Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
elevation_service.exe

Overview

General Information

Sample name:elevation_service.exe
Analysis ID:1428994
MD5:c93c02a0adb87cce4c3f1eded22889d9
SHA1:5e0eed96333f4d1be22ceec37a3f98b095b50b93
SHA256:6012fd82669bfd308bd6ac1c2b1b14821cc20c68881c496e838654b618199791
Infos:

Detection

Score:18
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Sigma detected: Suspicious New Service Creation
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

Analysis Advice

Initial sample is implementing a service and should be registered / started as service
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • cmd.exe (PID: 6336 cmdline: cmd /c sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" >> C:\servicereg.log 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sc.exe (PID: 6504 cmdline: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
  • cmd.exe (PID: 6748 cmdline: cmd /c sc start OZgQJ >> C:\servicestart.log 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sc.exe (PID: 6940 cmdline: sc start OZgQJ MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
  • elevation_service.exe (PID: 7008 cmdline: C:\Users\user\Desktop\elevation_service.exe MD5: C93C02A0ADB87CCE4C3F1EDED22889D9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious New Service Creation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" , CommandLine: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: cmd /c sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" >> C:\servicereg.log 2>&1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6336, ParentProcessName: cmd.exe, ProcessCommandLine: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" , ProcessId: 6504, ProcessName: sc.exe
Sigma detected: New Service Creation Using Sc.EXE
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" , CommandLine: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: cmd /c sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" >> C:\servicereg.log 2>&1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6336, ParentProcessName: cmd.exe, ProcessCommandLine: sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" , ProcessId: 6504, ProcessName: sc.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: elevation_service.exeStatic PE information: certificate valid
Source: elevation_service.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\e\src\out\Release_x64\elevation_service.exe.pdb source: elevation_service.exe
Source: Binary string: D:\a\_work\e\src\out\Release_x64\elevation_service.exe.pdbOGP source: elevation_service.exe
Source: elevation_service.exeString found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
Source: elevation_service.exeString found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234F30706_2_00007FF7234F3070
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D44946_2_00007FF7234D4494
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D408C6_2_00007FF7234D408C
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234FC88C6_2_00007FF7234FC88C
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343CC286_2_00007FF72343CC28
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343A8206_2_00007FF72343A820
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D70506_2_00007FF7234D7050
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343BC406_2_00007FF72343BC40
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234338E06_2_00007FF7234338E0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234B21106_2_00007FF7234B2110
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF723433D106_2_00007FF723433D10
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234695106_2_00007FF723469510
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343B9006_2_00007FF72343B900
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D24B06_2_00007FF7234D24B0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D489C6_2_00007FF7234D489C
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343BB726_2_00007FF72343BB72
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF723433B706_2_00007FF723433B70
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234317606_2_00007FF723431760
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234F33586_2_00007FF7234F3358
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234337806_2_00007FF723433780
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234F37506_2_00007FF7234F3750
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF723432FE06_2_00007FF723432FE0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D2FA06_2_00007FF7234D2FA0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D42906_2_00007FF7234D4290
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234FEA206_2_00007FF7234FEA20
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343CE506_2_00007FF72343CE50
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D1F006_2_00007FF7234D1F00
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D4AA06_2_00007FF7234D4AA0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D46986_2_00007FF7234D4698
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343AEC06_2_00007FF72343AEC0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343DEC06_2_00007FF72343DEC0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF72343A5606_2_00007FF72343A560
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF723431D606_2_00007FF723431D60
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234D35386_2_00007FF7234D3538
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234DF1DC6_2_00007FF7234DF1DC
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234359E06_2_00007FF7234359E0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7235145F06_2_00007FF7235145F0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234325D06_2_00007FF7234325D0
Source: C:\Users\user\Desktop\elevation_service.exeCode function: String function: 00007FF72351350C appears 71 times
Source: elevation_service.exeStatic PE information: Number of sections : 11 > 10
Source: elevation_service.exeBinary or memory string: OriginalFilename vs elevation_service.exe
Source: classification engineClassification label: clean18.winEXE@9/2@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6356:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6776:120:WilError_03
Source: C:\Windows\SysWOW64\sc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: elevation_service.exeString found in binary or memory: partition_alloc/address_space
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" >> C:\servicereg.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe"
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c sc start OZgQJ >> C:\servicestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc start OZgQJ
Source: unknownProcess created: C:\Users\user\Desktop\elevation_service.exe C:\Users\user\Desktop\elevation_service.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc start OZgQJJump to behavior
Source: C:\Users\user\Desktop\elevation_service.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\elevation_service.exeSection loaded: kernel.appcore.dllJump to behavior
Source: elevation_service.exeStatic PE information: certificate valid
Source: initial sampleStatic PE information: Valid certificate with Microsoft Issuer
Source: elevation_service.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: elevation_service.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: elevation_service.exeStatic file information: File size 1838024 > 1048576
Source: elevation_service.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x15c800
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: elevation_service.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: elevation_service.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\e\src\out\Release_x64\elevation_service.exe.pdb source: elevation_service.exe
Source: Binary string: D:\a\_work\e\src\out\Release_x64\elevation_service.exe.pdbOGP source: elevation_service.exe
Source: elevation_service.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: elevation_service.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: elevation_service.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: elevation_service.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: elevation_service.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: elevation_service.exeStatic PE information: section name: .gxfg
Source: elevation_service.exeStatic PE information: section name: .retplne
Source: elevation_service.exeStatic PE information: section name: LZMADEC
Source: elevation_service.exeStatic PE information: section name: _RDATA
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe"
Source: C:\Users\user\Desktop\elevation_service.exeAPI coverage: 9.1 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234E1D9C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7234E1D9C
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF723487204 _Init_thread_header,GetProcessHeap,_Init_thread_header,6_2_00007FF723487204
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234CE438 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF7234CE438
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234E1D9C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7234E1D9C
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc start OZgQJJump to behavior
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF723510928 IsValidSid,GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,6_2_00007FF723510928
Source: C:\Users\user\Desktop\elevation_service.exeCode function: 6_2_00007FF7234CE6E4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,6_2_00007FF7234CE6E4

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		11
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Service Execution		1
DLL Side-Loading		11
Process Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
DLL Side-Loading		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428994 Sample: elevation_service.exe Startdate: 20/04/2024 Architecture: WINDOWS Score: 18 23 Sigma detected: Suspicious New Service Creation 2->23 6 cmd.exe 2 2->6         started        9 cmd.exe 2 2->9         started        11 elevation_service.exe 2->11         started        process3 file4 21 C:\servicereg.log, ASCII 6->21 dropped 13 conhost.exe 6->13         started        15 sc.exe 1 6->15         started        17 conhost.exe 9->17         started        19 sc.exe 1 9->19         started        process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
elevation_service.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilithelevation_service.exefalse
    		high
    https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffelevation_service.exefalse
      		high

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1428994
      Start date and time:2024-04-20 01:00:43 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 2m 26s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Run name:Run as Windows Service
      Number of analysed new started processes analysed:7
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:elevation_service.exe
      Detection:CLEAN
      Classification:clean18.winEXE@9/2@0/0
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:Failed
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Stop behavior analysis, all processes terminated

      Warnings

      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: elevation_service.exe

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      C:\servicereg.log

      Download File
      Process:C:\Windows\SysWOW64\cmd.exe
      File Type:ASCII text, with CRLF line terminators
      Category:modified
      Size (bytes):28
      Entropy (8bit):3.678439190827718
      Encrypted:false
      SSDEEP:3:4A4AnXjzSv:4HAnXjg
      MD5:A8F4D690C5BDE96AD275C7D4ABE0E3D3
      SHA1:7C62C96EFD2CA4F3C3EBF0B24C9B5B4C04A4570A
      SHA-256:596CCC911C1772735AAC6A6B756A76D3D55BCECD006B980CF147090B2243FA7B
      SHA-512:A875EBE3C5CDF222FF9D08576F4D996AF827A1C86B3E758CE23F6B33530D512A82CE8E39E519837512080C6212A0A19B3385809BE5F5001C4E488DD79550B852
      Malicious:true
      Reputation:moderate, very likely benign file
      Preview:[SC] CreateService SUCCESS..

      C:\servicestart.log

      Download File
      Process:C:\Windows\SysWOW64\cmd.exe
      File Type:ASCII text, with CRLF line terminators
      Category:modified
      Size (bytes):421
      Entropy (8bit):3.5163190789234875
      Encrypted:false
      SSDEEP:6:lg3D/8FNFGgVKBRjGxVVLvH2s/u8qLLFmLaZnsHgm66//V+NmAY2fq:lgA0gV0qVbH2suZLQqOVKmAxq
      MD5:132410ECDC544F13BE0AF4FB776048B4
      SHA1:300DFF48BAAE41CD3A390F293AA9B7A8D30243F0
      SHA-256:9DE198DC66F1FD4A3B6D45B4531192F8C3B0EB774FE22771852CB8966F235DAB
      SHA-512:115A03AC2257A15AD340FCD7254343D55B52B2EC1FDB2C70FBEC26B960BD9E9D4DC25DACB06B4AF42B15795D664229BE47B08DEA534668EF5C6C29B7942D8D76
      Malicious:false
      Reputation:low
      Preview:..SERVICE_NAME: OZgQJ .. TYPE : 10 WIN32_OWN_PROCESS .. STATE : 2 START_PENDING .. (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN).. WIN32_EXIT_CODE : 0 (0x0).. SERVICE_EXIT_CODE : 0 (0x0).. CHECKPOINT : 0x0.. WAIT_HINT : 0x7d0.. PID : 7008.. FLAGS : ..

      Static File Info

      General

      File type:PE32+ executable (GUI) x86-64, for MS Windows
      Entropy (8bit):6.553037080438572
      TrID:
      • Win64 Executable GUI (202006/5) 92.65%
      • Win64 Executable (generic) (12005/4) 5.51%
      • Generic Win/DOS Executable (2004/3) 0.92%
      • DOS Executable Generic (2002/1) 0.92%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:elevation_service.exe
      File size:1'838'024 bytes
      MD5:c93c02a0adb87cce4c3f1eded22889d9
      SHA1:5e0eed96333f4d1be22ceec37a3f98b095b50b93
      SHA256:6012fd82669bfd308bd6ac1c2b1b14821cc20c68881c496e838654b618199791
      SHA512:96d6f4d0fecba2107adb92b477f47953da5e83044161e148ffd30d346f724b42733cb7a9322c982c418d5ce341e69576b55f73a2f2af5fc6724a0580a0547718
      SSDEEP:49152:SQt30B3uA8EYHCree1uksbraFShGJIWkm:zt32u51HCri+sK
      TLSH:3B856C03F6D941E8D06DC17887469136EA72BC4A0B34B6DF0690B7592E77AE46F3EB10
      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..........................................`........................................

      File Icon

      Icon Hash:90cececece8e8eb0

      Static PE Info

      General

      Entrypoint:0x14009e6d0
      Entrypoint Section:.text
      Digitally signed:true
      Imagebase:0x140000000
      Subsystem:windows gui
      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Time Stamp:0x66189CBA [Fri Apr 12 02:30:18 2024 UTC]
      TLS Callbacks:0x40052150, 0x1, 0x4009d880, 0x1, 0x4004ff00, 0x1, 0x4009ce30, 0x1, 0x4002aba0, 0x1, 0x40050f30, 0x1
      CLR (.Net) Version:
      OS Version Major:10
      OS Version Minor:0
      File Version Major:10
      File Version Minor:0
      Subsystem Version Major:10
      Subsystem Version Minor:0
      Import Hash:719fd2c00189a1df5b9b1509b836eef3

      Authenticode Signature

      Signature Valid:true
      Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
      Signature Validation Error:The operation completed successfully
      Error Number:0
      Not Before, Not After
      • 19/10/2023 20:51:55 16/10/2024 20:51:55
      Subject Chain
      • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
      Version:3
      Thumbprint MD5:CE375D7A0A494CFB6B46B4398281FD9B
      Thumbprint SHA-1:FBFF636EBB3DE3A9FD6A55111F00B16D2FDFCF3D
      Thumbprint SHA-256:80CA15275739BEF2CAF6E5A4168EB0A07FEB15883E8A4F232D93B8EECFE0F0EA
      Serial:33000003A4CBE356B8CB7FE4270000000003A4

      Entrypoint Preview

      Instruction
      dec eax
      sub esp, 28h
      call 00007FBE7084F340h
      dec eax
      add esp, 28h
      jmp 00007FBE7084F1AFh
      int3
      int3
      dec eax
      mov dword ptr [esp+20h], ebx
      push ebp
      dec eax
      mov ebp, esp
      dec eax
      sub esp, 20h
      dec eax
      mov eax, dword ptr [000FC940h]
      dec eax
      mov ebx, 2DDFA232h
      cdq
      sub eax, dword ptr [eax]
      add byte ptr [eax+3Bh], cl
      ret
      jne 00007FBE7084F3A6h
      dec eax
      and dword ptr [ebp+18h], 00000000h
      dec eax
      lea ecx, dword ptr [ebp+18h]
      call dword ptr [000F0362h]
      dec eax
      mov eax, dword ptr [ebp+18h]
      dec eax
      mov dword ptr [ebp+10h], eax
      call dword ptr [000F025Ch]
      mov eax, eax
      dec eax
      xor dword ptr [ebp+10h], eax
      call dword ptr [000F0240h]
      mov eax, eax
      dec eax
      lea ecx, dword ptr [ebp+20h]
      dec eax
      xor dword ptr [ebp+10h], eax
      call dword ptr [000F0488h]
      mov eax, dword ptr [ebp+20h]
      dec eax
      lea ecx, dword ptr [ebp+10h]
      dec eax
      shl eax, 20h
      dec eax
      xor eax, dword ptr [ebp+20h]
      dec eax
      xor eax, dword ptr [ebp+10h]
      dec eax
      xor eax, ecx
      dec eax
      mov ecx, FFFFFFFFh

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x18dc7a0x3e4.rdata
      IMAGE_DIRECTORY_ENTRY_IMPORT0x18e0600xb4.rdata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1cb0000x1ac0.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1b60000xce34.pdata
      IMAGE_DIRECTORY_ENTRY_SECURITY0x1be4000x27c8.pdata
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1cd0000x1d40.reloc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x18b6fc0x38.rdata
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x18b5d00x28.rdata
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x15f3000x140.rdata
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x18e7a80x690.rdata
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x18d1d80x100.rdata
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x15c6cb0x15c800e497fd8e49cfb923b7dddd7e0bc32276False0.5182366391678622data6.573690533033309IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      .rdata0x15e0000x3c9500x3ca00291ae070e5ffa92a2db03b43847c6be2False0.4138611469072165data5.741133276985363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0x19b0000x1a5a00xfe00eefebc3a58495601ed00f3a88a102f4dFalse0.040354330708661415data1.5636633192940868IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      .pdata0x1b60000xce340xd00004b7fe8216f9cd6e602337abebfda8a1False0.4969012920673077data6.03512135145638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .gxfg0x1c30000x2d400x2e0061270f4a86c588579f07aa68b5f99016False0.4242527173913043data5.176887601209698IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .retplne0x1c60000xac0x200fd91265591b837c5463dc743a0369bfaFalse0.12890625data1.320312118710215
      .tls0x1c70000x1e10x200efd1c6f0f93ab2416c643b6c95043890False0.07421875data0.3227799089149221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
      LZMADEC0x1c80000x11f10x120005e9eab8428a551a281ab278073669faFalse0.3461371527777778data6.061983420666291IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      _RDATA0x1ca0000x15c0x200acbeea6d34cf7f3d9ebe1da9b644e51eFalse0.412109375data3.422089718840598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .rsrc0x1cb0000x1ac00x1c009eb247ad6a4192912c95b8dca06bae46False0.38936941964285715data4.5494994865267895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .reloc0x1cd0000x1d400x1e000a934b4c3799fd766f5465a0f1aa3039False0.32981770833333335GLS_BINARY_LSB_FIRST5.4171080989850156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountryZLIB Complexity
      TYPELIB0x1cb1000x10acdataEnglishUnited States0.3844892221180881
      RT_VERSION0x1cc1b00x478dataEnglishUnited States0.40646853146853146
      RT_MANIFEST0x1cc6280x497XML 1.0 document, ASCII text, with very long lines (1061)EnglishUnited States0.5089361702127659

      Imports

      DLLImport
      dbghelp.dllSymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW
      OLEAUT32.dllSysAllocStringByteLen, SysStringByteLen
      KERNEL32.dllAcquireSRWLockExclusive, AcquireSRWLockShared, AssignProcessToJobObject, CloseHandle, CompareStringW, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateHardLinkW, CreateProcessW, CreateThread, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameExW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProductInfo, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadId, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetVersionExW, GetWindowsDirectoryW, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, MapViewOfFile, MoveFileExW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, QueryFullProcessImageNameA, QueryFullProcessImageNameW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, ResetEvent, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SystemTimeToFileTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnmapViewOfFile, UpdateProcThreadAttribute, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForSingleObject, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpiW, lstrlenA
      CRYPT32.dllCryptProtectData, CryptUnprotectData
      RPCRT4.dllI_RpcOpenClientProcess
      api-ms-win-core-winrt-string-l1-1-0.dllWindowsCreateString, WindowsDeleteString, WindowsGetStringRawBuffer
      ntdll.dllNtClose, NtDeleteKey, NtOpenKeyEx, NtQueryValueKey, RtlFormatCurrentUserKeyPath, RtlFreeUnicodeString, RtlInitUnicodeString
      api-ms-win-core-winrt-l1-1-0.dllRoActivateInstance

      Exports

      NameOrdinalAddress
      GetHandleVerifier10x14007fb20
      OQS_CPU_has_extension20x1400e45f0
      OQS_KEM_alg_count30x1400ea8c0
      OQS_KEM_alg_identifier40x1400ea8a0
      OQS_KEM_alg_is_enabled50x1400ea8d0
      OQS_KEM_decaps60x1400eadb0
      OQS_KEM_encaps70x1400ead80
      OQS_KEM_free80x1400eade0
      OQS_KEM_keypair90x1400ead60
      OQS_KEM_kyber_768_decaps100x1400eae70
      OQS_KEM_kyber_768_encaps110x1400eae60
      OQS_KEM_kyber_768_keypair120x1400eae50
      OQS_KEM_new130x1400eab20
      OQS_MEM_cleanse140x1400e47a0
      OQS_MEM_insecure_free150x1400e47e0
      OQS_MEM_secure_bcmp160x1400e4770
      OQS_MEM_secure_free170x1400e47b0
      OQS_SIG_alg_count180x1400eaea0
      OQS_SIG_alg_identifier190x1400eae80
      OQS_SIG_alg_is_enabled200x1400eaeb0
      OQS_SIG_free210x1400eade0
      OQS_SIG_keypair220x1400eb020
      OQS_SIG_new230x1400eaeb0
      OQS_SIG_sign240x1400eb050
      OQS_SIG_verify250x1400eb0a0
      OQS_destroy260x1400e0030
      OQS_init270x1400e4750
      OQS_randombytes280x1400e4970
      OQS_randombytes_custom_algorithm290x1400e4960
      OQS_randombytes_nist_kat_init_256bit300x1400e4990
      OQS_randombytes_switch_algorithm310x1400e4860
      OQS_version320x1400e4760

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      No network behavior found

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:01:01:32
      Start date:20/04/2024
      Path:C:\Windows\SysWOW64\cmd.exe
      Wow64 process (32bit):true
      Commandline:cmd /c sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe" >> C:\servicereg.log 2>&1
      Imagebase:0x240000
      File size:236'544 bytes
      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:1
      Start time:01:01:32
      Start date:20/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff7699e0000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:2
      Start time:01:01:32
      Start date:20/04/2024
      Path:C:\Windows\SysWOW64\sc.exe
      Wow64 process (32bit):true
      Commandline:sc create OZgQJ binpath= "C:\Users\user\Desktop\elevation_service.exe"
      Imagebase:0xce0000
      File size:61'440 bytes
      MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:3
      Start time:01:01:33
      Start date:20/04/2024
      Path:C:\Windows\SysWOW64\cmd.exe
      Wow64 process (32bit):true
      Commandline:cmd /c sc start OZgQJ >> C:\servicestart.log 2>&1
      Imagebase:0x240000
      File size:236'544 bytes
      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:4
      Start time:01:01:33
      Start date:20/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff7699e0000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:5
      Start time:01:01:33
      Start date:20/04/2024
      Path:C:\Windows\SysWOW64\sc.exe
      Wow64 process (32bit):true
      Commandline:sc start OZgQJ
      Imagebase:0xce0000
      File size:61'440 bytes
      MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:6
      Start time:01:01:33
      Start date:20/04/2024
      Path:C:\Users\user\Desktop\elevation_service.exe
      Wow64 process (32bit):false
      Commandline:C:\Users\user\Desktop\elevation_service.exe
      Imagebase:0x7ff723430000
      File size:1'838'024 bytes
      MD5 hash:C93C02A0ADB87CCE4C3F1EDED22889D9
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Disassembly

      Reset < >

        Execution Graph

        Execution Coverage:3%
        Dynamic/Decrypted Code Coverage:0%
        Signature Coverage:7.3%
        Total number of Nodes:811
        Total number of Limit Nodes:44
        execution_graph 8540 7ff7234d6e90 8541 7ff7234d6eb4 8540->8541 8542 7ff7234d6eaf 8540->8542 8541->8542 8548 7ff7234f0a84 GetLastError 8541->8548 8544 7ff7234d6ecf 8581 7ff7234f1108 8544->8581 8549 7ff7234f0ac5 FlsSetValue 8548->8549 8550 7ff7234f0aa8 FlsGetValue 8548->8550 8552 7ff7234f0ad7 8549->8552 8570 7ff7234f0ab5 __free_lconv_mon 8549->8570 8551 7ff7234f0abf 8550->8551 8550->8570 8551->8549 8589 7ff723474110 8552->8589 8553 7ff7234f0b31 SetLastError 8556 7ff7234f0b51 8553->8556 8557 7ff7234f0b3e 8553->8557 8598 7ff7234e31e0 8556->8598 8557->8544 8558 7ff7234f0b04 FlsSetValue 8561 7ff7234f0b22 8558->8561 8562 7ff7234f0b10 FlsSetValue 8558->8562 8559 7ff7234f0af4 FlsSetValue 8559->8570 8593 7ff7234f0e18 8561->8593 8562->8570 8564 7ff7234f0b84 FlsSetValue 8567 7ff7234f0b76 __free_lconv_mon 8564->8567 8569 7ff7234f0b91 8564->8569 8565 7ff7234f0b69 FlsGetValue 8565->8567 8568 7ff7234f0b7e 8565->8568 8571 7ff7234f0b7c __free_lconv_mon 8567->8571 8572 7ff7234e31e0 _invalid_parameter_noinfo 49 API calls 8567->8572 8568->8564 8573 7ff723474110 memcpy_s 2 API calls 8569->8573 8570->8553 8571->8544 8574 7ff7234f0bf9 8572->8574 8575 7ff7234f0ba0 8573->8575 8576 7ff7234f0bbe FlsSetValue 8575->8576 8577 7ff7234f0bae FlsSetValue 8575->8577 8578 7ff7234f0bdc 8576->8578 8579 7ff7234f0bca FlsSetValue 8576->8579 8577->8567 8580 7ff7234f0e18 memcpy_s 2 API calls 8578->8580 8579->8567 8580->8571 8582 7ff7234d6ef2 8581->8582 8583 7ff7234f111d 8581->8583 8585 7ff7234f113c 8582->8585 8583->8582 8584 7ff7234f5ae4 _invalid_parameter_noinfo 61 API calls 8583->8584 8584->8582 8586 7ff7234f1151 8585->8586 8587 7ff7234f1164 8585->8587 8586->8587 8588 7ff7234f2214 _invalid_parameter_noinfo 61 API calls 8586->8588 8587->8542 8588->8587 8590 7ff723474126 8589->8590 8591 7ff723474154 8590->8591 8609 7ff723569ac0 8590->8609 8591->8558 8591->8559 8618 7ff7234f0fe0 8593->8618 8630 7ff7234ea0e0 8598->8630 8601 7ff7234e31f8 8603 7ff7234e3201 IsProcessorFeaturePresent 8601->8603 8604 7ff7234e322b 8601->8604 8605 7ff7234e3210 8603->8605 8633 7ff7234dc850 8604->8633 8669 7ff7234e1d9c 8605->8669 8612 7ff7234dcba0 8609->8612 8617 7ff7234f1f28 EnterCriticalSection 8612->8617 8614 7ff7234dcbad 8615 7ff7234f1f44 memcpy_s LeaveCriticalSection 8614->8615 8616 7ff7234dcbce 8615->8616 8616->8590 8628 7ff7234f1f28 EnterCriticalSection 8618->8628 8677 7ff7234ea38c 8630->8677 8634 7ff7234dc98c 8633->8634 8635 7ff7234dc9b1 GetModuleHandleW 8634->8635 8636 7ff7234dc9fb 8634->8636 8635->8636 8638 7ff7234dc9be 8635->8638 8683 7ff7234dcb20 8636->8683 8638->8636 8697 7ff7234dc8c4 GetModuleHandleExW 8638->8697 8640 7ff7234dca3e 8640->8564 8640->8565 8644 7ff7234ea110 8645 7ff7234ea140 8644->8645 8647 7ff7234ea167 8644->8647 8645->8647 8651 7ff7234ea154 8645->8651 8723 7ff7234f0bfc GetLastError 8645->8723 8648 7ff7234ea23c 8647->8648 8743 7ff7234f1f28 EnterCriticalSection 8647->8743 8652 7ff7234ea370 8648->8652 8654 7ff7234ea2a3 8648->8654 8661 7ff7234ea26a 8648->8661 8649 7ff7234ea1a4 8649->8601 8651->8647 8651->8649 8653 7ff7234ea1e9 8651->8653 8655 7ff7234ea37d 8652->8655 8745 7ff7234f1f44 LeaveCriticalSection 8652->8745 8737 7ff7234df944 8653->8737 8668 7ff7234ea301 8654->8668 8744 7ff7234f1f44 LeaveCriticalSection 8654->8744 8659 7ff7234dc850 _invalid_parameter_noinfo 14 API calls 8655->8659 8662 7ff7234ea387 8659->8662 8661->8654 8664 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 8661->8664 8666 7ff7234ea293 8664->8666 8665 7ff7234f0a84 61 API calls _invalid_parameter_noinfo 8665->8668 8667 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 8666->8667 8667->8654 8668->8665 8670 7ff7234e1dd6 _invalid_parameter_noinfo memcpy_s 8669->8670 8671 7ff7234e1dfe RtlCaptureContext RtlLookupFunctionEntry 8670->8671 8672 7ff7234e1e6e IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8671->8672 8673 7ff7234e1e38 RtlVirtualUnwind 8671->8673 8674 7ff7234e1ec0 _invalid_parameter_noinfo 8672->8674 8673->8672 8832 7ff7234ce1b0 8674->8832 8682 7ff7234f1f28 EnterCriticalSection 8677->8682 8679 7ff7234ea3a5 8680 7ff7234f1f44 memcpy_s LeaveCriticalSection 8679->8680 8681 7ff7234e31e9 8680->8681 8681->8601 8681->8644 8703 7ff7234f1f28 EnterCriticalSection 8683->8703 8685 7ff7234dcb3c 8686 7ff7234dca54 _invalid_parameter_noinfo EnterCriticalSection LeaveCriticalSection 8685->8686 8687 7ff7234dcb45 8686->8687 8688 7ff7234f1f44 memcpy_s LeaveCriticalSection 8687->8688 8689 7ff7234dca37 8688->8689 8689->8640 8690 7ff7234dc958 8689->8690 8704 7ff7234dc934 8690->8704 8692 7ff7234dc965 8693 7ff7234dc97a 8692->8693 8694 7ff7234dc969 GetCurrentProcess TerminateProcess 8692->8694 8695 7ff7234dc8c4 _invalid_parameter_noinfo 3 API calls 8693->8695 8694->8693 8696 7ff7234dc981 ExitProcess 8695->8696 8698 7ff7234dc921 8697->8698 8699 7ff7234dc8f8 GetProcAddress 8697->8699 8700 7ff7234dc926 FreeLibrary 8698->8700 8701 7ff7234dc92d 8698->8701 8702 7ff7234dc90a 8699->8702 8700->8701 8701->8636 8702->8698 8707 7ff7234f41fc 8704->8707 8706 7ff7234dc93d _invalid_parameter_noinfo 8706->8692 8708 7ff7234f420d _invalid_parameter_noinfo 8707->8708 8709 7ff7234f421b 8708->8709 8711 7ff7234f19e4 8708->8711 8709->8706 8714 7ff7234f1c20 8711->8714 8715 7ff7234f1a0c 8714->8715 8721 7ff7234f1c78 __vcrt_FlsGetValue 8714->8721 8715->8709 8716 7ff7234f1cad LoadLibraryExW 8718 7ff7234f1d82 8716->8718 8719 7ff7234f1cd2 GetLastError 8716->8719 8717 7ff7234f1da2 GetProcAddress 8717->8715 8718->8717 8720 7ff7234f1d99 FreeLibrary 8718->8720 8719->8721 8720->8717 8721->8715 8721->8716 8721->8717 8722 7ff7234f1d0c LoadLibraryExW 8721->8722 8722->8718 8722->8721 8724 7ff7234f0c20 FlsGetValue 8723->8724 8725 7ff7234f0c3d FlsSetValue 8723->8725 8726 7ff7234f0c37 8724->8726 8733 7ff7234f0c2d __free_lconv_mon 8724->8733 8727 7ff7234f0c4f 8725->8727 8725->8733 8726->8725 8729 7ff723474110 memcpy_s 2 API calls 8727->8729 8728 7ff7234f0ca9 SetLastError 8728->8651 8730 7ff7234f0c5e 8729->8730 8731 7ff7234f0c7c FlsSetValue 8730->8731 8732 7ff7234f0c6c FlsSetValue 8730->8732 8734 7ff7234f0c9a 8731->8734 8735 7ff7234f0c88 FlsSetValue 8731->8735 8732->8733 8733->8728 8736 7ff7234f0e18 memcpy_s 2 API calls 8734->8736 8735->8733 8736->8733 8738 7ff7234f0bfc memcpy_s 9 API calls 8737->8738 8739 7ff7234df94d 8738->8739 8740 7ff7234e1d00 8739->8740 8746 7ff7234e2084 8740->8746 8747 7ff7234e20af 8746->8747 8754 7ff7234e1f00 8747->8754 8751 7ff7234d1ce0 _invalid_parameter_noinfo 61 API calls 8753 7ff7234e1d19 8751->8753 8752 7ff7234e20f9 8752->8751 8752->8753 8753->8649 8777 7ff7234e1fcc 8754->8777 8758 7ff7234e1f3b 8758->8752 8762 7ff7234d1ce0 8758->8762 8763 7ff7234d1cef GetLastError 8762->8763 8764 7ff7234d1d38 8762->8764 8765 7ff7234d1d04 8763->8765 8764->8752 8766 7ff7234f0cc4 _invalid_parameter_noinfo 6 API calls 8765->8766 8767 7ff7234d1d1e SetLastError 8766->8767 8767->8764 8768 7ff7234d1d41 8767->8768 8769 7ff7234e31e0 _invalid_parameter_noinfo 59 API calls 8768->8769 8770 7ff7234d1d46 8769->8770 8771 7ff7234d1ce0 _invalid_parameter_noinfo 59 API calls 8770->8771 8772 7ff7234d1d67 8771->8772 8802 7ff7234f1170 8772->8802 8778 7ff7234e1f2a 8777->8778 8779 7ff7234e1fe8 GetLastError 8777->8779 8778->8758 8783 7ff7234e2038 8778->8783 8780 7ff7234e1ff8 8779->8780 8790 7ff7234f0cc4 8780->8790 8782 7ff7234e2013 SetLastError 8782->8778 8784 7ff7234e2054 GetLastError SetLastError 8783->8784 8785 7ff7234e1f87 8783->8785 8784->8785 8785->8758 8786 7ff7234e1d20 IsProcessorFeaturePresent 8785->8786 8787 7ff7234e1d33 8786->8787 8788 7ff7234e1d9c _invalid_parameter_noinfo 14 API calls 8787->8788 8789 7ff7234e1d4e GetCurrentProcess TerminateProcess 8788->8789 8791 7ff7234f0cfe FlsSetValue 8790->8791 8794 7ff7234f0ce3 8790->8794 8792 7ff7234f0d0b 8791->8792 8798 7ff7234f0cf0 __free_lconv_mon 8791->8798 8793 7ff723474110 memcpy_s 2 API calls 8792->8793 8795 7ff7234f0d1a 8793->8795 8794->8791 8794->8798 8796 7ff7234f0d38 FlsSetValue 8795->8796 8797 7ff7234f0d28 FlsSetValue 8795->8797 8799 7ff7234f0d56 8796->8799 8800 7ff7234f0d44 FlsSetValue 8796->8800 8797->8798 8798->8782 8801 7ff7234f0e18 memcpy_s 2 API calls 8799->8801 8800->8798 8801->8798 8803 7ff7234d1d8f 8802->8803 8804 7ff7234f1189 8802->8804 8806 7ff7234f11a8 8803->8806 8804->8803 8810 7ff7234f5ae4 8804->8810 8807 7ff7234f11c1 8806->8807 8808 7ff7234d1d9f 8806->8808 8807->8808 8821 7ff7234f2214 8807->8821 8808->8752 8811 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 8810->8811 8812 7ff7234f5af3 8811->8812 8813 7ff7234f5b3e 8812->8813 8820 7ff7234f1f28 EnterCriticalSection 8812->8820 8813->8803 8815 7ff7234f5b1c _invalid_parameter_noinfo 8816 7ff7234f1f44 memcpy_s LeaveCriticalSection 8815->8816 8817 7ff7234f5b39 8816->8817 8817->8813 8818 7ff7234e31e0 _invalid_parameter_noinfo 61 API calls 8817->8818 8819 7ff7234f5b51 8818->8819 8822 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 8821->8822 8823 7ff7234f221d 8822->8823 8831 7ff7234f1f28 EnterCriticalSection 8823->8831 8833 7ff7234ce1b9 8832->8833 8834 7ff7234ce280 IsProcessorFeaturePresent 8833->8834 8835 7ff7234ce1c4 8833->8835 8836 7ff7234ce298 8834->8836 8835->8604 8841 7ff7234ce3c4 RtlCaptureContext 8836->8841 8842 7ff7234ce3de RtlLookupFunctionEntry 8841->8842 8843 7ff7234ce3f4 RtlVirtualUnwind 8842->8843 8844 7ff7234ce2ab 8842->8844 8843->8842 8843->8844 8845 7ff7234ce438 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8844->8845 9607 7ff7234ce6d0 9610 7ff7234ce6e4 9607->9610 9611 7ff7234ce6d9 9610->9611 9612 7ff7234ce707 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 9610->9612 9612->9611 8878 7ff7234f2290 8889 7ff7234f2550 8878->8889 8881 7ff7234ce1b0 _log10_special 8 API calls 8883 7ff7234f2534 8881->8883 8882 7ff7234f22fa IsValidCodePage 8884 7ff7234f230b 8882->8884 8887 7ff7234f2413 8882->8887 8885 7ff7234f233a GetCPInfo 8884->8885 8888 7ff7234f2314 memcpy_s 8884->8888 8885->8887 8885->8888 8887->8881 8896 7ff7234f2990 8888->8896 8907 7ff7234d6e90 8889->8907 8892 7ff7234f2582 8894 7ff7234f2587 GetACP 8892->8894 8895 7ff7234f22bd 8892->8895 8893 7ff7234f2570 GetOEMCP 8893->8895 8894->8895 8895->8882 8895->8887 8895->8888 8897 7ff7234f29cd GetCPInfo 8896->8897 8898 7ff7234f2ac3 8896->8898 8897->8898 8903 7ff7234f29e0 8897->8903 8899 7ff7234ce1b0 _log10_special 8 API calls 8898->8899 8901 7ff7234f2b62 8899->8901 8901->8887 8915 7ff7234f04c4 8903->8915 8908 7ff7234d6eb4 8907->8908 8909 7ff7234d6eaf 8907->8909 8908->8909 8910 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 8908->8910 8909->8892 8909->8893 8911 7ff7234d6ecf 8910->8911 8912 7ff7234f1108 61 API calls 8911->8912 8913 7ff7234d6ef2 8912->8913 8914 7ff7234f113c 61 API calls 8913->8914 8914->8909 8916 7ff7234d6e90 61 API calls 8915->8916 8917 7ff7234f0506 8916->8917 8933 7ff7234f416c 8917->8933 8935 7ff7234f4175 MultiByteToWideChar 8933->8935 9002 7ff72343cb51 9004 7ff7234cb3e7 9002->9004 9003 7ff7234ce1b0 _log10_special 8 API calls 9005 7ff7234cb48b 9003->9005 9004->9003 9053 7ff723575600 9055 7ff7235756fd 9053->9055 9057 7ff723575639 9053->9057 9054 7ff723575691 9054->9055 9056 7ff7235756a0 9054->9056 9071 7ff7234b08e0 9055->9071 9061 7ff7234ce1b0 _log10_special 8 API calls 9056->9061 9057->9054 9057->9055 9063 7ff723574fe0 9057->9063 9062 7ff7235756bc 9061->9062 9065 7ff723575077 9063->9065 9068 7ff723575029 9063->9068 9084 7ff7235751e0 9065->9084 9067 7ff723575098 9069 7ff7234ce1b0 _log10_special 8 API calls 9067->9069 9068->9065 9074 7ff723575120 9068->9074 9070 7ff7235750b3 9069->9070 9070->9054 9553 7ff7234786b0 9071->9553 9075 7ff723575147 9074->9075 9077 7ff723575159 9074->9077 9075->9077 9092 7ff723575300 9075->9092 9078 7ff723575241 9077->9078 9080 7ff723575120 125 API calls 9077->9080 9104 7ff723575540 9078->9104 9080->9077 9081 7ff723575268 9082 7ff7234ce1b0 _log10_special 8 API calls 9081->9082 9083 7ff723575280 9082->9083 9083->9068 9085 7ff72357520b 9084->9085 9086 7ff723575241 9084->9086 9085->9086 9088 7ff723575120 125 API calls 9085->9088 9087 7ff723575540 125 API calls 9086->9087 9089 7ff723575268 9087->9089 9088->9085 9090 7ff7234ce1b0 _log10_special 8 API calls 9089->9090 9091 7ff723575280 9090->9091 9091->9067 9093 7ff72357533d 9092->9093 9100 7ff723575438 9092->9100 9095 7ff723575466 9093->9095 9097 7ff7234ccb00 4 API calls 9093->9097 9101 7ff723575390 9093->9101 9127 7ff723510928 9095->9127 9097->9101 9098 7ff72357546b 9099 7ff72357540f 9102 7ff7234ce1b0 _log10_special 8 API calls 9099->9102 9118 7ff7235107a0 9100->9118 9101->9099 9101->9100 9103 7ff72357542b 9102->9103 9103->9077 9105 7ff723575569 9104->9105 9106 7ff72357556f 9104->9106 9105->9106 9107 7ff723575300 113 API calls 9105->9107 9108 7ff7235755b9 9106->9108 9548 7ff7235752a0 9106->9548 9107->9106 9110 7ff723575691 9108->9110 9111 7ff7235756fd 9108->9111 9114 7ff723574fe0 125 API calls 9108->9114 9110->9111 9112 7ff7235756a0 9110->9112 9113 7ff7234b08e0 73 API calls 9111->9113 9116 7ff7234ce1b0 _log10_special 8 API calls 9112->9116 9115 7ff723575752 9113->9115 9114->9110 9115->9081 9117 7ff7235756bc 9116->9117 9117->9081 9173 7ff723510651 9118->9173 9128 7ff723510938 9127->9128 9129 7ff72351095a IsValidSid 9128->9129 9144 7ff723510974 __free_lconv_mon 9128->9144 9130 7ff723510991 9129->9130 9129->9144 9133 7ff7234ccb00 4 API calls 9130->9133 9131 7ff7234ce1b0 _log10_special 8 API calls 9132 7ff723510983 9131->9132 9132->9098 9134 7ff7235109b5 9133->9134 9282 7ff72351197e 9134->9282 9137 7ff723510a41 9311 7ff72344cc67 9137->9311 9138 7ff723510a03 9304 7ff7235117e4 9138->9304 9142 7ff723510ab8 9362 7ff723511e64 9142->9362 9144->9131 9145 7ff723510a7e 9145->9142 9147 7ff723510a90 GetSecurityDescriptorDacl 9145->9147 9149 7ff723510ab3 9147->9149 9154 7ff723510ac9 9147->9154 9148 7ff723510ae3 SetSecurityDescriptorDacl 9151 7ff723510b07 __free_lconv_mon 9148->9151 9152 7ff723510b7a 9148->9152 9424 7ff723511ccf GetLastError 9149->9424 9160 7ff7234ce1b0 _log10_special 8 API calls 9151->9160 9429 7ff723511a5c GetLastError 9152->9429 9154->9148 9374 7ff723511ec4 9154->9374 9155 7ff723510b70 9157 7ff72344cc67 3 API calls 9155->9157 9157->9152 9159 7ff723510b7f __free_lconv_mon 9164 7ff72344cc67 3 API calls 9159->9164 9162 7ff723510b1e 9160->9162 9162->9098 9163 7ff723473ed0 2 API calls 9165 7ff723510b3e 9163->9165 9167 7ff723510b90 9164->9167 9165->9155 9166 7ff723510b43 9165->9166 9386 7ff723511f3e 9166->9386 9171 7ff723510b5f 9412 7ff723511657 9171->9412 9174 7ff723510664 9173->9174 9176 7ff723510677 9174->9176 9177 7ff72351068a 9176->9177 9178 7ff7235106f8 9177->9178 9179 7ff7235106b1 9177->9179 9183 7ff7235106bc memcpy_s 9177->9183 9181 7ff7235107a0 113 API calls 9178->9181 9180 7ff7234ccb00 4 API calls 9179->9180 9180->9183 9182 7ff723510700 9181->9182 9184 7ff723510785 9182->9184 9185 7ff723510734 9182->9185 9186 7ff723510796 9182->9186 9187 7ff7234ccb00 4 API calls 9185->9187 9188 7ff7235107a0 113 API calls 9186->9188 9189 7ff723510747 9187->9189 9190 7ff72351079e 9188->9190 9189->9184 9200 7ff723486d85 9189->9200 9191 7ff723510651 113 API calls 9190->9191 9194 7ff7235107b0 9191->9194 9193 7ff7235107d2 9194->9193 9215 7ff7234576c2 9194->9215 9196 7ff7235108b4 memcpy_s 9197 7ff723510914 9196->9197 9198 7ff7234ce1b0 _log10_special 8 API calls 9196->9198 9199 7ff723510905 9198->9199 9201 7ff723486dbe 9200->9201 9202 7ff723486d8f 9200->9202 9205 7ff723486e0c 9201->9205 9206 7ff723486ddc 9201->9206 9225 7ff723457498 9202->9225 9204 7ff723486db5 9204->9189 9207 7ff723486e2b 9205->9207 9212 7ff723486e51 9205->9212 9233 7ff723457750 9206->9233 9242 7ff723463074 9207->9242 9209 7ff723486dfe 9209->9189 9211 7ff723486e47 9211->9189 9213 7ff723486e9b 9212->9213 9254 7ff723457818 9212->9254 9213->9189 9216 7ff7234576dd 9215->9216 9217 7ff723457747 9215->9217 9218 7ff72345770e 9216->9218 9220 7ff723457705 9216->9220 9221 7ff723457742 9216->9221 9219 7ff723510640 113 API calls 9217->9219 9218->9196 9222 7ff72345774f 9219->9222 9223 7ff7234ccb00 4 API calls 9220->9223 9224 7ff723510928 104 API calls 9221->9224 9223->9218 9224->9217 9226 7ff7234574a8 9225->9226 9231 7ff7234574be memcpy_s 9225->9231 9227 7ff7234574ad 9226->9227 9228 7ff7234574f5 9226->9228 9230 7ff7234ccb00 4 API calls 9227->9230 9229 7ff7235107a0 113 API calls 9228->9229 9232 7ff7234574fd 9229->9232 9230->9231 9231->9204 9232->9204 9234 7ff7234577f7 9233->9234 9236 7ff723457771 9233->9236 9260 7ff723510640 9234->9260 9237 7ff7234577d6 9236->9237 9238 7ff7234577ff 9236->9238 9241 7ff72345777d memcpy_s 9236->9241 9239 7ff7234ccb00 4 API calls 9237->9239 9240 7ff723510928 104 API calls 9238->9240 9239->9241 9240->9241 9241->9209 9243 7ff72346312e 9242->9243 9244 7ff7234630a1 9242->9244 9245 7ff723510640 113 API calls 9243->9245 9246 7ff723463129 9244->9246 9247 7ff7234630d2 9244->9247 9250 7ff7234630db 9244->9250 9245->9250 9249 7ff723510928 104 API calls 9246->9249 9248 7ff7234ccb00 4 API calls 9247->9248 9248->9250 9249->9243 9251 7ff7234630fc memcpy_s 9250->9251 9264 7ff7234ce970 9250->9264 9251->9211 9255 7ff723457924 9254->9255 9257 7ff723457844 9254->9257 9256 7ff723510640 113 API calls 9255->9256 9259 7ff7234578ae memcpy_s 9256->9259 9258 7ff7234ccb00 4 API calls 9257->9258 9258->9259 9259->9213 9261 7ff723510651 113 API calls 9260->9261 9262 7ff723510650 9261->9262 9263 7ff723510677 113 API calls 9262->9263 9269 7ff7234e0fe0 9264->9269 9270 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 9269->9270 9271 7ff7234e0fe9 9270->9271 9272 7ff7234e31e0 _invalid_parameter_noinfo 61 API calls 9271->9272 9273 7ff7234e1009 9272->9273 9274 7ff7234f0a84 _invalid_parameter_noinfo 61 API calls 9273->9274 9275 7ff7234ce979 9274->9275 9276 7ff7234ecd88 9275->9276 9277 7ff7234ecda4 11 API calls 9276->9277 9278 7ff7234ecd91 9277->9278 9279 7ff723463164 9278->9279 9280 7ff7234e31e0 _invalid_parameter_noinfo 61 API calls 9278->9280 9281 7ff7234ecda0 9280->9281 9430 7ff723511aa6 9282->9430 9285 7ff723511aa6 87 API calls 9286 7ff7235119c3 9285->9286 9287 7ff723511aa6 87 API calls 9286->9287 9288 7ff7235119d8 9287->9288 9438 7ff723487204 9288->9438 9291 7ff7235119ea 9295 7ff7235109ce 9291->9295 9296 7ff723511a00 IsValidSid 9291->9296 9292 7ff723511a3b 9293 7ff72344cc67 3 API calls 9292->9293 9294 7ff723511a45 9293->9294 9297 7ff72344cc67 3 API calls 9294->9297 9295->9137 9295->9138 9296->9294 9298 7ff723511a11 GetLengthSid CopySid 9296->9298 9299 7ff723511a4f 9297->9299 9298->9295 9298->9299 9453 7ff723511a5c GetLastError 9299->9453 9301 7ff723511a54 9302 7ff72344cc67 3 API calls 9301->9302 9303 7ff723511a5b 9302->9303 9305 7ff72351181b 9304->9305 9306 7ff7235117fb 9304->9306 9511 7ff723511544 9305->9511 9306->9144 9308 7ff723511827 9308->9306 9309 7ff72344cc67 3 API calls 9308->9309 9310 7ff723511835 9309->9310 9522 7ff7235110a3 RaiseException 9311->9522 9314 7ff72344ccca 9314->9142 9316 7ff723510b92 9314->9316 9315 7ff72344ccc3 HeapDestroy 9315->9314 9317 7ff723510bef 9316->9317 9318 7ff723510bc3 GetSecurityDescriptorControl 9316->9318 9320 7ff7234ce1b0 _log10_special 8 API calls 9317->9320 9318->9317 9319 7ff723510df2 9318->9319 9322 7ff72344cc67 3 API calls 9319->9322 9321 7ff723510bff 9320->9321 9321->9145 9323 7ff723510dfc 9322->9323 9324 7ff723511e64 7 API calls 9323->9324 9325 7ff723510e6f 9324->9325 9326 7ff72344cc67 3 API calls 9325->9326 9327 7ff723510efd 9326->9327 9328 7ff72344cc67 3 API calls 9327->9328 9329 7ff723510f07 9328->9329 9330 7ff723511ccf 17 API calls 9329->9330 9331 7ff723510f0c 9330->9331 9526 7ff723511a5c GetLastError 9331->9526 9333 7ff723510f11 __free_lconv_mon 9334 7ff72344cc67 3 API calls 9333->9334 9335 7ff723510f22 9334->9335 9336 7ff723510f8d 9335->9336 9337 7ff723510b92 21 API calls 9335->9337 9338 7ff723511e64 7 API calls 9336->9338 9337->9336 9339 7ff723510f95 9338->9339 9340 7ff723511019 9339->9340 9341 7ff723510fa4 IsValidSid 9339->9341 9342 7ff72344cc67 3 API calls 9340->9342 9341->9340 9343 7ff723510fb5 GetLengthSid 9341->9343 9345 7ff723511023 9342->9345 9344 7ff723473ed0 2 API calls 9343->9344 9346 7ff723510fc7 9344->9346 9347 7ff72344cc67 3 API calls 9345->9347 9346->9345 9348 7ff723510fcc CopySid 9346->9348 9349 7ff72351102d 9347->9349 9350 7ff723510fe1 SetSecurityDescriptorGroup 9348->9350 9351 7ff723511032 9348->9351 9352 7ff723511ccf 17 API calls 9349->9352 9350->9351 9354 7ff723510ff6 __free_lconv_mon 9350->9354 9527 7ff723511a5c GetLastError 9351->9527 9352->9351 9356 7ff7234ce1b0 _log10_special 8 API calls 9354->9356 9355 7ff723511037 __free_lconv_mon 9357 7ff72344cc67 3 API calls 9355->9357 9358 7ff72351100d 9356->9358 9359 7ff723511048 9357->9359 9358->9145 9528 7ff723511432 9359->9528 9361 7ff723511071 __free_lconv_mon 9363 7ff723473ed0 2 API calls 9362->9363 9364 7ff723511e77 9363->9364 9365 7ff723511e99 9364->9365 9366 7ff723511e80 InitializeSecurityDescriptor 9364->9366 9369 7ff72344cc67 3 API calls 9365->9369 9367 7ff723511e92 9366->9367 9368 7ff723511ea3 9366->9368 9367->9154 9532 7ff723511a5c GetLastError 9368->9532 9369->9368 9371 7ff723511ea8 __free_lconv_mon 9372 7ff72344cc67 3 API calls 9371->9372 9373 7ff723511ec2 9372->9373 9375 7ff723511f3e 8 API calls 9374->9375 9376 7ff723511edd 9375->9376 9377 7ff723511f32 9376->9377 9378 7ff723511ee2 GetAclInformation 9376->9378 9379 7ff72344cc67 3 API calls 9377->9379 9380 7ff723511f2d 9378->9380 9381 7ff723511f14 9378->9381 9384 7ff723511f3c 9379->9384 9383 7ff723511ccf 17 API calls 9380->9383 9382 7ff7234ce1b0 _log10_special 8 API calls 9381->9382 9385 7ff723510b33 9382->9385 9383->9377 9385->9163 9387 7ff723511f65 9386->9387 9400 7ff723510b4e 9386->9400 9388 7ff723473ed0 2 API calls 9387->9388 9387->9400 9389 7ff723511fca 9388->9389 9390 7ff723511fd7 InitializeAcl 9389->9390 9391 7ff723512090 9389->9391 9393 7ff723512071 9390->9393 9398 7ff723511fee 9390->9398 9392 7ff72344cc67 3 API calls 9391->9392 9394 7ff72351209a 9392->9394 9533 7ff723511a5c GetLastError 9393->9533 9396 7ff723512076 __free_lconv_mon 9397 7ff72344cc67 3 API calls 9396->9397 9397->9391 9398->9393 9399 7ff72351204b AddAce 9398->9399 9398->9400 9399->9393 9399->9398 9401 7ff72344cce6 9400->9401 9405 7ff72344ccf6 memcpy_s 9401->9405 9408 7ff72344cd0e memcpy_s 9401->9408 9402 7ff72344cd1b 9403 7ff7234df944 memcpy_s 9 API calls 9402->9403 9404 7ff72344cd20 9403->9404 9406 7ff7234e1d00 _invalid_parameter_noinfo 61 API calls 9404->9406 9405->9402 9407 7ff72344cd4b 9405->9407 9405->9408 9406->9408 9407->9408 9409 7ff7234df944 memcpy_s 9 API calls 9407->9409 9408->9171 9410 7ff72344cd5a 9409->9410 9411 7ff7234e1d00 _invalid_parameter_noinfo 61 API calls 9410->9411 9411->9408 9413 7ff723511667 9412->9413 9416 7ff723511660 9412->9416 9414 7ff72351166b 9413->9414 9415 7ff723511695 9413->9415 9417 7ff72344cc67 3 API calls 9413->9417 9414->9148 9418 7ff72344cc67 3 API calls 9415->9418 9416->9414 9416->9415 9419 7ff72344cc67 3 API calls 9416->9419 9417->9415 9420 7ff72351169f 9418->9420 9419->9413 9421 7ff72344cc67 3 API calls 9420->9421 9422 7ff7235116c7 9420->9422 9423 7ff723511746 9421->9423 9422->9148 9423->9148 9425 7ff72344cc67 3 API calls 9424->9425 9426 7ff723511cec 9425->9426 9534 7ff723511d20 9426->9534 9428 7ff723511d0a 9428->9155 9429->9159 9431 7ff723511ab7 9430->9431 9432 7ff7235119ae 9431->9432 9433 7ff723511b13 9431->9433 9434 7ff723511ae6 9431->9434 9432->9285 9454 7ff723511b1a 9433->9454 9436 7ff72344cce6 61 API calls 9434->9436 9436->9432 9439 7ff723487229 9438->9439 9440 7ff723487278 9438->9440 9442 7ff7234ccc60 _Init_thread_header 5 API calls 9439->9442 9441 7ff72348730f 9440->9441 9443 7ff7234ccc60 _Init_thread_header 5 API calls 9440->9443 9441->9291 9441->9292 9444 7ff723487235 9442->9444 9445 7ff7234872a5 9443->9445 9444->9440 9446 7ff72348723e GetProcessHeap 9444->9446 9445->9441 9449 7ff7234cced8 2 API calls 9445->9449 9494 7ff7234cced8 9446->9494 9451 7ff723487303 9449->9451 9450 7ff7234cccf8 4 API calls 9450->9440 9452 7ff7234cccf8 4 API calls 9451->9452 9452->9441 9453->9301 9455 7ff72344cc67 3 API calls 9454->9455 9456 7ff723511b28 9455->9456 9457 7ff723487204 12 API calls 9456->9457 9460 7ff723511b76 9457->9460 9458 7ff723511cb5 9459 7ff72344cc67 3 API calls 9458->9459 9461 7ff723511cbf 9459->9461 9460->9458 9462 7ff723487204 12 API calls 9460->9462 9463 7ff72344cc67 3 API calls 9461->9463 9467 7ff723511b94 9462->9467 9464 7ff723511cc9 9463->9464 9465 7ff723511ccf 17 API calls 9464->9465 9466 7ff723511cce 9465->9466 9467->9458 9468 7ff723487204 12 API calls 9467->9468 9469 7ff723511bb2 9468->9469 9469->9458 9470 7ff723487204 12 API calls 9469->9470 9471 7ff723511bd0 9470->9471 9471->9458 9472 7ff723511bd9 9471->9472 9472->9461 9473 7ff723511c14 GetSidLengthRequired 9472->9473 9473->9461 9474 7ff723511c25 InitializeSid 9473->9474 9474->9464 9475 7ff723511c3e 9474->9475 9476 7ff723511c5c GetSidSubAuthority 9475->9476 9476->9476 9477 7ff723511c7e 9476->9477 9482 7ff7234cc77a IsValidSid 9477->9482 9480 7ff7234ce1b0 _log10_special 8 API calls 9481 7ff723511b18 9480->9481 9483 7ff7234cc793 GetLengthSid 9482->9483 9484 7ff7234cc7bf 9482->9484 9483->9484 9485 7ff7234cc7a1 CopySid 9483->9485 9486 7ff72344cc67 3 API calls 9484->9486 9487 7ff7234cc7b8 9485->9487 9488 7ff7234cc7c9 9485->9488 9486->9488 9487->9480 9493 7ff723511a5c GetLastError 9488->9493 9490 7ff7234cc7ce 9491 7ff72344cc67 3 API calls 9490->9491 9492 7ff7234cc7d9 9491->9492 9493->9490 9497 7ff7234ccef0 9494->9497 9496 7ff72348726c 9496->9450 9498 7ff7234ccf03 9497->9498 9499 7ff7234ccf0a 9497->9499 9498->9496 9501 7ff7234df140 9499->9501 9504 7ff7234df4ac 9501->9504 9505 7ff7234f1f28 memcpy_s EnterCriticalSection 9504->9505 9506 7ff7234df4c8 9505->9506 9507 7ff7234df1dc EnterCriticalSection LeaveCriticalSection 9506->9507 9508 7ff7234df4d1 9507->9508 9509 7ff7234f1f44 memcpy_s LeaveCriticalSection 9508->9509 9510 7ff7234df182 9509->9510 9510->9498 9512 7ff72351155e 9511->9512 9517 7ff723511597 __free_lconv_mon 9511->9517 9513 7ff7235115ac 9512->9513 9514 7ff72351156d 9512->9514 9515 7ff723473fd0 2 API calls 9513->9515 9518 7ff723473fd0 9514->9518 9515->9517 9517->9308 9520 7ff723473fe6 9518->9520 9519 7ff72347400d 9519->9517 9520->9519 9521 7ff723569ac0 memcpy_s 2 API calls 9520->9521 9521->9520 9523 7ff7235110cc 9522->9523 9524 7ff72344cc96 9522->9524 9523->9524 9525 7ff7235110d4 HeapReAlloc 9523->9525 9524->9314 9524->9315 9525->9524 9526->9333 9527->9355 9529 7ff723511449 9528->9529 9530 7ff723511544 2 API calls 9529->9530 9531 7ff72351145c __free_lconv_mon memcpy_s 9529->9531 9530->9531 9531->9361 9532->9371 9533->9396 9535 7ff723511e2c __free_lconv_mon 9534->9535 9536 7ff723511d4c GetSecurityDescriptorControl 9534->9536 9537 7ff7234ce1b0 _log10_special 8 API calls 9535->9537 9536->9535 9538 7ff723511d70 9536->9538 9539 7ff723511e54 9537->9539 9538->9535 9540 7ff723511d7c GetSecurityDescriptorOwner 9538->9540 9539->9428 9547 7ff723473f30 9540->9547 9549 7ff7235752c4 9548->9549 9550 7ff7235752e1 9548->9550 9551 7ff7234ce1b0 _log10_special 8 API calls 9549->9551 9552 7ff7235752db 9551->9552 9552->9108 9554 7ff7234786bc 9553->9554 9557 7ff7234786c8 9553->9557 9555 7ff723473ed0 2 API calls 9554->9555 9555->9557 9558 7ff7234786cd 9557->9558 9559 7ff7234b89a0 9557->9559 9564 7ff7234b8940 9559->9564 9562 7ff7234b8a44 GetLastError 9563 7ff7234b89ca __free_lconv_mon 9562->9563 9563->9558 9571 7ff723480040 InitOnceExecuteOnce 9564->9571 9566 7ff7234b894d 9567 7ff7234b8955 9566->9567 9568 7ff723473fd0 2 API calls 9566->9568 9567->9562 9567->9563 9569 7ff7234b896e 9568->9569 9569->9567 9586 7ff7234b8550 InitOnceExecuteOnce 9569->9586 9572 7ff7234800d2 9571->9572 9573 7ff723480082 9571->9573 9576 7ff7234e31e0 _invalid_parameter_noinfo 61 API calls 9572->9576 9574 7ff7234800af 9573->9574 9575 7ff72348008b GetLastError TlsGetValue SetLastError 9573->9575 9578 7ff7234ce1b0 _log10_special 8 API calls 9574->9578 9575->9574 9577 7ff7234800d7 9576->9577 9579 7ff723480040 68 API calls 9577->9579 9580 7ff7234800c3 9578->9580 9581 7ff7234800f1 9579->9581 9580->9566 9582 7ff723473fd0 2 API calls 9581->9582 9585 7ff7234800fd __free_lconv_mon 9581->9585 9583 7ff7234802a8 9582->9583 9584 7ff7234b8550 68 API calls 9583->9584 9583->9585 9584->9585 9585->9566 9587 7ff7234b85a1 9586->9587 9588 7ff7234b8648 9586->9588 9589 7ff7234b85ae GetLastError TlsGetValue SetLastError 9587->9589 9594 7ff7234b862c __free_lconv_mon 9587->9594 9590 7ff7234e31e0 _invalid_parameter_noinfo 61 API calls 9588->9590 9591 7ff7234b85d2 9589->9591 9592 7ff7234b85fc AcquireSRWLockExclusive ReleaseSRWLockExclusive 9589->9592 9590->9594 9593 7ff723473fd0 2 API calls 9591->9593 9592->9594 9595 7ff7234b85e1 9593->9595 9596 7ff7234ce1b0 _log10_special 8 API calls 9594->9596 9595->9594 9597 7ff7234b85e6 TlsSetValue 9595->9597 9598 7ff7234b8639 9596->9598 9597->9592 9597->9594 9598->9567 9009 7ff7234dc844 9010 7ff7234dc98c 9009->9010 9011 7ff7234dc9b1 GetModuleHandleW 9010->9011 9012 7ff7234dc9fb 9010->9012 9011->9012 9014 7ff7234dc9be 9011->9014 9013 7ff7234dcb20 _invalid_parameter_noinfo 2 API calls 9012->9013 9015 7ff7234dca37 9013->9015 9014->9012 9019 7ff7234dc8c4 _invalid_parameter_noinfo 3 API calls 9014->9019 9016 7ff7234dca3e 9015->9016 9017 7ff7234dc958 _invalid_parameter_noinfo 11 API calls 9015->9017 9018 7ff7234dca50 9017->9018 9019->9012 8524 7ff7234be0c0 8525 7ff7234be0f0 8524->8525 8531 7ff7234be0e5 8524->8531 8532 7ff7234ccc60 EnterCriticalSection 8525->8532 8527 7ff7234be0fc 8528 7ff7234be120 113 API calls 8527->8528 8527->8531 8529 7ff7234be10a 8528->8529 8530 7ff7234cccf8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 8529->8530 8530->8531 8533 7ff7234ccc76 8532->8533 8534 7ff7234ccc7b LeaveCriticalSection 8533->8534 8537 7ff7234ccd58 8533->8537 8538 7ff7234ccd6c 8537->8538 8539 7ff7234ccd89 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 8537->8539 8538->8539 9020 7ff72350d230 9023 7ff7234ccb00 9020->9023 9022 7ff72350d247 memcpy_s 9026 7ff7234ccb0b 9023->9026 9025 7ff7234ccb24 9025->9022 9026->9025 9029 7ff7234ccb2a 9026->9029 9033 7ff7234dcb58 9026->9033 9036 7ff723473ed0 9026->9036 9028 7ff7234ccb35 9044 7ff7234cdb40 9028->9044 9029->9028 9040 7ff7234cdb20 9029->9040 9034 7ff7234dcba0 memcpy_s 2 API calls 9033->9034 9035 7ff7234dcb6a 9034->9035 9035->9026 9038 7ff723473ee1 9036->9038 9037 7ff723473f0b 9037->9026 9038->9037 9039 7ff723569ac0 memcpy_s 2 API calls 9038->9039 9039->9038 9041 7ff7234cdb2e std::bad_alloc::bad_alloc 9040->9041 9048 7ff7234ce85c 9041->9048 9043 7ff7234cdb3f 9045 7ff7234cdb4e std::bad_alloc::bad_alloc 9044->9045 9046 7ff7234ce85c Concurrency::cancel_current_task 2 API calls 9045->9046 9047 7ff7234cdb5f 9046->9047 9049 7ff7234ce87b 9048->9049 9050 7ff7234ce898 RtlPcToFileHeader 9048->9050 9049->9050 9051 7ff7234ce8bf RaiseException 9050->9051 9052 7ff7234ce8b0 9050->9052 9051->9043 9052->9051 8846 7ff7234f0bfc GetLastError 8847 7ff7234f0c20 FlsGetValue 8846->8847 8848 7ff7234f0c3d FlsSetValue 8846->8848 8849 7ff7234f0c37 8847->8849 8856 7ff7234f0c2d __free_lconv_mon 8847->8856 8850 7ff7234f0c4f 8848->8850 8848->8856 8849->8848 8852 7ff723474110 memcpy_s 2 API calls 8850->8852 8851 7ff7234f0ca9 SetLastError 8853 7ff7234f0c5e 8852->8853 8854 7ff7234f0c7c FlsSetValue 8853->8854 8855 7ff7234f0c6c FlsSetValue 8853->8855 8857 7ff7234f0c9a 8854->8857 8858 7ff7234f0c88 FlsSetValue 8854->8858 8855->8856 8856->8851 8859 7ff7234f0e18 memcpy_s 2 API calls 8857->8859 8858->8856 8859->8856 8875 7ff723433560 8876 7ff7234336d0 RtlVirtualUnwind 8875->8876 8877 7ff723433594 8875->8877 8877->8876 8860 7ff7234e70b8 8861 7ff7234e70e1 8860->8861 8862 7ff7234e710e 8860->8862 8863 7ff7234e7127 8862->8863 8864 7ff7234e717e 8862->8864 8865 7ff7234e1f00 _invalid_parameter_noinfo 27 API calls 8863->8865 8871 7ff7234e0f90 EnterCriticalSection 8864->8871 8865->8861 8867 7ff7234e7185 8868 7ff7234e719c 8867->8868 8869 7ff7234e6db0 85 API calls 8867->8869 8870 7ff7234e0fb8 LeaveCriticalSection 8868->8870 8869->8868 8870->8861 9602 7ff7234659e0 9603 7ff723465a0a QueryPerformanceCounter 9602->9603 9604 7ff723465a32 9602->9604 9603->9604 9605 7ff7234ce1b0 _log10_special 8 API calls 9604->9605 9606 7ff723465a80 9605->9606 8976 7ff7234f2b78 8989 7ff7234f1f28 EnterCriticalSection 8976->8989 8990 7ff72356c970 8991 7ff72356c9a1 8990->8991 8995 7ff72356c995 8990->8995 8992 7ff7234ccc60 _Init_thread_header 5 API calls 8991->8992 8993 7ff72356c9ad 8992->8993 8993->8995 8996 7ff7234cccf8 EnterCriticalSection LeaveCriticalSection 8993->8996 8997 7ff7234ccdbc SetEvent ResetEvent 8996->8997

        Executed Functions

        Function 00007FF7234F0BFC Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: Value$ErrorLast
        • String ID:
        • API String ID: 2506987500-0
        • Opcode ID: 1eb6c5f04907fdfc1cde27baf1d5b0d84ab5507e669d3bada658521548b50840
        • Instruction ID: f954000a8537cdf09049a297f19a89bfaa49685dfc790a42ec45cafe3091b128
        • Opcode Fuzzy Hash: 1eb6c5f04907fdfc1cde27baf1d5b0d84ab5507e669d3bada658521548b50840
        • Instruction Fuzzy Hash: 3F116220B0968241F6D8B3325D51139D152DF947B4FD847F5D83EA76D6EE2CB4025A20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234E6DB0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 20 7ff7234e6db0-7ff7234e6dd5 21 7ff7234e70a3 20->21 22 7ff7234e6ddb-7ff7234e6dde 20->22 25 7ff7234e70a5-7ff7234e70b5 21->25 23 7ff7234e6de0-7ff7234e6e12 call 7ff7234e1f00 22->23 24 7ff7234e6e17-7ff7234e6e43 22->24 23->25 27 7ff7234e6e45-7ff7234e6e4c 24->27 28 7ff7234e6e4e-7ff7234e6e54 24->28 27->23 27->28 30 7ff7234e6e64-7ff7234e6e79 call 7ff7234f88a8 28->30 31 7ff7234e6e56-7ff7234e6e5f call 7ff7234f4424 28->31 35 7ff7234e6f93-7ff7234e6f9c 30->35 36 7ff7234e6e7f-7ff7234e6e88 30->36 31->30 37 7ff7234e6ff0-7ff7234e7015 WriteFile 35->37 38 7ff7234e6f9e-7ff7234e6fa4 35->38 36->35 39 7ff7234e6e8e-7ff7234e6e92 36->39 40 7ff7234e7020 37->40 41 7ff7234e7017-7ff7234e701d GetLastError 37->41 42 7ff7234e6fa6-7ff7234e6fa9 38->42 43 7ff7234e6fdc-7ff7234e6fe9 call 7ff7234e7650 38->43 44 7ff7234e6e94-7ff7234e6e9c call 7ff7234d1d50 39->44 45 7ff7234e6ea3-7ff7234e6eae 39->45 49 7ff7234e7023 40->49 41->40 50 7ff7234e6fab-7ff7234e6fae 42->50 51 7ff7234e6fc8-7ff7234e6fda call 7ff7234e7870 42->51 57 7ff7234e6fee 43->57 44->45 46 7ff7234e6eb0-7ff7234e6eb9 45->46 47 7ff7234e6ebf-7ff7234e6ed4 GetConsoleMode 45->47 46->35 46->47 55 7ff7234e6f8c 47->55 56 7ff7234e6eda-7ff7234e6ee0 47->56 58 7ff7234e7028 49->58 59 7ff7234e7034-7ff7234e703e 50->59 60 7ff7234e6fb4-7ff7234e6fc6 call 7ff7234e7754 50->60 64 7ff7234e6f80-7ff7234e6f87 51->64 55->35 62 7ff7234e6ee6-7ff7234e6ee9 56->62 63 7ff7234e6f69-7ff7234e6f7b call 7ff7234e71d8 56->63 57->64 65 7ff7234e702d 58->65 66 7ff7234e7040-7ff7234e7045 59->66 67 7ff7234e709c-7ff7234e70a1 59->67 60->64 69 7ff7234e6ef4-7ff7234e6f02 62->69 70 7ff7234e6eeb-7ff7234e6eee 62->70 63->64 64->58 65->59 72 7ff7234e7073-7ff7234e707d 66->72 73 7ff7234e7047-7ff7234e704a 66->73 67->25 77 7ff7234e6f04 69->77 78 7ff7234e6f60-7ff7234e6f64 69->78 70->65 70->69 75 7ff7234e7084-7ff7234e7093 72->75 76 7ff7234e707f-7ff7234e7082 72->76 79 7ff7234e7063-7ff7234e706e call 7ff7234dfa14 73->79 80 7ff7234e704c-7ff7234e705b 73->80 75->67 76->21 76->75 82 7ff7234e6f08-7ff7234e6f1f call 7ff7234fa93c 77->82 78->49 79->72 80->79 86 7ff7234e6f21-7ff7234e6f2d 82->86 87 7ff7234e6f57-7ff7234e6f5d GetLastError 82->87 88 7ff7234e6f2f-7ff7234e6f41 call 7ff7234fa93c 86->88 89 7ff7234e6f4c-7ff7234e6f53 86->89 87->78 88->87 93 7ff7234e6f43-7ff7234e6f4a 88->93 89->78 90 7ff7234e6f55 89->90 90->82 93->89
        APIs
        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00007FF7234BB959,?,00007FF7234BB959,?,00007FF7234BB959,00007FF7234BB959,00007FF7234BB959,00000000,00007FF7234E71C3,?), ref: 00007FF7234E6ECC
        • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF7234BB959,?,00007FF7234BB959,?,00007FF7234BB959,00007FF7234BB959,00007FF7234BB959,00000000,00007FF7234E71C3,?), ref: 00007FF7234E6F57
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ConsoleErrorLastMode
        • String ID:
        • API String ID: 953036326-0
        • Opcode ID: e293c9004bf7ff57fad9e59ff28d13d191e1bb8a1737dd51e63648b3adfaa3aa
        • Instruction ID: 14d19b550166e5e3b0d4855b167cd24eec266544727eb25436e8a2c9964af18a
        • Opcode Fuzzy Hash: e293c9004bf7ff57fad9e59ff28d13d191e1bb8a1737dd51e63648b3adfaa3aa
        • Instruction Fuzzy Hash: 0C91B522E0869285F790AF659C4067DBBA1FB44B98F9442F9DE0EB6695CE3CD4418B20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234DC958 Relevance: 4.5, APIs: 3, Instructions: 14COMMONLIBRARYCODE
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: Process$CurrentExitTerminate
        • String ID:
        • API String ID: 1703294689-0
        • Opcode ID: bb7654733cbd4997d278771bdb0f3aefc2d80a37ada38ca149b96614f1493667
        • Instruction ID: 16d3e1aec78b8fa762584f4d143f78e18157d57e3c424e6436d03d1a61ee5be0
        • Opcode Fuzzy Hash: bb7654733cbd4997d278771bdb0f3aefc2d80a37ada38ca149b96614f1493667
        • Instruction Fuzzy Hash: F2D01710B0964642EAD47B316C851388212EF49B01F8418F8D84F62397CD2CA80D8E60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F58E4 Relevance: 3.1, APIs: 2, Instructions: 89COMMONLIBRARYCODE
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: __free_lconv_mon__free_lconv_num
        • String ID:
        • API String ID: 2148069796-0
        • Opcode ID: 242eabf05d8a576705f5a32202e0a18e80847796e05fe206584f0ec394696ede
        • Instruction ID: 7ec4ea7d6a782f8d90a8bb49e8155a0daee9f7dbf0da1df4d5ef5dbfd1984d5c
        • Opcode Fuzzy Hash: 242eabf05d8a576705f5a32202e0a18e80847796e05fe206584f0ec394696ede
        • Instruction Fuzzy Hash: 0E410631A1954284EFA4BE21C8503BDA360EF44B99FC840F1DA4EA7685DF6CD4918F71
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234E7650 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
        Download Yara Rule

        Control-flow Graph

        • Executed
        • Not Executed
        control_flow_graph 148 7ff7234e7650-7ff7234e76b6 call 7ff7234ce150 151 7ff7234e76b8 148->151 152 7ff7234e7727-7ff7234e7751 call 7ff7234ce1b0 148->152 153 7ff7234e76bd-7ff7234e76c0 151->153 155 7ff7234e76e6-7ff7234e770b WriteFile 153->155 156 7ff7234e76c2-7ff7234e76c9 153->156 160 7ff7234e771f-7ff7234e7725 GetLastError 155->160 161 7ff7234e770d-7ff7234e7716 155->161 158 7ff7234e76d4-7ff7234e76e4 156->158 159 7ff7234e76cb-7ff7234e76d1 156->159 158->153 158->155 159->158 160->152 161->152 162 7ff7234e7718-7ff7234e771b 161->162 162->151 163 7ff7234e771d 162->163 163->152
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ErrorFileLastWrite
        • String ID:
        • API String ID: 442123175-0
        • Opcode ID: f814523470a0d7f586324aaf7e90586d02274ccfeee9025a8526b034edccc08c
        • Instruction ID: 786c35b3a494dd018ba676f6a1dddb4f0afef51aab43e32b5d7f0d1daf73460a
        • Opcode Fuzzy Hash: f814523470a0d7f586324aaf7e90586d02274ccfeee9025a8526b034edccc08c
        • Instruction Fuzzy Hash: DA310572A08B818AD790AF29EC406A8BBA0FB18790F8445B2DB4D93755DF3CD451CB20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234DC850 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: HandleModule$AddressFreeLibraryProc
        • String ID:
        • API String ID: 3947729631-0
        • Opcode ID: 7dc6214cf76642df9874e9c32976de5671152be8c15ba20ce1a61a8957e15c35
        • Instruction ID: 3c0b1da524f9b0361230ba7f2054c84384d1d132a31c51d35c47bb27cb9226ee
        • Opcode Fuzzy Hash: 7dc6214cf76642df9874e9c32976de5671152be8c15ba20ce1a61a8957e15c35
        • Instruction Fuzzy Hash: 6F21B472A0474589EBA4EF68C8402BC73A0EB04318F8406B6D75E66AC5DF38DA85CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234DC844 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: HandleModule$AddressFreeLibraryProc
        • String ID:
        • API String ID: 3947729631-0
        • Opcode ID: 7fc39ed27038240f85d560c0bda6f5e63b856e9fff77b3261ef04223b0c92d5c
        • Instruction ID: 4d89650874ccd4e40945934441f6e597fb8519639cdd16b0e167cdad4d65976a
        • Opcode Fuzzy Hash: 7fc39ed27038240f85d560c0bda6f5e63b856e9fff77b3261ef04223b0c92d5c
        • Instruction Fuzzy Hash: E521B272E04B4589EB90DF69D8402BC73A0E744718F9402B6D79E62AC4DF38CA85CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234CCB00 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
        Download Yara Rule

        Control-flow Graph

        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
        • String ID:
        • API String ID: 680105476-0
        • Opcode ID: 68ed8882d5edfcf14b17e99149a45bbb752b7e902727cb2e9188500c50629652
        • Instruction ID: a1d9fdeaa8cab559e8e006f0da9b8a60565dcf22a82fd6c647a079e971ae469e
        • Opcode Fuzzy Hash: 68ed8882d5edfcf14b17e99149a45bbb752b7e902727cb2e9188500c50629652
        • Instruction Fuzzy Hash: 37E0EC51EA910745F9E875A12C250B58040CF55371E9C1FF0DA3EE52D2BD1CF9928970
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Function 00007FF7234FEA20 Relevance: 25.7, APIs: 9, Strings: 5, Instructions: 1227COMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$MZx
        • API String ID: 808467561-2638907429
        • Opcode ID: 8a198bf39f59e673d209bf8f466c87d6a2b1b7e24f491002ce79f414d25fa38b
        • Instruction ID: fdca7900e1d42f0b3bb3261533c4e00f9204dfd5b6c4d70eee23e14dc67bd79e
        • Opcode Fuzzy Hash: 8a198bf39f59e673d209bf8f466c87d6a2b1b7e24f491002ce79f414d25fa38b
        • Instruction Fuzzy Hash: E7B2E972E183824BE7A49F64D8407FDB7A1FB44784F9852B5DA0DA7A84DB38E940CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234E1D9C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
        • String ID:
        • API String ID: 1239891234-0
        • Opcode ID: 2c3b0dbe735012ddc069fb0fa4785fa202aa3f4e786b679c332b2d6e9ef35c8a
        • Instruction ID: ef72ebe72e0616539bff5e0a22eafb96738d12fd5e62294a0a6f694c099b3a6e
        • Opcode Fuzzy Hash: 2c3b0dbe735012ddc069fb0fa4785fa202aa3f4e786b679c332b2d6e9ef35c8a
        • Instruction Fuzzy Hash: A7316132608B8185D7A4DF35EC402BEB3A1FB88794F940576EA8D53B98DF38D5468B10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723510928 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
        Download Yara Rule
        APIs
        Strings
        • bad_array_new_length was thrown in -fno-exceptions mode, xrefs: 00007FF72351092C
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: DescriptorSecurity$Dacl$InitializeValid
        • String ID: bad_array_new_length was thrown in -fno-exceptions mode
        • API String ID: 1195780802-4284143231
        • Opcode ID: cb232f5f931baf869900773801cafadbfaf8e9692a20e768bb7ea47f3ed70338
        • Instruction ID: 49e6b5e021b28f88625529d34b45808c45db47395a4ddb4eebd461f8537181a4
        • Opcode Fuzzy Hash: cb232f5f931baf869900773801cafadbfaf8e9692a20e768bb7ea47f3ed70338
        • Instruction Fuzzy Hash: 0661D72161864241FA90BB339C543BEE790EF44B84F8455B1DE8E67792DF3CE5468B60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D7050 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: memcpy_s
        • String ID:
        • API String ID: 1502251526-0
        • Opcode ID: 0d98fb91389c02328d3a0913376dc004a088788b517f31914714e7ff91d77395
        • Instruction ID: 517998a5b6b78b61a26793872a5a3674fc98e0b23ed63328a38dcec04e8b0957
        • Opcode Fuzzy Hash: 0d98fb91389c02328d3a0913376dc004a088788b517f31914714e7ff91d77395
        • Instruction Fuzzy Hash: 34C1F572B1828A87D7A5DF15A444A7EFB91F784B84F8481B5DB8A93B44DB3DE801CF40
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723487204 Relevance: 4.5, APIs: 3, Instructions: 46memoryCOMMON
        Download Yara Rule
        APIs
        • GetProcessHeap.KERNEL32(?,?,?,?,00007FF723511B76), ref: 00007FF72348723E
          • Part of subcall function 00007FF7234CCCF8: EnterCriticalSection.KERNEL32(?,?,?,00007FF72348730F,?,?,?,?,00007FF723511B76), ref: 00007FF7234CCD08
          • Part of subcall function 00007FF7234CCCF8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF72348730F,?,?,?,?,00007FF723511B76), ref: 00007FF7234CCD48
        • _Init_thread_header.LIBCMT ref: 00007FF723487230
          • Part of subcall function 00007FF7234CCC60: EnterCriticalSection.KERNEL32(?,?,?,00007FF7234872A5,?,?,?,?,00007FF723511B76), ref: 00007FF7234CCC70
        • _Init_thread_header.LIBCMT ref: 00007FF7234872A0
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: CriticalSection$EnterInit_thread_header$HeapLeaveProcess
        • String ID:
        • API String ID: 2205551594-0
        • Opcode ID: b4184ed66e2347d397cc9ffdf51da384e48ac9683ebb33544ff6834ffeb6d1d0
        • Instruction ID: 164914e9ae378269813172a9136cffed8accd33173d3a64fa6edf79d16cc8418
        • Opcode Fuzzy Hash: b4184ed66e2347d397cc9ffdf51da384e48ac9683ebb33544ff6834ffeb6d1d0
        • Instruction Fuzzy Hash: C631B430909A0B96EA80FB26ECD4674B360FB44B50FC006F1D52DA26B1DF3CAA45CF61
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F3358 Relevance: 3.9, Strings: 3, Instructions: 195COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID: -$e+000$gfff
        • API String ID: 0-2620144452
        • Opcode ID: abf6bd17ec0a979bdcd0cf94ea83f2732f7df918faf5c8b6a545d84ca76af6ad
        • Instruction ID: 24c76f27fe564eb5615db04500bb73e191ffaea84a71a9e9bb93d582e0342d17
        • Opcode Fuzzy Hash: abf6bd17ec0a979bdcd0cf94ea83f2732f7df918faf5c8b6a545d84ca76af6ad
        • Instruction Fuzzy Hash: 4C710332B187C586E7A1DF25E840769B791F784B98F8882B1DBAC97B85CF3DD4418B10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234FC88C Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ExceptionRaise_clrfp
        • String ID:
        • API String ID: 15204871-0
        • Opcode ID: 8c1c7361079fd0a654b9f88953bc81cc4cff654ab57b5e8b14e33f9f7f75494f
        • Instruction ID: 4ac04ce4a296f68b110fcf3b237bb169a0eac098cf1c04ea4ceb5f02b9f2f239
        • Opcode Fuzzy Hash: 8c1c7361079fd0a654b9f88953bc81cc4cff654ab57b5e8b14e33f9f7f75494f
        • Instruction Fuzzy Hash: 34B17E77A04B848BEB55CF29C84636C7BA0F744B48F5889A2DB5D937A4CB39D851CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723469510 Relevance: 2.8, Strings: 2, Instructions: 277COMMON
        Download Yara Rule
        Strings
        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF7234698E5
        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF7234698CA
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
        • API String ID: 0-1298883408
        • Opcode ID: 0456011ffb5641cb683eaceb7963187ceca6a595427a159558c6b79cc0a3a7be
        • Instruction ID: af284a04f1fb1e6673d14cb1a40afebb920503769eeb67fe58dd1893851216f5
        • Opcode Fuzzy Hash: 0456011ffb5641cb683eaceb7963187ceca6a595427a159558c6b79cc0a3a7be
        • Instruction Fuzzy Hash: 1EA16AA2B1C34282FFA8AF15DD04779A661EB11B94F8442F5CD6DA77D1CEACE1418F20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234B2110 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID: 33333333$UUUUUUUU
        • API String ID: 0-3483174168
        • Opcode ID: c85249206f9825f6dead4e6181094f2a55b5d0ff780fe394186cdd5a21b1e143
        • Instruction ID: e4d5f5b238a42b6d9b179cc6c4f76f27ca9b121fd2d5041fb07a9d58882b04e2
        • Opcode Fuzzy Hash: c85249206f9825f6dead4e6181094f2a55b5d0ff780fe394186cdd5a21b1e143
        • Instruction Fuzzy Hash: 5A313991F2A71E01FDA89B9A9C00778D243AB58FE0789D4B2DD4CEB788DD3CE4468211
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F3750 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID: gfffffff
        • API String ID: 0-1523873471
        • Opcode ID: 4adb16bf925c8cb7d083f306e19bcf85be6fba4943fe9f76eda318906cf2c28d
        • Instruction ID: 1467a1ebe27b4cf64ef5702642bb82cc1deb59eae6cb7d84389b270070b430f0
        • Opcode Fuzzy Hash: 4adb16bf925c8cb7d083f306e19bcf85be6fba4943fe9f76eda318906cf2c28d
        • Instruction Fuzzy Hash: 16A16B62B087C646EBA1DF2698007BDBB91EB50BC8F4881B1DE8D97785DE3DD501CB11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343DEC0 Relevance: 1.3, Instructions: 1269COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: cb1e13c95d6cd2d8f2921b9e83b013f5092bfbbb21e7cc2c2ef6f15e67356004
        • Instruction ID: cd188bdda1968ba9245d24ca1c93cc3317e981426dee06a0401f4e5f608699e1
        • Opcode Fuzzy Hash: cb1e13c95d6cd2d8f2921b9e83b013f5092bfbbb21e7cc2c2ef6f15e67356004
        • Instruction Fuzzy Hash: F2A2A5776287448F9358DF25A44405BBBA2F798248F869519FB83D3688EB7CEE01CF44
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343AEC0 Relevance: .6, Instructions: 646COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 44b6302aede2dd13ff882eb9c1be377701c721944b08f923b62188f15a2c4496
        • Instruction ID: 336d569e4eb4cb3de903b2aaec70d2d600c9dd1570fd2102cf9155f45e79b791
        • Opcode Fuzzy Hash: 44b6302aede2dd13ff882eb9c1be377701c721944b08f923b62188f15a2c4496
        • Instruction Fuzzy Hash: FA324C770B46004BD31FCE2ED99158AB292F784AA2709F238FE57C7B54E67CEE158604
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234359E0 Relevance: .6, Instructions: 591COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0ad987277e8095284215c95a372eb5f6cf80c1776cf31727849157876eab2a9f
        • Instruction ID: b5454a2c6ba8dd0bd81bb2fef919fc02165bdcd2b8e686789d944e96cb8b6377
        • Opcode Fuzzy Hash: 0ad987277e8095284215c95a372eb5f6cf80c1776cf31727849157876eab2a9f
        • Instruction Fuzzy Hash: C73267B6B90A6596DB048F16E94139D7B64F319BC8F898526DF8C93B54EB38E471C300
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234325D0 Relevance: .5, Instructions: 510COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 621dddc85820b6b9669c90c1ac098aea83f3a6e1c9f60fd3a8c13654824637f4
        • Instruction ID: 829da999f2fcaf211d360b176e053bf5ce3f674cc451e9d471cf2a60470bbc60
        • Opcode Fuzzy Hash: 621dddc85820b6b9669c90c1ac098aea83f3a6e1c9f60fd3a8c13654824637f4
        • Instruction Fuzzy Hash: DE226012D18FEA52E6235739D4031B66310EFB6BC8F10E717FED8B25A2DF75A9859200
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723431D60 Relevance: .5, Instructions: 452COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c0d8db660dafa7654a1594341d234b86c4b903bc484b0369b76a9fc2ccc5b30d
        • Instruction ID: 4ea7cdc2790234e92791c474b201899d2c3bf908ad24153e8df722178dcca58d
        • Opcode Fuzzy Hash: c0d8db660dafa7654a1594341d234b86c4b903bc484b0369b76a9fc2ccc5b30d
        • Instruction Fuzzy Hash: 5C22A722D0CFCA51E6224B39D0065B57720BFB7294B10D32BFFC9B1472EB76B6919A11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D24B0 Relevance: .4, Instructions: 351COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 35a1f84c944a43ec7034e24ef788ec24b22851b33b6c59e5867f0222ce6c1e63
        • Instruction ID: cfa90cf1713267512907263e2b72f41246126571a6f98fe45019751bb7dd12e6
        • Opcode Fuzzy Hash: 35a1f84c944a43ec7034e24ef788ec24b22851b33b6c59e5867f0222ce6c1e63
        • Instruction Fuzzy Hash: A6E10972A2860A85E7E5AA28C96477CA3A1EF45744F9442F1DE0DA72D5CF3DE841CF20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343BC40 Relevance: .3, Instructions: 336COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 70818ee03da86575b51552e93f9f9405f489d013b880787e623c0ed1199ed084
        • Instruction ID: 483a3b0876ff6ef295591e1e41477b6682ecc7f8342485ca00877a2cbe2a6da7
        • Opcode Fuzzy Hash: 70818ee03da86575b51552e93f9f9405f489d013b880787e623c0ed1199ed084
        • Instruction Fuzzy Hash: 06D19C9BC28FD945F313633D58436A2E610AFFB5D9A20E343FDF471A62EB5072956220
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D3538 Relevance: .3, Instructions: 327COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3a8e2936a924f80d323619c75ea48f8fce531cb7dfa5af78da1950a1cd8514c0
        • Instruction ID: 5df237cdebf1932d8684c54269b5be1d4eefa7fcb4e95177b4a428537cdf4a00
        • Opcode Fuzzy Hash: 3a8e2936a924f80d323619c75ea48f8fce531cb7dfa5af78da1950a1cd8514c0
        • Instruction Fuzzy Hash: 50D1C762A0864A85EBF8AB25881027DB7A0FB05B4CF9441F5DE0DA77D5CF39E841DF60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723431760 Relevance: .3, Instructions: 310COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: daf0e0dfe6573bd52038698bb5992c6f245c2f2e0251e08476892236e289c43a
        • Instruction ID: d09f16879914dbd716c5130e85fd97274a8d3b0906c6ef1a7df3dc89aeb0a25b
        • Opcode Fuzzy Hash: daf0e0dfe6573bd52038698bb5992c6f245c2f2e0251e08476892236e289c43a
        • Instruction Fuzzy Hash: 56F13E12D1CFC583E6615B399A012BAA320FFB5348F11E755EFD922961DF2CF2E59210
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D1F00 Relevance: .2, Instructions: 250COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 76475326ced42e69210d107821e0cb9b9c7968e2d2ef311a18faad1ee7a713e8
        • Instruction ID: 26e15d241035490a75c4f8392cd4be9c04ca955df5a836a1e799d33b2fca1e84
        • Opcode Fuzzy Hash: 76475326ced42e69210d107821e0cb9b9c7968e2d2ef311a18faad1ee7a713e8
        • Instruction Fuzzy Hash: 24B1E27261864985E7E4AF39D85023CBBA0EB49B48F9442F5DF4DA7399CF39D440CB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D2FA0 Relevance: .2, Instructions: 241COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a5452c3364bb374ffb678229e79ca7795c6f8a551babffcf380cdc37145f2667
        • Instruction ID: c38e2ad92183c8cedb54aad5cf9f66ec8d006ad49c0dee0e20ef1c61b389ac72
        • Opcode Fuzzy Hash: a5452c3364bb374ffb678229e79ca7795c6f8a551babffcf380cdc37145f2667
        • Instruction Fuzzy Hash: 49B1607290878A85EBE59F29C85013CBBA0F745F4CFA841B5CA4EA7399CF79D441CB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723432FE0 Relevance: .2, Instructions: 236COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 271cf5adf6b916b6d877014c4ede45c53ce2a1cbea0494bb3ac754d4433aaffe
        • Instruction ID: 4404298d3d47ed592507b6bf13bc6e799957129330b5b4dfc43cdfb9bb0652f6
        • Opcode Fuzzy Hash: 271cf5adf6b916b6d877014c4ede45c53ce2a1cbea0494bb3ac754d4433aaffe
        • Instruction Fuzzy Hash: 2CB16C22C0DB9141F78777350803274D6209FF2298FA0C7B2FDA9B29A6DF2DF6885520
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F3070 Relevance: .2, Instructions: 198COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 9d8be65e3070807ce6df9804fae7cfe0167ca118186f98c66f8cc258e378f098
        • Instruction ID: 8e1423afb98ad4b29b0f813a5a5f86f1881ac0eff90900bb6bffa3326f3ebf70
        • Opcode Fuzzy Hash: 9d8be65e3070807ce6df9804fae7cfe0167ca118186f98c66f8cc258e378f098
        • Instruction Fuzzy Hash: 7481C472A0C78146E7F4EB19A94037ABA91FB457D8F9842B5DA8D93B89CF3DD4408F10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343A560 Relevance: .2, Instructions: 191COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 943d49a28179acb6b17e54598dc5f3c7297a0172a48014cdfa5047513f315c58
        • Instruction ID: 42858ce704e87d82e7337dbb5c1b4504bf1351e8323591d66745dc42e29d66d4
        • Opcode Fuzzy Hash: 943d49a28179acb6b17e54598dc5f3c7297a0172a48014cdfa5047513f315c58
        • Instruction Fuzzy Hash: A86107E6F50F9883DB548B9EA402B886760F719FC5F55511AEE2C67301EA3DE9A3C340
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343A820 Relevance: .2, Instructions: 152COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0d6523ba8e4505282c919c1d35e15f27044c6a44fab965eb172d8ea98f7d2704
        • Instruction ID: da7cff74ec7fdd3f23c44029e7e5cb4f6e3f0f44d058c844f84f206ffc1f1dbc
        • Opcode Fuzzy Hash: 0d6523ba8e4505282c919c1d35e15f27044c6a44fab965eb172d8ea98f7d2704
        • Instruction Fuzzy Hash: BA51BAF3B62B9485D7918FA9E444BC837A8F329F95F215115EB4C6B351DB328A62C301
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D4494 Relevance: .1, Instructions: 145COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 20a4a08224c1da5fbc08545c5ed7e9b08e0e2b13ccc67bde5cbb94c1b735d00b
        • Instruction ID: 69b0493763f0b0eb899d4945755abd014019abad1ced422f8013f7baa1e05646
        • Opcode Fuzzy Hash: 20a4a08224c1da5fbc08545c5ed7e9b08e0e2b13ccc67bde5cbb94c1b735d00b
        • Instruction Fuzzy Hash: BB51A336B1865582E7E89B28C454338B7A0EB44F58FE441B1DB4DA77A4CF3AE843CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D408C Relevance: .1, Instructions: 145COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a0b18807b63760938d676101e95c8ce6529bc3e91572776f4ae69aff04d05f04
        • Instruction ID: 3b2e022caa06f989a55b4d56b351990f99c5c17686ca52658d3ab5215eb2e302
        • Opcode Fuzzy Hash: a0b18807b63760938d676101e95c8ce6529bc3e91572776f4ae69aff04d05f04
        • Instruction Fuzzy Hash: 2051C936B1865986E7E89F19C84423C77A0EB54B98FA441B1CE4CA7794CF3AE853CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D489C Relevance: .1, Instructions: 145COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ef4071739b4a50b591e650b48c08923a9773e6339a732606896c9d48caff69d1
        • Instruction ID: 45eea1059579dd3b0585e9a5afb82986f89d0f5aaa807cd2d5bde4aa15b8f679
        • Opcode Fuzzy Hash: ef4071739b4a50b591e650b48c08923a9773e6339a732606896c9d48caff69d1
        • Instruction Fuzzy Hash: BF518136B1865986E7E89F29C444238B7A0EB45B58FA441F1CA4DA7794CF3AEC43CF50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D4290 Relevance: .1, Instructions: 145COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: b8af6fa293604918f25e7cffefb6f0905c2ce10f9423000e8698da6502497bbc
        • Instruction ID: b8db13a75b21482d650d5f2182054beba04a3abef3d0c6255cdeb88feffd93ef
        • Opcode Fuzzy Hash: b8af6fa293604918f25e7cffefb6f0905c2ce10f9423000e8698da6502497bbc
        • Instruction Fuzzy Hash: A051A736B1865585E7E89B29C44023CB7A1EB45B58FE441B1CE4CA7798CF3AE843CB60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D4AA0 Relevance: .1, Instructions: 145COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: eef406b5b2ff97be2da686813bf6979fa11b7dc2b1f9ab3c685366571af783b5
        • Instruction ID: c078ea1fd96867cd7d018da1f878f1d643e590ba67eff814ea4adde797cee25f
        • Opcode Fuzzy Hash: eef406b5b2ff97be2da686813bf6979fa11b7dc2b1f9ab3c685366571af783b5
        • Instruction Fuzzy Hash: E4519332B1865981E7E89B29C444338B7A0EB55F58FE541B1CA4CA7799CF3AEC42CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234D4698 Relevance: .1, Instructions: 145COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2b3743b69b2de2fd2efcbba1575c94052dde561f7606befb3c66bd6493ac8f30
        • Instruction ID: cb76eb10fc28295fd9eec6a08e32bc95970c0409c71b0ced0a9da48769c10f88
        • Opcode Fuzzy Hash: 2b3743b69b2de2fd2efcbba1575c94052dde561f7606befb3c66bd6493ac8f30
        • Instruction Fuzzy Hash: 0351DA36B1869582E7E89B29C440238B7A0EB45F58FE441B1DE4DA7794CF3AEC43CB50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343B900 Relevance: .1, Instructions: 136COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 583ba1ca20b186ab7342fed39f81f6f6a7e4898d011913bb4cfa333a4dff57f3
        • Instruction ID: 2b8855800b73ef5122bcfd0c545f2471edb728946f22aca15d5b6c3c2fc628d2
        • Opcode Fuzzy Hash: 583ba1ca20b186ab7342fed39f81f6f6a7e4898d011913bb4cfa333a4dff57f3
        • Instruction Fuzzy Hash: B441E5DAC29FB945E723A33A6D43286D9109EF7989550E307FCB439E65F701B4D13224
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343CE50 Relevance: .1, Instructions: 127COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0234dbe2120e3913c780a322aec058b20794f89e6ef908f1cb649dff0a3dea63
        • Instruction ID: fbf5a439bd4308665dcea7def675b1eb9c85670bb77e60a73caafec4116fd5d0
        • Opcode Fuzzy Hash: 0234dbe2120e3913c780a322aec058b20794f89e6ef908f1cb649dff0a3dea63
        • Instruction Fuzzy Hash: DE417CA9D19F9A02FB13A3396803233D2109FF3698E42D71BFDB439DA9D716B6406214
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234DF1DC Relevance: .1, Instructions: 126COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: e84a363b9679fe9b95f6bd97690fd36c54302cabe73c9c7cc48991d68dffa133
        • Instruction ID: f62be41baf5eaacda46d07a98d9575f66bd0d677325e3d387e7832fad4faa754
        • Opcode Fuzzy Hash: e84a363b9679fe9b95f6bd97690fd36c54302cabe73c9c7cc48991d68dffa133
        • Instruction Fuzzy Hash: 6E41E462714B5541EF84DF2ADD14579A3A1F748FD4B89A172EE0DA7B58DE3CC4418700
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343CC28 Relevance: .1, Instructions: 125COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 2229031b1c07c239dd9e8bd448475ede22a9e0fcbcde17418adb4dc2fe1573a4
        • Instruction ID: 9eaa3f2c7300de5d87b3bb5310a47d155dec67bfb39258ac14b72af3beb0801a
        • Opcode Fuzzy Hash: 2229031b1c07c239dd9e8bd448475ede22a9e0fcbcde17418adb4dc2fe1573a4
        • Instruction Fuzzy Hash: B14140A9D1EFA902EB03773A6C0332796109FF3648E42D71BFDB439EA5D706B6406214
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234338E0 Relevance: .1, Instructions: 125COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 6138ee6e6fa5df4f883c5c3ccc2415be052fbe3df4a4f7c0ffcdd3982bfaa12f
        • Instruction ID: e3c294aadb49c317f9564cce13b0b72af980d673da813fa05bc8884abde4d9a6
        • Opcode Fuzzy Hash: 6138ee6e6fa5df4f883c5c3ccc2415be052fbe3df4a4f7c0ffcdd3982bfaa12f
        • Instruction Fuzzy Hash: 5541052AE2CFD751F31393392403532E2109FF7595E81EB2FBCE8B1962AB6467416218
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7235145F0 Relevance: .1, Instructions: 96COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d45a63904b28fe0f60c4b084a47b9d1f33eaa8fedc0cc34629d77899c4fe9fa5
        • Instruction ID: 3bf9be9c8267a14ab856273b9fd48037647d37cb98e6f0e42f5713cae5d3cbc0
        • Opcode Fuzzy Hash: d45a63904b28fe0f60c4b084a47b9d1f33eaa8fedc0cc34629d77899c4fe9fa5
        • Instruction Fuzzy Hash: 713125B1E2860A4BF7C59B3EEC41724A1A0EB25708FC46179D86DE6A90DE3DF8419F50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723433B70 Relevance: .1, Instructions: 82COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 3f27651be28768d86d97d85717e888da748761da23619e89767ca2a73802efdc
        • Instruction ID: 8a57fbe832844001c69014487e379dd16cb463b3c68a87c10e0c4e5d3bbeafcf
        • Opcode Fuzzy Hash: 3f27651be28768d86d97d85717e888da748761da23619e89767ca2a73802efdc
        • Instruction Fuzzy Hash: 1E31572AD2DFD751F313973E6407125D614AFF3285A90E31BB9A835822FB119380A304
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723433D10 Relevance: .1, Instructions: 77COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0ac0df919a3fdeab4b0b5455f3e1bbe40559e36d6ef3c9d4005759d79898284d
        • Instruction ID: 1adc80e8659c4f62ed42adf45a7b1a30ebf678d702b30fe35c0d830e460d42d3
        • Opcode Fuzzy Hash: 0ac0df919a3fdeab4b0b5455f3e1bbe40559e36d6ef3c9d4005759d79898284d
        • Instruction Fuzzy Hash: 6B310711D1AA4742F29237785C032B9D221AFD279CFE0D3F2F59CB7492DF2CA9816961
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723433780 Relevance: .1, Instructions: 71COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: c246991e1f74284f5649e54048b251cd1ea94e322516a693657980b1273579a8
        • Instruction ID: 1a1dcf7e529453143ea328cc8c3faa38d021fec455026fba65dc08c72b08406b
        • Opcode Fuzzy Hash: c246991e1f74284f5649e54048b251cd1ea94e322516a693657980b1273579a8
        • Instruction Fuzzy Hash: F021172AC2DFD751F713933E5407515D610AFF3285A90E72FFDA835C62E71557806218
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72343BB72 Relevance: .0, Instructions: 43COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 0a0aa66f270af918538e2303510f0f9f9c35fc0592659bcd389bac8dcf8db605
        • Instruction ID: ed7f91d6aefc246415e6c625752ac0c34b3f888548f2c22d6efacaa3c8813a83
        • Opcode Fuzzy Hash: 0a0aa66f270af918538e2303510f0f9f9c35fc0592659bcd389bac8dcf8db605
        • Instruction Fuzzy Hash: 820146EAC24FBA42E723A3396943286D910AEF3589120E307FDF438E55F301B5D07220
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F0A84 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: Value$ErrorLast
        • String ID:
        • API String ID: 2506987500-0
        • Opcode ID: 1d9d1463bde43177cf18aa55609fb8b22d23d51d41d1136b8f841a48a328d859
        • Instruction ID: ff10bf2780f08a4c2e84e13eeafab8551e400c8fd532c082f6aec032c2014239
        • Opcode Fuzzy Hash: 1d9d1463bde43177cf18aa55609fb8b22d23d51d41d1136b8f841a48a328d859
        • Instruction Fuzzy Hash: 4E416C24E0964641F9E8B3729C41179D242DF947B8FDC4BF4D83EA66C7EE2CB4029A30
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F1C20 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • FreeLibrary.KERNEL32(?,?,00000000,00007FF7234F1A0C,?,?,00000000,00007FF7234F421B,?,?,00000003,00007FF7234DC93D), ref: 00007FF7234F1D9C
        • GetProcAddress.KERNEL32(?,?,00000000,00007FF7234F1A0C,?,?,00000000,00007FF7234F421B,?,?,00000003,00007FF7234DC93D), ref: 00007FF7234F1DA8
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: AddressFreeLibraryProc
        • String ID: MZx$api-ms-$ext-ms-
        • API String ID: 3013587201-2431898299
        • Opcode ID: 49ecb11a4a1fdacc19e0ee57c6bfa841f3663daebabf8c3ca99e5255bf30bf15
        • Instruction ID: bc94f7ea3ceecf51efb791a028b205fc489c5ef579820cc863d3867a3e17d2f8
        • Opcode Fuzzy Hash: 49ecb11a4a1fdacc19e0ee57c6bfa841f3663daebabf8c3ca99e5255bf30bf15
        • Instruction Fuzzy Hash: EC412A21B19A4281FA95EB26AC04175A3A1FF45BE0F8D41B9DD1DA7744DF3CF4468B20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234B8550 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
        Download Yara Rule
        APIs
        • InitOnceExecuteOnce.KERNEL32(?,?,00000000,00000000,..\..\third_party\boringssl\src\crypto\mem.c,00000010,00007FF7234802C1), ref: 00007FF7234B8593
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7234B894D,?,?,00000000,0000000E), ref: 00007FF7234B85AE
        • TlsGetValue.KERNEL32 ref: 00007FF7234B85BC
        • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7234B894D,?,?,00000000,0000000E), ref: 00007FF7234B85C7
        • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7234B894D,?,?,00000000,0000000E), ref: 00007FF7234B85F2
        • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7234B894D,?,?,00000000,0000000E), ref: 00007FF7234B8606
        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7234B894D,?,?,00000000,0000000E), ref: 00007FF7234B861D
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
        • String ID: ..\..\third_party\boringssl\src\crypto\mem.c
        • API String ID: 389898287-3521738057
        • Opcode ID: 47aeba9d775173bdbd346469098e4105328542f8cb506207d7324444234af78b
        • Instruction ID: 6822f4b8e446e2ef44e8498d5bf2c6dbce25e9382e8e3ddbb8a01e8d6bc40b85
        • Opcode Fuzzy Hash: 47aeba9d775173bdbd346469098e4105328542f8cb506207d7324444234af78b
        • Instruction Fuzzy Hash: 2931A021E18A9685FAC0BB22AC14275E3A1EF44B94FC505F5DD0EA33A4DE3CE4458F60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234FE304 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7234FE22B,?,?,?,00007FF7234ECDD6,?,?,?,00007FF7234ECD91), ref: 00007FF7234FE389
        • GetLastError.KERNEL32(?,?,00000000,00007FF7234FE22B,?,?,?,00007FF7234ECDD6,?,?,?,00007FF7234ECD91), ref: 00007FF7234FE397
        • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7234FE22B,?,?,?,00007FF7234ECDD6,?,?,?,00007FF7234ECD91), ref: 00007FF7234FE3C1
        • FreeLibrary.KERNEL32(?,?,00000000,00007FF7234FE22B,?,?,?,00007FF7234ECDD6,?,?,?,00007FF7234ECD91), ref: 00007FF7234FE407
        • GetProcAddress.KERNEL32(?,?,00000000,00007FF7234FE22B,?,?,?,00007FF7234ECDD6,?,?,?,00007FF7234ECD91), ref: 00007FF7234FE413
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: Library$Load$AddressErrorFreeLastProc
        • String ID: MZx$api-ms-
        • API String ID: 2559590344-259127448
        • Opcode ID: a881f3531f2500bb17f2fe5d353c5b28e9d77d57769165112504cb2ec66f1df1
        • Instruction ID: b1e9026b57f49821763fbc56571cbe338df374ba7cd731b7641f9f9059ff9f8f
        • Opcode Fuzzy Hash: a881f3531f2500bb17f2fe5d353c5b28e9d77d57769165112504cb2ec66f1df1
        • Instruction Fuzzy Hash: 7E31D221B1AA42C1EE91BB16AC44174E2D4FF04FA5F8D05B5DD2EA7745DF3CE4858B20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234FFD0C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
        • String ID: CONOUT$
        • API String ID: 3230265001-3130406586
        • Opcode ID: 21f5e1a722e471fe4bbc904e988e135a008d2f82a4879c8fee5829c0ec276513
        • Instruction ID: 32f15000ab332f7a8b265bd102d9f5c45a3483a43b48ed9ea1d764b19c825fec
        • Opcode Fuzzy Hash: 21f5e1a722e471fe4bbc904e988e135a008d2f82a4879c8fee5829c0ec276513
        • Instruction Fuzzy Hash: 0C117222B18F4186F790AB22BC54325E2A4FB88FE4F844374EA5D97794CF7CD9448B50
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234E71D8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: FileWrite$ConsoleErrorLastOutput
        • String ID: MZx
        • API String ID: 2718003287-2575928145
        • Opcode ID: 958c168aa60ca71dac8217d736b1c79d147e2f57d71ead2838686994c559b34a
        • Instruction ID: 6db651e190d2f8deee99ac9f3087a8c92cdadb94d44cc5a8e0c0bc17c3273ede
        • Opcode Fuzzy Hash: 958c168aa60ca71dac8217d736b1c79d147e2f57d71ead2838686994c559b34a
        • Instruction Fuzzy Hash: 41D1F432B0868189E790DF79D8405BC7BB1FB047A8B8442B5CF5DA7B99DE38D406CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF72344F910 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 289COMMON
        Download Yara Rule
        Strings
        • global/, xrefs: 00007FF72344FD08
        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00007FF7234500C1
        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00007FF7234500AE
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID:
        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$global/
        • API String ID: 0-2781917089
        • Opcode ID: dd7e9386891f01b27c87518aee097cbcc777ad81183cc88fb25df6edefd856c4
        • Instruction ID: afef3dd39ae1615f0bdebd4efa8bfe3e8a35ac2569ea27d55caceed523d445d9
        • Opcode Fuzzy Hash: dd7e9386891f01b27c87518aee097cbcc777ad81183cc88fb25df6edefd856c4
        • Instruction Fuzzy Hash: F2A1F472A04B4982FAA49B26EC40379B3A1FB58B90F9446B1DF5D577A4DF3CE442CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234DC8C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: AddressFreeHandleLibraryModuleProc
        • String ID: CorExitProcess$mscoree.dll
        • API String ID: 4061214504-1276376045
        • Opcode ID: bdf0346ee0aa2e68e802cf6254122ea77f45b926a91ce1ce48fc5583cff7dc8a
        • Instruction ID: 06053e1eccff1c612987feb192ba14c315057d22024ee3cd3f0023a78e3cf287
        • Opcode Fuzzy Hash: bdf0346ee0aa2e68e802cf6254122ea77f45b926a91ce1ce48fc5583cff7dc8a
        • Instruction Fuzzy Hash: 44F0C261A1960681EB90AB35EC44339E360FF44BA1FD806B5CAAF665E4CF3CD645CF60
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723510B92 Relevance: 7.7, APIs: 5, Instructions: 168COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ControlDescriptorSecurity
        • String ID:
        • API String ID: 3376414291-0
        • Opcode ID: 86407290c23bccbee870b6bbc5b807ac6293c244c6d354f7612f651999bfe80c
        • Instruction ID: 4f6dd2476d7a1510a3b9ff43f74b1b7864b240a327e743a4dab2d82e0a7b5e6a
        • Opcode Fuzzy Hash: 86407290c23bccbee870b6bbc5b807ac6293c244c6d354f7612f651999bfe80c
        • Instruction Fuzzy Hash: 8F51E311B1868241F694B733AC05379A390EF44B84F8495F1EE8E67791DE3CE942CB21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723511D20 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl
        • String ID:
        • API String ID: 1158139820-0
        • Opcode ID: ba4bfb120de2e325778a48ea896550356e35ce4dc003f592cc9d0f3d30cb02e4
        • Instruction ID: 8205f948017ad7ba6c4fbe3decadff063d9a996ded5180ab549573836adc04ec
        • Opcode Fuzzy Hash: ba4bfb120de2e325778a48ea896550356e35ce4dc003f592cc9d0f3d30cb02e4
        • Instruction Fuzzy Hash: C4314332619A8281D661EF62ED441AAB7F0FB88B84F804172EE8E57B54DF3CD546CB10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234FAB30 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: _set_statfp
        • String ID:
        • API String ID: 1156100317-0
        • Opcode ID: 3a671f99ee0fb86fe5a3f1c0d9c68e80201ce987232c96135fb73765a972c590
        • Instruction ID: 62e96bc7e3c89b8649301e7b42701527ffaca5fb85131cd5cd4418d3a60d275d
        • Opcode Fuzzy Hash: 3a671f99ee0fb86fe5a3f1c0d9c68e80201ce987232c96135fb73765a972c590
        • Instruction Fuzzy Hash: E511C426E2CA0341F6D43124ED463759142EF583B0F8C07F2EB6EA62F68F1CA8444E24
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF723480040 Relevance: 6.1, APIs: 4, Instructions: 144COMMON
        Download Yara Rule
        APIs
        • InitOnceExecuteOnce.KERNEL32(?,?,?,00000000,0000000E,00007FF7234B894D,?,?,00000000,0000000E,00007FF7234B89B9), ref: 00007FF723480078
        • GetLastError.KERNEL32(?,?,?,00000000,0000000E,00007FF7234B894D,?,?,00000000,0000000E,00007FF7234B89B9), ref: 00007FF72348008B
        • TlsGetValue.KERNEL32 ref: 00007FF723480099
        • SetLastError.KERNEL32(?,?,?,00000000,0000000E,00007FF7234B894D,?,?,00000000,0000000E,00007FF7234B89B9), ref: 00007FF7234800A4
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ErrorLastOnce$ExecuteInitValue
        • String ID:
        • API String ID: 2797425889-0
        • Opcode ID: 8dae1433bf2a06a01596302c6694d0793d5e98d716b8a889fddfb31d13097bf8
        • Instruction ID: 5cd35189275a6a32645c994dec86ee6919833588e7d998c302d0183f4aa245cd
        • Opcode Fuzzy Hash: 8dae1433bf2a06a01596302c6694d0793d5e98d716b8a889fddfb31d13097bf8
        • Instruction Fuzzy Hash: D3611712D2D6C183E6A4A721ED013FBA320FB99748F4253B5EB9F511A6CF2CF5D28650
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234F0CC4 Relevance: 6.1, APIs: 4, Instructions: 54COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • FlsSetValue.KERNEL32(?,?,?,00007FF7234E2013,?,?,00000000,00007FF7234E1F2A), ref: 00007FF7234F0D02
        • FlsSetValue.KERNEL32(?,?,?,00007FF7234E2013,?,?,00000000,00007FF7234E1F2A), ref: 00007FF7234F0D2A
        • FlsSetValue.KERNEL32(?,?,?,00007FF7234E2013,?,?,00000000,00007FF7234E1F2A), ref: 00007FF7234F0D3B
        • FlsSetValue.KERNEL32(?,?,?,00007FF7234E2013,?,?,00000000,00007FF7234E1F2A), ref: 00007FF7234F0D4C
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: Value
        • String ID:
        • API String ID: 3702945584-0
        • Opcode ID: 40ad6e9d10912426cd68590667285a86c761e172aaa11615f031b102b4414844
        • Instruction ID: db4976f53f584838b97b787b7b655ff5920b455b6e9139116095282f324e682b
        • Opcode Fuzzy Hash: 40ad6e9d10912426cd68590667285a86c761e172aaa11615f031b102b4414844
        • Instruction Fuzzy Hash: 7C119D20F08A4601FAD8B3229D41179A141DF907A0FCC07F5D83EA66CAEE2CF4025A30
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234E7870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
        Download Yara Rule
        APIs
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ErrorFileLastWrite
        • String ID: U
        • API String ID: 442123175-4171548499
        • Opcode ID: 25b6cd78dbc0bd81a34a7331496c36e54501b7356a3653b8bfd124951489cc91
        • Instruction ID: e4c2d1acd1180540cdc7e85bf7e39889c04cef6270d6055f490e1e7ac6d0ebf0
        • Opcode Fuzzy Hash: 25b6cd78dbc0bd81a34a7331496c36e54501b7356a3653b8bfd124951489cc91
        • Instruction Fuzzy Hash: 7441D422618A8185EB50AF25E8447B9A760FB88B94F844171EE4D97798DF3CD441CF10
        Uniqueness

        Uniqueness Score: -1.00%

        Function 00007FF7234CE85C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
        Download Yara Rule
        APIs
        • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7234CDB5F), ref: 00007FF7234CE8A0
        • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7234CDB5F), ref: 00007FF7234CE8E6
        Strings
        Memory Dump Source
        • Source File: 00000006.00000002.1670421020.00007FF723431000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF723430000, based on PE: true
        • Associated: 00000006.00000002.1670407428.00007FF723430000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670511677.00007FF72358E000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670537392.00007FF7235CB000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670550564.00007FF7235CC000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670563745.00007FF7235CE000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235DA000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670578825.00007FF7235E0000.00000004.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670606239.00007FF7235E6000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670621669.00007FF7235F8000.00000020.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000006.00000002.1670638391.00007FF7235FA000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_6_2_7ff723430000_elevation_service.jbxd
        Similarity
        • API ID: ExceptionFileHeaderRaise
        • String ID: csm
        • API String ID: 2573137834-1018135373
        • Opcode ID: ab2ffa6d8a4e9ce13128c576df08f82d8e162556ba4fa37a612a913b80fed03c
        • Instruction ID: 9544b6d378be9595f6dbabc61e277e9836f14e74f49ea825e821f561ea6b2b8a
        • Opcode Fuzzy Hash: ab2ffa6d8a4e9ce13128c576df08f82d8e162556ba4fa37a612a913b80fed03c
        • Instruction Fuzzy Hash: F2114F32A08B4582EB509F25F840269B7A1FB88F94F9846B1DF8D17798DF3CD5518B50
        Uniqueness

        Uniqueness Score: -1.00%