 444e23-444e2f HeapAlloc 7859->7863 7862->7831 7866 444e1e 7862->7866 7863->7831 7869 444e35-444e3d 7863->7869 7867 444f91-444fa0 call 40a490 7864->7867 7870 444ef2-444f15 7864->7870 7865->7867 7868 444edb 7865->7868 7866->7863 7867->7788 7868->7864 7872 444e50 7869->7872 7873 444e3f-444e4e call 550100 7869->7873 7874 444f17-444f40 call 5013f0 7870->7874 7875 444f43-444f7b 7870->7875 7879 444e53-444e73 7872->7879 7873->7879 7874->7875 7879->7842
                    APIs
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000001,?,?,?,00431146,00000001), ref: 00444FF4
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 0044500B
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445070
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445087
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 004450ED
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000000,?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445101
                    • GetProcessHeap.KERNEL32 ref: 00444B76
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 00444B88
                    • memcpy.MSVCRT ref: 00444BA2
                    • GetProcessHeap.KERNEL32 ref: 00444BE4
                    • HeapAlloc.KERNEL32(?,00000000,00000016), ref: 00444BFB
                    • GetProcessHeap.KERNEL32(?,00000000,00000016), ref: 00444C7C
                    • HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000016), ref: 00444C93
                    • GetProcessHeap.KERNEL32(?,00000000,00000016), ref: 00444CCB
                    • HeapAlloc.KERNEL32(?,00000000,0000002C,?,00000000,00000016), ref: 00444CE2
                    • GetProcessHeap.KERNEL32(?,00000000,00000001,?,00000000,00000016), ref: 00444D99
                    • HeapAlloc.KERNEL32(?,00000000,?,?,00000000,00000001,?,00000000,00000016), ref: 00444DAD
                    • memcpy.MSVCRT ref: 00444DCA
                    • GetProcessHeap.KERNEL32(?,00000000,00000016), ref: 00444E11
                    • HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000016), ref: 00444E28
                    • GetProcessHeap.KERNEL32(?,00000000,0000002C,?,00000000,00000016), ref: 00444ECE
                    • HeapAlloc.KERNEL32(?,00000000,0000000C,?,00000000,0000002C,?,00000000,00000016), ref: 00444EE5
                    Strings
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 00444FA5
                    • , xrefs: 00444AE8
                    • The argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did you mean The subcommand '' wasn't recog, xrefs: 00444B4B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess$memcpy
                    • String ID: $The argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did you mean The subcommand '' wasn't recog$a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs
                    • API String ID: 1759892863-3005671822
                    • Opcode ID: 5c32adc1cdddc82a414c08362c5b43dfe4d973cf89ad2c50e91c8efb6f54a813
                    • Instruction ID: 2f08d909e1f6da1af11c269478fc48fa582130cfce3f748a068bc9e39e66ba45
                    • Opcode Fuzzy Hash: 5c32adc1cdddc82a414c08362c5b43dfe4d973cf89ad2c50e91c8efb6f54a813
                    • Instruction Fuzzy Hash: FEF1A170E006068FEB10DFA5C884BAFBBB5FF84304F24815AE8056B391DB79D946CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005DB5F0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memorythreadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 8141 5db5f0-5db602 8142 5db604-5db60b GetProcessHeap 8141->8142 8143 5db616-5db622 HeapAlloc 8141->8143 8144 5db6bb-5db6eb call 40a490 SetThreadStackGuarantee 8142->8144 8145 5db611 8142->8145 8143->8144 8146 5db628-5db658 CreateThread 8143->8146 8152 5db6ed-5db6f5 GetLastError 8144->8152 8153 5db6f7-5db70a 8144->8153 8145->8143 8148 5db65a-5db65f 8146->8148 8149 5db661-5db673 8146->8149 8151 5db6b1-5db6ba 8148->8151 8156 5db68c-5db6ac HeapFree GetLastError 8149->8156 8157 5db675-5db679 8149->8157 8152->8153 8155 5db73d-5db78d call 455a80 call 45ae30 8152->8155 8162 5db70c-5db710 8153->8162 8163 5db723-5db73a HeapFree 8153->8163 8169 5db813-5db819 8155->8169 8170 5db793-5db7a8 call 5c5b30 8155->8170 8156->8151 8160 5db67e-5db687 HeapFree 8157->8160 8161 5db67b 8157->8161 8160->8156 8161->8160 8165 5db715-5db71e HeapFree 8162->8165 8166 5db712 8162->8166 8165->8163 8166->8165 8173 5db7aa-5db7ae 8170->8173 8174 5db7e4-5db7f7 GetCurrentThread 8170->8174 8173->8169 8175 5db7b0-5db7c4 8173->8175 8176 5db7f9-5db803 8174->8176 8177 5db81a-5db827 SetLastError 8174->8177 8179 5db805-5db80e HeapFree 8175->8179 8182 5db7c6-5db7cc 8175->8182 8176->8169 8176->8179 8177->8169 8178 5db829 8177->8178 8178->8179 8179->8169 8183 5db7ce 8182->8183 8184 5db7d1-5db7e2 HeapFree 8182->8184 8183->8184 8184->8179
                    APIs
                    • GetProcessHeap.KERNEL32(00000000,00000000,00000001,00000000,?,004F94C9,00000000,0066F07C,00000000,00000000,0000003C,?,00000000,00000014), ref: 005DB604
                    • HeapAlloc.KERNEL32(?,00000000,00000008,00000000,00000000,00000001,00000000,?,004F94C9,00000000,0066F07C,00000000,00000000,0000003C,?,00000000), ref: 005DB61B
                    • CreateThread.KERNEL32 ref: 005DB651
                    • HeapFree.KERNEL32(00000000,-0000FFFE,000000A8), ref: 005DB687
                    • HeapFree.KERNEL32(00000000,00000000,000000A8), ref: 005DB695
                    • GetLastError.KERNEL32(00000000,00000000,000000A8), ref: 005DB69A
                    • SetThreadStackGuarantee.KERNEL32(?), ref: 005DB6E4
                    • GetLastError.KERNEL32(?), ref: 005DB6ED
                    • HeapFree.KERNEL32(00000000,00000001,?,00000000,00000000,00000018,?,00000000,000000A8), ref: 005DB71E
                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000,00000018,?,00000000,000000A8), ref: 005DB72C
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DB7DA
                    • GetCurrentThread.KERNEL32 ref: 005DB7EA
                    • HeapFree.KERNEL32(00000000,?,00000078), ref: 005DB80E
                    • SetLastError.KERNEL32(00000078), ref: 005DB81C
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 005DB75A
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$ErrorLastThread$AllocCreateCurrentGuaranteeProcessStack
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 3273791949-318435341
                    • Opcode ID: af39348a33d66cbbc5d423f75a0dfb7c39ec29379ffd443e0b39705b815d7bb4
                    • Instruction ID: 4a2d5065be509724bd770a64f943246e162280eb9e5b609ee95682983972d88e
                    • Opcode Fuzzy Hash: af39348a33d66cbbc5d423f75a0dfb7c39ec29379ffd443e0b39705b815d7bb4
                    • Instruction Fuzzy Hash: C2610B71901205EBEB24AF99CC49B5ABFBAFF84354F15402BF9446B391D731AC40CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005C60B0 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 499memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 005C5B30: HeapFree.KERNEL32(00000000,?), ref: 005C5BF0
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005C6112
                    • HeapFree.KERNEL32(00000000,?), ref: 005C6126
                    • memset.MSVCRT ref: 005C615B
                    • SetLastError.KERNEL32(00000000), ref: 005C61F2
                    • GetEnvironmentVariableW.KERNEL32(?,?,00000200,00000000), ref: 005C61FC
                    • GetLastError.KERNEL32(?,00000001,00000000,00000000,?,?,00000200,00000000), ref: 005C6207
                    • GetLastError.KERNEL32(?,00000001,00000000,00000000,?,?,00000200,00000000), ref: 005C6218
                    • GetLastError.KERNEL32(?,00000001,00000000,00000000,?,?,00000200,00000000), ref: 005C6270
                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 005C629B
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005C62DC
                    • HeapFree.KERNEL32(00000000,?), ref: 005C62EA
                    • HeapFree.KERNEL32(00000000,?,00000000), ref: 005C6322
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ErrorLast$EnvironmentVariablememset
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 3690219534-318435341
                    • Opcode ID: d17e3d5c34cf28f3d59a39ff3823a0c581af702433775ec77296c5a13b32acd1
                    • Instruction ID: 3bd6082137c26888aa818d90d591300f8d1396feaeaf8f8d83f7db54980ce747
                    • Opcode Fuzzy Hash: d17e3d5c34cf28f3d59a39ff3823a0c581af702433775ec77296c5a13b32acd1
                    • Instruction Fuzzy Hash: 363210B4D012199FDF14CF94D888BEDBBB2BF49308F24415AE8046B352D775AA49CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00436C80 Relevance: 23.0, APIs: 18, Instructions: 473memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID:
                    • API String ID: 4164033339-0
                    • Opcode ID: 846bc5a880d3c4255b12f2c3806475c122c20e12b68ae0fd800ac3b7cb546820
                    • Instruction ID: 005c587c7ed090b10b447b41c76ef6c3e9f31227107af55c670aacc774ebc2df
                    • Opcode Fuzzy Hash: 846bc5a880d3c4255b12f2c3806475c122c20e12b68ae0fd800ac3b7cb546820
                    • Instruction Fuzzy Hash: A43298B4609B429FD364CF29C480B9AFBF5BF88340F10992EE99D87351E734A854CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402010 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 208memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,00000000), ref: 00402079
                      • Part of subcall function 00493E40: HeapFree.KERNEL32(00000000,?,?,?,?,0040205D), ref: 00493E65
                      • Part of subcall function 00493E40: HeapFree.KERNEL32(00000000,?,?,?,?,0040205D), ref: 00493E74
                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 004020EF
                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 0040213E
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 004021C2
                    Strings
                    • called `Result::unwrap()` on an `Err` value, xrefs: 00402208
                    • d#g, xrefs: 004022BF
                    • assertion failed: guard.queue.dequeue().is_none(), xrefs: 004022B5
                    • d#g, xrefs: 00402212
                    • called `Option::unwrap()` on a `None` value, xrefs: 00402283
                    • d#g, xrefs: 0040229E
                    • assertion failed: guard.canceled.is_none(), xrefs: 00402294
                    • d#g, xrefs: 0040224F
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ExclusiveLock$AcquireRelease
                    • String ID: assertion failed: guard.canceled.is_none()$assertion failed: guard.queue.dequeue().is_none()$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$d#g$d#g$d#g$d#g
                    • API String ID: 1406246216-2272994264
                    • Opcode ID: 5f6fdb007bbd99b5e016cecc2cbe20f39d3e7094ae264712c69e7e69a6e14e09
                    • Instruction ID: cc1a3c09133f6b5ec572bcf09bba2016354319fa6e8b6f3bf5e4b6131674d7f9
                    • Opcode Fuzzy Hash: 5f6fdb007bbd99b5e016cecc2cbe20f39d3e7094ae264712c69e7e69a6e14e09
                    • Instruction Fuzzy Hash: 17710570A002069BDB14DF65CD49BABBBB5FF45318F10813AE5187B3D1D7B9A805CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00427160 Relevance: 22.9, APIs: 18, Instructions: 400memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000E0,00000008), ref: 0042719D
                    • HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004271AF
                    • GetProcessHeap.KERNEL32(?,00000000,?), ref: 00427306
                    • HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,?), ref: 0042731C
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00417463), ref: 00427489
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 0042749B
                    • GetProcessHeap.KERNEL32 ref: 0042754D
                    • HeapAlloc.KERNEL32(?,00000000,00000000), ref: 00427563
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID:
                    • API String ID: 1617791916-0
                    • Opcode ID: be44912ffe9664276a9a68cdce964c9b1bb8a91e6386c9b78a253efd1afd8988
                    • Instruction ID: 1e6ecf5b3596315dd74dfacb389e5c43c34e8942998c1c8c5d93e83fc9dd4703
                    • Opcode Fuzzy Hash: be44912ffe9664276a9a68cdce964c9b1bb8a91e6386c9b78a253efd1afd8988
                    • Instruction Fuzzy Hash: 4DE15DB0F056169BDB24DF69D880BAEBBF5FF88314F64412AD804AB351E734D841CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403EE0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 147memoryCOMMON
                    Download Yara Rule
                    APIs
                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00403EFF
                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00403F4E
                    • HeapFree.KERNEL32(00000000,00000000,?,?), ref: 00403FAE
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 00403FC9
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 00403FE7
                    Strings
                    • called `Result::unwrap()` on an `Err` value, xrefs: 0040400F
                    • d#g, xrefs: 004040C6
                    • assertion failed: guard.queue.dequeue().is_none(), xrefs: 004040BC
                    • d#g, xrefs: 00404019
                    • called `Option::unwrap()` on a `None` value, xrefs: 0040408A
                    • d#g, xrefs: 004040A5
                    • assertion failed: guard.canceled.is_none(), xrefs: 0040409B
                    • d#g, xrefs: 00404056
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ExclusiveLock$AcquireRelease
                    • String ID: assertion failed: guard.canceled.is_none()$assertion failed: guard.queue.dequeue().is_none()$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$d#g$d#g$d#g$d#g
                    • API String ID: 1406246216-2272994264
                    • Opcode ID: 137256f8e559ddb84f94e414396278a5751506fc320398a6c26301ca8aad1029
                    • Instruction ID: 908282d954cc5d4c6008ec654d903d0a41384e87419ad30aa0b795c6e58e0f98
                    • Opcode Fuzzy Hash: 137256f8e559ddb84f94e414396278a5751506fc320398a6c26301ca8aad1029
                    • Instruction Fuzzy Hash: B0510270E002029BEB149F25D845B6BBBB9FF41319F10822AE6187B3D1D739E905CB99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004716F0 Relevance: 20.2, APIs: 16, Instructions: 161memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,004291D7,00000000,?), ref: 0047173F
                    • HeapFree.KERNEL32(00000000,0FFFFFFF,00000000,?,?,?,?,?,?,004291D7,00000000,?), ref: 00471758
                    • HeapFree.KERNEL32(00000000,0FFFFFFF,00000000,0FFFFFFF,00000000,?,?,?,?,?,?,004291D7,00000000,?), ref: 00471771
                    • HeapFree.KERNEL32(00000000,1FFFFFFF,00000000,0FFFFFFF,00000000,0FFFFFFF,00000000,?,?,?,?,?,?,004291D7,00000000,?), ref: 0047178A
                    • HeapFree.KERNEL32(00000000,?,00000000,1FFFFFFF,00000000,0FFFFFFF,00000000,0FFFFFFF,00000000,?,?,?,?,?,?,004291D7), ref: 004717A3
                    • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,1FFFFFFF,00000000,0FFFFFFF,00000000,0FFFFFFF,00000000,?,?,?,?,?), ref: 004717BC
                    • HeapFree.KERNEL32(00000000,1FFFFFFF,00000000,?,00000000,?,00000000,1FFFFFFF,00000000,0FFFFFFF,00000000,0FFFFFFF,00000000,?,?,?), ref: 004717D5
                    • HeapFree.KERNEL32(00000000,?,00000000,1FFFFFFF,00000000,?,00000000,?,00000000,1FFFFFFF,00000000,0FFFFFFF,00000000,0FFFFFFF,00000000,?), ref: 004717FC
                    • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,1FFFFFFF,00000000,?,00000000,?,00000000,1FFFFFFF,00000000,0FFFFFFF,00000000,0FFFFFFF), ref: 0047181B
                    • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,1FFFFFFF,00000000,?,00000000,?,00000000,1FFFFFFF,00000000,0FFFFFFF), ref: 0047185B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 927ed5d9262eb6a6b0c3d178d9fa5ddb198d48ba7c8f4ded3a47c600abfe1755
                    • Instruction ID: 4c5a083e1f11957071269996ccf6fb3d20ae1ce7341674094d81bc810cd6ead9
                    • Opcode Fuzzy Hash: 927ed5d9262eb6a6b0c3d178d9fa5ddb198d48ba7c8f4ded3a47c600abfe1755
                    • Instruction Fuzzy Hash: 60519131200202BBDB2D6B69CD46BD6B762FF41350F14432AFA28551F1D776A836EB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041E120 Relevance: 20.1, APIs: 16, Instructions: 147memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E13C
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E155
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E16E
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E187
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E1A0
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E1B9
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E1D2
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E1F9
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E218
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E25B
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E27C
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0041E29B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 17d3c81fb1f1fd0b47debf0e4fd280da9b2207b27e35c8cfced50918659232a6
                    • Instruction ID: f31276e4dc3bcae991928885bb9666e7f208051e654ae81eb28036090f4ae617
                    • Opcode Fuzzy Hash: 17d3c81fb1f1fd0b47debf0e4fd280da9b2207b27e35c8cfced50918659232a6
                    • Instruction Fuzzy Hash: AA51AD35100701AADB396B62CD06F937BB6FF80710F14061EFEA6151F1C776A8A2EB18
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00437480 Relevance: 18.9, APIs: 15, Instructions: 174memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00437499
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 004374B4
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 004374DB
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 004374FA
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00437521
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00437542
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00437572
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 004375BE
                    • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 004375E7
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 47f3bcbb87318752359f8aa8c5233de8312bc1221d7dee3313d5e95247471791
                    • Instruction ID: f95687fe75b985897b3e1008313a9d305fd9d136c9e74276b40608c876105403
                    • Opcode Fuzzy Hash: 47f3bcbb87318752359f8aa8c5233de8312bc1221d7dee3313d5e95247471791
                    • Instruction Fuzzy Hash: F461D171204702ABDB399B25CC42F677BE6EF88310F14252EF5959A2F0D735E852DB18
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005AF1B0 Relevance: 18.2, APIs: 12, Instructions: 196memoryfileCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005AF2BC
                    • HeapFree.KERNEL32(00000000,?), ref: 005AF2CA
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005AF321
                    • HeapFree.KERNEL32(00000000,?), ref: 005AF32F
                    • CloseHandle.KERNEL32(?), ref: 005AF351
                    • GetCurrentProcess.KERNEL32 ref: 005AF36E
                    • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002), ref: 005AF37D
                    • CreateFileMappingA.KERNEL32 ref: 005AF399
                    • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,00000000,?,00000000), ref: 005AF3AF
                    • CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,?,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,00000000,?), ref: 005AF3B9
                    • GetLastError.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002), ref: 005AF3E1
                    • CloseHandle.KERNEL32(?,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000002), ref: 005AF3F4
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHandleHeap$Close$File$CreateCurrentDuplicateErrorLastMappingProcessView
                    • String ID:
                    • API String ID: 3669853530-0
                    • Opcode ID: 7f77bb1aa38b8bf1be59f34b7e2ed04e5f81cc39eddc1d1ba6da4c88aa67620d
                    • Instruction ID: e355683f3915fd4ded105cdc96dc29ddd72aedb5d88475ab2010f4790d2d4091
                    • Opcode Fuzzy Hash: 7f77bb1aa38b8bf1be59f34b7e2ed04e5f81cc39eddc1d1ba6da4c88aa67620d
                    • Instruction Fuzzy Hash: CE617A74A04302AFDB14EF95CC89B6EBBE5FF85304F14882DF5885B291D771A845CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00440DC0 Relevance: 16.9, APIs: 10, Strings: 1, Instructions: 372memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00440DE8
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 00440DFA
                    • memcpy.MSVCRT ref: 00440E26
                    • memcpy.MSVCRT ref: 00440E53
                    • HeapFree.KERNEL32(00000000,?), ref: 00440F2D
                    • HeapFree.KERNEL32(00000000,00000000), ref: 00440F72
                    • HeapFree.KERNEL32(00000000,?), ref: 0044129D
                    • HeapFree.KERNEL32(00000000,00000000), ref: 004412B8
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$memcpy$AllocProcess
                    • String ID: [_PDI[_PDI[_PDI
                    • API String ID: 3082654283-850550064
                    • Opcode ID: 5f443d2afa474389c8be220656dfab21739b7242f8c94a9d178927ecf31c6d25
                    • Instruction ID: d8c08d0612e85649acb53e9f9871484d9cf9a2a883c9c7ee23d50329648b467b
                    • Opcode Fuzzy Hash: 5f443d2afa474389c8be220656dfab21739b7242f8c94a9d178927ecf31c6d25
                    • Instruction Fuzzy Hash: 28E17DB1E002198BEF24DF95C8447AEBBB2BF84304F14402AE905BB391D7B89D85CF95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040A0B0 Relevance: 16.7, APIs: 3, Strings: 8, Instructions: 190memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,00407782,?), ref: 0040A105
                    • HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,?,00407782,?), ref: 0040A117
                    • memcpy.MSVCRT ref: 0040A13A
                    Strings
                    • total_pattern_bytes/cargo/registry/src/github.com-1ecc6299db9ec823/aho-corasick-0.7.18/src/ahocorasick.rs, xrefs: 0040A27E
                    • kind, xrefs: 0040A1EE
                    • order, xrefs: 0040A227
                    • }truefalse{0x, xrefs: 0040A2B2
                    • minimum_len, xrefs: 0040A244
                    • by_id, xrefs: 0040A20D
                    • max_pattern_id, xrefs: 0040A261
                    • assertion failed: self.by_id.len() <= u16::MAX as usizeD/_, xrefs: 0040A17E
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID: }truefalse{0x$assertion failed: self.by_id.len() <= u16::MAX as usizeD/_$by_id$kind$max_pattern_id$minimum_len$order$total_pattern_bytes/cargo/registry/src/github.com-1ecc6299db9ec823/aho-corasick-0.7.18/src/ahocorasick.rs
                    • API String ID: 4164033339-254726944
                    • Opcode ID: dce11dca0f21db94c97da4aa7221e0de0ab42073eb8160bb8d959f6f98405e2b
                    • Instruction ID: 00e014279214badedeb45dabf48b11a81a94be4af298045f9cc50d034ca33a6f
                    • Opcode Fuzzy Hash: dce11dca0f21db94c97da4aa7221e0de0ab42073eb8160bb8d959f6f98405e2b
                    • Instruction Fuzzy Hash: 9B61E2B1A003099FDB24DF55C845EABBBF9FF84304F00402EE945AB382D775AE158BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041B420 Relevance: 16.5, APIs: 13, Instructions: 264COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 018078a905439ccb93d2364f4e80d05a9b2cf451aaf7371f0749dd7685cdf0ea
                    • Instruction ID: a3457b641fab877f12aff65c5736ace6cde0293cbbf9bce285c38706f43f581e
                    • Opcode Fuzzy Hash: 018078a905439ccb93d2364f4e80d05a9b2cf451aaf7371f0749dd7685cdf0ea
                    • Instruction Fuzzy Hash: 12919C75A04301AFC710EF15C884A6BBBE9FF88754F14852AE8885B351D734EC81CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004615F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 160memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 005C60B0: HeapFree.KERNEL32(00000000,00000000), ref: 005C6112
                      • Part of subcall function 005C60B0: HeapFree.KERNEL32(00000000,?), ref: 005C6126
                    • HeapFree.KERNEL32(00000000,?), ref: 004616BF
                    • HeapFree.KERNEL32(00000000,00000000), ref: 0046171A
                    • HeapFree.KERNEL32(00000000,?), ref: 00461731
                    • GetConsoleMode.KERNEL32(?,?), ref: 00461746
                    • SetConsoleMode.KERNEL32(?,00000000,?,?), ref: 0046175D
                    • GetLastError.KERNEL32(?,?), ref: 00461776
                    • HeapFree.KERNEL32(00000000,?), ref: 004617B2
                    Strings
                    • TERMdumbNO_COLORcygwincannot lock a buffered standard stream/cargo/registry/src/github.com-1ecc6299db9ec823/termcolor-1.1.2/src/lib.rs, xrefs: 004615FF
                    • dumb, xrefs: 004616A7
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ConsoleMode$ErrorLast
                    • String ID: TERMdumbNO_COLORcygwincannot lock a buffered standard stream/cargo/registry/src/github.com-1ecc6299db9ec823/termcolor-1.1.2/src/lib.rs$dumb
                    • API String ID: 172196510-147622852
                    • Opcode ID: b4f973abd115826164ba1dd72b90f23b74912d1822171a1de834aad4551efe56
                    • Instruction ID: 795f50de59f9abf203048691101d5dcc26868c0193123fd1aae358e4fb0606d9
                    • Opcode Fuzzy Hash: b4f973abd115826164ba1dd72b90f23b74912d1822171a1de834aad4551efe56
                    • Instruction Fuzzy Hash: 8E510478B002128FDF259A61CC8177F7766EB91701F2C402BE4426B3B1E6399C42D79B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405C36 Relevance: 15.4, APIs: 9, Strings: 1, Instructions: 351COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: a@
                    • API String ID: 0-3993735146
                    • Opcode ID: c50cbc8f526c83e94f24e8e697eb61e03524949abd7052d7eb6c7f368dfffbd0
                    • Instruction ID: ad6a7a1e5014b83f5da9efed44ad8fff6d8e8ffa3b3ea7aa361c346f9f319082
                    • Opcode Fuzzy Hash: c50cbc8f526c83e94f24e8e697eb61e03524949abd7052d7eb6c7f368dfffbd0
                    • Instruction Fuzzy Hash: E9C1F431A042028FE724DB64C84077B77A2EB81310F2A417BD456BB3D2DB7DAC52CB99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00458640 Relevance: 15.3, APIs: 2, Strings: 8, Instructions: 283COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memset
                    • String ID: 0.+infNaNassertion failed: buf.len() >= maxlen$1$BorrowErrorBorrowMutError$Ty_$Ty_$assertion failed: !buf.is_empty()$assertion failed: buf[0] > b\'0\'$l}_
                    • API String ID: 2221118986-76882985
                    • Opcode ID: d4eb92daf843c89736bd0b832d1667385607e2732cc70fc3f51fec60ceaa2445
                    • Instruction ID: 40c711b93b270b50a3a738a7cfb48ad0cc7fdbb08280a42e077a83d63963b764
                    • Opcode Fuzzy Hash: d4eb92daf843c89736bd0b832d1667385607e2732cc70fc3f51fec60ceaa2445
                    • Instruction Fuzzy Hash: 89B1A1B1A002198FCB14CF58C484ABEBBF1FF88305F15816EDC496B352DBB99949CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00461850 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 201memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,00460D95), ref: 0046187F
                    • HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,00460D95), ref: 004618AE
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: CONOUT$
                    • API String ID: 1617791916-3130406586
                    • Opcode ID: 2c79636f1ddbfe75f7a96e12cdf3c673e48bfcba4311c5d2f57086828b38108f
                    • Instruction ID: 4f9bd3c53b80cd7939158698f5b53ee57f7ab5f3941f121cb4a025cea55bbae0
                    • Opcode Fuzzy Hash: 2c79636f1ddbfe75f7a96e12cdf3c673e48bfcba4311c5d2f57086828b38108f
                    • Instruction Fuzzy Hash: C0617D72E012114AD718DBA9CC557BF7BA2EF45314F1C423BE415AB3E1E6B89C02C796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004022D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 100memoryCOMMON
                    Download Yara Rule
                    APIs
                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 004022EF
                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 0040233B
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 0040236D
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 00402388
                    • HeapFree.KERNEL32(00000000,?), ref: 004024D3
                    • HeapFree.KERNEL32(00000000,00000000), ref: 004024F4
                    Strings
                    • d#g, xrefs: 00402467
                    • assertion failed: guard.queue.dequeue().is_none(), xrefs: 0040245D
                    • called `Option::unwrap()` on a `None` value, xrefs: 0040242B
                    • d#g, xrefs: 004023F7
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ExclusiveLock$AcquireRelease
                    • String ID: assertion failed: guard.queue.dequeue().is_none()$called `Option::unwrap()` on a `None` value$d#g$d#g
                    • API String ID: 1406246216-630805564
                    • Opcode ID: 8e98844281e80d694ad73b7a71afd73887a9ed251b6b4f653a3facd8af43cf65
                    • Instruction ID: 0432104ce4f862b2e560d4d3a4b81501ae20c66cf9fbbe7f96fe7094c9afdbf2
                    • Opcode Fuzzy Hash: 8e98844281e80d694ad73b7a71afd73887a9ed251b6b4f653a3facd8af43cf65
                    • Instruction Fuzzy Hash: 1331E2706002029BDB149F31DD88B6BB7B5FF51318F10413BE818AB6D1D7B9E855CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005698F0 Relevance: 14.0, APIs: 11, Instructions: 223memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,00408411), ref: 0056992A
                    • HeapAlloc.KERNEL32(?,00000000,00000000,?,?,?,?,?,00408411), ref: 0056993C
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00408411), ref: 005699F4
                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00408411), ref: 00569A5F
                    • HeapAlloc.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00408411), ref: 00569A71
                    • memcpy.MSVCRT ref: 00569A9F
                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,00408411), ref: 00569AEF
                    • HeapAlloc.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,?), ref: 00569B01
                    • memcpy.MSVCRT ref: 00569B2F
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Process$Alloc$memcpy
                    • String ID:
                    • API String ID: 1508419231-0
                    • Opcode ID: df44663a8c19edee12a36614a884edc3333f1928638340726828513ff25a0573
                    • Instruction ID: 6b0c16d70a8aeb8acb1a91f385aead3c24fb6ee65c71a35c93b01509173e3b54
                    • Opcode Fuzzy Hash: df44663a8c19edee12a36614a884edc3333f1928638340726828513ff25a0573
                    • Instruction Fuzzy Hash: 9A6181B5A012169BDB149FAADC85B6ABFFDFF84354F14402AE948DB351E630DC00C7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00446D80 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 202memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000001,?,?,?,00431146,00000001), ref: 00444FF4
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 0044500B
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445070
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445087
                      • Part of subcall function 00444FE0: GetProcessHeap.KERNEL32(?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 004450ED
                      • Part of subcall function 00444FE0: HeapAlloc.KERNEL32(?,00000000,00000000,?,00000000,00000001,?,00000000,00000006,?,00000001,?,?,?,00431146,00000001), ref: 00445101
                    • GetProcessHeap.KERNEL32 ref: 00446DE0
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 00446DF2
                    • memcpy.MSVCRT ref: 00446E0C
                    • GetProcessHeap.KERNEL32 ref: 00446E4E
                    • HeapAlloc.KERNEL32(?,00000000,00000037), ref: 00446E65
                    • GetProcessHeap.KERNEL32(?,00000000,00000037), ref: 00446FC7
                    • HeapAlloc.KERNEL32(?,00000000,0000000C,?,00000000,00000037), ref: 00446FDA
                    Strings
                    • Found argument '' which wasn't expected, or isn't valid in this context, xrefs: 00446DA2
                    • |b_, xrefs: 00446F1D
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess$memcpy
                    • String ID: Found argument '' which wasn't expected, or isn't valid in this context$|b_
                    • API String ID: 1759892863-103840355
                    • Opcode ID: 4c1eb07313794940e052e5e7ef36948682e171b66a9518b074ed5d1d649159e4
                    • Instruction ID: 67a650d84edd2d2a49a616fb3b990c0b005163072233378483ac874919a0958c
                    • Opcode Fuzzy Hash: 4c1eb07313794940e052e5e7ef36948682e171b66a9518b074ed5d1d649159e4
                    • Instruction Fuzzy Hash: 6191A474D00B099FDB15DF65D880BAEBBB5FF85344F20821ED8056B342DB75A946CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00447060 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 178memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 004470F4
                    • HeapAlloc.KERNEL32(?,00000000,00000006), ref: 0044710B
                    • GetProcessHeap.KERNEL32(?,00000000,00000006), ref: 0044716F
                    • HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000006), ref: 00447186
                    • HeapFree.KERNEL32(00000000,00000000), ref: 0044727D
                    • HeapFree.KERNEL32(00000000,?), ref: 0044728E
                    Strings
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 004472B6
                    • error:For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did y, xrefs: 0044711F
                    • , xrefs: 0044707B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocFreeProcess
                    • String ID: $a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs$error:For more information try wasThe argument '' cannot be used with one or more of the other specified arguments' requires a value but none was suppliedEqual sign is needed when assigning values to ' isn't a valid value for ''[possible values: Did y
                    • API String ID: 2113670309-1835661686
                    • Opcode ID: 05dce7bf79454b5d139c46b308a94265796e569333ffdf03fb85bcdefae73e11
                    • Instruction ID: 742dcabb4babf4f484586314ace5baf0e72c2cfc84659bab53fa6bcc1ccaac2a
                    • Opcode Fuzzy Hash: 05dce7bf79454b5d139c46b308a94265796e569333ffdf03fb85bcdefae73e11
                    • Instruction Fuzzy Hash: C5717070D046498FEB10DF94C984BAFBBF6FF45304F244159E805AB391D7B9A946CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00440860 Relevance: 12.8, APIs: 10, Instructions: 330memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00440932
                    • HeapAlloc.KERNEL32(?,00000000,0000000C), ref: 00440949
                      • Part of subcall function 0040A5E0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,0049C229), ref: 0040A65A
                      • Part of subcall function 0040A5E0: HeapAlloc.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,0049C229), ref: 0040A66C
                    • GetProcessHeap.KERNEL32 ref: 00440ABA
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 00440AD0
                    • HeapFree.KERNEL32(00000000,?), ref: 00440BE9
                    • HeapFree.KERNEL32(00000000,?), ref: 00440C28
                    • HeapFree.KERNEL32(00000000,?), ref: 00440C4B
                    • HeapFree.KERNEL32(00000000,?), ref: 00440C98
                    • HeapFree.KERNEL32(00000000,?), ref: 00440CBB
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID:
                    • API String ID: 3396873598-0
                    • Opcode ID: cea4840ae4ba8915c16fed528185f3c857affaeddf3707ebd52e7fe4c7e2a75b
                    • Instruction ID: 90ed05c5db28965eb5e4d8bd33d84eff29412030a1b9ed74efc964efe3e45a42
                    • Opcode Fuzzy Hash: cea4840ae4ba8915c16fed528185f3c857affaeddf3707ebd52e7fe4c7e2a75b
                    • Instruction Fuzzy Hash: 59D16971D002198BEB14DF94C884BAEBBB1FF44304F15422ADA15BB391D778A995CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005D9620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 131memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005D96B3
                    • HeapFree.KERNEL32(00000000), ref: 005D96C1
                    • AcquireSRWLockExclusive.KERNEL32(006DD11C), ref: 005D9739
                    • ReleaseSRWLockExclusive.KERNEL32(006DD11C), ref: 005D9785
                    • HeapFree.KERNEL32(00000000,00000000,006DD11C), ref: 005D97B6
                    • HeapFree.KERNEL32(00000000,?,006DD11C), ref: 005D97C4
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 005D9711
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$ExclusiveLock$AcquireRelease
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 1406246216-318435341
                    • Opcode ID: 5588fc946c4f2cdfe77e92392cf068c843bee42bd461e563b1e706370620d512
                    • Instruction ID: 0d093db47b5225fab17301a3bbe82d220bfd369b8ba1168aea4b15cbaf4d1c73
                    • Opcode Fuzzy Hash: 5588fc946c4f2cdfe77e92392cf068c843bee42bd461e563b1e706370620d512
                    • Instruction Fuzzy Hash: 6D512AB49012099FDB20CF98DC85BEDBFB5FF45314F14406AE844AB351D771A945CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005AB520 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98memoryCOMMON
                    Download Yara Rule
                    APIs
                    • AcquireSRWLockExclusive.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB530
                    • TlsAlloc.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB53E
                    • GetProcessHeap.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB557
                    • HeapAlloc.KERNEL32(?,00000000,0000000C,006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?), ref: 005AB56A
                    • ReleaseSRWLockExclusive.KERNEL32(006DD128,006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001), ref: 005AB5AA
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 005AB610
                    • assertion failed: key != c::TLS_OUT_OF_INDEXESlibrary\std\src\sys\windows\thread_local_key.rs, xrefs: 005AB5B9
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$assertion failed: key != c::TLS_OUT_OF_INDEXESlibrary\std\src\sys\windows\thread_local_key.rs
                    • API String ID: 3228198226-1603436601
                    • Opcode ID: a97b56d12f5dbc150de3b80a2220e18474c4f0d4127c89834aa8d3f8f8444677
                    • Instruction ID: 26d1f9098eab85f42431334bae8a2b3712166a9c8b27304af3b252e4043d009a
                    • Opcode Fuzzy Hash: a97b56d12f5dbc150de3b80a2220e18474c4f0d4127c89834aa8d3f8f8444677
                    • Instruction Fuzzy Hash: FD31B4B1D002099BEB14DF95D849B9EBFF5FF49308F14412DE404AB382EB7599048BE1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040B070 Relevance: 12.2, APIs: 7, Strings: 1, Instructions: 221memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 0040B0B5
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 0040B0C7
                    • memcpy.MSVCRT ref: 0040B12A
                    • memcpy.MSVCRT ref: 0040B1DE
                    • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 0040B29E
                    • HeapAlloc.KERNEL32(?,00000000,?,00000000,?,?,?), ref: 0040B2B0
                    • memcpy.MSVCRT ref: 0040B2D4
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0040B0E3
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$memcpy$AllocProcess
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 3463615303-318435341
                    • Opcode ID: 3aec6c3530c135025591ed2034668a7ee1a6e6954abdfcac20658449804e4a0e
                    • Instruction ID: ba45120c61521673f4fb86515590667f4adf6fec6aaea86a2b8c6fd463d266a7
                    • Opcode Fuzzy Hash: 3aec6c3530c135025591ed2034668a7ee1a6e6954abdfcac20658449804e4a0e
                    • Instruction Fuzzy Hash: 09815BB5E0021A8BDB14DF95C885AAFBBB5FF48354F14402AE814BB381D7789941CBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041B8E0 Relevance: 11.4, APIs: 9, Instructions: 184memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 0042CFE0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,0041B902), ref: 0042CFF6
                      • Part of subcall function 0042CFE0: HeapAlloc.KERNEL32(?,00000000,00000078,?,?,?,?,?,?,?,?,?,0041B902), ref: 0042D00D
                    • HeapFree.KERNEL32(00000000,?), ref: 0041B9F8
                    • HeapFree.KERNEL32(00000000,?), ref: 0041BA38
                    • HeapFree.KERNEL32(00000000,?), ref: 0041BA53
                    • HeapFree.KERNEL32(00000000,?), ref: 0041BA9B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID:
                    • API String ID: 3396873598-0
                    • Opcode ID: e79a981c819247b7c913d5d583ab3434bf53e43f39eaa81c3467326705f1cfbf
                    • Instruction ID: ec898fea74364d61dfb073b7d19ca6544676df8a84440bbb3d73389a66701bb4
                    • Opcode Fuzzy Hash: e79a981c819247b7c913d5d583ab3434bf53e43f39eaa81c3467326705f1cfbf
                    • Instruction Fuzzy Hash: 9261D771E003199BDF249B98CC05BEEB772EF94310F15012AE9553B3A1D73A5892DB88
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041EC00 Relevance: 10.3, APIs: 8, Instructions: 251memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocFreeProcessmemcpy
                    • String ID:
                    • API String ID: 3455684755-0
                    • Opcode ID: 6864beb7a3a90db00a5e2d1a776ded98709277d3734d292b6586cd90b1f4545c
                    • Instruction ID: 1f4e56fba1b072a3e1fbb08f23eb444259f838efa7552f3c88ee2a0a16f01b4d
                    • Opcode Fuzzy Hash: 6864beb7a3a90db00a5e2d1a776ded98709277d3734d292b6586cd90b1f4545c
                    • Instruction Fuzzy Hash: A2A162B5E002059FDB14CF56D884BEEBBB6FF88304F15416AE805AB361D774AD81CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005DCD50 Relevance: 10.2, APIs: 8, Instructions: 218memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DCDA4
                    • HeapFree.KERNEL32(00000000,?), ref: 005DCDB2
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DCE33
                    • HeapFree.KERNEL32(00000000), ref: 005DCE41
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DCF30
                    • HeapFree.KERNEL32(00000000,?), ref: 005DCF3E
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005DCF73
                    • HeapFree.KERNEL32(00000000,?), ref: 005DCF81
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 6cc8ba247dce5e84d48f26a6853e2b82bae367674726e8f0cd2cddbc4c426631
                    • Instruction ID: 339ec8976bc27af04363eaccefea93fbbaebde7920944c05b2026a771772dc82
                    • Opcode Fuzzy Hash: 6cc8ba247dce5e84d48f26a6853e2b82bae367674726e8f0cd2cddbc4c426631
                    • Instruction Fuzzy Hash: 6E918BB49002469FDB25DFA8CC58BEABFB6FF89304F14841BE4456B391C371A846CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00595E40 Relevance: 10.2, APIs: 8, Instructions: 193memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 005960D0: HeapFree.KERNEL32(00000000,00000000,?,00000000,00000002,?,?,?,?,00595E8E), ref: 0059610F
                      • Part of subcall function 005960D0: GetProcessHeap.KERNEL32(?,00000000,00000002,?,?,?,?,00595E8E), ref: 0059613A
                      • Part of subcall function 005960D0: HeapAlloc.KERNEL32(?,00000000,00000002,?,?,?,?,00595E8E), ref: 00596151
                      • Part of subcall function 005960D0: HeapFree.KERNEL32(00000000,?,00000000,00000000,00000002,?,00000000,00000002,?,?,?,?,00595E8E), ref: 00596182
                    • HeapFree.KERNEL32(00000000,?), ref: 00595ED1
                    • HeapFree.KERNEL32(00000000,?), ref: 00595EF4
                    • GetProcessHeap.KERNEL32 ref: 00595F3E
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 00595F54
                    • HeapFree.KERNEL32(00000000,?,?,00000000,?), ref: 00596040
                    • HeapFree.KERNEL32(00000000,?), ref: 00596080
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID:
                    • API String ID: 3396873598-0
                    • Opcode ID: 1a2b91cbf9264e11c0e76ac899e2e900f14f9a20ae2439518da868d3b2324114
                    • Instruction ID: d9a6fb1dca19bd43796f1b59f10f3853f17e96897f2cfe5112b4abc77d57c3c2
                    • Opcode Fuzzy Hash: 1a2b91cbf9264e11c0e76ac899e2e900f14f9a20ae2439518da868d3b2324114
                    • Instruction Fuzzy Hash: 02716075E00B098ADF25DFA5C8457AEBBB9FF89350F144219E815BB291EB309C45CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005AF040 Relevance: 10.1, APIs: 8, Instructions: 129memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapReAlloc.KERNEL32(00000000,?,00000004,?,?,00000004,00000000,?,005C5CA3), ref: 005AF077
                    • HeapAlloc.KERNEL32(00000000,00000000,00000004,?,?,00000004,00000000,?,005C5CA3,00000000,?,?,00000002,?,00000000), ref: 005AF0BC
                    • GetProcessHeap.KERNEL32(?,?,00000004,00000000,?,005C5CA3), ref: 005AF0EC
                    • HeapAlloc.KERNEL32(?,00000000,?,?,?,00000004,00000000,?,005C5CA3), ref: 005AF10A
                    • memcpy.MSVCRT ref: 005AF12D
                    • HeapFree.KERNEL32(00000000,?,?,?,00000002,?,00000000,?,005C5C04), ref: 005AF140
                    • GetProcessHeap.KERNEL32(?,?,00000004,00000000,?,005C5CA3,00000000,?,?,00000002,?,00000000,?,005C5C04), ref: 005AF14C
                    • HeapAlloc.KERNEL32(00000000,00000000,?,?,?,00000004,00000000,?,005C5CA3,00000000,?,?,00000002,?,00000000), ref: 005AF16E
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Alloc$Process$Freememcpy
                    • String ID:
                    • API String ID: 4102440617-0
                    • Opcode ID: e2f1139075992ddb85485ba423ec157bde39540aa6d030f69743de2b95d33014
                    • Instruction ID: 7719f6658fa3a4765652ebb0b1021743c9ccb3614937effd3014d0edaf015d36
                    • Opcode Fuzzy Hash: e2f1139075992ddb85485ba423ec157bde39540aa6d030f69743de2b95d33014
                    • Instruction Fuzzy Hash: BE415E757003039BD7189FEACCC4B6E7FAAFB95310F148939E9459B251EAB5D840C790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00588590 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 441COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memmove
                    • String ID: }truefalse{0x$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs$Hir$called `Option::unwrap()` on a `None` value$kind
                    • API String ID: 2162964266-2463483283
                    • Opcode ID: d2074f3a9b31d43e82ab6f3c3c8adebbc386b43ac386e7f62deda06d094d923f
                    • Instruction ID: dd38bf0cd59f951689bbf221d627eaf5b339be416c3f10a7aca315d862be8304
                    • Opcode Fuzzy Hash: d2074f3a9b31d43e82ab6f3c3c8adebbc386b43ac386e7f62deda06d094d923f
                    • Instruction Fuzzy Hash: 76E15871B002158FCB24EF55C491BBEBBA2FF95300F94846DDC866B392DA31AC05CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00407480 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 432memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?), ref: 0040759C
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: }truefalse{0x$RareByteOffset$called `Option::unwrap()` on a `None` value$max
                    • API String ID: 3298025750-1556336026
                    • Opcode ID: 95bb9442a3b586937ff5e4ed4f3cd54e8b0a8a68df1c2cdf28bf2f204f5f8bdd
                    • Instruction ID: 51cf2720493cf4e17570b8e761cc0df922a31481c37e704bf3be59488c6ee56b
                    • Opcode Fuzzy Hash: 95bb9442a3b586937ff5e4ed4f3cd54e8b0a8a68df1c2cdf28bf2f204f5f8bdd
                    • Instruction Fuzzy Hash: A5F14771E082549FDB258F2888807FABBF2AF45310F18417ED595B73C2C3396946CBA6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005845A0 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 416COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • }truefalse{0x, xrefs: 00584A76
                    • assertion failed: add_lower || add_upper/cargo/registry/src/github.com-1ecc6299db9ec823/regex-syntax-0.6.25/src/hir/interval.rs, xrefs: 005849AC
                    • called `Option::unwrap()` on a `None` value, xrefs: 005849BD, 005849CE
                    • assertion failed: !self.ranges[a].is_intersection_empty(&other.ranges[b]), xrefs: 005849DF
                    • IntervalSetranges, xrefs: 00584A25
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memmove
                    • String ID: }truefalse{0x$IntervalSetranges$assertion failed: !self.ranges[a].is_intersection_empty(&other.ranges[b])$assertion failed: add_lower || add_upper/cargo/registry/src/github.com-1ecc6299db9ec823/regex-syntax-0.6.25/src/hir/interval.rs$called `Option::unwrap()` on a `None` value
                    • API String ID: 2162964266-2723505393
                    • Opcode ID: dc34a3f870c17e846f1e10125a579c8e992c1861e4a7914f2c0463aa64b4a7a8
                    • Instruction ID: 895866bb4764a44579ea9d4bc2350cc5500c384f066ed3d84c63d1760066a9b8
                    • Opcode Fuzzy Hash: dc34a3f870c17e846f1e10125a579c8e992c1861e4a7914f2c0463aa64b4a7a8
                    • Instruction Fuzzy Hash: 46F19D75E0425A9FCB24EFA9D0905EEBFB2BB99300F648059EC8577342D630AD45CFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004FA602 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 195COMMON
                    Download Yara Rule
                    Strings
                    • AccessDenied/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\io\impls.rs, xrefs: 004FA82F
                    • OtherOutOfMemoryUnexpectedEofInterruptedArgumentListTooLongFilenameTooLongTooManyLinksCrossesDevicesDeadlockExecutableFileBusyResourceBusyFileTooLargeFilesystemQuotaExceededNotSeekableStorageFullWriteZeroTimedOutInvalidDataInvalidInputStaleNetworkFileHandleFil, xrefs: 004FA856
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: AccessDenied/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\std\src\io\impls.rs$OtherOutOfMemoryUnexpectedEofInterruptedArgumentListTooLongFilenameTooLongTooManyLinksCrossesDevicesDeadlockExecutableFileBusyResourceBusyFileTooLargeFilesystemQuotaExceededNotSeekableStorageFullWriteZeroTimedOutInvalidDataInvalidInputStaleNetworkFileHandleFil
                    • API String ID: 0-153846049
                    • Opcode ID: 7a92d7c1fc09d176fcee301c036cacdfa334235be7df7d93dcb516a51ac403e7
                    • Instruction ID: 19e0726f54a7a448db5a6404253170a3672a977f708f86a0b5f786ecc467091e
                    • Opcode Fuzzy Hash: 7a92d7c1fc09d176fcee301c036cacdfa334235be7df7d93dcb516a51ac403e7
                    • Instruction Fuzzy Hash: 4A6107B1A003089FDB149F54C845BBBBBF1AF40304F18806AEA49AB392D375DD55CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041EF40 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 169memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0042680A,?), ref: 0041EF57
                    • HeapAlloc.KERNEL32(?,00000000,00000004,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041EF6E
                    Strings
                    • Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues, xrefs: 0041F157
                    • hB, xrefs: 0041EF7B
                    • i{`, xrefs: 0041F161
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: hB$Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues$i{`
                    • API String ID: 1617791916-4114284947
                    • Opcode ID: d9a57fdc3f09be5c86f0463b1b77c1195a2e62a247993d5dec52e77994c71300
                    • Instruction ID: 4cfee0cbe5ce4775689d4fefc190cc01fce300fc26514e65d8fe5e88506aa436
                    • Opcode Fuzzy Hash: d9a57fdc3f09be5c86f0463b1b77c1195a2e62a247993d5dec52e77994c71300
                    • Instruction Fuzzy Hash: AD715A75A00219DFCB14CF95C880BEEBBB1FF49314F15416AD909AB362D735AC86CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00418073 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 168memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • attempt to join into collection with len > usize::MAX/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\str.rs, xrefs: 004180E1
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID: attempt to join into collection with len > usize::MAX/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\str.rs
                    • API String ID: 4164033339-3317517452
                    • Opcode ID: 60daadd2e00c1ccfd86cedef8d0e0541444cc61a5d22f72771e3a1cdf43c3c8e
                    • Instruction ID: e22aee04178292d04bcfa189102d59e84937b78dcccd430bdd4ad28b0791797c
                    • Opcode Fuzzy Hash: 60daadd2e00c1ccfd86cedef8d0e0541444cc61a5d22f72771e3a1cdf43c3c8e
                    • Instruction Fuzzy Hash: 325193B5E002198FCB04DF58D884AEEB7B6FF88300F19812ED815AB351EB75AD458B65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00438540 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 161memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,0043871B,?), ref: 00438566
                    • HeapAlloc.KERNEL32(?,00000000,?,00000000,?,00000000,?,0043871B,?), ref: 0043857B
                    • memcpy.MSVCRT ref: 004385B8
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID: {${${0x
                    • API String ID: 4164033339-2538650996
                    • Opcode ID: 2b669f8f01e028ea0524f88c0411b1e0a1352dab2deb21fd1bde9ebd2af019ec
                    • Instruction ID: 6212abbeafe5c9fe45b4a2e0c21af26c1ffca6276134b11e9205fb430aea364d
                    • Opcode Fuzzy Hash: 2b669f8f01e028ea0524f88c0411b1e0a1352dab2deb21fd1bde9ebd2af019ec
                    • Instruction Fuzzy Hash: 6451D071A047409BE724AF16C841BABB7E6EFC9354F14822EE48D87341EF789C45C796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041F530 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 95memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 0041F57E
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 0041F594
                    • memcpy.MSVCRT ref: 0041F627
                    • HeapFree.KERNEL32(00000000,00000020), ref: 0041F647
                    Strings
                    • , xrefs: 0041F5B7
                    • a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs, xrefs: 0041F5FB
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocFreeProcessmemcpy
                    • String ID: $a Display implementation returned an error unexpectedly/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\string.rs
                    • API String ID: 3455684755-3864687949
                    • Opcode ID: bddaaeea04c417b272abb940c87d4578c0b742f7e32d56549de6ab79936c90b1
                    • Instruction ID: f78e5f55607554234481ee5104ace418f746f51a7a23a2e873f1a2ceb59ce8d1
                    • Opcode Fuzzy Hash: bddaaeea04c417b272abb940c87d4578c0b742f7e32d56549de6ab79936c90b1
                    • Instruction Fuzzy Hash: B231B4B1A003059BDB14EFA1D889BAFBBF6EF84304F10003EE944A7351E779598ACB54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402800 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 0040284F
                    • HeapFree.KERNEL32(00000000,?), ref: 00402869
                    • HeapFree.KERNEL32(00000000,8902F883,00000000,?), ref: 0040288D
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: 0!g$0!g$0!g
                    • API String ID: 3298025750-3183474338
                    • Opcode ID: 879b004d3f2f9ff7863ea9e512ba7648e193390219c6782cbe5a4840e41bc616
                    • Instruction ID: 505556925816f8eaa59b52a4d123bbd2b1fa6abe57fcd9e9d9a8102c64a8b601
                    • Opcode Fuzzy Hash: 879b004d3f2f9ff7863ea9e512ba7648e193390219c6782cbe5a4840e41bc616
                    • Instruction Fuzzy Hash: D921EA769002069BEB14AF55CC49FABBBB5FF40324F14863AE408772D1E774A946C768
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403D20 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,00402E80,?,?,00493EBA,?,?), ref: 00403D6F
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00402E80,?,?,00493EBA,?,?,?,0040205D), ref: 00403D89
                    • HeapFree.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,00402E80,?,?,00493EBA,?,?), ref: 00403DAD
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: 0!g$0!g$0!g
                    • API String ID: 3298025750-3183474338
                    • Opcode ID: 93ae74ef473954e506a22554fcd96646cd29a8a78853b06b837fe9f48f2be56b
                    • Instruction ID: 6b003e81ea1198c3519a20e3dc13f9086ebbc5cd5bda85c7fde12e3438baf0fb
                    • Opcode Fuzzy Hash: 93ae74ef473954e506a22554fcd96646cd29a8a78853b06b837fe9f48f2be56b
                    • Instruction Fuzzy Hash: 0B21A1719002069BDB249F55CC45FEBBFB9FF40329F14413AE41877291E735AA4ACBA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00567440 Relevance: 8.8, APIs: 7, Instructions: 96memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,0056B52F), ref: 00567459
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,0056B52F), ref: 005674A8
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,0056B52F), ref: 005674D1
                    • HeapFree.KERNEL32(00000000,?,0056B52F), ref: 00567520
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,0056B52F), ref: 00567550
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,0056B52F), ref: 0056756C
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 94f94c43a04ef29af0f60f19a68bba78ce5781f1b2f837757b716410a2c43619
                    • Instruction ID: 49350c334573576bdf6f7595dcc0d72eac2992a46ac8b1374859a5ef00bc2cf3
                    • Opcode Fuzzy Hash: 94f94c43a04ef29af0f60f19a68bba78ce5781f1b2f837757b716410a2c43619
                    • Instruction Fuzzy Hash: D931CD30209305ABDB34AB64CC48B52BFE6FF88309F14046DF16A8B0B0DB32A851CB10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005CD250 Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                    Download Yara Rule
                    APIs
                    • TlsGetValue.KERNEL32(00000000,00000000,00000009,?,005DA2A5), ref: 005CD25F
                    • TlsGetValue.KERNEL32(00000000,00000000,00000009,?,005DA2A5), ref: 005CD276
                    • TlsGetValue.KERNEL32(00000000,00000000,00000000,00000009,?,005DA2A5), ref: 005CD299
                      • Part of subcall function 005AB520: AcquireSRWLockExclusive.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB530
                      • Part of subcall function 005AB520: TlsAlloc.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB53E
                      • Part of subcall function 005AB520: GetProcessHeap.KERNEL32(006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001,?,005CB3A4), ref: 005AB557
                      • Part of subcall function 005AB520: HeapAlloc.KERNEL32(?,00000000,0000000C,006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?), ref: 005AB56A
                      • Part of subcall function 005AB520: ReleaseSRWLockExclusive.KERNEL32(006DD128,006DD128,?,?,?,?,?,?,?,?,?,?,006C0178,?,00000001), ref: 005AB5AA
                    • TlsGetValue.KERNEL32(00000000,00000000,00000000,00000009,?,005DA2A5), ref: 005CD2BC
                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000009,?,005DA2A5), ref: 005CD2CE
                    • HeapAlloc.KERNEL32(?,00000000,0000000C,00000000,00000000,00000000,00000009,?,005DA2A5), ref: 005CD2E1
                    • TlsSetValue.KERNEL32(00000000,00000000,?,00000000,0000000C,00000000,00000000,00000000,00000009,?,005DA2A5), ref: 005CD30E
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Value$Heap$Alloc$ExclusiveLockProcess$AcquireRelease
                    • String ID:
                    • API String ID: 134964046-0
                    • Opcode ID: cbf2272e006a3a52fef91e736f79e9069ad0077973179f3cb54756cdf4c5ca06
                    • Instruction ID: 3d6c5fae2d5aa9c605717b10dcf550ef44650ccce7d7a810269375a0df3dbcf1
                    • Opcode Fuzzy Hash: cbf2272e006a3a52fef91e736f79e9069ad0077973179f3cb54756cdf4c5ca06
                    • Instruction Fuzzy Hash: 282144357012468EDB246BA68D09B2A2FFDBB81740F48183DE945DB182EA79D8018672
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004324C0 Relevance: 7.8, APIs: 6, Instructions: 328memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heapmemcmp$AllocProcess
                    • String ID:
                    • API String ID: 2009550794-0
                    • Opcode ID: 80dddbd5e29d3c237b4116f18ddd92641995ac0dc1ac820ddceaf8efb6be0dbe
                    • Instruction ID: 589354c43166399c32a327d231665fbc86c25ee92a47a01e071e36fba56b9ec2
                    • Opcode Fuzzy Hash: 80dddbd5e29d3c237b4116f18ddd92641995ac0dc1ac820ddceaf8efb6be0dbe
                    • Instruction Fuzzy Hash: 25E15974E003198FDB14CF94C980BAEBBB5BF89304F2551AAD809AB351DB74AE46CF54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00465AD0 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 259COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: (u`$(u`$(u`$DER encoder tainted
                    • API String ID: 0-1596465292
                    • Opcode ID: b29a324c365f66803fe75518d43ef7bdb89769ce6a22580f3c6b1d54c1167da6
                    • Instruction ID: 3523d74f6fd0df0e7e46245e912885ddd6419d24e1412e09f241ec51c8e1597b
                    • Opcode Fuzzy Hash: b29a324c365f66803fe75518d43ef7bdb89769ce6a22580f3c6b1d54c1167da6
                    • Instruction Fuzzy Hash: D0B13D75E00B498FCB14CFA9C48069EFBF2FF99310F24862AD459AB341E734A945CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00593550 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 215memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • attempt to join into collection with len > usize::MAX/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\str.rs, xrefs: 0059360F
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heapmemcpy$AllocProcess
                    • String ID: attempt to join into collection with len > usize::MAX/rustc/e012a191d768adeda1ee36a99ef8b92d51920154\library\alloc\src\str.rs
                    • API String ID: 1643994569-3317517452
                    • Opcode ID: d104a2a5a433b85ede3ceea285fcd48e6600df19812ea67af816b4885f323ec9
                    • Instruction ID: 8e66b39b64d5f8ac5787e756d84fbf0f4c91eb79a824758b8740b4f3f4470c42
                    • Opcode Fuzzy Hash: d104a2a5a433b85ede3ceea285fcd48e6600df19812ea67af816b4885f323ec9
                    • Instruction Fuzzy Hash: 3C71A0B5E006199BCF14DF59C845AAFBBB9FF89304F05412AE8156B301EB70AA44CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005AC480 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                    Download Yara Rule
                    APIs
                    • memset.MSVCRT ref: 005AC4AA
                    • WriteConsoleW.KERNEL32(?,?,00000000,?,00000000), ref: 005AC611
                    • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,00000000,?,00000000), ref: 005AC663
                    • GetLastError.KERNEL32(?,?,00000001,?,00000000,?,?,00000000,?,00000000), ref: 005AC66C
                    • GetLastError.KERNEL32(?,?,00000000,?,00000000), ref: 005AC6D5
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ConsoleErrorLastWrite$memset
                    • String ID:
                    • API String ID: 609923024-0
                    • Opcode ID: d2bb782a212ec32c86cc5a2a682a2fe8585a2911061e23d786f6968cd2a021ee
                    • Instruction ID: f044370b7d68c0ac6cf1f9b35d93c6d0c8b9502764e368f05c21d8039e1239af
                    • Opcode Fuzzy Hash: d2bb782a212ec32c86cc5a2a682a2fe8585a2911061e23d786f6968cd2a021ee
                    • Instruction Fuzzy Hash: DB616B72E002268BEB248A59CC453BEBFA3FFDA304F248535E815EB381D774ED458690
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00410F40 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 194COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcpy
                    • String ID: >9_$>9_
                    • API String ID: 3510742995-150158882
                    • Opcode ID: 82d6fd44464ff89ac47adc5a679efbfc8a38b741503ce128484dd2bd770d2a3e
                    • Instruction ID: 008b3241c88c02008a4d80b58872bf7df9332589f43c49bc7502e0a220e6f9d5
                    • Opcode Fuzzy Hash: 82d6fd44464ff89ac47adc5a679efbfc8a38b741503ce128484dd2bd770d2a3e
                    • Instruction Fuzzy Hash: 1B5124B2A001018FDB28CF16DC91D7BB7AAFFC5324B29443DE55A8B751DA35E942CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004399C0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00439A59
                    • HeapAlloc.KERNEL32(?,00000000,0000000C), ref: 00439A70
                    • HeapFree.KERNEL32(00000000,?), ref: 00439BA8
                    • HeapFree.KERNEL32(00000000,00000004), ref: 00439BCB
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 00439A12, 00439A20
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID: /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 3396873598-318435341
                    • Opcode ID: 68b2c4d62582890cec0fee267634ee654ede6016c102983261ab058c8b0092fa
                    • Instruction ID: a431b039b57f269e93d66833bddabc0bfa86da5fd2464d3f20275224ee89ba2e
                    • Opcode Fuzzy Hash: 68b2c4d62582890cec0fee267634ee654ede6016c102983261ab058c8b0092fa
                    • Instruction Fuzzy Hash: DB514870D006198BEB10CFA5D885BEEFBB1FF89304F10815AD819AB281DBB96945CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005CCC60 Relevance: 7.6, APIs: 6, Instructions: 142memoryCOMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(?,?,004FA64C,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 005CCC6E
                    • LeaveCriticalSection.KERNEL32 ref: 005CCCCD
                    • EnterCriticalSection.KERNEL32 ref: 005CCD0E
                    • LeaveCriticalSection.KERNEL32(?), ref: 005CCDF0
                      • Part of subcall function 005ABBF0: GetStdHandle.KERNEL32(FFFFFFF4,?,?,?,?,?,004FA64C,?,005CCC9A,?,004FA64C,00000002,?,?,004FA64C), ref: 005ABC03
                      • Part of subcall function 005ABBF0: GetLastError.KERNEL32(FFFFFFF4,?,?,?,?,?,004FA64C,?,005CCC9A,?,004FA64C,00000002,?,?,004FA64C), ref: 005ABC13
                    • HeapFree.KERNEL32(00000000,00000000), ref: 005CCDA5
                    • HeapFree.KERNEL32(00000000,?), ref: 005CCDB5
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: CriticalSection$EnterFreeHeapLeave$ErrorHandleLast
                    • String ID:
                    • API String ID: 3077155176-0
                    • Opcode ID: ea913ce1bb802a9708d7c46480fde45036fe8288d0407ae3c40c50038d5e438a
                    • Instruction ID: 9a35da21ef965b07870cf9fa2f06d3e814b14af7df249f89168d1e9525ce5f00
                    • Opcode Fuzzy Hash: ea913ce1bb802a9708d7c46480fde45036fe8288d0407ae3c40c50038d5e438a
                    • Instruction Fuzzy Hash: 6241F5B2D006099FDB20DF99CC45AAEFFB5FF46304F10423AE8596B251D6719D86C7A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402600 Relevance: 7.6, APIs: 6, Instructions: 105memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?), ref: 00402632
                    • HeapFree.KERNEL32(00000000,00000000), ref: 00402668
                    • HeapFree.KERNEL32(00000000,?), ref: 0040268B
                    • HeapFree.KERNEL32(00000000,?), ref: 004026AC
                    • HeapFree.KERNEL32(00000000,?), ref: 004026C7
                    • HeapFree.KERNEL32(00000000,?), ref: 004026EF
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 045f10bf1733e42a7c7ec1e78c091697fa255659bbb8608c3181b936532629f4
                    • Instruction ID: e615fd758e4c87cef5be8d5b768dd698ab5c1321667f49d28b2f45a5dca8d163
                    • Opcode Fuzzy Hash: 045f10bf1733e42a7c7ec1e78c091697fa255659bbb8608c3181b936532629f4
                    • Instruction Fuzzy Hash: 5831B270A00202ABDB259F65CD49B6AB7B5FF51310F14053BE804B76E0D7B6EC91CBA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004035A0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 82memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 004035F3
                    • HeapFree.KERNEL32(00000000,?), ref: 00403609
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: 0!g$0!g$0!g
                    • API String ID: 3298025750-3183474338
                    • Opcode ID: 97a0657b07f58e627adb3ba805d25300d23dbe46ac3be4cf721947396a5f3fb7
                    • Instruction ID: c36d3e3b38fdbdc9a22011f78f8b9abe91bbde3b5ec532931bf6754cf1b42727
                    • Opcode Fuzzy Hash: 97a0657b07f58e627adb3ba805d25300d23dbe46ac3be4cf721947396a5f3fb7
                    • Instruction Fuzzy Hash: 8721D571A00206ABDB24DF65CC41BABBFB9FF40325F14052AE418773D1D735AA46CBA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00493C80 Relevance: 7.6, APIs: 6, Instructions: 75memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,0040431D), ref: 00493C92
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 2eb8d5915bef02cb6bd383e3b92d476f49feecd7a7f43791b43db7d309181a37
                    • Instruction ID: ebb0899eb0de66a4e933903ec2530ed06b7eda84d8ca19a0a02b663f61546fb0
                    • Opcode Fuzzy Hash: 2eb8d5915bef02cb6bd383e3b92d476f49feecd7a7f43791b43db7d309181a37
                    • Instruction Fuzzy Hash: DC21B031600602ABEF299F55DC55B26BB75FF41702F14023BE900AA6A0C735FEA1DB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004614A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00461850: GetProcessHeap.KERNEL32(?,?,?,?,00460D95), ref: 0046187F
                      • Part of subcall function 00461850: HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,00460D95), ref: 004618AE
                    • SetConsoleCursorPosition.KERNEL32(?,00000001), ref: 004614F7
                    • GetLastError.KERNEL32(?,00000001), ref: 004615B7
                    • GetLastError.KERNEL32(?,00000001), ref: 004615BC
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorHeapLast$AllocConsoleCursorPositionProcess
                    • String ID: Fd`
                    • API String ID: 4043335772-3346392987
                    • Opcode ID: 96da4a195b66767456d22e848d7e403b43ce391276656a6a1d20a75fa2c9cb42
                    • Instruction ID: a55b4505c43edbd2b76d01171e391e60d32b5292f0ab719931e718760ba71b2c
                    • Opcode Fuzzy Hash: 96da4a195b66767456d22e848d7e403b43ce391276656a6a1d20a75fa2c9cb42
                    • Instruction Fuzzy Hash: D731B771E012189BDB04DBA4C4406DEF7B5AF88324F5D412BD816B7390E6799D05CBEA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00461420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00461850: GetProcessHeap.KERNEL32(?,?,?,?,00460D95), ref: 0046187F
                      • Part of subcall function 00461850: HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,00460D95), ref: 004618AE
                    • SetConsoleCursorInfo.KERNEL32(?,?), ref: 00461457
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocConsoleCursorInfoProcess
                    • String ID: d
                    • API String ID: 3637102394-2564639436
                    • Opcode ID: c783b40ab2444ce42a76c7029761c0092b0e6140d951400ff6977945d8d2e846
                    • Instruction ID: fa4b982c16903c096f1da1186b8a6de03dbec0677c78fab7855d62ed4ba746bf
                    • Opcode Fuzzy Hash: c783b40ab2444ce42a76c7029761c0092b0e6140d951400ff6977945d8d2e846
                    • Instruction Fuzzy Hash: 7501D631B0022687DF04A6A6D9411BF77B5EBC0368F28043AE985E7351EE3A9D05C6F7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004F75B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                    Download Yara Rule
                    APIs
                    • AttachConsole.KERNEL32(000000FF), ref: 004F75B8
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: AttachConsole
                    • String ID: "$"$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 986699043-3813600728
                    • Opcode ID: 6134b20a6c103645e51604bdc227c31d7a78dda5a7cb2c2b640c7cfe56b9061e
                    • Instruction ID: b7b33bca43fe3290a297bbf3773d211306093f357fb3c1ed6754ce6cd653037e
                    • Opcode Fuzzy Hash: 6134b20a6c103645e51604bdc227c31d7a78dda5a7cb2c2b640c7cfe56b9061e
                    • Instruction Fuzzy Hash: D511E3B4C0121CABEF10CFD5D9887DDBFB6FB44308F548609D814AA281D7BA56498F95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00481250 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ConsoleFree
                    • String ID: "$"$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 771614528-3813600728
                    • Opcode ID: d1e9f8940079449fb896fc09c0e590643d57decbb0dd5ca62b5f09a7b6954f96
                    • Instruction ID: ec2e83ff8f1aaefbfb1911b050151a03bb406050dfdaf2faa13cfab3527c04a6
                    • Opcode Fuzzy Hash: d1e9f8940079449fb896fc09c0e590643d57decbb0dd5ca62b5f09a7b6954f96
                    • Instruction Fuzzy Hash: 1D11E0B4C0120CABEF10CFD1D9887DEBFB6FB44308F548509D804AA291D7BA96499F95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005D6B50 Relevance: 6.6, APIs: 5, Instructions: 316memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,00000000), ref: 005D6C25
                    • HeapAlloc.KERNEL32(?,00000000,00000000,?,?,?,?,?,00000000), ref: 005D6C3B
                    • memcpy.MSVCRT ref: 005D6C5E
                    • memcpy.MSVCRT ref: 005D6D96
                    • memcpy.MSVCRT ref: 005D6E3F
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcpy$Heap$AllocProcess
                    • String ID:
                    • API String ID: 3823808316-0
                    • Opcode ID: f6be00ddf5efe24db9cd6ce6f1818cdc21e771fa1011a70483444cf0aa0fe4ee
                    • Instruction ID: 6b4f7e7bed9e10e938caccd3d2725e8db662cb7d82abda7898c9efff8b19b2fa
                    • Opcode Fuzzy Hash: f6be00ddf5efe24db9cd6ce6f1818cdc21e771fa1011a70483444cf0aa0fe4ee
                    • Instruction Fuzzy Hash: F2B1AFB5F002198BCF24DF6CC8816AEBBB6FF88314F28852BD845E7355D6359D428B91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004049F0 Relevance: 6.4, APIs: 5, Instructions: 143memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(00000000,006C0178,005F00F8,005CB460,?,0040A4C8,?,0040A4B8,?,0040A4A8,?,0040A498,?,005AB5E1,006DD128), ref: 00404A32
                    • HeapAlloc.KERNEL32(?,00000000,?,00000000,006C0178,005F00F8,005CB460,?,0040A4C8,?,0040A4B8,?,0040A4A8,?,0040A498), ref: 00404A48
                    • memcpy.MSVCRT ref: 00404A5C
                    • HeapFree.KERNEL32(00000000,00000000,0040A498,?,005AB5E1,006DD128), ref: 00404A79
                    • memcpy.MSVCRT ref: 00404B2D
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$memcpy$AllocFreeProcess
                    • String ID:
                    • API String ID: 2458105893-0
                    • Opcode ID: 60d829c37f66991d20201c1878372e99e7f3b7caf08c6952330e7ab8fe9a1beb
                    • Instruction ID: 5ae3bc5f5a5257b067d188b50bda90bb2f8a74441c8756d875f86726b36dd1f2
                    • Opcode Fuzzy Hash: 60d829c37f66991d20201c1878372e99e7f3b7caf08c6952330e7ab8fe9a1beb
                    • Instruction Fuzzy Hash: FF4105F1B402525ADB209F59888473BFBA5ABC5310F08417BDA58773D2D738AC51CBAD
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041B1D0 Relevance: 6.3, APIs: 5, Instructions: 99memoryCOMMON
                    Download Yara Rule
                    APIs
                    • memcpy.MSVCRT ref: 0041B214
                    • GetProcessHeap.KERNEL32 ref: 0041B27A
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 0041B28C
                    • memcpy.MSVCRT ref: 0041B29A
                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,?), ref: 0041B2BB
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$memcpy$AllocFreeProcess
                    • String ID:
                    • API String ID: 2458105893-0
                    • Opcode ID: db082aa12af6e7f5b55b738a2e3a941a8368ddbd9dad9c633e5e59a5b2482fac
                    • Instruction ID: 60164b6a7b0c27dbd9b957e05227b399e0ffba592cf51f00d64dfc767bdf3298
                    • Opcode Fuzzy Hash: db082aa12af6e7f5b55b738a2e3a941a8368ddbd9dad9c633e5e59a5b2482fac
                    • Instruction Fuzzy Hash: 0F31BD729042059BC300EF56D88495FF7A9FFC9350F04856EE8886B341D734AC89CBE6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005960D0 Relevance: 6.3, APIs: 5, Instructions: 93memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000002,?,?,?,?,00595E8E), ref: 0059610F
                    • GetProcessHeap.KERNEL32(?,00000000,00000002,?,?,?,?,00595E8E), ref: 0059613A
                    • HeapAlloc.KERNEL32(?,00000000,00000002,?,?,?,?,00595E8E), ref: 00596151
                    • HeapFree.KERNEL32(00000000,?,00000000,00000000,00000002,?,00000000,00000002,?,?,?,?,00595E8E), ref: 00596182
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,00595E8E), ref: 005961C0
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID:
                    • API String ID: 3396873598-0
                    • Opcode ID: e6ed42e66049f3210ea523bf5ba63804d108599e0bd10d9d281f6a2ce862ce7c
                    • Instruction ID: ff7594f10fef34f704f13552e98cf5628e0bd910a9a357f960f582f4599a84ea
                    • Opcode Fuzzy Hash: e6ed42e66049f3210ea523bf5ba63804d108599e0bd10d9d281f6a2ce862ce7c
                    • Instruction Fuzzy Hash: 38315A70604B019FDB34DF25C899B22BBF5FF45344F14092EE4868BAA2D775E848DB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00471990 Relevance: 6.3, APIs: 5, Instructions: 84memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?,?,?), ref: 004719E6
                    • HeapFree.KERNEL32(00000000,00000000,?,?), ref: 00471A18
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 4ce54fef760ef30ce4e2612a30a4c4c5672046b038faabbbb5aa8bd1878b4f8e
                    • Instruction ID: 2df802694dccc71a76ef34db7f0561daad27af34b11482defaa4b91ee52d73a3
                    • Opcode Fuzzy Hash: 4ce54fef760ef30ce4e2612a30a4c4c5672046b038faabbbb5aa8bd1878b4f8e
                    • Instruction Fuzzy Hash: AE21B4B1A011519BEF209F2CCC41BA737A8EF40740F194066ED08AF2B1D735EC45CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00584160 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 330COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • assertion failed: add_lower || add_upper/cargo/registry/src/github.com-1ecc6299db9ec823/regex-syntax-0.6.25/src/hir/interval.rs, xrefs: 00584507
                    • called `Option::unwrap()` on a `None` value, xrefs: 00584520, 00584539, 00584552
                    • assertion failed: !self.ranges[a].is_intersection_empty(&other.ranges[b]), xrefs: 0058456B
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memmove
                    • String ID: assertion failed: !self.ranges[a].is_intersection_empty(&other.ranges[b])$assertion failed: add_lower || add_upper/cargo/registry/src/github.com-1ecc6299db9ec823/regex-syntax-0.6.25/src/hir/interval.rs$called `Option::unwrap()` on a `None` value
                    • API String ID: 2162964266-3798451014
                    • Opcode ID: 9beb6014c95533383c9b316f2bde9b2bfcbfd9142c9cf854ead1bf0daabd79b6
                    • Instruction ID: c1cc4973c17d5f5b6fd506b2931ce1d47973e380b96e952ff3897cb8245f37b3
                    • Opcode Fuzzy Hash: 9beb6014c95533383c9b316f2bde9b2bfcbfd9142c9cf854ead1bf0daabd79b6
                    • Instruction Fuzzy Hash: 80D13B75E002168BCF18EF98C4816AEBBB2FB88350F258529ED56B7355D770AC81CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00494560 Relevance: 6.3, APIs: 5, Instructions: 64memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004046B4,00000000,?), ref: 00494578
                    • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004046B4,00000000,?), ref: 004945B8
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,004046B4,00000000,?), ref: 004945DB
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,004046B4,00000000,?), ref: 004945F6
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,004046B4,00000000,?), ref: 00494611
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: 3b3cbb3c1cfa464aa77f25393d9136f310bcbebb3f764712a21598dfac416aa0
                    • Instruction ID: e8b0ff8a996ee59d249f17a9334bc7b3d6cdf36693cc2cc16c39d7345d5db6bb
                    • Opcode Fuzzy Hash: 3b3cbb3c1cfa464aa77f25393d9136f310bcbebb3f764712a21598dfac416aa0
                    • Instruction Fuzzy Hash: 1A118831601201AFEB359F95DC45F237FE9EFC0760F16053AB6449A2A0DB39E856CB68
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005876B3 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 311memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 005876F1
                    • HeapAlloc.KERNEL32(?,00000000,00000020), ref: 00587708
                    Strings
                    • assertion failed: b > 0x7F, xrefs: 00587A27
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID: assertion failed: b > 0x7F
                    • API String ID: 1617791916-1533863830
                    • Opcode ID: 01f0a22bae159121a17f8cc518511a935dbc9ea1fbe62dd648b27349504eaf13
                    • Instruction ID: 542c9318b3e39739cd637c5aca8add139ea6e88d274a69d40e1de3f8a6f90b70
                    • Opcode Fuzzy Hash: 01f0a22bae159121a17f8cc518511a935dbc9ea1fbe62dd648b27349504eaf13
                    • Instruction Fuzzy Hash: 46C10531908B598FDB16CF75C8412AABFB2FF4B301F29869AC845BB152E774C842D750
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404960 Relevance: 6.3, APIs: 5, Instructions: 56memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapReAlloc.KERNEL32(00000000,?,?,00000000,?,00000000,?,0059C23F,00000000,?,?,?,?,?), ref: 0040497D
                    • GetProcessHeap.KERNEL32(00000000,?,00000000,?,0059C23F,00000000,?,?,?,?,?), ref: 0040498F
                    • HeapAlloc.KERNEL32(?,00000000,?,00000000,?,00000000,?,0059C23F,00000000,?,?,?,?,?), ref: 004049A4
                    • memcpy.MSVCRT ref: 004049C6
                    • HeapFree.KERNEL32(00000000,?,0059C23F,00000000,?,?,?,?,?), ref: 004049D9
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Alloc$FreeProcessmemcpy
                    • String ID:
                    • API String ID: 1403710057-0
                    • Opcode ID: 727da856688b7a3d604d8a395f6707417bbe0b50924237406805425753027fca
                    • Instruction ID: 9999057d99c0657e0d27d8c3472b53ecd0bff056bca63c61365a4b3eeb0e9268
                    • Opcode Fuzzy Hash: 727da856688b7a3d604d8a395f6707417bbe0b50924237406805425753027fca
                    • Instruction Fuzzy Hash: FA01D4F5A013056AD728ABB6DC86F6B7BADFBC4354F10003BFA4497291E9788D04C674
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004DA580 Relevance: 6.3, APIs: 5, Instructions: 48memoryCOMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?,?,?,?,004045A0), ref: 004DA59A
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,004045A0), ref: 004DA5B6
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,004045A0), ref: 004DA5D7
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,004045A0), ref: 004DA5F3
                    • HeapFree.KERNEL32(00000000,?,?,?,?,004045A0), ref: 004DA618
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$CloseHandle
                    • String ID:
                    • API String ID: 1910495013-0
                    • Opcode ID: aba13bc157cadb5dc2e09e4cd581026d4c6191dbd0d6e6644817efd50326b3da
                    • Instruction ID: ddaabfa7aa26d9ba0d37b9adf762e53f2817aed5a7cdfeb5e3b81411c9dd6b31
                    • Opcode Fuzzy Hash: aba13bc157cadb5dc2e09e4cd581026d4c6191dbd0d6e6644817efd50326b3da
                    • Instruction Fuzzy Hash: 3A118C30241502FBEB296B35DC1AF52BBB6FF80300F040117F558566A2CB75B8B0DB99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0045A000 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • /cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs, xrefs: 0045A2CE
                    • ', xrefs: 0045A00C
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memset
                    • String ID: '$/cargo/registry/src/github.com-1ecc6299db9ec823/utfx-0.1.0/src/ucstr.rs
                    • API String ID: 2221118986-348975993
                    • Opcode ID: 4c4cd8a26330adc7a9bfb2cf7da8e7aeeb72123214b90baa2a92385a61e46b6c
                    • Instruction ID: 6969b9085561a3e7bdbb8eb44bc30c7c6979e03561964487914a70877511c8dc
                    • Opcode Fuzzy Hash: 4c4cd8a26330adc7a9bfb2cf7da8e7aeeb72123214b90baa2a92385a61e46b6c
                    • Instruction Fuzzy Hash: 21917D72F001194BDB08CA9DCC557EDBBF6ABC8310F19813AE909F7391E6795D048B94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005CC1F1 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 184COMMON
                    Download Yara Rule
                    APIs
                    • memcpy.MSVCRT ref: 005CC45E
                      • Part of subcall function 005ABBF0: GetStdHandle.KERNEL32(FFFFFFF4,?,?,?,?,?,004FA64C,?,005CCC9A,?,004FA64C,00000002,?,?,004FA64C), ref: 005ABC03
                      • Part of subcall function 005ABBF0: GetLastError.KERNEL32(FFFFFFF4,?,?,?,?,?,004FA64C,?,005CCC9A,?,004FA64C,00000002,?,?,004FA64C), ref: 005ABC13
                    • memmove.MSVCRT ref: 005CC3A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorHandleLastmemcpymemmove
                    • String ID: 4k
                    • API String ID: 2696460671-1503029565
                    • Opcode ID: d3688c205cb05f8466b5e1beb6b0f94fb64f2652bd5ae44c760052cb74279fa6
                    • Instruction ID: 7f0030bb39a70865ce0a69fab09526c27e5904e741fcf16dc7b93dd399bed351
                    • Opcode Fuzzy Hash: d3688c205cb05f8466b5e1beb6b0f94fb64f2652bd5ae44c760052cb74279fa6
                    • Instruction Fuzzy Hash: B551AFB1E042458FDB18CF99D890ABEBFF2BB85300F28892ED44A97341D7759D45CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0054BC90 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 157COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: memcmp
                    • String ID: failed decoding non-empty prefixl4g$l4g$l4g
                    • API String ID: 1475443563-1963557263
                    • Opcode ID: fe105f1812174f2070cb27782ebce0428149db42512349099d751adabe6df8d3
                    • Instruction ID: cf9ba668f6f2f94910df30a3c5f51e3844ab57ee8332a6afcfe30a1fe246709c
                    • Opcode Fuzzy Hash: fe105f1812174f2070cb27782ebce0428149db42512349099d751adabe6df8d3
                    • Instruction Fuzzy Hash: E0510431E001098BEF14CAA9C4967EEBFB6FF84308F248429E505AB345E375DE95C796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040A5E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,0049C229), ref: 0040A65A
                    • HeapAlloc.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,0049C229), ref: 0040A66C
                    • memcpy.MSVCRT ref: 0040A724
                    Strings
                    • a formatting trait implementation returned an errorlibrary\alloc\src\fmt.rs, xrefs: 0040A6D9
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID: a formatting trait implementation returned an errorlibrary\alloc\src\fmt.rs
                    • API String ID: 4164033339-3246017335
                    • Opcode ID: 7112d1591d2ca4984f35d941dfe5fe6d6a78d8b4f081acee1c3ec7a1a2d335ed
                    • Instruction ID: ce4eb294ab6a5edeac935b17a90279d236cc70fdf042682dd05427e8b5429422
                    • Opcode Fuzzy Hash: 7112d1591d2ca4984f35d941dfe5fe6d6a78d8b4f081acee1c3ec7a1a2d335ed
                    • Instruction Fuzzy Hash: CE413372A003054BDB14DF69D880A6BB7B9FF85308F18493EE945B7380D675E815C756
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00460E50 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?,?,?,00460E37,?,00000020,?,00000001,00000000), ref: 00460E5F
                      • Part of subcall function 00461850: GetProcessHeap.KERNEL32(?,?,?,?,00460D95), ref: 0046187F
                      • Part of subcall function 00461850: HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,00460D95), ref: 004618AE
                    • HeapFree.KERNEL32(00000000,?,?,?,00460E37,?,00000020,?,00000001,00000000), ref: 00460E7C
                    • GetConsoleScreenBufferInfo.KERNEL32(?), ref: 00460EEE
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocBufferCloseConsoleFreeHandleInfoProcessScreen
                    • String ID:
                    • API String ID: 1935131734-0
                    • Opcode ID: 0570b45a7a84c33f646396a5119c3cb5ef6be138c464b97517f55e33f5dccd1f
                    • Instruction ID: c5d7302a645f31d1cc835040ad36465b52bfd4c86bef90f91dd6629dbafad100
                    • Opcode Fuzzy Hash: 0570b45a7a84c33f646396a5119c3cb5ef6be138c464b97517f55e33f5dccd1f
                    • Instruction Fuzzy Hash: 42214C3290022057CB352B66CC0176BB7A5DF84330F150A1BF8A897391FA7A9C45D7D7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005EC4B0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                    Download Yara Rule
                    APIs
                    • GetStdHandle.KERNEL32(FFFFFFF5,?,005DCDFE), ref: 005EC516
                    • GetConsoleMode.KERNEL32(00000000,FFFFFFF5), ref: 005EC529
                    • SetConsoleMode.KERNEL32(00000000,00000000,00000000,FFFFFFF5), ref: 005EC542
                    • GetLastError.KERNEL32(00000000,FFFFFFF5), ref: 005EC54D
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ConsoleMode$ErrorHandleLast
                    • String ID:
                    • API String ID: 142029828-0
                    • Opcode ID: fdd884f85657004dbfd882bf2c7c38862ba478b0d1fffea2a31fbaa1e6bc20d6
                    • Instruction ID: afa3269ecfa8641117e090a291142a74d020b7b3a1f181a1dceaf08d7c85eb09
                    • Opcode Fuzzy Hash: fdd884f85657004dbfd882bf2c7c38862ba478b0d1fffea2a31fbaa1e6bc20d6
                    • Instruction Fuzzy Hash: C221B675D0115997DB08DE6ACC846EE7FA9F781310F144537D8A1D7380E734EA428BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00439D60 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 77memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(00000000,?,?,?,004392E4,00000006), ref: 00439D86
                    • HeapAlloc.KERNEL32(?,00000000,004392E4,00000000,?,?,?,004392E4,00000006), ref: 00439D9B
                    • memcpy.MSVCRT ref: 00439DD8
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcessmemcpy
                    • String ID: USAGE: <subcommands>
                    • API String ID: 4164033339-3214872123
                    • Opcode ID: 05799eb227986ab34f948e25cd505b95b3df5425d21aa5fd271fefb17ebae91f
                    • Instruction ID: d8a72a36744daaa548780f8b27d1593fea039deb7195039b07e5e7bd6c4a903b
                    • Opcode Fuzzy Hash: 05799eb227986ab34f948e25cd505b95b3df5425d21aa5fd271fefb17ebae91f
                    • Instruction Fuzzy Hash: 9421C275600115AFE718AF15C882A6ABBABEFC4354F18C13AE4488B742DB75EC11C7E4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005DC6F0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61memoryCOMMON
                    Download Yara Rule
                    APIs
                    • HeapFree.KERNEL32(00000000,?), ref: 005DC79B
                      • Part of subcall function 005C60B0: HeapFree.KERNEL32(00000000,00000000), ref: 005C6112
                      • Part of subcall function 005C60B0: HeapFree.KERNEL32(00000000,?), ref: 005C6126
                    • HeapFree.KERNEL32(00000000,?), ref: 005DC75D
                    Strings
                    • TERMdumbNO_COLORcygwincannot lock a buffered standard stream/cargo/registry/src/github.com-1ecc6299db9ec823/termcolor-1.1.2/src/lib.rs, xrefs: 005DC703
                    • dumb, xrefs: 005DC739
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: TERMdumbNO_COLORcygwincannot lock a buffered standard stream/cargo/registry/src/github.com-1ecc6299db9ec823/termcolor-1.1.2/src/lib.rs$dumb
                    • API String ID: 3298025750-147622852
                    • Opcode ID: a3ac50ec36e99d66400107a7f8a2c1e34372c75bf191d29b667c2a2e68d30313
                    • Instruction ID: 2b52385a442d5fef62dbf310c5637b642eddc2268b1c43f339d0c3dd1b25c2be
                    • Opcode Fuzzy Hash: a3ac50ec36e99d66400107a7f8a2c1e34372c75bf191d29b667c2a2e68d30313
                    • Instruction Fuzzy Hash: 7811B271D8020B9ADF619BA88D46BBE7FB5FB51700F04812FE80126291E7755944CF52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005AB400 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                    Download Yara Rule
                    APIs
                    • AcquireSRWLockExclusive.KERNEL32(006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB413
                    • ReleaseSRWLockExclusive.KERNEL32(006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB455
                    • GetProcessHeap.KERNEL32(006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB463
                    • HeapAlloc.KERNEL32(?,00000000,00000020,006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB476
                    • ReleaseSRWLockExclusive.KERNEL32(006DD090,006DD090,?,?,00000000,006C0178,?,?,005DA162), ref: 005AB4BD
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                    • String ID:
                    • API String ID: 1780889587-0
                    • Opcode ID: 12dd135964a63b5967897c036fc806c897294883d54bc1200a127fa676f19b9b
                    • Instruction ID: 3b099f9c701fda966ff7bd85c2d2bf09e2cf228e523b5878112ac038f4dd0bf2
                    • Opcode Fuzzy Hash: 12dd135964a63b5967897c036fc806c897294883d54bc1200a127fa676f19b9b
                    • Instruction Fuzzy Hash: 601182B1A002014FD714AF69DC49B297FE9FB85724F49806AE844CB3A3D774D844C7B0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005EDB40 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: __dllonexit_lock_onexit_unlock
                    • String ID:
                    • API String ID: 209411981-0
                    • Opcode ID: 2b86bef26a59894fa5f02da025caddf9113085c3d3c8e30ad50a0abd0e40f8c1
                    • Instruction ID: 27c62844b1037528c0dbad836f172719816678de0d7abcbd6f21a318bec127de
                    • Opcode Fuzzy Hash: 2b86bef26a59894fa5f02da025caddf9113085c3d3c8e30ad50a0abd0e40f8c1
                    • Instruction Fuzzy Hash: B3119FB49193428FC744FF79D88991EBBE0BB88354F11592EF8D4C7315E73494848B52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041F190 Relevance: 5.3, APIs: 4, Instructions: 270memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 0041F1BD
                    • HeapAlloc.KERNEL32(?,00000000,00000004), ref: 0041F1D4
                    • HeapFree.KERNEL32(00000000,?,?,00000000,00000004), ref: 0041F4E4
                    • HeapFree.KERNEL32(00000000,?,?,00000000,00000004), ref: 0041F4FD
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID:
                    • API String ID: 3396873598-0
                    • Opcode ID: 2a40df3c5919f220be9b291b8f3bbca8659f4e8051ced747b4e0b507522f46a6
                    • Instruction ID: fc35dc7f27583ae33a02d1076ffc39a3a13cb4104aacbb7172c6a0c16762fd62
                    • Opcode Fuzzy Hash: 2a40df3c5919f220be9b291b8f3bbca8659f4e8051ced747b4e0b507522f46a6
                    • Instruction Fuzzy Hash: 88C118B5E002199FCB14CF98C980AEEF7B1FF48314F24816AE919AB351D735AD46CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004268B0 Relevance: 5.2, APIs: 4, Instructions: 159memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,00439466,?), ref: 0042690F
                    • HeapAlloc.KERNEL32(?,00000000,00000004,?,?,?,00439466,?), ref: 00426926
                    • GetProcessHeap.KERNEL32 ref: 00426A08
                    • HeapAlloc.KERNEL32(?,00000000,0000000C), ref: 00426A1F
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocProcess
                    • String ID:
                    • API String ID: 1617791916-0
                    • Opcode ID: 58d98216d716cbbbaee4b8594d47fa9db66d660a1ee49a080d5d083f6b22e75a
                    • Instruction ID: 34e55b03188d6e087eaab1ab7992427cb5792a8530a927c635b0bb5390851611
                    • Opcode Fuzzy Hash: 58d98216d716cbbbaee4b8594d47fa9db66d660a1ee49a080d5d083f6b22e75a
                    • Instruction Fuzzy Hash: 8C519DB0E002198FDB11DF64D880BAEB7B5FF85304F66416AD8057B341DB799D81CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041F670 Relevance: 5.1, APIs: 4, Instructions: 103memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,000000E0,00000008,?,00428893), ref: 0041F6CB
                    • HeapAlloc.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,000000E0), ref: 0041F6E4
                    • memcpy.MSVCRT ref: 0041F728
                    • memcpy.MSVCRT ref: 0041F74C
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heapmemcpy$AllocProcess
                    • String ID:
                    • API String ID: 1643994569-0
                    • Opcode ID: 5cd51d06c4245b15294f4f2e673f303b07acd85c989786c0ecc81ebf5eb27ace
                    • Instruction ID: 8c3d7a4705780a362646059680bc7f0eefe9bd505aa926c684800b9a5aac3b0f
                    • Opcode Fuzzy Hash: 5cd51d06c4245b15294f4f2e673f303b07acd85c989786c0ecc81ebf5eb27ace
                    • Instruction Fuzzy Hash: 3031F8719043018BD718CF29C84169BB7F9FFC4314F04493EE99587341E734E9898B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040F680 Relevance: 5.1, APIs: 4, Instructions: 103memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heapmemcpy$AllocProcess
                    • String ID:
                    • API String ID: 1643994569-0
                    • Opcode ID: 5cd51d06c4245b15294f4f2e673f303b07acd85c989786c0ecc81ebf5eb27ace
                    • Instruction ID: d427354c381a9e1c6631bbcbef037280e526c5ba2400ee8bf0b79739f7479e04
                    • Opcode Fuzzy Hash: 5cd51d06c4245b15294f4f2e673f303b07acd85c989786c0ecc81ebf5eb27ace
                    • Instruction Fuzzy Hash: F431F6729043018BDB18CF29C841A5BB7F9FFC4314F04893EE99497751EB34E9498B96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041AB60 Relevance: 5.1, APIs: 4, Instructions: 78memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(?,?,?,004480A9,?,?,?,?,?,?,?,?,?,?), ref: 0041ABA1
                    • HeapAlloc.KERNEL32(?,00000000,004480A9,?,?,?,004480A9,?,?,?,?,?,?,?,?,?), ref: 0041ABB7
                    • memcpy.MSVCRT ref: 0041ABDC
                    • HeapFree.KERNEL32(00000000,00000001,?,?,?,?,?,?,004480A9,?,?), ref: 0041AC38
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocFreeProcessmemcpy
                    • String ID:
                    • API String ID: 3455684755-0
                    • Opcode ID: 3450fe7d0acfea865a7baeaa526164796b10440c58f6753a9e844a55e151ad9d
                    • Instruction ID: dae83340151db59788eec40ecf5a4333d2e02f16f1522802279c2dd1018c8b25
                    • Opcode Fuzzy Hash: 3450fe7d0acfea865a7baeaa526164796b10440c58f6753a9e844a55e151ad9d
                    • Instruction Fuzzy Hash: 1721EDB56007049FD320AF26CC85B57BBFAFF84308F00852EE9954B351E7B9E8948B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041B620 Relevance: 5.1, APIs: 4, Instructions: 73memoryCOMMON
                    Download Yara Rule
                    APIs
                    • memcpy.MSVCRT ref: 0041B664
                    • GetProcessHeap.KERNEL32 ref: 0041B6CD
                    • HeapAlloc.KERNEL32(?,00000000,?), ref: 0041B6DF
                    • memcpy.MSVCRT ref: 0041B6F0
                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,?), ref: 0041B711
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$memcpy$AllocFreeProcess
                    • String ID:
                    • API String ID: 2458105893-0
                    • Opcode ID: db5983e68d24eaf464135d7b25f3ae41f530b3000c07a0f792934197fc5245c8
                    • Instruction ID: f6ef07b801a267b70d92016f2329836cd849c72b4a78b17fd7509cbb3140b8a5
                    • Opcode Fuzzy Hash: db5983e68d24eaf464135d7b25f3ae41f530b3000c07a0f792934197fc5245c8
                    • Instruction Fuzzy Hash: EE217C75A043069FC710DF15D880A5BBBE9FF94390F05852AF8A89B361D330EC84CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 005059E0 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?,?,?,?,00403446,?,?), ref: 00505A1C
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,00403446,?,?), ref: 00505A32
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,00403446,?,?), ref: 00505A4D
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,00403446,?,?), ref: 00505A69
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$CloseHandle
                    • String ID:
                    • API String ID: 1910495013-0
                    • Opcode ID: c179c76545446b7430cf434a93cf5d6a940f497f2c6bc354fb397c3df03c06c7
                    • Instruction ID: cfad47a25d1c5b5009bf9bffe6fc4424272fa1f0ba22236cdd7551796813631a
                    • Opcode Fuzzy Hash: c179c76545446b7430cf434a93cf5d6a940f497f2c6bc354fb397c3df03c06c7
                    • Instruction Fuzzy Hash: 7A1170316015409BF7369B29CC89B2EBBE9FF40306F580A2DE580572E1E6716884CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00417810 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32 ref: 00417825
                    • HeapAlloc.KERNEL32(?,00000000,00000050), ref: 00417838
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000050), ref: 00417867
                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000050), ref: 0041787D
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$Free$AllocProcess
                    • String ID:
                    • API String ID: 3396873598-0
                    • Opcode ID: cddc8b40c2a40f946178de93686ef8bd1e55daa5326e9d195feb950d82cf3dea
                    • Instruction ID: c014bb52bdc27776bfe7a7ed8150222feef1f3b6b216b8af08e75e7921b2a34d
                    • Opcode Fuzzy Hash: cddc8b40c2a40f946178de93686ef8bd1e55daa5326e9d195feb950d82cf3dea
                    • Instruction Fuzzy Hash: 43017931A0561167D728BFA69C49B9B77B5FB80750F04003AB90497790D775AC51C6A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0051D470 Relevance: 5.0, APIs: 4, Instructions: 40memoryCOMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?), ref: 0051D47F
                    • HeapFree.KERNEL32(00000000,00000002,?), ref: 0051D495
                    • HeapFree.KERNEL32(00000000,?,?), ref: 0051D4C2
                    • HeapFree.KERNEL32(00000000,?), ref: 0051D4DB
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$CloseHandle
                    • String ID:
                    • API String ID: 1910495013-0
                    • Opcode ID: b4c0ea729110349a9e2fbb7d26779b1eb3339a1071f203e5a634cfa6bc660e9e
                    • Instruction ID: 8de911ca14ec79ed45733b2f9a3d4816d378fbd9c8e9721a9422c9ef6869485a
                    • Opcode Fuzzy Hash: b4c0ea729110349a9e2fbb7d26779b1eb3339a1071f203e5a634cfa6bc660e9e
                    • Instruction Fuzzy Hash: EB0186301016046BEF396B65CD05BAA7FB5FF44724F10462DF49A159E1C6B67891C760
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401950 Relevance: 5.0, APIs: 4, Instructions: 39memoryCOMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?), ref: 0040195C
                    • HeapFree.KERNEL32(00000000,?), ref: 00401978
                    • HeapFree.KERNEL32(00000000,?), ref: 00401999
                    • HeapFree.KERNEL32(00000000,?), ref: 004019B5
                    Memory Dump Source
                    • Source File: 00000001.00000002.369368996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000001.00000002.369365471.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369785763.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.369792764.00000000005F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370152877.00000000006DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000001.00000002.370171043.00000000006DF000.00000008.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_build.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap$CloseHandle
                    • String ID:
                    • API String ID: 1910495013-0
                    • Opcode ID: d3ca4adb28abaa3067ffc2dbbea6cdd021d73434699f100a4ced9f0d6a5b889d
                    • Instruction ID: d42f2b2bc7c39898847dedd5f53625758d26980e615e761eb5ca9d827872358c
                    • Opcode Fuzzy Hash: d3ca4adb28abaa3067ffc2dbbea6cdd021d73434699f100a4ced9f0d6a5b889d
                    • Instruction Fuzzy Hash: 8E016D70101601DAEB356B65CD49FA3BBE6FF40300F00042BF58E661F2CAB56890DB54
                    Uniqueness

                    Uniqueness Score: -1.00%