Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report tftpd64_svc.exe

Overview

General Information

Sample Name:tftpd64_svc.exe
Analysis ID:524512
MD5:7ea3bbf84f39cc37c208945461230614
SHA1:a2c2c0912f9632024245007083b0f75c4d520afe
SHA256:cfc0fdbf62d6b3be3960cee3f27d19d6c81ec125b2856912f331f5413e3f12be
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sample file is different than original file name gathered from version info
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found large amount of non-executed APIs
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality to delete services
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • tftpd64_svc.exe (PID: 2588 cmdline: "C:\Users\user\Desktop\tftpd64_svc.exe" MD5: 7EA3BBF84F39CC37C208945461230614)
    • conhost.exe (PID: 1544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: tftpd64_svc.exeVirustotal: Detection: 7%Perma Link
Source: tftpd64_svc.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA8078 FindFirstFileExW,0_2_00007FF61DDA8078
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8F80C lstrcpynA,lstrcatA,FindFirstFileA,FileTimeToLocalFileTime,FileTimeToSystemTime,GetDateFormatA,wsprintfA,FindNextFileA,FindClose,0_2_00007FF61DD8F80C
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD846B0 recvfrom,SendARP,inet_ntoa,0_2_00007FF61DD846B0
Source: tftpd64_svc.exeBinary or memory string: OriginalFileName vs tftpd64_svc.exe
Source: tftpd64_svc.exe, 00000000.00000000.261582113.00007FF61DDCE000.00000002.00020000.sdmpBinary or memory string: OriginalFileNametftpd32P vs tftpd64_svc.exe
Source: tftpd64_svc.exeBinary or memory string: OriginalFileNametftpd32P vs tftpd64_svc.exe
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9CF200_2_00007FF61DD9CF20
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8BE900_2_00007FF61DD8BE90
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDB06880_2_00007FF61DDB0688
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD84E900_2_00007FF61DD84E90
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8E68C0_2_00007FF61DD8E68C
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA7E6C0_2_00007FF61DDA7E6C
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD956340_2_00007FF61DD95634
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA11180_2_00007FF61DDA1118
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD959140_2_00007FF61DD95914
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9B0EC0_2_00007FF61DD9B0EC
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8B0800_2_00007FF61DD8B080
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA80780_2_00007FF61DDA8078
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDAD0180_2_00007FF61DDAD018
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8D82B0_2_00007FF61DD8D82B
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8C7A00_2_00007FF61DD8C7A0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9EB000_2_00007FF61DD9EB00
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDAA27C0_2_00007FF61DDAA27C
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD83A800_2_00007FF61DD83A80
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDAB2000_2_00007FF61DDAB200
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8A2000_2_00007FF61DD8A200
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA396C0_2_00007FF61DDA396C
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9E1500_2_00007FF61DD9E150
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD951480_2_00007FF61DD95148
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9D4D40_2_00007FF61DD9D4D4
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9E4B40_2_00007FF61DD9E4B4
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD9ABE00_2_00007FF61DD9ABE0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8C3C00_2_00007FF61DD8C3C0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8FBB80_2_00007FF61DD8FBB8
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD953CC0_2_00007FF61DD953CC
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA53A00_2_00007FF61DDA53A0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: String function: 00007FF61DD8E468 appears 77 times
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: String function: 00007FF61DD81F60 appears 87 times
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: String function: 00007FF61DD9F17C appears 35 times
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD816A0 lstrcmpiA,GetModuleFileNameA,OpenSCManagerA,CreateServiceA,GetVersionExA,ChangeServiceConfig2A,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,OpenSCManagerA,OpenServiceA,ControlService,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,SetConsoleCtrlHandler,lstrcmpiA,RegDeleteKeyA,RegDeleteKeyA,StartServiceCtrlDispatcherA,GetLastError,0_2_00007FF61DD816A0
Source: tftpd64_svc.exeVirustotal: Detection: 7%
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8ED18 GetLastError,FormatMessageA,lstrcpynA,LocalFree,0_2_00007FF61DD8ED18
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD816A0 lstrcmpiA,GetModuleFileNameA,OpenSCManagerA,CreateServiceA,GetVersionExA,ChangeServiceConfig2A,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,OpenSCManagerA,OpenServiceA,ControlService,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,SetConsoleCtrlHandler,lstrcmpiA,RegDeleteKeyA,RegDeleteKeyA,StartServiceCtrlDispatcherA,GetLastError,0_2_00007FF61DD816A0
Source: tftpd64_svc.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\tftpd64_svc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD816A0 lstrcmpiA,GetModuleFileNameA,OpenSCManagerA,CreateServiceA,GetVersionExA,ChangeServiceConfig2A,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,OpenSCManagerA,OpenServiceA,ControlService,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,SetConsoleCtrlHandler,lstrcmpiA,RegDeleteKeyA,RegDeleteKeyA,StartServiceCtrlDispatcherA,GetLastError,0_2_00007FF61DD816A0
Source: unknownProcess created: C:\Users\user\Desktop\tftpd64_svc.exe "C:\Users\user\Desktop\tftpd64_svc.exe"
Source: C:\Users\user\Desktop\tftpd64_svc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1544:120:WilError_01
Source: tftpd64_svc.exeString found in binary or memory: %s -install to install the service
Source: tftpd64_svc.exeString found in binary or memory: -install
Source: tftpd64_svc.exeString found in binary or memory: %s -install to install the service
Source: tftpd64_svc.exeString found in binary or memory: -install
Source: tftpd64_svc.exeString found in binary or memory: %s -install to install the service
Source: tftpd64_svc.exeString found in binary or memory: %s (0x%x)%s error: %d-install-remove-debug-uninstallTftpd32%s -install to install the service
Source: classification engineClassification label: mal48.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: lstrcmpiA,GetModuleFileNameA,OpenSCManagerA,CreateServiceA,GetVersionExA,ChangeServiceConfig2A,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,OpenSCManagerA,OpenServiceA,ControlService,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,SetConsoleCtrlHandler,lstrcmpiA,RegDeleteKeyA,RegDeleteKeyA,StartServiceCtrlDispatcherA,GetLastError,0_2_00007FF61DD816A0
Source: tftpd64_svc.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: tftpd64_svc.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: tftpd64_svc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: tftpd64_svc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: tftpd64_svc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: tftpd64_svc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: tftpd64_svc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: tftpd64_svc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: tftpd64_svc.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD816A0 lstrcmpiA,GetModuleFileNameA,OpenSCManagerA,CreateServiceA,GetVersionExA,ChangeServiceConfig2A,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,OpenSCManagerA,OpenServiceA,ControlService,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,SetConsoleCtrlHandler,lstrcmpiA,RegDeleteKeyA,RegDeleteKeyA,StartServiceCtrlDispatcherA,GetLastError,0_2_00007FF61DD816A0
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\tftpd64_svc.exeAPI coverage: 3.4 %
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD885F0 GetSystemTime followed by cmp: cmp al, 18h and CTI: jbe 00007FF61DD8876Ch0_2_00007FF61DD885F0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA8078 FindFirstFileExW,0_2_00007FF61DDA8078
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8F80C lstrcpynA,lstrcatA,FindFirstFileA,FileTimeToLocalFileTime,FileTimeToSystemTime,GetDateFormatA,wsprintfA,FindNextFileA,FindClose,0_2_00007FF61DD8F80C
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD91130 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61DD91130
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA9EF0 GetProcessHeap,0_2_00007FF61DDA9EF0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD90B68 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF61DD90B68
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD91130 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61DD91130
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD90804 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF61DD90804
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD912D8 SetUnhandledExceptionFilter,0_2_00007FF61DD912D8
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA19B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61DDA19B8
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDB04D0 cpuid 0_2_00007FF61DDB04D0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DDA55A8 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF61DDA55A8
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD816A0 lstrcmpiA,GetModuleFileNameA,OpenSCManagerA,CreateServiceA,GetVersionExA,ChangeServiceConfig2A,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,OpenSCManagerA,OpenServiceA,ControlService,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,DeleteService,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,lstrcmpiA,SetConsoleCtrlHandler,lstrcmpiA,RegDeleteKeyA,RegDeleteKeyA,StartServiceCtrlDispatcherA,GetLastError,0_2_00007FF61DD816A0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD885F0 gethostname,gethostbyname,recvfrom,GetLastError,Sleep,GetSystemTime,htonl,htonl,sendto,GetLastError,0_2_00007FF61DD885F0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8DE20 getaddrinfo,wsprintfA,getaddrinfo,socket,bind,listen,htons,freeaddrinfo,0_2_00007FF61DD8DE20
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD888B0 wsprintfA,getaddrinfo,GetLastError,socket,setsockopt,setsockopt,bind,GetLastError,getnameinfo,SetLastError,GetLastError,GetLastError,GetLastError,GetLastError,closesocket,freeaddrinfo,0_2_00007FF61DD888B0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD8C7A0 WaitForSingleObject,GetLastError,SetThreadPriority,socket,GetLastError,htons,bind,GetLastError,GetLastError,connect,GetLastError,Sleep,getsockname,getnameinfo,MessageBoxA,closesocket,CloseHandle,GetCurrentThreadId,SetEvent,Sleep,0_2_00007FF61DD8C7A0
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD84A10 socket,WSAGetLastError,setsockopt,getservbyname,htons,bind,setsockopt,htonl,sendto,GetCurrentThreadId,GetLastError,htonl,htonl,getservbyname,htons,sendto,closesocket,WSAGetLastError,closesocket,0_2_00007FF61DD84A10
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD90450 wsprintfA,getaddrinfo,socket,setsockopt,bind,freeaddrinfo,GetLastError,sendto,closesocket,0_2_00007FF61DD90450
Source: C:\Users\user\Desktop\tftpd64_svc.exeCode function: 0_2_00007FF61DD89C00 wsprintfA,GetAdaptersAddresses,GetAdaptersAddresses,wsprintfA,lstrcmpA,inet_ntoa,lstrcpyA,getaddrinfo,socket,GetLastError,freeaddrinfo,getaddrinfo,GetLastError,GetLastError,GetLastError,setsockopt,setsockopt,bind,GetLastError,getnameinfo,SetLastError,GetLastError,GetLastError,GetLastError,GetLastError,closesocket,freeaddrinfo,0_2_00007FF61DD89C00

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Windows Service14Windows Service14Process Injection1OS Credential DumpingSystem Time Discovery12Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsService Execution12Boot or Logon Initialization ScriptsProcess Injection1Deobfuscate/Decode Files or Information1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery13Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 524512 Sample: tftpd64_svc.exe Startdate: 18/11/2021 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 tftpd64_svc.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
tftpd64_svc.exe8%VirustotalBrowse
tftpd64_svc.exe3%MetadefenderBrowse
tftpd64_svc.exe7%ReversingLabsWin64.Network.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:524512
Start date:18.11.2021
Start time:16:10:36
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:tftpd64_svc.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:21
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal48.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 100% (good quality ratio 88.1%)
  • Quality average: 62.6%
  • Quality standard deviation: 33.6%
HCA Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
  • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv
Process:C:\Users\user\Desktop\tftpd64_svc.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):323
Entropy (8bit):4.3991263512448855
Encrypted:false
SSDEEP:6:mbQBs0egLsiW7aUvX1UnMxAYyyjB5y+PNMWFGtssfxyk:mkW09It79vFLjrOwVCffT
MD5:C9923ACC1B05E65898460A860A6B6D91
SHA1:55219B71289C186AA746FB1269048E22E4BEBBA0
SHA-256:E81D5A1B93A30F94DCE779649E0D05BFC0186A24C4CEEAFCEA7BF28B48B079B4
SHA-512:0502DDCD301C5345C456D41B2787594FCCC37F8E4101F82703332AF1DF61B02E8CF71FA38C8E6953FE7800EFABCE782D5962E3B5A8F295287BC9B98BB5E7070C
Malicious:false
Reputation:low
Preview: Tftpd32 -install to install the service..Tftpd32 -remove to remove the service..Tftpd32 -debug <params> to run as a console app for debugging..Tftpd32 -uninstall to suppress registry entries and settings....StartServiceCtrlDispatcher being called...This may take several seconds. Please wait...

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.138396322407685
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:tftpd64_svc.exe
File size:334336
MD5:7ea3bbf84f39cc37c208945461230614
SHA1:a2c2c0912f9632024245007083b0f75c4d520afe
SHA256:cfc0fdbf62d6b3be3960cee3f27d19d6c81ec125b2856912f331f5413e3f12be
SHA512:d6a39dc4471da3d8ee57ba4a68342b36c1805b3f9ccabb29809d199f0f99393268c90edfcb99c9e61b91ea0de3921c70eab6f725247e80bf33e17ec68385ec27
SSDEEP:6144:bUJiJIHR90uwDK09BFBMCNDrGwsQ9nEfet:bTmwDPDqqb
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........e...6...6...6...7...6...7...6...7...6...7...6...7...6...7...6...7...6...7...6...6f..6...7...6...6...6..y6...6...7...6Rich...

File Icon

Icon Hash:9966ce33d4c96288

Static PE Info

General

Entrypoint:0x140010d00
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:0x5C768010 [Wed Feb 27 12:18:24 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:2
File Version Major:5
File Version Minor:2
Subsystem Version Major:5
Subsystem Version Minor:2
Import Hash:9f5c11ad09c4f9854ca1d2f71809a230

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F40B4A509F4h
dec eax
add esp, 28h
jmp 00007F40B4A50557h
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007F40B4A506F2h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007F40B4A506F5h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007F40B4A506EDh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007F40B4A50136h
int3
dec eax
sub esp, 28h
call 00007F40B4A50E60h
test eax, eax
je 00007F40B4A50703h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F40B4A506E7h
dec eax
cmp ecx, eax
je 00007F40B4A506F6h
xor eax, eax
dec eax
cmpxchg dword ptr [00032AECh], ecx
jne 00007F40B4A506D0h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x3f3700x8c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000xcf28.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x2274.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f0000x7dc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x3cbc00x38.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3cc000x108.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x310000x688.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x2ff700x30000False0.565739949544zlib compressed data6.48269396487IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0x310000xf77e0xf800False0.446966355847data5.27609719005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x410000xc6900x2000False0.179565429688data2.51483766286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata0x4e0000x22740x2400False0.4716796875data5.3242848263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x510000x940x200False0.201171875data1.42338039998IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x520000xcf280xd000False0.100717397837data2.80452122995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x5f0000x7dc0x800False0.62939453125data5.38146824912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountry
RT_ICON0x525880xa068dataEnglishUnited States
RT_ICON0x5c5f00xa68dBase IV DBT of \200.DBF, blocks size 0, block length 2048, next free block index 40, next free block 2290649224, next used block 2290649224EnglishUnited States
RT_ICON0x5d0580x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 43530, next used block 0EnglishUnited States
RT_ICON0x5d3400x668dataEnglishUnited States
RT_ICON0x5d9e80x2e8dataEnglishUnited States
RT_ICON0x5dce80x10a8dataEnglishUnited States
RT_GROUP_ICON0x5d9a80x3edataEnglishUnited States
RT_GROUP_ICON0x5dcd00x14dataEnglishUnited States
RT_GROUP_ICON0x5ed900x14dataEnglishUnited States
RT_VERSION0x522800x308dataEnglishUnited States
RT_MANIFEST0x5eda80x17dXML 1.0 document textEnglishUnited States

Imports

DLLImport
WS2_32.dlllisten, WSASetLastError, send, accept, select, getsockname, ntohs, connect, recv, WSACloseEvent, WSACreateEvent, WSAEventSelect, gethostbyname, getnameinfo, getaddrinfo, freeaddrinfo, bind, WSAIoctl, closesocket, ntohl, inet_addr, socket, inet_ntoa, getservbyname, gethostname, recvfrom, htonl, sendto, setsockopt, WSAGetLastError, WSACleanup, WSAStartup, htons
IPHLPAPI.DLLGetIpNetTable, SendARP, GetAdaptersAddresses, DeleteIpNetEntry
KERNEL32.dllLCMapStringW, HeapReAlloc, GetTimeZoneInformation, OutputDebugStringW, GetModuleFileNameA, lstrlenA, lstrcatA, lstrcpyA, lstrcmpiA, SetConsoleCtrlHandler, Sleep, GetLastError, GetVersionExA, LocalFree, FormatMessageA, WriteFile, SetThreadPriority, SetFilePointer, CreateFileA, GetCurrentThread, GetThreadPriority, CloseHandle, GetLocalTime, FlushFileBuffers, SetLastError, GetCurrentThreadId, lstrcmpA, GetFileSize, GetTickCount, lstrcpynA, WaitForSingleObject, ResetEvent, GetEnvironmentVariableA, GetCurrentDirectoryW, GetCurrentDirectoryA, GetSystemTime, WaitForMultipleObjects, SetEvent, CreateEventA, CreateThread, ReadFile, SetFilePointerEx, CreateMutexA, ReleaseMutex, OutputDebugStringA, GetPrivateProfileStringA, WritePrivateProfileStringA, FileTimeToLocalFileTime, FindClose, FindFirstFileA, FindNextFileA, GetFileAttributesA, FileTimeToSystemTime, GetDateFormatA, GetSystemTimeAsFileTime, HeapAlloc, GetCommandLineW, GetCommandLineA, SystemTimeToTzSpecificLocalTime, HeapFree, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeW, CreateFileW, WriteConsoleW, GetModuleFileNameW, GetFileType, GetStdHandle, FreeLibraryAndExitThread, ResumeThread, ExitThread, GetModuleHandleExW, ExitProcess, RaiseException, LoadLibraryExW, GetProcAddress, CompareStringW, MultiByteToWideChar, GetFullPathNameW, SetStdHandle, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetStringTypeW, GetProcessHeap, GetConsoleCP, GetConsoleMode, GetFileSizeEx, HeapSize, ReadConsoleW, SetEndOfFile, GetFullPathNameA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary
USER32.dllLoadIconA, GetParent, GetDesktopWindow, GetClassLongPtrA, GetWindowLongPtrA, GetWindowRect, SetWindowTextA, ReleaseDC, GetDC, DrawIcon, GetSystemMetrics, SetFocus, EndDialog, DialogBoxIndirectParamA, SetWindowPos, DestroyWindow, CreateWindowExA, MessageBeep, MessageBoxA, wsprintfA, DestroyIcon, SendMessageA
GDI32.dllGetTextExtentPoint32A
ADVAPI32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteKeyA, StartServiceCtrlDispatcherA, DeregisterEventSource, CreateServiceA, QueryServiceStatus, CloseServiceHandle, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenSCManagerA, DeleteService, ControlService, ReportEventA, ChangeServiceConfig2A, OpenServiceA, RegisterEventSourceA

Version Infos

DescriptionData
LegalCopyrightCopyrighted 2018 by Ph. Jounin
InternalNametftpd32 service edition
FileVersion
CompanyNamePh. Jounin
LegalTrademarks
ProductNametftpd32 service edition
ProductVersion4.62
FileDescriptionTFTP server
OriginalFileNametftpd32
Translation0x040c 0x04e4

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: tftpd64_svc.exe PID: 2588 Parent PID: 6136

General

Start time:16:11:42
Start date:18/11/2021
Path:C:\Users\user\Desktop\tftpd64_svc.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\tftpd64_svc.exe"
Imagebase:0x7ff61dd80000
File size:334336 bytes
MD5 hash:7EA3BBF84F39CC37C208945461230614
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: conhost.exe PID: 1544 Parent PID: 2588

General

Start time:16:11:43
Start date:18/11/2021
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7ecfc0000
File size:625664 bytes
MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

Chronological Activities

Disassembly

Code Analysis

Reset < >

    Analysis Process: tftpd64_svc.exe PID: 2588 Parent PID: 6136 tftpd64_svc.exeCOMMON

    Execution Graph

    Execution Coverage:2.8%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:14.4%
    Total number of Nodes:1302
    Total number of Limit Nodes:18

    Graph

    execution_graph 18053 7ff61dd92930 18054 7ff61dd92997 18053->18054 18055 7ff61dd9294d GetModuleHandleW 18053->18055 18063 7ff61dd92828 18054->18063 18055->18054 18061 7ff61dd9295a 18055->18061 18058 7ff61dd929d9 18060 7ff61dd929eb 18061->18054 18077 7ff61dd92a38 GetModuleHandleExW 18061->18077 18083 7ff61dda17f8 EnterCriticalSection 18063->18083 18065 7ff61dd92844 18066 7ff61dd92860 33 API calls 18065->18066 18067 7ff61dd9284d 18066->18067 18068 7ff61dda184c _isindst LeaveCriticalSection 18067->18068 18069 7ff61dd92855 18068->18069 18069->18058 18070 7ff61dd929ec 18069->18070 18084 7ff61dda1910 18070->18084 18073 7ff61dd92a26 18075 7ff61dd92a38 3 API calls 18073->18075 18074 7ff61dd92a15 GetCurrentProcess TerminateProcess 18074->18073 18076 7ff61dd92a2d ExitProcess 18075->18076 18078 7ff61dd92a5e GetProcAddress 18077->18078 18079 7ff61dd92a7d 18077->18079 18078->18079 18080 7ff61dd92a75 18078->18080 18081 7ff61dd92a87 FreeLibrary 18079->18081 18082 7ff61dd92a8d 18079->18082 18080->18079 18081->18082 18082->18054 18085 7ff61dd929f9 18084->18085 18086 7ff61dda192e 18084->18086 18085->18073 18085->18074 18088 7ff61dda1f9c 18086->18088 18091 7ff61dda1dc4 18088->18091 18092 7ff61dda1e25 18091->18092 18099 7ff61dda1e20 try_get_function 18091->18099 18092->18085 18093 7ff61dda1f08 18093->18092 18096 7ff61dda1f16 GetProcAddress 18093->18096 18094 7ff61dda1e54 LoadLibraryW 18095 7ff61dda1e75 GetLastError 18094->18095 18094->18099 18095->18099 18097 7ff61dda1f27 18096->18097 18097->18092 18098 7ff61dda1eed FreeLibrary 18098->18099 18099->18092 18099->18093 18099->18094 18099->18098 18100 7ff61dda1eaf LoadLibraryExW 18099->18100 18100->18099 22359 7ff61ddb0e2d 22360 7ff61ddb0e46 22359->22360 22361 7ff61ddb0e3c 22359->22361 22363 7ff61dda184c LeaveCriticalSection 22361->22363 20751 7ff61dda34dc 20752 7ff61dda34e1 20751->20752 20753 7ff61dda34f6 20751->20753 20757 7ff61dda34fc 20752->20757 20758 7ff61dda353e 20757->20758 20759 7ff61dda3546 20757->20759 20760 7ff61dda1d84 __free_lconv_num 14 API calls 20758->20760 20761 7ff61dda1d84 __free_lconv_num 14 API calls 20759->20761 20760->20759 20762 7ff61dda3553 20761->20762 20763 7ff61dda1d84 __free_lconv_num 14 API calls 20762->20763 20764 7ff61dda3560 20763->20764 20765 7ff61dda1d84 __free_lconv_num 14 API calls 20764->20765 20766 7ff61dda356d 20765->20766 20767 7ff61dda1d84 __free_lconv_num 14 API calls 20766->20767 20768 7ff61dda357a 20767->20768 20769 7ff61dda1d84 __free_lconv_num 14 API calls 20768->20769 20770 7ff61dda3587 20769->20770 20771 7ff61dda1d84 __free_lconv_num 14 API calls 20770->20771 20772 7ff61dda3594 20771->20772 20773 7ff61dda1d84 __free_lconv_num 14 API calls 20772->20773 20774 7ff61dda35a1 20773->20774 20775 7ff61dda1d84 __free_lconv_num 14 API calls 20774->20775 20776 7ff61dda35b1 20775->20776 20777 7ff61dda1d84 __free_lconv_num 14 API calls 20776->20777 20778 7ff61dda35c1 20777->20778 20783 7ff61dda33ac 20778->20783 20797 7ff61dda17f8 EnterCriticalSection 20783->20797 22781 7ff61ddae5c0 22782 7ff61ddae601 22781->22782 22783 7ff61ddae5e9 22781->22783 22785 7ff61ddae67b 22782->22785 22789 7ff61ddae632 22782->22789 22784 7ff61dda1ccc 14 API calls 22783->22784 22786 7ff61ddae5ee 22784->22786 22787 7ff61dda1ccc 14 API calls 22785->22787 22788 7ff61dda1cec _set_fmode 14 API calls 22786->22788 22790 7ff61ddae680 22787->22790 22798 7ff61ddae5f6 22788->22798 22805 7ff61dda7630 EnterCriticalSection 22789->22805 22792 7ff61dda1cec _set_fmode 14 API calls 22790->22792 22794 7ff61ddae688 22792->22794 22797 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 22794->22797 22797->22798 22843 7ff61dda0fc8 22846 7ff61dda0f4c 22843->22846 22853 7ff61dda17f8 EnterCriticalSection 22846->22853 18101 7ff61dd90b84 18126 7ff61dd90dcc 18101->18126 18104 7ff61dd90ba5 __scrt_acquire_startup_lock 18107 7ff61dd90ce5 18104->18107 18108 7ff61dd90bc3 18104->18108 18105 7ff61dd90cdb 18237 7ff61dd91130 IsProcessorFeaturePresent 18105->18237 18109 7ff61dd91130 __scrt_fastfail 7 API calls 18107->18109 18117 7ff61dd90c05 __scrt_release_startup_lock 18108->18117 18134 7ff61dda0d84 18108->18134 18113 7ff61dd90cf0 18109->18113 18112 7ff61dd90be8 18115 7ff61dd90c6e 18142 7ff61dda0cc8 18115->18142 18117->18115 18226 7ff61dd92ac8 18117->18226 18119 7ff61dd90c73 18148 7ff61dd816a0 lstrcmpiA 18119->18148 18123 7ff61dd90c97 18123->18113 18233 7ff61dd90f84 18123->18233 18127 7ff61dd90dee __scrt_initialize_crt 18126->18127 18244 7ff61dd92184 18127->18244 18133 7ff61dd90b9d 18133->18104 18133->18105 18136 7ff61dda0d97 18134->18136 18135 7ff61dd90be4 18135->18112 18138 7ff61dda0d20 18135->18138 18136->18135 18324 7ff61dd90aa0 18136->18324 18139 7ff61dda0d6f 18138->18139 18140 7ff61dda0d55 18138->18140 18139->18117 18140->18139 18849 7ff61dd90b68 18140->18849 18143 7ff61dda0ced 18142->18143 18144 7ff61dda0cd8 18142->18144 18143->18119 18144->18143 18858 7ff61dda0990 18144->18858 18149 7ff61dd8183b lstrcmpiA 18148->18149 18150 7ff61dd816e5 GetModuleFileNameA 18148->18150 18153 7ff61dd819bc lstrcmpiA 18149->18153 18154 7ff61dd81853 OpenSCManagerA 18149->18154 18151 7ff61dd8171f OpenSCManagerA 18150->18151 18152 7ff61dd816ff 18150->18152 18155 7ff61dd8173b CreateServiceA 18151->18155 18156 7ff61dd819a3 18151->18156 18940 7ff61dd81500 GetLastError FormatMessageA 18152->18940 18157 7ff61dd81a09 lstrcmpiA 18153->18157 18158 7ff61dd819d0 18153->18158 18154->18156 18160 7ff61dd8186f OpenServiceA 18154->18160 18163 7ff61dd81819 18155->18163 18164 7ff61dd817a3 GetVersionExA 18155->18164 18168 7ff61dd81500 5 API calls 18156->18168 18166 7ff61dd81a1d RegDeleteKeyA RegDeleteKeyA 18157->18166 18167 7ff61dd81a82 18157->18167 18165 7ff61dd81160 70 API calls 18158->18165 18161 7ff61dd81981 18160->18161 18162 7ff61dd81891 ControlService 18160->18162 18175 7ff61dd81500 5 API calls 18161->18175 18170 7ff61dd8193a DeleteService 18162->18170 18171 7ff61dd818b5 18162->18171 18177 7ff61dd81500 5 API calls 18163->18177 18172 7ff61dd817f3 18164->18172 18173 7ff61dd817c0 18164->18173 18174 7ff61dd819ed SetConsoleCtrlHandler 18165->18174 18176 7ff61dd81a52 18166->18176 18197 7ff61dd819b7 18166->18197 18922 7ff61dd81160 18167->18922 18178 7ff61dd819a8 18168->18178 18188 7ff61dd81950 18170->18188 18202 7ff61dd81947 18170->18202 18181 7ff61dd81160 70 API calls 18171->18181 18183 7ff61dd81160 70 API calls 18172->18183 18173->18172 18193 7ff61dd817d4 ChangeServiceConfig2A 18173->18193 18946 7ff61dd81b50 WSAStartup 18174->18946 18184 7ff61dd81986 18175->18184 18985 7ff61dd9e9a0 18176->18985 18186 7ff61dd8181e 18177->18186 18187 7ff61dd81160 70 API calls 18178->18187 18179 7ff61dd81160 70 API calls 18200 7ff61dd8171a 18179->18200 18199 7ff61dd818c4 Sleep QueryServiceStatus 18181->18199 18194 7ff61dd81802 CloseServiceHandle CloseServiceHandle 18183->18194 18195 7ff61dd81160 70 API calls 18184->18195 18196 7ff61dd81160 70 API calls 18186->18196 18187->18197 18191 7ff61dd81500 5 API calls 18188->18191 18189 7ff61dd907e0 _handle_error 8 API calls 18198 7ff61dd81b29 18189->18198 18191->18202 18192 7ff61dd81160 70 API calls 18203 7ff61dd81aa8 18192->18203 18193->18172 18194->18197 18207 7ff61dd81995 CloseServiceHandle 18195->18207 18208 7ff61dd8182d CloseServiceHandle 18196->18208 18197->18189 18231 7ff61dd91284 GetModuleHandleW 18198->18231 18205 7ff61dd81919 18199->18205 18206 7ff61dd818e3 18199->18206 18200->18197 18204 7ff61dd81160 70 API calls 18202->18204 18209 7ff61dd81160 70 API calls 18203->18209 18210 7ff61dd8196a CloseServiceHandle CloseServiceHandle 18204->18210 18216 7ff61dd81160 70 API calls 18205->18216 18206->18205 18213 7ff61dd81160 70 API calls 18206->18213 18207->18197 18208->18197 18212 7ff61dd81abb 18209->18212 18210->18197 18214 7ff61dd81160 70 API calls 18212->18214 18215 7ff61dd818fa Sleep QueryServiceStatus 18213->18215 18217 7ff61dd81ace 18214->18217 18215->18205 18215->18206 18216->18170 18218 7ff61dd81160 70 API calls 18217->18218 18219 7ff61dd81ada 18218->18219 18220 7ff61dd81160 70 API calls 18219->18220 18221 7ff61dd81ae6 StartServiceCtrlDispatcherA 18220->18221 18221->18197 18222 7ff61dd81af7 GetLastError 18221->18222 18926 7ff61dd8e468 GetCurrentThreadId 18222->18926 18227 7ff61dd92afe 18226->18227 18228 7ff61dd92aec 18226->18228 20173 7ff61dda1614 18227->20173 18228->18115 18232 7ff61dd91295 18231->18232 18232->18123 18235 7ff61dd90f95 18233->18235 18234 7ff61dd90cae 18234->18112 18235->18234 18236 7ff61dd921b8 __vcrt_uninitialize 8 API calls 18235->18236 18236->18234 18238 7ff61dd91155 __scrt_fastfail 18237->18238 18239 7ff61dd91174 RtlCaptureContext RtlLookupFunctionEntry 18238->18239 18240 7ff61dd911d9 __scrt_fastfail 18239->18240 18241 7ff61dd9119d RtlVirtualUnwind 18239->18241 18242 7ff61dd9120b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18240->18242 18241->18240 18243 7ff61dd9125d __scrt_fastfail 18242->18243 18243->18107 18245 7ff61dd9218d __vcrt_initialize_winapi_thunks __vcrt_initialize 18244->18245 18264 7ff61dd92360 18245->18264 18250 7ff61dd90df3 18250->18133 18252 7ff61dda15c8 18250->18252 18253 7ff61dda9f18 18252->18253 18254 7ff61dd90e00 18253->18254 18300 7ff61dda2e4c 18253->18300 18254->18133 18256 7ff61dd921b8 18254->18256 18257 7ff61dd921c0 18256->18257 18258 7ff61dd921d1 18256->18258 18312 7ff61dd9233c 18257->18312 18258->18133 18261 7ff61dd923a8 __vcrt_uninitialize_locks DeleteCriticalSection 18262 7ff61dd921ca 18261->18262 18316 7ff61dd92730 18262->18316 18265 7ff61dd92368 18264->18265 18267 7ff61dd92399 18265->18267 18268 7ff61dd92197 18265->18268 18281 7ff61dd9269c 18265->18281 18269 7ff61dd923a8 __vcrt_uninitialize_locks DeleteCriticalSection 18267->18269 18268->18250 18270 7ff61dd922f4 18268->18270 18269->18268 18296 7ff61dd925b8 18270->18296 18286 7ff61dd923e0 18281->18286 18284 7ff61dd926e7 InitializeCriticalSectionAndSpinCount 18285 7ff61dd926dc 18284->18285 18285->18265 18287 7ff61dd92441 18286->18287 18292 7ff61dd9243c try_get_function 18286->18292 18287->18284 18287->18285 18288 7ff61dd92470 LoadLibraryExW 18290 7ff61dd92491 GetLastError 18288->18290 18288->18292 18289 7ff61dd92532 GetProcAddress 18291 7ff61dd92543 18289->18291 18290->18292 18291->18287 18292->18287 18292->18288 18293 7ff61dd92524 18292->18293 18294 7ff61dd92509 FreeLibrary 18292->18294 18295 7ff61dd924cb LoadLibraryExW 18292->18295 18293->18287 18293->18289 18294->18292 18295->18292 18297 7ff61dd923e0 try_get_function 5 API calls 18296->18297 18298 7ff61dd925dd TlsAlloc 18297->18298 18311 7ff61dda17f8 EnterCriticalSection 18300->18311 18302 7ff61dda2e5c 18303 7ff61dda7588 32 API calls 18302->18303 18304 7ff61dda2e65 18303->18304 18305 7ff61dda2e73 18304->18305 18306 7ff61dda2c50 34 API calls 18304->18306 18307 7ff61dda184c _isindst LeaveCriticalSection 18305->18307 18308 7ff61dda2e6e 18306->18308 18309 7ff61dda2e7f 18307->18309 18310 7ff61dda2d40 GetStdHandle GetFileType 18308->18310 18309->18253 18310->18305 18313 7ff61dd921c5 18312->18313 18314 7ff61dd9234b 18312->18314 18313->18261 18320 7ff61dd92600 18314->18320 18317 7ff61dd92734 18316->18317 18319 7ff61dd92768 18316->18319 18318 7ff61dd9274e FreeLibrary 18317->18318 18317->18319 18318->18317 18319->18258 18321 7ff61dd923e0 try_get_function 5 API calls 18320->18321 18322 7ff61dd92627 TlsFree 18321->18322 18325 7ff61dd90ab0 18324->18325 18341 7ff61dda0df4 18325->18341 18327 7ff61dd90abc 18347 7ff61dd90e18 18327->18347 18329 7ff61dd91130 __scrt_fastfail 7 API calls 18331 7ff61dd90b55 __scrt_initialize_default_local_stdio_options 18329->18331 18330 7ff61dd90ad4 _RTC_Initialize 18339 7ff61dd90b29 18330->18339 18352 7ff61dd91000 18330->18352 18331->18136 18333 7ff61dd90ae9 18355 7ff61dda0808 18333->18355 18337 7ff61dd90afe 18338 7ff61dda0ff8 34 API calls 18337->18338 18338->18339 18339->18329 18340 7ff61dd90b45 18339->18340 18340->18136 18342 7ff61dda0e05 18341->18342 18343 7ff61dda0e0d 18342->18343 18389 7ff61dda1cec 18342->18389 18343->18327 18348 7ff61dd90e2d 18347->18348 18349 7ff61dd90e36 __scrt_release_startup_lock 18347->18349 18348->18349 18350 7ff61dd91130 __scrt_fastfail 7 API calls 18348->18350 18349->18330 18351 7ff61dd90ec7 18350->18351 18502 7ff61dd90fb0 18352->18502 18354 7ff61dd91009 18354->18333 18356 7ff61dda0828 18355->18356 18357 7ff61dd90af5 18355->18357 18358 7ff61dda0830 18356->18358 18359 7ff61dda0846 18356->18359 18357->18339 18388 7ff61dd910d8 InitializeSListHead 18357->18388 18360 7ff61dda1cec _set_fmode 14 API calls 18358->18360 18517 7ff61dda8c44 18359->18517 18363 7ff61dda0835 18360->18363 18365 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 18363->18365 18365->18357 18371 7ff61dda08d5 18373 7ff61dda05e4 34 API calls 18371->18373 18372 7ff61dda08bd 18374 7ff61dda1cec _set_fmode 14 API calls 18372->18374 18380 7ff61dda08f1 18373->18380 18375 7ff61dda08c2 18374->18375 18377 7ff61dda1d84 __free_lconv_num 14 API calls 18375->18377 18376 7ff61dda08f7 18379 7ff61dda1d84 __free_lconv_num 14 API calls 18376->18379 18378 7ff61dda08d0 18377->18378 18378->18357 18379->18357 18380->18376 18381 7ff61dda0923 18380->18381 18382 7ff61dda093c 18380->18382 18383 7ff61dda1d84 __free_lconv_num 14 API calls 18381->18383 18385 7ff61dda1d84 __free_lconv_num 14 API calls 18382->18385 18384 7ff61dda092c 18383->18384 18386 7ff61dda1d84 __free_lconv_num 14 API calls 18384->18386 18385->18376 18387 7ff61dda0938 18386->18387 18387->18357 18395 7ff61dda37d8 GetLastError 18389->18395 18391 7ff61dda0e1c 18392 7ff61dda1bcc 18391->18392 18468 7ff61dda1b1c 18392->18468 18396 7ff61dda37ff 18395->18396 18397 7ff61dda37fa 18395->18397 18401 7ff61dda3807 SetLastError 18396->18401 18422 7ff61dda22cc 18396->18422 18418 7ff61dda2284 18397->18418 18401->18391 18404 7ff61dda3835 18405 7ff61dda3853 18404->18405 18406 7ff61dda3843 18404->18406 18407 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18405->18407 18408 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18406->18408 18409 7ff61dda385b 18407->18409 18410 7ff61dda384a 18408->18410 18411 7ff61dda385f 18409->18411 18412 7ff61dda3871 18409->18412 18434 7ff61dda1d84 18410->18434 18414 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18411->18414 18440 7ff61dda340c 18412->18440 18414->18410 18419 7ff61dda1dc4 try_get_function 5 API calls 18418->18419 18420 7ff61dda22ab TlsGetValue 18419->18420 18423 7ff61dda1dc4 try_get_function 5 API calls 18422->18423 18424 7ff61dda22fa 18423->18424 18425 7ff61dda2304 18424->18425 18426 7ff61dda230c TlsSetValue 18424->18426 18425->18401 18427 7ff61dda1d0c 18425->18427 18426->18425 18432 7ff61dda1d1d _invalid_parameter_noinfo 18427->18432 18428 7ff61dda1d6e 18431 7ff61dda1cec _set_fmode 13 API calls 18428->18431 18429 7ff61dda1d52 HeapAlloc 18430 7ff61dda1d6c 18429->18430 18429->18432 18430->18404 18431->18430 18432->18428 18432->18429 18445 7ff61dda9fdc 18432->18445 18435 7ff61dda1d89 HeapFree 18434->18435 18439 7ff61dda1db9 __free_lconv_num 18434->18439 18436 7ff61dda1da4 18435->18436 18435->18439 18437 7ff61dda1cec _set_fmode 12 API calls 18436->18437 18438 7ff61dda1da9 GetLastError 18437->18438 18438->18439 18439->18401 18454 7ff61dda32e4 18440->18454 18448 7ff61ddaa00c 18445->18448 18453 7ff61dda17f8 EnterCriticalSection 18448->18453 18466 7ff61dda17f8 EnterCriticalSection 18454->18466 18469 7ff61dda37d8 _invalid_parameter_noinfo 14 API calls 18468->18469 18470 7ff61dda1b41 18469->18470 18473 7ff61dda1b52 18470->18473 18476 7ff61dda1bec IsProcessorFeaturePresent 18470->18476 18473->18343 18477 7ff61dda1bff 18476->18477 18480 7ff61dda19b8 18477->18480 18481 7ff61dda19f2 __scrt_fastfail 18480->18481 18482 7ff61dda1a1a RtlCaptureContext RtlLookupFunctionEntry 18481->18482 18483 7ff61dda1a54 RtlVirtualUnwind 18482->18483 18484 7ff61dda1a8a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18482->18484 18483->18484 18485 7ff61dda1adc __scrt_fastfail 18484->18485 18488 7ff61dd907e0 18485->18488 18489 7ff61dd907ea 18488->18489 18490 7ff61dd907f6 GetCurrentProcess TerminateProcess 18489->18490 18491 7ff61dd90838 IsProcessorFeaturePresent 18489->18491 18492 7ff61dd9084f 18491->18492 18497 7ff61dd90a2c RtlCaptureContext 18492->18497 18498 7ff61dd90a46 RtlLookupFunctionEntry 18497->18498 18499 7ff61dd90862 18498->18499 18500 7ff61dd90a5c RtlVirtualUnwind 18498->18500 18501 7ff61dd90804 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18499->18501 18500->18498 18500->18499 18503 7ff61dd90fdf 18502->18503 18505 7ff61dd90fd5 _onexit 18502->18505 18506 7ff61dda1454 18503->18506 18505->18354 18509 7ff61dda10a0 18506->18509 18516 7ff61dda17f8 EnterCriticalSection 18509->18516 18518 7ff61dda8c51 18517->18518 18519 7ff61dda084b 18517->18519 18547 7ff61dda3730 18518->18547 18523 7ff61dda63fc GetModuleFileNameW 18519->18523 18524 7ff61dda6442 GetLastError 18523->18524 18525 7ff61dda6456 18523->18525 18823 7ff61dda1c7c 18524->18823 18527 7ff61dd938b8 34 API calls 18525->18527 18528 7ff61dda6484 18527->18528 18529 7ff61dda6495 18528->18529 18828 7ff61dda20dc 18528->18828 18831 7ff61dda62e8 18529->18831 18530 7ff61dd907e0 _handle_error 8 API calls 18533 7ff61dda0862 18530->18533 18535 7ff61dda05e4 18533->18535 18534 7ff61dda644f 18534->18530 18537 7ff61dda0622 18535->18537 18539 7ff61dda0688 18537->18539 18845 7ff61dda8ff4 18537->18845 18538 7ff61dda077b 18541 7ff61dda07a8 18538->18541 18539->18538 18540 7ff61dda8ff4 34 API calls 18539->18540 18540->18539 18542 7ff61dda07c0 18541->18542 18543 7ff61dda07f8 18541->18543 18542->18543 18544 7ff61dda1d0c _invalid_parameter_noinfo 14 API calls 18542->18544 18543->18371 18543->18372 18545 7ff61dda07ee 18544->18545 18546 7ff61dda1d84 __free_lconv_num 14 API calls 18545->18546 18546->18543 18548 7ff61dda3741 18547->18548 18549 7ff61dda3746 18547->18549 18550 7ff61dda2284 _invalid_parameter_noinfo 6 API calls 18548->18550 18551 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18549->18551 18553 7ff61dda374e 18549->18553 18550->18549 18552 7ff61dda3765 18551->18552 18552->18553 18554 7ff61dda1d0c _invalid_parameter_noinfo 14 API calls 18552->18554 18560 7ff61dda37c8 18553->18560 18590 7ff61dda1694 18553->18590 18557 7ff61dda3778 18554->18557 18558 7ff61dda3796 18557->18558 18559 7ff61dda3786 18557->18559 18561 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18558->18561 18562 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18559->18562 18572 7ff61dda89c8 18560->18572 18563 7ff61dda379e 18561->18563 18569 7ff61dda378d 18562->18569 18564 7ff61dda37a2 18563->18564 18565 7ff61dda37b4 18563->18565 18567 7ff61dda22cc _invalid_parameter_noinfo 6 API calls 18564->18567 18568 7ff61dda340c _invalid_parameter_noinfo 14 API calls 18565->18568 18566 7ff61dda1d84 __free_lconv_num 14 API calls 18566->18553 18567->18569 18570 7ff61dda37bc 18568->18570 18569->18566 18571 7ff61dda1d84 __free_lconv_num 14 API calls 18570->18571 18571->18553 18663 7ff61dda8b8c 18572->18663 18574 7ff61dda89f1 18678 7ff61dda86d4 18574->18678 18577 7ff61dda8a0b 18577->18519 18579 7ff61dda8ab7 18581 7ff61dda1d84 __free_lconv_num 14 API calls 18579->18581 18581->18577 18584 7ff61dda8ab2 18585 7ff61dda1cec _set_fmode 14 API calls 18584->18585 18585->18579 18586 7ff61dda8b14 18586->18579 18703 7ff61dda8518 18586->18703 18587 7ff61dda8ad7 18587->18586 18588 7ff61dda1d84 __free_lconv_num 14 API calls 18587->18588 18588->18586 18599 7ff61dda67c4 18590->18599 18625 7ff61dda677c 18599->18625 18630 7ff61dda17f8 EnterCriticalSection 18625->18630 18664 7ff61dda8baf 18663->18664 18665 7ff61dda8bb9 18664->18665 18718 7ff61dda17f8 EnterCriticalSection 18664->18718 18667 7ff61dda8c2b 18665->18667 18670 7ff61dda1694 34 API calls 18665->18670 18667->18574 18672 7ff61dda8c43 18670->18672 18674 7ff61dda8c96 18672->18674 18675 7ff61dda3730 34 API calls 18672->18675 18674->18574 18676 7ff61dda8c80 18675->18676 18677 7ff61dda89c8 44 API calls 18676->18677 18677->18674 18719 7ff61dd938b8 18678->18719 18681 7ff61dda86f4 GetOEMCP 18684 7ff61dda871b 18681->18684 18682 7ff61dda8706 18683 7ff61dda870b GetACP 18682->18683 18682->18684 18683->18684 18684->18577 18685 7ff61dda2ec8 18684->18685 18686 7ff61dda2f13 18685->18686 18690 7ff61dda2ed7 _invalid_parameter_noinfo 18685->18690 18688 7ff61dda1cec _set_fmode 14 API calls 18686->18688 18687 7ff61dda2efa RtlAllocateHeap 18689 7ff61dda2f11 18687->18689 18687->18690 18688->18689 18689->18579 18692 7ff61dda8cc0 18689->18692 18690->18686 18690->18687 18691 7ff61dda9fdc _invalid_parameter_noinfo 2 API calls 18690->18691 18691->18690 18693 7ff61dda86d4 36 API calls 18692->18693 18694 7ff61dda8ceb 18693->18694 18696 7ff61dda8d28 IsValidCodePage 18694->18696 18701 7ff61dda8d6b __scrt_fastfail 18694->18701 18695 7ff61dd907e0 _handle_error 8 API calls 18697 7ff61dda8aab 18695->18697 18698 7ff61dda8d39 18696->18698 18696->18701 18697->18584 18697->18587 18699 7ff61dda8d70 GetCPInfo 18698->18699 18702 7ff61dda8d42 __scrt_fastfail 18698->18702 18699->18701 18699->18702 18701->18695 18751 7ff61dda87e4 18702->18751 18822 7ff61dda17f8 EnterCriticalSection 18703->18822 18720 7ff61dd938dc 18719->18720 18721 7ff61dd938d7 18719->18721 18720->18721 18722 7ff61dda365c 34 API calls 18720->18722 18721->18681 18721->18682 18723 7ff61dd938f7 18722->18723 18727 7ff61dda3904 18723->18727 18728 7ff61dda3919 18727->18728 18730 7ff61dd9391a 18727->18730 18728->18730 18735 7ff61dda9d80 18728->18735 18731 7ff61dda3938 18730->18731 18732 7ff61dda3960 18731->18732 18733 7ff61dda394d 18731->18733 18732->18721 18733->18732 18748 7ff61dda8ca4 18733->18748 18736 7ff61dda365c 34 API calls 18735->18736 18737 7ff61dda9d8f 18736->18737 18738 7ff61dda9dda 18737->18738 18747 7ff61dda17f8 EnterCriticalSection 18737->18747 18738->18730 18749 7ff61dda365c 34 API calls 18748->18749 18750 7ff61dda8cad 18749->18750 18752 7ff61dda8821 GetCPInfo 18751->18752 18753 7ff61dda8919 18751->18753 18752->18753 18758 7ff61dda8834 18752->18758 18754 7ff61dd907e0 _handle_error 8 API calls 18753->18754 18756 7ff61dda89b2 18754->18756 18756->18701 18762 7ff61dda98bc 18758->18762 18763 7ff61dd938b8 34 API calls 18762->18763 18764 7ff61dda98fe 18763->18764 18782 7ff61dda7434 18764->18782 18784 7ff61dda743c MultiByteToWideChar 18782->18784 18824 7ff61dda37d8 _invalid_parameter_noinfo 14 API calls 18823->18824 18825 7ff61dda1c8d 18824->18825 18826 7ff61dda37d8 _invalid_parameter_noinfo 14 API calls 18825->18826 18827 7ff61dda1ca6 __free_lconv_num 18826->18827 18827->18534 18829 7ff61dda1dc4 try_get_function 5 API calls 18828->18829 18830 7ff61dda20fc 18829->18830 18830->18529 18832 7ff61dda6325 18831->18832 18834 7ff61dda630c 18831->18834 18833 7ff61dda632a 18832->18833 18835 7ff61dda9008 WideCharToMultiByte 18832->18835 18833->18834 18837 7ff61dda1cec _set_fmode 14 API calls 18833->18837 18834->18534 18836 7ff61dda637d 18835->18836 18836->18833 18838 7ff61dda6384 GetLastError 18836->18838 18839 7ff61dda63ad 18836->18839 18837->18834 18840 7ff61dda1c7c 14 API calls 18838->18840 18841 7ff61dda9008 WideCharToMultiByte 18839->18841 18842 7ff61dda6391 18840->18842 18843 7ff61dda63d4 18841->18843 18844 7ff61dda1cec _set_fmode 14 API calls 18842->18844 18843->18834 18843->18838 18844->18834 18846 7ff61dda8f7c 18845->18846 18847 7ff61dd938b8 34 API calls 18846->18847 18848 7ff61dda8fa0 18847->18848 18848->18537 18857 7ff61dd912d8 SetUnhandledExceptionFilter 18849->18857 18859 7ff61dda09a9 18858->18859 18868 7ff61dda09a5 18858->18868 18860 7ff61dda8c44 44 API calls 18859->18860 18861 7ff61dda09ae 18860->18861 18878 7ff61dda90a0 GetEnvironmentStringsW 18861->18878 18864 7ff61dda09bb 18867 7ff61dda1d84 __free_lconv_num 14 API calls 18864->18867 18867->18868 18868->18143 18870 7ff61dda0b48 18868->18870 18869 7ff61dda1d84 __free_lconv_num 14 API calls 18869->18864 18871 7ff61dda0b67 18870->18871 18876 7ff61dda0b7a 18870->18876 18871->18143 18872 7ff61dda9008 WideCharToMultiByte 18872->18876 18873 7ff61dda1d0c _invalid_parameter_noinfo 14 API calls 18873->18876 18874 7ff61dda0c0c 18875 7ff61dda1d84 __free_lconv_num 14 API calls 18874->18875 18875->18871 18876->18871 18876->18872 18876->18873 18876->18874 18877 7ff61dda1d84 __free_lconv_num 14 API calls 18876->18877 18877->18876 18879 7ff61dda90ce 18878->18879 18889 7ff61dda9170 18878->18889 18882 7ff61dda9008 WideCharToMultiByte 18879->18882 18880 7ff61dda09b3 18880->18864 18890 7ff61dda09fc 18880->18890 18881 7ff61dda917a FreeEnvironmentStringsW 18881->18880 18883 7ff61dda9120 18882->18883 18884 7ff61dda2ec8 _onexit 15 API calls 18883->18884 18883->18889 18886 7ff61dda912f 18884->18886 18885 7ff61dda9159 18888 7ff61dda1d84 __free_lconv_num 14 API calls 18885->18888 18886->18885 18887 7ff61dda9008 WideCharToMultiByte 18886->18887 18887->18885 18888->18889 18889->18880 18889->18881 18891 7ff61dda0a23 18890->18891 18892 7ff61dda1d0c _invalid_parameter_noinfo 14 API calls 18891->18892 18903 7ff61dda0a58 18892->18903 18893 7ff61dda0ac7 18894 7ff61dda1d84 __free_lconv_num 14 API calls 18893->18894 18895 7ff61dda09c8 18894->18895 18895->18869 18896 7ff61dda1d0c _invalid_parameter_noinfo 14 API calls 18896->18903 18897 7ff61dda0ab8 18916 7ff61dda0b04 18897->18916 18901 7ff61dda1d84 __free_lconv_num 14 API calls 18901->18893 18902 7ff61dda0aef 18904 7ff61dda1bec _isindst 17 API calls 18902->18904 18903->18893 18903->18896 18903->18897 18903->18902 18905 7ff61dda1d84 __free_lconv_num 14 API calls 18903->18905 18907 7ff61dda1634 18903->18907 18906 7ff61dda0b01 18904->18906 18905->18903 18908 7ff61dda1641 18907->18908 18909 7ff61dda164b 18907->18909 18908->18909 18914 7ff61dda1666 18908->18914 18910 7ff61dda1cec _set_fmode 14 API calls 18909->18910 18911 7ff61dda1652 18910->18911 18912 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 18911->18912 18913 7ff61dda165e 18912->18913 18913->18903 18914->18913 18915 7ff61dda1cec _set_fmode 14 API calls 18914->18915 18915->18911 18917 7ff61dda0b09 18916->18917 18921 7ff61dda0ac0 18916->18921 18918 7ff61dda0b32 18917->18918 18920 7ff61dda1d84 __free_lconv_num 14 API calls 18917->18920 18919 7ff61dda1d84 __free_lconv_num 14 API calls 18918->18919 18919->18921 18920->18917 18921->18901 18923 7ff61dd8118d swprintf 18922->18923 19007 7ff61dd96f78 18923->19007 19024 7ff61dd81f00 18926->19024 18928 7ff61dd8e4c1 swprintf 19028 7ff61dd97098 18928->19028 18931 7ff61dd907e0 _handle_error 8 API calls 18932 7ff61dd81b0b 18931->18932 18933 7ff61dd815b0 18932->18933 18934 7ff61dd815db GetLastError RegisterEventSourceA 18933->18934 18935 7ff61dd81676 18933->18935 18937 7ff61dd81620 18934->18937 18936 7ff61dd907e0 _handle_error 8 API calls 18935->18936 18938 7ff61dd8168e 18936->18938 18937->18935 18939 7ff61dd81634 ReportEventA DeregisterEventSource 18937->18939 18938->18197 18939->18935 18941 7ff61dd81587 18940->18941 18942 7ff61dd81548 18940->18942 18944 7ff61dd8159a LocalFree 18941->18944 18945 7ff61dd815a0 18941->18945 18942->18941 18943 7ff61dd81552 lstrlenA GetLastError 18942->18943 18943->18941 18944->18945 18945->18179 18947 7ff61dd81b7d GetLastError 18946->18947 18948 7ff61dd81bc6 GetEnvironmentVariableA 18946->18948 19438 7ff61dd8e51c GetWindowLongPtrA 18947->19438 18950 7ff61dd81bfd 18948->18950 18951 7ff61dd81c0a GetEnvironmentVariableA 18948->18951 19444 7ff61dd9896c 18950->19444 18955 7ff61dd81c43 18951->18955 19447 7ff61dd81000 GetModuleFileNameA 18955->19447 18956 7ff61dd907e0 _handle_error 8 API calls 18958 7ff61dd81bbe 18956->18958 18958->18200 18959 7ff61dd81c4f 18961 7ff61dd81c8e GetEnvironmentVariableA 18959->18961 19461 7ff61dd8f0f4 18959->19461 18962 7ff61dd81d0b 18961->18962 18963 7ff61dd81cdb 18961->18963 19477 7ff61dd8f968 GetFileAttributesA 18962->19477 19476 7ff61dd8f968 GetFileAttributesA 18963->19476 18966 7ff61dd81d17 18968 7ff61dd81d1b GetFullPathNameA 18966->18968 18969 7ff61dd81d39 GetCurrentDirectoryA 18966->18969 18967 7ff61dd81ce8 18967->18962 18970 7ff61dd81cec GetFullPathNameA 18967->18970 18971 7ff61dd81d4b 18968->18971 18969->18971 18970->18971 18972 7ff61dd979c0 37 API calls 18971->18972 18973 7ff61dd81d5d 18971->18973 18972->18973 19478 7ff61dd89040 18973->19478 18976 7ff61dd8e468 43 API calls 18977 7ff61dd81d88 18976->18977 18978 7ff61dd8e468 43 API calls 18977->18978 18979 7ff61dd81d94 18978->18979 18980 7ff61dd81dc0 18979->18980 18981 7ff61dd81da0 Sleep 18979->18981 18982 7ff61dd907e0 _handle_error 8 API calls 18980->18982 18983 7ff61dd8e468 43 API calls 18981->18983 18984 7ff61dd81dd0 18982->18984 18983->18979 18984->18200 18986 7ff61dd9e9cb 18985->18986 18987 7ff61dd9e9ba 18985->18987 19762 7ff61dd9e8e4 18986->19762 18988 7ff61dda1cec _set_fmode 14 API calls 18987->18988 18990 7ff61dd9e9bf 18988->18990 18991 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 18990->18991 18993 7ff61dd81a6a 18991->18993 18993->18197 18995 7ff61dd9e880 18993->18995 18994 7ff61dda1cec _set_fmode 14 API calls 18994->18993 18996 7ff61dd9e8b5 18995->18996 18997 7ff61dd9e897 18995->18997 19006 7ff61dd9e8a7 18996->19006 20172 7ff61dd92ca0 EnterCriticalSection 18996->20172 18998 7ff61dda1cec _set_fmode 14 API calls 18997->18998 18999 7ff61dd9e89c 18998->18999 19001 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 18999->19001 19001->19006 19006->18200 19008 7ff61dd96f9e 19007->19008 19009 7ff61dd96fb3 19007->19009 19010 7ff61dda1cec _set_fmode 14 API calls 19008->19010 19009->19008 19011 7ff61dd96fb8 19009->19011 19012 7ff61dd96fa3 19010->19012 19016 7ff61dd92cf8 19011->19016 19014 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19012->19014 19015 7ff61dd811ab 19014->19015 19015->18192 19023 7ff61dd92ca0 EnterCriticalSection 19016->19023 19018 7ff61dd92d15 19019 7ff61dd93954 68 API calls 19018->19019 19020 7ff61dd92d1e 19019->19020 19021 7ff61dd92cac LeaveCriticalSection 19020->19021 19022 7ff61dd92d28 19021->19022 19022->19015 19025 7ff61dd81f25 swprintf 19024->19025 19026 7ff61dd97098 41 API calls 19025->19026 19027 7ff61dd81f44 19026->19027 19027->18928 19029 7ff61dd970e2 19028->19029 19030 7ff61dd970a6 19028->19030 19031 7ff61dda1cec _set_fmode 14 API calls 19029->19031 19030->19029 19033 7ff61dd970b0 19030->19033 19032 7ff61dd970da 19031->19032 19036 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19032->19036 19039 7ff61dd92d38 19033->19039 19037 7ff61dd8e4f5 OutputDebugStringA 19036->19037 19037->18931 19038 7ff61dda1cec _set_fmode 14 API calls 19038->19032 19040 7ff61dd92d8f 19039->19040 19041 7ff61dd92d77 19039->19041 19040->19041 19042 7ff61dd92d99 19040->19042 19043 7ff61dda1cec _set_fmode 14 API calls 19041->19043 19044 7ff61dd938b8 34 API calls 19042->19044 19045 7ff61dd92d7c 19043->19045 19047 7ff61dd92daa __scrt_fastfail 19044->19047 19046 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19045->19046 19053 7ff61dd92d87 19046->19053 19054 7ff61dd93ff4 19047->19054 19048 7ff61dd907e0 _handle_error 8 API calls 19049 7ff61dd92ed1 19048->19049 19049->19037 19049->19038 19051 7ff61dda1d84 __free_lconv_num 14 API calls 19051->19053 19053->19048 19055 7ff61dd941f8 19054->19055 19056 7ff61dd9401d 19054->19056 19057 7ff61dda1cec _set_fmode 14 API calls 19055->19057 19058 7ff61dd94023 19056->19058 19068 7ff61dd9403a 19056->19068 19059 7ff61dd941fd 19057->19059 19060 7ff61dda1cec _set_fmode 14 API calls 19058->19060 19062 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19059->19062 19063 7ff61dd94028 19060->19063 19061 7ff61dd92e49 19061->19051 19062->19061 19064 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19063->19064 19064->19061 19068->19055 19068->19061 19070 7ff61dd953cc 19068->19070 19086 7ff61dd94ca4 19068->19086 19108 7ff61dd93c94 19068->19108 19116 7ff61dd94970 19068->19116 19071 7ff61dd95453 19070->19071 19081 7ff61dd953fd 19070->19081 19072 7ff61dd954d2 19071->19072 19073 7ff61dd95457 19071->19073 19142 7ff61dd95cd4 19072->19142 19075 7ff61dd954b8 19073->19075 19079 7ff61dd9545f 19073->19079 19127 7ff61dd96568 19075->19127 19076 7ff61dd95435 19085 7ff61dd954db 19076->19085 19123 7ff61dd96070 19076->19123 19083 7ff61dd95444 19079->19083 19079->19085 19133 7ff61dd961d4 19079->19133 19081->19072 19081->19076 19081->19079 19082 7ff61dd95429 19081->19082 19081->19083 19081->19085 19082->19072 19082->19076 19082->19083 19083->19085 19150 7ff61dd96964 19083->19150 19085->19068 19087 7ff61dd94caf 19086->19087 19088 7ff61dd94cc8 19086->19088 19089 7ff61dd95453 19087->19089 19101 7ff61dd953fd 19087->19101 19103 7ff61dd94cec 19087->19103 19090 7ff61dda1cec _set_fmode 14 API calls 19088->19090 19088->19103 19091 7ff61dd954d2 19089->19091 19092 7ff61dd95457 19089->19092 19093 7ff61dd94ce1 19090->19093 19094 7ff61dd95cd4 40 API calls 19091->19094 19096 7ff61dd954b8 19092->19096 19100 7ff61dd9545f 19092->19100 19095 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19093->19095 19105 7ff61dd95444 19094->19105 19095->19103 19098 7ff61dd96568 31 API calls 19096->19098 19097 7ff61dd95435 19099 7ff61dd96070 36 API calls 19097->19099 19107 7ff61dd954db 19097->19107 19098->19105 19099->19105 19102 7ff61dd961d4 32 API calls 19100->19102 19100->19105 19100->19107 19101->19091 19101->19097 19101->19100 19104 7ff61dd95429 19101->19104 19101->19105 19101->19107 19102->19105 19103->19068 19104->19091 19104->19097 19104->19105 19106 7ff61dd96964 36 API calls 19105->19106 19105->19107 19106->19107 19107->19068 19109 7ff61dd93cba 19108->19109 19110 7ff61dd93cb5 19108->19110 19407 7ff61dda2f28 19109->19407 19111 7ff61dda1cec _set_fmode 14 API calls 19110->19111 19111->19109 19114 7ff61dda1cec _set_fmode 14 API calls 19115 7ff61dd93cf7 19114->19115 19115->19068 19432 7ff61dd94a88 19116->19432 19119 7ff61dda1cec _set_fmode 14 API calls 19120 7ff61dd949d1 19119->19120 19121 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19120->19121 19122 7ff61dd94984 19121->19122 19122->19068 19124 7ff61dd96081 19123->19124 19125 7ff61dd960dc 19124->19125 19156 7ff61dda32d0 19124->19156 19125->19083 19130 7ff61dd96590 19127->19130 19128 7ff61dda1cec _set_fmode 14 API calls 19129 7ff61dd96599 19128->19129 19131 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19129->19131 19130->19128 19132 7ff61dd965a4 19130->19132 19131->19132 19132->19083 19134 7ff61dd96206 19133->19134 19135 7ff61dd96241 19134->19135 19136 7ff61dd96280 19134->19136 19137 7ff61dda1cec _set_fmode 14 API calls 19135->19137 19141 7ff61dd96251 19136->19141 19188 7ff61dd932a4 19136->19188 19139 7ff61dd96246 19137->19139 19140 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19139->19140 19140->19141 19141->19083 19143 7ff61dd95cec 19142->19143 19144 7ff61dd932a4 15 API calls 19143->19144 19145 7ff61dd95d32 19144->19145 19198 7ff61dda4340 19145->19198 19149 7ff61dd95e1c 19149->19083 19151 7ff61dd969f1 19150->19151 19152 7ff61dd9698b 19150->19152 19153 7ff61dd907e0 _handle_error 8 API calls 19151->19153 19152->19151 19154 7ff61dda32d0 36 API calls 19152->19154 19155 7ff61dd96a29 19153->19155 19154->19152 19155->19085 19159 7ff61dda3130 19156->19159 19160 7ff61dda3153 19159->19160 19161 7ff61dda3177 19160->19161 19162 7ff61dda318d 19160->19162 19170 7ff61dda3158 19160->19170 19164 7ff61dda1cec _set_fmode 14 API calls 19161->19164 19163 7ff61dd938b8 34 API calls 19162->19163 19165 7ff61dda319a 19163->19165 19166 7ff61dda317c 19164->19166 19167 7ff61dda31a9 19165->19167 19168 7ff61dda31d8 19165->19168 19169 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19166->19169 19184 7ff61ddab064 19167->19184 19172 7ff61dda31e2 19168->19172 19174 7ff61dda9008 WideCharToMultiByte 19168->19174 19169->19170 19170->19125 19178 7ff61dda3236 __scrt_fastfail 19172->19178 19179 7ff61dda31f0 __scrt_fastfail 19172->19179 19175 7ff61dda327c 19174->19175 19176 7ff61dda3291 GetLastError 19175->19176 19175->19179 19176->19178 19176->19179 19177 7ff61dda1cec _set_fmode 14 API calls 19177->19170 19178->19170 19181 7ff61dda1cec _set_fmode 14 API calls 19178->19181 19179->19170 19179->19177 19180 7ff61dda1cec _set_fmode 14 API calls 19180->19170 19182 7ff61dda32bc 19181->19182 19183 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19182->19183 19183->19170 19185 7ff61dda31bf 19184->19185 19186 7ff61ddab07c 19184->19186 19185->19170 19185->19180 19186->19185 19187 7ff61dda1cec _set_fmode 14 API calls 19186->19187 19187->19185 19189 7ff61dd932d9 19188->19189 19190 7ff61dd932ca 19188->19190 19192 7ff61dd932cf 19189->19192 19193 7ff61dda2ec8 _onexit 15 API calls 19189->19193 19191 7ff61dda1cec _set_fmode 14 API calls 19190->19191 19191->19192 19192->19141 19194 7ff61dd93306 19193->19194 19195 7ff61dd9331a 19194->19195 19196 7ff61dda1d84 __free_lconv_num 14 API calls 19194->19196 19197 7ff61dda1d84 __free_lconv_num 14 API calls 19195->19197 19196->19195 19197->19192 19199 7ff61dda437e 19198->19199 19200 7ff61dda4366 19198->19200 19199->19200 19204 7ff61dda4395 19199->19204 19201 7ff61dda1cec _set_fmode 14 API calls 19200->19201 19202 7ff61dda436b 19201->19202 19203 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19202->19203 19218 7ff61dd95dff 19203->19218 19205 7ff61dda43db 19204->19205 19210 7ff61dda4438 19204->19210 19230 7ff61dda4204 19205->19230 19206 7ff61dda457a 19206->19218 19325 7ff61dda396c 19206->19325 19208 7ff61dda4541 19318 7ff61dda3cdc 19208->19318 19210->19206 19210->19208 19211 7ff61dda44b7 19210->19211 19214 7ff61dda447b 19210->19214 19217 7ff61dda446d 19210->19217 19273 7ff61ddab200 19211->19273 19263 7ff61dda40d0 19214->19263 19217->19208 19220 7ff61dda4476 19217->19220 19218->19149 19223 7ff61dd93c24 19218->19223 19220->19211 19220->19214 19221 7ff61dda450e 19221->19218 19315 7ff61dda3f8c 19221->19315 19376 7ff61dd9f938 19223->19376 19225 7ff61dd93c3c 19226 7ff61dd93c50 19225->19226 19380 7ff61dd979c0 19225->19380 19228 7ff61dd9f938 39 API calls 19226->19228 19229 7ff61dd93c58 19228->19229 19229->19149 19231 7ff61dda4232 19230->19231 19234 7ff61dda4250 19230->19234 19232 7ff61dd907e0 _handle_error 8 API calls 19231->19232 19233 7ff61dda4247 19232->19233 19233->19218 19235 7ff61dda1634 31 API calls 19234->19235 19236 7ff61dda4322 19235->19236 19236->19231 19237 7ff61dda432a 19236->19237 19238 7ff61dda1bec _isindst 17 API calls 19237->19238 19241 7ff61dda433f 19238->19241 19239 7ff61dda4366 19240 7ff61dda1cec _set_fmode 14 API calls 19239->19240 19242 7ff61dda436b 19240->19242 19241->19239 19245 7ff61dda4395 19241->19245 19243 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19242->19243 19244 7ff61dda4377 19243->19244 19244->19218 19246 7ff61dda43db 19245->19246 19251 7ff61dda4438 19245->19251 19250 7ff61dda4204 35 API calls 19246->19250 19247 7ff61dda457a 19247->19244 19248 7ff61dda396c 35 API calls 19247->19248 19248->19244 19249 7ff61dda4541 19253 7ff61dda3cdc 35 API calls 19249->19253 19250->19244 19251->19247 19251->19249 19252 7ff61dda44b7 19251->19252 19255 7ff61dda447b 19251->19255 19258 7ff61dda446d 19251->19258 19254 7ff61ddab200 32 API calls 19252->19254 19253->19244 19257 7ff61dda44e1 19254->19257 19256 7ff61dda40d0 35 API calls 19255->19256 19256->19244 19259 7ff61ddab11c 31 API calls 19257->19259 19258->19249 19260 7ff61dda4476 19258->19260 19261 7ff61dda450e 19259->19261 19260->19252 19260->19255 19261->19244 19262 7ff61dda3f8c 34 API calls 19261->19262 19262->19244 19264 7ff61ddab200 32 API calls 19263->19264 19265 7ff61dda4114 19264->19265 19266 7ff61ddab11c 31 API calls 19265->19266 19267 7ff61dda414d 19266->19267 19268 7ff61dda41aa 19267->19268 19270 7ff61dda416d 19267->19270 19272 7ff61dda4151 19267->19272 19335 7ff61dda3db8 19268->19335 19271 7ff61dda3f8c 34 API calls 19270->19271 19271->19272 19272->19218 19276 7ff61ddab24e fegetenv 19273->19276 19274 7ff61ddab2af 19275 7ff61dda1634 31 API calls 19274->19275 19277 7ff61ddac40d 19275->19277 19276->19274 19280 7ff61ddab32e 19276->19280 19278 7ff61ddac41c 19277->19278 19283 7ff61ddac3ae 19277->19283 19279 7ff61dda1bec _isindst 17 API calls 19278->19279 19281 7ff61ddac430 19279->19281 19348 7ff61ddaf530 19280->19348 19284 7ff61dd907e0 _handle_error 8 API calls 19283->19284 19285 7ff61dda44e1 19284->19285 19306 7ff61ddab11c 19285->19306 19286 7ff61ddabd42 19366 7ff61dd9cf20 19286->19366 19288 7ff61ddabc58 19288->19286 19357 7ff61dd9e058 19288->19357 19289 7ff61ddab3dc memcpy_s 19297 7ff61ddab86e __scrt_fastfail memcpy_s 19289->19297 19301 7ff61ddabd5e __scrt_fastfail memcpy_s 19289->19301 19290 7ff61ddab399 __scrt_fastfail 19290->19289 19292 7ff61dda1cec _set_fmode 14 API calls 19290->19292 19294 7ff61ddab84e 19292->19294 19293 7ff61ddac23c 19293->19283 19303 7ff61dd9cf20 31 API calls 19293->19303 19305 7ff61dd9e058 memcpy_s 31 API calls 19293->19305 19295 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19294->19295 19295->19289 19296 7ff61ddac1e0 19296->19293 19298 7ff61dd9e058 memcpy_s 31 API calls 19296->19298 19297->19288 19300 7ff61dda1cec 14 API calls _set_fmode 19297->19300 19304 7ff61dda1bcc 31 API calls _invalid_parameter_noinfo 19297->19304 19298->19293 19299 7ff61dda1cec 14 API calls _set_fmode 19299->19301 19300->19297 19301->19286 19301->19288 19301->19299 19302 7ff61dda1bcc 31 API calls _invalid_parameter_noinfo 19301->19302 19302->19301 19303->19293 19304->19297 19305->19293 19307 7ff61ddab131 19306->19307 19308 7ff61ddab149 19306->19308 19309 7ff61dda1cec _set_fmode 14 API calls 19307->19309 19314 7ff61ddab142 memcpy_s 19307->19314 19308->19307 19311 7ff61ddab163 19308->19311 19310 7ff61ddab136 19309->19310 19313 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19310->19313 19312 7ff61dda1cec _set_fmode 14 API calls 19311->19312 19312->19310 19313->19314 19314->19221 19316 7ff61dd938b8 34 API calls 19315->19316 19317 7ff61dda3fbc __scrt_fastfail memcpy_s 19316->19317 19317->19218 19319 7ff61ddab200 32 API calls 19318->19319 19320 7ff61dda3d26 19319->19320 19321 7ff61ddab11c 31 API calls 19320->19321 19322 7ff61dda3d5c 19321->19322 19323 7ff61dda3d60 19322->19323 19324 7ff61dda3db8 34 API calls 19322->19324 19323->19218 19324->19323 19326 7ff61dd938b8 34 API calls 19325->19326 19327 7ff61dda39ba 19326->19327 19328 7ff61dda39c5 19327->19328 19329 7ff61dda39da 19327->19329 19330 7ff61dda1cec _set_fmode 14 API calls 19328->19330 19332 7ff61dda3cdc 35 API calls 19329->19332 19334 7ff61dda39d5 __scrt_fastfail 19329->19334 19331 7ff61dda39ca 19330->19331 19333 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19331->19333 19332->19334 19333->19334 19334->19218 19336 7ff61dda3def 19335->19336 19337 7ff61dda3e1d 19335->19337 19339 7ff61dda1cec _set_fmode 14 API calls 19336->19339 19338 7ff61dd938b8 34 API calls 19337->19338 19343 7ff61dda3e2f memcpy_s 19338->19343 19340 7ff61dda3df4 19339->19340 19341 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19340->19341 19342 7ff61dda3e00 19341->19342 19342->19272 19343->19343 19344 7ff61dda1634 31 API calls 19343->19344 19347 7ff61dda3ec8 memcpy_s 19344->19347 19345 7ff61dda1bec _isindst 17 API calls 19346 7ff61dda3f89 19345->19346 19347->19345 19349 7ff61ddaf830 19348->19349 19350 7ff61ddaf547 19348->19350 19351 7ff61ddaf7e0 19350->19351 19352 7ff61ddaf7c2 19350->19352 19354 7ff61ddaf5af 19350->19354 19353 7ff61ddaf7d6 19351->19353 19356 7ff61ddb0540 _log10_special 23 API calls 19351->19356 19355 7ff61ddb0540 _log10_special 23 API calls 19352->19355 19353->19290 19354->19290 19355->19353 19356->19353 19359 7ff61dd9e079 __scrt_fastfail 19357->19359 19364 7ff61dd9e075 memcpy_s 19357->19364 19358 7ff61dd9e07e 19360 7ff61dda1cec _set_fmode 14 API calls 19358->19360 19359->19358 19363 7ff61dd9e0b9 19359->19363 19359->19364 19361 7ff61dd9e083 19360->19361 19362 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19361->19362 19362->19364 19363->19364 19365 7ff61dda1cec _set_fmode 14 API calls 19363->19365 19364->19286 19365->19361 19367 7ff61dd9cf48 19366->19367 19375 7ff61dd9cf8b 19366->19375 19368 7ff61dd9cf92 19367->19368 19369 7ff61dd9cf6c 19367->19369 19367->19375 19371 7ff61dd9cf97 19368->19371 19372 7ff61dd9cfcd 19368->19372 19370 7ff61dd9e058 memcpy_s 31 API calls 19369->19370 19370->19375 19373 7ff61dd9e058 memcpy_s 31 API calls 19371->19373 19374 7ff61dd9e058 memcpy_s 31 API calls 19372->19374 19373->19375 19374->19375 19375->19296 19375->19375 19377 7ff61dd9f945 19376->19377 19379 7ff61dd9f94c 19376->19379 19386 7ff61dd9f6b8 19377->19386 19379->19225 19381 7ff61dd979d7 19380->19381 19385 7ff61dd979fd 19380->19385 19382 7ff61dd938b8 34 API calls 19381->19382 19383 7ff61dd979e3 19382->19383 19383->19385 19398 7ff61dda4954 19383->19398 19385->19225 19387 7ff61dd938b8 34 API calls 19386->19387 19388 7ff61dd9f6d6 19387->19388 19389 7ff61dd9f6de 19388->19389 19390 7ff61dd9f716 19388->19390 19391 7ff61dd9f658 37 API calls 19389->19391 19392 7ff61dd9f73b 19390->19392 19393 7ff61dda6a80 34 API calls 19390->19393 19397 7ff61dd9f6e9 19391->19397 19394 7ff61dda1cec _set_fmode 14 API calls 19392->19394 19395 7ff61dd9f73f 19392->19395 19393->19392 19394->19395 19396 7ff61dda6de4 38 API calls 19395->19396 19396->19397 19397->19379 19399 7ff61dd938b8 34 API calls 19398->19399 19400 7ff61dda498e 19399->19400 19401 7ff61dda6a80 34 API calls 19400->19401 19406 7ff61dda4998 19400->19406 19402 7ff61dda49ba 19401->19402 19405 7ff61dda98bc 37 API calls 19402->19405 19403 7ff61dd907e0 _handle_error 8 API calls 19404 7ff61dda4a4a 19403->19404 19404->19385 19405->19406 19406->19403 19408 7ff61dda2f3b 19407->19408 19411 7ff61dd97c4c 19408->19411 19412 7ff61dd97c8f 19411->19412 19413 7ff61dd97c7a 19411->19413 19412->19413 19414 7ff61dd97c9d 19412->19414 19415 7ff61dda1cec _set_fmode 14 API calls 19413->19415 19416 7ff61dd938b8 34 API calls 19414->19416 19417 7ff61dd97c7f 19415->19417 19420 7ff61dd97ca9 19416->19420 19418 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19417->19418 19430 7ff61dd93ce6 19418->19430 19419 7ff61dda4954 37 API calls 19419->19420 19420->19419 19421 7ff61dd97cfd 19420->19421 19422 7ff61dd97d79 19421->19422 19423 7ff61dda1cec _set_fmode 14 API calls 19421->19423 19424 7ff61dda1cec _set_fmode 14 API calls 19422->19424 19426 7ff61dd97e7c 19422->19426 19425 7ff61dd97dbd 19423->19425 19428 7ff61dd97e71 19424->19428 19429 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19425->19429 19427 7ff61dda1cec _set_fmode 14 API calls 19426->19427 19426->19430 19427->19430 19431 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19428->19431 19429->19422 19430->19114 19430->19115 19431->19426 19434 7ff61dd94aa1 19432->19434 19433 7ff61dd94980 19433->19119 19433->19122 19434->19433 19435 7ff61dda1cec _set_fmode 14 API calls 19434->19435 19436 7ff61dd94b1a 19435->19436 19437 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19436->19437 19437->19433 19439 7ff61dd8e56f 19438->19439 19440 7ff61dd8e5bd 19439->19440 19441 7ff61dd8e584 DialogBoxIndirectParamA 19439->19441 19442 7ff61dd907e0 _handle_error 8 API calls 19440->19442 19441->19440 19443 7ff61dd81bae 19442->19443 19443->18956 19445 7ff61dd97c4c 37 API calls 19444->19445 19446 7ff61dd98990 19445->19446 19446->18951 19448 7ff61dd8104c 19447->19448 19449 7ff61dd810ed lstrcpyA lstrcatA 19448->19449 19451 7ff61dd8106d lstrlenA 19448->19451 19452 7ff61dd8113e 19448->19452 19450 7ff61dd907e0 _handle_error 8 API calls 19449->19450 19453 7ff61dd81126 19450->19453 19455 7ff61dd81090 19451->19455 19513 7ff61dd9090c 19452->19513 19453->18959 19457 7ff61dd81097 lstrcmpiA 19455->19457 19459 7ff61dd810be lstrcatA 19455->19459 19457->19455 19458 7ff61dd810c0 19457->19458 19458->19452 19458->19459 19459->19449 19526 7ff61dd91520 19461->19526 19463 7ff61dd8f142 lstrcpynA GetPrivateProfileStringA 19464 7ff61dd8f1d0 GetPrivateProfileStringA 19463->19464 19465 7ff61dd8f18b 19463->19465 19468 7ff61dd8f1fc 19464->19468 19466 7ff61dd8f1af lstrcpynA 19465->19466 19467 7ff61dd8f196 19465->19467 19470 7ff61dd8f1a8 19466->19470 19467->19470 19472 7ff61dd9896c 37 API calls 19467->19472 19469 7ff61dd8f259 RegOpenKeyExA 19468->19469 19468->19470 19469->19470 19471 7ff61dd8f280 RegQueryValueExA 19469->19471 19473 7ff61dd907e0 _handle_error 8 API calls 19470->19473 19471->19470 19474 7ff61dd8f2b5 RegCloseKey 19471->19474 19472->19470 19475 7ff61dd8f2d0 19473->19475 19474->19470 19475->18959 19476->18967 19477->18966 19479 7ff61dd89070 19478->19479 19481 7ff61dd890a3 GetCurrentThread SetThreadPriority 19479->19481 19528 7ff61dd88dc0 19479->19528 19482 7ff61dd890c0 Sleep 19481->19482 19483 7ff61dd89141 19482->19483 19484 7ff61dd89139 19482->19484 19485 7ff61dd89193 19483->19485 19487 7ff61dd8913f 19483->19487 19484->19482 19484->19487 19486 7ff61dd8e468 43 API calls 19485->19486 19488 7ff61dd89191 19486->19488 19487->19488 19494 7ff61dd8e468 43 API calls 19487->19494 19489 7ff61dd8923a socket GetLastError closesocket 19488->19489 19490 7ff61dd891ac WaitForSingleObject 19488->19490 19491 7ff61dd89264 19489->19491 19505 7ff61dd89270 19489->19505 19492 7ff61dd891c2 19490->19492 19493 7ff61dd891db 19490->19493 19495 7ff61dd8e468 43 API calls 19491->19495 19556 7ff61dd9f17c 19492->19556 19497 7ff61dd891e4 Sleep 19493->19497 19498 7ff61dd891f8 19493->19498 19494->19487 19495->19505 19497->19497 19497->19498 19563 7ff61dd8f534 19498->19563 19500 7ff61dd8920b 19572 7ff61dd88bd0 19500->19572 19501 7ff61dd81d7c 19501->18976 19503 7ff61dd892ae WaitForSingleObject 19503->19505 19505->19501 19505->19503 19507 7ff61dd892f0 Sleep 19505->19507 19508 7ff61dd8f534 80 API calls 19505->19508 19510 7ff61dd88bd0 82 API calls 19505->19510 19512 7ff61dd9f17c 75 API calls 19505->19512 19506 7ff61dd89223 19509 7ff61dd9f17c 75 API calls 19506->19509 19507->19505 19507->19507 19508->19505 19509->19489 19511 7ff61dd89323 ReleaseMutex 19510->19511 19511->19505 19512->19505 19516 7ff61dd90920 IsProcessorFeaturePresent 19513->19516 19517 7ff61dd90936 19516->19517 19522 7ff61dd909bc RtlCaptureContext RtlLookupFunctionEntry 19517->19522 19523 7ff61dd9094a 19522->19523 19524 7ff61dd909ec RtlVirtualUnwind 19522->19524 19525 7ff61dd90804 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19523->19525 19524->19523 19527 7ff61dd9152a 19526->19527 19527->19463 19527->19527 19529 7ff61dd88e03 19528->19529 19540 7ff61dd88e77 19528->19540 19530 7ff61dd88e64 19529->19530 19584 7ff61dd888b0 19529->19584 19532 7ff61dd88f14 19530->19532 19533 7ff61dd88ead CreateEventA 19530->19533 19530->19540 19622 7ff61dd97308 19532->19622 19533->19532 19534 7ff61dd88ed1 19533->19534 19536 7ff61dd88ee0 19534->19536 19537 7ff61dd88eda closesocket 19534->19537 19539 7ff61dd88eee CloseHandle 19536->19539 19536->19540 19537->19536 19539->19540 19540->19479 19541 7ff61dd88f4e 19542 7ff61dd8901c 19541->19542 19544 7ff61dd88f89 WaitForSingleObject 19541->19544 19542->19540 19543 7ff61dd89021 SetEvent 19542->19543 19543->19540 19545 7ff61dd88f9f 19544->19545 19546 7ff61dd88fb8 19544->19546 19547 7ff61dd9f17c 75 API calls 19545->19547 19548 7ff61dd88fc1 Sleep 19546->19548 19549 7ff61dd88fd5 19546->19549 19547->19546 19548->19548 19548->19549 19550 7ff61dd8f534 80 API calls 19549->19550 19551 7ff61dd88fed 19550->19551 19552 7ff61dd88bd0 82 API calls 19551->19552 19553 7ff61dd88ff4 ReleaseMutex 19552->19553 19553->19542 19554 7ff61dd89005 19553->19554 19555 7ff61dd9f17c 75 API calls 19554->19555 19555->19542 19678 7ff61dda60c0 19556->19678 19560 7ff61dd9f1a8 19684 7ff61dd9f004 GetStdHandle 19560->19684 19564 7ff61dd8f565 19563->19564 19565 7ff61dd8f570 WaitForSingleObject 19564->19565 19567 7ff61dd9f17c 75 API calls 19564->19567 19568 7ff61dd8f5af ReleaseMutex OutputDebugStringA Sleep 19564->19568 19569 7ff61dd8f5d4 19564->19569 19571 7ff61dd8f609 memcpy_s 19564->19571 19565->19564 19566 7ff61dd8f674 ReleaseMutex 19566->19500 19567->19564 19568->19564 19570 7ff61dd9f17c 75 API calls 19569->19570 19569->19571 19570->19571 19571->19566 19573 7ff61dd88c07 SetEvent 19572->19573 19578 7ff61dd88c55 wsprintfA 19572->19578 19574 7ff61dd88c2f 19573->19574 19580 7ff61dd88c50 19573->19580 19576 7ff61dd9f17c 75 API calls 19574->19576 19574->19580 19575 7ff61dd907e0 _handle_error 8 API calls 19577 7ff61dd88da8 ReleaseMutex 19575->19577 19576->19580 19577->19489 19577->19506 19581 7ff61dd88d04 getaddrinfo 19578->19581 19580->19575 19581->19580 19583 7ff61dd88d3b socket sendto closesocket freeaddrinfo 19581->19583 19583->19580 19585 7ff61dd8890f wsprintfA 19584->19585 19587 7ff61dd8896e getaddrinfo 19585->19587 19589 7ff61dd889c4 socket 19587->19589 19590 7ff61dd88999 19587->19590 19589->19590 19591 7ff61dd889e2 19589->19591 19641 7ff61dd8ed18 GetLastError FormatMessageA 19590->19641 19594 7ff61dd88a35 19591->19594 19595 7ff61dd889e8 setsockopt 19591->19595 19593 7ff61dd8899e GetLastError 19645 7ff61dd822a0 19593->19645 19598 7ff61dd88a39 setsockopt 19594->19598 19599 7ff61dd88a5a bind 19594->19599 19597 7ff61dd8e468 43 API calls 19595->19597 19597->19594 19598->19599 19601 7ff61dd88b93 freeaddrinfo 19599->19601 19602 7ff61dd88a7c GetLastError getnameinfo SetLastError GetLastError 19599->19602 19600 7ff61dd889b8 19607 7ff61dd907e0 _handle_error 8 API calls 19600->19607 19601->19600 19603 7ff61dd88b54 19602->19603 19604 7ff61dd88af6 19602->19604 19605 7ff61dd8ed18 4 API calls 19603->19605 19604->19603 19606 7ff61dd88afb 19604->19606 19609 7ff61dd88b59 GetLastError 19605->19609 19610 7ff61dd88b00 19606->19610 19611 7ff61dd88b21 19606->19611 19608 7ff61dd88bbb 19607->19608 19608->19530 19613 7ff61dd822a0 95 API calls 19609->19613 19614 7ff61dd8ed18 4 API calls 19610->19614 19612 7ff61dd8ed18 4 API calls 19611->19612 19615 7ff61dd88b26 GetLastError 19612->19615 19616 7ff61dd88b76 closesocket 19613->19616 19617 7ff61dd88b05 GetLastError 19614->19617 19619 7ff61dd822a0 95 API calls 19615->19619 19620 7ff61dd8e468 43 API calls 19616->19620 19618 7ff61dd822a0 95 API calls 19617->19618 19621 7ff61dd88b1f 19618->19621 19619->19621 19620->19601 19621->19616 19623 7ff61dd97332 19622->19623 19624 7ff61dd97319 19622->19624 19671 7ff61dd972a8 19623->19671 19625 7ff61dda1cec _set_fmode 14 API calls 19624->19625 19627 7ff61dd9731e 19625->19627 19629 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19627->19629 19632 7ff61dd88f40 19629->19632 19630 7ff61dd97342 CreateThread 19633 7ff61dd973c0 ResumeThread 19630->19633 19634 7ff61dd97376 GetLastError 19630->19634 19631 7ff61dd97383 19631->19632 19636 7ff61dd97395 CloseHandle 19631->19636 19637 7ff61dd9739b 19631->19637 19632->19534 19632->19541 19633->19631 19633->19634 19635 7ff61dda1c7c 14 API calls 19634->19635 19635->19631 19636->19637 19638 7ff61dd973a4 FreeLibrary 19637->19638 19639 7ff61dd973aa 19637->19639 19638->19639 19640 7ff61dda1d84 __free_lconv_num 14 API calls 19639->19640 19640->19632 19666 7ff61dd91900 19641->19666 19643 7ff61dd8ed61 lstrcpynA LocalFree 19644 7ff61dd8ed95 19643->19644 19644->19593 19646 7ff61dd822df swprintf 19645->19646 19647 7ff61dd97098 41 API calls 19646->19647 19648 7ff61dd82303 lstrlenA 19647->19648 19649 7ff61dd8231d WaitForSingleObject 19648->19649 19650 7ff61dd823af 19648->19650 19652 7ff61dd8234c 19649->19652 19653 7ff61dd82333 19649->19653 19651 7ff61dd823c7 19650->19651 19668 7ff61dd8ec74 RegisterEventSourceA 19650->19668 19655 7ff61dd907e0 _handle_error 8 API calls 19651->19655 19657 7ff61dd82369 19652->19657 19658 7ff61dd82355 Sleep 19652->19658 19656 7ff61dd9f17c 75 API calls 19653->19656 19659 7ff61dd823d7 19655->19659 19656->19652 19660 7ff61dd8f534 80 API calls 19657->19660 19658->19657 19658->19658 19659->19600 19661 7ff61dd82380 19660->19661 19662 7ff61dd88bd0 82 API calls 19661->19662 19663 7ff61dd82387 ReleaseMutex 19662->19663 19663->19650 19664 7ff61dd82398 19663->19664 19665 7ff61dd9f17c 75 API calls 19664->19665 19665->19650 19667 7ff61dd918e0 19666->19667 19667->19643 19667->19667 19669 7ff61dd8ecb1 lstrlenA ReportEventA DeregisterEventSource 19668->19669 19670 7ff61dd8ecfe 19668->19670 19669->19670 19670->19651 19672 7ff61dda1d0c _invalid_parameter_noinfo 14 API calls 19671->19672 19673 7ff61dd972ca 19672->19673 19674 7ff61dda1d84 __free_lconv_num 14 API calls 19673->19674 19675 7ff61dd972d4 19674->19675 19676 7ff61dd972f5 19675->19676 19677 7ff61dd972db GetModuleHandleExW 19675->19677 19676->19630 19676->19631 19677->19676 19679 7ff61dda60c8 19678->19679 19680 7ff61dda1cec _set_fmode 14 API calls 19679->19680 19681 7ff61dda60d2 19679->19681 19682 7ff61dda60ed 19680->19682 19681->19560 19683 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19682->19683 19683->19681 19685 7ff61dd9f05b GetFileType 19684->19685 19687 7ff61dd9f0cc 19684->19687 19686 7ff61dd9f069 swprintf 19685->19686 19685->19687 19686->19687 19690 7ff61dd9f0a4 WriteConsoleW 19686->19690 19689 7ff61dd9f0fd 19687->19689 19699 7ff61dda66e0 19687->19699 19708 7ff61dd9f154 19689->19708 19690->19687 19691 7ff61dd9f0c7 19690->19691 19692 7ff61dda1694 34 API calls 19691->19692 19692->19687 19694 7ff61dd9f13b 19712 7ff61dda2ba8 19694->19712 19697 7ff61dda1694 34 API calls 19698 7ff61dd9f152 19697->19698 19700 7ff61dda6763 19699->19700 19705 7ff61dda6700 19699->19705 19701 7ff61dda1cec _set_fmode 14 API calls 19700->19701 19702 7ff61dda6768 19701->19702 19703 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19702->19703 19706 7ff61dda6761 19703->19706 19704 7ff61dda6724 19718 7ff61dda65c0 19704->19718 19705->19700 19705->19704 19706->19689 19709 7ff61dd9f1f0 swprintf 19708->19709 19726 7ff61dd97004 19709->19726 19713 7ff61dda2bb6 19712->19713 19714 7ff61dda2bbd 19712->19714 19743 7ff61dda2a78 19713->19743 19716 7ff61dd9f14d 19714->19716 19746 7ff61dda2a38 19714->19746 19716->19697 19725 7ff61dd92ca0 EnterCriticalSection 19718->19725 19727 7ff61dd9703f 19726->19727 19728 7ff61dd9702a 19726->19728 19727->19728 19729 7ff61dd97044 19727->19729 19730 7ff61dda1cec _set_fmode 14 API calls 19728->19730 19735 7ff61dd92cb8 19729->19735 19732 7ff61dd9702f 19730->19732 19734 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19732->19734 19733 7ff61dd9703a 19733->19694 19734->19733 19742 7ff61dd92ca0 EnterCriticalSection 19735->19742 19753 7ff61dda2958 19743->19753 19761 7ff61dd92ca0 EnterCriticalSection 19746->19761 19760 7ff61dda17f8 EnterCriticalSection 19753->19760 19763 7ff61dd9e901 19762->19763 19765 7ff61dd9e923 19762->19765 19764 7ff61dda1cec _set_fmode 14 API calls 19763->19764 19766 7ff61dd9e906 19764->19766 19765->19763 19767 7ff61dd9e92d 19765->19767 19770 7ff61dda1bcc _invalid_parameter_noinfo 31 API calls 19766->19770 19768 7ff61dd9e93f 19767->19768 19769 7ff61dd9e932 19767->19769 19781 7ff61dda5aa0 19768->19781 19771 7ff61dda1cec _set_fmode 14 API calls 19769->19771 19773 7ff61dd9e911 19770->19773 19771->19773 19773->18993 19773->18994 19794 7ff61dda17f8 EnterCriticalSection 19781->19794 20174 7ff61dda365c 34 API calls 20173->20174 20175 7ff61dda161d 20174->20175 20176 7ff61dda1694 34 API calls 20175->20176 20177 7ff61dda1633 20176->20177 21820 7ff61dd92c44 21821 7ff61dd92c4f 21820->21821 21829 7ff61dda2808 21821->21829 21842 7ff61dda17f8 EnterCriticalSection 21829->21842

    Executed Functions

    Function 00007FF61DD816A0, Relevance: 100.0, APIs: 28, Strings: 29, Instructions: 240servicesleepstringCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff61dd816a0-7ff61dd816df lstrcmpiA 1 7ff61dd8183b-7ff61dd8184d lstrcmpiA 0->1 2 7ff61dd816e5-7ff61dd816fd GetModuleFileNameA 0->2 5 7ff61dd819bc-7ff61dd819ce lstrcmpiA 1->5 6 7ff61dd81853-7ff61dd81869 OpenSCManagerA 1->6 3 7ff61dd8171f-7ff61dd81735 OpenSCManagerA 2->3 4 7ff61dd816ff-7ff61dd8171a call 7ff61dd81500 call 7ff61dd81160 2->4 7 7ff61dd8173b-7ff61dd817a1 CreateServiceA 3->7 8 7ff61dd819a3-7ff61dd819b7 call 7ff61dd81500 call 7ff61dd81160 3->8 28 7ff61dd81b17-7ff61dd81b41 call 7ff61dd907e0 4->28 9 7ff61dd81a09-7ff61dd81a1b lstrcmpiA 5->9 10 7ff61dd819d0-7ff61dd81a04 call 7ff61dd81160 SetConsoleCtrlHandler call 7ff61dd81b50 5->10 6->8 12 7ff61dd8186f-7ff61dd8188b OpenServiceA 6->12 15 7ff61dd81819-7ff61dd81836 call 7ff61dd81500 call 7ff61dd81160 CloseServiceHandle 7->15 16 7ff61dd817a3-7ff61dd817be GetVersionExA 7->16 8->28 18 7ff61dd81a1d-7ff61dd81a4c RegDeleteKeyA * 2 9->18 19 7ff61dd81a82-7ff61dd81af5 call 7ff61dd81160 * 6 StartServiceCtrlDispatcherA 9->19 10->28 13 7ff61dd81981-7ff61dd8199e call 7ff61dd81500 call 7ff61dd81160 CloseServiceHandle 12->13 14 7ff61dd81891-7ff61dd818af ControlService 12->14 13->28 22 7ff61dd8193a-7ff61dd81945 DeleteService 14->22 23 7ff61dd818b5-7ff61dd818e1 call 7ff61dd81160 Sleep QueryServiceStatus 14->23 15->28 24 7ff61dd817f3-7ff61dd81814 call 7ff61dd81160 CloseServiceHandle * 2 16->24 25 7ff61dd817c0-7ff61dd817c8 16->25 18->28 29 7ff61dd81a52-7ff61dd81a72 call 7ff61dd9e9a0 18->29 19->28 85 7ff61dd81af7-7ff61dd81b12 GetLastError call 7ff61dd8e468 call 7ff61dd815b0 19->85 42 7ff61dd81947-7ff61dd8194e 22->42 43 7ff61dd81950-7ff61dd8195c call 7ff61dd81500 22->43 62 7ff61dd81919 23->62 63 7ff61dd818e3-7ff61dd818ec 23->63 24->28 25->24 35 7ff61dd817ca-7ff61dd817d2 25->35 29->28 65 7ff61dd81a78-7ff61dd81a7d call 7ff61dd9e880 29->65 35->24 49 7ff61dd817d4-7ff61dd817ed ChangeServiceConfig2A 35->49 58 7ff61dd8195f-7ff61dd8197c call 7ff61dd81160 CloseServiceHandle * 2 42->58 43->58 49->24 58->28 69 7ff61dd8191f-7ff61dd8192c 62->69 63->69 70 7ff61dd818ee-7ff61dd81917 call 7ff61dd81160 Sleep QueryServiceStatus 63->70 65->28 74 7ff61dd81935 call 7ff61dd81160 69->74 75 7ff61dd8192e 69->75 70->62 70->63 74->22 75->74 85->28
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Service$CloseHandle$Open$ErrorLastManagerQuerySleepStatuslstrcmpi$ChangeConfig2ControlCreateDeleteFileFormatFreeLocalMessageModuleNameVersionlstrlen
    • String ID: %s failed to stop.$%s stopped.$StartServiceCtrlDispatcher being called.$%s -debug <params> to run as a console app for debugging$%s -install to install the service$%s -remove to remove the service$%s -uninstall to suppress registry entries and settings$%s installed.$%s removed.$-debug$-install$-remove$-uninstall$CreateService failed - %s$Debugging %s.$DeleteService failed - %s$OpenSCManager failed - %s$OpenService failed - %s$SOFTWARE\TFTPD32$SOFTWARE\TFTPD32\DHCP$StartServiceCtrlDispatcher failed.$StartServiceCtrlDispatcher failed. Error %d$Stopping %s.$Tftpd32$Tftpd32 operates a TFTP server$Tftpd32 service edition$Tftpd32_svc$This may take several seconds. Please wait.$Unable to install %s - %s
    • API String ID: 166101069-4046512295
    • Opcode ID: e2b86e749bbf14b86110556fb8447a1b67b8f8f08c12c8f5aa9a3e674dc0cbf4
    • Instruction ID: c65a78032742621e633bf715d28e6d5b59be4e5343bddd80791b719ab2faf71f
    • Opcode Fuzzy Hash: e2b86e749bbf14b86110556fb8447a1b67b8f8f08c12c8f5aa9a3e674dc0cbf4
    • Instruction Fuzzy Hash: B4C11720E0CE4F91EA119B21E8542BA23A4EF46FE9F40A335D54EC26E5FF6CE549D301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD90B68, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
    • String ID:
    • API String ID: 59578552-0
    • Opcode ID: 30f9191b5c8b5762895524e91c8c452617ce949452180edc03544f7a69bb343f
    • Instruction ID: a664d302363d1e937a8a9802e646292d9fbea9679340a9e8e836ba8dbe7c5893
    • Opcode Fuzzy Hash: 30f9191b5c8b5762895524e91c8c452617ce949452180edc03544f7a69bb343f
    • Instruction Fuzzy Hash: 03E08C24E4D89BC1F61933B64C530BC30802F49BB0F108339E11CC13E2EC1E60828B1A
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD815B0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47registryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event$Source$DeregisterErrorLastRegisterReport
    • String ID: %s error: %d$Tftpd32_svc
    • API String ID: 544316925-1106718660
    • Opcode ID: 47c7756775b06bb74b172c730a5374ea5b1304857d733cca4369eeff68a12dad
    • Instruction ID: 340be8df0cd7d1df2f64cd8cda60c8e226ec84e8896c1226b304787139d0da20
    • Opcode Fuzzy Hash: 47c7756775b06bb74b172c730a5374ea5b1304857d733cca4369eeff68a12dad
    • Instruction Fuzzy Hash: 8F211571E0DF8981EB218B20F4517AA73A0FB49BA4F445335D58D87B64EF7CD1488B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD90B84, Relevance: 9.1, APIs: 6, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: __scrt_fastfail$__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__vcrt_initialize
    • String ID:
    • API String ID: 3691304421-0
    • Opcode ID: a42740852e2a71879d0b6d9e774216d38402d0cb334e7af095ff70f15a69f0b6
    • Instruction ID: 820ab805eb34f4da186ba05d8ec8902900a7e1cd168207d64386da9b339d22d8
    • Opcode Fuzzy Hash: a42740852e2a71879d0b6d9e774216d38402d0cb334e7af095ff70f15a69f0b6
    • Instruction Fuzzy Hash: FA315121E09D6F45FA58BB64E8613B91391AF45FA4F444338E60DC72E7FE2EB4458340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAABD4, Relevance: 7.7, APIs: 5, Instructions: 203COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 159 7ff61ddaabd4-7ff61ddaabf7 160 7ff61ddaae94 159->160 161 7ff61ddaabfd-7ff61ddaac00 159->161 164 7ff61ddaae96-7ff61ddaaead 160->164 162 7ff61ddaac22-7ff61ddaac48 161->162 163 7ff61ddaac02-7ff61ddaac1d call 7ff61dda1ccc call 7ff61dda1cec call 7ff61dda1bcc 161->163 166 7ff61ddaac53-7ff61ddaac59 162->166 167 7ff61ddaac4a-7ff61ddaac51 162->167 163->164 169 7ff61ddaac69-7ff61ddaac79 call 7ff61ddac850 166->169 170 7ff61ddaac5b-7ff61ddaac64 call 7ff61ddae754 166->170 167->163 167->166 176 7ff61ddaac7f-7ff61ddaac8f 169->176 177 7ff61ddaad82-7ff61ddaad92 169->177 170->169 176->177 179 7ff61ddaac95-7ff61ddaaca8 call 7ff61dda365c 176->179 181 7ff61ddaad94-7ff61ddaad9b 177->181 182 7ff61ddaade3-7ff61ddaae08 WriteFile 177->182 194 7ff61ddaacc0-7ff61ddaacdc GetConsoleMode 179->194 195 7ff61ddaacaa-7ff61ddaacba 179->195 186 7ff61ddaadcf-7ff61ddaaddc call 7ff61ddaa758 181->186 187 7ff61ddaad9d-7ff61ddaada0 181->187 184 7ff61ddaae13 182->184 185 7ff61ddaae0a-7ff61ddaae10 GetLastError 182->185 190 7ff61ddaae16 184->190 185->184 196 7ff61ddaade1 186->196 191 7ff61ddaada2-7ff61ddaada5 187->191 192 7ff61ddaadbb-7ff61ddaadcd call 7ff61ddaa978 187->192 197 7ff61ddaae1b 190->197 198 7ff61ddaae20-7ff61ddaae2a 191->198 199 7ff61ddaada7-7ff61ddaadb9 call 7ff61ddaa85c 191->199 202 7ff61ddaad76-7ff61ddaad7d 192->202 194->177 201 7ff61ddaace2-7ff61ddaace5 194->201 195->177 195->194 196->202 197->198 203 7ff61ddaae2c-7ff61ddaae31 198->203 204 7ff61ddaae8d-7ff61ddaae92 198->204 199->202 207 7ff61ddaad64-7ff61ddaad71 call 7ff61ddaa27c 201->207 208 7ff61ddaace7-7ff61ddaacee 201->208 202->197 209 7ff61ddaae33-7ff61ddaae36 203->209 210 7ff61ddaae5d-7ff61ddaae6e 203->210 204->164 207->202 208->198 212 7ff61ddaacf4-7ff61ddaad04 208->212 215 7ff61ddaae53-7ff61ddaae58 call 7ff61dda1c7c 209->215 216 7ff61ddaae38-7ff61ddaae48 call 7ff61dda1cec call 7ff61dda1ccc 209->216 213 7ff61ddaae70-7ff61ddaae73 210->213 214 7ff61ddaae75-7ff61ddaae85 call 7ff61dda1cec call 7ff61dda1ccc 210->214 219 7ff61ddaad06 212->219 220 7ff61ddaad5d-7ff61ddaad5f 212->220 213->160 213->214 214->204 215->210 216->215 224 7ff61ddaad09-7ff61ddaad20 call 7ff61ddae75c 219->224 220->190 232 7ff61ddaad54-7ff61ddaad5a GetLastError 224->232 233 7ff61ddaad22-7ff61ddaad2c 224->233 232->220 234 7ff61ddaad2e-7ff61ddaad40 call 7ff61ddae75c 233->234 235 7ff61ddaad49-7ff61ddaad50 233->235 234->232 239 7ff61ddaad42-7ff61ddaad47 234->239 235->220 237 7ff61ddaad52 235->237 237->224 239->235
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF61DDAAC15
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF61DDAAB93,?,?,?,00007FF61DDAC502), ref: 00007FF61DDAACD4
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF61DDAAB93,?,?,?,00007FF61DDAC502), ref: 00007FF61DDAAD54
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2210144848-0
    • Opcode ID: 02c0d7e0865ebf69948aaec949e578a5e157c8d302793733ca861cffe77f80d5
    • Instruction ID: d636d0c0ea4af69534efec963d3439f419c43061773e4c808769d0b80b8995d8
    • Opcode Fuzzy Hash: 02c0d7e0865ebf69948aaec949e578a5e157c8d302793733ca861cffe77f80d5
    • Instruction Fuzzy Hash: 4C81C022F18E1A85FB109B61D8402BE67A0BB44FA4F44D335DA0E937A1FF3CA845C312
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD90AA0, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options_invalid_parameter_noinfo_onexit_set_fmode
    • String ID:
    • API String ID: 2724578021-0
    • Opcode ID: ba357d4d5091e2d1ea9b720c8367ebb43e9a42d9222d5326bf4b452a114bb584
    • Instruction ID: 7136552809bb014ae20a5ab7104fe07f60b44ed678624b336da8d7833be19a5e
    • Opcode Fuzzy Hash: ba357d4d5091e2d1ea9b720c8367ebb43e9a42d9222d5326bf4b452a114bb584
    • Instruction Fuzzy Hash: 7D119A44E88E9F41FA5C77B155732B812815F40BA8F404738E60DC66D7FD1FB8548B22
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8E468, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43threadCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CurrentDebugOutputStringThread_invalid_parameter_noinfo
    • String ID: Th%5d :
    • API String ID: 1057960562-2094246374
    • Opcode ID: 6f309b5886740b582ba55119b8bac4cb9fb8584d99b16300ea1af16be0342888
    • Instruction ID: 987a791adab9f961640004e242b265c1e7dea72e11c8d24d9c87f2e38d82ce64
    • Opcode Fuzzy Hash: 6f309b5886740b582ba55119b8bac4cb9fb8584d99b16300ea1af16be0342888
    • Instruction Fuzzy Hash: 49115E32B28A8482E7109B20F8997EA7364FB88BE4F504235EA5D83794EF3CD559C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD929EC, Relevance: 4.5, APIs: 3, Instructions: 19COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: dc2466b6cacb8676fc719d81873ee1cfec8de597c265546977d0301ffa2f8e53
    • Instruction ID: 89e3deeb160ea2f0ee9738a7cd272880f1b62e1ee6523e45f6bee6f78ce189a7
    • Opcode Fuzzy Hash: dc2466b6cacb8676fc719d81873ee1cfec8de597c265546977d0301ffa2f8e53
    • Instruction Fuzzy Hash: B0E04820F54F0D46E7686B7058D537912917F49F71F509738C40E83396ED3EE4488350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA1F9C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 310 7ff61dda1f9c-7ff61dda1fbf call 7ff61dda1dc4 312 7ff61dda1fc4-7ff61dda1fc7 310->312 313 7ff61dda1fdf-7ff61dda1fe9 312->313 314 7ff61dda1fc9-7ff61dda1fd8 312->314 314->313
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: try_get_function
    • String ID: AppPolicyGetProcessTerminationMethod
    • API String ID: 2742660187-2031265017
    • Opcode ID: 76a54c11b5a289d529224fc560e7af8ae878f838e1919e9749c68a1c38dff14a
    • Instruction ID: ca47d7f2ebd94ba9fba89562c87684390e70cfaef399c0ffd588b4738f4e4134
    • Opcode Fuzzy Hash: 76a54c11b5a289d529224fc560e7af8ae878f838e1919e9749c68a1c38dff14a
    • Instruction Fuzzy Hash: BAE04F52E04D0E91FE4487A2A8001F012519F09BBCF888332DD3C8A3E0AE6DA9958340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA90A0, Relevance: 3.1, APIs: 2, Instructions: 74COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FF61DDA09B3,?,?,?,00007FF61DDA0C76), ref: 00007FF61DDA90B9
    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF61DDA09B3,?,?,?,00007FF61DDA0C76), ref: 00007FF61DDA917D
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: EnvironmentStrings$Free
    • String ID:
    • API String ID: 3328510275-0
    • Opcode ID: 2091b6f0f1c8ad31d13b8bdc660e953065175c5d88b77f22816a7c47a8e8d09a
    • Instruction ID: c62a9814cdd2e95554f5de483cb97bea5414369862581448a6a8c3d0b2db5c69
    • Opcode Fuzzy Hash: 2091b6f0f1c8ad31d13b8bdc660e953065175c5d88b77f22816a7c47a8e8d09a
    • Instruction Fuzzy Hash: 99216925F18F5581E6249F11644406A6694FF59FE0F888334DE8EA7BE5EF3CD4528704
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAA758, Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 338 7ff61ddaa758-7ff61ddaa7be call 7ff61ddb0b90 341 7ff61ddaa7c0 338->341 342 7ff61ddaa82f-7ff61ddaa859 call 7ff61dd907e0 338->342 344 7ff61ddaa7c5-7ff61ddaa7c8 341->344 346 7ff61ddaa7ee-7ff61ddaa813 WriteFile 344->346 347 7ff61ddaa7ca-7ff61ddaa7d1 344->347 348 7ff61ddaa815-7ff61ddaa81e 346->348 349 7ff61ddaa827-7ff61ddaa82d GetLastError 346->349 350 7ff61ddaa7d3-7ff61ddaa7d9 347->350 351 7ff61ddaa7dc-7ff61ddaa7ec 347->351 348->342 352 7ff61ddaa820-7ff61ddaa823 348->352 349->342 350->351 351->344 351->346 352->341 353 7ff61ddaa825 352->353 353->342
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: fa8b0b6920740ad832c7753448e05748eaceb5bb3493eeeb5ee8ec83d892d722
    • Instruction ID: 975d6cc626503075df46d6e921d598abcb2e1d1ef2baf3fc43510d56abc94da6
    • Opcode Fuzzy Hash: fa8b0b6920740ad832c7753448e05748eaceb5bb3493eeeb5ee8ec83d892d722
    • Instruction Fuzzy Hash: A631C232E18E899AD7108F25E4406AA67A0FB08B94F449231DA4D87764EF3CD456CB01
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA2D40, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: e0e7dba5b246c3015a7d10c782e400dc5902133af6251522fc5767818df6321c
    • Instruction ID: 56f06d9a8fb0e9725a84214c90e864a026b72fff16557e442ae338361e0ef209
    • Opcode Fuzzy Hash: e0e7dba5b246c3015a7d10c782e400dc5902133af6251522fc5767818df6321c
    • Instruction Fuzzy Hash: D431C122E19E5A81EB648B1695D01782A50FB05FB0F246339DB6E873F1DF38E4A1D340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAAAE8, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
    Download Yara Rule

    Control-flow Graph

    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 208d957f21addd658668b9691f3384f03ea842347435d0c27a7aea9e7bc47d40
    • Instruction ID: 98911ca8d299aa3024b66c446aceae558846374ed9a61d4d34cad2765d4c60b8
    • Opcode Fuzzy Hash: 208d957f21addd658668b9691f3384f03ea842347435d0c27a7aea9e7bc47d40
    • Instruction Fuzzy Hash: 6B21B032E08A4A46E6416F619C4137A7651BF84FF0F569736E91D873E2EE7CE4818701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD92930, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: d5236bb2c87ca35d99dd1b730b2a131581d0ffec56fcdb2e33d4d99684f890c0
    • Instruction ID: b286ad24fbc909007ce1abcd594d0ce7a920048bce9693476e0d643c2bc24624
    • Opcode Fuzzy Hash: d5236bb2c87ca35d99dd1b730b2a131581d0ffec56fcdb2e33d4d99684f890c0
    • Instruction Fuzzy Hash: 9B215076E04B4599EF198F74C4942FC3BA0FB44B2CF845636D64D82A85EF39D545CB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD96F78, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 85b1d8961efe6d4028d8c59653a5dcdb9803cc0320aa63736f36d41519e3501a
    • Instruction ID: 1a0053ab8852e96ccb1cccfc934850c4202362a9785c19630f0f05ff7afa6260
    • Opcode Fuzzy Hash: 85b1d8961efe6d4028d8c59653a5dcdb9803cc0320aa63736f36d41519e3501a
    • Instruction Fuzzy Hash: 1011B076A00F1A9CEB14CFB0E8800DC37B8FB187ACB504626EA5C52B58EF34D1A5C380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA2EC8, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlAllocateHeap.NTDLL(?,?,?,00007FF61DDA4815,?,?,?,00007FF61DD93993), ref: 00007FF61DDA2F06
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: b1461cb8123c6476f8670c011686dfa0a9eee1c6a63ccab4a673a40c5816229f
    • Instruction ID: 33e2e6ca55a11572c109b342e217940a3d9572cd8c90d88895e31013060c0255
    • Opcode Fuzzy Hash: b1461cb8123c6476f8670c011686dfa0a9eee1c6a63ccab4a673a40c5816229f
    • Instruction Fuzzy Hash: 6CF01C01F0DA5E85FE6467B3598277567A05F44FB0F889734DD2EC62E2FE6CA4948310
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF61DD8B080, Relevance: 144.2, APIs: 46, Strings: 36, Instructions: 662networkCOMMON
    Download Yara Rule
    APIs
    • htons.WS2_32 ref: 00007FF61DD8B0C0
      • Part of subcall function 00007FF61DD81F60: GetCurrentThread.KERNEL32 ref: 00007FF61DD81FD7
      • Part of subcall function 00007FF61DD81F60: GetThreadPriority.KERNEL32 ref: 00007FF61DD81FE0
      • Part of subcall function 00007FF61DD81F60: GetCurrentThread.KERNEL32 ref: 00007FF61DD81FE8
      • Part of subcall function 00007FF61DD81F60: SetThreadPriority.KERNEL32 ref: 00007FF61DD81FF4
      • Part of subcall function 00007FF61DD81F60: Sleep.KERNEL32 ref: 00007FF61DD81FFD
      • Part of subcall function 00007FF61DD81F60: GetCurrentThread.KERNEL32 ref: 00007FF61DD82003
      • Part of subcall function 00007FF61DD81F60: SetThreadPriority.KERNEL32 ref: 00007FF61DD8200E
      • Part of subcall function 00007FF61DD81F60: GetLocalTime.KERNEL32 ref: 00007FF61DD82047
      • Part of subcall function 00007FF61DD81F60: WaitForSingleObject.KERNEL32 ref: 00007FF61DD8210A
      • Part of subcall function 00007FF61DD81F60: Sleep.KERNEL32 ref: 00007FF61DD8213A
      • Part of subcall function 00007FF61DD81F60: ReleaseMutex.KERNEL32 ref: 00007FF61DD8216D
      • Part of subcall function 00007FF61DD81F60: CreateFileA.KERNEL32 ref: 00007FF61DD821DA
      • Part of subcall function 00007FF61DD81F60: Sleep.KERNEL32 ref: 00007FF61DD821EC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Thread$CurrentPrioritySleep$CreateFileLocalMutexObjectReleaseSingleTimeWaithtons
    • String ID: $%s request for file <%s>. Mode %s$%s\%s$<%s> changed to <%s>$<%s> changed to <%u>$<%s> proposed by client %d, refused by Tftpd32$<%s> proposed by client %d, reply with %d$CreateFile$Error EACCESS on file %s. Ext error %s$Error: Tftpd32 does not handle filenames with a percent sign$File <%s> : error %d in system call %s %s$File name too long, return EBADOP to peer$FileName is <%s>$Mode is <%s>$OACK: <%s>$Option <%s>: value <%s>$Option is <%s>$Read$Returning EBADOP to Peer$Size of OACK string : <%d>$Uncorrect message$Unexpected request %d from peer$Write$ascii$binary$blksize$dir.txt$final name : <%s>$mail$mode is too long, return EBADOP to peer$netascii$octet$timeout$tsize$udpport$using udpport option --> %s
    • API String ID: 3337751635-2178039422
    • Opcode ID: b89c40831197293aa8a316b0371ab174d9b35edd3ad7cda9b5baf66c7560ed8e
    • Instruction ID: 6bfd06d8f8e3ba6a4d20eeedf7091d1e96579face60b514cf7226c8c28e25c38
    • Opcode Fuzzy Hash: b89c40831197293aa8a316b0371ab174d9b35edd3ad7cda9b5baf66c7560ed8e
    • Instruction Fuzzy Hash: AF52CF61E08E4A86EB258B35E4443BA63A1FF45FA8F41A335CA4E87695FF3CE505D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD84E90, Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 404sleepnetworkstringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: SleepThread$ErrorLast$Currentlstrcpy$Prioritysetsockoptwsprintf$inet_ntoalstrcpyn$LocalObjectPrivateProfileSingleStringTimeWaitgethostnameinet_addrlstrcmprecvfrom
    • String ID: %02X%c$%d Request %d not processed$Can add PKTINFO capabilty to DHCP socket ! Error %d$Can add broadcast capabilty to DHCP socket ! Error %d$DHCP thread ends here$FF:F$IP_Pool$Lease file updated.Discover Devices$Message received on an unbound interface (IP %s)$Message truncated (length was %d)$Packet addressed to %s$PoolSize$Recv error %d$SOFTWARE\TFTPD32\DHCP$Tftpd32DchpServer$Thread 0x%X: send %d bytes$bootpc$sendto error %d: %s$udp
    • API String ID: 2244681156-3910943496
    • Opcode ID: d23445066f6ebbb985f7810bed91c0c3ae3392db6b155ea580e7e2da96cde6eb
    • Instruction ID: 723398f69fe9b6527ab4461ad8ebef055e3abe55bacc0cdb8fdba896b73c29eb
    • Opcode Fuzzy Hash: d23445066f6ebbb985f7810bed91c0c3ae3392db6b155ea580e7e2da96cde6eb
    • Instruction Fuzzy Hash: A7226D21E08E8A95EB218B24E8403B977A1FF45F68F84533AD64D876D9EF7CE548D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D82B, Relevance: 91.3, APIs: 34, Strings: 18, Instructions: 312networksleepsynchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event$Close$CreateErrorLastSelectSleep$Waitclosesocket$HandleMultipleMutexObjectsgetaddrinfosend$CurrentDebugObjectOutputReleaseResetSingleStringThreadaccepthtonslstrlensetsockoptwsprintf
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Can not create resource$Console %sconnected$End of console thread$Error %d during setsockopt$Rc!=0$Tftpd32$Verify Console/GUI parameters$Version check OK$accept error %d$can not create listening socketError %d$dis$end of GUI session$opening comm socket$rcvd error %d/%d in console$received %d bytes from console$tftpd32$tftpd32
    • API String ID: 3437018365-4021603041
    • Opcode ID: eb0bd7fd5bb5caa1380680b8f23fdcc3ca114856ddcd43de520458a5a01e872e
    • Instruction ID: c1992e3a2375d26691f778f2c6da4f755b386660a92a7081a51fbde166d4fd09
    • Opcode Fuzzy Hash: eb0bd7fd5bb5caa1380680b8f23fdcc3ca114856ddcd43de520458a5a01e872e
    • Instruction Fuzzy Hash: 77F14821E08E4A86F7119B29E8546B92760BF85FB4F50A335D92EC26E5FF3CE445D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD83A80, Relevance: 79.5, APIs: 22, Strings: 23, Instructions: 706stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: inet_ntoa$wsprintf$htonl$inet_addrlstrcpy$Send_invalid_parameter_noinfo
    • String ID: %02X%c$%02d/%02d/%04d/%02d:%02d:%02d$%s%d%s$%s: proposed address %s$%s: statically assigned to address %s$Ack$Added lease for existing address %s$BOOTP$Client requested address %s$Client requested address %s which was not allocated by tftpd32 and is either outside our pool or is used by someone else$DHCP$Ignoring Bootp request$Item %d: IP %s, Mac %s, Age %d sec, %s$Lease_$Nak$Previously allocated address %s acked$Rcvd %s Msg for IP %s, Mac %s$SOFTWARE\TFTPD32\DHCP$_InitialOfferTime$item %s released$item destroyed$no more address or address previously allocated by another server$no more addresses or address previously allocated by another server
    • API String ID: 2793022205-3629169906
    • Opcode ID: daa2ef6b318eebcd7a323bc09116dbcd76c12fed6c1ba12203f1883d9396e641
    • Instruction ID: 268953622f26fdb34919932e6208583d4284b0d09afab2531203add051ae42ae
    • Opcode Fuzzy Hash: daa2ef6b318eebcd7a323bc09116dbcd76c12fed6c1ba12203f1883d9396e641
    • Instruction Fuzzy Hash: 1472CA61E08E8A86EB26CB24E4507B937A1EF45FA8F445239DA4EC3695FF3CE505D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD89C00, Relevance: 66.8, APIs: 27, Strings: 11, Instructions: 288stringnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLast$AdaptersAddressesgetaddrinfowsprintf$FormatFreeLocalMessageMutexObjectReleaseSingleSleepWaitfreeaddrinfoinet_ntoalstrcmplstrcpylstrcpynlstrlensocket
    • String ID: $%ls$Bind error %d%s$Error %d%sTftpd32 can not bind the %s portan application is already listening on this port$Error %d%sTftpd32 tried to bind the %s portto the interface %swhich is not available for this hostEither remove the %s service or suppress %s interface assignation$Error : Can't create socketError %d (%s)$Port %d may be reused$bind port to %s port %s failed$setsockopt error$tftp$unknown
    • API String ID: 1575229138-3226681565
    • Opcode ID: 378c5e00a19c521b6e190ee915a1380c3dcfb99a4bf5c544899ce92da0676da8
    • Instruction ID: 14e68b05f1b1c4d9f6920c2602cd3d12d503efa9c3989e41669e2052a985159a
    • Opcode Fuzzy Hash: 378c5e00a19c521b6e190ee915a1380c3dcfb99a4bf5c544899ce92da0676da8
    • Instruction Fuzzy Hash: 16E16C32E08F4A86EB119B61E8402A977A0FB46FB8F545335DA5D83AE5EF3CE545C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8BE90, Relevance: 61.6, APIs: 18, Strings: 17, Instructions: 321networkfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons$Thread$ErrorFileLast$CurrentPrioritySleep$Pointer$CreateLocalMutexObjectReadReleaseSingleTimeWait_set_error_moderecvsend
    • String ID: Ack block %d ignored (received twice)$Ack of block #%d received (last block sent #%d !)$C:\Users\ark\source\repos\tftpd64\src\_services\tftpd_thread.c$Count %d, Last pkt %d $File <%s> : error %d in system call %s %s$MAX RETRIES while waiting for Ack block %d. file <%s>$Peer returns ERROR <%s> -> aborting transfer$ReadFile$TIMEOUT waiting for Ack block #%d $WARNING : Last block #%d not acked for file <%s>$fseek$ignore unknown opcode %d received$pTftp!=NULL$rcvd packet too short$recv$send$timeout while waiting for ack blk #%d
    • API String ID: 3042123529-4116792352
    • Opcode ID: 0e99ebef462774d84a5edec505d667564bd6eaa67181c9656efea8e8bc60042b
    • Instruction ID: 27bb881bca472618cd8e8830550cbff731591d4582e2c65ad0061f83b3ada29a
    • Opcode Fuzzy Hash: 0e99ebef462774d84a5edec505d667564bd6eaa67181c9656efea8e8bc60042b
    • Instruction Fuzzy Hash: 4AE16932E08A4AA7EB159B25E6405B973A0FB05BA5F406236D70EC3A95FF3CF464D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8E68C, Relevance: 56.3, APIs: 28, Strings: 4, Instructions: 281windowstringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Window$Parent$Long$MessageMetricsSendSystemText$ClassCreate$DesktopExtentFocusIconLoadPoint32RectReleaselstrlen
    • String ID: 2$<$BUTTON$Edit
    • API String ID: 145751049-2098600227
    • Opcode ID: f18c5fef83fd8de4845624d210dcf61f5a52c70b8a23ea201ab077ebe50eb6a5
    • Instruction ID: 86223b87d7c6d90f89e395cff9a276ee6257b2e0ea779f14583db17bfeb5e9be
    • Opcode Fuzzy Hash: f18c5fef83fd8de4845624d210dcf61f5a52c70b8a23ea201ab077ebe50eb6a5
    • Instruction Fuzzy Hash: 21C1C172A08A4987E714CF25E84476A77A4FB89F98F519335DA8E83758EF3CE045CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8C7A0, Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 287networksleepthreadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLast$Thread$CurrentSleephtons$CloseDebugEventHandleMessageObjectOutputPrioritySingleStringWaitbindclosesocketconnectgetnameinfogetsocknamesendsocket
    • String ID: $Error : bind returns %d: <%s>$Error : connect returns %d: <%s>$Error : socket returns %d: <%s>$Humm$Tftpd32$Using local port %s$end of transfer %d$permanent thread signalled %d (%d)$return from thread$worker thread leaving %d
    • API String ID: 2479419578-264993322
    • Opcode ID: 01fbed29ec929dc43d14d59e61a777062cd7ca21ad319495f900c797810d7c58
    • Instruction ID: 59fbbb6d81ef706ce58da832e617ead6fc104483f854c82a90079f4eb2552f9a
    • Opcode Fuzzy Hash: 01fbed29ec929dc43d14d59e61a777062cd7ca21ad319495f900c797810d7c58
    • Instruction Fuzzy Hash: 91D17D22E08E4A86E7519F39D40027923A4FB85FB8F156336EA1DD76D4FE3CE8849750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8C3C0, Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 232networkfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Threadhtons$CurrentErrorLastPrioritySleep$FileLocalsend$CreateFormatFreeMessageMutexObjectReleaseSingleTimeWaitWrite_set_error_modelstrcpynrecv
    • String ID: 2$C:\Users\ark\source\repos\tftpd64\src\_services\tftpd_thread.c$File <%s> : error %d in system call %s %s$MAX RETRIES while waiting for Data block %d. file <%s>$Peer sent unexpected message %d$TIMEOUT while waiting for Data block %d, file <%s>$WARNING: First block sent by client is #0, should be #1, fixed by Tftpd32$pTftp!=NULL$rcvd packet too short$recv$send$timeout while waiting for data blk #%d$write
    • API String ID: 1815284848-1207958474
    • Opcode ID: 96e91efb5cfb5d34b77ff01a9b0750aa495e95a072aa68b76012d31dc7e9fc3e
    • Instruction ID: b859a63f1076e658eb81ce6c79da0edf7ef4e63f6a1c3a56d252a55fac6be896
    • Opcode Fuzzy Hash: 96e91efb5cfb5d34b77ff01a9b0750aa495e95a072aa68b76012d31dc7e9fc3e
    • Instruction Fuzzy Hash: 84B17E72E08E4A86EB159F39E4011B933A1EF45FA9F446236DA0EC6699FF3CE544D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD888B0, Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 197networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLast$setsockopt$bindclosesocketfreeaddrinfogetaddrinfogetnameinfosocketwsprintf
    • String ID: $Bind error %d%s$Error %d%sTftpd32 can not bind the %s portan application is already listening on this port$Error %d%sTftpd32 tried to bind the %s portto the interface %swhich is not available for this hostEither remove the %s service or suppress %s interface assignation$Error : Can't create socketError %d (%s)$Port %d may be reused$bind port to %s port %s failed$setsockopt error$unknown
    • API String ID: 2263015294-3648659133
    • Opcode ID: f1c4cf5baf44ea731864f1551234da284f699cd666fbce6840b22aff328bad8a
    • Instruction ID: 9943aec31c2f080a4f5d37c3d247617c69e5936bb7e65156e95090ac519f57f3
    • Opcode Fuzzy Hash: f1c4cf5baf44ea731864f1551234da284f699cd666fbce6840b22aff328bad8a
    • Instruction Fuzzy Hash: 0191CD22E08E4A86E711DB65E4452AD77A0FB8AFB8F505335DA1D936E4EF3CE449C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD84A10, Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 133networkthreadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htonl$ErrorLastgetservbynamesendtosetsockopt$CurrentThreadbindclosesocketsocket
    • String ID: Thread 0x%X: send %d bytes$bootps$sendto error %d: %s$udp
    • API String ID: 299956617-405404397
    • Opcode ID: d80af17b99361d9fac73d831c209ce95b669a5ac8ec5f5233bf03a91765f61ea
    • Instruction ID: c0cd7d19c9539714eceb7b11911c653ebe59b3f90caf43b62310a408a5c0ebb5
    • Opcode Fuzzy Hash: d80af17b99361d9fac73d831c209ce95b669a5ac8ec5f5233bf03a91765f61ea
    • Instruction Fuzzy Hash: 21519161E08A4A86E7109F25A8046793761AF46FB9F149335DA5D87BE0EF3CE489C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9B0EC, Relevance: 40.4, APIs: 20, Strings: 2, Instructions: 1863COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: memcpy_s$_invalid_parameter_noinfo
    • String ID: $%d/%d/%d/%d:%d:%d
    • API String ID: 2880407647-2211377134
    • Opcode ID: d4e7b6b5b735c23bfe89580a36dce14d4fe99950e75709a70411d4a303f26263
    • Instruction ID: a386050ede6b161263da9a50e7f2d05fea3800a79896aa462312e09d33d2db62
    • Opcode Fuzzy Hash: d4e7b6b5b735c23bfe89580a36dce14d4fe99950e75709a70411d4a303f26263
    • Instruction Fuzzy Hash: EA030972E089D68BD779CE29D4507F93795F788B9CF411235DA0AD7B88EF3AA9008740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8A200, Relevance: 35.4, APIs: 10, Strings: 10, Instructions: 371sleepthreadnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: getnameinfo$recvfrom$CreateErrorEventLastSleepThread
    • String ID: $Connection received from %s on port %s$Error : RecvFrom returns %d: <%s>$Thread %d transfer %d started (records %p/%p)$Transfert #%d$Warning : Unaccepted request received from %s$Warning : received duplicated request from %s:%s$max number of threads reached, connection from %s dropped$thread %d started$waking up thread %d for transfer %d
    • API String ID: 432015200-3195956678
    • Opcode ID: c30b097326c5a4a4ecb6e6027a23bc4730ee71cb7378e90900deabe0e0195d47
    • Instruction ID: 4c1a543cc08efdb8083418f8230e0717f37f01b2bbfc9951d859ae3f1c524d62
    • Opcode Fuzzy Hash: c30b097326c5a4a4ecb6e6027a23bc4730ee71cb7378e90900deabe0e0195d47
    • Instruction Fuzzy Hash: 05129E62E08F8A86EB219F60E4402A933A4FB44F68F446339DA4D87695FF3CE594D741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAB200, Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1207COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: dbdff64b9079932f741b5d8b1cf7d24d1aba2bb1ac5bb67ed602905bc7c4067c
    • Instruction ID: 20fa86b6b6207ccd1e9be1246b5d0af6beb1178ce879282cc565f6f8239f1022
    • Opcode Fuzzy Hash: dbdff64b9079932f741b5d8b1cf7d24d1aba2bb1ac5bb67ed602905bc7c4067c
    • Instruction Fuzzy Hash: AFB21972E089968AE7758E79C4407FD37A0FB44B98F519735DA0A97B94EF38E901CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD885F0, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 150networksleeptimeCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLasthtonl$SleepSystemTimegethostbynamegethostnamerecvfromsendto
    • String ID: End of Sntp thread$SNTPD: sendto error %d: %s$erreur %d during socket operation
    • API String ID: 1892856538-762114845
    • Opcode ID: 70c703632fa71cbc3c47ba74c25216891abd3fc93456672e926a51b27f714f92
    • Instruction ID: 8df03fa33e0a04cfac18908bb46c7ff6cf4a728877b29e194ef4fbb72b24994d
    • Opcode Fuzzy Hash: 70c703632fa71cbc3c47ba74c25216891abd3fc93456672e926a51b27f714f92
    • Instruction Fuzzy Hash: D4716131E08E898AE7118F28F8512B977A0FF45B68F445339DA4D976A5EF3CE195CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD90450, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 94networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLastbindclosesocketfreeaddrinfogetaddrinfosetsockoptsocketwsprintf
    • String ID: UdpSend bind returns %d (error %d)$UdpSend: Port %d may be reused$sendto returns %d$setsockopt error
    • API String ID: 3714774335-4139470167
    • Opcode ID: fd7eb1bbe38ee85f95315ce82acb6309e169bc777c6e91e43d4a698f87af9519
    • Instruction ID: 70f476c8d32de181e70de98df1d261f24543cad169a20694d259ef12004759cb
    • Opcode Fuzzy Hash: fd7eb1bbe38ee85f95315ce82acb6309e169bc777c6e91e43d4a698f87af9519
    • Instruction Fuzzy Hash: 53414F62F08A598AE7109F75E8506AC27B1AB49FA8F508335DD1E87B94EE3CD449C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9EB00, Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 332COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$Module$FileHandleName
    • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program:
    • API String ID: 3031022502-1508414584
    • Opcode ID: de05f39f635cd0b65964fd2980abb88fc8af06393cee3de2339ddfa81edca481
    • Instruction ID: 4fff9f2517018cdf1c81e0c117bb97d2a92e378b7a3735fec399124a57d38f1f
    • Opcode Fuzzy Hash: de05f39f635cd0b65964fd2980abb88fc8af06393cee3de2339ddfa81edca481
    • Instruction Fuzzy Hash: 9FC1C461F09E4B80FA58AF6299146FA9254AF55FE4F418632DD0ED27EAFE3DE405C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8F80C, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 70filestringtimeCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: File$Time$Find$CloseDateFirstFormatLocalNextSystemlstrcatlstrcpynwsprintf
    • String ID: %s%s%u$\*.*
    • API String ID: 564219435-1614761745
    • Opcode ID: 0385a1ec300b7975a5ffca78e87ae0221223f768be0acaa7512209fbd9a01242
    • Instruction ID: 2a066c0e862d5a84b3fb8f46d5dd1fc119f07f6cf0118d76ed38a19bfe6963df
    • Opcode Fuzzy Hash: 0385a1ec300b7975a5ffca78e87ae0221223f768be0acaa7512209fbd9a01242
    • Instruction Fuzzy Hash: B7315432A08ECA95EB218F34E8447E97360FB45BA8F405335DA5D87698EF7CD649C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA53A0, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 329timeCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
    • String ID: ?
    • API String ID: 435049134-1684325040
    • Opcode ID: bc73b998a468b2aba87aab0478bea212433230b82ec23ec09290a59c2b04f884
    • Instruction ID: 1a37c81370c9871cd97d5db58386a8bb31a9fdc172b1189f44eae78c8afa3c0a
    • Opcode Fuzzy Hash: bc73b998a468b2aba87aab0478bea212433230b82ec23ec09290a59c2b04f884
    • Instruction Fuzzy Hash: CCD18422E08A4A8AEB509F35D4402B97B95FB44FB4F949335EA4EC76A5EF3CF4418740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8DE20, Relevance: 12.1, APIs: 8, Instructions: 95networkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: getaddrinfo$bindfreeaddrinfohtonslistensocketwsprintf
    • String ID:
    • API String ID: 4202540692-0
    • Opcode ID: 0981a251dcf5fb7a434584e914e48d6bbef2c15f01b8a2dd4ebad8b3cbf72181
    • Instruction ID: ce1becd602373bfc1933dec1d896818e80d037145fa42a0e0f3796e2b9c97481
    • Opcode Fuzzy Hash: 0981a251dcf5fb7a434584e914e48d6bbef2c15f01b8a2dd4ebad8b3cbf72181
    • Instruction Fuzzy Hash: F1415D72E04A4A89E7118BB5D8442AC33B1BB45FB8F149335DE2E966D4EF38A444D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9E4B4, Relevance: 9.2, APIs: 6, Instructions: 245COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
    • String ID:
    • API String ID: 1405656091-0
    • Opcode ID: 351c459857be33ea068bbbb1494632df6d08fcf718ddfd7d83a9e1cc1e23ce2f
    • Instruction ID: 054a1604fd6de10fbda4a30b518da667b6480665249377cfb9eeeb08e0de09ea
    • Opcode Fuzzy Hash: 351c459857be33ea068bbbb1494632df6d08fcf718ddfd7d83a9e1cc1e23ce2f
    • Instruction Fuzzy Hash: A091D7B2F05A4A8BEB588F65C9513B86795EB54F98F448235EA0DCB789FF3DE4408700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA19B8, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: f53299b4997bac391509a7597e1b126c21cff379310d57e246afe53c960929d1
    • Instruction ID: 3d415a93b924d1774277ba5bf9347aeb77158d1c0e451d4ad0deacbd4dd317e6
    • Opcode Fuzzy Hash: f53299b4997bac391509a7597e1b126c21cff379310d57e246afe53c960929d1
    • Instruction Fuzzy Hash: 6C316436A04F8585D764CF35E8402AE73A4FB85BA8F544335EA9D83B98EF38D155CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA55A8, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157timeCOMMON
    Download Yara Rule
    APIs
    • _get_daylight.LIBCMT ref: 00007FF61DDA55CB
      • Part of subcall function 00007FF61DDA4BAC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF61DDA4BC0
    • _get_daylight.LIBCMT ref: 00007FF61DDA55DC
      • Part of subcall function 00007FF61DDA4B4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF61DDA4B60
    • _get_daylight.LIBCMT ref: 00007FF61DDA55ED
      • Part of subcall function 00007FF61DDA4B7C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF61DDA4B90
      • Part of subcall function 00007FF61DDA1D84: HeapFree.KERNEL32(?,?,?,00007FF61DDA9798,?,?,?,00007FF61DDA97DB,?,?,?,00007FF61DDA9CA0,?,?,?,00007FF61DDA9BD3), ref: 00007FF61DDA1D9A
      • Part of subcall function 00007FF61DDA1D84: GetLastError.KERNEL32(?,?,?,00007FF61DDA9798,?,?,?,00007FF61DDA97DB,?,?,?,00007FF61DDA9CA0,?,?,?,00007FF61DDA9BD3), ref: 00007FF61DDA1DAC
    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF61DDA5821), ref: 00007FF61DDA5614
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
    • String ID: ?
    • API String ID: 3458911817-1684325040
    • Opcode ID: 3ed54b7a0ad21a9cc3cd6283ebe8b06c05cff8a10e935103b6ed8c0b8de3d61d
    • Instruction ID: d2e601076356676f1dc8863aa09318fcf73ea39e455aed515047bbbb4b1b3248
    • Opcode Fuzzy Hash: 3ed54b7a0ad21a9cc3cd6283ebe8b06c05cff8a10e935103b6ed8c0b8de3d61d
    • Instruction Fuzzy Hash: 6B614F32D18A5A86E760DF21E8405A977A4FB48BA4F948336EA4DC76A5EF3CF441C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAA27C, Relevance: 7.8, APIs: 5, Instructions: 325fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorFileLastWrite$Console
    • String ID:
    • API String ID: 786612050-0
    • Opcode ID: 0f3b1c07fd0547d85254a5ffe24d06f40ae6d3166f51d655e15f3f5e087e9449
    • Instruction ID: 78f9b8c125b1a0ae503aa95918ab9e1df61991483ddccb02f58b2a8bc9ba9ba9
    • Opcode Fuzzy Hash: 0f3b1c07fd0547d85254a5ffe24d06f40ae6d3166f51d655e15f3f5e087e9449
    • Instruction Fuzzy Hash: 8EE1E262F08E858AE711CF64D4402EE77B1FB44BA8B549335CA4D87BA9EE38D016C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD846B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$Table$Sendgethostbynamegethostnameinet_addrinet_ntoarecvfrom
    • String ID: Added lease for existing address %s
    • API String ID: 270021040-73727089
    • Opcode ID: 56a1f0f41698e2b6caae5c19b142efb11df9dc71f1d8553786be90375fdbc8ee
    • Instruction ID: e21d51b53bb41ffbc6b55ee05aeebd4937753ffc7de02fed4e0bac7eaa0f4cb5
    • Opcode Fuzzy Hash: 56a1f0f41698e2b6caae5c19b142efb11df9dc71f1d8553786be90375fdbc8ee
    • Instruction Fuzzy Hash: A1314131E19F8A85EB51DB10E8407AA73A1FB96F64F406239E64D43695EF7CE444CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8ED18, Relevance: 6.0, APIs: 4, Instructions: 30stringwindowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorFormatFreeLastLocalMessagelstrcpyn
    • String ID:
    • API String ID: 2452728953-0
    • Opcode ID: c75bcb14c7b88114fea77ece60e4e0a999cbd421e4e360be8e95220d9f13f4c0
    • Instruction ID: 0bd7235793ddb9dd0c87d8e5eb54c86907bfa1dc719d6739b6333d40b6595075
    • Opcode Fuzzy Hash: c75bcb14c7b88114fea77ece60e4e0a999cbd421e4e360be8e95220d9f13f4c0
    • Instruction Fuzzy Hash: E4018F21E18E0A82F7009BA1E88436A3760FB85FA9F504339D54D827A8EF7CD108C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9CF20, Relevance: 4.8, APIs: 3, Instructions: 317COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 25d6ef64154c71e97d3c907b8c0542e140336511937ffae7f2708c7683102caa
    • Instruction ID: 9c35ff9bbfbf4d8f2dcd791ec90880963bf0adc165f2f851ea91f74b343bc108
    • Opcode Fuzzy Hash: 25d6ef64154c71e97d3c907b8c0542e140336511937ffae7f2708c7683102caa
    • Instruction Fuzzy Hash: EDC1E772F1968A87E728CF19E154A69B791F794B94F448235DB4E83744EF3EE801C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9E150, Relevance: 4.8, APIs: 3, Instructions: 252COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo
    • String ID:
    • API String ID: 1286766494-0
    • Opcode ID: d28d89bca5ec8f80273649ea5111998d2820f4fdc98992b50a5d4e89dbfc96a9
    • Instruction ID: a6cce431e7ac2af0ef277964b04bc8c02bcc18bf3032f61a011b6eda373ab1cf
    • Opcode Fuzzy Hash: d28d89bca5ec8f80273649ea5111998d2820f4fdc98992b50a5d4e89dbfc96a9
    • Instruction Fuzzy Hash: 13917F62F06E2A86FF1CCAA4D5606BC62A4AF55F68F044735DE0ED66D5FF2EE5018300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA396C, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: gfffffff
    • API String ID: 3215553584-1523873471
    • Opcode ID: a49586a0d896ee7d429223d03e553d5eb7c9dfc20e69b5a083ea7503c1e3187d
    • Instruction ID: 85fdf4a56a31f2c2cbeca21f48c3162c515f47ec230e02842d420d6b21bbe9b1
    • Opcode Fuzzy Hash: a49586a0d896ee7d429223d03e553d5eb7c9dfc20e69b5a083ea7503c1e3187d
    • Instruction Fuzzy Hash: 03912462F09BCA86EB15CB69D4007A96796AB54FE0F05C232CA4D873A1FE7DE506C301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA7E6C, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF61DDA7E9C
      • Part of subcall function 00007FF61DDA1BEC: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF61DDA1BC9), ref: 00007FF61DDA1BF5
      • Part of subcall function 00007FF61DDA1BEC: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF61DDA1BC9), ref: 00007FF61DDA1C1A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
    • String ID: *?
    • API String ID: 4036615347-2564092906
    • Opcode ID: 84fb8b90cf0a4f2c7072f1df2422b36c08b4ab2b4c01596c4a98f0508ddb2c28
    • Instruction ID: 5c528e42a1a982f7aef3b5eafac2f907d6c2f0062c8d275e15fef069c3243646
    • Opcode Fuzzy Hash: 84fb8b90cf0a4f2c7072f1df2422b36c08b4ab2b4c01596c4a98f0508ddb2c28
    • Instruction Fuzzy Hash: 4351F162F14F9A95EF10CBA698014B967A1FB48FE8B458631EE1E87B95FF3CD4418310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDB0688, Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: fc229cfffd7c9502cc055cfe495bf0d79ef17ba3abc1df723886e5e33cc1d9a7
    • Instruction ID: 8812d36fb34abe26f54e2a95536306c79850c4a186c0508cfd77fe531525606e
    • Opcode Fuzzy Hash: fc229cfffd7c9502cc055cfe495bf0d79ef17ba3abc1df723886e5e33cc1d9a7
    • Instruction Fuzzy Hash: 1DB13977A00B998BEB15CF29C48226877A0F786F98F18CA25DA5D877A4DF39D451CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAD018, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo
    • String ID:
    • API String ID: 474895018-0
    • Opcode ID: 173ffc0fdbb817a0ebc568ee26d2f17adc6a627284657c8817f1b871f208bdb6
    • Instruction ID: 31e52b2062dcb0870c5547c32b532ed9b5872d9b96d8c6968888839ee17e361b
    • Opcode Fuzzy Hash: 173ffc0fdbb817a0ebc568ee26d2f17adc6a627284657c8817f1b871f208bdb6
    • Instruction Fuzzy Hash: 5571E422F08A9A87FB344A6D9440A796391AB80B70F14C735DA6EC76F5FE3DE841C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA8078, Relevance: 1.6, APIs: 1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b5090e572eb044f76d92cb2a9fc69c516b4897d7907a9bfef800e40b502d2483
    • Instruction ID: bc345e677b97c9dd5e6e45800ca076b8b0c7148b06848042e134808c822a3d78
    • Opcode Fuzzy Hash: b5090e572eb044f76d92cb2a9fc69c516b4897d7907a9bfef800e40b502d2483
    • Instruction Fuzzy Hash: D251C222F08B9599F7208B72A9015AE7BA5BB44BE4F148335EE5D87B95EF3CD141C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD95914, Relevance: 1.5, Strings: 1, Instructions: 209COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: 746f7eb24f727b4eef300390552474dc1cb85980915c1aa0ca15db3de613e0f8
    • Instruction ID: fa6a7942273666c413c4ef9152b03eecebe261d8d9730c5652022406e95d10d9
    • Opcode Fuzzy Hash: 746f7eb24f727b4eef300390552474dc1cb85980915c1aa0ca15db3de613e0f8
    • Instruction Fuzzy Hash: FC71C315E18A0B46FABC9A2940606B922A1EF40F64FC05336DD49936D9EE3FF843C749
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD95148, Relevance: 1.5, Strings: 1, Instructions: 206COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: b738ffd988268f17dc7c72b05d085da71073f83a510af38d787aaf184fa1460e
    • Instruction ID: 43b2735afb892f3b770bdfa71053fb1ebea09822f3e2cc101b152e9e16e6f3bd
    • Opcode Fuzzy Hash: b738ffd988268f17dc7c72b05d085da71073f83a510af38d787aaf184fa1460e
    • Instruction Fuzzy Hash: 9371E311E0CA4E46FA6C8A2990207BE6791AB42F68FC41335DD49877D9EE2FF843C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD953CC, Relevance: 1.4, Strings: 1, Instructions: 196COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: 818faa384e9ba73175ee990b501f496c86bc0d3fe0ea9c741a4c8ea92a832f7b
    • Instruction ID: 37f6e95caeb8bec09ad5c92614d037d3760a4deaab7743359e6fa43c9abb2da8
    • Opcode Fuzzy Hash: 818faa384e9ba73175ee990b501f496c86bc0d3fe0ea9c741a4c8ea92a832f7b
    • Instruction Fuzzy Hash: 2C611311E0CA4E86EAEC8A2950203BA17969F41F78FD40331DD4DD769AEE2FF8478701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA9EF0, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 26b32f3d803b06936bed53e795b6283efed1ad399a61523788cd40325f41a35c
    • Instruction ID: 400f1d98f12749ae056056c97a4508edfcb10fc28c1063391f36492607d179ec
    • Opcode Fuzzy Hash: 26b32f3d803b06936bed53e795b6283efed1ad399a61523788cd40325f41a35c
    • Instruction Fuzzy Hash: 6EB09220E17F4AC2EA482B216C8221423A46F48F20FA94278C00C80320FE3C20F55700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8FBB8, Relevance: .7, Instructions: 683COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dbdbc517c7ba04a632b902b84bc85892e206b92796fb512f0bf12e38e0ce9e19
    • Instruction ID: 370c0798df63e9e2c8ccbe40bb6010f6a4c553ad6eaa8b19adda75812ac896ac
    • Opcode Fuzzy Hash: dbdbc517c7ba04a632b902b84bc85892e206b92796fb512f0bf12e38e0ce9e19
    • Instruction Fuzzy Hash: 552272B7F384204BD31DCB69EC52FA936A2B75434C749A02CEA17D3F44EA3DEA158644
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9ABE0, Relevance: .3, Instructions: 285COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 34b8e01fa580a535f1fa342b646fa8a054d00d41030700a12481af887a58dd72
    • Instruction ID: 12b9c4c6badc13b92fa2c6a28c7461f4cb082d598636050086dee02dbed2d911
    • Opcode Fuzzy Hash: 34b8e01fa580a535f1fa342b646fa8a054d00d41030700a12481af887a58dd72
    • Instruction Fuzzy Hash: EF912623F18A5A4AFE6D4D2594303BB1680AB50B64F142739EE6EC77D4FD2EE8059701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD95634, Relevance: .2, Instructions: 217COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 41ecd7c0e3580cdd35124c553102cedd493a216aacff9caa1ed17112d502efdf
    • Instruction ID: 1aa308dce9ccf19b8161845d45091326f6ff31752984cffab2f854864ed7f3bf
    • Opcode Fuzzy Hash: 41ecd7c0e3580cdd35124c553102cedd493a216aacff9caa1ed17112d502efdf
    • Instruction Fuzzy Hash: CC81F625E1CA0B82EB6C9A1990206BD26A1EF40F64FC45335ED4DD7298EE2FF946C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA1118, Relevance: .1, Instructions: 126COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: dacc0909ab386fe0fec21eb24c32389b51e6b926bfebf4da5722741a0edc02ed
    • Instruction ID: a3f7f82484ebe0361098c8170837410a2ac3a3f8218a654dc15de06be0b08c2a
    • Opcode Fuzzy Hash: dacc0909ab386fe0fec21eb24c32389b51e6b926bfebf4da5722741a0edc02ed
    • Instruction Fuzzy Hash: 3941E122B15E5882EF04CF7AD9155A973A5AB48FE4F499236EE0DC7B68EF3CD1418300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9D4D4, Relevance: .1, Instructions: 91COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1287ddf3d0120646fed57915a44b4c3f900048cc1bd1d2335878aa888a07ad61
    • Instruction ID: 9b35f1f23e0840729a2915da728fcac1d9ff7221898398a07fcf61e6d3e57e3b
    • Opcode Fuzzy Hash: 1287ddf3d0120646fed57915a44b4c3f900048cc1bd1d2335878aa888a07ad61
    • Instruction Fuzzy Hash: 40319E32E1C98E45F6EDA92D84346791212AF83F38E648331C50D86999FCAFF8459710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDB04D0, Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fb62f3551e6468f4431583b451632a591bf7b0fd7a73ae62d806273d4a681a77
    • Instruction ID: 76b833072506079f24d0961f0a698b657579ee24eeea6cbb500a86364a99576b
    • Opcode Fuzzy Hash: fb62f3551e6468f4431583b451632a591bf7b0fd7a73ae62d806273d4a681a77
    • Instruction Fuzzy Hash: 23F06871B296568AEB988F28A442A2977D0EB18794F50813DE59DC3F14DA3C90508F04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD912D8, Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 71909c89a6ad8ca25ef36df1da1766d3ac7e60f19c570342ef0afd5f2758f118
    • Instruction ID: e4d60ba99f30697e6c1879430f4628585ca2a1666b6cb3e8bf65b1be312b7e08
    • Opcode Fuzzy Hash: 71909c89a6ad8ca25ef36df1da1766d3ac7e60f19c570342ef0afd5f2758f118
    • Instruction Fuzzy Hash: E2A00221D0CC0BD0E7089B60F8614302734FB51B24B508335C04DC24B4BF3DA490C354
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD87E90, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 181networkstringsynchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons$htonl$lstrcpy$MutexObjectReleaseSingleSleepWaitinet_ntoa
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 1789357783-2064142993
    • Opcode ID: 144575c4ebc00023f872dff76e36d358e7b5576266ba7299f6582d2f4c123261
    • Instruction ID: 044317abab4c9758209508992683835af38b2f29fc8b09a672ed78a1864ca47f
    • Opcode Fuzzy Hash: 144575c4ebc00023f872dff76e36d358e7b5576266ba7299f6582d2f4c123261
    • Instruction Fuzzy Hash: 7F915D62D08A899AEB159F71E8043B97360FF05B79F149339CB5A872E0EF7CA494C304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8A8E0, Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 236networkthreadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event$Create$Close$ErrorHandleLastMultipleObjectsSelectThreadWaitclosesocket
    • String ID: End of thread %d$WaitForMultipleObjects error %d$WaitForMultipleObjects error %d$do NOT signal worker threads$main TFTP thread ends here$signalling worker threads$waiting for worker threads
    • API String ID: 4024205651-4289409385
    • Opcode ID: 1ec086875e5d5cd074bdf484e5053b9f92d09f0f671a553f5f74fd87dd182f37
    • Instruction ID: 4d429d7baa5217fadaea3b36d4e634836ae807df442238dc305e59a57522292c
    • Opcode Fuzzy Hash: 1ec086875e5d5cd074bdf484e5053b9f92d09f0f671a553f5f74fd87dd182f37
    • Instruction Fuzzy Hash: 95C15621E08E4A86EB119F25E84027923A5AF45FB4F186339DA1ED72E1FF3DF4919701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD897E0, Relevance: 40.5, APIs: 16, Strings: 7, Instructions: 207filestringsynchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: File$CloseHandle$CreateWrite$MutexObjectPointerReleaseSingleSleepWaitgetnameinfolstrcpylstrlenrecvfromwsprintf
    • String ID: $%24.24s;%s; %s$C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$End of Syslog thread$Rc!=0$Rc==WAIT_OBJECT_0$\\.\pipe\Tftpd32Syslog
    • API String ID: 1243492708-488349565
    • Opcode ID: d66b8198c070671c3560b4d2c67da1b95d59ef0148ce7dea5419e897bd42703b
    • Instruction ID: f77b1fdeba34d223ae2f946d9dfab0aefd9392e91efd1ea555d5487193a7b4ec
    • Opcode Fuzzy Hash: d66b8198c070671c3560b4d2c67da1b95d59ef0148ce7dea5419e897bd42703b
    • Instruction Fuzzy Hash: A5B16E31E18E8A85E7219F25E8501A937A4FB45FB8F405335D6AD93AE8EF3CE545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD82AB0, Relevance: 38.8, APIs: 17, Strings: 5, Instructions: 271COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htonl$inet_ntoa$inet_addr
    • String ID: Reply with new : %s$Reply with previously allocated : %s$Reply with requested address : %s$Reply with reuse : %s$Request for %s granted
    • API String ID: 3772491625-935886887
    • Opcode ID: cd0ec795384ef2dbd2fd2ea59ca709975b6ee28022ed0269e375d28332e6840e
    • Instruction ID: dc58de659a3bd27a83a45b1e582ad264d23f5598db60739ba9acd092d64f348c
    • Opcode Fuzzy Hash: cd0ec795384ef2dbd2fd2ea59ca709975b6ee28022ed0269e375d28332e6840e
    • Instruction Fuzzy Hash: C9C19C21E09E4A86EA158F65E89067977A5BF44FA4F446339DA4EC73A1FE3CF844D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81F60, Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 170threadsleepfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Thread$File$CurrentPrioritySleep$Write$BuffersCloseCreateFlushHandleLocalMutexObjectPointerReleaseSingleTimeWait
    • String ID: [%02d/%02d %02d:%02d:%02d.%03d]$C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 71578472-2359001905
    • Opcode ID: bd46b4f6900032bfd838eaf67166edcf4c92e6d9b597814e47395be77f8bd3e0
    • Instruction ID: 6fb8bde4ec90da40357bf65bea5aa1b19353af303e86536391c753fec22e361d
    • Opcode Fuzzy Hash: bd46b4f6900032bfd838eaf67166edcf4c92e6d9b597814e47395be77f8bd3e0
    • Instruction Fuzzy Hash: 9D912C31E08E4A86E7209F25F88467977A4FB85FA4F505339DA9D836A4EF3CE545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81B50, Relevance: 35.1, APIs: 9, Strings: 11, Instructions: 128sleepnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: EnvironmentVariable$DialogErrorFullIndirectLastLongNameParamPathSleepStartupWindow
    • String ID: Error: Can't init Winsocket$Error: Tftpd32 now requires winsock version 2$SOFTWARE\TFTPD32$Still Alive$TFTP_DIR$TFTP_INI$TFTP_LOG$Tftpd32$Tftpd32 Service Edition is ready$Tftpd32.ini$Worker threads started
    • API String ID: 4093368745-3352602689
    • Opcode ID: b22442635d16a19dbb4a77be650ce21e6f50ab0a23bcc0768d9ee66b4f918c23
    • Instruction ID: 85d182df6fac2e317ce1a6580a85d187fa947b1c1472f05e27e05c8c5d894d25
    • Opcode Fuzzy Hash: b22442635d16a19dbb4a77be650ce21e6f50ab0a23bcc0768d9ee66b4f918c23
    • Instruction Fuzzy Hash: D7610A61E08D8B95FB219B20E8943B96760FF45FA8F80533AD64DC26A5FF6CE549C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD87430, Relevance: 31.8, APIs: 7, Strings: 11, Instructions: 296COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htonl$inet_addr$MutexObjectReleaseSingleSleepWaitlstrcpyn$PrivateProfileStringlstrlen
    • String ID: %d/%d/%d/%d:%d:%d$%s%d%s$%x:%x:%x:%x:%x:%x$Lease_$Lease_NumLeases$SOFTWARE\TFTPD32\DHCP$The pool size is too small for the number of leases, ignoring extra leases$_IP$_InitialOfferTime$_LeaseStartTime$_MAC
    • API String ID: 3980527857-3453468310
    • Opcode ID: e11f1815283010e265cca5f2d60aeb310881a721fa4be02928c5d1d5bdf144ef
    • Instruction ID: 4fbfabfc78a3553f72e1af6d6063696ce5c8bc671cbe8298ebe0af22aae29b82
    • Opcode Fuzzy Hash: e11f1815283010e265cca5f2d60aeb310881a721fa4be02928c5d1d5bdf144ef
    • Instruction Fuzzy Hash: CFF17C32E08F8A99EB21CB24E8405A977B4FB44B68F405336DA9C877A5EF3CE154C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD86F00, Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 283stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$inet_ntoawsprintf
    • String ID: %02X%c$%02d/%02d/%04d/%02d:%02d:%02d$%s%d%s$Lease_$Lease_NumLeases$SOFTWARE\TFTPD32\DHCP$_IP$_InitialOfferTime$_LeaseStartTime$_MAC
    • API String ID: 1968709948-2954879211
    • Opcode ID: a379c2c7630bf18848679e72221ac9fc3a8151ec787b0e57ca466ef7d4a680c6
    • Instruction ID: e5c78a16f4183b3b6425d8df22db14285dd7747fffa59272b8faecdfdadc70a9
    • Opcode Fuzzy Hash: a379c2c7630bf18848679e72221ac9fc3a8151ec787b0e57ca466ef7d4a680c6
    • Instruction Fuzzy Hash: 6CE16732E08F8A95EB11CB24E8502A9B7A0FB45BA8F455335DA6D877D5EF3CE048C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD89040, Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 194synchronizationsleepthreadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Sleep$MutexObjectReleaseSingleThreadWait$CurrentErrorLastPriorityclosesocketsocket
    • String ID: --- all services started, init done$C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$IPv6 enabled$Rc!=0$Rc==WAIT_OBJECT_0$service %s not started
    • API String ID: 446551302-892426468
    • Opcode ID: c2513eda5d71b9454f305348b9751e895b4959fd9b91bf2cb92a89c8db10fd6c
    • Instruction ID: 82ac1c46e919c69f1f5b66a596a603aeaef45015a0c16db90d5742ce052cbff8
    • Opcode Fuzzy Hash: c2513eda5d71b9454f305348b9751e895b4959fd9b91bf2cb92a89c8db10fd6c
    • Instruction Fuzzy Hash: EE916931E08E0A99EB119B25E8446B833A5BF55F65F44A338C94ED21E5FF3CE489DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD82EF0, Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 190networksleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htonl$inet_addrinet_ntoa$Table$DeleteEntryErrorLastSendSleepgethostbynamegethostname
    • String ID: FF:FF:FF:FF:FF:FF$IP address %s flushed from ARP table$Ping Error %d (%s)$Suppress arp-able address %s$Suppress pingable address %s
    • API String ID: 3498480018-3993020774
    • Opcode ID: c47f7ce29f17f6abe4c69f0a01b8ba9eeb086f310227718e5c1b58e92538f6e8
    • Instruction ID: be7210510685c4ad931d5669a41796275d17ce392cea213493c7e5b2b6b6bf33
    • Opcode Fuzzy Hash: c47f7ce29f17f6abe4c69f0a01b8ba9eeb086f310227718e5c1b58e92538f6e8
    • Instruction Fuzzy Hash: C481B121E08A4A46FB258B21E8507BA2391AF4AFA5F446335DA4DC37E5FE3CE445C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD89470, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 185synchronizationthreadsleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Thread$AdaptersAddressesCurrentWait$CloseDebugEventHandleMultipleMutexObjectObjectsOutputPriorityReleaseResetSingleSleepStringclosesocketgetnameinfowsprintf
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0$Scheduler signal received$end of ip pooling thread$process %s has terminated
    • API String ID: 1802696196-3320815701
    • Opcode ID: 3931339fcbbd58288a8adb5f2e6ac5a45052de4f541beb3d0eaf30310a325035
    • Instruction ID: 701dcc40c21833c703a39e4cf8ab5ef1df3e0b3a71a7816b62a76f95e58ab063
    • Opcode Fuzzy Hash: 3931339fcbbd58288a8adb5f2e6ac5a45052de4f541beb3d0eaf30310a325035
    • Instruction Fuzzy Hash: 21915C30E18E4A96EA619F19E88017923A5FB85FB5F501339D99E932E4FF3CE441C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD847E0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 117sleepnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Thread$Sleep$CurrentPriorityhtonl$htonssendto$CountLocalObjectSingleTickTimeWait_invalid_parameter_noinfoclosesocketsocket
    • String ID: can create thread for ping Range
    • API String ID: 694595486-715432486
    • Opcode ID: bdb32c7d05a0b0f6a8c17189de511e1fe736013b98c1126087caf1ca2a773821
    • Instruction ID: c5b020419956395c96d394e16f0d0d918cff7552473bbde71e5dfc45cd9202ac
    • Opcode Fuzzy Hash: bdb32c7d05a0b0f6a8c17189de511e1fe736013b98c1126087caf1ca2a773821
    • Instruction Fuzzy Hash: 98513C32E09E4986E7219F20E45436973B1FB89F64F545339E69E876D8EF3DD4488B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD861D0, Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 100stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcatlstrcpyn$inet_ntoawsprintf
    • String ID: $BootFileName$$$IP$$$MAC$$%02X%c
    • API String ID: 1554466265-3449672084
    • Opcode ID: fd0f6d6547a62726fc9b72ab0c246be6dabd9aaf0af43e1d05679f9ade4e2860
    • Instruction ID: 4a0a334fb89019556ad453f0e9b9c0e09fd6fe50cfbe627ace33b630c8048d9c
    • Opcode Fuzzy Hash: fd0f6d6547a62726fc9b72ab0c246be6dabd9aaf0af43e1d05679f9ade4e2860
    • Instruction Fuzzy Hash: 7741E222F18E5A91EB219B25E8146B953A0FF49FE8F449335CD0E8B794FE2DD109C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD85A80, Relevance: 24.3, APIs: 11, Strings: 5, Instructions: 272stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$wsprintf
    • String ID: %s%d$AddOptionNumber$AddOptionValue$Can not allocate memory$SOFTWARE\TFTPD32\DHCP
    • API String ID: 553454533-1026846957
    • Opcode ID: 369db36c5cdb1d2c53819b6043daa31a392cca1463021b205e952de4611c8f7c
    • Instruction ID: ba99a57e027d892f80c710e0484bbce2a8d473a73150a073ef7290460c0bad98
    • Opcode Fuzzy Hash: 369db36c5cdb1d2c53819b6043daa31a392cca1463021b205e952de4611c8f7c
    • Instruction Fuzzy Hash: 4ED17A61E08F8A96EB15DB24E4503B823A1AB45FA8F44A338DA1E937D5FF3CB055C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD82740, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 122stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$inet_ntoa$wsprintf
    • String ID: %02X%c$%s%d%s$Freeing item %s %s$Lease_$Lease_NumLeases$SOFTWARE\TFTPD32\DHCP$_IP
    • API String ID: 165547974-2814492973
    • Opcode ID: 94a503032a61c1f62271655bac4edcb105c7b2e1f06c9fc0695c70ce32653cdc
    • Instruction ID: 5e4dcb49374cc3d8581b339cd179fb50246a2b7338defedc4fef987803c2c390
    • Opcode Fuzzy Hash: 94a503032a61c1f62271655bac4edcb105c7b2e1f06c9fc0695c70ce32653cdc
    • Instruction Fuzzy Hash: 51517631E09E8A95EA11DB25E8602A937A0EF89F64F455339DA5D873E1FF3CE405C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8AE20, Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 77stringfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Filelstrcpy$CloseCreateHandleWritelstrcatlstrlenwsprintf
    • String ID: $%02x$.md5$MD5 written into <%s>$\
    • API String ID: 2970503177-2041570805
    • Opcode ID: 076920bfa61fa5d6be6ff3dded4499faf383736d9ea7b51db9a1531cf2745ce4
    • Instruction ID: 49ace1b0cb813ae886142c957d3c0b8cb1355d3fa686308841f718385dd4ada0
    • Opcode Fuzzy Hash: 076920bfa61fa5d6be6ff3dded4499faf383736d9ea7b51db9a1531cf2745ce4
    • Instruction Fuzzy Hash: 5F318861E08E8587EB14CB24E89436A73A1FF85B99F509335D78D866A9EF3CD509CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8EDAC, Relevance: 22.7, APIs: 15, Instructions: 186networkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CountErrorLastTick$closesocket
    • String ID:
    • API String ID: 3838087051-0
    • Opcode ID: 64fbd4b20cc598838e2a5aa1a9168b6bd3d594784ff45f41f096e94bf81b6e06
    • Instruction ID: 1d0795994330afadb7cc37d996f733e55d349968a4b7812ef37ae4cf6be4be4f
    • Opcode Fuzzy Hash: 64fbd4b20cc598838e2a5aa1a9168b6bd3d594784ff45f41f096e94bf81b6e06
    • Instruction Fuzzy Hash: B271E722E08B8A4AE7269B78E44427976A4FF45BA4F002335DA5DC76E5FF3CD544DB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD881C0, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 163synchronizationsleepnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: MutexRelease$AdaptersAddressesObjectSingleSleepWait$DebugErrorEventLastOutputString_set_error_modegetnameinfowsprintf
    • String ID: %ls$C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 1804719471-1722514933
    • Opcode ID: bd0151cd1f889bc42901324463152cfed1daac7f8428b80b1f98708482da982f
    • Instruction ID: 2545131c3fad452382d44d98a197242a27ca2ae3bdbe54f0b8aa3b9e2767f21f
    • Opcode Fuzzy Hash: bd0151cd1f889bc42901324463152cfed1daac7f8428b80b1f98708482da982f
    • Instruction Fuzzy Hash: A5715E32E08E4A86EB14DB25F4516A9B3A0FB85FA4F444239D64DC7A99EF7DE4058B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD85F70, Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 120stringthreadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: wsprintf$CurrentMutexObjectPrivateProfileReleaseSingleSleepStringThreadWaitlstrcpylstrcpynlstrlen
    • String ID: %d, Lease time not specified, set to 2 days$%s%d$AddOptionNumber$AddOptionValue$Can not allocate memory$SOFTWARE\TFTPD32\DHCP$WINS server copied from DNS servers
    • API String ID: 526798118-3077575731
    • Opcode ID: 22fa0aefe805931d9b94e3a820a257e86ca81e8db33893e638d7c2d7a7241ba9
    • Instruction ID: f51dfeb1b70f412981668af82bc90dfa14093e3c2960e8e9566ebbce06544691
    • Opcode Fuzzy Hash: 22fa0aefe805931d9b94e3a820a257e86ca81e8db33893e638d7c2d7a7241ba9
    • Instruction Fuzzy Hash: 21516D71E08E8A95FB20DB24E8547A93765FB84FA8F455336DA4D836A5EF3CE109C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD88BD0, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event_set_error_modeclosesocketfreeaddrinfogetaddrinfosendtosocketwsprintf
    • String ID: ! tThreads[Idx].gRunning || Rc!=0$127.0.0.1$C:\Users\ark\source\repos\tftpd64\src\_services\start_threads.c$wake up
    • API String ID: 1530048320-1310211757
    • Opcode ID: 35fb342a4d2a00053ec3fe768cf36146fcac1ce3b02ab658feead440b9464b7d
    • Instruction ID: eea04f86752e47cf21f82683ae01ad9de3aa72b5cfaa7e7b47b0e561006dd669
    • Opcode Fuzzy Hash: 35fb342a4d2a00053ec3fe768cf36146fcac1ce3b02ab658feead440b9464b7d
    • Instruction Fuzzy Hash: 69519632E18F4A86EB558B25F4813A973A0FB95F54F049336DA4E836A4EF3CE545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD88DC0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 124synchronizationsleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event$CloseCreateErrorHandleLastMutexObjectReleaseSingleSleepWaitclosesocketgetaddrinfowsprintf
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 3602007946-2064142993
    • Opcode ID: 394cbf58d5eeb8d0b7d60c5fe220c8ad725726a7a273de29e1962d4a76f00727
    • Instruction ID: 03da52facc6eb3a326ca680152233deda9bbe6647106c381a824719ed2a2cf8d
    • Opcode Fuzzy Hash: 394cbf58d5eeb8d0b7d60c5fe220c8ad725726a7a273de29e1962d4a76f00727
    • Instruction Fuzzy Hash: 71615AB1A04B5A96E7258B24F8405A933A5FB45B7CF105335EA7D832E4EF3CE465C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8F534, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 96synchronizationsleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: MutexRelease$DebugObjectOutputSingleSleepStringWait
    • String ID: --------- Log queue full$C:\Users\ark\source\repos\tftpd64\src\_libs\linked_list\linked_list.c$C:\Users\ark\source\repos\tftpd64\src\_libs\linked_list\linked_list.c$Rc==WAIT_OBJECT_0$pmsg != NULL
    • API String ID: 4005009217-3397380523
    • Opcode ID: 5610740b0442f69abe83b7062e197c48700a758fb5105222669988668881767c
    • Instruction ID: 7d169777f13bc1758181c449aaa099feb2200a808b3770a743c2e395ee6dd55a
    • Opcode Fuzzy Hash: 5610740b0442f69abe83b7062e197c48700a758fb5105222669988668881767c
    • Instruction Fuzzy Hash: 83413D32E15E4996EA55EF21E894A797368FB48BA4F444335DA4EC73A1EF3CE141C304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD82520, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 114stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$inet_ntoa
    • String ID: %s%d%s$Lease_$Lease_NumLeases$SOFTWARE\TFTPD32\DHCP$_IP
    • API String ID: 2621009525-3307456023
    • Opcode ID: 625699643db9aad9bcfdadc8e6d5e28c00cf0261ddfbabe6f07b90a28051989c
    • Instruction ID: 7cca54248b1f501a95d2ca3f2c1af5ca80eceff753d3989949871dccef988b30
    • Opcode Fuzzy Hash: 625699643db9aad9bcfdadc8e6d5e28c00cf0261ddfbabe6f07b90a28051989c
    • Instruction Fuzzy Hash: 7C516C71E09E4E91EA15DB19E8616B927A4AF49FB4F445339DA0E87391FE3CE405C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA4204, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 104COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
    • API String ID: 3215553584-2617248754
    • Opcode ID: 4e608d3b896eb877323f59f79fae4eca249318ec7f1748c9f9a059c9857c6399
    • Instruction ID: ac3fd2ea476b3fcc015e85c733420f9aded878bddcfc3e1f3e8fe3cbfd9c638d
    • Opcode Fuzzy Hash: 4e608d3b896eb877323f59f79fae4eca249318ec7f1748c9f9a059c9857c6399
    • Instruction Fuzzy Hash: 89415B32E09F4989E700CB65E8507A937A5FB59BA8F448235EA5C87B98EE38D525C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD86AE0, Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 117stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy
    • String ID: %02d/%02d/%04d/%02d:%02d:%02d$%s%d%s$Lease_$SOFTWARE\TFTPD32\DHCP$_LeaseStartTime$ffff$ffff
    • API String ID: 3722407311-2911424208
    • Opcode ID: e78f8e409f5f94fc21c0274e3702b352b31009bcea0de1f5c4e01e4f03062f68
    • Instruction ID: a73de08c84cb04ff2922beabf4eca04173f602da2be37711842cdfe6a5af6bb1
    • Opcode Fuzzy Hash: e78f8e409f5f94fc21c0274e3702b352b31009bcea0de1f5c4e01e4f03062f68
    • Instruction Fuzzy Hash: A1517D71E09F8A96EB15DB14E4503A977A0EB45FA8F045335DA4D87795EF3CE444CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD87B90, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 175networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons$ErrorLastfreeaddrinfogetaddrinfo
    • String ID: Complex DNS request : ignored
    • API String ID: 2537595892-3673308873
    • Opcode ID: 0bb19152f12191a7736653ea26dadabeb2921bedf8437844c8c9c0b94dbcddce
    • Instruction ID: 5ddcab51ef1c33e455b9ac6b4a57fdbff89d5888e9b57f396562bc0025c4f49b
    • Opcode Fuzzy Hash: 0bb19152f12191a7736653ea26dadabeb2921bedf8437844c8c9c0b94dbcddce
    • Instruction Fuzzy Hash: 8971C522E09ACA91EB728F21D4403BA67A1FB85FA4F499235DE8D83785EF3CD455D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAD6C8, Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
    • String ID:
    • API String ID: 1330151763-0
    • Opcode ID: cf6eb23bc62c8350d1366f143bd0a5072e13a0e283c354d61a9d92f36361d0f2
    • Instruction ID: 56573698292d3a86df0dc333ffd12fe4d1dee7a22f0bbd6d781c943c7de70a2d
    • Opcode Fuzzy Hash: cf6eb23bc62c8350d1366f143bd0a5072e13a0e283c354d61a9d92f36361d0f2
    • Instruction Fuzzy Hash: CEC19F36F24E4A86EB14CF69D4806AC3761F749FA8B119329DA1E977E4EF38D452C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD864E0, Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 110stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$wsprintf
    • String ID: %02X%c$%s%d%s$Lease_$SOFTWARE\TFTPD32\DHCP$_MAC
    • API String ID: 553454533-2404180094
    • Opcode ID: 47de2d9ef9d706602c6ceee3de1a322a3283d0b0114b10b79c611afb98d6105f
    • Instruction ID: 6bc6409dd71e6c96e576dab3367eb1bfd38327ceeb5e2d03c85047c1ccc67a2f
    • Opcode Fuzzy Hash: 47de2d9ef9d706602c6ceee3de1a322a3283d0b0114b10b79c611afb98d6105f
    • Instruction Fuzzy Hash: F4419B21E09F8A95EB21DB20E8103A967A1EB45FA8F489335EA4E477D5FF3CE545C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8F2E8, Relevance: 13.6, APIs: 9, Instructions: 96registrystringfileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CloseCreateHandle$FilePrivateProfileStringValueWritelstrcpylstrlenwsprintf
    • String ID:
    • API String ID: 2107986745-0
    • Opcode ID: aadf93ccc465da68db7bfab317fbea3853d205e9524971ae2c2c33c018a9bef8
    • Instruction ID: 931427282705f92055504b2f7a70b17ef42a2d8194c96506e232a42b194983b6
    • Opcode Fuzzy Hash: aadf93ccc465da68db7bfab317fbea3853d205e9524971ae2c2c33c018a9bef8
    • Instruction Fuzzy Hash: F3419772A08A8686D7208F25E85476AB361FB85BF8F405335DA5D87B94EF7CD1498B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8DF84, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87networkfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorFileLastWriterecvselect
    • String ID: recv returns error %d$select returns error %d
    • API String ID: 2281566966-2510261032
    • Opcode ID: 7009edc749ffd6c9c2e6db6277c9e63807850f03e704506f2183ba14379cd299
    • Instruction ID: 54506a3c0805d4340046000a51c698b7bf419af4bc884cc009162321ca107ad1
    • Opcode Fuzzy Hash: 7009edc749ffd6c9c2e6db6277c9e63807850f03e704506f2183ba14379cd299
    • Instruction Fuzzy Hash: 2F31C522E1CE8A45F7615B34E8047796694AF45FB5F102330EA6EC26D4FF2DE445AB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9F004, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ConsoleFileHandleTypeWriteswprintf
    • String ID: Assertion failed: %Ts, file %Ts, line %d$C:\Users\ark\source\repos\tftpd64\src\_libs\linked_list\linked_list.c$pmsg != NULL
    • API String ID: 2943507729-1772824407
    • Opcode ID: 4cfb30f43f59137ed24b3cbae0dc4ab1cb5b9fc626cdf245b6a13fac358919f9
    • Instruction ID: 9cbd75f839c6d4df951dc7e118234e118410aa4983bf5c710c9d3ad1494bb5e2
    • Opcode Fuzzy Hash: 4cfb30f43f59137ed24b3cbae0dc4ab1cb5b9fc626cdf245b6a13fac358919f9
    • Instruction Fuzzy Hash: D9319322E09E8A82E718DB61E8516BA67A5FB80BB0F504335F66D83AD5EF3DD501C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8CCC0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 81synchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ObjectSingleWait$MutexRelease
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 1412826340-2064142993
    • Opcode ID: 51953731bd4dddd534ce6ccf349ef3db3c48e9d5e1604895d4447de8fc8736c4
    • Instruction ID: bdb8d36c0bef965efd3cc12d2f82d6cc9483dc21116fd08b3faee2d137c92393
    • Opcode Fuzzy Hash: 51953731bd4dddd534ce6ccf349ef3db3c48e9d5e1604895d4447de8fc8736c4
    • Instruction Fuzzy Hash: 7A314921E18E0A82E715AB2AE84127936A4FF95FB4F406339D91DC76E5FF2CE4059740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD822A0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69synchronizationsleepstringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: MutexObjectReleaseSingleSleepWait_invalid_parameter_noinfo_set_error_modelstrlen
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 3149561393-2064142993
    • Opcode ID: 2094999adb32b57ac6f90f5ca7e2f0ae8e824b1e4139b2169445b3dba42951eb
    • Instruction ID: 74d7601c5a9912f7027d8f1b6b0209b28a00c2528098dfc3c57fd3a57fbe7eee
    • Opcode Fuzzy Hash: 2094999adb32b57ac6f90f5ca7e2f0ae8e824b1e4139b2169445b3dba42951eb
    • Instruction Fuzzy Hash: 13316631E28E0A82E7109B21E8A47A933A4BB45FA4F405338D94DC62E5EF2DE508CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81DE0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68sleepnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CleanupCloseEventHandleMultipleObjectsSleepWaitclosesocket
    • String ID: Tftpd32 service edition has ended$all level 1 threads have returned
    • API String ID: 1268883751-2212784168
    • Opcode ID: 0a601a80d75ad622685142f167d9361396bacb3547b342527f4a05dfddfc22ec
    • Instruction ID: feed4f6b9e364a5eb2dfeb03722009cbd61eda3afb699576f7f4e4fc01905794
    • Opcode Fuzzy Hash: 0a601a80d75ad622685142f167d9361396bacb3547b342527f4a05dfddfc22ec
    • Instruction Fuzzy Hash: EA314632E08F4A82E7118F24E85416973A5FB49FB8F545331DABD936E4EE3CE9468700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD87A30, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68sleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons$CurrentDebugErrorLastOutputSleepStringThreadgetaddrinforecvfromsendto
    • String ID: End of DNS thread$erreur %d during socket operation$send %d/%d bytes
    • API String ID: 3529181994-3167698669
    • Opcode ID: b4a87bf19fe7cedc4a619c0e5243d4444ebc88bf69693ea4ad390eab07ae4d8a
    • Instruction ID: b2f9bf961bcf7820d33e0dfea2e3c6caed480dc20194354ea2ff0b457fe21256
    • Opcode Fuzzy Hash: b4a87bf19fe7cedc4a619c0e5243d4444ebc88bf69693ea4ad390eab07ae4d8a
    • Instruction Fuzzy Hash: 64315E21E19E8A95F7609B10F4507AA73A0FB85B98F405335DA8D83694EF7CE505CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D6B4, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64synchronizationCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF61DD8E468: GetCurrentThreadId.KERNEL32 ref: 00007FF61DD8E4A0
      • Part of subcall function 00007FF61DD8E468: OutputDebugStringA.KERNEL32 ref: 00007FF61DD8E4FA
      • Part of subcall function 00007FF61DD8F80C: lstrcpynA.KERNEL32 ref: 00007FF61DD8F853
      • Part of subcall function 00007FF61DD8F80C: lstrcatA.KERNEL32 ref: 00007FF61DD8F867
      • Part of subcall function 00007FF61DD8F80C: FindFirstFileA.KERNEL32 ref: 00007FF61DD8F879
      • Part of subcall function 00007FF61DD8F80C: FileTimeToLocalFileTime.KERNEL32 ref: 00007FF61DD8F8A1
      • Part of subcall function 00007FF61DD8F80C: FileTimeToSystemTime.KERNEL32 ref: 00007FF61DD8F8B1
      • Part of subcall function 00007FF61DD8F80C: GetDateFormatA.KERNEL32 ref: 00007FF61DD8F8DC
      • Part of subcall function 00007FF61DD8F80C: wsprintfA.USER32 ref: 00007FF61DD8F90F
      • Part of subcall function 00007FF61DD8F80C: FindNextFileA.KERNEL32 ref: 00007FF61DD8F928
      • Part of subcall function 00007FF61DD8F80C: FindClose.KERNEL32 ref: 00007FF61DD8F939
    • WaitForSingleObject.KERNEL32 ref: 00007FF61DD8D70B
    • ReleaseMutex.KERNEL32 ref: 00007FF61DD8D77C
      • Part of subcall function 00007FF61DD9F17C: _set_error_mode.LIBCMT ref: 00007FF61DD9F1A3
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: File$Time$Find$CloseCurrentDateDebugFirstFormatLocalMutexNextObjectOutputReleaseSingleStringSystemThreadWait_set_error_modelstrcatlstrcpynwsprintf
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0$sending Directory content
    • API String ID: 2803583227-4201129929
    • Opcode ID: c14f8912ddb859bae765699a186dd0f56ef620ff2ea9e2a1ed348352f273c3ca
    • Instruction ID: 83aa358acdcd90afba9fcb12c9ac88baa18ed4c4cdf836be3522fe542b67ead3
    • Opcode Fuzzy Hash: c14f8912ddb859bae765699a186dd0f56ef620ff2ea9e2a1ed348352f273c3ca
    • Instruction Fuzzy Hash: 74314821E08D4A95F7169B29E8516B82360EF45FA8F849336C80EC32E5EF6DE546DB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD823F0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64synchronizationsleepstringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: MutexObjectReleaseSingleSleepWait_invalid_parameter_noinfo_set_error_modelstrlen
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\to_console.c$Rc!=0$Rc==WAIT_OBJECT_0
    • API String ID: 3149561393-2064142993
    • Opcode ID: 4aee6dba0547bff49b4d8af972b2b48b5bfe8a7a23e404475978a7b7623728ef
    • Instruction ID: 0f548cd547ae6f1af317048ea356d4b86ff1066b19b76371185179e53eaccd96
    • Opcode Fuzzy Hash: 4aee6dba0547bff49b4d8af972b2b48b5bfe8a7a23e404475978a7b7623728ef
    • Instruction Fuzzy Hash: 84316831E18E0A81E7109B25E8957B933A8FB95FA4F409338D91D872A5EF3CE504C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8BB90, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 46networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Thread$CurrentPriority$ErrorLastSleep$LocalObjectSingleTimeWait_set_error_modesend
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_services\tftpd_thread.c$pTftp!=NULL$send : Error %d$send OACK %d bytes
    • API String ID: 3931932432-3934667808
    • Opcode ID: 9f785f06fad8841afa55c5ca3e5d4fc995387d71deb850b9572705ff6a979c2f
    • Instruction ID: 2344ff0075dea3c7cc4cbb32594b4e5d548e18db94efe9fd7f93ee7a5eb0f6a4
    • Opcode Fuzzy Hash: 9f785f06fad8841afa55c5ca3e5d4fc995387d71deb850b9572705ff6a979c2f
    • Instruction Fuzzy Hash: 37116D62F18D0A82EB109F39E4406B92361FF45F68F849635DA0DC7698FF2CE049C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD868D0, Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 119stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy
    • String ID: %02d/%02d/%04d/%02d:%02d:%02d$%s%d%s$Lease_$SOFTWARE\TFTPD32\DHCP$_LeaseStartTime
    • API String ID: 3722407311-4248207637
    • Opcode ID: f5ba6423d54ef6d7219ba9a891ad53ec684f27cc28e575a6998fb1997557de00
    • Instruction ID: 4ca5e2fee2213564cbe64b03f8923073bf4f803a13b393d608f3cf4830d810db
    • Opcode Fuzzy Hash: f5ba6423d54ef6d7219ba9a891ad53ec684f27cc28e575a6998fb1997557de00
    • Instruction Fuzzy Hash: 6B514C32E09F8A9AEB25DB14E4502A977A0FB49FA4F045335DA8D87795EF3CE445CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD86CF0, Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 118stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy
    • String ID: %02d/%02d/%04d/%02d:%02d:%02d$%s%d%s$Lease_$SOFTWARE\TFTPD32\DHCP$_LeaseStartTime
    • API String ID: 3722407311-4248207637
    • Opcode ID: ca0c7fd057f4d83c2909875900b711dd16ef1f7b732d71af65c5eb33f6bd1c25
    • Instruction ID: 45ecb3c118f4cf21df61ec7080699fd0731d20334c5408bf76519acf7875dc7d
    • Opcode Fuzzy Hash: ca0c7fd057f4d83c2909875900b711dd16ef1f7b732d71af65c5eb33f6bd1c25
    • Instruction Fuzzy Hash: D7516D72E09F8A96EB25DB14E4502A977A0FB89FA4F045235DA4D87795EF3CE045CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD866C0, Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 115stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy
    • String ID: %02d/%02d/%04d/%02d:%02d:%02d$%s%d%s$Lease_$SOFTWARE\TFTPD32\DHCP$_InitialOfferTime
    • API String ID: 3722407311-3020353603
    • Opcode ID: f1ec33fd2a7d2f1d44932eb2509de029f1ddec6a35d6a3af3eefd4977147507d
    • Instruction ID: b6be4ad69a3e5c8019144030162d399256ec9ef09daf63500695aec504696ae0
    • Opcode Fuzzy Hash: f1ec33fd2a7d2f1d44932eb2509de029f1ddec6a35d6a3af3eefd4977147507d
    • Instruction Fuzzy Hash: 4E516A72E08B8A96EB15DB10E4503A9B7A0EB89FA4F445235EA4D877D5EF3CE445CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAED6C, Relevance: 10.8, APIs: 7, Instructions: 291COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 1a25d7d0356dfcfcf5b42c6cacd7070287dacc94e588899a163453eedf814ba1
    • Instruction ID: c3735c0bea9279c930bd064ba64214c741eb3c61db8f6aab238787c7f3651e96
    • Opcode Fuzzy Hash: 1a25d7d0356dfcfcf5b42c6cacd7070287dacc94e588899a163453eedf814ba1
    • Instruction Fuzzy Hash: 46C1B222E08E8A81E6605B65D4402B97BA0FB80FE4F458371EA4D877E5EF7CE859C305
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D1CF, Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 141stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy$CurrentDebugOutputStringThreadlstrcmplstrcpyn
    • String ID: SOFTWARE\TFTPD32$storing new TFTP settings
    • API String ID: 277310150-174040948
    • Opcode ID: a53392ba19285e647ffac3ec8332bde07d7daa356dd949a4edf9c44c25b63e45
    • Instruction ID: 5d892a91411980fad078b8476f69771dc74ea31d677e8367b66a047718ee3fdd
    • Opcode Fuzzy Hash: a53392ba19285e647ffac3ec8332bde07d7daa356dd949a4edf9c44c25b63e45
    • Instruction Fuzzy Hash: F0618621E09E0A99FB11DB29E8506B827A0AF49FB4F846339D91DC32E1FE3DE541D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8F0F4, Relevance: 10.6, APIs: 7, Instructions: 133registrystringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: PrivateProfileStringlstrcpyn$CloseOpenQueryValue
    • String ID:
    • API String ID: 2965803066-0
    • Opcode ID: 146649dd30453a54691608110932c45c2ddcbc4d9248cd8298346d896144df2f
    • Instruction ID: 9711cb8b4313c81b2c56f81b91bced134779dd8bd34332154da48db0197449aa
    • Opcode Fuzzy Hash: 146649dd30453a54691608110932c45c2ddcbc4d9248cd8298346d896144df2f
    • Instruction Fuzzy Hash: 9451C723F18A9A85EB618B74E840B6967A0FB55BB8F405331EF5D82BD8EF3CD1458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8E260, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons
    • String ID: send returns error %d
    • API String ID: 4207154920-3644801256
    • Opcode ID: 3add14312600155dbc0142a831417055174b1d2effb871e511336846ecb2bd82
    • Instruction ID: 7a20ea3e1035fb1d3afaf41b9d93d75a578d747f5cf052c566fe51d22779aa21
    • Opcode Fuzzy Hash: 3add14312600155dbc0142a831417055174b1d2effb871e511336846ecb2bd82
    • Instruction Fuzzy Hash: 2121D022F18F5682E7105B36E844679A290AF85FF4F545330EA7DC3AD4EF2DE8019B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8BC50, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60networkwindowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons$BeepMessage
    • String ID: <%s>: %s %d blk%s, %d bytes in %d s. %d blk%s resent$rcvd$sent
    • API String ID: 4254488149-519785448
    • Opcode ID: b71577ef5bbbe6016fd810e847aea3273045705d5c461e5b72ef1c1399cff9ff
    • Instruction ID: a58244d5d23330406e7487667d8d07b0a5b26f0c60e03dbba6d4c9326046ab3d
    • Opcode Fuzzy Hash: b71577ef5bbbe6016fd810e847aea3273045705d5c461e5b72ef1c1399cff9ff
    • Instruction Fuzzy Hash: D921A0B2D08A4986D7109F25F8045A973A4FB00BA8F814236EB8E83795EF3CE585CB04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81220, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 57registryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: EventService$RegisterSourceStatus$CtrlCurrentDebugDeregisterErrorHandlerLastOutputReportStringThread
    • String ID: SetServiceStatus$Tftpd32_svc$reporting service status %d
    • API String ID: 1980693714-1236392229
    • Opcode ID: 87ce4a4444252bfa7b3e7e9773bdaadf4e6661dd5280b881705e54809ce9e43c
    • Instruction ID: 8ded6d22de9de89955990f945c49ae522912d4113791946a00f7ece4954e95d4
    • Opcode Fuzzy Hash: 87ce4a4444252bfa7b3e7e9773bdaadf4e6661dd5280b881705e54809ce9e43c
    • Instruction Fuzzy Hash: 2D31B2B0E09E4BC6EA119F25E8802A537A0FF4AF69F445339C14DC62A4FF7CB1489744
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDB012C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: b213ba185833639ae4cc80eecd3004489e5bf71626562265b0df756ab6cd787f
    • Instruction ID: 9552e165fbc9e4453b37fe83fa27645d61ca73acbe7ab503c01ffd281580e773
    • Opcode Fuzzy Hash: b213ba185833639ae4cc80eecd3004489e5bf71626562265b0df756ab6cd787f
    • Instruction Fuzzy Hash: 40117922F18E4586E7508B52E85472966A0FB9AFF8F548334EA1DC77A8EF3CD8048744
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D4B3, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43networkstringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: send$CurrentDebugOutputStringThreadhtonslstrlen
    • String ID: j$sending working directory <%s>
    • API String ID: 335249207-3008087598
    • Opcode ID: 0b2338b5b395f2dd2dbd567a9c310d4dcbc76a18e2f9be57ad9e23522349984e
    • Instruction ID: 5953eccd9fdde99fa9307e32916672c249d1f7e698b91d2dbc822fd6e14a0e67
    • Opcode Fuzzy Hash: 0b2338b5b395f2dd2dbd567a9c310d4dcbc76a18e2f9be57ad9e23522349984e
    • Instruction Fuzzy Hash: E0118F32F08A0699E705DF21E9509A83321EF59FA8F905232DD0E97654EF7DE44AC700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81500, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42stringwindowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLast$FormatFreeLocalMessagelstrlen
    • String ID: %s (0x%x)
    • API String ID: 80924633-3163169946
    • Opcode ID: 7c8f3b065a442e14f5b6d390d8302638ff150dfaaed60ad95d1aa587c9d609b2
    • Instruction ID: f1086465d87b19d53cba028b273ad7eb68acd073b2e47887ec0c064f0e3a2263
    • Opcode Fuzzy Hash: 7c8f3b065a442e14f5b6d390d8302638ff150dfaaed60ad95d1aa587c9d609b2
    • Instruction Fuzzy Hash: 4B115421E0CF4696E7118BA5F44466AA7A4FF89FA5F045335D98E82794EFBCD0488700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81000, Relevance: 9.1, APIs: 6, Instructions: 91stringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcat$FileModuleNamelstrcmpilstrcpylstrlen
    • String ID:
    • API String ID: 171607471-0
    • Opcode ID: 1d096b19a57eebf351f3fa041d0d1a353cc23e9e4c511f4918330b6a2924325f
    • Instruction ID: 6ffddd604e8d7673c24ed0a48f4664a6c05304daf02ac0d61dffebd9b4fdecb3
    • Opcode Fuzzy Hash: 1d096b19a57eebf351f3fa041d0d1a353cc23e9e4c511f4918330b6a2924325f
    • Instruction Fuzzy Hash: DF31B222F18E8A86EF208B25E8543B96360FB89FA8F455335C98D83794FE3CD509C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8E150, Relevance: 9.1, APIs: 6, Instructions: 70networkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: getaddrinfo$connectfreeaddrinfosocketwsprintf
    • String ID:
    • API String ID: 3813729492-0
    • Opcode ID: d5c94d0d1d8fb2a01182075e341d3d2295d7c36bcc3d32ef413245d35044f566
    • Instruction ID: 73c2e6e212ca492cff7e38114c830ad3bb220414e803b0b76898c6d3446b694d
    • Opcode Fuzzy Hash: d5c94d0d1d8fb2a01182075e341d3d2295d7c36bcc3d32ef413245d35044f566
    • Instruction Fuzzy Hash: 24315E72F04A5989F7008BB5C8447AC37B1BB49FB8F149335DE1D5A694EE38E585CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD97308, Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2082702847-0
    • Opcode ID: efea3f799b553efc9d33fd01a4b4b4e1a594341760b503d5541f8a66f2d0a3a6
    • Instruction ID: 22083dda148dbd21dea522466e2f3de75dab8041f0a92dde7d2ae9c8d5efb894
    • Opcode Fuzzy Hash: efea3f799b553efc9d33fd01a4b4b4e1a594341760b503d5541f8a66f2d0a3a6
    • Instruction Fuzzy Hash: B9217225E09F4A92EF189B71A42427962A0AF45FB8F254735DE3D827E5FF3DE4048340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8CFEC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CloseCurrentDebugEventHandleMultipleObjectsOutputStringThreadWaitclosesocket
    • String ID: all level 1 threads have returned$suspending services
    • API String ID: 1211340915-340281526
    • Opcode ID: c92e5b4940cbf664ffa6943cc4952fc57f364a92fa244aba7cc81580e4726c47
    • Instruction ID: d8309130cd1257dd3dc048d164d0a4d76b152bc74b3a025082033e952851c9ce
    • Opcode Fuzzy Hash: c92e5b4940cbf664ffa6943cc4952fc57f364a92fa244aba7cc81580e4726c47
    • Instruction Fuzzy Hash: 0B312B36E08E4A89E7119F69E8542B82360BB45FB8F555331D93D832D4EF7DE886D340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D5BA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: send$CurrentDebugOutputStringThreadhtons
    • String ID: l$sending running services
    • API String ID: 1090704631-1351604320
    • Opcode ID: 3e27c6c52a9c35e4be68a16847769cd58854390f2039b388ef1cda487890741c
    • Instruction ID: eb24fd398435fe8f5382c37f9d61fb84a2f7af99283c201056fba5921b1d0c2a
    • Opcode Fuzzy Hash: 3e27c6c52a9c35e4be68a16847769cd58854390f2039b388ef1cda487890741c
    • Instruction Fuzzy Hash: C321D832E08909CAF722CF29E8047B833A5AF44B69F411236C90E935E4EF7DA885D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8CF35, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CloseCurrentDebugEventHandleMultipleObjectsOutputStringThreadWaitclosesocket
    • String ID: all level 1 threads have returned$stopping services
    • API String ID: 1211340915-619220341
    • Opcode ID: cc588b149918eebfb5216ccced56ec0fafafbd04a6907ee82bfce4e20fb69729
    • Instruction ID: c5b9f0ce2ccf7293f94213cd1f11431060d0d2e2690bc3832ed0057bd93919ec
    • Opcode Fuzzy Hash: cc588b149918eebfb5216ccced56ec0fafafbd04a6907ee82bfce4e20fb69729
    • Instruction Fuzzy Hash: 8A213D36E04E0A85E7118B28E8542B82364EB45F78F555332DE7D836D4EF3DE886D350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8EC74, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42registrystringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event$Source$DeregisterRegisterReportlstrlen
    • String ID: Tftpd32
    • API String ID: 337067925-2153008962
    • Opcode ID: 74998509cfa025203f3c85de46c5c68583f0445875693d0471ba4aea2c89ffe3
    • Instruction ID: c6820968e30169d1da551d58410696c7a53cc1e0d9e1e79787e41254c63c28b6
    • Opcode Fuzzy Hash: 74998509cfa025203f3c85de46c5c68583f0445875693d0471ba4aea2c89ffe3
    • Instruction Fuzzy Hash: 71115A32B08B5982D7108B25F84846973A4FB48FF0B254335EAAD83798EF3DD9558B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D0E4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: send$CurrentDebugOutputStringThreadhtons
    • String ID: i$sending DHCP settings
    • API String ID: 1090704631-869432291
    • Opcode ID: cd96583e876623591a7f3f7d0b34130da5e1b3c1e63c2b24c56d41ce49ea971c
    • Instruction ID: 110756790609fd17ee44c7bf4d99c1f0e0d99f015fafcb1dec029e5717cef201
    • Opcode Fuzzy Hash: cd96583e876623591a7f3f7d0b34130da5e1b3c1e63c2b24c56d41ce49ea971c
    • Instruction Fuzzy Hash: 2D019E32F04A0599F711DF21E411AAC3320FB49BA8F806232DE0E57A94EE3DE849C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D14B, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37networkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: send$CurrentDebugOutputStringThreadhtons
    • String ID: h$sending TFTP settings
    • API String ID: 1090704631-1445145195
    • Opcode ID: d976d1f7d1f7b4c8c1699b7695977b5f92dd184c8e7b1b09288b060baee3f9c9
    • Instruction ID: 67eaba26ddc156270ab6c2436449d527104e003595423f2e79096c7a6ed6f0f9
    • Opcode Fuzzy Hash: d976d1f7d1f7b4c8c1699b7695977b5f92dd184c8e7b1b09288b060baee3f9c9
    • Instruction Fuzzy Hash: 0B015E33F14A1599F711DF25E450AAC3361EB89BA8F815232DE0E57A94EE3ED84AC700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8D3FE, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34registryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Delete_invalid_parameter_noinfo$CurrentDebugOutputStringThread
    • String ID: SOFTWARE\TFTPD32$SOFTWARE\TFTPD32\DHCP$restore default settings
    • API String ID: 2984085891-781422392
    • Opcode ID: 88958107ffcbfa43270d9edc5230adf5a7cfc81cf94d4e9e5c5fb5f58355e6a5
    • Instruction ID: 8a35b4c4097119226ad0c4fabf9d15f62e080db08965e0dfe251aa25553db464
    • Opcode Fuzzy Hash: 88958107ffcbfa43270d9edc5230adf5a7cfc81cf94d4e9e5c5fb5f58355e6a5
    • Instruction Fuzzy Hash: 90015625E18D4A98FB11DB65E8112B82324AF45FB8F905332DD1D832D5EF3DE446D300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8F790, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30synchronizationsleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: MutexObjectReleaseSingleSleepWait_set_error_mode
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_libs\linked_list\linked_list.c$Rc==WAIT_OBJECT_0
    • API String ID: 1893696194-3943162538
    • Opcode ID: b1af5233d81499bb0c6313b592431cb56dd04cc15bef264c2f7b1e540146840e
    • Instruction ID: c8afbc0ec50fb1e6dc793d4f3c233da2feca05b498733be31d6475f6a592d017
    • Opcode Fuzzy Hash: b1af5233d81499bb0c6313b592431cb56dd04cc15bef264c2f7b1e540146840e
    • Instruction Fuzzy Hash: D9011E22E14E4A81FA119B25E8457766360FB85FA4F545335D79E876A4EF3CE441C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD92A38, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: c18b25283c5fdd6101e470345d29259ecda0bb84b7aacc2f6f0290e803425300
    • Instruction ID: a3cd3fe107a904df31da1db37c9fab10afe204330ea7374f80a5681e0115a886
    • Opcode Fuzzy Hash: c18b25283c5fdd6101e470345d29259ecda0bb84b7aacc2f6f0290e803425300
    • Instruction Fuzzy Hash: 9BF05462F19E4A81EB685F60E8D43752764AF49FA8F445339D40FC66A4EF3CD488C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD84C40, Relevance: 7.6, APIs: 5, Instructions: 143networkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLast$Ioctl
    • String ID:
    • API String ID: 431296074-0
    • Opcode ID: ce816586932219f2ecb09d3f4b90984025f735220a9ac7d6e896cccf17ddb434
    • Instruction ID: 2565a34da3722147612f71cb91cc38e397432d44520d69e3744ded7c671c6143
    • Opcode Fuzzy Hash: ce816586932219f2ecb09d3f4b90984025f735220a9ac7d6e896cccf17ddb434
    • Instruction Fuzzy Hash: 9C619172E08B8586EB21CF65E4406AD77A1FB84BA8F144339DA5D87B94EF3CE545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8AD30, Relevance: 7.6, APIs: 5, Instructions: 63networkstringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: htons$lstrcpylstrlensend
    • String ID:
    • API String ID: 71767863-0
    • Opcode ID: 2329f00d339e044810c41bc6a5c14cb72a7980ef8ba30821172b1dd14547d224
    • Instruction ID: aca7cf92b10948697f226ca2aa019d2b9c8006e02681731ad124b701e5df75af
    • Opcode Fuzzy Hash: 2329f00d339e044810c41bc6a5c14cb72a7980ef8ba30821172b1dd14547d224
    • Instruction Fuzzy Hash: 29214422B14E4686EB518F39E48016D77A0FB45BA9B146339EA5EC76A8FF38D4508700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDB02C4, Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
    • Instruction ID: 9c17c7de8c4268cfdafe5c85964f3fa22aaf85650f02195c99be1b19bf64180d
    • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
    • Instruction Fuzzy Hash: AE114F22E5CE3B42F6741528E54937D10506F5BF7CE44C734EA7E8A7E6EE2CA9414300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD863E0, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 52stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: lstrcpy
    • String ID: Lease_NumLeases$SOFTWARE\TFTPD32\DHCP
    • API String ID: 3722407311-3429096845
    • Opcode ID: 9450e23f99bd0aa198855aa32b36cbde403857eee9072f6926b07b31b685b684
    • Instruction ID: f35d8946b8502510194b57675edb083a9f7cfc255d54c3cd59dfb1c38e6c4031
    • Opcode Fuzzy Hash: 9450e23f99bd0aa198855aa32b36cbde403857eee9072f6926b07b31b685b684
    • Instruction Fuzzy Hash: D2215974D0EF4A92EE15DB14E45027922A4AF84F74F445738E65D863C1FE7CE044CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA5C00, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: a21f786edc4389317a1608b944f782c8653ecd4359a6744fb074c5c302ac4db7
    • Instruction ID: 230020f9c981f7a0fa2f0dbb1283f88933c0763210e9a12102ed45d430ccbcb4
    • Opcode Fuzzy Hash: a21f786edc4389317a1608b944f782c8653ecd4359a6744fb074c5c302ac4db7
    • Instruction Fuzzy Hash: D981D572D0CA8A89FFB58A6885483392B909B16F78F95D635C60AC31F8FF1DB9018301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD93DDC, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $*
    • API String ID: 3215553584-3982473090
    • Opcode ID: 5ef8426ab6bd8e833a10324dd68a95dd9bf863965a021dbda539ed56aa46eae3
    • Instruction ID: afa6418d48f64d61e7a9aedd44cbead3780529d0e97c9028c5b00f94eb576996
    • Opcode Fuzzy Hash: 5ef8426ab6bd8e833a10324dd68a95dd9bf863965a021dbda539ed56aa46eae3
    • Instruction Fuzzy Hash: 8B614572D0CA4A86EB6C9E28806527C3BB1EB15F68F142335D64A852DDEF3AE449C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9420C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $*
    • API String ID: 3215553584-3982473090
    • Opcode ID: 65cd5bd468c6c4199e23853e1c7ffbc6fafd7dc1606ec754e945b314127f3548
    • Instruction ID: 76899a615e1fdbc92c8c3515d32a6b60ead5cdea5020d0691f95cdbccb60cf6b
    • Opcode Fuzzy Hash: 65cd5bd468c6c4199e23853e1c7ffbc6fafd7dc1606ec754e945b314127f3548
    • Instruction Fuzzy Hash: E9615272D4CA4E86E76C9E34816537C37A0FB45F69F141335CA4A822DAEF6AE481C708
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA3DB8, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: -$e+000$gfff
    • API String ID: 3215553584-2620144452
    • Opcode ID: bc7dc4fa0e8b2f60e11a4794f47deb6f5c527a521627f7a4bebf841baffbb6b9
    • Instruction ID: 04ae62584b87e2b794df630b4c24b4deded5635eef14f5e18b86b0c746edad49
    • Opcode Fuzzy Hash: bc7dc4fa0e8b2f60e11a4794f47deb6f5c527a521627f7a4bebf841baffbb6b9
    • Instruction Fuzzy Hash: F4511762F18BCA46E7258B799841369AB92E741FA0F48D331D79C87AE5EF7CD444C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD81360, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Event$ServiceSourceStatus$CurrentDebugDeregisterErrorLastOutputRegisterReportStringThread
    • String ID: SetServiceStatus$reporting service status %d
    • API String ID: 930536559-3563048423
    • Opcode ID: adc96c25b224bd91fe4a463eb85d8da6706e92aab44e8f4eb8b79f260d3b37e0
    • Instruction ID: e2c5863dfc1a389f9d459ba12aa5dd0ff19e8303319dca51a35500870ad47dff
    • Opcode Fuzzy Hash: adc96c25b224bd91fe4a463eb85d8da6706e92aab44e8f4eb8b79f260d3b37e0
    • Instruction Fuzzy Hash: A8414EB0E09D0E8AFB259F25A89017537E4FF0AB65F506339C40DC26A4FE3CB4499B44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8F6A8, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61synchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: MutexObjectReleaseSingleWait
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_libs\linked_list\linked_list.c$Rc==WAIT_OBJECT_0
    • API String ID: 2017088797-3943162538
    • Opcode ID: 2cc4fd6bf76c2a977022f8d7af0e5260aed5c66824c7bfeaaee586f32f43d3dd
    • Instruction ID: 82e3cb4f5f2dca23ec8ad806cf7d8302bf9694eba6af72dc5c41a2cd9b8c4f2a
    • Opcode Fuzzy Hash: 2cc4fd6bf76c2a977022f8d7af0e5260aed5c66824c7bfeaaee586f32f43d3dd
    • Instruction Fuzzy Hash: 4C210836E18E4A92EA019F22D98473AB3A4FB54FE0F159231EA5C87794EF38D441C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8AF90, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLastselect
    • String ID: File <%s> : error %d in system call %s %s$select
    • API String ID: 215497628-693340174
    • Opcode ID: da40d1d4cd19d7843acc4ff8239e545b65b31dc7fb5742ba89f5825a591da377
    • Instruction ID: a41c3be23ff9aa3ad3bccc9d3ba37908ab42fd60de57e44f1599d870309366e4
    • Opcode Fuzzy Hash: da40d1d4cd19d7843acc4ff8239e545b65b31dc7fb5742ba89f5825a591da377
    • Instruction Fuzzy Hash: C1218372E0CE4986EB609B24F4857AA73A0FB49B68F502335E64DC7B94EF3DD0458B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD829B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: inet_addrwsprintf
    • String ID: %02X%c$SOFTWARE\TFTPD32\DHCP
    • API String ID: 597441753-3735375762
    • Opcode ID: cc5fc33d7c265ad075578086e2cc20ed77ec45607b11ab1b54b9b2edfff40000
    • Instruction ID: 2f42d3dffee3399eb3da1867015c53ad9cea4d8135226c1a26dc217e6330f169
    • Opcode Fuzzy Hash: cc5fc33d7c265ad075578086e2cc20ed77ec45607b11ab1b54b9b2edfff40000
    • Instruction Fuzzy Hash: 47219531E0CE8691EB21DB15E45026977A1EB85F64F945236EA8C837A4EF3DD146CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD88500, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53sleepsynchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CloseCreateEventFileHandleObjectPrivateProfileResetSingleSleepStringWaitWritelstrcpywsprintf
    • String ID: end of registry thread
    • API String ID: 1102736310-994001429
    • Opcode ID: c045bd88e43dc2356f1f3cf4ff3f8147309574c8ed76e9bba898cc3ab5138773
    • Instruction ID: 997d4d51b8398d2d03698a674e84323abc9eeae76500c8591e5f34d778865f50
    • Opcode Fuzzy Hash: c045bd88e43dc2356f1f3cf4ff3f8147309574c8ed76e9bba898cc3ab5138773
    • Instruction Fuzzy Hash: 12212F65E09E0A82FB05AB35E4112796365AF84F64F101335DA0D873D6FE6CE840C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA26FC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA272F
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA2756
      • Part of subcall function 00007FF61DDA1DC4: GetProcAddress.KERNEL32(?,?,00000006,00007FF61DDA22FA,?,?,?,00007FF61DDA3822,?,?,?,00007FF61DDA1CF5), ref: 00007FF61DDA1F1C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: try_get_function$AddressProc
    • String ID: GetProcessWindowStation$GetUserObjectInformationW
    • API String ID: 1640347226-2732317663
    • Opcode ID: fc98bd3c5ae51aae6332c417a22e613e810639b1f502bf61c9ea32fea35456aa
    • Instruction ID: 389348da48fc51de12591e887718375377ca9b7599607ba6d537ec4eb4c6b574
    • Opcode Fuzzy Hash: fc98bd3c5ae51aae6332c417a22e613e810639b1f502bf61c9ea32fea35456aa
    • Instruction Fuzzy Hash: D9119031E18F8A91EA408B25E8502B527A0AF45FB4F44973AD94D867A4EF3DE505C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA2650, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA2670
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA26A2
      • Part of subcall function 00007FF61DDA1DC4: GetProcAddress.KERNEL32(?,?,00000006,00007FF61DDA22FA,?,?,?,00007FF61DDA3822,?,?,?,00007FF61DDA1CF5), ref: 00007FF61DDA1F1C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: try_get_function$AddressProc
    • String ID: GetActiveWindow$GetLastActivePopup
    • API String ID: 1640347226-3742175580
    • Opcode ID: a2cec305deb224cfa07a0a3112e47bd21f3a9ff59c27ac35af88caec3b02d38f
    • Instruction ID: 354457c2e1c047fa32eeae88bb44a4fd48696e591033184d2c20f24471d0aa72
    • Opcode Fuzzy Hash: a2cec305deb224cfa07a0a3112e47bd21f3a9ff59c27ac35af88caec3b02d38f
    • Instruction Fuzzy Hash: 10F0F950E1AE0F92FE54AB6198502B01290AF49FA8F8C9A35CD0C863F1FE3CB585D350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA25E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA2610
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA2632
      • Part of subcall function 00007FF61DDA1DC4: GetProcAddress.KERNEL32(?,?,00000006,00007FF61DDA22FA,?,?,?,00007FF61DDA3822,?,?,?,00007FF61DDA1CF5), ref: 00007FF61DDA1F1C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: try_get_function$AddressProc
    • String ID: MessageBoxA$MessageBoxW
    • API String ID: 1640347226-1053882329
    • Opcode ID: 49d7eef0ceff0c80d532de6265c1862a127f58b46a82c3492ed624aee4082e94
    • Instruction ID: fc1bd0649de6a13970715864ccf047cc2b9e0385233bb3d8d74dbda1c0df93cf
    • Opcode Fuzzy Hash: 49d7eef0ceff0c80d532de6265c1862a127f58b46a82c3492ed624aee4082e94
    • Instruction Fuzzy Hash: 13F03161D08A8FA5EB049FB0E8814E42351EB01B68B889337D94C821B5EE7CF949D740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA79B4, Relevance: 6.2, APIs: 4, Instructions: 161COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _get_daylight$_isindst
    • String ID:
    • API String ID: 4170891091-0
    • Opcode ID: b08e8ab649710f0702bf84911307a1dd81953373b0fd9c98fd1fd8c5d17ca81d
    • Instruction ID: 4d84beb1ac6a6394e0018a307eebe84a2b2835d50cb29ae1a4484f307e5e19b5
    • Opcode Fuzzy Hash: b08e8ab649710f0702bf84911307a1dd81953373b0fd9c98fd1fd8c5d17ca81d
    • Instruction Fuzzy Hash: E25107B3F0491A9AFF14CB74D9916BC2765AB407A8F518236DD1E97AE5EF38F8018700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAD2AC, Relevance: 6.2, APIs: 4, Instructions: 159COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$_get_daylight
    • String ID:
    • API String ID: 72036449-0
    • Opcode ID: 0a488fbf64944a83cc79d370c135f4718d5e10afa6a2dfeed06ede88d5b27c7d
    • Instruction ID: ef4010ac7887877d792b022c4fef051e2cc32d9a5dcd1bffae280f741028fc9f
    • Opcode Fuzzy Hash: 0a488fbf64944a83cc79d370c135f4718d5e10afa6a2dfeed06ede88d5b27c7d
    • Instruction Fuzzy Hash: 6951AC32E08E0B87F7695A2C94153BD6690AB40F74F19C735DA19C62FAFE6CE9408742
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9FC9C, Relevance: 6.1, APIs: 4, Instructions: 117pipeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
    • String ID:
    • API String ID: 2780335769-0
    • Opcode ID: 77d47b62fd6710c42dee886b01f3abeb13cf0632083838cab8b6c90503807202
    • Instruction ID: 818e7e9ce737934758aa9956496164b72236a1dae2aa0bb2205815afa9b461df
    • Opcode Fuzzy Hash: 77d47b62fd6710c42dee886b01f3abeb13cf0632083838cab8b6c90503807202
    • Instruction Fuzzy Hash: DE416B27E08A0A8AFB18DFB1D4613BD33A1AB44FA8F148635DE0987699EF39D4518740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD834AD, Relevance: 6.1, APIs: 4, Instructions: 79COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: inet_addr
    • String ID:
    • API String ID: 1393076350-0
    • Opcode ID: a078aac8d55924c3de4226ddff689d1970830b88aa7adcf1b6a59b7b364b94c5
    • Instruction ID: 82ec2c2a87be7559a8b0c2c96c59d1d0b75696444a857da49c5d66eb8de7d047
    • Opcode Fuzzy Hash: a078aac8d55924c3de4226ddff689d1970830b88aa7adcf1b6a59b7b364b94c5
    • Instruction Fuzzy Hash: B8315061F08E4A86FB16CF68A95037926909B40F74F045335CA6EC66E1FE7CE845D344
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD835F9, Relevance: 6.1, APIs: 4, Instructions: 64filenetworkCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Filelstrcatlstrcpyn$CloseCreateHandleSizehtonsinet_ntoa
    • String ID:
    • API String ID: 1366628434-0
    • Opcode ID: fc7c5d4f3b5a6144c3a7082b009791548ac2e142792e7d2fcd12e3acd55ec5e3
    • Instruction ID: a76bde8fd280a28343e100866a9f800d1f0226712bf5b04d501f6106a2db205c
    • Opcode Fuzzy Hash: fc7c5d4f3b5a6144c3a7082b009791548ac2e142792e7d2fcd12e3acd55ec5e3
    • Instruction Fuzzy Hash: 8E219421E08D4A81EB15CF24E8143B92360EB80B79F005335DA5E876E4FF3CE446C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8E5E4, Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Destroy$IconWindow$DialogDrawRelease
    • String ID:
    • API String ID: 1760091040-0
    • Opcode ID: 120f45886502cb2a6b661bf6c2c03b81e7e0b769d80ddc5e54d3c0ce54a1a1fe
    • Instruction ID: a8ecb37e364f4633fba6f27dad73c09853683e6eff3617c91f5b1261298b9c50
    • Opcode Fuzzy Hash: 120f45886502cb2a6b661bf6c2c03b81e7e0b769d80ddc5e54d3c0ce54a1a1fe
    • Instruction Fuzzy Hash: 7301A161E0CD0E81EA139B2299491B912A2AF4DFE0F009735C80EC7799FD2DE0489B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8E410, Relevance: 6.0, APIs: 4, Instructions: 24COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorLast$closesocketfreeaddrinfo
    • String ID:
    • API String ID: 80054576-0
    • Opcode ID: 655ee11370c103ccde0328ff2980669b9d59a2643b629ead60ae495e4e7609f6
    • Instruction ID: 2a5f719db3b8fc6d0967f0c6c700748f5a58520b7c5411ee2aa77169b7125b73
    • Opcode Fuzzy Hash: 655ee11370c103ccde0328ff2980669b9d59a2643b629ead60ae495e4e7609f6
    • Instruction Fuzzy Hash: 5AF03021F18E8682EA145B35F9444396365AF4AFF4B5C9330EA7E877E4EF2CD4968700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD94684, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 171COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: *
    • API String ID: 3215553584-163128923
    • Opcode ID: 06c5a9e7a25d0447302b4e1feba016f2bf581ddea531111f2311e3e72ad67fd1
    • Instruction ID: 70bf95a4f6ef0021ad07462fbf1146d0498429b133b54a0ae5758f2012049534
    • Opcode Fuzzy Hash: 06c5a9e7a25d0447302b4e1feba016f2bf581ddea531111f2311e3e72ad67fd1
    • Instruction Fuzzy Hash: 4A71A772D0DA5AC6E76C8F28806007C37A0FB45F68F141336DA49C229AFF7AD481D758
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD905BC, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112timenetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Timehtons$ErrorFileLastSystemlstrlen
    • String ID: Error %d receiving on socket %d
    • API String ID: 3937490843-910186022
    • Opcode ID: c44a6e81dee25f9f7251bb28df821808ecb9a2a6515d107a357bc6f8a3d92f74
    • Instruction ID: 5f79576da070255edb4f8456b0d59ae6c9562fe1c792bc3c23cfe258a2985fc0
    • Opcode Fuzzy Hash: c44a6e81dee25f9f7251bb28df821808ecb9a2a6515d107a357bc6f8a3d92f74
    • Instruction Fuzzy Hash: 7841B422F08A699AF714DB75E451AFC2361AB44BB8F404334EE1DD7AC5EE39E50AD700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDAA978, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: a1d1b92ea24507794c0b389abaae95294f8100e103a16f9f872406f305504655
    • Instruction ID: 701c109b4e77c86ee8b937f30c73bdec1c9437e67b0fe3b0999ab81317fc13f9
    • Opcode Fuzzy Hash: a1d1b92ea24507794c0b389abaae95294f8100e103a16f9f872406f305504655
    • Instruction Fuzzy Hash: 3C41A332B19E9585DB208F25E4443AA67A0FB88BA4F849235EE4DC7798EF3CD441CB41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA6E7C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CurrentDirectory
    • String ID: :
    • API String ID: 1611563598-336475711
    • Opcode ID: e8f702a23c76295a5152a25fbabd09494252dd11dc49d9125727849de83ddd3c
    • Instruction ID: f63874ae8cab991959d421c04893ecbf62e2e179b5332e287d9ac91e09ade9fa
    • Opcode Fuzzy Hash: e8f702a23c76295a5152a25fbabd09494252dd11dc49d9125727849de83ddd3c
    • Instruction Fuzzy Hash: AB219126E08E4AC1FB209B61D04427963A5EB84FA4F85C335DA5C87694EF7CE985C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD9F17C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _set_error_mode
    • String ID: C:\Users\ark\source\repos\tftpd64\src\_libs\linked_list\linked_list.c$pmsg != NULL
    • API String ID: 1949149715-3902498152
    • Opcode ID: 8c2a3c10a0ccb831a711b4ff7c9f30015e6e588bd4d151ed9493dac1814a35c7
    • Instruction ID: a895735d24cd215fde49d4f5acff38c1361ca81f68c74b0c9fc9097adb20731e
    • Opcode Fuzzy Hash: 8c2a3c10a0ccb831a711b4ff7c9f30015e6e588bd4d151ed9493dac1814a35c7
    • Instruction Fuzzy Hash: 7D110672F18F5581E7289B12A950069A664EB84FE0F184231EF4C83FA5DE3DD591C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD8BD60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51stringnetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CurrentDebugOutputStringThreadhtonslstrcpy
    • String ID: starting transfer %d
    • API String ID: 2739088543-2691431343
    • Opcode ID: c8e799b20c985402c1f6ff69904786c3d3dcece4450b9835f4e9b3fdbfd7caec
    • Instruction ID: 6457c1efde440865ca195695aba285811c6e6d7aad07f043867326348cfb0261
    • Opcode Fuzzy Hash: c8e799b20c985402c1f6ff69904786c3d3dcece4450b9835f4e9b3fdbfd7caec
    • Instruction Fuzzy Hash: 6B310E62D08AC481E3224F38E4027E97374FF99B59F44A231EF8816157FF39A1D58B50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA2118, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CompareStringtry_get_function
    • String ID: CompareStringEx
    • API String ID: 3328479835-2590796910
    • Opcode ID: 584e1ecb451b6092604f3fb7adedb1ada995e76114d0efe26108b8225a8508d5
    • Instruction ID: 97d1c08530820c6237305e4d0abae7072e6c41ed126c6ef55df83307ed82616b
    • Opcode Fuzzy Hash: 584e1ecb451b6092604f3fb7adedb1ada995e76114d0efe26108b8225a8508d5
    • Instruction Fuzzy Hash: B2111F36A08F8586D760CB16F4402AAB7A4FBC9BD4F548236EE8D83B59DF3CD5408B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA23CC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Stringtry_get_function
    • String ID: LCMapStringEx
    • API String ID: 2588686239-3893581201
    • Opcode ID: f185d12321e6d03a235d4bdfaf62f452b7bce42f0c62123bc19f37e38a338651
    • Instruction ID: 8f26cea7764096f425084d1c70776ba51ee8d40cc8e598984f41b16a89e58f17
    • Opcode Fuzzy Hash: f185d12321e6d03a235d4bdfaf62f452b7bce42f0c62123bc19f37e38a338651
    • Instruction Fuzzy Hash: 94110E36A08B8586D760CB56F4402AAB7A5FBC9FD4F548236EE8D83B59DF3CD4448B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDADC30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: :
    • API String ID: 3215553584-336475711
    • Opcode ID: d55ce9f59378acb66b0218760885dca6f03beb653127901273080f1e1300c9a7
    • Instruction ID: f5f80b567e8c28282c4aac753444fe306f2be36e01e306ac5fe504a2f3851252
    • Opcode Fuzzy Hash: d55ce9f59378acb66b0218760885dca6f03beb653127901273080f1e1300c9a7
    • Instruction Fuzzy Hash: 5F01D661D1CA0A82F720AF60985127E73A0EF48FA4F815735D54DC66A5FF3CE5448B18
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA2368, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA2399
    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF61DDA5BCA,?,?,?,00007FF61DDA5AC2,?,?,00000080,00007FF61DD9E949), ref: 00007FF61DDA23B3
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: CountCriticalInitializeSectionSpintry_get_function
    • String ID: InitializeCriticalSectionEx
    • API String ID: 539475747-3084827643
    • Opcode ID: f8faebe83fde4d38670ade666f166a85684692ec5c9c026194eb5361ee577ab8
    • Instruction ID: aeb369b3329114680abf9d2b12cfd3e571cf7c8641143e6f83f07d9a756663d9
    • Opcode Fuzzy Hash: f8faebe83fde4d38670ade666f166a85684692ec5c9c026194eb5361ee577ab8
    • Instruction Fuzzy Hash: 8BF0B421E18E9981EB048B51E8404A43661AF49FE0F48D336DD0E43794EE7CE844C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DD92648, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DD92671
    • TlsSetValue.KERNEL32(?,?,?,00007FF61DD9231D,?,?,?,?,00007FF61DD921A4,?,?,?,?,00007FF61DD90DF3), ref: 00007FF61DD92688
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Valuetry_get_function
    • String ID: FlsSetValue
    • API String ID: 738293619-3750699315
    • Opcode ID: bb2f03fbf2354a29de0b1393cb2f432b1aa366f109832d4e5a9fcde2e3f75e65
    • Instruction ID: e0d151ec469a94a828bd757e9ed78ed0d597d4a04404fa59b156aaf429120624
    • Opcode Fuzzy Hash: bb2f03fbf2354a29de0b1393cb2f432b1aa366f109832d4e5a9fcde2e3f75e65
    • Instruction Fuzzy Hash: 1DE06561E19D4A92EB084F60F8500B46221AF48FF4F988335D91D862D4EE3CD444C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA22CC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF61DDA22F5
    • TlsSetValue.KERNEL32(?,?,?,00007FF61DDA3822,?,?,?,00007FF61DDA1CF5,?,?,?,?,00007FF61DD96FA3), ref: 00007FF61DDA230C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: Valuetry_get_function
    • String ID: FlsSetValue
    • API String ID: 738293619-3750699315
    • Opcode ID: 28a9a9b3b772d9c0c78880d7300bfe6987b032711848728981982c3737c35a2b
    • Instruction ID: c92ac1d4a2caf16e4acd8efde03a57f1d669463ed87dd35b0d34deeb8152b65a
    • Opcode Fuzzy Hash: 28a9a9b3b772d9c0c78880d7300bfe6987b032711848728981982c3737c35a2b
    • Instruction Fuzzy Hash: 5DE06561E1CD4AD1EE044B61E8400B42221AF49FE4F48D735D91D862E4EE3CE455C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF61DDA24A8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.263196757.00007FF61DD81000.00000020.00020000.sdmp, Offset: 00007FF61DD80000, based on PE: true
    • Associated: 00000000.00000002.263192905.00007FF61DD80000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263217249.00007FF61DDB1000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.263228114.00007FF61DDC1000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263232517.00007FF61DDC2000.00000008.00020000.sdmp Download File
    • Associated: 00000000.00000002.263236145.00007FF61DDC3000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.263240782.00007FF61DDCE000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff61dd80000_tftpd64_svc.jbxd
    Similarity
    • API ID: DownlevelLocaleName__crttry_get_function
    • String ID: LocaleNameToLCID
    • API String ID: 404522899-2050040251
    • Opcode ID: a30bbcd7df7678d83c040fb0a688a04864384833ec0656cfb52ae65649c74f5a
    • Instruction ID: 9eb90edef5cc429a554432fd54308dd85254191be8139bfb8e77f5c07d062aac
    • Opcode Fuzzy Hash: a30bbcd7df7678d83c040fb0a688a04864384833ec0656cfb52ae65649c74f5a
    • Instruction Fuzzy Hash: 86E09221E0CD4BD2FE149BA5F8400F92221AF89FA4F58D332D90D462E1EE7CE845D300
    Uniqueness

    Uniqueness Score: -1.00%