Edit tour

Windows Analysis Report
HxTsr.exe

Overview

General Information

Sample name:	HxTsr.exe
Analysis ID:	1432172
MD5:	5598f080258560d009714396d1f464ac
SHA1:	89a086fa0664780c3a23f6fa7c6b4b35caf797d0
SHA256:	919423dbefdfe9536c13380a0331801e4451700df78381c00d2c445d7554776b

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

HxTsr.exe (PID: 6304 cmdline: "C:\Users\user\Desktop\HxTsr.exe" MD5: 5598F080258560D009714396D1F464AC)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: HxTsr.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb source: HxTsr.exe
Source:	Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: HxTsr.exe

Source: C:\Users\user\Desktop\HxTsr.exe

Code function: 4x nop then push rbx

0_2_00007FF77F4F4318

Source: C:\Users\user\Desktop\HxTsr.exe	Code function: 0_2_00007FF77F4FCE24		0_2_00007FF77F4FCE24
Source: C:\Users\user\Desktop\HxTsr.exe	Code function: 0_2_00007FF77F4FDA1C		0_2_00007FF77F4FDA1C

Source: classification engine

Classification label: clean2.winEXE@1/0@0/0

Source: HxTsr.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\HxTsr.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\HxTsr.exe	Section loaded: microsoft.applications.telemetry.windows.dll	Jump to behavior
Source: C:\Users\user\Desktop\HxTsr.exe	Section loaded: hxoutlookbackground.dll	Jump to behavior
Source: C:\Users\user\Desktop\HxTsr.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Users\user\Desktop\HxTsr.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Users\user\Desktop\HxTsr.exe	Section loaded: msvcp140_app.dll	Jump to behavior

Source: HxTsr.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: HxTsr.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: HxTsr.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: HxTsr.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: HxTsr.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: HxTsr.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: HxTsr.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: HxTsr.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE

Source: HxTsr.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb source: HxTsr.exe
Source:	Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: HxTsr.exe

Source: HxTsr.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: HxTsr.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: HxTsr.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: HxTsr.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: HxTsr.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: HxTsr.exe

Static PE information: real checksum: 0x21d68 should be: 0x1ee25

Source: HxTsr.exe

Static PE information: section name: .didat

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\HxTsr.exe

Code function: 0_2_00007FF77F4F10A4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF77F4F10A4

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
HxTsr.exe	3%	ReversingLabs
HxTsr.exe	0%	Virustotal		Browse

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432172
Start date and time:	2024-04-26 16:23:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HxTsr.exe
Detection:	CLEAN
Classification:	clean2.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 35
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target HxTsr.exe, PID 6304 because there are no executed function

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.06260340064884
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	HxTsr.exe
File size:	92'672 bytes
MD5:	5598f080258560d009714396d1f464ac
SHA1:	89a086fa0664780c3a23f6fa7c6b4b35caf797d0
SHA256:	919423dbefdfe9536c13380a0331801e4451700df78381c00d2c445d7554776b
SHA512:	5a9d0d0aa760bdfc42afd15b9b36aabfb7e0ec9d368da70cf039281e9ff33ee31030867ea274ab375f19df6164d3b17d0631effc2949c4a6de453c962bbfce8b
SSDEEP:	1536:COHO8lU/mI2MR92CX9OJt8xBa5fjIEVE71T47wIGgTje0MFcMMIGnyv/s:O8lU/mI2MRQqOJaxuf0EVPTj1MuiGnyM
TLSH:	A4934A5E232601F6E156D2BCC5A7627AE372FC435852970F4FB0D2860F772609E3AB91
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jUP..4>[.4>[.4>[.F8Z/4>[B@?Z(4>[B@;Z34>[B@:Z$4>[B@=Z-4>[.@?Z,4>['L.[.4>[.E?Z-4>[.4?[!5>[.F:Z-4>[.@;Z*4>[.@7Z.4>[.@.[/4>[.@<Z/4>

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140001090
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x65EA5F5E [Fri Mar 8 00:44:14 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	a936f9337ff7d2caddd1f140cf786be8

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F4FD485C500h
dec eax
add esp, 28h
jmp 00007F4FD485E8EFh
int3
nop
dec eax
mov dword ptr [esp+20h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 20h
dec eax
mov eax, dword ptr [00014F58h]
dec eax
mov ebx, 2DDFA232h
cdq
sub eax, dword ptr [eax]
add byte ptr [eax+3Bh], cl
ret
jne 00007F4FD485C566h
dec eax
and dword ptr [ebp+18h], 00000000h
dec eax
lea ecx, dword ptr [ebp+18h]
call dword ptr [0000E3E2h]
dec eax
mov eax, dword ptr [ebp+18h]
dec eax
mov dword ptr [ebp+10h], eax
call dword ptr [0000E084h]
mov eax, eax
dec eax
xor dword ptr [ebp+10h], eax
call dword ptr [0000E080h]
mov eax, eax
dec eax
lea ecx, dword ptr [ebp+20h]
dec eax
xor dword ptr [ebp+10h], eax
call dword ptr [0000E3A8h]
mov eax, dword ptr [ebp+20h]
dec eax
lea ecx, dword ptr [ebp+10h]
dec eax
shl eax, 20h
dec eax
xor eax, dword ptr [ebp+20h]
dec eax
xor eax, dword ptr [ebp+10h]
dec eax
xor eax, ecx
dec eax
mov ecx, FFFFFFFFh

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x11660	0x26c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x19000	0x470	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x17000	0xe7c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1a000	0x2f8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x13d98	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x10360	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xff00	0x138	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xf000	0x530	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x11364	0x80	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xd909	0xda00	c15882a8f64a4760a2426706d136e586	False	0.49691800458715596	data	6.222952095031539	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xf000	0x6a0d	0x6c00	6435b3a640a5272601ec16567ac5f21a	False	0.33351417824074076	data	5.050967033311491	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x16000	0x668	0x400	b9a2c6094558dddb50bebf9010a2d286	False	0.2109375	data	2.366450057637999	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x17000	0xe7c	0x1000	64d5b14d3ba2de64ed652e35afcf4312	False	0.449951171875	PEX Binary Archive	4.5321877075071395	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat	0x18000	0x80	0x200	1de5095e8fa50b79e9d813c48a45e6b6	False	0.1171875	data	0.8157106698145418	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x19000	0x470	0x600	96b3a15b1c45bb58ebbaf09c5b47347a	False	0.2962239583333333	data	4.002468213350723	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1a000	0x2f8	0x400	23e6eef97ce904081a3940fad30333dc	False	0.5322265625	data	4.589842225081001	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x19058	0x418	data	English	United States	0.3883587786259542

Imports

DLL	Import
Microsoft.Applications.Telemetry.Windows.dll	?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z, ?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z, ?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z, ?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z, ?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z, ?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ, ??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ, ?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z, ??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z, ?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z, ??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z, ?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z, ??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ, ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z, ?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z, ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z, ??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
api-ms-win-core-errorhandling-l1-1-0.dll	RaiseException
api-ms-win-core-realtime-l1-1-0.dll	QueryUnbiasedInterruptTime
api-ms-win-core-synch-l1-2-0.dll	WakeAllConditionVariable, SleepConditionVariableSRW, InitOnceExecuteOnce
api-ms-win-core-com-l1-1-0.dll	CoTaskMemFree, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler
api-ms-win-core-processthreads-l1-1-0.dll	GetCurrentProcess, TerminateProcess, GetCurrentThreadId, GetCurrentProcessId
api-ms-win-core-processthreads-l1-1-3.dll	SetProcessInformation
api-ms-win-core-util-l1-1-0.dll	DecodePointer
api-ms-win-core-synch-l1-1-0.dll	InitializeSRWLock, AcquireSRWLockExclusive, ReleaseSRWLockExclusive
api-ms-win-core-com-l1-1-1.dll	RoGetAgileReference
api-ms-win-eventing-provider-l1-1-0.dll	EventWriteTransfer
HxOutlookBackground.dll	?HxOutlookBackgroundInitialize@HxOutlook@@YAXAEAUConfig@Telemetry@Hx@@_N@Z, ?UseHxOutlookBackgroundAccess@HxOutlook@@YAAEAUIHxOutlookBackgroundAccess@1@XZ, ?HxOutlookBackgroundEnsureInitialized@HxOutlook@@YAXXZ
VCRUNTIME140_1_APP.dll	__CxxFrameHandler4
VCRUNTIME140_APP.dll	__current_exception, _purecall, __current_exception_context, __std_exception_destroy, __std_terminate, __C_specific_handler, __std_exception_copy, memset, _CxxThrowException, memcmp, memcpy, memmove
MSVCP140_APP.dll	?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?_Xinvalid_argument@std@@YAXPEBD@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?_Xbad_alloc@std@@YAXXZ, ?_Xlength_error@std@@YAXPEBD@Z, _Mtx_init_in_situ, _Mtx_destroy_in_situ, ?_Xout_of_range@std@@YAXPEBD@Z, ?_Throw_C_error@std@@YAXH@Z, _Mtx_lock, _Mtx_unlock, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?uncaught_exception@std@@YA_NXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
api-ms-win-crt-runtime-l1-1-0.dll	_crt_atexit, _invalid_parameter_noinfo_noreturn, _invalid_parameter_noinfo, terminate, _register_onexit_function, _initialize_onexit_table, _errno, _register_thread_local_exe_atexit_callback, _c_exit, _cexit, _set_app_type, _exit, exit, _initterm_e, _initterm, _get_narrow_winmain_command_line, _initialize_narrow_environment, _configure_narrow_argv, _seh_filter_exe
api-ms-win-crt-heap-l1-1-0.dll	_set_new_mode, free, malloc
api-ms-win-crt-string-l1-1-0.dll	_wcsicmp
api-ms-win-crt-stdio-l1-1-0.dll	__p__commode, _set_fmode
api-ms-win-crt-convert-l1-1-0.dll	wcstoull
api-ms-win-crt-math-l1-1-0.dll	__setusermatherr, pow
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
api-ms-win-core-profile-l1-1-0.dll	QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll	GetSystemTimeAsFileTime, GetSystemDirectoryW
api-ms-win-core-interlocked-l1-1-0.dll	InitializeSListHead
api-ms-win-core-delayload-l1-1-1.dll	ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll	DelayLoadFailureHook
api-ms-win-core-string-l1-1-0.dll	CompareStringOrdinal
api-ms-win-core-path-l1-1-0.dll	PathCchAppend
api-ms-win-core-file-l1-1-0.dll	GetFileAttributesW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	16:23:57
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\HxTsr.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\HxTsr.exe"
Imagebase:	0x7ff77f4f0000
File size:	92'672 bytes
MD5 hash:	5598F080258560D009714396D1F464AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 00007FF77F4F10A4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00007FF77F4F10D0
GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F10DE
GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F10EA
QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0 ref: 00007FF77F4F10FA

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 6494b3011ed12ee8fbd9efba338e6d045498913f71c9c479f9979a6da21c163a
Instruction ID: afdfb01b85805cbb8b4c7e7578691a08b1124a7d81e57eecfe4e2f3e33b49ea3
Opcode Fuzzy Hash: 6494b3011ed12ee8fbd9efba338e6d045498913f71c9c479f9979a6da21c163a
Instruction Fuzzy Hash: 03114F22A24F418BEB109F21E9542A433A4FB19768F441A31EA6D46754DF3CD5948394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FCE24 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 224COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140_APP ref: 00007FF77F4FD11C

Strings

Assert, xrefs: 00007FF77F4FCF79, 00007FF77F4FD0AF
tag, xrefs: 00007FF77F4FD128

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: ExceptionThrow
String ID: Assert$tag
API String ID: 432778473-967684852
Opcode ID: e9de12596ec6dced5d72a937c011b2cc95a0020e577558283f47cf8f54465457
Instruction ID: c47a0854d73cad092771b35b36122a44517b48d025a7f08464ac9b162b9da80e
Opcode Fuzzy Hash: e9de12596ec6dced5d72a937c011b2cc95a0020e577558283f47cf8f54465457
Instruction Fuzzy Hash: BC911223A386C287FB20BB26D6502FAABE0EB50754FD84231D65D036D1EE2CD556C3E0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F4318 Relevance: 3.8, APIs: 3, Instructions: 82COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140_APP(?,?,00000001,00007FF77F4F1387), ref: 00007FF77F4F4355
memcpy.VCRUNTIME140_APP(?,?,00000001,00007FF77F4F1387), ref: 00007FF77F4F43BB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF77F4F1387), ref: 00007FF77F4F4418

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: freememcpymemmove
String ID:
API String ID: 985528739-0
Opcode ID: 294e259b5502931f5007faf7b35efc3ecb219579e34c461f4a31954f86fd5d2e
Instruction ID: 6370405b366efc37b06b6c2a9c378df7dbfaa63f2364bb786328f6efbbcb0fd8
Opcode Fuzzy Hash: 294e259b5502931f5007faf7b35efc3ecb219579e34c461f4a31954f86fd5d2e
Instruction Fuzzy Hash: ED21B422B38BD586EB14AF17E6415B9A2A5EB44FE0F9C4131DE2C07BE5DE7CD0918350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FDA1C Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

abcdefghijklmnopqrstuvwxyz0123456789****************************, xrefs: 00007FF77F4FDA43, 00007FF77F4FDAD2

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID:
String ID: abcdefghijklmnopqrstuvwxyz0123456789****************************
API String ID: 0-2760645366
Opcode ID: 08842dc724a2cf00d5bd0d27bed7743377ded0ba0b39dae68c9fd5f9e71d4b24
Instruction ID: 200562ad6b1cbe1dd8eca7c6f82af2bee76e2e58b706822f0f38878b31c7f6df
Opcode Fuzzy Hash: 08842dc724a2cf00d5bd0d27bed7743377ded0ba0b39dae68c9fd5f9e71d4b24
Instruction Fuzzy Hash: 6031E453A3C3C54AD7029F7A55402A9FFA0E766B80F8D827ADA8987303DD2CD497C365

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F6994 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 328COMMON

Download Yara Rule

APIs

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6A0D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6A40
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6A47
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6AB1
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6AF5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6B28
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6B2F
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6B70
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6BA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6BAA
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6C73
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6CA6
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6CAD
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6D7E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6DB2
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6DB9
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6E80
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6EB3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF77F4F6EBA

Strings

EventInfo.PrivTags, xrefs: 00007FF77F4F6B4B
nstance, xrefs: 00007FF77F4F6D4B
actorId, xrefs: 00007FF77F4F6E4D
hxFlags, xrefs: 00007FF77F4F69D6
stTag, xrefs: 00007FF77F4F6C4B

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@Events@Microsoft@@$Category@234@@D@std@@DataEventKind@234@Properties@Property@U?$char_traits@V?$allocator@V?$basic_string@_invalid_parameter_noinfo_noreturnfree$D@2@@std@@_$D@2@@std@@D@@@D_t@D_t@234@
String ID: EventInfo.PrivTags$actorId$hxFlags$nstance$stTag
API String ID: 4008472446-2047053501
Opcode ID: acffc125b2d5b946e6d68db662419c69adf0d0f684998cf19ea7de309ce0c46c
Instruction ID: 67702ba959643cb3fa81e1a9a638987f63104202f2da4c80b7ad49455036f7cb
Opcode Fuzzy Hash: acffc125b2d5b946e6d68db662419c69adf0d0f684998cf19ea7de309ce0c46c
Instruction Fuzzy Hash: 17F18A73A257C18BEB109F25D5847AC77B9FB08B48F810639CE9D26B18DF389194D3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F7A18 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 339COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140_APP ref: 00007FF77F4F7A5C
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF77F4F7A6B

Part of subcall function 00007FF77F4F5EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F5F64
Part of subcall function 00007FF77F4F5EF0: ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F5F6F

??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7A96
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7AD4
?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7B38
?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7B5E
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7BEA
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7C57
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7CDF
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F7D33
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F7D3A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F7D7A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F7D81
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F7DFA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F7E04
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F7E40
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F7E47
_Mtx_unlock.MSVCP140_APP ref: 00007FF77F4F7E5C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F7F08
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP ref: 00007FF77F4F7F13
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F7F45
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP ref: 00007FF77F4F7F54

Strings

primaryToken, xrefs: 00007FF77F4F7BE0, 00007FF77F4F7CD5

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@Events@$Microsoft@@V?$allocator@$Configuration@D@std@@U?$char_traits@V?$basic_string@$D@2@@std@@Module@_invalid_parameter_noinfo_noreturnfree$V?$shared_ptr@Variant@123@Xbad_alloc@std@@malloc$D@2@@std@@@2@U?$less@U?$pair@$$V?$map@Variant@$C_error@std@@Configuration@234@Get@ManagerManager@234@Microsoft@@@2@Microsoft@@@2@@std@@@2@@std@@Microsoft@@@std@@@Microsoft@@@std@@@2@@std@@Modules@Mtx_lockMtx_unlockProvider@Throw_W4status_t@234@@
String ID: primaryToken
API String ID: 1220052155-1782620652
Opcode ID: 42b182a54ff9e88db8ced20fd0c3bd3dc7d51d5eea9e92be707fa7ebd7efaa7c
Instruction ID: 9e729b1799dd8fcf3c5940ad374129ea9cf49eb5623a737bed6118f4109f2917
Opcode Fuzzy Hash: 42b182a54ff9e88db8ced20fd0c3bd3dc7d51d5eea9e92be707fa7ebd7efaa7c
Instruction Fuzzy Hash: 1CF16C33B38B8286EB14AF22E9441E8B7E5FB44B88BC84536DA5D07764DE3CD555C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F6178 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 214COMMON

Download Yara Rule

APIs

??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F61B9

Part of subcall function 00007FF77F4F76B0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F773E
Part of subcall function 00007FF77F4F76B0: ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F7749
Part of subcall function 00007FF77F4F76B0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F777D
Part of subcall function 00007FF77F4F76B0: ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F778C
Part of subcall function 00007FF77F4F76B0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF77F4F61AF), ref: 00007FF77F4F77F3

??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F61DA
_Mtx_lock.MSVCP140_APP ref: 00007FF77F4F61F6
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF77F4F6202
_Mtx_unlock.MSVCP140_APP ref: 00007FF77F4F623C
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F6270
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F62F0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F62F7
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F6314
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F6381
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F6388
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F63A5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F641C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F6423
_Mtx_lock.MSVCP140_APP ref: 00007FF77F4F6476
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF77F4F6482
_Mtx_unlock.MSVCP140_APP ref: 00007FF77F4F64B8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F64EA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F64F1

Strings

hostMode, xrefs: 00007FF77F4F61D0
sionId, xrefs: 00007FF77F4F63C7
sdkmode, xrefs: 00007FF77F4F61AF
Version, xrefs: 00007FF77F4F6441

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@Events@Microsoft@@free$_invalid_parameter_noinfo_noreturn$D@@@D_t@$C_error@std@@Configuration@Mtx_lockMtx_unlockThrow_Variant@123@Xbad_alloc@std@@malloc
String ID: Version$hostMode$sdkmode$sionId
API String ID: 1417228798-3186143502
Opcode ID: e83a30f1d6a97a412fa5a17c20c87335687ea136a9f60447a3243b79a164cdeb
Instruction ID: 9b0f288b9ccc56643355ede91d3e71289785c1cbad65ed849f04e00d0a672e17
Opcode Fuzzy Hash: e83a30f1d6a97a412fa5a17c20c87335687ea136a9f60447a3243b79a164cdeb
Instruction Fuzzy Hash: F5A18823A38BC187EB00AB66E5542B9F7A1FB85B50F844535EA8D47B64DF3CD084C754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FD338 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 288COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4FD465
wcstoull.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF77F4FD48D
?_Xinvalid_argument@std@@YAXPEBD@Z.MSVCP140_APP ref: 00007FF77F4FD4A4
?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140_APP ref: 00007FF77F4FD4B8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4FD4F2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4FD4F9
CompareStringOrdinal.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF77F4FD57D
GetSystemDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00007FF77F4FD593
PathCchAppend.API-MS-WIN-CORE-PATH-L1-1-0 ref: 00007FF77F4FD5AA
GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF77F4FD5B8

Part of subcall function 00007FF77F4F4658: memmove.VCRUNTIME140_APP ref: 00007FF77F4F469C

Strings

Windows.Team, xrefs: 00007FF77F4FD5C9
Microsoft.Windows.Hub.LoginPolicy.dll, xrefs: 00007FF77F4FD59D
Windows.Core, xrefs: 00007FF77F4FD576
stoull argument out of range, xrefs: 00007FF77F4FD4B1
invalid stoull argument, xrefs: 00007FF77F4FD49D
tag, xrefs: 00007FF77F4FD725, 00007FF77F4FD788

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: AppendAttributesCompareDirectoryFileOrdinalPathStringSystemXinvalid_argument@std@@Xout_of_range@std@@_errno_invalid_parameter_noinfo_noreturnfreememmovewcstoull
String ID: Microsoft.Windows.Hub.LoginPolicy.dll$Windows.Core$Windows.Team$invalid stoull argument$stoull argument out of range$tag
API String ID: 59334309-1814647449
Opcode ID: b58eab0a424a0df94b3d3d761079eb9c9fc4cc2ef3471da4ece22f463d0d7ac1
Instruction ID: 6057f7b8a0088e459844145b44da8357b2f066025cb16f182347de3eea82a566
Opcode Fuzzy Hash: b58eab0a424a0df94b3d3d761079eb9c9fc4cc2ef3471da4ece22f463d0d7ac1
Instruction Fuzzy Hash: F1D14F23B38A8682FB00EB26EA401E9A7B1FB85B84FD45131DA4D57764DF3CE545C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FC750 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 288COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF77F4F45A0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF77F4F43A7,?,?,00000001,00007FF77F4F1387), ref: 00007FF77F4F45B9

memcpy.VCRUNTIME140_APP ref: 00007FF77F4FC89C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4FC8D3
memcpy.VCRUNTIME140_APP ref: 00007FF77F4FC8E4
memcpy.VCRUNTIME140_APP ref: 00007FF77F4FC9B1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4FC9EF
memcpy.VCRUNTIME140_APP ref: 00007FF77F4FC9FA
memcpy.VCRUNTIME140_APP ref: 00007FF77F4FCAE8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4FCB22
memcpy.VCRUNTIME140_APP ref: 00007FF77F4FCB2D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4FCB85
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF77F4FCBA0

Strings

0123456789ABCDEF, xrefs: 00007FF77F4FC7D5, 00007FF77F4FCA2F, 00007FF77F4FCB50

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: memcpy$free$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID: 0123456789ABCDEF
API String ID: 353111918-2554083253
Opcode ID: 38752e0108511b74dd97f2f7b16cce1a7a833a33c39ba1c7e2433c64bcd34233
Instruction ID: 1131bf43823551dc26a225af48f01c9e4e3d18dc7b77ab6128c31b73f7838ad0
Opcode Fuzzy Hash: 38752e0108511b74dd97f2f7b16cce1a7a833a33c39ba1c7e2433c64bcd34233
Instruction Fuzzy Hash: 51C19223B3878582EB14AF16E6082ADA7A6FB44BD4F844931CB5E03794EF7CE155C391

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F7238 Relevance: 19.7, APIs: 13, Instructions: 157COMMON

Download Yara Rule

APIs

??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF77F4F7188), ref: 00007FF77F4F7267
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F72BA
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F72CB
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F72DC
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F72EE
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F72FF
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F735F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F73C2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F73C9
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F73E7
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7406
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7412
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7450

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@Events@Microsoft@@$EventProperty@$U0123@$D@2@@std@@@D@std@@U0123@_U?$char_traits@V?$allocator@V?$basic_string@$D@@@D_t@D_t@123@@_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 3942560593-0
Opcode ID: 960f0509c9023aa9ea016847a47e6432d91cc78f79ba9d7c9a84d76468cf1b0b
Instruction ID: 948cc01ed951076284e9f48ca99ef237b26f673f8038a0fdf60ec35e12e057ce
Opcode Fuzzy Hash: 960f0509c9023aa9ea016847a47e6432d91cc78f79ba9d7c9a84d76468cf1b0b
Instruction Fuzzy Hash: 4861AB33E3859287FB04AB66DA542FC67F2FB05794F885130DA5E16A94DF2CE484C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F1208 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 139timeCOMMON

Download Yara Rule

APIs

GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F123E
SetProcessInformation.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-3 ref: 00007FF77F4F1251
InitOnceExecuteOnce.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF77F4F12BE
?HxOutlookBackgroundInitialize@HxOutlook@@YAXAEAUConfig@Telemetry@Hx@@_N@Z.HXOUTLOOKBACKGROUND ref: 00007FF77F4F1336
QueryUnbiasedInterruptTime.API-MS-WIN-CORE-REALTIME-L1-1-0 ref: 00007FF77F4F13D5
GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F13E7
TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F13F2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F1429
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F1430

Strings

Crash, xrefs: 00007FF77F4F1287

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Process$CurrentOnce$BackgroundConfig@ExecuteHx@@_InformationInitInitialize@InterruptOutlookOutlook@@QueryTelemetry@TerminateTimeUnbiased_invalid_parameter_noinfo_noreturnfree
String ID: Crash
API String ID: 3505764528-371843035
Opcode ID: f3ed5057f3d9886f0ae2c6791daee42a788f8160ff17d94c43644412faafab33
Instruction ID: 967af3a0cc4c3c16e84d9689ee2e8ed7c7b0e95ec849962f09f9e89624809873
Opcode Fuzzy Hash: f3ed5057f3d9886f0ae2c6791daee42a788f8160ff17d94c43644412faafab33
Instruction Fuzzy Hash: 80715023F38AC2CAF700AF71E6502F8B7A1AB94758FC45235D94D56665EF2CA185C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FC120 Relevance: 10.7, APIs: 7, Instructions: 151COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140_APP(?,00000000,?,00007FF77F4FC0CB,?,?,?,00007FF77F4FC434,?,?,?,00007FF77F4FC292), ref: 00007FF77F4FC1C8
memcpy.VCRUNTIME140_APP(?,00000000,?,00007FF77F4FC0CB,?,?,?,00007FF77F4FC434,?,?,?,00007FF77F4FC292), ref: 00007FF77F4FC1E2
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF77F4FC206
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC2F0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC2F7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC341
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC348

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfreememcpy$Concurrency::cancel_current_task
String ID:
API String ID: 3034246535-0
Opcode ID: 182cd21c12bbfa9b1df39c48964d619f88686d9def3c22fa55ba9a8a6b6bef0d
Instruction ID: 35b5a8d3937d76f51f36bf87cfe662d5e4aee17b9964c9c9724efe16672fdcfb
Opcode Fuzzy Hash: 182cd21c12bbfa9b1df39c48964d619f88686d9def3c22fa55ba9a8a6b6bef0d
Instruction Fuzzy Hash: B1519422B3478186EB10AB66EA442ECA3A5FB44BD4F884631DF5D17B95DF3CD1918390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F7020 Relevance: 10.6, APIs: 7, Instructions: 141COMMON

Download Yara Rule

APIs

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F70FC
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F7130
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F716D
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F71BE
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F71EE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F7228
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF77F4F722F

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Event_invalid_parameter_noinfo_noreturn$Applications@D@std@@Events@Microsoft@@Properties@Property@U?$char_traits@V?$allocator@V?$basic_string@free$Category@234@@D@2@@std@@D@2@@std@@0DataKind@234@Property@234@@
String ID:
API String ID: 2157271762-0
Opcode ID: 81788447d38690d03aa5fa6fae68a02753b042c07d2d50d4ddfd0c4037c56433
Instruction ID: c53c2b39a9db74880f7110ac5de672f6c642dc21e9452c23b48093b185056c7f
Opcode Fuzzy Hash: 81788447d38690d03aa5fa6fae68a02753b042c07d2d50d4ddfd0c4037c56433
Instruction Fuzzy Hash: D051A363F38A818AFB10EB76D5542ECA3B1BB45BA8F840631DE6D16794CE3CD499C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F1CB8 Relevance: 9.2, APIs: 6, Instructions: 155COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F1CE5
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F1D12
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F1DD5
AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F1E2F
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F1E69
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F1E78

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire$malloc
String ID:
API String ID: 1095099974-0
Opcode ID: c973d06fc1a06cddf6cb8a683b99e85ca3c0ba3119766efd78a5d60eaaa4742d
Instruction ID: a72812a9e3b37ee3af4fe21faf15a271f55f536caa866e14e76fca47d96fc969
Opcode Fuzzy Hash: c973d06fc1a06cddf6cb8a683b99e85ca3c0ba3119766efd78a5d60eaaa4742d
Instruction Fuzzy Hash: 61515D23A38B8586EB54AF17D6502B8A7B0FB89FA4F994431CE1E07360DF3CE4458390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F50D0 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF77F4F3003), ref: 00007FF77F4F50F3
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F5109

Part of subcall function 00007FF77F4F3C58: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF77F4F5154), ref: 00007FF77F4F3C76

ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F517A
AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F51EC
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F5229
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F524E

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire$malloc
String ID:
API String ID: 1095099974-0
Opcode ID: 007a11594e550cff8f3074c31522107c64956b9b2d49f4f1bfe18f6a2622c10d
Instruction ID: 8694a615dc5ebc39b4ad6d2a8a221266064a3cf4388086de32caf1f117909ed2
Opcode Fuzzy Hash: 007a11594e550cff8f3074c31522107c64956b9b2d49f4f1bfe18f6a2622c10d
Instruction Fuzzy Hash: EF514C33E39A8687EB54EB67DA400B9A7A0BB45F80B9E4531CE1D47354DF2CE945C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F1090 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF77F4F10A4: GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00007FF77F4F10D0
Part of subcall function 00007FF77F4F10A4: GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F10DE
Part of subcall function 00007FF77F4F10A4: GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F10EA
Part of subcall function 00007FF77F4F10A4: QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0 ref: 00007FF77F4F10FA

__scrt_initialize_crt.LIBCMT ref: 00007FF77F4F34AB
__scrt_release_startup_lock.LIBCMT ref: 00007FF77F4F352E
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F357C
_get_narrow_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F3589
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F35B2
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F360B

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_narrow_winmain_command_line_register_thread_local_exe_atexit_callback
String ID:
API String ID: 4225398245-0
Opcode ID: 1fbb49ee7c389e7ebb79cb7960bea0ea33ca1fd20df29107d1165f233adcc06b
Instruction ID: aef8039e0f66e1381690dac145be6d0db74b102d28a1057c8358a6d00169b287
Opcode Fuzzy Hash: 1fbb49ee7c389e7ebb79cb7960bea0ea33ca1fd20df29107d1165f233adcc06b
Instruction Fuzzy Hash: 33311723E3C1C383FB54BB2696522F9E6E19F95354FC85034D94E472D3DE2CA44992B4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FA648 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140_APP ref: 00007FF77F4FA6D5
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140_APP ref: 00007FF77F4FA6FC
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140_APP ref: 00007FF77F4FA734
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140_APP ref: 00007FF77F4FA763
?uncaught_exception@std@@YA_NXZ.MSVCP140_APP ref: 00007FF77F4FA769
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140_APP ref: 00007FF77F4FA778

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
String ID:
API String ID: 3901553425-0
Opcode ID: a5aa93bee1748aa60f2e01f3a9ce893c1acbb35ffaa732086a427c44ec57b534
Instruction ID: 9eaad803057a7b2367881bf963c768443f52586a9cd6e8afa475f8474f5779a0
Opcode Fuzzy Hash: a5aa93bee1748aa60f2e01f3a9ce893c1acbb35ffaa732086a427c44ec57b534
Instruction Fuzzy Hash: 03416C63A38A8183EB209F16D58067DE7E1FB84F91F599132CA5D47768CE3CD882C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F21E0 Relevance: 9.1, APIs: 6, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F220E

Part of subcall function 00007FF77F4F14F0: CoCreateFreeThreadedMarshaler.API-MS-WIN-CORE-COM-L1-1-0(?,?,00000008), ref: 00007FF77F4F1524

CoTaskMemAlloc.API-MS-WIN-CORE-COM-L1-1-0 ref: 00007FF77F4F229C
memcpy.VCRUNTIME140_APP ref: 00007FF77F4F22C6
memset.VCRUNTIME140_APP ref: 00007FF77F4F22CF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F22D4
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F22E0

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: AllocCreateFreeMarshalerTaskThreaded_errno_invalid_parameter_noinfomallocmemcpymemset
String ID:
API String ID: 1102017398-0
Opcode ID: 26da227945d19f0f0fa7ef6f7cf72aed3d4c32104eefaa3609d3c29f90144937
Instruction ID: ce81bd2e923df16dd78ae088dcff14fbe8a74f0e7d145f48627155bf71241cba
Opcode Fuzzy Hash: 26da227945d19f0f0fa7ef6f7cf72aed3d4c32104eefaa3609d3c29f90144937
Instruction Fuzzy Hash: 7241F537A25B8687EB44AF22E9502A9A7E4FB84FA4F894135CA1D03364DF3CE545C394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F6520 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,00000000,00007FF77F4F68EA), ref: 00007FF77F4F653E
_Mtx_lock.MSVCP140_APP(?,?,00000000,00007FF77F4F68EA), ref: 00007FF77F4F655A
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP(?,?,00000000,00007FF77F4F68EA), ref: 00007FF77F4F6566
_Mtx_unlock.MSVCP140_APP(?,?,00000000,00007FF77F4F68EA), ref: 00007FF77F4F65A0

Strings

hostMode, xrefs: 00007FF77F4F6534

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@C_error@std@@Configuration@Events@Microsoft@@Mtx_lockMtx_unlockThrow_Variant@123@
String ID: hostMode
API String ID: 233330023-2357876354
Opcode ID: 257a5d02b991e0e6f34119e55f6f5328f45713c9423fbad51a6875185a224774
Instruction ID: d5988ad2b6d7e318d1b7c904627e0f02936d0f4a2f98fa0b275420410a46cb2f
Opcode Fuzzy Hash: 257a5d02b991e0e6f34119e55f6f5328f45713c9423fbad51a6875185a224774
Instruction Fuzzy Hash: 7B015252E39A8283FF44BB66EA542B8A7D0AF49F90FC85134C81E07364DF2CD484C3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F76B0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F773E
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F7749
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F777D
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF77F4F61AF), ref: 00007FF77F4F778C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF77F4F61AF), ref: 00007FF77F4F77F3

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Xbad_alloc@std@@malloc$free
String ID:
API String ID: 3279272377-0
Opcode ID: d00a70aeef4b9791567f5e838494c793b3222b4bd2b51222220f1c755c2230d2
Instruction ID: 54a0b4e874adc7592e6193582bdee1a6af682443f54c69d6ab7ff7596c98680c
Opcode Fuzzy Hash: d00a70aeef4b9791567f5e838494c793b3222b4bd2b51222220f1c755c2230d2
Instruction Fuzzy Hash: 2D413623A38E8186EB54AB12E6943B9B3E0FB54B64F984234D65D07794DF3CE454C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F7520 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF77F4F6845), ref: 00007FF77F4F7551
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF77F4F6845), ref: 00007FF77F4F755F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F75D6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F75DD
_Mtx_unlock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF77F4F6845), ref: 00007FF77F4F75E7

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: C_error@std@@Mtx_lockMtx_unlockThrow__invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 4004452888-0
Opcode ID: eccfde8d185437d2fe95423f817bd9944db6fd48e3658161173552c1420d63ac
Instruction ID: c862c06af1ff6866e529992db8b13b4314fb46c63e3978ea9838718b058757ad
Opcode Fuzzy Hash: eccfde8d185437d2fe95423f817bd9944db6fd48e3658161173552c1420d63ac
Instruction Fuzzy Hash: 74215322738BC682FB40AB66E9442A9E7A1FB88BD0F845131E95E47B64DF3CD485C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FACAC Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00007FF77F4FACEE
_CxxThrowException.VCRUNTIME140_APP ref: 00007FF77F4FACFF
_CxxThrowException.VCRUNTIME140_APP ref: 00007FF77F4FAD1B
_CxxThrowException.VCRUNTIME140_APP ref: 00007FF77F4FAD37
_CxxThrowException.VCRUNTIME140_APP ref: 00007FF77F4FAD53

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: ExceptionThrow$std::bad_exception::bad_exception
String ID:
API String ID: 387331647-0
Opcode ID: 9a1c917b8a5e80f0089599c090369ac78629b78a85147853e3893e5ae8b9e20a
Instruction ID: 4cb79e9a5ade16062cb9a8b55ae24b7d36441f150ee3d485398803e996d65fe8
Opcode Fuzzy Hash: 9a1c917b8a5e80f0089599c090369ac78629b78a85147853e3893e5ae8b9e20a
Instruction Fuzzy Hash: D6116023A3C5C743EB24B722D6551F993A1BF84308FC42135D28D429B5EE2CE608C795

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F3BC0 Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F3BCF
_Mtx_lock.MSVCP140_APP ref: 00007FF77F4F3BF7
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF77F4F3C03
_Mtx_unlock.MSVCP140_APP ref: 00007FF77F4F3C36
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF77F4F3C48

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: C_error@std@@Concurrency::cancel_current_taskMtx_lockMtx_unlockThrow_malloc
String ID:
API String ID: 3007590470-0
Opcode ID: 20569c17af950825d567f6c3baca4002e80302bceb60c37f92593e9b0259be97
Instruction ID: 37283fe3649fb1ade4297094343681c773eb3b224159db3ed0ad6e475f1359b6
Opcode Fuzzy Hash: 20569c17af950825d567f6c3baca4002e80302bceb60c37f92593e9b0259be97
Instruction Fuzzy Hash: 74012127B39BC283EF44AB62F6541B5A2E0AF44B90FC84534CA1D47764EF2CE45483A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F4EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F5023
TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF77F4F502E

Part of subcall function 00007FF77F4F36B0: AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF77F4F1463), ref: 00007FF77F4F36C0

Strings

Crash, xrefs: 00007FF77F4F5017
Windows.ApplicationModel.Core.CoreApplication, xrefs: 00007FF77F4F4F4F

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Process$AcquireCurrentExclusiveLockTerminate
String ID: Crash$Windows.ApplicationModel.Core.CoreApplication
API String ID: 2246984814-1435419972
Opcode ID: a0d192f833ff1cc13f836155b787f1f4c3547dd23fe1bd87b116ff744c27af9c
Instruction ID: bf7fdd40ffb1a5e2649b0299b8448b7c26e9260ba196c52858eacb4d37c6d321
Opcode Fuzzy Hash: a0d192f833ff1cc13f836155b787f1f4c3547dd23fe1bd87b116ff744c27af9c
Instruction Fuzzy Hash: 8D511333A38A8682FB50EB26E6906F5A7A0FF44B54FC44236D94D47364EF3CE54587A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FE51D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__current_exception.VCRUNTIME140_APP ref: 00007FF77F4FE552
__current_exception_context.VCRUNTIME140_APP ref: 00007FF77F4FE566
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4FE56E

Strings

csm, xrefs: 00007FF77F4FE53E

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: __current_exception__current_exception_contextterminate
String ID: csm
API String ID: 2542180945-1018135373
Opcode ID: ceef7e9a641663984bc4114f213290486d3c183bb69c83ce7608c2b192109172
Instruction ID: 2525e9f55b25bcc3f2dae85af21bf884e94a779e9285bab8757cb66760055a3c
Opcode Fuzzy Hash: ceef7e9a641663984bc4114f213290486d3c183bb69c83ce7608c2b192109172
Instruction Fuzzy Hash: F3F04437625B85CBD710AF22E8804AC73B4FB88B98B896130FA8D47715DF38C8918360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F5EF0 Relevance: 6.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F5F64
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F5F6F
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF77F4F60BA

Part of subcall function 00007FF77F4F3FD8: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF77F4F3FE1

Part of subcall function 00007FF77F4F6108: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF77F4F60E4,?,?,?,?,?,?,?,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F6140
Part of subcall function 00007FF77F4F6108: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF77F4F60E4,?,?,?,?,?,?,?,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F614F
Part of subcall function 00007FF77F4F6108: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF77F4F61AF), ref: 00007FF77F4F77F3

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00000000,00000000,?,?,00007FF77F4F7AC1), ref: 00007FF77F4F60F1

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: free$Concurrency::cancel_current_taskXbad_alloc@std@@mallocstd::bad_alloc::bad_alloc
String ID:
API String ID: 2711775500-0
Opcode ID: 0b143a9a51a29c11d4b27d12c1f513737fabd702938445f3c55dc468c6cfaf0e
Instruction ID: 412ea221c5ea9b370dcecd541ac0cc658f677e121758b4443f854e3c84806c31
Opcode Fuzzy Hash: 0b143a9a51a29c11d4b27d12c1f513737fabd702938445f3c55dc468c6cfaf0e
Instruction Fuzzy Hash: 57517933629B8596EB40DF16E6801A8B7E4FB48FD4BA88035DB8D43B55DF38D5A2C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FC214 Relevance: 6.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC2F0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC2F7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC341
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF77F4F9196), ref: 00007FF77F4FC348

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 2293887081-0
Opcode ID: bca754a37fd3aaebfdc60eca50492e38eedb8177995e85d9776ba9deb1b1227f
Instruction ID: 158f87cc6318a2f5d8bf24c1500d6fbcece0a2dfc38ba2b4303c277139df9a93
Opcode Fuzzy Hash: bca754a37fd3aaebfdc60eca50492e38eedb8177995e85d9776ba9deb1b1227f
Instruction Fuzzy Hash: AF41AD23B24B9186FB10DBA5E9442EC73B5FB44B98F850621DF5C23BA5CF389595C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F4090 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F4130
ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF77F4F414D

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: dc75aedbcf0d2eb7ac59fef97bbee6eda8b71451bf3ed9ded0d0df17c2a718eb
Instruction ID: c9ad80e2ed39261fc968f07bec9aa44ed00366a37058c87f6fd248ea244548d8
Opcode Fuzzy Hash: dc75aedbcf0d2eb7ac59fef97bbee6eda8b71451bf3ed9ded0d0df17c2a718eb
Instruction Fuzzy Hash: 44414927E3CA86C6EB54AB16EB547B8A3A0EB54F94F984131DA0D03764DF3DE445C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F851C Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF77F4F5CBF), ref: 00007FF77F4F8546
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF77F4F5CBF), ref: 00007FF77F4F8551
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF77F4F5CBF), ref: 00007FF77F4F85B5
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF77F4F5CBF), ref: 00007FF77F4F85C0

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Xbad_alloc@std@@malloc
String ID:
API String ID: 2310037053-0
Opcode ID: 3e592f6a13795cac45d98011512f0723a76c8ab5e375b09cd25b3251593f7ef8
Instruction ID: 692875639ae231079057217581fd28f53ef38786bc1fa9b616bf73dbf30a287b
Opcode Fuzzy Hash: 3e592f6a13795cac45d98011512f0723a76c8ab5e375b09cd25b3251593f7ef8
Instruction Fuzzy Hash: 9B314533624F8882E7049F16E584369B7E4FB58B58F698528CB8C07794DF79D4A5C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F6810 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF77F4F7520: _Mtx_lock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF77F4F6845), ref: 00007FF77F4F7551
Part of subcall function 00007FF77F4F7520: ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF77F4F6845), ref: 00007FF77F4F755F
Part of subcall function 00007FF77F4F7520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F75D6
Part of subcall function 00007FF77F4F7520: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F75DD
Part of subcall function 00007FF77F4F7520: _Mtx_unlock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF77F4F6845), ref: 00007FF77F4F75E7

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F6876
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F6880
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF77F4F68D8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF77F4F68DF

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfree$C_error@std@@Mtx_lockMtx_unlockThrow_
String ID:
API String ID: 162835524-0
Opcode ID: 6ca3feafc6e4763e8b9e1f4c8fb939e494f8706fb5e1a49dea5fe893d1ffcbbc
Instruction ID: 69f5c9a661745b646c24e927919823719819e23f28500e8888892c5fb5a3aaab
Opcode Fuzzy Hash: 6ca3feafc6e4763e8b9e1f4c8fb939e494f8706fb5e1a49dea5fe893d1ffcbbc
Instruction Fuzzy Hash: BB21A623F3569596FF00AB76E9543FC63B1BB04B98F880635DA2D1AB95CF2CD0848390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F7610 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140_APP ref: 00007FF77F4F7638
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF77F4F7646
??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7668
_Mtx_unlock.MSVCP140_APP ref: 00007FF77F4F768F

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@C_error@std@@D_t@Events@Microsoft@@Mtx_lockMtx_unlockThrow_U0123@@
String ID:
API String ID: 2588676055-0
Opcode ID: 30aca8e27518303b323894f1025fb0f0033d2ce5c21b6e7c3a056b3be5c88866
Instruction ID: b69786620717004753de235154ca600af8f508934a20f1227699a3665ba715c8
Opcode Fuzzy Hash: 30aca8e27518303b323894f1025fb0f0033d2ce5c21b6e7c3a056b3be5c88866
Instruction Fuzzy Hash: D6018223B38B8286EB50AB23FA045A9A7A0FB48FE0B890131ED1E47350DF3CD4418394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F7498 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140_APP ref: 00007FF77F4F74B2
?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF77F4F74BE
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF77F4F7500
_Mtx_unlock.MSVCP140_APP ref: 00007FF77F4F7511

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: Applications@C_error@std@@Configuration@234@@Events@ManagerMicrosoft@@Mtx_lockMtx_unlockProvider@Release@Throw_W4status_t@234@
String ID:
API String ID: 2144121544-0
Opcode ID: 3389f479d45c3cc00bf504d45d6b550ce6eb723e1ae148aac8634e93169eda7f
Instruction ID: d951cbb6e6c7676d0c14c2010fd10390ec5b83c2485bcc705052849cbf3bbc92
Opcode Fuzzy Hash: 3389f479d45c3cc00bf504d45d6b550ce6eb723e1ae148aac8634e93169eda7f
Instruction Fuzzy Hash: 5A011252E39A8683FF54BB66DA543B896D0AF45F91F984534D81E07360DE2CA08483A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F45A0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF77F4F43A7,?,?,00000001,00007FF77F4F1387), ref: 00007FF77F4F45B9
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF77F4F43A7,?,?,00000001,00007FF77F4F1387), ref: 00007FF77F4F45DA
?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,?,?,00007FF77F4F43A7,?,?,00000001,00007FF77F4F1387), ref: 00007FF77F4F45E5
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF77F4F45F3

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: malloc$Concurrency::cancel_current_taskXbad_alloc@std@@
String ID:
API String ID: 3446396709-0
Opcode ID: 0e4c5a664b53c58f59b68af491e9f35f4ea30d0100ef7c26b2d96387ef29bbed
Instruction ID: 623a17a227da116e42b5a3e9b7e5df1055d65c97f78bc482994a65e4dccc823e
Opcode Fuzzy Hash: 0e4c5a664b53c58f59b68af491e9f35f4ea30d0100ef7c26b2d96387ef29bbed
Instruction Fuzzy Hash: 83F01757E3E68643FF19B76286547B891E05F14770FD81B34CA2E013E0EE5C659192B0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4FC5D0 Relevance: 5.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140_APP(?,00000000,00000000,00007FF77F4FC742), ref: 00007FF77F4FC66D
memset.VCRUNTIME140_APP(?,00000000,00000000,00007FF77F4FC742), ref: 00007FF77F4FC67A
memcpy.VCRUNTIME140_APP(?,00000000,00000000,00007FF77F4FC742), ref: 00007FF77F4FC695
memset.VCRUNTIME140_APP(?,00000000,00000000,00007FF77F4FC742), ref: 00007FF77F4FC6A2

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: 776cf9c1a1e0e731a1571a40a834136fed7e32dd1084ae1d233d3b413a4b00a3
Instruction ID: 6a0912d7e7f02824d555b48887a368c7d17646793e0ce41866a375194ac3d6a3
Opcode Fuzzy Hash: 776cf9c1a1e0e731a1571a40a834136fed7e32dd1084ae1d233d3b413a4b00a3
Instruction Fuzzy Hash: 1F31AD22638BC186EB04EF1796000A9B7A5FB85FD0F988532DF6C0B795DE39D191C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF77F4F1EB0 Relevance: 5.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF77F4F1D76), ref: 00007FF77F4F1EEA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF77F4F1D76), ref: 00007FF77F4F1F31
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF77F4F1D76), ref: 00007FF77F4F1F70
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF77F4F1D76), ref: 00007FF77F4F1F83

Memory Dump Source

Source File: 00000000.00000002.3234363179.00007FF77F4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77F4F0000, based on PE: true

Associated: 00000000.00000002.3234353158.00007FF77F4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234374074.00007FF77F4FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234386281.00007FF77F500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234401864.00007FF77F506000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F507000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3234414543.00007FF77F509000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff77f4f0000_HxTsr.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: c565662d6cc64b80a43d1fcd1095cba92fa8f1fb93b39f909385087bcc619404
Instruction ID: 94e6c7c13fae5f4e7b891ccee8b50ac245c0c861160dec12f841030c4e019312
Opcode Fuzzy Hash: c565662d6cc64b80a43d1fcd1095cba92fa8f1fb93b39f909385087bcc619404
Instruction Fuzzy Hash: 7F215223739B8583EB149F13A6002B9A3F4BB84BA4F884535DD4D57758DF3CE45682A4

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HxTsr.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: HxTsr.exePID: 6304, Parent PID: 1028

General

Chronological Activities

Disassembly

Analysis Process: HxTsr.exePID: 6304, Parent PID: 1028COMMON

Non-executed Functions

Function 00007FF77F4F10A4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Function 00007FF77F4FCE24 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 224COMMON

Function 00007FF77F4F4318 Relevance: 3.8, APIs: 3, Instructions: 82COMMON

Function 00007FF77F4FDA1C Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Function 00007FF77F4F6994 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 328COMMON

Function 00007FF77F4F7A18 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 339COMMON

Function 00007FF77F4F6178 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 214COMMON

Windows Analysis Report
HxTsr.exe