Edit tour

Windows Analysis Report
73zGJqwgDy.exe

Overview

General Information

Sample name:	73zGJqwgDy.exe renamed because original name is a hash value
Original sample name:	9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d.exe
Analysis ID:	1436571
MD5:	31c73b1faf2ac14c68e5ec56bfb6d3a6
SHA1:	27b775e8543494a1d3bb3a5d11ebe9b7fb9a401b
SHA256:	9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d
Tags:	exemofongo-loader
Infos:

Detection

MofongoLoader

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected MofongoLoader

Found direct / indirect Syscall (likely to bypass EDR)

Adds / modifies Windows certificates

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain checking for process token information

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

73zGJqwgDy.exe (PID: 6708 cmdline: "C:\Users\user\Desktop\73zGJqwgDy.exe" MD5: 31C73B1FAF2AC14C68E5EC56BFB6D3A6)

msedge.exe (PID: 4176 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: BF154738460E4AB1D388970E1AB13FAB)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2032161793.0000016028D31000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000003.2031415601.0000016028BAC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000000.2029784787.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000003.2031549611.0000016028BC6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000003.2033297065.0000016028B9A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000003.2033207199.0000016028D31000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000003.2031259852.0000016028B9B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
00000000.00000003.2033094783.0000016029181000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MofongoLoader	Yara detected MofongoLoader	Joe Security
Click to see the 4 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 73zGJqwgDy.exe

Virustotal: Detection: 14%

Perma Link

Source: 73zGJqwgDy.exe

Static PE information: certificate valid

Source: unknown

HTTPS traffic detected: 172.67.174.47:443 -> 192.168.2.6:49702 version: TLS 1.2

Source: 73zGJqwgDy.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B6B79F4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,

0_2_00007FF79B6B79F4

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B681530 _Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::WorkQueue::IsStructuredEmpty,InternetOpenW,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::WorkQueue::IsStructuredEmpty,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,InternetConnectW,InternetCloseHandle,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,Concurrency::details::WorkQueue::IsStructuredEmpty,HttpSendRequestA,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,InternetReadFile,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,MultiByteToWideChar,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,MultiByteToWideChar,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,InternetCloseHandle,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,

0_2_00007FF79B681530

Source: global traffic

DNS traffic detected: DNS query: checkcloudnet.com

Source: unknown

HTTP traffic detected: POST /check/connection HTTP/1.1Content-Type: application/jsonUser-Agent: UA/1Host: checkcloudnet.comContent-Length: 99Cache-Control: no-cache

Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACe
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 73zGJqwgDy.exe, 00000000.00000003.2033297065.0000016028B9A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.usertrust.
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: 73zGJqwgDy.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 73zGJqwgDy.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: 73zGJqwgDy.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/
Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/.
Source: 73zGJqwgDy.exe, 73zGJqwgDy.exe, 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmp, 73zGJqwgDy.exe, 00000000.00000003.2060139022.0000016028D3F000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000003.2060260743.0000016028BDE000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2060973626.0000016028BE1000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2061054833.0000016028D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/check/connection
Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/check/connection&
Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/check/connectionPt
Source: 73zGJqwgDy.exe, 00000000.00000003.2060260743.0000016028BDE000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2060973626.0000016028BE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/check/connectionT
Source: 73zGJqwgDy.exe, 00000000.00000003.2060139022.0000016028D3F000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2061054833.0000016028D3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/check/connectionUn
Source: 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkcloudnet.com/check/connectionlowed
Source: 73zGJqwgDy.exe	String found in binary or memory: https://sectigo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown

HTTPS traffic detected: 172.67.174.47:443 -> 192.168.2.6:49702 version: TLS 1.2

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B692160 shared_ptr,shared_ptr,GetModuleHandleA,shared_ptr,shared_ptr,GetModuleHandleA,shared_ptr,shared_ptr,GetModuleHandleA,shared_ptr,shared_ptr,GetModuleHandleA,shared_ptr,shared_ptr,GetModuleHandleA,shared_ptr,shared_ptr,GetModuleHandleA,shared_ptr,shared_ptr,GetModuleHandleA,CreatePipe,SetHandleInformation,CreateProcessA,CloseHandle,CloseHandle,NtCreateSection,CloseHandle,CloseHandle,CloseHandle,CloseHandle,GetCurrentProcess,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,GetStdHandle,ReadFile,GetCurrentProcess,CloseHandle,CloseHandle,CloseHandle,CloseHandle,

0_2_00007FF79B692160

Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6BDF20	0_2_00007FF79B6BDF20
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6AB4A0	0_2_00007FF79B6AB4A0
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B692160	0_2_00007FF79B692160
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A7CB0	0_2_00007FF79B6A7CB0
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6BAB5C	0_2_00007FF79B6BAB5C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B1B2C	0_2_00007FF79B6B1B2C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6BEA24	0_2_00007FF79B6BEA24
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A7AC8	0_2_00007FF79B6A7AC8
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A89F4	0_2_00007FF79B6A89F4
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B79F4	0_2_00007FF79B6B79F4
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6AB9AC	0_2_00007FF79B6AB9AC
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A7E98	0_2_00007FF79B6A7E98
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B0E0C	0_2_00007FF79B6B0E0C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6AF448	0_2_00007FF79B6AF448
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A84E0	0_2_00007FF79B6A84E0
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6AC300	0_2_00007FF79B6AC300
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6AE170	0_2_00007FF79B6AE170
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6BC134	0_2_00007FF79B6BC134
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B21AC	0_2_00007FF79B6B21AC
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B167C	0_2_00007FF79B6B167C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B962C	0_2_00007FF79B6B962C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6B6698	0_2_00007FF79B6B6698
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A9580	0_2_00007FF79B6A9580

Source: 73zGJqwgDy.exe, 00000000.00000003.2033094783.0000016029223000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCloudSecurity.exeX8 vs 73zGJqwgDy.exe
Source: 73zGJqwgDy.exe, 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameCloudSecurity.exeX8 vs 73zGJqwgDy.exe
Source: 73zGJqwgDy.exe	Binary or memory string: OriginalFilenameCloudSecurity.exeX8 vs 73zGJqwgDy.exe

Source: classification engine

Classification label: mal60.troj.evad.winEXE@3/0@1/1

Source: 73zGJqwgDy.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 73zGJqwgDy.exe

Virustotal: Detection: 14%

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

File read: C:\Users\user\Desktop\73zGJqwgDy.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\73zGJqwgDy.exe "C:\Users\user\Desktop\73zGJqwgDy.exe"
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"	Jump to behavior

Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: 73zGJqwgDy.exe

Static PE information: certificate valid

Source: 73zGJqwgDy.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 73zGJqwgDy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 73zGJqwgDy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 73zGJqwgDy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 73zGJqwgDy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 73zGJqwgDy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 73zGJqwgDy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 73zGJqwgDy.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: 73zGJqwgDy.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: 73zGJqwgDy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 73zGJqwgDy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 73zGJqwgDy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 73zGJqwgDy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 73zGJqwgDy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Yara detected MofongoLoader

Source: Yara match	File source: 00000000.00000003.2032161793.0000016028D31000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2031415601.0000016028BAC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.2029784787.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2031549611.0000016028BC6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2033297065.0000016028B9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2033207199.0000016028D31000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2031259852.0000016028B9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2033094783.0000016029181000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B690B50 _Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,CheckTokenMembership,_Mtx_guard::~_Mtx_guard,_Mtx_guard::~_Mtx_guard,LoadLibraryA,GetProcAddress,

0_2_00007FF79B690B50

Source: 73zGJqwgDy.exe

Static PE information: real checksum: 0xa7e3c should be: 0xa907f

Source: 73zGJqwgDy.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

0_2_00007FF79B681530

Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT			Jump to behavior

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-22591

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B6B79F4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,

0_2_00007FF79B6B79F4

Source: 73zGJqwgDy.exe, 00000000.00000002.2060973626.0000016028BFC000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B8B000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000003.2060260743.0000016028BFC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B6A6CD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF79B6A6CD0

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

0_2_00007FF79B690B50

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B6BBE4C GetProcessHeap,

0_2_00007FF79B6BBE4C

Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A6CD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF79B6A6CD0
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A1060 SetUnhandledExceptionFilter,	0_2_00007FF79B6A1060
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A0EBC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF79B6A0EBC
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: 0_2_00007FF79B6A02BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF79B6A02BC

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

NtCreateSection: Indirect: 0x7FF79B692665

Jump to behavior

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Jump to behavior

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B6C1040 cpuid

0_2_00007FF79B6C1040

Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF79B6BBB34
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF79B6BB958
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: GetLocaleInfoW,	0_2_00007FF79B6BBA08
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: GetLocaleInfoW,	0_2_00007FF79B6B39E8
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF79B6BB100
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: EnumSystemLocalesW,	0_2_00007FF79B6BB44C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: GetLocaleInfoW,	0_2_00007FF79B6BB800
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: EnumSystemLocalesW,	0_2_00007FF79B6BB51C
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF79B6BB5B4
Source: C:\Users\user\Desktop\73zGJqwgDy.exe	Code function: EnumSystemLocalesW,	0_2_00007FF79B6B35A8

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Code function: 0_2_00007FF79B6A0DA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF79B6A0DA0

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\73zGJqwgDy.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	11 Process Injection	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	11 Process Injection	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	Security Account Manager	21 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	23 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
73zGJqwgDy.exe	14%	Virustotal		Browse
73zGJqwgDy.exe	11%	ReversingLabs

Source	Detection	Scanner	Label	Link
checkcloudnet.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
https://checkcloudnet.com/check/connectionUn	0%	Avira URL Cloud	safe
https://checkcloudnet.com/check/connection&	0%	Avira URL Cloud	safe
https://checkcloudnet.com/check/connectionT	0%	Avira URL Cloud	safe
http://crl.usertrust.	0%	Avira URL Cloud	safe
https://checkcloudnet.com/.	0%	Avira URL Cloud	safe
https://checkcloudnet.com/check/connection	0%	Avira URL Cloud	safe
https://checkcloudnet.com/check/connectionlowed	0%	Avira URL Cloud	safe
https://checkcloudnet.com/	0%	Avira URL Cloud	safe
https://checkcloudnet.com/check/connectionPt	0%	Avira URL Cloud	safe
https://checkcloudnet.com/.	0%	Virustotal		Browse
https://checkcloudnet.com/check/connectionT	0%	Virustotal		Browse
https://checkcloudnet.com/check/connection	0%	Virustotal		Browse
https://checkcloudnet.com/check/connectionlowed	0%	Virustotal		Browse
https://checkcloudnet.com/check/connection&	0%	Virustotal		Browse
https://checkcloudnet.com/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
checkcloudnet.com	172.67.174.47	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://checkcloudnet.com/check/connection	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://checkcloudnet.com/check/connectionUn	73zGJqwgDy.exe, 00000000.00000003.2060139022.0000016028D3F000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2061054833.0000016028D3F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	73zGJqwgDy.exe	false	URL Reputation: safe	unknown
https://checkcloudnet.com/check/connection&	73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	73zGJqwgDy.exe	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	73zGJqwgDy.exe	false	URL Reputation: safe URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	73zGJqwgDy.exe	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	73zGJqwgDy.exe	false	URL Reputation: safe	unknown
http://crl.usertrust.	73zGJqwgDy.exe, 00000000.00000003.2033297065.0000016028B9A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	73zGJqwgDy.exe	false	URL Reputation: safe URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	73zGJqwgDy.exe	false	URL Reputation: safe	unknown
https://checkcloudnet.com/.	73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://checkcloudnet.com/check/connectionT	73zGJqwgDy.exe, 00000000.00000003.2060260743.0000016028BDE000.00000004.00000020.00020000.00000000.sdmp, 73zGJqwgDy.exe, 00000000.00000002.2060973626.0000016028BE1000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	73zGJqwgDy.exe	false	URL Reputation: safe	unknown
https://checkcloudnet.com/check/connectionlowed	73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B38000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://checkcloudnet.com/	73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028BD8000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://checkcloudnet.com/check/connectionPt	73zGJqwgDy.exe, 00000000.00000002.2060864742.0000016028B8B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.174.47	checkcloudnet.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1436571
Start date and time:	2024-05-06 02:34:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	73zGJqwgDy.exe renamed because original name is a hash value
Original Sample Name:	9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d.exe
Detection:	MAL
Classification:	mal60.troj.evad.winEXE@3/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 39 Number of non-executed functions: 86
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.174.47	Hy424UHYHW.exe	Get hash	malicious	MofongoLoader	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkcloudnet.com	J5kltefeTK.exe	Get hash	malicious	MofongoLoader	Browse	104.21.30.238
	R3vjRWX78A.exe	Get hash	malicious	MofongoLoader	Browse	104.21.30.238
	Hy424UHYHW.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	hhuMIEqMI4.exe	Get hash	malicious	MofongoLoader	Browse	104.21.30.238
	6K9cOetNqp.exe	Get hash	malicious	MofongoLoader	Browse	104.21.30.238
	hoe3lPtxUv.exe	Get hash	malicious	MofongoLoader	Browse	104.21.30.238

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	J5kltefeTK.exe	Get hash	malicious	MofongoLoader	Browse	104.21.30.238
	qxn9Zvy1at.exe	Get hash	malicious	MofongoLoader	Browse	172.67.214.45
	https://reactivate-account.live/	Get hash	malicious	Unknown	Browse	172.67.74.152
	https://rkr.wyd.mybluehost.me/bont/off/MTTRBDFH/index.php?FGDD=1	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://igrejavideiravl.com/css/MTTRBDFH/index.php?FGDD=1	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://hotwaterspecialistsydney.com.au	Get hash	malicious	Unknown	Browse	104.18.10.207
	https://yxl.oha.mybluehost.me/DO/net/login.php	Get hash	malicious	Unknown	Browse	162.247.243.29
	https://launchedmaleperf0rmesxx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
	pDWZMd3100.elf	Get hash	malicious	Mirai, Gafgyt	Browse	8.47.122.39
	https://srv69476.seohost.com.pl/public/jeieTM3XihA3VcSzLhEBi7OyIY8jw7GI	Get hash	malicious	Unknown	Browse	104.21.234.144

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	J5kltefeTK.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	qxn9Zvy1at.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	R3vjRWX78A.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	Hy424UHYHW.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	hhuMIEqMI4.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	6K9cOetNqp.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	hoe3lPtxUv.exe	Get hash	malicious	MofongoLoader	Browse	172.67.174.47
	BS4GDarWw6.exe	Get hash	malicious	Vidar	Browse	172.67.174.47
	Arrival Notice.pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	172.67.174.47
	E7236252-receipt.vbs	Get hash	malicious	XWorm	Browse	172.67.174.47

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	4.894351813667311
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	73zGJqwgDy.exe
File size:	685'800 bytes
MD5:	31c73b1faf2ac14c68e5ec56bfb6d3a6
SHA1:	27b775e8543494a1d3bb3a5d11ebe9b7fb9a401b
SHA256:	9f2385763546df324e9ba77aa2ba312c890ffdbc0e6e379281ba321c0242318d
SHA512:	41caca74f9b7d1702bf125824fac51a3ef375351d90a8a2794275f1e4838d6c79c44b0593ae5c975a89042e4d55017022f0d496457b0319a29b744114e3baede
SSDEEP:	6144:xwrGnfIRzRSPpwMHjH4ZGL3O0b83ii96AMaJB8udk4+xZRtiKzvzaOLVY9:xAGwtRSPuMHjH0GL3OB3x6Faa69
TLSH:	05E47EC6E6640CECF57688388D73721AA9617CB9432056C726907676DB336E4F93B703
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........ZY...Y...Y......._...............I...Y...X..._X..I..._X..K..._X..........^...Y...1...6X..]...6X..X...6X..X...RichY..........

File Icon


Icon Hash:	0c961b1311919080

Static PE Info

General

Entrypoint:	0x14002097c
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65D52C37 [Tue Feb 20 22:48:23 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	9e618d3714c6ac086a06d7e977b5ceb1

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	15/05/2023 02:00:00 15/05/2024 01:59:59
Subject Chain	CN=GreenEngine OU, O=GreenEngine OU, S=Harjumaa, C=EE
Version:	3
Thumbprint MD5:	47413D0F40F4C211F6527804E95DBB34
Thumbprint SHA-1:	69B1966E16949B9C76A66C82EB077109F764EBA2
Thumbprint SHA-256:	A0D0C4ACBCCEBD5C03FF416E1AD2487E7A936F799A57D84EDE3CC9F8C0BCD819
Serial:	6AB35C5785260695E9C012514DB0C299

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FC8F0D67680h
dec eax
add esp, 28h
jmp 00007FC8F0D670D7h
int3
int3
dec eax
sub esp, 28h
call 00007FC8F0D67A10h
test eax, eax
je 00007FC8F0D67283h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007FC8F0D67267h
dec eax
cmp ecx, eax
je 00007FC8F0D67276h
xor eax, eax
dec eax
cmpxchg dword ptr [0003899Ch], ecx
jne 00007FC8F0D67250h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007FC8F0D67259h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007FC8F0D67269h
mov byte ptr [00038985h], 00000001h
call 00007FC8F0D67459h
call 00007FC8F0D68BB8h
test al, al
jne 00007FC8F0D67266h
xor al, al
jmp 00007FC8F0D67276h
call 00007FC8F0D7617Bh
test al, al
jne 00007FC8F0D6726Bh
xor ecx, ecx
call 00007FC8F0D68BC8h
jmp 00007FC8F0D6724Ch
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [0003894Ch], 00000000h
mov ebx, ecx
jne 00007FC8F0D672C9h
cmp ecx, 01h
jnbe 00007FC8F0D672CCh
call 00007FC8F0D67986h
test eax, eax
je 00007FC8F0D6728Ah
test ebx, ebx
jne 00007FC8F0D67286h
dec eax
lea ecx, dword ptr [00038936h]
call 00007FC8F0D75F9Ah
test eax, eax
jne 00007FC8F0D67272h
dec eax
lea ecx, dword ptr [0003893Eh]
call 00007FC8F0D6728Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x55ea4	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x62000	0x481ca	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x5b000	0x4758	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa4a00	0x2ce8	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x61000	0xad8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x503d0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x50290	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x44000	0x2f8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x42b14	0x42c00	7537927333c051664949aefc61fd5a1a	False	0.45422591877340823	data	6.130993027929059	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x44000	0x128b6	0x12a00	db38c9bfabbf3462d8921fc81bba7ffb	False	0.40687919463087246	data	4.88570170944556	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x57000	0x31a0	0x1800	faaede84d1ee141a6e2b3f859f8aa999	False	0.15836588541666666	data	3.216862681128812	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x5b000	0x4758	0x4800	111bb645f8306dbe2dcb9e0e4e7bb530	False	0.4660373263888889	data	5.517520409001171	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x60000	0x1f4	0x200	43c0e7d2b7012672ebc0b5fead60d58c	False	0.509765625	data	4.194331301484952	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x61000	0xad8	0xc00	0f6bcfae9a63d31ff4bf3727432f9489	False	0.47265625	data	5.258543532793456	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x62000	0x481ca	0x48200	a5f727b7d39d4259faeb98440a981cb6	False	0.048090202556325824	data	2.052089933396767	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x62280	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m			0.24379432624113476
RT_ICON	0x626e8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m			0.16434426229508198
RT_ICON	0x63070	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m			0.13297373358348968
RT_ICON	0x64118	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m			0.08952282157676349
RT_ICON	0x666c0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m			0.06914265470004724
RT_ICON	0x6a8e8	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 2835 x 2835 px/m			0.052843178473828044
RT_ICON	0x73d90	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m			0.04186383532473678
RT_ICON	0x845b8	0x25228	Device independent bitmap graphic, 192 x 384 x 32, image size 147456, resolution 2835 x 2835 px/m			0.031701993372955345
RT_GROUP_ICON	0xa97e0	0x76	data			0.7372881355932204
RT_VERSION	0xa9858	0x36c	data			0.4189497716894977
RT_MANIFEST	0xa9bc4	0x606	XML 1.0 document, ASCII text	English	United States	0.45395590142671854

Imports

DLL	Import
KERNEL32.dll	MultiByteToWideChar, GetStdHandle, ReadFile, CloseHandle, LoadLibraryA, CreatePipe, GetCurrentProcess, CreateProcessA, GetModuleHandleA, SetEndOfFile, SetHandleInformation, GetProcAddress, WriteConsoleW, HeapSize, WideCharToMultiByte, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlPcToFileHeader, RaiseException, RtlUnwindEx, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, HeapReAlloc, GetFileSizeEx, SetFilePointerEx, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, ReadConsoleW, CreateFileW, RtlUnwind
ADVAPI32.dll	OpenProcessToken
WININET.dll	InternetCloseHandle

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2024 02:34:47.810739994 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:47.810786009 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:47.810913086 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:47.819674969 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:47.819690943 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.056312084 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.056442022 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.077299118 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.077322006 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.077522039 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.077677965 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.079463005 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.124110937 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.568388939 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.568587065 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.568603039 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.568681955 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626329899 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626373053 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626398087 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626396894 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626410007 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626617908 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626617908 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626729012 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626773119 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626780033 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626806021 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626827955 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626836061 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.626852989 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.626892090 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.627329111 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.627372026 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.627660990 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.627701044 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.627706051 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.627738953 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.627743006 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.627748966 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.627769947 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.627803087 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.627806902 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.627837896 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.628416061 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.628454924 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.628460884 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.628493071 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.628498077 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.628534079 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.628537893 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.628547907 CEST	443	49702	172.67.174.47	192.168.2.6
May 6, 2024 02:34:48.628585100 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.628596067 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.808921099 CEST	49702	443	192.168.2.6	172.67.174.47
May 6, 2024 02:34:48.808948040 CEST	443	49702	172.67.174.47	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2024 02:34:47.653430939 CEST	57005	53	192.168.2.6	1.1.1.1
May 6, 2024 02:34:47.805388927 CEST	53	57005	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 6, 2024 02:34:47.653430939 CEST	192.168.2.6	1.1.1.1	0x5cc2	Standard query (0)	checkcloudnet.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 6, 2024 02:34:47.805388927 CEST	1.1.1.1	192.168.2.6	0x5cc2	No error (0)	checkcloudnet.com		172.67.174.47	A (IP address)	IN (0x0001)	false
May 6, 2024 02:34:47.805388927 CEST	1.1.1.1	192.168.2.6	0x5cc2	No error (0)	checkcloudnet.com		104.21.30.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

checkcloudnet.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49702	172.67.174.47	443	6708	C:\Users\user\Desktop\73zGJqwgDy.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-06 00:34:48 UTC	155	OUT	POST /check/connection HTTP/1.1 Content-Type: application/json User-Agent: UA/1 Host: checkcloudnet.com Content-Length: 99 Cache-Control: no-cache
2024-05-06 00:34:48 UTC	99	OUT	Data Raw: 7b 22 61 70 70 69 64 22 3a 22 37 33 34 30 65 38 39 34 2d 37 37 64 33 2d 34 62 31 62 2d 39 64 63 63 2d 61 34 33 64 65 63 33 38 65 65 39 31 22 2c 22 64 65 76 69 63 65 69 64 22 3a 22 35 32 31 32 32 34 36 31 32 32 36 35 38 33 36 39 33 34 30 35 31 31 37 32 34 37 36 37 35 36 36 33 34 31 30 30 33 22 7d Data Ascii: {"appid":"7340e894-77d3-4b1b-9dcc-a43dec38ee91","deviceid":"5212246122658369340511724767566341003"}
2024-05-06 00:34:48 UTC	377	IN	HTTP/1.1 200 OK Date: Mon, 06 May 2024 00:34:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-store Vary: Accept-Encoding CF-Cache-Status: DYNAMIC NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: Server: cloudflare CF-RAY: 87f4e2fb9ae54c20-MIA alt-svc: h3=":443"; ma=86400
2024-05-06 00:34:48 UTC	364	IN	Data Raw: 31 36 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 27 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 64 65 73 63 72 69 70 74 69 6f 6e 27 20 63 6f 6e 74 65 6e 74 3d 27 54 68 65 20 74 72 61 64 69 74 69 6f 6e 20 6f 66 20 73 74 61 72 74 69 6e 67 20 79 6f 75 72 20 70 72 6f 67 72 61 6d 6d 69 6e 67 20 6a 6f 75 72 6e 65 79 20 77 69 74 68 20 61 20 22 48 65 6c 6c 6f 20 57 6f 72 6c 64 22 20 61 70 70 6c 69 63 61 Data Ascii: 165<!DOCTYPE html><html lang='en'><head><meta charset='UTF-8'><meta name='viewport' content='width=device-width, initial-scale=1.0'><meta name='description' content='The tradition of starting your programming journey with a "Hello World" applica
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 35 38 34 32 0d 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 27 69 63 6f 6e 27 20 74 79 70 65 3d 27 69 6d 61 67 65 2f 70 6e 67 27 20 68 72 65 66 3d 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 67 41 41 41 41 49 41 43 41 59 41 41 41 44 30 65 4e 54 36 41 41 41 41 42 48 4e 43 53 56 51 49 43 41 67 49 66 41 68 6b 69 41 41 41 41 41 6c 77 53 46 6c 7a 41 41 41 4f 78 41 41 41 44 73 51 42 6c 53 73 4f 47 77 41 41 41 42 6c 30 52 56 68 30 55 32 39 6d 64 48 64 68 63 6d 55 41 64 33 64 33 4c 6d 6c 75 61 33 4e 6a 59 58 42 6c 4c 6d 39 79 5a 35 76 75 50 42 6f 41 41 43 41 41 53 55 52 42 56 48 69 63 37 64 31 35 6d 42 78 58 65 66 62 2f 2b 36 6e 75 47 59 30 6b 32 35 49 74 32 51 34 45 62 Data Ascii: 5842<link rel='icon' type='image/png' href='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d15mBxXefb/+6nuGY0k25It2Q4Eb
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 46 71 66 66 66 50 77 44 41 45 62 49 64 41 45 79 33 4b 66 53 2f 44 33 7a 52 5a 7a 39 32 67 59 30 64 32 54 78 63 39 2f 79 74 59 32 50 6e 53 38 45 2f 53 50 36 34 4c 6c 52 34 69 38 7a 65 4f 72 6c 77 36 50 4c 4c 69 6a 62 65 71 72 35 66 37 68 31 37 68 6e 6e 77 44 35 49 2f 4e 76 58 71 65 76 2f 39 41 77 42 45 53 48 77 70 34 49 75 76 33 76 4e 32 75 62 30 35 36 58 34 54 5a 2f 72 69 34 4d 4b 46 4c 2f 6c 77 30 65 36 62 37 74 44 68 59 51 39 2b 39 5a 53 78 74 37 76 73 6a 55 70 68 43 32 55 64 47 4f 51 7a 45 34 73 57 76 72 7a 56 69 66 39 49 47 79 37 33 33 48 48 48 37 48 32 48 75 64 36 51 52 6d 32 53 65 76 37 39 41 34 42 35 4a 2f 44 7a 50 37 46 2b 38 64 57 4a 64 5a 64 55 52 2f 33 46 50 2f 6d 51 72 79 31 38 2f 6b 78 4f 58 70 49 30 50 47 7a 68 78 38 39 66 2f 48 2f 64 39 4f Data Ascii: FqfffPwDAEbIdAEy3KfS/D3zRZz92gY0d2Txc9/ytY2PnS8E/SP64LlR4i8zeOrlw6PLLijbeqr5f7h17hnnwD5I/NvXqev/9AwBESHwp4Iuv3vN2ub056X4TZ/ri4MKFL/lw0e6b7tDhYQ9+9ZSxt7vsjUphC2UdGOQzE4sWvrzVif9IGy733HHH7H2Hud6QRm2Sev79A4B5J/DzP7F+8dWJdZdUR/3FP/mQry18/kxOXpI0PGzhx89f/H/d9O
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 67 74 7a 65 74 30 6b 36 4f 65 47 36 4d 43 66 32 45 6c 66 34 6b 6f 75 76 47 76 75 4e 44 6a 79 64 4d 53 38 58 50 51 46 6d 61 45 44 53 67 31 31 4b 35 4a 36 73 58 70 61 31 41 43 44 4a 6e 2f 37 4c 70 2b 37 39 52 30 6c 76 62 50 65 56 46 31 2b 31 35 79 38 6b 2b 39 4d 4f 46 48 57 34 43 79 2b 2b 61 75 38 33 50 33 48 2b 77 6e 65 32 2b 38 4b 4c 72 74 70 7a 73 65 51 64 6d 70 30 34 61 50 62 76 33 30 56 58 37 6e 32 70 7a 46 2f 62 67 61 4b 51 6a 4e 39 70 2f 67 47 51 41 64 6d 36 42 4e 42 6b 72 6a 64 63 66 50 58 65 6a 32 36 34 33 41 64 6e 39 41 4a 33 75 2b 54 4b 73 54 64 49 39 6f 45 4f 6c 33 5a 77 77 48 2b 36 2b 4b 71 78 39 32 2b 34 33 47 64 38 49 39 38 6c 56 34 32 39 78 70 54 4f 59 68 56 74 76 33 39 71 31 6d 64 2b 61 53 66 72 41 67 44 4d 58 43 59 44 67 43 54 4a 2f 65 56 Data Ascii: gtzet0k6OeG6MCf2Elf4kouvGvuNDjydMS8XPQFmaEDSg11K5J6sXpa1ACDJn/7Lp+79R0lvbPeVF1+15y8k+9MOFHW4Cy++au83P3H+wne2+8KLrtpzseQdmp04aPbv30VX7n2pzF/bgaKQjN9p/gGQAdm6BNBkrjdcfPXej2643Adn9AJ3u+TKsTdI9oEOl3ZwwH+6+Kqx92+43Gd8I98lV429xpTOYhVtv39q1md+aSfrAgDMXCYDgCTJ/eV
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 63 62 63 2f 51 51 7a 65 34 69 37 50 30 56 53 62 68 5a 64 56 4e 33 39 77 30 45 51 66 46 66 53 79 65 35 2b 69 61 51 58 4a 31 74 6c 59 73 62 4e 37 47 50 75 2f 68 2f 75 76 69 73 49 67 73 65 35 2b 39 39 4c 4f 72 50 62 68 53 58 46 7a 48 34 64 68 75 48 57 49 41 69 32 6d 64 6e 33 4a 69 63 6e 66 39 4a 6f 4e 47 35 74 64 65 7a 36 39 65 75 50 32 37 74 33 37 79 4e 79 75 64 77 6a 33 66 30 73 4d 7a 76 62 33 5a 38 73 66 6c 65 6a 41 2f 69 68 51 72 74 32 6d 64 6c 5a 31 57 72 31 39 73 4f 2b 64 6d 4f 78 57 50 79 32 6d 56 33 54 68 58 6f 32 31 32 71 31 70 30 76 79 35 6e 2f 2f 53 4e 4c 32 55 71 6c 30 72 36 54 58 7a 4b 5a 44 4d 2f 75 48 73 62 47 78 66 37 72 2b 2b 75 76 33 4a 6c 58 6b 62 46 51 71 6c 55 65 45 59 58 69 6c 70 44 50 61 65 4e 6d 58 61 37 58 61 73 2f 58 41 39 32 4e 62 Data Ascii: cbc/QQze4i7P0VSbhZdVN39w0EQfFfSye5+iaQXJ1tlYsbN7GPu/h/uvisIgse5+99LOrPbhSXFzH4dhuHWIAi2mdn3Jicnf9JoNG5tdez69euP27t37yNyudwj3f0sMzvb3Z8sflejA/ihQrt2mdlZ1Wr19sO+dmOxWPy2mV3ThXo212q1p0vy5n//SNL2Uql0r6TXzKZDM/uHsbGxf7r++uv3JlXkbFQqlUeEYXilpDPaeNmXa7Xas/XA92Nb
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 6d 30 33 2b 76 76 64 66 2f 64 6e 47 61 50 56 43 77 57 6e 32 56 6d 6e 35 4d 30 31 4b 45 61 56 67 5a 42 55 46 32 31 61 74 58 78 55 51 63 30 56 78 4f 38 70 45 50 6a 59 78 34 68 41 41 44 7a 42 77 47 67 63 2f 59 48 51 66 41 33 63 51 65 55 79 2b 57 56 5a 76 59 66 36 76 7a 4e 31 59 38 66 48 42 7a 63 4f 44 77 38 48 50 6e 37 75 31 61 72 62 5a 5a 30 52 59 66 72 51 4a 38 6a 41 41 43 48 63 41 4a 46 6c 41 2f 47 54 66 32 76 58 72 33 36 52 48 65 2f 58 41 64 32 39 45 74 44 2b 64 70 72 72 34 32 39 34 53 38 4d 77 2f 38 72 4b 57 71 6c 52 59 41 41 41 42 79 6d 33 77 4e 41 76 39 66 66 71 2f 61 62 32 62 76 69 44 68 67 59 47 50 69 41 70 49 65 6b 56 49 38 6b 79 63 7a 65 57 71 6c 55 48 68 66 56 33 6d 67 30 76 69 76 70 53 79 6d 57 68 44 35 44 41 41 41 4f 36 66 63 54 61 4c 2f 58 33 Data Ascii: m03+vvdf/dnGaPVCwWn2Vmn5M01KEaVgZBUF21atXxUQc0VxO8pEPjYx4hAADzBwGgc/YHQfA3cQeUy+WVZvYf6vzN1Y8fHBzcODw8HPn7u1arbZZ0RYfrQJ8jAACHcAJFlA/GTf2vXr36RHe/XAd29EtD+dprr4294S8Mw/8rKWqlRYAAABym3wNAv9ffq/ab2bviDhgYGPiApIekVI8kyczeWqlUHhfV3mg0vivpSymWhD5DAAAO6fcTaL/X3
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 65 66 77 38 36 5a 63 32 61 4e 5a 45 72 2f 72 6c 37 49 38 56 61 70 76 4f 64 35 6d 57 4a 6c 73 7a 73 4b 57 6b 57 67 2f 35 41 41 41 41 4f 36 66 63 54 61 4c 2f 58 33 33 4d 6d 4a 79 63 6a 54 35 79 44 67 34 4f 6a 6b 71 5a 53 4c 43 66 4f 6c 71 69 47 44 52 73 32 35 43 51 39 4d 63 56 61 30 43 63 49 41 41 41 51 77 63 78 57 52 37 56 74 32 72 52 70 74 37 74 48 6e 6e 68 54 64 6e 6c 55 77 35 31 33 33 72 6c 53 50 62 68 30 4d 62 71 50 41 41 41 63 30 75 2b 66 6f 50 75 39 2f 70 37 6a 37 73 2b 4e 61 77 2b 43 34 4c 4b 55 53 6f 6e 7a 2f 56 71 74 39 72 57 6f 78 71 6d 70 71 51 76 53 4c 41 62 39 67 77 41 41 4e 50 58 37 58 66 54 39 58 6e 38 76 4d 72 4f 48 46 34 76 46 33 34 39 71 76 2b 75 75 75 2f 37 62 33 58 2b 57 5a 6b 31 48 63 76 64 33 78 7a 53 62 6d 54 30 37 74 57 4c 51 56 77 Data Ascii: efw86Zc2aNZEr/rl7I8VapvOd5mWJlszsKWkWg/5AAAAO6fcTaL/X33MmJycjT5yDg4OjkqZSLCfOlqiGDRs25CQ9McVa0CcIAAAQwcxWR7Vt2rRpt7tHnnhTdnlUw5133rlSPbh0MbqPAAAc0u+foPu9/p7j7s+Naw+C4LKUSonz/Vqt9rWoxqmpqQvSLAb9gwAANPX7XfT9Xn8vMrOHF4vF349qv+uuu/7b3X+WZk1Hcvd3xzSbmT07tWLQVw
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 6e 50 77 78 43 77 51 41 74 4d 58 4d 54 6f 68 70 6a 6d 76 72 69 48 4b 35 48 44 66 6d 73 6a 61 37 57 31 6f 71 6c 58 35 33 4c 76 56 30 77 75 54 6b 35 49 79 6d 67 53 57 64 57 43 36 58 32 2f 30 37 64 31 72 63 79 65 33 52 71 56 55 78 41 38 32 5a 69 38 6a 70 2f 42 68 6e 42 6b 46 77 51 37 46 59 66 4d 76 4b 6c 53 73 58 4a 6c 31 58 4b 35 56 4b 70 52 41 45 77 62 66 4e 37 42 56 70 6a 49 66 35 69 51 43 41 64 73 55 39 58 74 53 4e 52 34 39 61 6a 6e 6e 32 32 57 63 66 71 78 6c 65 7a 7a 33 43 61 2b 64 57 54 76 49 47 42 67 5a 6d 66 4f 33 65 33 53 2f 75 5a 43 33 74 63 76 65 7a 59 70 70 50 4c 35 56 4b 35 36 52 57 7a 44 51 4b 68 63 4a 6a 4a 52 30 37 79 35 63 50 6d 74 6e 62 68 6f 61 47 66 6c 67 73 46 6c 2b 32 66 76 33 36 42 55 6e 57 64 6c 43 68 55 48 68 43 75 56 7a 2b 7a 7a 41 Data Ascii: nPwxCwQAtMXMTohpjmvriHK5HDfmsja7W1oqlX53LvV0wuTk5IymgSWdWC6X2/07d1rcye3RqVUxA82Zi8jp/BhnBkFwQ7FYfMvKlSsXJl1XK5VKpRAEwbfN7BVpjIf5iQCAdsU9XtSNR49ajnn22Wcfqxlezz3Ca+dWTvIGBgZmfO3e3S/uZC3tcvezYppPL5VK56RWzDQKhcJjJR07y5cPmtnbhoaGflgsFl+2fv36BUnWdlChUHhCuVz+zzA
2024-05-06 00:34:48 UTC	1369	IN	Data Raw: 56 41 6f 4c 4d 33 6c 63 73 39 79 39 78 64 4a 4b 6b 76 4b 64 61 44 57 4f 50 2f 75 37 75 39 78 39 2b 38 31 47 6f 33 78 4a 44 70 63 74 57 72 56 38 51 73 58 4c 6c 77 34 4e 54 57 31 4d 41 7a 44 45 33 4f 35 33 4d 50 63 2f 54 52 33 50 38 50 4d 7a 70 58 30 6b 43 54 47 61 57 45 73 6c 38 75 64 76 57 58 4c 6c 68 38 66 39 72 55 62 53 71 58 53 64 6b 6b 4e 48 51 67 72 76 65 61 44 51 52 43 38 5a 58 52 30 39 4f 36 6b 4f 79 34 55 43 6e 6c 4a 79 33 4f 35 33 4f 2b 46 59 58 68 47 45 41 52 72 33 58 32 39 70 45 56 4a 6a 34 58 2b 6b 2f 67 2f 68 6c 4b 70 39 44 6c 4a 4c 30 71 36 58 38 7a 49 4e 32 75 31 32 70 4e 61 66 4e 31 4b 70 56 4a 44 30 6a 6b 64 48 48 76 4b 7a 42 35 66 72 56 61 2f 33 36 71 78 58 43 36 2f 7a 74 33 66 33 63 48 78 5a 57 5a 66 71 6c 61 72 7a 7a 37 79 36 34 56 43 Data Ascii: VAoLM3lcs9y9xdJKkvKdaDWOP/u7u9x9+81Go3xJDpctWrV8QsXLlw4NTW1MAzDE3O53MPc/TR3P8PMzpX0kCTGaWEsl8udvWXLlh8f9rUbSqXSdkkNHQgrveaDQRC8ZXR09O6kOy4UCnlJy3O53O+FYXhGEARr3X29pEVJj4X+k/g/hlKp9DlJL0q6X8zIN2u12pNafN1KpVJD0jkdHHvKzB5frVa/36qxXC6/zt3f3cHxZWZfqlarzz7y64VC

Target ID:	0
Start time:	02:34:46
Start date:	06/05/2024
Path:	C:\Users\user\Desktop\73zGJqwgDy.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\73zGJqwgDy.exe"
Imagebase:	0x7ff79b680000
File size:	685'800 bytes
MD5 hash:	31C73B1FAF2AC14C68E5EC56BFB6D3A6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2032161793.0000016028D31000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2031415601.0000016028BAC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000000.2029784787.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2031549611.0000016028BC6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2033297065.0000016028B9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2033207199.0000016028D31000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2031259852.0000016028B9B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MofongoLoader, Description: Yara detected MofongoLoader, Source: 00000000.00000003.2033094783.0000016029181000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	02:34:49
Start date:	06/05/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Imagebase:
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	19.5%
Total number of Nodes:	794
Total number of Limit Nodes:	11

Executed Functions

Function 00007FF79B681530 Relevance: 142.3, APIs: 80, Strings: 1, Instructions: 533
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B68158A
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B68159C
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B6815AE
LoadLibraryA.KERNEL32 ref: 00007FF79B6815B6
GetProcAddress.KERNEL32 ref: 00007FF79B6815D4
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B6815EA
InternetOpenW.WININET ref: 00007FF79B681612
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B68162B

Part of subcall function 00007FF79B683D40: _WChar_traits.LIBCPMTD ref: 00007FF79B683D6D

Part of subcall function 00007FF79B6840E0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B6840FB

Part of subcall function 00007FF79B6840B0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B6840CB

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681711
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681723
LoadLibraryA.KERNEL32 ref: 00007FF79B68172B
GetProcAddress.KERNEL32 ref: 00007FF79B681749
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B68175F
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681795
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B6817A7
LoadLibraryA.KERNEL32 ref: 00007FF79B6817AF
GetProcAddress.KERNEL32 ref: 00007FF79B6817CD
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B6817EC

Strings

h, xrefs: 00007FF79B6816A3

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$Concurrency::details::EmptyQueue::StructuredWork$AddressLibraryLoadProc$Char_traitsInternetOpen
String ID: h
API String ID: 917305780-2439710439
Opcode ID: c726dc98f6fc2f671fb5c89e5c32a5e42bd345b486c22517abf9d27252e8d014
Instruction ID: a06fc2d53585a741f973cb1e98d82d989c0b72d0e26666a3d9a8a4875d780433
Opcode Fuzzy Hash: c726dc98f6fc2f671fb5c89e5c32a5e42bd345b486c22517abf9d27252e8d014
Instruction Fuzzy Hash: 4B52B632609AC585D670EB25F8953EBB3A1FBC4780F904136DA9D83A69DF3CE6448B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B692160 Relevance: 98.4, APIs: 52, Strings: 4, Instructions: 448
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

shared_ptr.LIBCMTD ref: 00007FF79B69219E
shared_ptr.LIBCMTD ref: 00007FF79B6921C0
GetModuleHandleA.KERNEL32 ref: 00007FF79B6921C8
shared_ptr.LIBCMTD ref: 00007FF79B692208
shared_ptr.LIBCMTD ref: 00007FF79B69222A
GetModuleHandleA.KERNEL32 ref: 00007FF79B692232
shared_ptr.LIBCMTD ref: 00007FF79B692272
shared_ptr.LIBCMTD ref: 00007FF79B692294
GetModuleHandleA.KERNEL32 ref: 00007FF79B69229C
shared_ptr.LIBCMTD ref: 00007FF79B6922DC
shared_ptr.LIBCMTD ref: 00007FF79B6922FE
GetModuleHandleA.KERNEL32 ref: 00007FF79B692306
shared_ptr.LIBCMTD ref: 00007FF79B692346
shared_ptr.LIBCMTD ref: 00007FF79B692368
GetModuleHandleA.KERNEL32 ref: 00007FF79B692370
shared_ptr.LIBCMTD ref: 00007FF79B6923B0
shared_ptr.LIBCMTD ref: 00007FF79B6923D2
GetModuleHandleA.KERNEL32 ref: 00007FF79B6923DA
shared_ptr.LIBCMTD ref: 00007FF79B69241A
shared_ptr.LIBCMTD ref: 00007FF79B69243C
GetModuleHandleA.KERNEL32 ref: 00007FF79B692444
CreatePipe.KERNELBASE ref: 00007FF79B6924C0
SetHandleInformation.KERNEL32 ref: 00007FF79B6924E1

Strings

0, xrefs: 00007FF79B6924F2
h, xrefs: 00007FF79B692525
@, xrefs: 00007FF79B6927D5
@, xrefs: 00007FF79B69263E

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: shared_ptr$Handle$Module$CreateInformationPipe
String ID: 0$@$@$h
API String ID: 4142502706-478861344
Opcode ID: 04db1fddc990362c5dbd6fc746f3bffbac1673f35e64e49e6fe2dfc67f0de86a
Instruction ID: 942c6209f907628bd451b417ec58d9227c8a11efe5188b6a907a6109943b4ac7
Opcode Fuzzy Hash: 04db1fddc990362c5dbd6fc746f3bffbac1673f35e64e49e6fe2dfc67f0de86a
Instruction Fuzzy Hash: 9D42F936609BC585D670EB29E4983AFB3A1FBC8790F400135DA9D43BA9DF7CE5488B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B690B50 Relevance: 19.6, APIs: 13, Instructions: 88
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690BA9
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690BB8
LoadLibraryA.KERNEL32 ref: 00007FF79B690BC0
GetProcAddress.KERNEL32 ref: 00007FF79B690BD5
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690C47
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690C59
LoadLibraryA.KERNEL32 ref: 00007FF79B690C61
GetProcAddress.KERNEL32 ref: 00007FF79B690C7F
CheckTokenMembership.KERNELBASE ref: 00007FF79B690CAF
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690CCA
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690CDC
LoadLibraryA.KERNEL32 ref: 00007FF79B690CE4
GetProcAddress.KERNEL32 ref: 00007FF79B690D02

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$AddressLibraryLoadProc$CheckMembershipToken
String ID:
API String ID: 1533160778-0
Opcode ID: 81b46c7f5b173283711966082a52bd869ca660c96307ed917c74f5a80707ba2a
Instruction ID: 641e45e686e01d5d0b77a481bf36b34bead143dbbfe74004e68d468ce28595fc
Opcode Fuzzy Hash: 81b46c7f5b173283711966082a52bd869ca660c96307ed917c74f5a80707ba2a
Instruction Fuzzy Hash: D551E43260EBC485E770AB24F4543ABB7A1FB85B44F804129D68D87BA9DF3CE148CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BDF20 Relevance: 10.8, APIs: 7, Instructions: 286
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BE352

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9f271580427a8db3f75cbd2bb9b0fe936c792dd2b360d3abbb68736ec05fed0c
Instruction ID: bbf495e7f091b96fcfcd1c82e17a7c8926f6b11caf317a451ceba2c9d634ee94
Opcode Fuzzy Hash: 9f271580427a8db3f75cbd2bb9b0fe936c792dd2b360d3abbb68736ec05fed0c
Instruction Fuzzy Hash: FFC1C322A0C65A95E7B16B3984043BDBBB2FB41B84FD50535DAAE077A1CF7CF6548320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AB4A0 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: ace2ec016e69fe205037fac33d386dec39f06c912014ccb122dad95daff1e51d
Instruction ID: 6cd2bae4d5c67eab5c2914b8e77a907bdbbf4636b671ef2d84654701a4de1e7f
Opcode Fuzzy Hash: ace2ec016e69fe205037fac33d386dec39f06c912014ccb122dad95daff1e51d
Instruction Fuzzy Hash: 4A81A172A14A1985EF70AE39D4913BD7362FB84B98F944636DF2E477A5CF38E2418310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B691520 Relevance: 40.7, APIs: 27, Instructions: 192
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcessToken.ADVAPI32 ref: 00007FF79B69155A
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691599
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B6915A8
LoadLibraryA.KERNEL32 ref: 00007FF79B6915B0
GetProcAddress.KERNEL32 ref: 00007FF79B6915C5
GetTokenInformation.KERNELBASE ref: 00007FF79B6915FA
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691654
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691666
LoadLibraryA.KERNEL32 ref: 00007FF79B69166E
GetProcAddress.KERNEL32 ref: 00007FF79B69168C
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF79B6916AD
GetTokenInformation.KERNELBASE ref: 00007FF79B6916F1
CloseHandle.KERNEL32 ref: 00007FF79B691704

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$Token$AddressInformationLibraryLoadProc$CloseConcurrency::details::_CriticalHandleLock::_OpenProcessReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 2078037076-0
Opcode ID: 130ff3acc1720edd0cc1e8b9c84bb8854697590baa150c0d744b4c8b022ef38d
Instruction ID: 83fc3969d409a0c2a3f312f6c61ca298e56f36570e191d0707c4dcbd4eb6642b
Opcode Fuzzy Hash: 130ff3acc1720edd0cc1e8b9c84bb8854697590baa150c0d744b4c8b022ef38d
Instruction Fuzzy Hash: DDB1C73261DA8585D6B0EB25F4913EAB3A1FBC4740F904136EADE83B69DF3CE5448B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B692EB0 Relevance: 25.7, APIs: 17, Instructions: 244
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B692ED9
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B692EE8
QueryFullProcessImageNameW.KERNELBASE ref: 00007FF79B692F27

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$FullImageNameProcessQuery
String ID:
API String ID: 4084525217-0
Opcode ID: 701dd65d4abf504f67a507c631a00a66171a7fe275edc2bc17d2fcbb4fc2582c
Instruction ID: 9de3f0e615fe1f26e1fe1880c88e7761733637c3d6f49402c70c7e9fc2eb483a
Opcode Fuzzy Hash: 701dd65d4abf504f67a507c631a00a66171a7fe275edc2bc17d2fcbb4fc2582c
Instruction Fuzzy Hash: ADD1D63251DAC591D6B0AB25E4913EFB3A5EBC4740F804136E6DD82BA9EF2CE644CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6883B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B6883CF
_Yarn.LIBCPMTD ref: 00007FF79B6883E1
_Yarn.LIBCPMTD ref: 00007FF79B6883F3
_Yarn.LIBCPMTD ref: 00007FF79B688405
_Yarn.LIBCPMTD ref: 00007FF79B688417
_Yarn.LIBCPMTD ref: 00007FF79B688429
_Yarn.LIBCPMTD ref: 00007FF79B68843B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF79B688453

Part of subcall function 00007FF79B69F2E0: _Yarn.LIBCPMT ref: 00007FF79B69F30E

Strings

bad locale name, xrefs: 00007FF79B68845A

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3904239083-1405518554
Opcode ID: ae69e64bb531647ca2b4c5f72a87dc1cf5341c50293419aee94ce7dd1a5b7b19
Instruction ID: 4404e91f1cd784e8d5909e8c59fbcd4c137b0a106ffa6742fd421bdb9ecb07b1
Opcode Fuzzy Hash: ae69e64bb531647ca2b4c5f72a87dc1cf5341c50293419aee94ce7dd1a5b7b19
Instruction Fuzzy Hash: 5611FB52A0AA4A82D910F77EF44126E9361FFC2784FA00535EAAD13776CE3DE5118614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BEF6C Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF79B6BEC9C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BECDD
Part of subcall function 00007FF79B6BEC9C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BED5D
Part of subcall function 00007FF79B6BEC9C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BEDB1
Part of subcall function 00007FF79B6BEC9C: _get_daylight.LIBCMT ref: 00007FF79B6BEE09

CreateFileW.KERNELBASE ref: 00007FF79B6BF072
CreateFileW.KERNEL32 ref: 00007FF79B6BF0C2
GetLastError.KERNEL32 ref: 00007FF79B6BF0F2
GetFileType.KERNELBASE ref: 00007FF79B6BF107
GetLastError.KERNEL32 ref: 00007FF79B6BF111
CloseHandle.KERNEL32 ref: 00007FF79B6BF144
CloseHandle.KERNEL32 ref: 00007FF79B6BF2A8
CreateFileW.KERNEL32 ref: 00007FF79B6BF2DD
GetLastError.KERNEL32 ref: 00007FF79B6BF2EC

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: 790408a4190ff526dad24de9abb57f449c3e0de4ec72fef1147c7e59b7566dd0
Instruction ID: 45ca7cb20e0fe0f2c7ce29987fbb5e17a0f705fa30e5e3917784dc34ba30f1c7
Opcode Fuzzy Hash: 790408a4190ff526dad24de9abb57f449c3e0de4ec72fef1147c7e59b7566dd0
Instruction Fuzzy Hash: 0AC1D237B28A5A85EB20DF7CC4905AC7772FB49B98B811225DA2E577E4CF38E251C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B690E30 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690F7B
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B690F8A
LoadLibraryA.KERNELBASE ref: 00007FF79B690F92
GetProcAddress.KERNEL32 ref: 00007FF79B690FA7

Strings

O, xrefs: 00007FF79B690F56
X, xrefs: 00007FF79B690E98
, xrefs: 00007FF79B690E60

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$AddressLibraryLoadProc
String ID: $O$X
API String ID: 1138954263-3341619949
Opcode ID: db227c295b068dcf4488e81726beb466b8cefc96657e12b5734f7b1ca8688feb
Instruction ID: 3589070122a8fd25b19236ff29123d4bf52657f725ec6f3d1c25d47a908b7641
Opcode Fuzzy Hash: db227c295b068dcf4488e81726beb466b8cefc96657e12b5734f7b1ca8688feb
Instruction Fuzzy Hash: 1D41F23210CBC18AE7309B28F45839BBAA1F785754F50422AE6D947BA9DFBDC1488F10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69E140 Relevance: 7.7, APIs: 5, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Fgetc.LIBCPMTD ref: 00007FF79B69E202

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Fgetc
String ID:
API String ID: 1720979605-0
Opcode ID: 92c9d7d3e2c62946ae797d64bf5fb83644d989058beea552c994d1011653e09f
Instruction ID: 52ab535b3776d69eabbe71f30644c3b0cccc70e0efe819406b523bc19811c4c0
Opcode Fuzzy Hash: 92c9d7d3e2c62946ae797d64bf5fb83644d989058beea552c994d1011653e09f
Instruction Fuzzy Hash: 8D911F22A0DAC9C5DA70AB39E4503BEF361FBC5740FA04036E6DD427A9DE2CE548CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B695820 Relevance: 7.6, APIs: 5, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B69583F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B69586C
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B6958AE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B695933

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: e9a79613abac1eb9049571a8d358c6cb3fc309f894ef0b3605c3646525b603df
Instruction ID: 57d5cd8129bb81ba86436234ab0d616c11f74777c280903e8c7ae384f000b7da
Opcode Fuzzy Hash: e9a79613abac1eb9049571a8d358c6cb3fc309f894ef0b3605c3646525b603df
Instruction Fuzzy Hash: D531E12251DA8981EA30EB39E44126AF3A1FBC57A4F901531E6DD43BB9DE3CE651CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B691060 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF79B695C40: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B695C5D

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B6910F6

Part of subcall function 00007FF79B687E50: char_traits.LIBCPMTD ref: 00007FF79B687E7D

Part of subcall function 00007FF79B697D40: std::bad_exception::~bad_exception.LIBCMTD ref: 00007FF79B697D6A

Part of subcall function 00007FF79B6840E0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B6840FB

Strings

":", xrefs: 00007FF79B69125B

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Mtx_guardMtx_guard::~_char_traitsstd::bad_exception::~bad_exception
String ID: ":"
API String ID: 1492957392-876729345
Opcode ID: 9e8e0daaccefff85c2bd3551127beca3aa6f0c005cdde35cf6f39ad0d292be65
Instruction ID: f8970d59531d2a45d44c6167d8c0a6c82299d03aed2c8ea30d0f42f5e88a8f31
Opcode Fuzzy Hash: 9e8e0daaccefff85c2bd3551127beca3aa6f0c005cdde35cf6f39ad0d292be65
Instruction Fuzzy Hash: 80B11F3261DACA95DA70EB25E4913EBA361F7C4784F800136E69D43BA9DF3CE605CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B693B70 Relevance: 4.6, APIs: 3, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B693BB2
type_info::_name_internal_method.LIBCMTD ref: 00007FF79B693C22
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00007FF79B693DE3

Part of subcall function 00007FF79B68E380: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B68E39D
Part of subcall function 00007FF79B68E380: _Max_value.LIBCPMTD ref: 00007FF79B68E3C2
Part of subcall function 00007FF79B68E380: _Min_value.LIBCPMTD ref: 00007FF79B68E3F0

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::cancellation_token_source::~cancellation_token_sourceMax_valueMin_valuetype_info::_name_internal_method
String ID:
API String ID: 3983101109-0
Opcode ID: d9772f20c955eddfc384bb7d319feabd260abab649967bfe530082734dfd144d
Instruction ID: 6c9e0b8ac9809a7d54030fdd7b59f5edb15aa283cc6f334bbcdb2a57eea48a76
Opcode Fuzzy Hash: d9772f20c955eddfc384bb7d319feabd260abab649967bfe530082734dfd144d
Instruction Fuzzy Hash: B761DF36609B8981DA30EB29F49036AB7A1F7C8B84F500526EADD47B69DF3CD614CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AA68C Relevance: 4.6, APIs: 3, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AA6B3

Part of subcall function 00007FF79B6AA640: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AA657

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AA760
_local_unwind.LIBVCRUNTIME ref: 00007FF79B6AA771

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo$_local_unwind
String ID:
API String ID: 1677304287-0
Opcode ID: 7a7f3122999a791825d40466389b8631a1ba631687b9555377302046f3b5cb2f
Instruction ID: be27f90ece3d5aff1e32e028ebee9b549d6fc0cf957e3174b75dde1735f78247
Opcode Fuzzy Hash: 7a7f3122999a791825d40466389b8631a1ba631687b9555377302046f3b5cb2f
Instruction Fuzzy Hash: AB21B435A1860E41EE60FF38D8501BAA762EB94B84FD41132E62E472F2DE3DF215C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AD7BC Relevance: 4.5, APIs: 3, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF79B6AD7B8), ref: 00007FF79B6AD7CD
TerminateProcess.KERNEL32(?,?,?,00007FF79B6AD7B8), ref: 00007FF79B6AD7D8
ExitProcess.KERNEL32 ref: 00007FF79B6AD7E7

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 9938b8f7f5c4283938169b2530868151d01514bb7584ca7b7cd9bfac04d9220f
Instruction ID: 2c25ef99a2a1f0125266e721903efc85dbdc2c47e0b3a7a34f62bf11889a2fcd
Opcode Fuzzy Hash: 9938b8f7f5c4283938169b2530868151d01514bb7584ca7b7cd9bfac04d9220f
Instruction Fuzzy Hash: F4D09E15F0860A42EE787F78685517992535F58741F81243CC97F163B3DD3CFA4D8260

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AA640 Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AA657
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6B2FC4

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d16f69336d39a686184200443b9cb86af4a51ac612b2546c7b4c76b9904235af
Instruction ID: a24e0f150569f660981c95e20dca5ac3a0f0c975b185dea17f9e3e11a69cddb8
Opcode Fuzzy Hash: d16f69336d39a686184200443b9cb86af4a51ac612b2546c7b4c76b9904235af
Instruction Fuzzy Hash: 4951C532A1C61986EE34AB3DA440179B7B2EF41B44F900536D6AE477A1CF2DF602C721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A0800 Relevance: 3.1, APIs: 2, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF79B6A09CC: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF79B6A09E0

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF79B6A0829
__scrt_release_startup_lock.LIBCMT ref: 00007FF79B6A0897

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 1236291503-0
Opcode ID: 2fdbdaa76bcfb360e18271e0502b9d0c0cab47a9ce12b6219b1a2cd2a469f82f
Instruction ID: a6a9a1f888468376660baff1f32b35d6176342c47337136ed0a766fc01f21612
Opcode Fuzzy Hash: 2fdbdaa76bcfb360e18271e0502b9d0c0cab47a9ce12b6219b1a2cd2a469f82f
Instruction Fuzzy Hash: 3031E921E0824A81FE74BF3D94553B9E393AF85B84FC45035EA6D072F7CE2DBA048260

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B693C05 Relevance: 3.1, APIs: 2, Instructions: 79COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 00007FF79B693C0D
type_info::_name_internal_method.LIBCMTD ref: 00007FF79B693C22
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 00007FF79B693DE3

Part of subcall function 00007FF79B68E380: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B68E39D
Part of subcall function 00007FF79B68E380: _Max_value.LIBCPMTD ref: 00007FF79B68E3C2
Part of subcall function 00007FF79B68E380: _Min_value.LIBCPMTD ref: 00007FF79B68E3F0

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceConcurrency::details::EmptyMax_valueMin_valueQueue::StructuredWorkshared_ptrtype_info::_name_internal_method
String ID:
API String ID: 3860581721-0
Opcode ID: a8208d58dcf4a9da05fa619c0053392cb919b34ac383dddb62f0355774aed7fc
Instruction ID: b79ca79c2e76c43eff8fc7ed4cb073c84be13dd9e548a408a953d2944a7e9e62
Opcode Fuzzy Hash: a8208d58dcf4a9da05fa619c0053392cb919b34ac383dddb62f0355774aed7fc
Instruction Fuzzy Hash: 9841C126609B89C1DA70EB2AE49016EF761F7C8B84F500576EEDD47B69DF2CE600CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B4244 Relevance: 3.1, APIs: 2, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF79B6B41F5), ref: 00007FF79B6B42B2
GetLastError.KERNEL32(?,?,?,00007FF79B6B41F5), ref: 00007FF79B6B42BC

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 6a9e9d8b8c827fdd9920b9fe665b9db08ffe228f8fee5d6895292f41af10a69b
Instruction ID: 67d0c4cc28d2e2662c44529ca9d324d414056c523a49452a2d5a5cbdf4367584
Opcode Fuzzy Hash: 6a9e9d8b8c827fdd9920b9fe665b9db08ffe228f8fee5d6895292f41af10a69b
Instruction Fuzzy Hash: A3219512B0C66A01EE74B77D9494279A2A36F857A0F884239DA3E477E2CF7CB6449310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6829C0 Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B6829E3

Part of subcall function 00007FF79B684AE0: stdext::threads::lock_error::lock_error.LIBCPMTD ref: 00007FF79B684AE9

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF79B682A01

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnstdext::threads::lock_error::lock_error
String ID:
API String ID: 4267930906-0
Opcode ID: 1d95908a73f1153ca62153ff4aa3ddd68dce7b4f05720e1950c8bac404c53bb8
Instruction ID: 1243347f2f027d4c85d6e263af3e3dbcb97426e80cbea3c491a1c0034edc9eba
Opcode Fuzzy Hash: 1d95908a73f1153ca62153ff4aa3ddd68dce7b4f05720e1950c8bac404c53bb8
Instruction Fuzzy Hash: 31011262618F89C1DA70AB6DE44131BE395FF84798F400235FAED46BA9DF2CE2508714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A0268 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF79B6A0298

Part of subcall function 00007FF79B69EE28: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF79B69EE31

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF79B6A029E

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: c558260fd17db247e4818a43d5491fb0a9fcd8db05ab54b1a44771620dbf4526
Instruction ID: f4fbb2f3ff45b3302bf4d78745dd720b1d7fe3da22670ed8eebee234bd23b0f7
Opcode Fuzzy Hash: c558260fd17db247e4818a43d5491fb0a9fcd8db05ab54b1a44771620dbf4526
Instruction Fuzzy Hash: AFE0EC51E0920F15FD7A3DBD14260B881422F15B70EA81B30DD7D042E3ED1CB6994530

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B1508 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlDeleteBoundaryDescriptor.NTDLL(?,?,00007FF79B6AF4FF,00007FF79B6B9ECE,?,?,?,00007FF79B6BA24B,?,?,00000000,00007FF79B6BA794,?,?,?,00007FF79B6BA6C7), ref: 00007FF79B6B151E
GetLastError.KERNEL32(?,?,00007FF79B6AF4FF,00007FF79B6B9ECE,?,?,?,00007FF79B6BA24B,?,?,00000000,00007FF79B6BA794,?,?,?,00007FF79B6BA6C7), ref: 00007FF79B6B1528

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: BoundaryDeleteDescriptorErrorLast
String ID:
API String ID: 2050971199-0
Opcode ID: 22113e7b3759c7fa4075077600b4cf2217addec54d95a7cb994b6730f1bcd310
Instruction ID: 8a8de81db933257f80ae34f3c9277760985b7d77f139257f4ac7a12a3fe0e394
Opcode Fuzzy Hash: 22113e7b3759c7fa4075077600b4cf2217addec54d95a7cb994b6730f1bcd310
Instruction Fuzzy Hash: F5E04FA1F0860E42FE34BBB96C4507595A69F94B40BC44034CA2A82271EE2C7B518360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B693680 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00007FF79B69374F

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method
String ID:
API String ID: 3713626258-0
Opcode ID: a2f3746152e4937fa409d3966db439cd974329057aa90736033f0d8ae7d607bd
Instruction ID: fa7bb3593734ffb32d3e1f815178e00feb068f4dbef530b82c16b10d1bfc2957
Opcode Fuzzy Hash: a2f3746152e4937fa409d3966db439cd974329057aa90736033f0d8ae7d607bd
Instruction Fuzzy Hash: 0D31166261CBC991DA60E725F4503ABB366FBD4780F804435EA9D43BA9DF7CD605CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BDE04 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BDEFB

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 29e391afbdc0f1f91cfa9b92c29087711ceb96ca40d864eb0757064fc87e8483
Instruction ID: 7b2d307a6cdd67b0718f250d4457fa82b5a679d56b6fe9678c7fc59d7c886425
Opcode Fuzzy Hash: 29e391afbdc0f1f91cfa9b92c29087711ceb96ca40d864eb0757064fc87e8483
Instruction Fuzzy Hash: 77317222A1C61A46F6617F7C884127DAAA6AB91BA4FD50135D93D073F2CF7CB641C730

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AD6ED Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF79B6AD71B

Part of subcall function 00007FF79B6AD820: GetModuleHandleExW.KERNEL32 ref: 00007FF79B6AD845
Part of subcall function 00007FF79B6AD820: GetProcAddress.KERNEL32 ref: 00007FF79B6AD85B
Part of subcall function 00007FF79B6AD820: FreeLibrary.KERNEL32 ref: 00007FF79B6AD882

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 9ce65edd821bc15608ec19ecbfe96b8b46af083e725ae73df7bd82673076dda6
Instruction ID: 578e8243f5ddd8e9baca92ff47d0d116c47ba21bfdb784fc34133607b6fd7139
Opcode Fuzzy Hash: 9ce65edd821bc15608ec19ecbfe96b8b46af083e725ae73df7bd82673076dda6
Instruction Fuzzy Hash: 84216D32E047498AEB28AF78C4802AC77A1EB44718F944639D63D07AE5EF78F645C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BE960 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BE983

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 35c2c245ebb3c0cd08d8e19512ca528815d4438547f597df9bc99ef3f2b16adf
Instruction ID: e1be04070cec25b6d03ccd5f5b06dc87a89579de04cf98bd7b39ff931fa102ef
Opcode Fuzzy Hash: 35c2c245ebb3c0cd08d8e19512ca528815d4438547f597df9bc99ef3f2b16adf
Instruction Fuzzy Hash: 4821B332A0C65686DBB1AF2CD440379B6B2FB84B94F944234E7AD476E9DF3CE5048B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AC254 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AC1B9

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: bb4b135b2f54680a24dd5023d51312e87c4a2fa8e9b3d72bf53aa6be929a5547
Instruction ID: e5a268213b8e1b9b3c2f0e0b8c4801dca2c414b9083199bb77db46e8c94d9f86
Opcode Fuzzy Hash: bb4b135b2f54680a24dd5023d51312e87c4a2fa8e9b3d72bf53aa6be929a5547
Instruction Fuzzy Hash: F8114821A0C54941FE707F699800579E6BABF85B44F844031EA6C576A5CF3CFA409760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B698810 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00007FF79B6988F0

Part of subcall function 00007FF79B68A030: _Yarn.LIBCPMTD ref: 00007FF79B68A055

Part of subcall function 00007FF79B6883B0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B6883CF
Part of subcall function 00007FF79B6883B0: _Yarn.LIBCPMTD ref: 00007FF79B6883E1
Part of subcall function 00007FF79B6883B0: _Yarn.LIBCPMTD ref: 00007FF79B6883F3
Part of subcall function 00007FF79B6883B0: _Yarn.LIBCPMTD ref: 00007FF79B688405
Part of subcall function 00007FF79B6883B0: _Yarn.LIBCPMTD ref: 00007FF79B688417
Part of subcall function 00007FF79B6883B0: _Yarn.LIBCPMTD ref: 00007FF79B688429
Part of subcall function 00007FF79B6883B0: _Yarn.LIBCPMTD ref: 00007FF79B68843B
Part of subcall function 00007FF79B6883B0: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF79B688453

Part of subcall function 00007FF79B696B60: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF79B696B7D
Part of subcall function 00007FF79B696B60: ctype.LIBCPMTD ref: 00007FF79B696B9C

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Yarn$std::_$LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockitLockit::_ctypestd::bad_exception::bad_exception
String ID:
API String ID: 4070494121-0
Opcode ID: 821f09261e1bfd7cc78498abb685fa2134bb6a4cd612f7c8b82f1733f9ad8071
Instruction ID: 5348fa3e72a9d55d01a766eab54df9483452f7bffcc5587739ff3595e2c71312
Opcode Fuzzy Hash: 821f09261e1bfd7cc78498abb685fa2134bb6a4cd612f7c8b82f1733f9ad8071
Instruction Fuzzy Hash: 6D21E632519B8482E770AB68F45036AF7A1F784794F900235EADD87BA8DF3CE5448B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B684CA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B684CE0

Part of subcall function 00007FF79B684790: allocator.LIBCPMTD ref: 00007FF79B6847B8

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
String ID:
API String ID: 1755220593-0
Opcode ID: a52ad78a4516db5ed59f22b60281ebce6ef51f0b18740e7aa35e1e63eb3a401b
Instruction ID: 7c91c6788da103a769c864f50e3b375c61fa9af93c08edc5a7a892f466c3120d
Opcode Fuzzy Hash: a52ad78a4516db5ed59f22b60281ebce6ef51f0b18740e7aa35e1e63eb3a401b
Instruction Fuzzy Hash: D0112126618B45C0DA30EB6AF44031AA7A1FBC8BE8F441136FA8D47779DF3CD2408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AE658 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AE683

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 57b8fb347c7eafb6cd2effb2717adacb8a9adab592f5ba38707d874671771b94
Instruction ID: 4834a7b53383db33de437ddcdbefb2ddde9a36df6c32da46c598dc04289e3ae5
Opcode Fuzzy Hash: 57b8fb347c7eafb6cd2effb2717adacb8a9adab592f5ba38707d874671771b94
Instruction Fuzzy Hash: F111D672A04B5A9DEB10EFB4D4812EC37B8EB0475CF900536EA5D12B69EF34E295C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B695C40 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B695C5D

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: cb331025dea85621842c4b5f5511e16ae23755347a8174af5e91fe7f1376b07f
Instruction ID: 08cbfbd1a9992ad603827a57ee0015957efabeefd5b413f2df6c108fab3f17ee
Opcode Fuzzy Hash: cb331025dea85621842c4b5f5511e16ae23755347a8174af5e91fe7f1376b07f
Instruction Fuzzy Hash: EF014276608B84C6CB10DF1AE49121ABB71F7C9B85FA08116EB8D43B28CF39D511CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69C490 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMTD ref: 00007FF79B69C4A8

Part of subcall function 00007FF79B68B100: _mbsset.LIBCMTD ref: 00007FF79B68B176

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Init_mbssetstd::ios_base::_
String ID:
API String ID: 1810626246-0
Opcode ID: 92298164b0cbf2dbb7c4e6ff9d45205ec42c64d849dcea8abbaa7a3cbf9175b7
Instruction ID: b0fe382d2f30fc4bcb1c45ff7a5a7eff3896339e2af49d24bcbb6ec5ad3e3296
Opcode Fuzzy Hash: 92298164b0cbf2dbb7c4e6ff9d45205ec42c64d849dcea8abbaa7a3cbf9175b7
Instruction Fuzzy Hash: 60012C22638AC5C1DB50EB2AE49076EA761FBD4B80F502061FA9E87B65CE3DD550CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B1544 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FF79B6B2D95,?,?,00000000,00007FF79B6BBE13,?,?,?,00007FF79B6AF4FF,?,?,?,00007FF79B6AF3F5), ref: 00007FF79B6B1582

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ad5d9f4e22bee555ceef19e5116ab5d4b76d91c2edb1191f1b6b70fe05957c9e
Instruction ID: 8889310fe6869d13150ccb485c7cc48b6cad6d3bc59935cd0eb397cd21c83d20
Opcode Fuzzy Hash: ad5d9f4e22bee555ceef19e5116ab5d4b76d91c2edb1191f1b6b70fe05957c9e
Instruction Fuzzy Hash: 3BF03A92A2C21E51FE347B795C5167991A34F887A0F884631993E852E2DE1CF6808670

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B684790 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

allocator.LIBCPMTD ref: 00007FF79B6847B8

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: allocator
String ID:
API String ID: 3447690668-0
Opcode ID: 4309186eb9c10c64a58072181ca1d4838dc7d968084dadab5a3902f98e2e9c18
Instruction ID: 8e109a3c3ff3a38a7a5a622b0e95ff7b54948b59d2c599736eaa7c558a0d9307
Opcode Fuzzy Hash: 4309186eb9c10c64a58072181ca1d4838dc7d968084dadab5a3902f98e2e9c18
Instruction Fuzzy Hash: 2ED06762569B8481C644EB16F88100AA774F7997C0FA09825EA8D43B29CE28D1618B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B684750 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF79B684778

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: allocator
String ID:
API String ID: 3447690668-0
Opcode ID: bc753421ed17c6d6a6b217564accc5e262335ae184d06accad72eb12d5a968bd
Instruction ID: c2cd6510a388bfce7d0d48ce5b52735f139d844b89dc458189481f966f42dcad
Opcode Fuzzy Hash: bc753421ed17c6d6a6b217564accc5e262335ae184d06accad72eb12d5a968bd
Instruction Fuzzy Hash: 61D06762529B8481C644EB26F88100AA774F799BC0FA09825EACD42B29CE28C2618B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B697D40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

std::bad_exception::~bad_exception.LIBCMTD ref: 00007FF79B697D6A

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: std::bad_exception::~bad_exception
String ID:
API String ID: 2813134625-0
Opcode ID: dddcb6239b0a16dcbb0c8fd97c7be55cb0a60e7d65be76d47e7a11083d8acce1
Instruction ID: ddcc8bb4d9fa2d62f213c836310acb20acc4cb3c9c20855b01ca0ee9d2ddaa52
Opcode Fuzzy Hash: dddcb6239b0a16dcbb0c8fd97c7be55cb0a60e7d65be76d47e7a11083d8acce1
Instruction Fuzzy Hash: E7D0C752F2574981DE04B76AF05631B6351EF917C4F801035B64D07756DE2CD1514B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6840E0 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF79B684CA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B684CE0

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B6840FB

Part of subcall function 00007FF79B684040: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B684051

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: f37774654281c8bdc645617a37f63d8536dce6f5272bc5208fbc636b8a9692dd
Instruction ID: 347083ab06c9a05aab107a9c46b835e8c8cb296710c43931be2d5794d1a42820
Opcode Fuzzy Hash: f37774654281c8bdc645617a37f63d8536dce6f5272bc5208fbc636b8a9692dd
Instruction Fuzzy Hash: CBC01256E39645C1C954FB36F48101A9310AFD4780FD01034F94D13726DD2CD1504B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6828B0 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF79B6828CB

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: allocator
String ID:
API String ID: 3447690668-0
Opcode ID: 2ddf837b2fd4f043fc677f1d91f4a863a929c26b1333d62811c8d6653f8f455e
Instruction ID: f119481f89afaa0aae1204da4ce68fb9a18750a89b538b226f28bf4cc649628e
Opcode Fuzzy Hash: 2ddf837b2fd4f043fc677f1d91f4a863a929c26b1333d62811c8d6653f8f455e
Instruction Fuzzy Hash: 2AC0C976A29B84C1CA04EB16F48100AB361F7C8BC0F809425EA8E03739DF28C1508B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF79B6BC134 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMONLIBRARYCODE

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF79B6BC183
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BC7B6
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BC92C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BCBE8
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BCE08
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BD043
memcpy_s.LIBCPMT ref: 00007FF79B6BD11E
memcpy_s.LIBCPMT ref: 00007FF79B6BD1C9
memcpy_s.LIBCPMT ref: 00007FF79B6BD299

Part of subcall function 00007FF79B6AC78C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AC7BE

Strings

1#SNAN, xrefs: 00007FF79B6BC296
1#INF, xrefs: 00007FF79B6BC2AF
1#IND, xrefs: 00007FF79B6BC273
1#QNAN, xrefs: 00007FF79B6BC29F

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 82f755afd101f3cb2dfab53015a034f3a0eed4cdc714f8c99bac1156be766b50
Instruction ID: 78ae57f6d0bab39fd3ecbd7f118b31b1b66f9abe6ee89dcaa563917bc2bac584
Opcode Fuzzy Hash: 82f755afd101f3cb2dfab53015a034f3a0eed4cdc714f8c99bac1156be766b50
Instruction Fuzzy Hash: A7B2B272A1C2A68BE7749E7CD440BFDB6B2FB44388F905135DA2957A94DB38B700CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BB100 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

TranslateName.LIBCMT ref: 00007FF79B6BB16D
TranslateName.LIBCMT ref: 00007FF79B6BB1A8
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF79B6AE328), ref: 00007FF79B6BB1ED
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF79B6AE328), ref: 00007FF79B6BB215

Strings

utf8, xrefs: 00007FF79B6BB2F9

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue
String ID: utf8
API String ID: 1791977518-905460609
Opcode ID: eb131596f1b14b4b836f3cc0225fc4747dc27e3e7f0beab0fd9d1ed5136da44f
Instruction ID: e16035bd62571b528ddcf890c4b7d924bac07df174717b4b9d97abbec91f1156
Opcode Fuzzy Hash: eb131596f1b14b4b836f3cc0225fc4747dc27e3e7f0beab0fd9d1ed5136da44f
Instruction Fuzzy Hash: C7916032A0C66A85E734BF39D4512B9B2B6FB84B80F884135DA6C476A5DF3CF655C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BBB34 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

Part of subcall function 00007FF79B6B0654: FlsSetValue.KERNEL32 ref: 00007FF79B6B0699

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF79B6BBCA4

Part of subcall function 00007FF79B6B0654: FlsSetValue.KERNEL32 ref: 00007FF79B6B06C6
Part of subcall function 00007FF79B6B0654: FlsSetValue.KERNEL32 ref: 00007FF79B6B06D7
Part of subcall function 00007FF79B6B0654: FlsSetValue.KERNEL32 ref: 00007FF79B6B06E8

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF79B6AE321), ref: 00007FF79B6BBC8B
ProcessCodePage.LIBCMT ref: 00007FF79B6BBCCE
IsValidCodePage.KERNEL32 ref: 00007FF79B6BBCE0
IsValidLocale.KERNEL32 ref: 00007FF79B6BBCF6
GetLocaleInfoW.KERNEL32 ref: 00007FF79B6BBD52
GetLocaleInfoW.KERNEL32 ref: 00007FF79B6BBD6E

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: a92b9269274337801e98e946c205c01cb86a39927e0f7c7a83839a76ed5dde83
Instruction ID: 493fc85474a7c5354865c66a42e97c7ab4d46275603d2eaf01133babaeca52aa
Opcode Fuzzy Hash: a92b9269274337801e98e946c205c01cb86a39927e0f7c7a83839a76ed5dde83
Instruction Fuzzy Hash: 3B715D22B0862A89EB70EF79D4506BCB3B2FB84744F884035CA6D576A5DF3CB645C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A0EBC Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF79B6A0ED8
RtlCaptureContext.KERNEL32 ref: 00007FF79B6A0F05
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF79B6A0F1F
RtlVirtualUnwind.KERNEL32 ref: 00007FF79B6A0F60
IsDebuggerPresent.KERNEL32 ref: 00007FF79B6A0FB4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF79B6A0FD1
UnhandledExceptionFilter.KERNEL32 ref: 00007FF79B6A0FDC

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: b5358bd913f69ae360bea432955710991b3a601bc6a2205d1f073bcf6e5ab646
Instruction ID: 2b97cd717e8d9d9e7ec23ea816b7a64fc1b56c15bc83f60821baa1cb870e761a
Opcode Fuzzy Hash: b5358bd913f69ae360bea432955710991b3a601bc6a2205d1f073bcf6e5ab646
Instruction Fuzzy Hash: DF313B72609B8586EB70EF64E8407E9B365FB84744F84403ADB5E47BA5DF38E648C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A6CD0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF79B6A6D49
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF79B6A6D61
RtlVirtualUnwind.KERNEL32 ref: 00007FF79B6A6D9C
IsDebuggerPresent.KERNEL32 ref: 00007FF79B6A6DD5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF79B6A6DDF
UnhandledExceptionFilter.KERNEL32 ref: 00007FF79B6A6DEA

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 1a79fc079419d36b56b0bbd24e92281bbf232112b9e0b2d4c09d7ad671141b75
Instruction ID: 249c3faa444fe809d92f801b37974f1ac642674538fce8847ed0333d743ec8a8
Opcode Fuzzy Hash: 1a79fc079419d36b56b0bbd24e92281bbf232112b9e0b2d4c09d7ad671141b75
Instruction Fuzzy Hash: 51318232608B8585DB60DF39E8402ADB3A1FB88794F940135EAAD43BA5DF3CD655C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B79F4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6B7A40
FindFirstFileExW.KERNEL32 ref: 00007FF79B6B7B4A

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 5c38ea9a5509fcdc4663ae3cb8802957dc7f718bf6fcff31919188c50b4add4d
Instruction ID: e915b5b1f6657b3773c4344368ed519c08f24a8e9eb4c7629793af04de2838bd
Opcode Fuzzy Hash: 5c38ea9a5509fcdc4663ae3cb8802957dc7f718bf6fcff31919188c50b4add4d
Instruction Fuzzy Hash: 32B1E322B1D6AA41EA70AB39D4006B9E372EB44BD4F945135EE6E07BA4DF3CF641C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AC300 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONLIBRARYCODE

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF79B6AC36A
memcpy_s.LIBCPMT ref: 00007FF79B6AC395

Strings

, xrefs: 00007FF79B6AC4C8

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-3916222277
Opcode ID: d5921c5f5581713e7daa7186113356940e2354a9cdd6fd7f83da389ac929e130
Instruction ID: 7abafbaf7cafcd164a3d5556b89c7ee2ba3870d0942369f34123fe3a307eb1f0
Opcode Fuzzy Hash: d5921c5f5581713e7daa7186113356940e2354a9cdd6fd7f83da389ac929e130
Instruction Fuzzy Hash: 17C1F672B1868A87DB30DF29E444A6AF7AAF784B84F849135DB5A43754DB3CF901CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A0DA0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF79B6A0DCC
GetCurrentThreadId.KERNEL32 ref: 00007FF79B6A0DDA
GetCurrentProcessId.KERNEL32 ref: 00007FF79B6A0DE6
QueryPerformanceCounter.KERNEL32 ref: 00007FF79B6A0DF6

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 084e4a76732f2657f1d36940c8afc242671387ad565effdeab054a2058e10f25
Instruction ID: fccbd3ba1fae96126200e021a1ef24e59831d7f9ff2c8c73aca7c9c7e811186c
Opcode Fuzzy Hash: 084e4a76732f2657f1d36940c8afc242671387ad565effdeab054a2058e10f25
Instruction Fuzzy Hash: 77115122B14F0589EB10DF74EC452B873A4FB59758F841E35DA6D82BA4DF38E2648350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BB5B4 Relevance: 4.7, APIs: 3, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

Part of subcall function 00007FF79B6B0654: FlsSetValue.KERNEL32 ref: 00007FF79B6B0699

GetLocaleInfoW.KERNEL32 ref: 00007FF79B6BB620

Part of subcall function 00007FF79B6B76A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6B76BD

GetLocaleInfoW.KERNEL32 ref: 00007FF79B6BB669

Part of subcall function 00007FF79B6B76A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6B7716

GetLocaleInfoW.KERNEL32 ref: 00007FF79B6BB734

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 7ed6189d84d36b03f38b1f3d7035ac075f5fd44fa3265930c944fae75877c025
Instruction ID: 04fa15b3967a4b339c373b2b61d0d35fd4df7876a7f554a159ef2794e452ecc2
Opcode Fuzzy Hash: 7ed6189d84d36b03f38b1f3d7035ac075f5fd44fa3265930c944fae75877c025
Instruction Fuzzy Hash: 47619232A0C51A86EB34AF39D541279B3B2FB84B40F884139C7AD976A1DF3CF6518710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B39E8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF79B6AE4FA), ref: 00007FF79B6B3A5C

Strings

GetLocaleInfoEx, xrefs: 00007FF79B6B3A04, 00007FF79B6B3A15

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: d7d37d6bcd24057aa8dc10f066f1a56d3106d93bb8a3f24b8ed1cbc75a9aeca6
Instruction ID: 1170a8964c3df8288d5c0ca89df562503cf71c15bfea69faba0ce49dc6c6b952
Opcode Fuzzy Hash: d7d37d6bcd24057aa8dc10f066f1a56d3106d93bb8a3f24b8ed1cbc75a9aeca6
Instruction Fuzzy Hash: 3F018421B0C65985E710AB6AB4000AAE272FF84BC0F98403ADF6D13B79CF3CF6418350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B0E0C Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF79B6B105B
RaiseException.KERNEL32 ref: 00007FF79B6B106C

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 99b704cce6049a0f559a0459c413f9dff37fcbde885caa417b9d6db511e68e2b
Instruction ID: 2b27ed5696472a061ee5ec68ab83d143189cb3019ce1a076d81442a3d75b555f
Opcode Fuzzy Hash: 99b704cce6049a0f559a0459c413f9dff37fcbde885caa417b9d6db511e68e2b
Instruction Fuzzy Hash: 88B14873614B988BEB25CF2EC482268BBB1F744F88F548821DA6D837B4CB39E451C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B1B2C Relevance: 2.6, Strings: 2, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

Strings

e+000, xrefs: 00007FF79B6B1C39
gfff, xrefs: 00007FF79B6B1CB6

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: f9d4a63f94475f789fce0c45e82bede8aca286cfe6509681c0ac5d3681ba1bdc
Instruction ID: 15d0b150aafedb2f1eeae1499504c1065725e3bc6d5cc7e50cbc6f09d86ebd15
Opcode Fuzzy Hash: f9d4a63f94475f789fce0c45e82bede8aca286cfe6509681c0ac5d3681ba1bdc
Instruction Fuzzy Hash: 6F517C62B2C2D956E7349F3A9800769F7A2E744B94F888231CB7847AE1DF3DE5458710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AB9AC Relevance: 1.9, APIs: 1, Instructions: 371COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF79B6ABAF4

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: dfd0a50875c4cef85abadcab840226feeeca6a9675c62a9fb7451038eed7a590
Instruction ID: 94188e45ff97f15e9dba124736701e92df824a0d5825e9a8bdfc8c2a5cd03356
Opcode Fuzzy Hash: dfd0a50875c4cef85abadcab840226feeeca6a9675c62a9fb7451038eed7a590
Instruction Fuzzy Hash: C512B022A18BC986E761DF3894446FDB7A5FB58748F859235EF9C43662DF38E280C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B962C Relevance: 1.8, APIs: 1, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9e43a50d3bdd8e7ebb95dc88d3ec97aa90cf3c25901acf41521008789465e22
Instruction ID: 4d8a4cb3470ad57cbc01ca3645ec2f3c1de9bbcd4c3d2851e69f6cfa4526ffee
Opcode Fuzzy Hash: f9e43a50d3bdd8e7ebb95dc88d3ec97aa90cf3c25901acf41521008789465e22
Instruction Fuzzy Hash: B6E1D132A08B9585E720EB65E4406FEB7B5F789788F814A35DE6D53792EF38E244C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BEA24 Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF79B6BEA87

Part of subcall function 00007FF79B6AD910: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AD924

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _get_daylight_invalid_parameter_noinfo
String ID:
API String ID: 474895018-0
Opcode ID: 8eb6e550cc7e0cd4b48f2ee55b2ef418c1ffd5a88efca818c2aed75d578382d4
Instruction ID: 2c4b35e5a651aa2bbbadd15f0f9cf84454ddd60bcd777551333d85ef591dd175
Opcode Fuzzy Hash: 8eb6e550cc7e0cd4b48f2ee55b2ef418c1ffd5a88efca818c2aed75d578382d4
Instruction Fuzzy Hash: B261FC21F1C57A45FBB0A97C4480379E5A3AF40760F950A35DABE876E1DF6CFA408720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BB800 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

Part of subcall function 00007FF79B6B0654: FlsSetValue.KERNEL32 ref: 00007FF79B6B0699

GetLocaleInfoW.KERNEL32 ref: 00007FF79B6BB868

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: c5b4d3a84473f139566578233c90bdcdd0bf005133ad7741da6ed9b054105161
Instruction ID: 20f28d39a6d2aa3daf4f646fe7ff335dba5cb22950e8145fc23470530adec4d1
Opcode Fuzzy Hash: c5b4d3a84473f139566578233c90bdcdd0bf005133ad7741da6ed9b054105161
Instruction Fuzzy Hash: CC317531B0C69A46EB34AF39E4413B9B3A2FB88744F848139D66D832A5DF3CF6148750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BB44C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF79B6BBC37,?,00000000,00000092,?,?,00000000,?,00007FF79B6AE321), ref: 00007FF79B6BB4EA

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: f7f39d67ffa33f48f58bcddfa027a397d18515c395a8a67a25ebda673ee2f182
Instruction ID: c852655fc1cab1955920980856da74fe0b9584a847b08285fa38dcea51668017
Opcode Fuzzy Hash: f7f39d67ffa33f48f58bcddfa027a397d18515c395a8a67a25ebda673ee2f182
Instruction Fuzzy Hash: 3711D867A0C6598AEB249F29D0405A8B7B1F790B90F884135C739433E4CB78E6D5C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BBA08 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

GetLocaleInfoW.KERNEL32(?,?,?,00007FF79B6BB7B1), ref: 00007FF79B6BBA3F

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: f49588eac29c2b779b9fe3fc66ccb2fa3b50b42980eb994b0aec1c477b0d4140
Instruction ID: 6d9de83cb1777dc79c9080316e4287b3bcfe85b0235a74a250ed6e621207704c
Opcode Fuzzy Hash: f49588eac29c2b779b9fe3fc66ccb2fa3b50b42980eb994b0aec1c477b0d4140
Instruction Fuzzy Hash: 2E110D22E1C1AA82E774673AD040679B2B2EB80764F984135DB7D076D5DF3DF681C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BB51C Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF79B6B0654: GetLastError.KERNEL32 ref: 00007FF79B6B0663
Part of subcall function 00007FF79B6B0654: FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
Part of subcall function 00007FF79B6B0654: SetLastError.KERNEL32 ref: 00007FF79B6B0703

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF79B6BBBF3,?,00000000,00000092,?,?,00000000,?,00007FF79B6AE321), ref: 00007FF79B6BB59A

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 339778d15c56457262cfab9b40913040583a1c135f972954ba309a67b04b9213
Instruction ID: 2edcfafc0a0ba89b3d48f965c63137abc67a2e602fb52c0b74a6a72d386c2a9e
Opcode Fuzzy Hash: 339778d15c56457262cfab9b40913040583a1c135f972954ba309a67b04b9213
Instruction Fuzzy Hash: EC01D663E1C29986E7206F29E440B79B6B2EB90B94F888231C739072E4CF78B580C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B35A8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF79B6B39B7,?,?,?,?,?,?,?,?,00000000,00007FF79B6BAA98), ref: 00007FF79B6B35F7

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 757b4fe6c80cfde59382ba5f57a2e347169999488fd4108fe9045af6cf282805
Instruction ID: de89ef275dea73c190f255302327901bc18ec54a76b0abc13980e8bc0c96fd75
Opcode Fuzzy Hash: 757b4fe6c80cfde59382ba5f57a2e347169999488fd4108fe9045af6cf282805
Instruction Fuzzy Hash: 4EF01D72B08A4982E614EF29F8915A9B366FBD97C0FC49135DA6D83375DF3CE6608310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B167C Relevance: 1.5, Strings: 1, Instructions: 260COMMONLIBRARYCODE

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF79B6B19DB

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 8f086c989d9e1966b7b2e0c729a9f93fbdca5a9cefb2a34ac5fb31796afbf973
Instruction ID: b3d7a82e621e554b903ab82631b9a809426984c7897c830ca4e9d783358838ad
Opcode Fuzzy Hash: 8f086c989d9e1966b7b2e0c729a9f93fbdca5a9cefb2a34ac5fb31796afbf973
Instruction Fuzzy Hash: 4CA14762B2C3D986EB31DB3990007A9B7A2AB51784F448132DEAD477A5DB3DF601C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A84E0 Relevance: 1.5, Strings: 1, Instructions: 250COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00007FF79B6A86C6

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b581c06487adb6821fd3532307d77ad6fb1feb934d69f5113f2eec4f6e1a2692
Instruction ID: ba380f856b4c857463bfa5f7489f21d9ff0e8e049efc10f0f773e0fc89423061
Opcode Fuzzy Hash: b581c06487adb6821fd3532307d77ad6fb1feb934d69f5113f2eec4f6e1a2692
Instruction Fuzzy Hash: 8DB18D72A1864985EB749F3D805423CBBA2F745F48FA81139CA6E073A5CF39FA41C724

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B6698 Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF79B6B673D

Part of subcall function 00007FF79B6B1490: HeapAlloc.KERNEL32(?,?,00000000,00007FF79B6B082E,?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000), ref: 00007FF79B6B14E5

Part of subcall function 00007FF79B6B1508: RtlDeleteBoundaryDescriptor.NTDLL(?,?,00007FF79B6AF4FF,00007FF79B6B9ECE,?,?,?,00007FF79B6BA24B,?,?,00000000,00007FF79B6BA794,?,?,?,00007FF79B6BA6C7), ref: 00007FF79B6B151E
Part of subcall function 00007FF79B6B1508: GetLastError.KERNEL32(?,?,00007FF79B6AF4FF,00007FF79B6B9ECE,?,?,?,00007FF79B6BA24B,?,?,00000000,00007FF79B6BA794,?,?,?,00007FF79B6BA6C7), ref: 00007FF79B6B1528

Part of subcall function 00007FF79B6BE68C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BE6BF

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLast$AllocBoundaryDeleteDescriptorHeap_invalid_parameter_noinfo
String ID:
API String ID: 4268216413-0
Opcode ID: 357807e072eff4bccbb5c79fd8ed6dad45483dd19cabbac22a43c86e06ba69f3
Instruction ID: 553380f320c47ab9d3291c74922b912d293d2f3f7ba75274aa02df0865928ecc
Opcode Fuzzy Hash: 357807e072eff4bccbb5c79fd8ed6dad45483dd19cabbac22a43c86e06ba69f3
Instruction Fuzzy Hash: 1B411D21B1D26B02FA30BE3A6511B7AEAA27F807C0F845535DE6D47795EF3CF6004620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BBE4C Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF79B6BBE50

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: a3873e32751b7d92acfe498668a45f4b1cf06de3b0dc9d17ca8cf8c0d94d64c9
Instruction ID: 1e9c3f4f7b05b1c8bf7ff1c04a369788304ab970e506814e23880d0220e0bc9c
Opcode Fuzzy Hash: a3873e32751b7d92acfe498668a45f4b1cf06de3b0dc9d17ca8cf8c0d94d64c9
Instruction Fuzzy Hash: D5B09220E0BA0EC2FA187B696C82218A2AA7F88700FD84038C21C81330DE2C32B58720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A89F4 Relevance: .3, Instructions: 317COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafda4cc4359e46fe14edbdb732ee82d05df7ae96953a756e265bf7dd5589166
Instruction ID: 2867ca34f2f07169818fa21a8e5616d56e2799367547d2081ebaa0ca19cbec41
Opcode Fuzzy Hash: cafda4cc4359e46fe14edbdb732ee82d05df7ae96953a756e265bf7dd5589166
Instruction Fuzzy Hash: D6D1C662A0964A85EF78AF3D800027DB7A2EB45B48FD44135CE6D076E5CF39FA42C764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AE170 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: 01e95bae6ae51a619dfb2a7e3763382180f4b37722150dcaaad517bf25d6cd09
Instruction ID: 1a1f8eea0b31f42d8eb476aa5e56027bfc25b17d02ef2dfab56dc06cbe19d922
Opcode Fuzzy Hash: 01e95bae6ae51a619dfb2a7e3763382180f4b37722150dcaaad517bf25d6cd09
Instruction Fuzzy Hash: 45C1EC26A0865945EF70AF7994103BAA7A6FF94788F904035DE9D476A9EF3CF600C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BAB5C Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorLastValue$CurrentFeatureInfoLocalePresentProcessProcessor
String ID:
API String ID: 2071376764-0
Opcode ID: 6c3a38ab69e0bb5b736044c92537bcbd4ff9549fa2a02ed8fa3822648b77318f
Instruction ID: 2c1f3af0b4b374a11827c4db0c33d2d552552d25b1c6fb410d281753a65e9942
Opcode Fuzzy Hash: 6c3a38ab69e0bb5b736044c92537bcbd4ff9549fa2a02ed8fa3822648b77318f
Instruction Fuzzy Hash: 38B1D332A1C66E42EB74AF39D4116B9B3B2EB80B48F804135DA6D436E5DF3CF6418360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B21AC Relevance: .2, Instructions: 198COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c56c409db95e40e7d7ecbacec78d5be4ba7e0d68151b92e416d935a3d83daf2
Instruction ID: ee30c89329a1a83070fe57db454663822d1ab7b3cc26c9722295ad18843f249f
Opcode Fuzzy Hash: 7c56c409db95e40e7d7ecbacec78d5be4ba7e0d68151b92e416d935a3d83daf2
Instruction Fuzzy Hash: 8781F472A0C79545E774DB6DA48036AFAE2FB45794F804235DAAD43BA9CF3CF2008B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A9580 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
Instruction ID: abd9a62a183c9069f1b98d62c4efa49cd0a029f7e28c7c3b3943672654c33be9
Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
Instruction Fuzzy Hash: 5F41A46280964E04FD759D3C051C6B4A682DF53BA0DF862B4DEB9173F2D90DB786C130

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A7CB0 Relevance: .1, Instructions: 137COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a595148431bbcdcf83b607cc77e310f39f673ee297fcdb257f36cc52ab65d25
Instruction ID: d894eb1870157e2be8c5339cc36c30b11222594f24a66ef359db4a7d406bae80
Opcode Fuzzy Hash: 3a595148431bbcdcf83b607cc77e310f39f673ee297fcdb257f36cc52ab65d25
Instruction Fuzzy Hash: A951A572A0A55982EB39AF3CC05423CA7A2EB55B58F540135CF1E177A9CF28FD41C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A7AC8 Relevance: .1, Instructions: 137COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b964efca1e2eb7698e73cc685d1e97963d36816d76c92d765d6ef83a4a4a60
Instruction ID: 1c9ce36ec4a0cdf88425b4d4690aabfd64e4c582cc3642dd5aad80931b5d6237
Opcode Fuzzy Hash: 91b964efca1e2eb7698e73cc685d1e97963d36816d76c92d765d6ef83a4a4a60
Instruction Fuzzy Hash: BF51B6B2A0851986EB385F3CC05433CA7A2EB55B58F941135CE1A177E4CB28FE41C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A7E98 Relevance: .1, Instructions: 137COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0b2235312e67dbb0726dbc44dee1bd6196b8167b62b30abdfcd639f482643e9
Instruction ID: a60f1ec341a358c93accfbd5db87de664395da8ca0f37cb56f4eb3f940f15154
Opcode Fuzzy Hash: d0b2235312e67dbb0726dbc44dee1bd6196b8167b62b30abdfcd639f482643e9
Instruction Fuzzy Hash: 8B51A172A0865982EB389F3CC15423DA7A2EB51B58F940139DE1D177A8CF29FE41C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AF448 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: BoundaryDeleteDescriptorErrorLast
String ID:
API String ID: 2050971199-0
Opcode ID: fff7a92f82c839e3d42ed29d8db71ba1496b4b20baea46e428b784251f7925ed
Instruction ID: 7ccbbf34a1244bcab28800847e1d44a429e5bf4866fa59a3a7dabf55a7dc43b6
Opcode Fuzzy Hash: fff7a92f82c839e3d42ed29d8db71ba1496b4b20baea46e428b784251f7925ed
Instruction Fuzzy Hash: 0E41E562714A5842EF54DF3ED9141A9B3A2FB48FD4B899036DE1D87B68DF3CE1028300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6C1040 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ccdffceeb283e4b1ebdd980531a597dab5eda47f7a3a833c49eca6639b98681
Instruction ID: 8b1778481a1a98f280079d32d7ed3d4bb77a42b8c38036c82ef429a052e29595
Opcode Fuzzy Hash: 6ccdffceeb283e4b1ebdd980531a597dab5eda47f7a3a833c49eca6639b98681
Instruction Fuzzy Hash: C9F06271B192AD9ADBA49F3CAC42629B7D5E7483C0FD08039D69D83B14DA3CA1609F14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A1060 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88bbc80252497e79cdb19b232a93369e66e5e234d45eaea7d0804f360d1bcbb1
Instruction ID: 2d13e33b1a3b221a1bcf2d038b1ecc6d12134262943b0685babe021c43701aa0
Opcode Fuzzy Hash: 88bbc80252497e79cdb19b232a93369e66e5e234d45eaea7d0804f360d1bcbb1
Instruction Fuzzy Hash: E7A00126A49C4AD0EAA4AB28B851270A232BB52340B900136D12D510B4AE2CB601C264

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6810E0 Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 196libraryloaderCOMMON

Download Yara Rule

APIs

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681131
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681140
LoadLibraryA.KERNEL32 ref: 00007FF79B681148
GetProcAddress.KERNEL32 ref: 00007FF79B68115D
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B681173
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681203
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B681215
LoadLibraryA.KERNEL32 ref: 00007FF79B68121D
GetProcAddress.KERNEL32 ref: 00007FF79B68123B
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B681251
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B68129F
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B6812B1
LoadLibraryA.KERNEL32 ref: 00007FF79B6812B9
GetProcAddress.KERNEL32 ref: 00007FF79B6812D7

Part of subcall function 00007FF79B683D40: _WChar_traits.LIBCPMTD ref: 00007FF79B683D6D

Part of subcall function 00007FF79B6840E0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B6840FB

Strings

Error, xrefs: 00007FF79B6812F1
Error, xrefs: 00007FF79B6811A9

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$AddressConcurrency::details::EmptyLibraryLoadProcQueue::StructuredWork$Char_traits
String ID: Error$Error
API String ID: 1088619557-1414458090
Opcode ID: ec8d6302f261d309f4299ac9456d186aa4b39d272b74722f0c1964e525828d94
Instruction ID: 03840f241d3f015f0573b59344ed4dd85904374ebd3be332053c9937edb91168
Opcode Fuzzy Hash: ec8d6302f261d309f4299ac9456d186aa4b39d272b74722f0c1964e525828d94
Instruction Fuzzy Hash: B7B1D632619A85C1D670EB64F4953ABF3A1FBD4780F905035EA9E83A69DF3CE644CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B691AB0 Relevance: 16.6, APIs: 11, Instructions: 112libraryloaderCOMMON

Download Yara Rule

APIs

_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691AEB
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691AFA
LoadLibraryA.KERNEL32 ref: 00007FF79B691B02
GetProcAddress.KERNEL32 ref: 00007FF79B691B17
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B691B3B
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691BF3
_Mtx_guard::~_Mtx_guard.LIBCPMTD ref: 00007FF79B691C05
LoadLibraryA.KERNEL32 ref: 00007FF79B691C0D
GetProcAddress.KERNEL32 ref: 00007FF79B691C2B
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF79B691C41
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B691C67

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mtx_guardMtx_guard::~_$AddressConcurrency::details::EmptyLibraryLoadProcQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 4196786241-0
Opcode ID: 05994b014fa11f594c48e7b7aa61f874af9dd460ce5b30cba544352165943464
Instruction ID: b6dd3c75eceef90ccf4e22ad01bea8c8520e88ce7ad9acdd7939e217d244cf1e
Opcode Fuzzy Hash: 05994b014fa11f594c48e7b7aa61f874af9dd460ce5b30cba544352165943464
Instruction Fuzzy Hash: 9951E632609A8586D670EB24F4513ABB3B1FBC5780F904035E6DD87A69DF3CE548CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AF9E0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AFA24
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AFDFC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6B00A7

Strings

p, xrefs: 00007FF79B6AFB4E
p, xrefs: 00007FF79B6AFAD6
0, xrefs: 00007FF79B6AFE4C
f, xrefs: 00007FF79B6AFB46

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$f$p$p
API String ID: 3215553584-1202675169
Opcode ID: 773a535c55f366cc41a427c813aca59811636e06a27f0e29cd4666540f9e990d
Instruction ID: b2c4c94f7153e900efe99470e95af9cd009e5d1d19c42b5c5d1e0448dadcc407
Opcode Fuzzy Hash: 773a535c55f366cc41a427c813aca59811636e06a27f0e29cd4666540f9e990d
Instruction Fuzzy Hash: 44129E21E0D19B86FF347E2DD054679A6A3FB40B54FD44031E6A986AE4DF3CF6809B21

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A2E90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF79B6A2EEC

Part of subcall function 00007FF79B6A5250: __GetUnwindTryBlock.LIBCMT ref: 00007FF79B6A5293
Part of subcall function 00007FF79B6A5250: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF79B6A52B8

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF79B6A2FC4
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF79B6A3213
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF79B6A331F

Strings

csm, xrefs: 00007FF79B6A2FE7
csm, xrefs: 00007FF79B6A2F06
csm, xrefs: 00007FF79B6A2F6D

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 728d75dc0088fe37cf8d49e7d9c4ad9bc01d2b4a579a015a9931ee36bdc83676
Instruction ID: cc6767d48ec1d6fd437b8c0d885c8ee601c03156a530a1b5ed57771731cac752
Opcode Fuzzy Hash: 728d75dc0088fe37cf8d49e7d9c4ad9bc01d2b4a579a015a9931ee36bdc83676
Instruction Fuzzy Hash: B2D17072A087498AEF20AF7994402ADB7A2FB45788F900139DE5D57BA5DF38F690C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B3624 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF79B6B3DD8,?,?,?,?,00007FF79B6AB43D,?,?,?,?,00007FF79B69EF0C), ref: 00007FF79B6B37A3
GetProcAddress.KERNEL32(?,?,?,00007FF79B6B3DD8,?,?,?,?,00007FF79B6AB43D,?,?,?,?,00007FF79B69EF0C), ref: 00007FF79B6B37AF

Strings

api-ms-, xrefs: 00007FF79B6B36ED
ext-ms-, xrefs: 00007FF79B6B3700

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 047464f5df616776ffe5628bc01d6b0ef5be83e89634b9ca503654e3c52ebe30
Instruction ID: f45ff4f3f16665f9c99f4912605c54b6cc2604bf4a8425dde1db29e061f31b1c
Opcode Fuzzy Hash: 047464f5df616776ffe5628bc01d6b0ef5be83e89634b9ca503654e3c52ebe30
Instruction Fuzzy Hash: DF41C66171D61A81EA22EB2EA804175A3B3BF45BD0F88453ADD2D877A4EF3CF5058320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A57BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,00000000,00007FF79B6A59C3,?,?,?,00007FF79B6A2412,?,?,?,00007FF79B6A23CD), ref: 00007FF79B6A5841
GetLastError.KERNEL32(?,?,00000000,00007FF79B6A59C3,?,?,?,00007FF79B6A2412,?,?,?,00007FF79B6A23CD), ref: 00007FF79B6A584F
LoadLibraryExW.KERNEL32(?,?,00000000,00007FF79B6A59C3,?,?,?,00007FF79B6A2412,?,?,?,00007FF79B6A23CD), ref: 00007FF79B6A5879
FreeLibrary.KERNEL32(?,?,00000000,00007FF79B6A59C3,?,?,?,00007FF79B6A2412,?,?,?,00007FF79B6A23CD), ref: 00007FF79B6A58E7
GetProcAddress.KERNEL32(?,?,00000000,00007FF79B6A59C3,?,?,?,00007FF79B6A2412,?,?,?,00007FF79B6A23CD), ref: 00007FF79B6A58F3

Strings

api-ms-, xrefs: 00007FF79B6A5861

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 8e312c8d43453ea2021264b2ae40323e594c045a5e8a41a3551f8d99fa89a512
Instruction ID: 440fa04502882fd0a40faa55eb0d06b5c6aa34f544a28aab8f110136d0abb088
Opcode Fuzzy Hash: 8e312c8d43453ea2021264b2ae40323e594c045a5e8a41a3551f8d99fa89a512
Instruction Fuzzy Hash: 2631F421A1AA5685EE31FF2AA400575F3A5BF44BA0F990534DE3D073A0EF3CF6448320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B0654 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF79B6B0663
FlsGetValue.KERNEL32 ref: 00007FF79B6B0678
FlsSetValue.KERNEL32 ref: 00007FF79B6B0699
FlsSetValue.KERNEL32 ref: 00007FF79B6B06C6
FlsSetValue.KERNEL32 ref: 00007FF79B6B06D7
FlsSetValue.KERNEL32 ref: 00007FF79B6B06E8
SetLastError.KERNEL32 ref: 00007FF79B6B0703

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: b2bfb5fcd3a5c36c06c9de2036b9949761cc20d48c3b6da3598d7e5d60aa94df
Instruction ID: df1e089409589de5452085c9d411f36ae9933de2a47ad55ccc195a8280719fd5
Opcode Fuzzy Hash: b2bfb5fcd3a5c36c06c9de2036b9949761cc20d48c3b6da3598d7e5d60aa94df
Instruction Fuzzy Hash: E4218E20B1C26E42F638733A5545039D663AF84BE0FE00639E97E466F6EF2CB6014620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6C05C4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF79B6C05F5
GetLastError.KERNEL32 ref: 00007FF79B6C0601
CloseHandle.KERNEL32 ref: 00007FF79B6C0619
CreateFileW.KERNEL32 ref: 00007FF79B6C0644
WriteConsoleW.KERNEL32 ref: 00007FF79B6C0663

Strings

CONOUT$, xrefs: 00007FF79B6C0625

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 8587a55708eea3177b14af9c31c8e1564f1319dcca659dd1128ad41843dc4252
Instruction ID: 0ac20c71447dcf2a34198200508f5056d1220e07f68b064f1ef0cd9d63ca4583
Opcode Fuzzy Hash: 8587a55708eea3177b14af9c31c8e1564f1319dcca659dd1128ad41843dc4252
Instruction Fuzzy Hash: 3211BB22718A4586E3609B26F844725A261FB88FE4FC00234DA6D837B4DF3CE5548710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69FEE8 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF79B69FF5A
MultiByteToWideChar.KERNEL32 ref: 00007FF79B6A0002
LCMapStringEx.KERNEL32 ref: 00007FF79B6A0039
LCMapStringEx.KERNEL32 ref: 00007FF79B6A0092
LCMapStringEx.KERNEL32 ref: 00007FF79B6A013F
WideCharToMultiByte.KERNEL32 ref: 00007FF79B6A0181

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 4e00136b579caa0542b5a09c324aa03d6566cf650b1ddfed76135ff8a1c8475f
Instruction ID: 0421eb9e09de6dba51bb58a651afabf6c83d1bf5b92920aa8b8ff3ea32b01682
Opcode Fuzzy Hash: 4e00136b579caa0542b5a09c324aa03d6566cf650b1ddfed76135ff8a1c8475f
Instruction Fuzzy Hash: 14818272A0874586FF709F7994403A9A6A2FB44BA8F940235EA6D17BE4DF3CE9058710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A3360 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF79B6A34FE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF79B6A3827

Strings

csm, xrefs: 00007FF79B6A3525
csm, xrefs: 00007FF79B6A3445
csm, xrefs: 00007FF79B6A34A7

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: a8f057a3a1ca200dc4cc962c07192f9be866b965a20a1c6cbd6fb66a1c815b02
Instruction ID: 34e27e9fcba2b6d04614393fd7f150d6dae858469bb53c3a6dac652356d41665
Opcode Fuzzy Hash: a8f057a3a1ca200dc4cc962c07192f9be866b965a20a1c6cbd6fb66a1c815b02
Instruction Fuzzy Hash: 4EE1A4729087968AEB20EF7CD4402ADB7A1FB45B48F500139DE6D476A5DF38F685C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B07CC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000,00007FF79B6BBE13,?,?,?), ref: 00007FF79B6B07DB
FlsSetValue.KERNEL32(?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000,00007FF79B6BBE13,?,?,?), ref: 00007FF79B6B0811
FlsSetValue.KERNEL32(?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000,00007FF79B6BBE13,?,?,?), ref: 00007FF79B6B083E
FlsSetValue.KERNEL32(?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000,00007FF79B6BBE13,?,?,?), ref: 00007FF79B6B084F
FlsSetValue.KERNEL32(?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000,00007FF79B6BBE13,?,?,?), ref: 00007FF79B6B0860
SetLastError.KERNEL32(?,?,?,00007FF79B6AC171,?,?,?,?,00007FF79B6B2DAE,?,?,00000000,00007FF79B6BBE13,?,?,?), ref: 00007FF79B6B087B

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 7e8c30e9354542cbe79d0bc9e0d0a4c2fd70cb469dbca5be83861bfbd77bfdea
Instruction ID: 01d3be95e3d4bc328be7e44bae656c8c3c588f71caa9491f602633e5ca9a4edc
Opcode Fuzzy Hash: 7e8c30e9354542cbe79d0bc9e0d0a4c2fd70cb469dbca5be83861bfbd77bfdea
Instruction Fuzzy Hash: E0115E21F0C26E41FA74B33A55560799663AF84BE0FD04635E93E467F6EF2CB6414260

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AD820 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF79B6AD845
GetProcAddress.KERNEL32 ref: 00007FF79B6AD85B
FreeLibrary.KERNEL32 ref: 00007FF79B6AD882

Strings

mscoree.dll, xrefs: 00007FF79B6AD83C
CorExitProcess, xrefs: 00007FF79B6AD854

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: ae0e948c3ef3a91284f157399034a7257a7a1cdffda203b2172c5dc8da6111e0
Instruction ID: de539bd257947ad60b202189fdd0a8b0e82a8790fb08566d795e076dc4c45fbf
Opcode Fuzzy Hash: ae0e948c3ef3a91284f157399034a7257a7a1cdffda203b2172c5dc8da6111e0
Instruction Fuzzy Hash: 8DF04462B1960A81EF34AB3CA845379D331AF95761F940639CA7D455F4CF2DF244C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A2760 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF79B6A2883
__AdjustPointer.LIBCMT ref: 00007FF79B6A28CE

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: ab877758123a7b65edb3f3fe19a4eb1901f71257e9a8453bdff0859d2c825876
Instruction ID: 0a9464fb14a47348b8326ab1da4a253d0e5f2e5818e1040f465e1f183a17e149
Opcode Fuzzy Hash: ab877758123a7b65edb3f3fe19a4eb1901f71257e9a8453bdff0859d2c825876
Instruction Fuzzy Hash: 52B1F721E4A64E81EE75BFBA8280238E292AF54F84F854435DF6D077B5DE2CF641C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B68ED80 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00007FF79B68EE23
fpos.LIBCPMTD ref: 00007FF79B68EFB4
fpos.LIBCPMTD ref: 00007FF79B68EFEF
fpos.LIBCPMTD ref: 00007FF79B68F062

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 210a41bb767c91f51d27e2dc9ffdf7c97377ca66bc1c9f973ee7a7c34e252309
Instruction ID: 41d6e70b63b65308794b22114ab392ce0bce0071ba0fc14467135fee3590c0ec
Opcode Fuzzy Hash: 210a41bb767c91f51d27e2dc9ffdf7c97377ca66bc1c9f973ee7a7c34e252309
Instruction Fuzzy Hash: 54A10C2260CA89C6DB70EA29E45136AB7A1F7C4794F540135EAED87BA9CF2CE544CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69D590 Relevance: 7.7, APIs: 5, Instructions: 200COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00007FF79B69D633
fpos.LIBCPMTD ref: 00007FF79B69D7BB
fpos.LIBCPMTD ref: 00007FF79B69D7F6
fpos.LIBCPMTD ref: 00007FF79B69D869

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 67e421a88a8a972b26aad812bceaf7979716209af9ff9d5486616146d9a81552
Instruction ID: f7ff77ab67779b5c5ae8713a5a5d808a78eeea94b4e62ea6933b9997c3dd1d19
Opcode Fuzzy Hash: 67e421a88a8a972b26aad812bceaf7979716209af9ff9d5486616146d9a81552
Instruction Fuzzy Hash: 46A13C3260CB8985DA70AB39E44036AA7A1F785794F540275EAED87BA9CF2CF544CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B0AEC Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF79B6B0B2F
_set_statfp.LIBCMT ref: 00007FF79B6B0B4D
_set_statfp.LIBCMT ref: 00007FF79B6B0B76
_set_statfp.LIBCMT ref: 00007FF79B6B0DAF

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 196c45f451b4277e2a9120a46c7a31ea9095affa2afe910ec30386b6fd3bd0b8
Instruction ID: c4a21dacbb13cdb33a7a83f4a154bb4cdbeff0bf8c1bdf28c679d062fb61e352
Opcode Fuzzy Hash: 196c45f451b4277e2a9120a46c7a31ea9095affa2afe910ec30386b6fd3bd0b8
Instruction Fuzzy Hash: 54812A2290CA5E45F332AB3EA45037AEA72BF45B54F444235EA6E525F1DF3CF7818610

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B695A80 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B695A9F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B695ACC
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B695B0E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B695B93

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: c3c991d3da80d3aa3d5f7835c4a835a239d4e11fd58dc674cfce145c7f1caa37
Instruction ID: 8f8b4f35f529d9301fcd39bceea9c7a79c486e84c1ab54fa0583c23fecf654f4
Opcode Fuzzy Hash: c3c991d3da80d3aa3d5f7835c4a835a239d4e11fd58dc674cfce145c7f1caa37
Instruction Fuzzy Hash: 72310F2251DA49C1DA20EB39E49126AF361FBC57A4F901132E79D43BB9DF3CE640CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B695950 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B69596F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B69599C
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B6959DE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B695A63

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: addde69454c00c21a563ee40dcac23e195bb809af36f0c40717e887cfbdd24ee
Instruction ID: 784be508d95b943e6a1860131e7fe1d343534d41b6b09d2395218367b406708e
Opcode Fuzzy Hash: addde69454c00c21a563ee40dcac23e195bb809af36f0c40717e887cfbdd24ee
Instruction Fuzzy Hash: 4F31102251DA4981EA20EB39E48126EF361FBC5794F901132E7ED43BB9DE3CE645CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B687510 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68752F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B68755C
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B68759E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B687623

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: 2022660945104bbb6d78c2eb5fab3c978111d1aa5400eed9739bb0b0e1ea20de
Instruction ID: f26add3e4950d0db07840e19a0e5298358feb4cce3a3e4c0c2b9fb2bb325fdf2
Opcode Fuzzy Hash: 2022660945104bbb6d78c2eb5fab3c978111d1aa5400eed9739bb0b0e1ea20de
Instruction Fuzzy Hash: FA31102251CA49C1DA20EB29E48116AF3B1FBC5794F900531E6ED43BB9DE3CE640CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B687770 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68778F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B6877BC
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B6877FE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B687883

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: b8f9bc9075e69c34024d9e7ab59a74e6b9f719de6351ea86380f56c64e04a2cb
Instruction ID: fe4f81f959cc8bac0471f3a4a400defc57d15bc51ba77856f6b37b4d62fe7351
Opcode Fuzzy Hash: b8f9bc9075e69c34024d9e7ab59a74e6b9f719de6351ea86380f56c64e04a2cb
Instruction Fuzzy Hash: 9031DF2261DA49C1DA20EB29F48126AF3B1FBC5794F901131E6AD43BB9DE3CE655CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B687640 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68765F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B68768C
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B6876CE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B687753

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: 5a50714b4285a8421bded6926ccd8cf4195c43596d2b92f53aba14b89ac133c8
Instruction ID: 315bb9ba2ef787557acaa972f1c2c30a279efaf0a6d43d589c45b83ceb66e952
Opcode Fuzzy Hash: 5a50714b4285a8421bded6926ccd8cf4195c43596d2b92f53aba14b89ac133c8
Instruction Fuzzy Hash: 1831102251DA49C1DA30FB29E48116AF3B1FBC5794F901131E69D43BB9DE3CE640CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6956F0 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B69570F

Part of subcall function 00007FF79B6896E0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF79B68970A
Part of subcall function 00007FF79B6896E0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B68973C

std::locale::_Getfacet.LIBCPMTD ref: 00007FF79B69573C
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF79B69577E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF79B695803

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetfacetstd::locale::_
String ID:
API String ID: 1842055293-0
Opcode ID: 1b42cf0c53a4edc4f89de812021f69aafdc7d3d90c1ee0e52e3000078786eec3
Instruction ID: 51105fd2a49b6c9e9eb0fca7598c19f60422cf7e3d4a92e6faf51b1f4283624e
Opcode Fuzzy Hash: 1b42cf0c53a4edc4f89de812021f69aafdc7d3d90c1ee0e52e3000078786eec3
Instruction Fuzzy Hash: E731F02651DA89C1DA20EB39E48116AF361FBC5794F900131E6DD47BB9DE3CE650CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6C0E3C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF79B6C0E64
_set_statfp.LIBCMT ref: 00007FF79B6C0E7F
_set_statfp.LIBCMT ref: 00007FF79B6C0E9B
_set_statfp.LIBCMT ref: 00007FF79B6C0ED7

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: b5f862fb55466f104c7638c26c27eae1ccad5020b215a080a91550ad010d465e
Instruction ID: ec067800d9f6a0dd4c7c58eaa5007477a2d8b8d2620e06a3e5c1b49da987407c
Opcode Fuzzy Hash: b5f862fb55466f104c7638c26c27eae1ccad5020b215a080a91550ad010d465e
Instruction Fuzzy Hash: E7113037E9CA1E11F778313CE44537A98536F5CB60E980635E77E462F68F2C7A808220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B0894 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF79B6A6C5F,?,?,00000000,00007FF79B6A6EFA,?,?,?,?,?,00007FF79B6A6E86), ref: 00007FF79B6B08B3
FlsSetValue.KERNEL32(?,?,?,00007FF79B6A6C5F,?,?,00000000,00007FF79B6A6EFA,?,?,?,?,?,00007FF79B6A6E86), ref: 00007FF79B6B08D2
FlsSetValue.KERNEL32(?,?,?,00007FF79B6A6C5F,?,?,00000000,00007FF79B6A6EFA,?,?,?,?,?,00007FF79B6A6E86), ref: 00007FF79B6B08FA
FlsSetValue.KERNEL32(?,?,?,00007FF79B6A6C5F,?,?,00000000,00007FF79B6A6EFA,?,?,?,?,?,00007FF79B6A6E86), ref: 00007FF79B6B090B
FlsSetValue.KERNEL32(?,?,?,00007FF79B6A6C5F,?,?,00000000,00007FF79B6A6EFA,?,?,?,?,?,00007FF79B6A6E86), ref: 00007FF79B6B091C

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 5deca5eac94f812c7b2f5d81fbdd84cb3d17e6f2d2d10069c0c86e7aaa87cf2f
Instruction ID: a1a357a06f4355f43c0d637b493bdba75d29e38ff6efa5536909b7089f8bc97d
Opcode Fuzzy Hash: 5deca5eac94f812c7b2f5d81fbdd84cb3d17e6f2d2d10069c0c86e7aaa87cf2f
Instruction Fuzzy Hash: D1118E20B0C26E41FA78733A59520799263AF847E0ED41335EA7D467F6EF2CB6028220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B0728 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF79B6B0739
FlsSetValue.KERNEL32 ref: 00007FF79B6B0758
FlsSetValue.KERNEL32 ref: 00007FF79B6B0780
FlsSetValue.KERNEL32 ref: 00007FF79B6B0791
FlsSetValue.KERNEL32 ref: 00007FF79B6B07A2

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 7efd8653ae19a9cf38fb5d4159e63999d378fed53380335064c43358476839a1
Instruction ID: b141d6dc9c1954d36ab433a11f53fdb5f45065c1f98d2469b44e939f5010e944
Opcode Fuzzy Hash: 7efd8653ae19a9cf38fb5d4159e63999d378fed53380335064c43358476839a1
Instruction Fuzzy Hash: C3111F14A1D22F41F978B23E4852579D6639F80BB4FE40735D93E462F2EF2CB6414631

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B686110 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 403COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF79B6863DC
_Mpunct.LIBCPMTD ref: 00007FF79B6863FA
std::ios_base::width.LIBCPMTD ref: 00007FF79B6868D9

Strings

@, xrefs: 00007FF79B686587

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mpunct$std::ios_base::width
String ID: @
API String ID: 1355946870-2766056989
Opcode ID: ca4c29e8be680b08b5851c169f227b136de850686db6cafb472977872d27b432
Instruction ID: 5990622ab665fbd6bee33ece60b165e58237f28a506a395bf1842684b35e9a02
Opcode Fuzzy Hash: ca4c29e8be680b08b5851c169f227b136de850686db6cafb472977872d27b432
Instruction Fuzzy Hash: DE121B32609AC985DAB09B29E4943EBB7A2F7C8780F844136DADD43B69DF7CD545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B694400 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 403COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF79B6946CC
_Mpunct.LIBCPMTD ref: 00007FF79B6946E9
std::ios_base::width.LIBCPMTD ref: 00007FF79B694BC6

Strings

@, xrefs: 00007FF79B694874

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mpunct$std::ios_base::width
String ID: @
API String ID: 1355946870-2766056989
Opcode ID: 136dc350252e857673773019ee067f414da1e52d33a7f581e72bf4049b58502f
Instruction ID: b6997714279f43dab89d2b7aba7ad273481d78f16a0ab07466e1d1a1c7403e01
Opcode Fuzzy Hash: 136dc350252e857673773019ee067f414da1e52d33a7f581e72bf4049b58502f
Instruction Fuzzy Hash: 43122A3260DAC985DA709B29E4943EBA7A2F7C9780F804136DADD43BA9DF3CD545CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B6E1C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6B70FB

Part of subcall function 00007FF79B6BE7C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BE7E5

Strings

ccs, xrefs: 00007FF79B6B7036
UTF-8, xrefs: 00007FF79B6B707A
UTF-16LEUNICODE, xrefs: 00007FF79B6B7099

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: f8a60f621e9d62918c1b0c9ff66e95f198e9d7883b0b10407145d6e42a3038be
Instruction ID: 3b09b090010e965b01d83ac3a77345e81be9ec9a4c8cbddb15e8c787177c5758
Opcode Fuzzy Hash: f8a60f621e9d62918c1b0c9ff66e95f198e9d7883b0b10407145d6e42a3038be
Instruction Fuzzy Hash: 6D81B272E0C22A85FB756E3D8150238EEB7EB10B48FD58035DA2D572B5DB2DFA019721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A3AD4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF79B6A3B44
_CallSETranslator.LIBVCRUNTIME ref: 00007FF79B6A3B8F

Strings

RCC, xrefs: 00007FF79B6A3B60
MOC, xrefs: 00007FF79B6A3B58

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 71532a6ca70a8dff707580f1b2782121478fe4033101b9e0ef0ef60e58905a98
Instruction ID: 5807e0f8384affb80ea6c2c0b848b0b5459b2294a6e2936e998aba81822ae4c4
Opcode Fuzzy Hash: 71532a6ca70a8dff707580f1b2782121478fe4033101b9e0ef0ef60e58905a98
Instruction Fuzzy Hash: BE91D373A087858AEB20EF78E8402ACBBA1FB45788F504139EE5D17765DF38E255C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A2120 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF79B6A214B
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF79B6A21E2
RtlUnwindEx.KERNEL32 ref: 00007FF79B6A223C

Strings

csm, xrefs: 00007FF79B6A21C9

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 00a95274109d02e15a1a6456a7f8533ea68b7d96a90b55eb8b02915df4fd7474
Instruction ID: af584d0b99ad91de01e2f0f1160e5ab34a52270ce952ad25bdf326f5af7b3aff
Opcode Fuzzy Hash: 00a95274109d02e15a1a6456a7f8533ea68b7d96a90b55eb8b02915df4fd7474
Instruction Fuzzy Hash: 4151C332B196068ADF24EF69D154A78B792FB40B84F908131DA6A47768DF7CFA41C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A3864 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF79B6A38C3
_CallSETranslator.LIBVCRUNTIME ref: 00007FF79B6A390F

Strings

RCC, xrefs: 00007FF79B6A38DF
MOC, xrefs: 00007FF79B6A38D7

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 580b4202a3303209c3066a7ab7e3f64a3b30df3f0ea80339735e11259e7d8dc8
Instruction ID: 836f82b1ba0e8df2b9fee3bba4be1848437d99f79ee2f1be16f323460cb2ee02
Opcode Fuzzy Hash: 580b4202a3303209c3066a7ab7e3f64a3b30df3f0ea80339735e11259e7d8dc8
Instruction Fuzzy Hash: 3C619732908BC981DB70AF29E4403A9F7A1FB85784F444229EBAD17765DF3CE294CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A4054 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF79B6A407C
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF79B6A4164

Strings

csm, xrefs: 00007FF79B6A409E
csm, xrefs: 00007FF79B6A41B6

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: fcf4632694802ac27db0e388c1c55295dc68fcd7e5bdb980f347f531c5112853
Instruction ID: 375ac9e7a326ac39a1234445984993c67675bcf46a5b0b405cc6a0c78b41ee51
Opcode Fuzzy Hash: fcf4632694802ac27db0e388c1c55295dc68fcd7e5bdb980f347f531c5112853
Instruction Fuzzy Hash: CA51A03390824A86EE74AF399940378B6A2FB55B84F844139DA6C47BA5CF3CF691C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B4594 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF79B6B461B
WriteFile.KERNEL32 ref: 00007FF79B6B48E2
WriteFile.KERNEL32 ref: 00007FF79B6B492B
GetLastError.KERNEL32 ref: 00007FF79B6B49EC

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: a2b6278da23c88ae1fc66658aa32e245b4b19657e0fd36f498274d66f45ad1c4
Instruction ID: 74fc06d79d95615919fd622a8eceacd1790592b068d49e5312e81d34b271c72a
Opcode Fuzzy Hash: a2b6278da23c88ae1fc66658aa32e245b4b19657e0fd36f498274d66f45ad1c4
Instruction Fuzzy Hash: 8FD10523B08A9589E720EF79D4801ACB772F744798B50423ADF6D57BA9DF38E506C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B4F70 Relevance: 6.2, APIs: 4, Instructions: 219COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FF79B6C0875,?,?,?), ref: 00007FF79B6B5093
GetLastError.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FF79B6C0875,?,?,?), ref: 00007FF79B6B511D

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a37693c3b12b9747fb7d67c5c0fd7e9a6a7df0157cc6ba7106be3c1421e0e978
Instruction ID: 64f0f0d47205409232b670dc2b36053dfce20c4c1885c86cfdb15d5755fd2792
Opcode Fuzzy Hash: a37693c3b12b9747fb7d67c5c0fd7e9a6a7df0157cc6ba7106be3c1421e0e978
Instruction Fuzzy Hash: D891D732A1C66A45FB70EB7994606FCA7B2BB44788F840135DE1E57AA4DF38F641C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B696330 Relevance: 6.2, APIs: 4, Instructions: 213COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B696374
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B696535
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B69654A

Part of subcall function 00007FF79B68E380: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B68E39D
Part of subcall function 00007FF79B68E380: _Max_value.LIBCPMTD ref: 00007FF79B68E3C2
Part of subcall function 00007FF79B68E380: _Min_value.LIBCPMTD ref: 00007FF79B68E3F0

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B69668B

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: f2eb271ba1ca906c49f3459ada87329d83f5c2bba748eaeb7354eb8d1df20d60
Instruction ID: a33af2a67954d23076db3579c4542ab6f9b9dc497910012b33f69627e85d046f
Opcode Fuzzy Hash: f2eb271ba1ca906c49f3459ada87329d83f5c2bba748eaeb7354eb8d1df20d60
Instruction Fuzzy Hash: 0BB10D3661DBC981DA70EB69F4503AAE7A1F7C9B80F404036EADD83B69DF2CD1408B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69B7F0 Relevance: 6.2, APIs: 4, Instructions: 176COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00007FF79B69B92F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B69BA84
std::ios_base::width.LIBCPMTD ref: 00007FF79B69BB30

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWorkstd::ios_base::width
String ID:
API String ID: 2020207099-0
Opcode ID: fc66b0e3c582bd78af8f6285315b401cdef84e6de88315bdeb258068e90d44d4
Instruction ID: 75a1f56f77f9bb47ba364ca366b3da84db3cb3e0d5a81b946e33bbd294322b08
Opcode Fuzzy Hash: fc66b0e3c582bd78af8f6285315b401cdef84e6de88315bdeb258068e90d44d4
Instruction Fuzzy Hash: 4291CB32619AC985EA71EB25E4503EBB761F7C8780F800036DADD43BA9DF6CE644CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B68D520 Relevance: 6.2, APIs: 4, Instructions: 176COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00007FF79B68D660
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF79B68D7B5
std::ios_base::width.LIBCPMTD ref: 00007FF79B68D861

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWorkstd::ios_base::width
String ID:
API String ID: 2020207099-0
Opcode ID: 71cfc4fea9f4bdb9fc84dc46e810e22f6b7388e63e7c52e0431f18ea6e65f398
Instruction ID: 773158d85a2e38cd13261d4c9fe787dfb763c3c969741037e79f783d1037dca4
Opcode Fuzzy Hash: 71cfc4fea9f4bdb9fc84dc46e810e22f6b7388e63e7c52e0431f18ea6e65f398
Instruction Fuzzy Hash: 4C91A932619AC985EA71AB25E4507EBA361F7C8780F800036DA9D43BA9DF7CE544CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6BEC9C Relevance: 6.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BECDD
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BED5D
_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6BEDB1
_get_daylight.LIBCMT ref: 00007FF79B6BEE09

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: d3de0e5fbb29882e1444303b053487e6c4167490a49d197d347690e3b449aa76
Instruction ID: a78af89be1abfc242d325a7166fa05832cbcf432c68076eb6c1c68070f34b806
Opcode Fuzzy Hash: d3de0e5fbb29882e1444303b053487e6c4167490a49d197d347690e3b449aa76
Instruction Fuzzy Hash: 0D510532D0D62A46F7F43A3C8400379E9A3DB40714F988934D6BD462F5CB7CFA418662

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69DA10 Relevance: 6.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00007FF79B69DAAA
fpos.LIBCPMTD ref: 00007FF79B69DB70
fpos.LIBCPMTD ref: 00007FF79B69DBBF
fpos.LIBCPMTD ref: 00007FF79B69DC57

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 1cbe0da8245263ccabd5fc0fdbc0dc30dbf6039e44a5f579b2030ebeff9d7260
Instruction ID: 9cdc998ae081ea9f3a947448248cc47d0e6fbd5b4abfd1a296a5c25008b5cb0a
Opcode Fuzzy Hash: 1cbe0da8245263ccabd5fc0fdbc0dc30dbf6039e44a5f579b2030ebeff9d7260
Instruction Fuzzy Hash: 6E612D2291CA85C6E670AB3DE44136AB7A1F7C4794F540271EAAD87BB9CF2CE540CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B68F130 Relevance: 6.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00007FF79B68F1CA
fpos.LIBCPMTD ref: 00007FF79B68F293
fpos.LIBCPMTD ref: 00007FF79B68F2E2
fpos.LIBCPMTD ref: 00007FF79B68F378

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: d3754b898ce883205f96549c0b64ff41e4bd3cdbf9d0336dc77dfd6284e7eb03
Instruction ID: 97ee0c3056e1f894ea13cb1a61f09ee44e805524086bfab37368e046c6d81093
Opcode Fuzzy Hash: d3754b898ce883205f96549c0b64ff41e4bd3cdbf9d0336dc77dfd6284e7eb03
Instruction Fuzzy Hash: FC613C2291CA85C2E670EA6DE45036AA7A1F7C4794F540631EBED87BB9CF2CE540CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B699160 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 352COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF79B699394
std::ios_base::width.LIBCPMTD ref: 00007FF79B699812

Strings

@, xrefs: 00007FF79B6994C0

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mpunctstd::ios_base::width
String ID: @
API String ID: 1954291571-2766056989
Opcode ID: 6f3ce2de7b4513bc64287ebbab72432cc3862cb84223f76adcc5d1ab8fa7e2c6
Instruction ID: 0ea1ade0166b1cf35ab62a871360246fa9c001559f8ba10b77131c06eb15b9f1
Opcode Fuzzy Hash: 6f3ce2de7b4513bc64287ebbab72432cc3862cb84223f76adcc5d1ab8fa7e2c6
Instruction Fuzzy Hash: BF021D3260DAC985DA709B25E4983EFA7A2F7C9780F844132DACD43BA9DE7CD545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B68B1D0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 352COMMON

Download Yara Rule

APIs

_Mpunct.LIBCPMTD ref: 00007FF79B68B3FE
std::ios_base::width.LIBCPMTD ref: 00007FF79B68B87D

Strings

@, xrefs: 00007FF79B68B52B

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: Mpunctstd::ios_base::width
String ID: @
API String ID: 1954291571-2766056989
Opcode ID: e27a045f761b14d2fffe84da88c31ce7ac0da8294f5654189181789f2ea32c6d
Instruction ID: 9c7553699d68ae997565bf5f8e4cb6ba2e109b89f812d6a4c29a9439a99eaf09
Opcode Fuzzy Hash: e27a045f761b14d2fffe84da88c31ce7ac0da8294f5654189181789f2ea32c6d
Instruction Fuzzy Hash: 4402EB3260DAC985DAB09B29E4943EFB7A1F7C8780F844132DA9D43B69DE7DD645CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A428C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF79B6A42B6

Strings

csm, xrefs: 00007FF79B6A42DB
csm, xrefs: 00007FF79B6A444A

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 65159f3e0ecf65f9194eef1dcfc72047fa4037cc4ac05a74557e03057721bf4f
Instruction ID: f0c33a269393997d0a4a780639840b678f74a65ea73a06cc5c2a3f965c042469
Opcode Fuzzy Hash: 65159f3e0ecf65f9194eef1dcfc72047fa4037cc4ac05a74557e03057721bf4f
Instruction Fuzzy Hash: D871E27390969586DB30AF39D85067DBBA6FB00F84F848139DA6C47AA5CF3CE651C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69CC70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON

Download Yara Rule

Strings

, xrefs: 00007FF79B69CD92
, xrefs: 00007FF79B69CD8A

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 3d20fbee949438aef30e9577c5bfd39b57f63d78807df1ee03379ab125a77a1e
Instruction ID: df4341d2d8b076364e3f05b7926ccaf76331384a8128037fce79e3b08bf11c07
Opcode Fuzzy Hash: 3d20fbee949438aef30e9577c5bfd39b57f63d78807df1ee03379ab125a77a1e
Instruction Fuzzy Hash: EC81423251DA8986DA70EB39E45036AB7A1FBC4B94F500175EA9E43B7ACF3CE500CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B68E6F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON

Download Yara Rule

Strings

, xrefs: 00007FF79B68E81E
, xrefs: 00007FF79B68E816

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 929a6268477b735f30d56d44f9bcc4b78dc5db40358690c0666abaa0a2bc4dc9
Instruction ID: cf7841e504d9df797b6013b7f1bffcb43cbc2403b93a9922ad767d56c6258371
Opcode Fuzzy Hash: 929a6268477b735f30d56d44f9bcc4b78dc5db40358690c0666abaa0a2bc4dc9
Instruction Fuzzy Hash: 35810E2651CA89C5DA70AB29E08136EB3A1FBC4784F500136EBDD47BBADE7CE541CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B69C960 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

, xrefs: 00007FF79B69CAB7

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 0fd1d69f908260f5500e97a6e39c2c210b0b3063fb8c5b4773e69d4a4940688b
Instruction ID: 96a22615dc4dcca7251b62dc587eb7e65860e5ad4ace723388a6c9c1083edee0
Opcode Fuzzy Hash: 0fd1d69f908260f5500e97a6e39c2c210b0b3063fb8c5b4773e69d4a4940688b
Instruction Fuzzy Hash: A0710B2250C6C9C1E670AB79E0503BEF7B2FB84740F904076E6ED46AA9DF6CE544DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A4924 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF79B6A49CE
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF79B6A49FA

Strings

csm, xrefs: 00007FF79B6A4AFA

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 1b6ae00afff9c9eb06dbe5494aedbe7aaac179eaf03e7a81586e5a0413f83ecd
Instruction ID: d8e76d88eadb857a46a74a11355ad52a167f5ec7f913edff6f55047d4105a065
Opcode Fuzzy Hash: 1b6ae00afff9c9eb06dbe5494aedbe7aaac179eaf03e7a81586e5a0413f83ecd
Instruction Fuzzy Hash: ED515B3361969586DA30FF2AE54026EB7A5FB89B90F501134DB9D07BA5CF38F550CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6AD044 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF79B6AD076

Part of subcall function 00007FF79B6B1508: RtlDeleteBoundaryDescriptor.NTDLL(?,?,00007FF79B6AF4FF,00007FF79B6B9ECE,?,?,?,00007FF79B6BA24B,?,?,00000000,00007FF79B6BA794,?,?,?,00007FF79B6BA6C7), ref: 00007FF79B6B151E
Part of subcall function 00007FF79B6B1508: GetLastError.KERNEL32(?,?,00007FF79B6AF4FF,00007FF79B6B9ECE,?,?,?,00007FF79B6BA24B,?,?,00000000,00007FF79B6BA794,?,?,?,00007FF79B6BA6C7), ref: 00007FF79B6B1528

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF79B6A0771), ref: 00007FF79B6AD094

Strings

C:\Users\user\Desktop\73zGJqwgDy.exe, xrefs: 00007FF79B6AD082

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: BoundaryDeleteDescriptorErrorFileLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\73zGJqwgDy.exe
API String ID: 3976345311-3697488787
Opcode ID: 9a9872e3b6dee21310036683a70c721f7dc69dd1fcfc1168c6b4b040fe13d991
Instruction ID: ad07da0cbc6ee13adade46ddcc12cec5fc5515002766da4e1d6fedf2fb6e1b9c
Opcode Fuzzy Hash: 9a9872e3b6dee21310036683a70c721f7dc69dd1fcfc1168c6b4b040fe13d991
Instruction Fuzzy Hash: 9C417172A08A1A85EB24FF3998404BDA7A6FB457C4BD44035E95E43BA5DF3CFA518320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B4C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF79B6B4D57
GetLastError.KERNEL32 ref: 00007FF79B6B4D79

Strings

U, xrefs: 00007FF79B6B4D03

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f60115cd34dfab5a1c44c7330e37a464bd58a844af732acc2f66cd54d4fef3f0
Instruction ID: 4e2f54bca201331a4cb566069685df7988a367288178f9ffb472a0f90db8a5ce
Opcode Fuzzy Hash: f60115cd34dfab5a1c44c7330e37a464bd58a844af732acc2f66cd54d4fef3f0
Instruction Fuzzy Hash: BA41C42361DA5586EB20DF29E4443B9A761FB94B84F804035DE5D877A4DF3CE501C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6B114C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF79B6B11A0
_set_errno_from_matherr.LIBCMT ref: 00007FF79B6B120D

Strings

exp, xrefs: 00007FF79B6B117B

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: 3d373e3f802fff8d0bca639b7adbe98dc6228a31361ac0cec9673e713764ba7e
Instruction ID: bf056c4664a11e410f5694849ce6a47398abddee6c4a383c2b70823f140e7991
Opcode Fuzzy Hash: 3d373e3f802fff8d0bca639b7adbe98dc6228a31361ac0cec9673e713764ba7e
Instruction Fuzzy Hash: 27215E36F296299EE750EF78C8402AD77B1FB49348B400535EA1D93B59DF38E6408B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF79B6A1208 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF79B684AFF), ref: 00007FF79B6A1258
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF79B684AFF), ref: 00007FF79B6A1299

Strings

csm, xrefs: 00007FF79B6A1286

Memory Dump Source

Source File: 00000000.00000002.2061150828.00007FF79B681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79B680000, based on PE: true

Associated: 00000000.00000002.2061135602.00007FF79B680000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061175639.00007FF79B6C4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061190770.00007FF79B6D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6E7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6EC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F3000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B6F8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B704000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B70E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2061202582.00007FF79B728000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff79b680000_73zGJqwgDy.jbxd

Yara matches

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: d9fe29fdfaf4a4a160ab5bffe4816a56943a0fb87fb3406f17458bd64873a10c
Instruction ID: c43b85c08da0547537b9b6b556de4adc2e094af101e96b2f7f7e8bcf426993f3
Opcode Fuzzy Hash: d9fe29fdfaf4a4a160ab5bffe4816a56943a0fb87fb3406f17458bd64873a10c
Instruction Fuzzy Hash: 7E114C32608B8482EB209F29E400269B7E5FB88B84F984235DFDD47B68DF3CD651C700

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 73zGJqwgDy.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
73zGJqwgDy.exe

Function 00007FF79B681530 Relevance: 142.3, APIs: 80, Strings: 1, Instructions: 533
libraryloadernetworkCOMMON

Function 00007FF79B692160 Relevance: 98.4, APIs: 52, Strings: 4, Instructions: 448
pipeCOMMON

Function 00007FF79B690B50 Relevance: 19.6, APIs: 13, Instructions: 88
libraryloaderCOMMON

Function 00007FF79B6BDF20 Relevance: 10.8, APIs: 7, Instructions: 286
COMMON

Function 00007FF79B691520 Relevance: 40.7, APIs: 27, Instructions: 192
libraryloaderCOMMON

Function 00007FF79B692EB0 Relevance: 25.7, APIs: 17, Instructions: 244
COMMON

Function 00007FF79B6883B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51
COMMON

Function 00007FF79B6BEF6C Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 00007FF79B690E30 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76
libraryloaderCOMMON

Function 00007FF79B69E140 Relevance: 7.7, APIs: 5, Instructions: 168
COMMON

Function 00007FF79B695820 Relevance: 7.6, APIs: 5, Instructions: 67
COMMON

Function 00007FF79B691060 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217
COMMON

Function 00007FF79B693B70 Relevance: 4.6, APIs: 3, Instructions: 130
COMMON

Function 00007FF79B6AA68C Relevance: 4.6, APIs: 3, Instructions: 72
COMMON

Function 00007FF79B6AD7BC Relevance: 4.5, APIs: 3, Instructions: 14
COMMON