Edit tour

Windows Analysis Report
sj-updater-app.exe

Overview

General Information

Sample name:	sj-updater-app.exe
Analysis ID:	1448096
MD5:	457dd6e4dc5e7866f2b10b065379f3e3
SHA1:	7a2b3bd51b34f6e8361a41dc428917234edf76d9
SHA256:	a3281a97f2bdbeba81f22630ba5dd9543e28debcdda17188357ecdf4c7c7ff8a
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found potential string decryption / allocating functions

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

sj-updater-app.exe (PID: 7460 cmdline: "C:\Users\user\Desktop\sj-updater-app.exe" MD5: 457DD6E4DC5E7866F2B10B065379F3E3)

conhost.exe (PID: 7468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: sj-updater-app.exe

Static PE information: certificate valid

Source: sj-updater-app.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-updater\sj-updater-app.pdb source: sj-updater-app.exe

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7122B7210 WSARecv,#111,

0_2_00007FF7122B7210

Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: sj-updater-app.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: sj-updater-app.exe	String found in binary or memory: https://2.4.5sj-pulse-desktop
Source: sj-updater-app.exe	String found in binary or memory: https://pulse.surveyjunkie.com/downloads
Source: sj-updater-app.exe	String found in binary or memory: https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat
Source: sj-updater-app.exe	String found in binary or memory: https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig

Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122FE340	0_2_00007FF7122FE340
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122DD330	0_2_00007FF7122DD330
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122A5B80	0_2_00007FF7122A5B80
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122B1370	0_2_00007FF7122B1370
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF71229FBB0	0_2_00007FF71229FBB0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF712296BB0	0_2_00007FF712296BB0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF712302440	0_2_00007FF712302440
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122EE4A0	0_2_00007FF7122EE4A0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F7CF0	0_2_00007FF7122F7CF0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7123B6970	0_2_00007FF7123B6970
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F79A0	0_2_00007FF7122F79A0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122B7210	0_2_00007FF7122B7210
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122E2230	0_2_00007FF7122E2230
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122D5A20	0_2_00007FF7122D5A20
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122DB290	0_2_00007FF7122DB290
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122D9A90	0_2_00007FF7122D9A90
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F0AD0	0_2_00007FF7122F0AD0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122912B0	0_2_00007FF7122912B0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122DDB10	0_2_00007FF7122DDB10
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122B2F50	0_2_00007FF7122B2F50
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF712308F60	0_2_00007FF712308F60
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7123A7740	0_2_00007FF7123A7740
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122ACF60	0_2_00007FF7122ACF60
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122EF760	0_2_00007FF7122EF760
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122C2FC0	0_2_00007FF7122C2FC0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122E2FA0	0_2_00007FF7122E2FA0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7123057E0	0_2_00007FF7123057E0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122A2840	0_2_00007FF7122A2840
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F8030	0_2_00007FF7122F8030
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122A0080	0_2_00007FF7122A0080
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF71229A060	0_2_00007FF71229A060
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF71229E0C0	0_2_00007FF71229E0C0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122BA0C0	0_2_00007FF7122BA0C0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F08B0	0_2_00007FF7122F08B0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122D7100	0_2_00007FF7122D7100
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122E55E0	0_2_00007FF7122E55E0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F0650	0_2_00007FF7122F0650
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF712301620	0_2_00007FF712301620
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122B9660	0_2_00007FF7122B9660
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F7EA0	0_2_00007FF7122F7EA0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF7122F5EF0	0_2_00007FF7122F5EF0

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: String function: 00007FF712293690 appears 67 times

Source: sj-updater-app.exe	Binary or memory string: OriginalFilename vs sj-updater-app.exe
Source: sj-updater-app.exe, 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesj-updater.exe6 vs sj-updater-app.exe
Source: sj-updater-app.exe	Binary or memory string: OriginalFilenamesj-updater.exe6 vs sj-updater-app.exe

Source: classification engine

Classification label: clean2.winEXE@2/0@0/0

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7123F46DC GetDiskFreeSpaceExW,GetLastError,__std_fs_open_handle,CloseHandle,free,malloc,free,free,GetFinalPathNameByHandleW,malloc,free,free,CloseHandle,abort,CloseHandle,GetDiskFreeSpaceExW,GetLastError,free,GetLastError,CloseHandle,free,free,

0_2_00007FF7123F46DC

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7122D8A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7122D8A90

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7122D8A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7122D8A90

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03

Source: sj-updater-app.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\sj-updater-app.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sj-updater-app.exe	String found in binary or memory: Originator-Return-Address
Source: sj-updater-app.exe	String found in binary or memory: MMHS-Exempted-Address
Source: sj-updater-app.exe	String found in binary or memory: Accept-Additions
Source: sj-updater-app.exe	String found in binary or memory: /maximum-install-time-ms
Source: sj-updater-app.exe	String found in binary or memory: List-Help
Source: sj-updater-app.exe	String found in binary or memory: /maximum-install-time-ms
Source: sj-updater-app.exe	String found in binary or memory: bad numeric conversion: positive overflow/hosting-url/initial-check-delay-ms/version-check-interval-ms/maximum-install-time-ms/error-expiration-period-ms/maximum-retry-attempts/verify-signature/version-info-file-url/feature-flags-file-url/feature-flags-config-dir/feature-flags-update-post-delay-ms/observabilityFailed to load updater configuraion: {}C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\UpdaterConfig.cpp__cdecl sj::UpdaterConfig::UpdaterConfig(const class std::vector<struct sj::cfg::ConfigFile,class std::allocator<struct sj::cfg::ConfigFile> > &)Activating default configurationhttps://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsights-collector.newrelic.com/v1/accounts/1592627/eventsev_log-api.newrelic.com/log/v1log_metric-api.newrelic.com/metric/v1mt_trace-api.newrelic.com/trace/v1tr_api.mixpanel.com93c82f2a7e19b351d199aada15357e62https://pulse.surveyjunkie.com/downloads{}/version-info-{}.json{}/desktop-feature-flags.jsonSJPulse/config'JSON pointer must be empty or begin with '/' - was: 'escape character '~' must be followed with '0' or '1'Overflow detected for '{}'. {} become {}Rounding detected for '{}'. {} become {}Attempting to assign negative number '{}' to a variable expecting positive number '{}'Number expected for '{}', but {} given.unresolved reference token '9 at byte parse errorparse_error/~1~~0nullobjectarraystringbooleanbinarydiscardednumbercannot use operator[] with a string argument with cannot use operator[] with a numeric argument with 961c151d2e87f2686a955a9be24d316f1362bf21 3.11.2) is out of rangearray index '-' (' must not begin with '0'array index '' is not a number exceeds size_typearray index out_of_rangetype_errorother_errortype must be string, but is type must be boolean, but is type must be number, but is
Source: sj-updater-app.exe	String found in binary or memory: Accept-Additions
Source: sj-updater-app.exe	String found in binary or memory: List-Help
Source: sj-updater-app.exe	String found in binary or memory: MMHS-Exempted-Address
Source: sj-updater-app.exe	String found in binary or memory: Originator-Return-Address
Source: sj-updater-app.exe	String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ipp
Source: sj-updater-app.exe	String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ipp
Source: sj-updater-app.exe	String found in binary or memory: http/1.1C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ippC:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ippC:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\details\SslUtilities.cppvoid __cdecl sj::details::configureSslContextOptions(struct ssl_ctx_st *const ) noexceptCould not set minimum protocol version for SSL contextCould not set SNI server name '{}', desc: {}void __cdecl sj::details::configureCertificateValidation(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp,class boost::asio::any_io_executor> &> &,class std::variant<class std::basic_string_view<char,struct std::char_traits<char> >,class boost::asio::ip::address>,class std::basic_string_view<char,struct std::char_traits<char> >,bool &,class boost::system::error_code &)Could not set ALPN list, desc: {}

Source: unknown	Process created: C:\Users\user\Desktop\sj-updater-app.exe "C:\Users\user\Desktop\sj-updater-app.exe"
Source: C:\Users\user\Desktop\sj-updater-app.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: boost_iostreams-vc143-mt-x64-1_83.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: libssl-3-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: libcrypto-3-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: spdlog.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: fmt.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: brotlienc.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: brotlidec.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: sentry.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: vcruntime140_1.dll	Jump to behavior

Source: sj-updater-app.exe

Static PE information: certificate valid

Source: sj-updater-app.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: sj-updater-app.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: sj-updater-app.exe

Static file information: File size 2156920 > 1048576

Source: sj-updater-app.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x17a200

Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: sj-updater-app.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: sj-updater-app.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-updater\sj-updater-app.pdb source: sj-updater-app.exe

Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7122D8A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7122D8A90

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7122D7090 GetProcessHeap,HeapFree,

0_2_00007FF7122D7090

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7123F58EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00007FF7123F58EC

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7122D7100 GetProcessHeap,HeapAlloc,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,CloseHandle,GetProcessHeap,HeapAlloc,CloseHandle,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CloseHandle,AllocateAndInitializeSid,FreeSid,EqualSid,EqualSid,FreeSid,FreeSid,CloseHandle,FreeSid,FreeSid,CloseHandle,

0_2_00007FF7122D7100

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: GetLocaleInfoEx,FormatMessageA,

0_2_00007FF7123F3C4C

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF7123F5DFC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7123F5DFC

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	3 Windows Service	3 Windows Service	1 Process Injection	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Service Execution	1 DLL Side-Loading	1 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 DLL Side-Loading	Security Account Manager	13 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
sj-updater-app.exe	0%	Virustotal		Browse
sj-updater-app.exe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://pulse.surveyjunkie.com/downloads	0%	Avira URL Cloud	safe
https://2.4.5sj-pulse-desktop	0%	Avira URL Cloud	safe
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat	0%	Avira URL Cloud	safe
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig	0%	Avira URL Cloud	safe
https://pulse.surveyjunkie.com/downloads	0%	Virustotal		Browse
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig	0%	Virustotal		Browse
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
https://2.4.5sj-pulse-desktop	sj-updater-app.exe	false	Avira URL Cloud: safe	unknown
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat	sj-updater-app.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig	sj-updater-app.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pulse.surveyjunkie.com/downloads	sj-updater-app.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448096
Start date and time:	2024-05-27 19:40:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	sj-updater-app.exe
Detection:	CLEAN
Classification:	clean2.winEXE@2/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 224
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target sj-updater-app.exe, PID 7460 because there are no executed function
Not all processes where analyzed, report is missing behavior information

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.4431538128735575
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	sj-updater-app.exe
File size:	2'156'920 bytes
MD5:	457dd6e4dc5e7866f2b10b065379f3e3
SHA1:	7a2b3bd51b34f6e8361a41dc428917234edf76d9
SHA256:	a3281a97f2bdbeba81f22630ba5dd9543e28debcdda17188357ecdf4c7c7ff8a
SHA512:	c47b24fdf59f21bddd870b853883b759879082de8ef34e33f596271aeb738a04333bb9e10a3d410ecba9a5d0ea761cc6fbf849f42a6e868d8728a9fbc080fd6b
SSDEEP:	49152:vqb2/b89m6CtyrQUeKHyeIDXSjw6iuTkP9XqYRYXDJHL+bkanXCe:xtukdBX5
TLSH:	1AA56B2AA17801F9C1F9D2BCCA079A0BE7713C4A872497DB01D492562F77BE85A7F311
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........nlQ.............w.......w.......................................w.......w..................u..................................

File Icon


Icon Hash:	3361d8cee6c47117

Static PE Info

General

Entrypoint:	0x140165450
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6645EC1D [Thu May 16 11:21:01 2024 UTC]
TLS Callbacks:	0x40165044, 0x1, 0x40165a70, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	3480307717bc1f63a8a2166d772abab1

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	12/12/2023 00:00:00 30/06/2026 00:59:59
Subject Chain	CN="DISQO, Inc.", O="DISQO, Inc.", L=Glendale, S=California, C=US, SERIALNUMBER=6850471, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
Version:	3
Thumbprint MD5:	9770BF7BD57D482BF98AAFDE48DAA71D
Thumbprint SHA-1:	1F1716DE492ABB315EE61EDBE7DC7A8DD9949FCB
Thumbprint SHA-256:	0C31F784621C4477A1312EA315023B841670D1D9BE4A52BA9AFE73DB0029ED14
Serial:	036FCEF1A90FDA45B3B90FDAFA68B3A6

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F3285645098h
dec eax
add esp, 28h
jmp 00007F3285644567h
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+18h], ebx
dec eax
mov dword ptr [eax+20h], esi
dec eax
mov dword ptr [eax+10h], edx
dec eax
mov dword ptr [eax+08h], ecx
push edi
inc ecx
push esi
inc ecx
push edi
dec eax
sub esp, 30h
dec ebp
mov edi, ecx
dec ebp
mov esi, eax
dec eax
mov esi, edx
dec eax
mov edi, ecx
xor ebx, ebx
dec eax
mov dword ptr [eax-20h], ebx
mov byte ptr [eax-28h], bl
dec ecx
cmp ebx, esi
je 00007F3285644713h
dec eax
mov ecx, edi
dec ecx
mov eax, edi
dec eax
mov edx, dword ptr [00017FF1h]
call edx
dec eax
add edi, esi
dec eax
mov dword ptr [esp+50h], edi
dec eax
inc ebx
dec eax
mov dword ptr [esp+28h], ebx
jmp 00007F32856446CCh
mov byte ptr [esp+20h], 00000001h
dec eax
mov ebx, dword ptr [esp+60h]
dec eax
mov esi, dword ptr [esp+68h]
dec eax
add esp, 30h
inc ecx
pop edi
inc ecx
pop esi
pop edi
ret
dec eax
mov eax, esp
dec esp
mov dword ptr [eax+20h], ecx
dec esp
mov dword ptr [eax+18h], eax
dec eax
mov dword ptr [eax+10h], edx
push ebx
push esi
push edi
inc ecx
push esi
dec eax
sub esp, 38h
dec ebp
mov esi, ecx
dec ecx
mov ebx, eax
dec eax
mov esi, edx
mov byte ptr [eax-38h], 00000000h
dec eax
mov edi, edx
dec ecx
imul edi, eax
dec eax
add edi, ecx
dec eax
mov dword ptr [eax+08h], edi
dec eax
mov eax, ebx
dec eax
dec ebx
dec eax
mov dword ptr [esp+70h], ebx
dec eax
test eax, eax
je 00007F328564470Bh

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1cc190	0x58	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1cc1e8	0x2bc	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x20d000	0x47e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1fc000	0x10fd4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x20c000	0x2978
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x212000	0x1c14	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x196260	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x196300	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x196120	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x17c000	0x1488	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x17a0ae	0x17a200	d6fd822a2b043007c1925e64c54a1947	False	0.3910550103305785	data	6.266377553091015	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x17c000	0x57144	0x57200	455e724f786a990c2711476aad0f46ea	False	0.36740607065997133	data	5.649743654870318	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1d4000	0x27f28	0x23200	7365931882848f6761bd954b11edfc37	False	0.05800989768683274	data	4.774395582119203	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1fc000	0x10fd4	0x11000	d6369e387f5303316fe8925b184e47f1	False	0.5015940946691176	data	6.185500891038529	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x20d000	0x47e0	0x4800	6b0dfffa6550b5b414375f2d31c24123	False	0.22119140625	data	3.5607877279033175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x212000	0x1c14	0x1e00	d8541aa71c824377a4d4845a2e976f30	False	0.36692708333333335	data	5.308603692560612	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x20d418	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	English	United States	0.19768540387340577
RT_GROUP_ICON	0x211640	0x14	data	English	United States	1.1
RT_VERSION	0x20d150	0x2c8	data	English	United States	0.48174157303370785
RT_MANIFEST	0x211658	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143

Imports

DLL	Import
boost_iostreams-vc143-mt-x64-1_83.dll	?process@gzip_footer@detail@iostreams@boost@@QEAAXD@Z, ?reset@gzip_footer@detail@iostreams@boost@@QEAAXXZ, ?default_compression@zlib@iostreams@boost@@3HB, ?deflated@zlib@iostreams@boost@@3HB, ??1gzip_header@detail@iostreams@boost@@QEAA@XZ, ?reset@gzip_header@detail@iostreams@boost@@QEAAXXZ, ?process@gzip_header@detail@iostreams@boost@@QEAAXD@Z, ??0gzip_header@detail@iostreams@boost@@QEAA@XZ, ?do_init@zlib_base@detail@iostreams@boost@@AEAAXAEBUzlib_params@34@_NP6APEAXPEAXII@ZP6AX22@Z2@Z, ?default_strategy@zlib@iostreams@boost@@3HB, ?okay@zlib@iostreams@boost@@3HB, ?reset@zlib_base@detail@iostreams@boost@@IEAAX_N0@Z, ?stream_end@zlib@iostreams@boost@@3HB, ?xinflate@zlib_base@detail@iostreams@boost@@IEAAHH@Z, ?after@zlib_base@detail@iostreams@boost@@IEAAXAEAPEBDAEAPEAD_N@Z, ?sync_flush@zlib@iostreams@boost@@3HB, ?xdeflate@zlib_base@detail@iostreams@boost@@IEAAHH@Z, ??0gzip_header@detail@iostreams@boost@@QEAA@AEBV0123@@Z, ?best_speed@zlib@iostreams@boost@@3HB, ?check@zlib_error@iostreams@boost@@SAXH@Z, ?before@zlib_base@detail@iostreams@boost@@IEAAXAEAPEBDPEBDAEAPEADPEAD@Z, ??1zlib_base@detail@iostreams@boost@@IEAA@XZ, ??0zlib_base@detail@iostreams@boost@@IEAA@XZ, ?best_compression@zlib@iostreams@boost@@3HB, ?finish@zlib@iostreams@boost@@3HB, ?no_flush@zlib@iostreams@boost@@3HB
libssl-3-x64.dll	SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_set_verify, SSL_CTX_get_verify_callback, SSL_CTX_get_cert_store, SSL_CTX_free, SSL_CTX_new, SSL_CTX_set_options, SSL_get_ex_data_X509_STORE_CTX_idx, SSL_get_shutdown, SSL_CTX_ctrl, TLS_client_method, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, SSL_set_alpn_protos, SSL_get0_alpn_selected, SSL_free, SSL_shutdown, SSL_set_ex_data, SSL_get_ex_data, SSL_set_bio, SSL_get_verify_mode, SSL_set_verify, SSL_new, SSL_accept, SSL_connect, SSL_read, SSL_write, SSL_ctrl, SSL_CTX_get_default_passwd_cb_userdata, SSL_get_verify_callback, SSL_CTX_set_security_level, SSL_get_error
libcrypto-3-x64.dll	ERR_clear_error, BIO_new_bio_pair, ERR_get_error, BIO_ctrl, BIO_write, BIO_read, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get0_chain, X509_free, BIO_new_mem_buf, X509_STORE_add_cert, OPENSSL_sk_value, X509_STORE_CTX_get_error_depth, OPENSSL_sk_num, X509_STORE_CTX_get_ex_data, PEM_read_bio_X509, BIO_ctrl_pending, BIO_new, BIO_s_mem, ASN1_STRING_length, ASN1_STRING_get0_data, OBJ_obj2txt, EVP_sha1, X509_digest, X509_cmp_current_time, X509_getm_notBefore, X509_getm_notAfter, X509_NAME_entry_count, X509_NAME_get_entry, X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, PEM_write_bio_X509, ERR_error_string, X509_check_host, X509_check_ip_asc, X509_up_ref, X509_get_subject_name, EVP_get_digestbyname, i2d_X509_bio, X509_new, BIO_free, ERR_lib_error_string, ERR_reason_error_string, EVP_MD_CTX_new, EVP_MD_CTX_free, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, d2i_X509
spdlog.dll	?sink_it_@logger@spdlog@@MEAAXAEBUlog_msg@details@2@@Z, ??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z, ?enabled@backtracer@details@spdlog@@QEBA_NXZ, ?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z, ?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z, ?err_handler_@logger@spdlog@@IEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ, ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z, ?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??1periodic_worker@details@spdlog@@QEAA@XZ, ?flush_all@registry@details@spdlog@@QEAAXXZ, ?instance@registry@details@spdlog@@SAAEAV123@XZ, ??0logger@spdlog@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??1logger@spdlog@@UEAA@XZ, ?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ, ?set_level@spdlog@@YAXW4level_enum@level@1@@Z, ?default_logger@spdlog@@YA?AV?$shared_ptr@Vlogger@spdlog@@@std@@XZ, ?set_default_logger@spdlog@@YAXV?$shared_ptr@Vlogger@spdlog@@@std@@@Z, ?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z, ??0?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@QEAA@XZ, ??1?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAA@XZ, ??1file_helper@details@spdlog@@QEAA@XZ, ??0?$wincolor_stdout_sink@Uconsole_mutex@details@spdlog@@@sinks@spdlog@@QEAA@W4color_mode@2@@Z, ??0?$stdout_sink@Uconsole_mutex@details@spdlog@@@sinks@spdlog@@QEAA@XZ, ??1?$base_sink@Vmutex@std@@@sinks@spdlog@@UEAA@XZ, ??0?$basic_file_sink@Vmutex@std@@@sinks@spdlog@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NAEBUfile_event_handlers@2@@Z, ?log@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXAEBUlog_msg@details@3@@Z, ?flush@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXXZ, ?set_pattern@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?set_formatter@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXV?$unique_ptr@Vformatter@spdlog@@U?$default_delete@Vformatter@spdlog@@@std@@@std@@@Z, ?set_pattern_@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@MEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?set_formatter_@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@MEAAXV?$unique_ptr@Vformatter@spdlog@@U?$default_delete@Vformatter@spdlog@@@std@@@std@@@Z, ?clone@logger@spdlog@@UEAA?AV?$shared_ptr@Vlogger@spdlog@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z, ?flush_@logger@spdlog@@MEAAXXZ
fmt.dll	?is_printable@detail@v10@fmt@@YA_NI@Z, ?throw_format_error@detail@v10@fmt@@YAXPEBD@Z, ??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z, ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z, ??$get@Vlocale@std@@@locale_ref@detail@v10@fmt@@QEBA?AVlocale@std@@XZ
brotlienc.dll	BrotliEncoderHasMoreOutput, BrotliEncoderCompressStream, BrotliEncoderDestroyInstance, BrotliEncoderCreateInstance, BrotliEncoderSetParameter
brotlidec.dll	BrotliDecoderDecompressStream, BrotliDecoderDestroyInstance, BrotliDecoderGetErrorCode, BrotliDecoderCreateInstance
sentry.dll	sentry_options_set_handler_path, sentry_options_set_database_path, sentry_options_set_environment, sentry_options_set_release, sentry_options_set_dsn, sentry_options_free, sentry_options_new, sentry_value_new_message_event, sentry_set_tag, sentry_init, sentry_close, sentry_capture_event, sentry_options_add_attachment
KERNEL32.dll	AreFileApisANSI, SetFileInformationByHandle, GetFinalPathNameByHandleW, GetFileAttributesExW, FindNextFileW, FindFirstFileExW, FindFirstFileW, FindClose, CreateFileW, CreateDirectoryW, GetLocaleInfoEx, MoveFileExW, GetFileInformationByHandleEx, ReleaseSRWLockExclusive, ReleaseSRWLockShared, GetDiskFreeSpaceExW, AcquireSRWLockExclusive, GetCurrentThreadId, QueryPerformanceCounter, IsDebuggerPresent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, SleepConditionVariableSRW, WakeAllConditionVariable, InitOnceComplete, InitOnceBeginInitialize, CreateProcessW, GetSystemTimeAsFileTime, GetConsoleWindow, MultiByteToWideChar, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetCurrentProcessId, GetEnvironmentVariableW, GetTempPathW, CreateMutexW, ReleaseMutex, GetCurrentProcess, GetProcessHeap, HeapFree, HeapAlloc, Sleep, CreateEventW, SleepEx, ResetEvent, InitializeCriticalSectionAndSpinCount, GetLastError, WideCharToMultiByte, FormatMessageW, FormatMessageA, LocalFree, TerminateThread, QueueUserAPC, WaitForMultipleObjects, WaitForSingleObject, SetEvent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, CloseHandle, InitializeSListHead, AcquireSRWLockShared
SHELL32.dll	SHGetKnownFolderPath
ole32.dll	CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoCreateInstance, CoTaskMemFree, CoUninitialize
OLEAUT32.dll	SysFreeString, VariantInit, VariantClear, SysAllocString, VariantChangeType
ADVAPI32.dll	DuplicateTokenEx, RegGetValueW, RegDeleteKeyValueW, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, CreateProcessAsUserW, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerExA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, OpenProcessToken
MSVCP140.dll	?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ, ??7ios_base@std@@QEBA_NXZ, ??Bios_base@std@@QEBA_NXZ, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z, ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?always_noconv@codecvt_base@std@@QEBA_NXZ, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ?_Random_device@std@@YAIXZ, ?setf@ios_base@std@@QEAAHHH@Z, _Thrd_id, _Thrd_join, ?id@?$collate@D@std@@2V0locale@2@A, ?id@?$ctype@D@std@@2V0locale@2@A, ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ, ?_Incref@facet@locale@std@@UEAAXXZ, ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z, ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z, ?tolower@?$ctype@D@std@@QEBADD@Z, ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z, ??1facet@locale@std@@MEAA@XZ, ??0facet@locale@std@@IEAA@_K@Z, ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ, ??1_Locinfo@std@@QEAA@XZ, ??0_Locinfo@std@@QEAA@PEBD@Z, _Strxfrm, _Strcoll, _Cnd_do_broadcast_at_thread_exit, _Cnd_timedwait, _Mtx_current_owns, ?_Xinvalid_argument@std@@YAXPEBD@Z, ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?id@?$ctype@_W@std@@2V0locale@2@A, ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ, ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ, ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ, ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ, ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z, ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z, ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z, ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?widen@?$ctype@_W@std@@QEBA_WD@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z, ?_Xbad_function_call@std@@YAXXZ, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z, ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, _Cnd_unregister_at_thread_exit, _Cnd_register_at_thread_exit, _Cnd_broadcast, _Cnd_wait, _Cnd_destroy_in_situ, _Cnd_init_in_situ, ?__ExceptionPtrToBool@@YA_NPEBX@Z, _Query_perf_frequency, ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z, ?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z, ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ?classic@locale@std@@SAAEBV12@XZ, ??Bid@locale@std@@QEAA_KXZ, ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ, ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z, ?__ExceptionPtrRethrow@@YAXPEBX@Z, ?__ExceptionPtrCurrentException@@YAXPEAX@Z, ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z, ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z, ?__ExceptionPtrDestroy@@YAXPEAX@Z, ?__ExceptionPtrCreate@@YAXPEAX@Z, ??1_Lockit@std@@QEAA@XZ, ??0_Lockit@std@@QEAA@H@Z, ?_Winerror_map@std@@YAHH@Z, ?_Syserror_map@std@@YAPEBDH@Z, ?_Throw_Cpp_error@std@@YAXH@Z, _Mtx_unlock, _Mtx_lock, ?_Xout_of_range@std@@YAXPEBD@Z, ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z, ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z, ?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ, ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?eof@ios_base@std@@QEBA_NXZ, ?exceptions@ios_base@std@@QEBAHXZ, ?exceptions@ios_base@std@@QEAAXH@Z, ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z, ?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ, ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z, ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ, ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z, ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z, ?_ReportUnobservedException@details@Concurrency@@YAXXZ, ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ, ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z, ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ, ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ, ?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ, ??0task_continuation_context@Concurrency@@AEAA@XZ, ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z, ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ, ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?width@ios_base@std@@QEAA_J_J@Z, _Query_perf_counter, _Xtime_get_ticks, ?_Xlength_error@std@@YAXPEBD@Z, ?_Xbad_alloc@std@@YAXXZ, ?uncaught_exceptions@std@@YAHXZ, ?width@ios_base@std@@QEBA_JXZ, ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z, ?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z, ?fail@ios_base@std@@QEBA_NXZ, ?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z, ?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z, _Thrd_sleep, _Mtx_init_in_situ, _Mtx_destroy_in_situ, ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ, ?good@ios_base@std@@QEBA_NXZ, ?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A, ?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A, ?flags@ios_base@std@@QEBAHXZ
MSVCP140_ATOMIC_WAIT.dll	__std_atomic_wait_get_remaining_timeout, __std_atomic_wait_get_deadline, __std_atomic_notify_one_direct, __std_atomic_wait_direct
WS2_32.dll	getservbyname, WSACleanup, __WSAFDIsSet, accept, bind, closesocket, connect, ioctlsocket, getsockname, htonl, listen, select, setsockopt, WSAGetLastError, WSARecv, WSASend, WSASocketW, htons, gethostbyname, WSASetLastError, WSAStringToAddressW, getsockopt, getpeername, ntohl, shutdown, WSAAddressToStringW, WSAStartup
WINTRUST.dll	WinVerifyTrust
WTSAPI32.dll	WTSFreeMemory, WTSEnumerateSessionsW, WTSQueryUserToken
POWRPROF.dll	GetPwrCapabilities
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
RstrtMgr.DLL	RmRegisterResources, RmGetList, RmShutdown, RmStartSession, RmEndSession
CRYPT32.dll	CertOpenStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertFreeCertificateContext, CertAddCertificateContextToStore, CertDeleteCertificateFromStore, CertVerifyRevocation, CryptQueryObject, CertCloseStore
USERENV.dll	CreateEnvironmentBlock, DestroyEnvironmentBlock
VCRUNTIME140.dll	memchr, memset, strchr, memcpy, strstr, __std_type_info_compare, _CxxThrowException, __std_exception_destroy, __std_exception_copy, __std_terminate, _purecall, memcmp, __C_specific_handler_noexcept, __C_specific_handler, __RTDynamicCast, __current_exception, __current_exception_context, memmove
VCRUNTIME140_1.dll	__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll	_get_initial_narrow_environment, _initterm, _set_app_type, _seh_filter_exe, _initterm_e, terminate, exit, _exit, __p___argc, __p___argv, _c_exit, _beginthreadex, abort, strerror, _errno, signal, _invalid_parameter_noinfo_noreturn, _crt_atexit, _cexit, _initialize_onexit_table, _register_onexit_function, _register_thread_local_exe_atexit_callback, _initialize_narrow_environment, _configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0.dll	fseek, ftell, __stdio_common_vfprintf, _close, _lseek, _read, _setmode, _write, _sopen_dispatch, _fileno, fgets, ferror, __acrt_iob_func, clearerr, fopen, __p__commode, __stdio_common_vsprintf, _get_stream_buffer_pointers, fclose, fflush, fgetc, fgetpos, fputc, fread, fsetpos, _fseeki64, _set_fmode, fwrite, setvbuf, ungetc, feof
api-ms-win-crt-string-l1-1-0.dll	strcpy_s, strncpy, strcmp, isspace, isdigit, tolower, strnlen
api-ms-win-crt-heap-l1-1-0.dll	realloc, free, malloc, _set_new_mode, _callnewh
api-ms-win-crt-convert-l1-1-0.dll	strtol, strtoll, strtod, atoi, strtoull
api-ms-win-crt-math-l1-1-0.dll	ceil, floor, _dclass, _dsign, ceilf, __setusermatherr
api-ms-win-crt-time-l1-1-0.dll	_get_dstbias, _get_timezone, _time64, strftime, _gmtime64, _localtime64_s, _localtime64, asctime, _tzset
api-ms-win-crt-locale-l1-1-0.dll	___lc_codepage_func, _configthreadlocale, localeconv
api-ms-win-crt-filesystem-l1-1-0.dll	_lock_file, _unlock_file

Exports

Name	Ordinal	Address
OPENSSL_Applink	1	0x140147c90

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	13:41:16
Start date:	27/05/2024
Path:	C:\Users\user\Desktop\sj-updater-app.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\sj-updater-app.exe"
Imagebase:	0x7ff712290000
File size:	2'156'920 bytes
MD5 hash:	457DD6E4DC5E7866F2B10B065379F3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	13:41:16
Start date:	27/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Function 00007FF7122EE4A0 Relevance: 56.7, APIs: 30, Strings: 2, Instructions: 682COMMON

Download Yara Rule

APIs

?default_logger@spdlog@@YA?AV?$shared_ptr@Vlogger@spdlog@@@std@@XZ.SPDLOG ref: 00007FF7122EE4EC

Part of subcall function 00007FF7122A3F00: memcpy.VCRUNTIME140 ref: 00007FF7122A4017
Part of subcall function 00007FF7122A3F00: memcpy.VCRUNTIME140 ref: 00007FF7122A4026

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

??0logger@spdlog@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF7122EE57D

Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF0
Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122EE5F3
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF7122EE620
??0?$wincolor_stdout_sink@Uconsole_mutex@details@spdlog@@@sinks@spdlog@@QEAA@W4color_mode@2@@Z.SPDLOG ref: 00007FF7122EE73C
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF7122EE7A8
?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z.SPDLOG ref: 00007FF7122EE7B3
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF7122EE7CF
__std_fs_code_page.MSVCPRT ref: 00007FF7122EE8B2
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122EE910
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122EE961

Part of subcall function 00007FF7123022A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712302353

??0?$basic_file_sink@Vmutex@std@@@sinks@spdlog@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NAEBUfile_event_handlers@2@@Z.SPDLOG ref: 00007FF7122EEA30

Part of subcall function 00007FF7122E5E10: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E5FE1
Part of subcall function 00007FF7122E5E10: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122E5FE8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122EEA98
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF7122EEAC1
?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z.SPDLOG ref: 00007FF7122EEACC
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF7122EEAE8
??0?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@QEAA@XZ.SPDLOG ref: 00007FF7122EEBF1
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF7122EEC24
?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z.SPDLOG ref: 00007FF7122EEC2F
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF7122EEC4E
?set_default_logger@spdlog@@YAXV?$shared_ptr@Vlogger@spdlog@@@std@@@Z.SPDLOG ref: 00007FF7122EECFB
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF7122EED08
?set_level@spdlog@@YAXW4level_enum@level@1@@Z.SPDLOG ref: 00007FF7122EED10
?instance@registry@details@spdlog@@SAAEAV123@XZ.SPDLOG(?), ref: 00007FF7122EED38
_Mtx_lock.MSVCP140 ref: 00007FF7122EED50
??1periodic_worker@details@spdlog@@QEAA@XZ.SPDLOG ref: 00007FF7122EEE07
_Mtx_unlock.MSVCP140 ref: 00007FF7122EEE1E

Strings

logger, xrefs: 00007FF7122EE4FA
create_directories, xrefs: 00007FF7122EEEEA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$allocator@V?$shared_ptr@$D@std@@U?$char_traits@V?$basic_string@$D@2@@std@@@$?from_str@level@spdlog@@?sinks@logger@spdlog@@V?$vector@Vsink@sinks@spdlog@@@std@@Vsink@sinks@spdlog@@@std@@@2@@std@@W4level_enum@12@_invalid_parameter_noinfo_noreturn$?set_level@sink@sinks@spdlog@@Concurrency::cancel_current_taskW4level_enum@level@3@@$__std_fs_convert_narrow_to_widememcpy$??0?$base_sink@??0?$basic_file_sink@??0?$wincolor_stdout_sink@??0logger@spdlog@@??1periodic_worker@details@spdlog@@?default_logger@spdlog@@?instance@registry@details@spdlog@@?set_default_logger@spdlog@@?set_level@spdlog@@D@2@@std@@_Mtx_lockMtx_unlockUconsole_mutex@details@spdlog@@@sinks@spdlog@@Ufile_event_handlers@2@@Unull_mutex@details@spdlog@@@sinks@spdlog@@V123@Vlogger@spdlog@@@std@@Vlogger@spdlog@@@std@@@Vmutex@std@@@sinks@spdlog@@W4color_mode@2@@W4level_enum@level@1@@__std_fs_code_pagemalloc
String ID: logger$create_directories
API String ID: 386665090-4086821617
Opcode ID: e917cc88ac570ef852a5bfe3ebbc6ef86452fa1d3c63330e9527c3a353911a30
Instruction ID: e4f9bfbb3521991b6f7637314e5e9c8e07abdcf50c196e76a71b76a39e5f30b6
Opcode Fuzzy Hash: e917cc88ac570ef852a5bfe3ebbc6ef86452fa1d3c63330e9527c3a353911a30
Instruction Fuzzy Hash: C8629332A08F8192EB64EF25E4542ADB3A0FB84B60F958135DE4D53795DFBCD498C710

Function 00007FF7122A0080 Relevance: 56.7, APIs: 15, Strings: 17, Instructions: 664COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A0251
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A02D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A0351
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A03D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A0451
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A05A3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A0683
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A075D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A0837
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A08BA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A093D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A09C9

Strings

', xrefs: 00007FF7122A0AA0
/error-expiration-period-ms, xrefs: 00007FF7122A03F4
/feature-flags-config-dir, xrefs: 00007FF7122A085A
/version-info-file-url, xrefs: 00007FF7122A06A6
(, xrefs: 00007FF7122A0AFD
/feature-flags-update-post-delay-ms, xrefs: 00007FF7122A08DD
/version-check-interval-ms, xrefs: 00007FF7122A02F4
Rounding detected for '{}'. {} become {}, xrefs: 00007FF7122A0AF1
/verify-signature, xrefs: 00007FF7122A05C6
Number expected for '{}', but {} given., xrefs: 00007FF7122A0A94
/hosting-url, xrefs: 00007FF7122A019B
/maximum-retry-attempts, xrefs: 00007FF7122A0474
/feature-flags-file-url, xrefs: 00007FF7122A0780
/observability, xrefs: 00007FF7122A0970
type must be boolean, but is , xrefs: 00007FF7122A0B64
/maximum-install-time-ms, xrefs: 00007FF7122A0374
/initial-check-delay-ms, xrefs: 00007FF7122A0274

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memchr$memcpy
String ID: '$($/error-expiration-period-ms$/feature-flags-config-dir$/feature-flags-file-url$/feature-flags-update-post-delay-ms$/hosting-url$/initial-check-delay-ms$/maximum-install-time-ms$/maximum-retry-attempts$/observability$/verify-signature$/version-check-interval-ms$/version-info-file-url$Number expected for '{}', but {} given.$Rounding detected for '{}'. {} become {}$type must be boolean, but is
API String ID: 3418510692-2346887175
Opcode ID: 6820cd627a912c0f4b4324c1be625413acb68b2f7023fd6cc121dd9339dd454c
Instruction ID: ec086a6689444cee480000885824590f767c9f6656204ed7e1d86e488e31b5c6
Opcode Fuzzy Hash: 6820cd627a912c0f4b4324c1be625413acb68b2f7023fd6cc121dd9339dd454c
Instruction Fuzzy Hash: 6052B962A1CFC691DE50EB24E4403EEA321FBD5770F915332E69D02A99DFACE598C710

Function 00007FF7122FE340 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 308COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000010,00000000,00000000,?,?,00007FF7122FE80E,?,?,?,?,?,?,?,?,00000000,00007FF7122EFF87), ref: 00007FF7122FE390
??7ios_base@std@@QEBA_NXZ.MSVCP140(00000010,00000000), ref: 00007FF7122FE3F4
EVP_get_digestbyname.LIBCRYPTO-3-X64 ref: 00007FF7122FE40F
EVP_MD_CTX_new.LIBCRYPTO-3-X64 ref: 00007FF7122FE420
EVP_DigestInit_ex.LIBCRYPTO-3-X64 ref: 00007FF7122FE441
memset.VCRUNTIME140 ref: 00007FF7122FE45D
??Bios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122FE496
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z.MSVCP140 ref: 00007FF7122FE4B1
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122FE4BB
EVP_DigestUpdate.LIBCRYPTO-3-X64 ref: 00007FF7122FE4CE
??Bios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122FE4EA
EVP_DigestFinal_ex.LIBCRYPTO-3-X64 ref: 00007FF7122FE505
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122FE536
memset.VCRUNTIME140 ref: 00007FF7122FE54B
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF7122FE570
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z.MSVCP140 ref: 00007FF7122FE582
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140 ref: 00007FF7122FE59B
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z.MSVCP140 ref: 00007FF7122FE5CE
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122FE633
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122FE640
EVP_MD_CTX_free.LIBCRYPTO-3-X64 ref: 00007FF7122FE64A
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122FE67E
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122FE688
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF7122EFF87), ref: 00007FF7122FE843

Strings

Failed to allocate digest context, xrefs: 00007FF7122FE74A
Cannot open the file: , xrefs: 00007FF7122FE6EC
sha256, xrefs: 00007FF7122FE7EC
EVP_DigestInit_ex failed, xrefs: 00007FF7122FE76E
EVP_DigestUpdate failed, xrefs: 00007FF7122FE6B7
Failed to initialize MD5 digest, xrefs: 00007FF7122FE722
EVP_DigestFinal_ex failed, xrefs: 00007FF7122FE792

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$Digestmemset$??1?$basic_ios@??6?$basic_ostream@Bios_base@std@@V01@$??1?$basic_istream@??1?$basic_ostream@??7ios_base@std@@?fill@?$basic_ios@?gcount@?$basic_istream@?read@?$basic_istream@?setstate@?$basic_ios@?setw@std@@Final_exInit_exJ@1@_P_get_digestbynameSmanip@_U?$_UpdateV12@V21@@Vios_base@1@X_freeX_new_invalid_parameter_noinfo_noreturn
String ID: Cannot open the file: $EVP_DigestFinal_ex failed$EVP_DigestInit_ex failed$EVP_DigestUpdate failed$Failed to allocate digest context$Failed to initialize MD5 digest$sha256
API String ID: 3811384351-1692599866
Opcode ID: 935a979109f4ea9513896037920eecc856efadb7ee3d22066bda23c620032e19
Instruction ID: 0444beef275f8abcc9264a31f47600a1b984c03eb81261f2bf63a693b5f60932
Opcode Fuzzy Hash: 935a979109f4ea9513896037920eecc856efadb7ee3d22066bda23c620032e19
Instruction Fuzzy Hash: 0FE1C622B18E8284EF10EF25D8502FCB361FF94B98F914131DA4D47A65EFB8E659C710

Function 00007FF7122D7100 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 265memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7122D712D
HeapAlloc.KERNEL32 ref: 00007FF7122D713C
GetCurrentProcess.KERNEL32 ref: 00007FF7122D7154
OpenProcessToken.ADVAPI32 ref: 00007FF7122D7165
GetTokenInformation.ADVAPI32 ref: 00007FF7122D718A
GetLastError.KERNEL32 ref: 00007FF7122D7198
CloseHandle.KERNEL32 ref: 00007FF7122D71AB
GetProcessHeap.KERNEL32 ref: 00007FF7122D71C7
HeapAlloc.KERNEL32 ref: 00007FF7122D71D5
CloseHandle.KERNEL32 ref: 00007FF7122D71F7
GetTokenInformation.ADVAPI32 ref: 00007FF7122D721C
CloseHandle.KERNEL32 ref: 00007FF7122D722E
AllocateAndInitializeSid.ADVAPI32 ref: 00007FF7122D7289
CloseHandle.KERNEL32 ref: 00007FF7122D729B
AllocateAndInitializeSid.ADVAPI32 ref: 00007FF7122D72F9
FreeSid.ADVAPI32 ref: 00007FF7122D730B
EqualSid.ADVAPI32 ref: 00007FF7122D738A
EqualSid.ADVAPI32 ref: 00007FF7122D739E
FreeSid.ADVAPI32 ref: 00007FF7122D73CC
FreeSid.ADVAPI32 ref: 00007FF7122D7407
CloseHandle.KERNEL32 ref: 00007FF7122D7442
FreeSid.ADVAPI32 ref: 00007FF7122D749F
FreeSid.ADVAPI32 ref: 00007FF7122D74DA
CloseHandle.KERNEL32 ref: 00007FF7122D7515

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp, xrefs: 00007FF7122D731A, 00007FF7122D73BD, 00007FF7122D7489
void __cdecl sj::SidDeleter::operator ()(void *) const, xrefs: 00007FF7122D7328, 00007FF7122D73B6, 00007FF7122D7490
FreeSid failed, xrefs: 00007FF7122D7333, 00007FF7122D73D7, 00007FF7122D7412, 00007FF7122D74AA, 00007FF7122D74E5

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CloseHandle$Free$HeapProcess$Token$AllocAllocateEqualInformationInitialize$CurrentErrorLastOpen
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp$FreeSid failed$void __cdecl sj::SidDeleter::operator ()(void *) const
API String ID: 277782348-2249881049
Opcode ID: ef0d97455b29247521b1218e0787ee629f4323d1eeac17034a09a5f1f32c91fc
Instruction ID: 8a71bfc9f148d950d6877f62f84f022c4e813d3151d2d54aa6b311dce3509263
Opcode Fuzzy Hash: ef0d97455b29247521b1218e0787ee629f4323d1eeac17034a09a5f1f32c91fc
Instruction Fuzzy Hash: 0CC16E72B08B828AEB14AF60E4002EDB7A5FB447A8F854435DE0D06B58DFBCE55CC764

Function 00007FF7122BA0C0 Relevance: 35.6, APIs: 5, Strings: 15, Instructions: 616COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122AC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122AC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BA1CA

Part of subcall function 00007FF7122A6A70: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6AB8

Part of subcall function 00007FF7122B5350: _Xtime_get_ticks.MSVCP140 ref: 00007FF7122B53E6
Part of subcall function 00007FF7122B5350: _localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7122B542F
Part of subcall function 00007FF7122B5350: ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122B549F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BA7E5

Part of subcall function 00007FF712303A90: _Xtime_get_ticks.MSVCP140(?,?,?,?,00007FF7122DEF58), ref: 00007FF712303A94

Part of subcall function 00007FF7122A69C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6A08

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BAAE5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BAB77
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BACB3

Strings

Published version for '{}' is '{}'., xrefs: 00007FF7122BA57F
updateComponent, xrefs: 00007FF7122BA15A
Installation time expired for '{}'., xrefs: 00007FF7122BA868
Checking '{}' for updates., xrefs: 00007FF7122BA2E1
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122BA240, 00007FF7122BA2C3, 00007FF7122BABEC
installTimeExpired, xrefs: 00007FF7122BA781
Installation failed for '{}'., xrefs: 00007FF7122BAC0A
=, xrefs: 00007FF7122BA661
<-- , xrefs: 00007FF7122BA102, 00007FF7122BA72F
No information is available for '{}' in the manifest file., xrefs: 00007FF7122BA25E
bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF7122BA24F, 00007FF7122BA2D2, 00007FF7122BABFB
Error: maximum installation attempts exceeded for '{}'., xrefs: 00007FF7122BA644
--> , xrefs: 00007FF7122BA126, 00007FF7122BA753
The latest available version for '{}' is installed., xrefs: 00007FF7122BA47D
#, xrefs: 00007FF7122BA874

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@$Xtime_get_ticks$?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_localtime64_smemcpy
String ID: #$--> $<-- $=$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Checking '{}' for updates.$Error: maximum installation attempts exceeded for '{}'.$Installation failed for '{}'.$Installation time expired for '{}'.$No information is available for '{}' in the manifest file.$Published version for '{}' is '{}'.$The latest available version for '{}' is installed.$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const$installTimeExpired$updateComponent
API String ID: 3855784272-224350887
Opcode ID: 6463b1eee45a25dbe6c122f93290858f34a1d614983af4426b5503125291657b
Instruction ID: 29acb3ebc96d44480b87923ab50130db12bb855752ef44f8af32a50f51bf7988
Opcode Fuzzy Hash: 6463b1eee45a25dbe6c122f93290858f34a1d614983af4426b5503125291657b
Instruction Fuzzy Hash: 6B629932918FC581EA20EB24E4413EEF361FB857A0F915231EA9D17A9ADFBCD549C710

Function 00007FF7122D5A20 Relevance: 33.8, APIs: 16, Strings: 3, Instructions: 500COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122F2AA0: memset.VCRUNTIME140 ref: 00007FF7122F2AD6
Part of subcall function 00007FF7122F2AA0: GetModuleFileNameW.KERNEL32 ref: 00007FF7122F2AE8

Part of subcall function 00007FF7122F78F0: ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122F797F

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122D5B3F
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122D5BA1
memmove.VCRUNTIME140 ref: 00007FF7122D5C9A
memcpy.VCRUNTIME140 ref: 00007FF7122D5CA8
memcpy.VCRUNTIME140 ref: 00007FF7122D5CBE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D5DE0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D5E31
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122D5EC9

Strings

> {} STARTED (v{}) <, xrefs: 00007FF7122D5B1C
{:-^, xrefs: 00007FF7122D5C45
> {} ENDED <, xrefs: 00007FF7122D5B7F

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@$_invalid_parameter_noinfo_noreturnmemcpy$FileModuleNamememmovememset
String ID: > {} ENDED <$> {} STARTED (v{}) <${:-^
API String ID: 4252923549-1588015413
Opcode ID: da270ef3e38c0c8fc719f25bd376e2b606aa4cb0d47c977aa19750f2d9e8bfff
Instruction ID: 664e44243ae5425577c6c3618ae9bcde02978e2da07787a49e3d96c609492d74
Opcode Fuzzy Hash: da270ef3e38c0c8fc719f25bd376e2b606aa4cb0d47c977aa19750f2d9e8bfff
Instruction Fuzzy Hash: 84328273A18FC589EB10DF64E4403ADB361FB857A4F904225EB9D06BA9DFB8D588C710

Function 00007FF7123F46DC Relevance: 33.1, APIs: 22, Instructions: 147COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF7123F46FC
GetLastError.KERNEL32 ref: 00007FF7123F470F
__std_fs_open_handle.LIBCPMT ref: 00007FF7123F4743
CloseHandle.KERNEL32 ref: 00007FF7123F4758
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7123F4768

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CloseDiskErrorFreeHandleLastSpace__std_fs_open_handlefree
String ID:
API String ID: 3330332384-0
Opcode ID: 1351f16ad2fcb65f07fbf25a2095af7a4269cf0fae8388c714365c8e8cb82b61
Instruction ID: 7959a28d4666c3e347e47504a5cdf346c04ed33f1a502260cb3423f48156c4ba
Opcode Fuzzy Hash: 1351f16ad2fcb65f07fbf25a2095af7a4269cf0fae8388c714365c8e8cb82b61
Instruction Fuzzy Hash: A2517521E08F4282FB14AF25F804179A2A4EF45BB4F854235DF2A576D0DEBDE89DC325

Function 00007FF7122B1370 Relevance: 32.0, APIs: 1, Strings: 17, Instructions: 514COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712297240: __std_fs_code_page.MSVCPRT ref: 00007FF712297263
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972B1
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972E9

Part of subcall function 00007FF7122A69C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6A08

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B1B14

Part of subcall function 00007FF7122A6B30: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6B78

Strings

Feature flags is up to date for '{}'., xrefs: 00007FF7122B178D
__cdecl sj::ScopeGuard<class `private: void __cdecl sj::Updater::Impl::applyFeature(class sj::FeatureFlags const &,class sj::Component const &)const '::`2'::<lambda_1> >::~ScopeGuard(void), xrefs: 00007FF7122B196E
Failed to restart component '{}', executable '{}'., xrefs: 00007FF7122B1903
2, xrefs: 00007FF7122B190F
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils/ScopedGuard.h, xrefs: 00007FF7122B1963
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122B1668, 00007FF7122B1777, 00007FF7122B17F7, 00007FF7122B186D
_tmp, xrefs: 00007FF7122B143F
Failed to move file to '{}', xrefs: 00007FF7122B180D
<-- , xrefs: 00007FF7122B1A61
Restarting component '{}'., xrefs: 00007FF7122B1883
exists, xrefs: 00007FF7122B1A1B
Failed to generate configuration file for '{}'., xrefs: 00007FF7122B1643
--> , xrefs: 00007FF7122B1A82
E, xrefs: 00007FF7122B1660
create_directories, xrefs: 00007FF7122B1A05
void __cdecl sj::Updater::Impl::applyFeature(const class sj::FeatureFlags &,const class sj::Component &) const, xrefs: 00007FF7122B1674, 00007FF7122B1782, 00007FF7122B1802, 00007FF7122B1878
applyFeatures, xrefs: 00007FF7122B1AB0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@__std_fs_convert_narrow_to_wide$__std_fs_code_page_invalid_parameter_noinfo_noreturn
String ID: --> $2$<-- $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils/ScopedGuard.h$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$E$Failed to generate configuration file for '{}'.$Failed to move file to '{}'$Failed to restart component '{}', executable '{}'.$Feature flags is up to date for '{}'.$Restarting component '{}'.$__cdecl sj::ScopeGuard<class `private: void __cdecl sj::Updater::Impl::applyFeature(class sj::FeatureFlags const &,class sj::Component const &)const '::`2'::<lambda_1> >::~ScopeGuard(void)$_tmp$applyFeatures$create_directories$exists$void __cdecl sj::Updater::Impl::applyFeature(const class sj::FeatureFlags &,const class sj::Component &) const
API String ID: 900940935-173281539
Opcode ID: bcb441c4e4db83e60f66189e161383ad9d9e6068439df0ad4fed038f577aaf52
Instruction ID: d54da7f58bd94846dd193a7388ae052c9fcd1896db0ec6de60bdb5ca5dcd6999
Opcode Fuzzy Hash: bcb441c4e4db83e60f66189e161383ad9d9e6068439df0ad4fed038f577aaf52
Instruction Fuzzy Hash: 5C32A632A08F8286EB10EF64E4402EDB3B0FB857A4F914135EA4D57A99DFBCD649C750

Function 00007FF712302440 Relevance: 28.7, APIs: 19, Instructions: 171COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,?,000001E4,000001A4,00000000,00007FF71230639D), ref: 00007FF712302484
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,00000000,?,000001E4,000001A4,00000000,00007FF71230639D), ref: 00007FF71230249D
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7123024BC
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123024F0
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF712302517
?exceptions@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF71230254D
?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FF712302569
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7123025B9
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7123025C9
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z.MSVCP140 ref: 00007FF7123025DB
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF7123025EB
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712302646
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF71230265B
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z.MSVCP140 ref: 00007FF71230267D
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z.MSVCP140 ref: 00007FF71230269C
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF7123026AF
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7123026F5
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712302703
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712302722

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?tellg@?$basic_istream@Mbstatet@@@2@V?$fpos@$??1?$basic_ios@??1?$basic_istream@?exceptions@ios_base@std@@?seekg@?$basic_istream@V12@_$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?clear@?$basic_ios@?read@?$basic_istream@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V12@V?$basic_streambuf@memset
String ID:
API String ID: 3836666189-0
Opcode ID: c74664e8d3b1e4113f156a780fcf3a98b546a8f8052d727979b332d191d17de1
Instruction ID: 5b314435c34be80c63c2f45b9faab1864911ec63337a221a32ccca22b15a27d5
Opcode Fuzzy Hash: c74664e8d3b1e4113f156a780fcf3a98b546a8f8052d727979b332d191d17de1
Instruction Fuzzy Hash: 85812D32618F86C2DB10DF15E4902AAF760FB94B64F848436DE4D43A64DFBCE559CB14

Function 00007FF7122DDB10 Relevance: 28.5, APIs: 9, Strings: 7, Instructions: 452COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122F0AD0: memset.VCRUNTIME140 ref: 00007FF7122F0B1F
Part of subcall function 00007FF7122F0AD0: GetTempPathW.KERNEL32 ref: 00007FF7122F0B2D
Part of subcall function 00007FF7122F0AD0: __std_fs_code_page.MSVCPRT ref: 00007FF7122F0B40
Part of subcall function 00007FF7122F0AD0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F0B80
Part of subcall function 00007FF7122F0AD0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F0BC6

Part of subcall function 00007FF7122A12D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF7122F58A3), ref: 00007FF7122A13EC

Part of subcall function 00007FF712295C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295CCB

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7123022A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712302353

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769

Part of subcall function 00007FF712293690: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00007FF712291360), ref: 00007FF71229373D
Part of subcall function 00007FF712293690: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF712293787

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF7122DA6B0: ceilf.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF7122DA820

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE005
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE076
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE0C7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE118
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE167
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE1B6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE1FB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE24C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DE2CC

Strings

$(system.tempDir), xrefs: 00007FF7122DDDCA
$(app.path), xrefs: 00007FF7122DDCBD
$(app.name), xrefs: 00007FF7122DDD76
$(system.configDir), xrefs: 00007FF7122DDEBB
$(system.dataDir), xrefs: 00007FF7122DDE43
$(system.platformName), xrefs: 00007FF7122DDF20
$(app.dir), xrefs: 00007FF7122DDD20

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_narrow_to_widememcpy$Concurrency::cancel_current_taskPathTemp__std_fs_code_pageceilfmallocmemset
String ID: $(app.dir)$$(app.name)$$(app.path)$$(system.configDir)$$(system.dataDir)$$(system.platformName)$$(system.tempDir)
API String ID: 1213556465-1740758285
Opcode ID: 6a65d3c7b0d526d5031848e96b4f3583fa6ac6c97e5ec632205e7e49bbbde904
Instruction ID: 631f0759684ddb394c8ed0c6a81c6a783eb8ad01797593b6eadf3c078f335211
Opcode Fuzzy Hash: 6a65d3c7b0d526d5031848e96b4f3583fa6ac6c97e5ec632205e7e49bbbde904
Instruction Fuzzy Hash: 6D32B863D14FC685EB21DF34D8413FD6320FB957A8F905321EA9C1699ADFA8E688C350

Function 00007FF7122D9A90 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 385COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF7122D9B46
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122D9B93
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122D9BD5
__std_fs_code_page.MSVCPRT ref: 00007FF7122D9BFB
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122D9C45

Strings

sj-updater, xrefs: 00007FF7122D9F46
app, xrefs: 00007FF7122D9E4A
!, xrefs: 00007FF7122D9B69
exists, xrefs: 00007FF7122DA06A
sj-pulse-proxy-server-app.exe, xrefs: 00007FF7122D9D6C
updater, xrefs: 00007FF7122D9EAE
SJPulse, xrefs: 00007FF7122D9AD6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
String ID: !$SJPulse$app$exists$sj-pulse-proxy-server-app.exe$sj-updater$updater
API String ID: 3645842244-938894102
Opcode ID: d30fe2736adb684b7cd5f87d9b70b41eafde6e57e5beff790af43676be416d3c
Instruction ID: 9baada0482f92663025ce549f67d24a6e3e1f1dcd07f4a6f7065f1e629e792d8
Opcode Fuzzy Hash: d30fe2736adb684b7cd5f87d9b70b41eafde6e57e5beff790af43676be416d3c
Instruction Fuzzy Hash: 05F1C033B18B5696EF10EB64E4802EDA371FB84364FD11036EA4D57A99DFB8E948C710

Function 00007FF7122ACF60 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 307COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF7122AC930: #115.WS2_32 ref: 00007FF7122AC971

Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF0
Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF6

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122AD1D5

Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE79F
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE7CC
Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE851
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE860
Part of subcall function 00007FF7122AE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE86B

std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122AD3FC
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122AD40D
std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122AD41F
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122AD430
std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122AD442
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122AD453
std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122AD465
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122AD476
std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122AD488
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122AD499

Strings

Process starter is not set., xrefs: 00007FF7122AD436
Storage is not set., xrefs: 00007FF7122AD413
Downloader is not set., xrefs: 00007FF7122AD459
Version reader is not set., xrefs: 00007FF7122AD47C
App restarter is not set., xrefs: 00007FF7122AD3F0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrowstd::bad_exception::bad_exception$Concurrency::cancel_current_taskCreateErrorEventLast$#115CloseHandlemallocmemset
String ID: App restarter is not set.$Downloader is not set.$Process starter is not set.$Storage is not set.$Version reader is not set.
API String ID: 3529670067-3964332209
Opcode ID: b6ff032e85055d60310e3702f7e0f22366511f8a38a8f91330ff231d1637b617
Instruction ID: 871618f84c468a91b84b5e6cac2ecac66973d0cbbfa5036a828e77717926f0fc
Opcode Fuzzy Hash: b6ff032e85055d60310e3702f7e0f22366511f8a38a8f91330ff231d1637b617
Instruction Fuzzy Hash: 46F16A32A09F8586E754DF24E8403AEB3A4FB59B54F448239DB9D43B51EF78E1A8C300

Function 00007FF7122EF760 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 279COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF7122EF82F
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122EF889
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122EF8D6
memcmp.VCRUNTIME140 ref: 00007FF7122EF933

Part of subcall function 00007FF71229F340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF71229F383
Part of subcall function 00007FF71229F340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF71229F3D4

Strings

app, xrefs: 00007FF7122EF92C
[0-9]{8}_[0-9]{6}, xrefs: 00007FF7122EF7F5
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\LogUtils.cpp, xrefs: 00007FF7122EF7C3
Provided empty logs directory for wiping, xrefs: 00007FF7122EF7DB
pulse_, xrefs: 00007FF7122EF955
.log, xrefs: 00007FF7122EF940, 00007FF7122EF9D7
s, xrefs: 00007FF7122EF7B3
void __cdecl sj::LogUtils::wipeObsoleteLogFiles(const class std::filesystem::path &,unsigned __int64,unsigned __int64) noexcept, xrefs: 00007FF7122EF7CF

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@__std_fs_code_pagememcmp
String ID: .log$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\LogUtils.cpp$Provided empty logs directory for wiping$[0-9]{8}_[0-9]{6}$app$pulse_$s$void __cdecl sj::LogUtils::wipeObsoleteLogFiles(const class std::filesystem::path &,unsigned __int64,unsigned __int64) noexcept
API String ID: 3581062000-3610563262
Opcode ID: 18f63fbd2f534cd803a3108546189656a8c8e363e6bd757daf669c6161d4db81
Instruction ID: 2e5ae254fd09c80f9fc873b64111507fac3be87e0c6445b5379ad09055f052ec
Opcode Fuzzy Hash: 18f63fbd2f534cd803a3108546189656a8c8e363e6bd757daf669c6161d4db81
Instruction Fuzzy Hash: 6EC19422A18FC191EA60EB15F4403AEF3A1FB847A0F915235DA9D17B99DFBCD089D710

Function 00007FF7123057E0 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 466COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF712305837
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71230596B
__std_exception_destroy.VCRUNTIME140 ref: 00007FF712305999
__std_exception_destroy.VCRUNTIME140 ref: 00007FF7123059A6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123059DE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712305A2F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712305BE5
__std_exception_destroy.VCRUNTIME140 ref: 00007FF712305C11
__std_exception_destroy.VCRUNTIME140 ref: 00007FF712305C1E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712305C57
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712305CAA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712305D86
_CxxThrowException.VCRUNTIME140 ref: 00007FF712305DA4
_CxxThrowException.VCRUNTIME140 ref: 00007FF712305DC1

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122C57F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C58F7
Part of subcall function 00007FF7122C57F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C5948

Part of subcall function 00007FF7122CF730: memmove.VCRUNTIME140 ref: 00007FF7122CF81F

Strings

value, xrefs: 00007FF7123058B6, 00007FF712305B37

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$ExceptionThrow$memcpymemmovememset
String ID: value
API String ID: 646253820-494360628
Opcode ID: 82d69c2aad8b3a43ab13cb70aa37ec00e887db45c7d8c478709070b2cde54e0e
Instruction ID: 6be8030b0d545ec97e44e477c7ccc079248bce5e74e7a5319110f7110cb6ab6d
Opcode Fuzzy Hash: 82d69c2aad8b3a43ab13cb70aa37ec00e887db45c7d8c478709070b2cde54e0e
Instruction Fuzzy Hash: 2B12D822A18F8585EB10EB74E4403EDA761FB857B4F905236EA9D13AD9DFBCD488C314

Function 00007FF71229A060 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 252COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122F2AA0: memset.VCRUNTIME140 ref: 00007FF7122F2AD6
Part of subcall function 00007FF7122F2AA0: GetModuleFileNameW.KERNEL32 ref: 00007FF7122F2AE8

Part of subcall function 00007FF7122EFCD0: _Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF71229A0B7), ref: 00007FF7122EFDD3
Part of subcall function 00007FF7122EFCD0: _Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF71229A0B7), ref: 00007FF7122EFDDB

Part of subcall function 00007FF712297780: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122977C8

Part of subcall function 00007FF712297900: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF712297948

Part of subcall function 00007FF7122979C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF712297A08

Part of subcall function 00007FF712297840: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF712297888

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229A47C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229A4E9

Strings

system.configDir, xrefs: 00007FF71229A184
hostingUrl, xrefs: 00007FF71229A3B8
{:<27}: {}, xrefs: 00007FF71229A0F8
featureFlagsFileUrl, xrefs: 00007FF71229A304
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater-app\src\UpdaterApp.cpp, xrefs: 00007FF71229A0E2
environment, xrefs: 00007FF71229A42D
maxRetryAttempts, xrefs: 00007FF71229A360
void __cdecl sj::logConfiguration(const class sj::UpdaterConfig &), xrefs: 00007FF71229A0ED
checkInterval, xrefs: 00007FF71229A24C
system.tempDir, xrefs: 00007FF71229A12B
versionInfoFileUrl, xrefs: 00007FF71229A2A8
[, xrefs: 00007FF71229A3E5
initialCheckDelay, xrefs: 00007FF71229A1E8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@$Xtime_get_ticks_invalid_parameter_noinfo_noreturn$FileModuleNamememset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater-app\src\UpdaterApp.cpp$[$checkInterval$environment$featureFlagsFileUrl$hostingUrl$initialCheckDelay$maxRetryAttempts$system.configDir$system.tempDir$versionInfoFileUrl$void __cdecl sj::logConfiguration(const class sj::UpdaterConfig &)${:<27}: {}
API String ID: 1551170109-4073846125
Opcode ID: 542aff67e605f0000a65b46275d481e610215c92e7210e07a4641db7a812d987
Instruction ID: 57aee9706045d01c93c31a2608ea577c530bfb1bf4a5c88d39f1b075888b5e4f
Opcode Fuzzy Hash: 542aff67e605f0000a65b46275d481e610215c92e7210e07a4641db7a812d987
Instruction Fuzzy Hash: 28E1AF32A18F9585EB21DF74E8413DEB3B4FB45358F901226EA8C1AA68DF7CD159CB40

Function 00007FF7122912B0 Relevance: 25.2, Strings: 20, Instructions: 180COMMON

Download Yara Rule

Strings

SJ Pulse Watchdog, xrefs: 00007FF71229155B
sj-updater, xrefs: 00007FF7122914F4
SJ Pulse Updater, xrefs: 00007FF712291486
sj-watchdog, xrefs: 00007FF7122915C6
watchdog, xrefs: 00007FF71229156E
sj-pulse-ui.exe, xrefs: 00007FF7122913A8
updater, xrefs: 00007FF712291499
sj-updater-app.exe, xrefs: 00007FF712291473
SJ Pulse Proxy Server, xrefs: 00007FF7122912E8
sj-pulse-ui.json, xrefs: 00007FF71229138E
SJ Pulse Installer, xrefs: 00007FF712291615
sj-pulse-watchdog.exe, xrefs: 00007FF712291548
app, xrefs: 00007FF7122912FB
sj-updater-app.json, xrefs: 00007FF712291460
sj-pulse-proxy-server-app.exe, xrefs: 00007FF7122912D5
sj-pulse-watchdog.json, xrefs: 00007FF712291535
SJ Pulse UI, xrefs: 00007FF7122913BB
installer, xrefs: 00007FF712291628
sj-pulse-proxy-server-app.json, xrefs: 00007FF7122912C2
sj-app, xrefs: 00007FF71229134D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: SJ Pulse Installer$SJ Pulse Proxy Server$SJ Pulse UI$SJ Pulse Updater$SJ Pulse Watchdog$app$installer$sj-app$sj-pulse-proxy-server-app.exe$sj-pulse-proxy-server-app.json$sj-pulse-ui.exe$sj-pulse-ui.json$sj-pulse-watchdog.exe$sj-pulse-watchdog.json$sj-updater$sj-updater-app.exe$sj-updater-app.json$sj-watchdog$updater$watchdog
API String ID: 1775671525-4165182966
Opcode ID: e003f83b08545eef71909e8c9e931d2ada732a56d980efa208579c29519ab046
Instruction ID: c666e6d5dbaeb72236b10ef8489a1c435cb980126533612e7ee93a64d554a2ab
Opcode Fuzzy Hash: e003f83b08545eef71909e8c9e931d2ada732a56d980efa208579c29519ab046
Instruction Fuzzy Hash: F8D1D925D28F9584F305DBA4E9923A8B3B4BB58368F905234DD9C11626EFBC75F8C321

Function 00007FF7122F5EF0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 288COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

memmove.VCRUNTIME140 ref: 00007FF7122F5FC0

Part of subcall function 00007FF71229A990: memcpy.VCRUNTIME140 ref: 00007FF71229AA57

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F6018
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F608D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F6102
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122F6172
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F6216

Strings

type must be string, but is , xrefs: 00007FF7122F6142
/endpoint, xrefs: 00007FF7122F5F33
/disk-usage, xrefs: 00007FF7122F62CB
/report-interval-ms, xrefs: 00007FF7122F60AE
/heartbeat, xrefs: 00007FF7122F61C0
/cpu-usage, xrefs: 00007FF7122F6269
/check-interval-ms, xrefs: 00007FF7122F6039
/memory-usage, xrefs: 00007FF7122F629A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memchrmemcpy$ExceptionThrowmemmove
String ID: /check-interval-ms$/cpu-usage$/disk-usage$/endpoint$/heartbeat$/memory-usage$/report-interval-ms$type must be string, but is
API String ID: 2465477935-2281374113
Opcode ID: b79557f0b703da95bbe1c74c2b54e584700a620caeb7aba90e9bfdce54924a4b
Instruction ID: afdc72e304417c9ee102ff40590587ce4b648a38d5410dfe3bfcd2bb0354f5ca
Opcode Fuzzy Hash: b79557f0b703da95bbe1c74c2b54e584700a620caeb7aba90e9bfdce54924a4b
Instruction Fuzzy Hash: DEC1F762F08F8245EB10EB34E4402FDA361FB857A4F915231EA5D17A9ADFBCE599C310

Function 00007FF7122E2FA0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF0
Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF6

memset.VCRUNTIME140 ref: 00007FF7122E305F

Part of subcall function 00007FF7122E2230: _Mtx_init_in_situ.MSVCP140 ref: 00007FF7122E22AF
Part of subcall function 00007FF7122E2230: memset.VCRUNTIME140 ref: 00007FF7122E22FB

Part of subcall function 00007FF7122A4150: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7122B0F8D), ref: 00007FF7122A4280

Strings

class std::unique_ptr<class sj::nr::NewRelicService,struct std::default_delete<class sj::nr::NewRelicService> > __cdecl sj::nr::createNewRelicService(const struct sj::cfg::NewRelic &,class sj::Storage &) noexcept, xrefs: 00007FF7122E311E
pulse.{}.{}.usage, xrefs: 00007FF7122E3240
void __cdecl sj::nr::NewRelicService::Impl::sendMessage<struct sj::nr::NewRelicMetricMessage>(const struct sj::nr::NewRelicMetricMessage &) noexcept, xrefs: 00007FF7122E330C
NewRelic service is up, xrefs: 00007FF7122E312A
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF7122E3112, 00007FF7122E3301
}, xrefs: 00007FF7122E3317
}, xrefs: 00007FF7122E32F1
Observable object is null., xrefs: 00007FF7122E316E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Concurrency::cancel_current_taskmemset$Mtx_init_in_situmallocmemmove
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$NewRelic service is up$Observable object is null.$class std::unique_ptr<class sj::nr::NewRelicService,struct std::default_delete<class sj::nr::NewRelicService> > __cdecl sj::nr::createNewRelicService(const struct sj::cfg::NewRelic &,class sj::Storage &) noexcept$pulse.{}.{}.usage$void __cdecl sj::nr::NewRelicService::Impl::sendMessage<struct sj::nr::NewRelicMetricMessage>(const struct sj::nr::NewRelicMetricMessage &) noexcept$}$}
API String ID: 585329793-64319763
Opcode ID: 812a5fde80192a99edced3ad77ec24346b056e8262223350d7022c4bc0b2a333
Instruction ID: 1e7a0e2ca180bd122a98729f789d4d15cc133e74eef2116a9f764bfb28560c1a
Opcode Fuzzy Hash: 812a5fde80192a99edced3ad77ec24346b056e8262223350d7022c4bc0b2a333
Instruction Fuzzy Hash: 37C19332A18F8195EB10DB64E4403AEB360FB887A4F904235EE9D27B59DFBCD598C750

Function 00007FF7123A7740 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 206COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712300AB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712300BE1

__std_fs_code_page.MSVCPRT ref: 00007FF7123A7840
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7123A788C
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7123A78CA
sentry_options_set_database_path.SENTRY ref: 00007FF7123A78F3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A792B
__std_fs_code_page.MSVCPRT ref: 00007FF7123A796A
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7123A79B6
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7123A79F4
sentry_options_add_attachment.SENTRY ref: 00007FF7123A7A1D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A7A55

Part of subcall function 00007FF7122A6540: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6588

Strings

crashpad database, xrefs: 00007FF7123A7778
Directory does not have write permission: {}, xrefs: 00007FF7123A77D6
bool __cdecl sj::CrashHandler::Impl::createDbDir(void) noexcept const, xrefs: 00007FF7123A77CB
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp, xrefs: 00007FF7123A77C0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$_invalid_parameter_noinfo_noreturn$__std_fs_code_page$?default_logger_raw@spdlog@@Vlogger@1@sentry_options_add_attachmentsentry_options_set_database_path
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp$Directory does not have write permission: {}$bool __cdecl sj::CrashHandler::Impl::createDbDir(void) noexcept const$crashpad database
API String ID: 3120675416-3987814639
Opcode ID: 08f02f7bc02ec343055c8dfbfec11627a6d074e0a2f76c31e8088ad2b3d45774
Instruction ID: 38999652b14aa22a83933478e52668cf7d4dafed257b02fd0b6e4f23a6eddc64
Opcode Fuzzy Hash: 08f02f7bc02ec343055c8dfbfec11627a6d074e0a2f76c31e8088ad2b3d45774
Instruction Fuzzy Hash: 3B91C122F18A419AFB14EF74D4443ECA3A1FB447A8F80413AEE4E53A89DFB8D559C354

Function 00007FF7122E55E0 Relevance: 24.5, APIs: 16, Instructions: 454COMMON

Download Yara Rule

APIs

_Mtx_init_in_situ.MSVCP140 ref: 00007FF7122E5639
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E5733
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E5782
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF7122E5792
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF7122E5869
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000), ref: 00007FF7122E5882
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF7122E58AC
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF7122E58CA
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF7122E58F4
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000), ref: 00007FF7122E59D0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Cpp_error@std@@Mtx_init_in_situThrow__beginthreadex_invalid_parameter_noinfo_noreturnterminate
String ID:
API String ID: 3505301042-0
Opcode ID: ab8ec26f031b61b12ef95caa3bbff78b7fbe671c8bf1130ddbf5fc69e68ce9ff
Instruction ID: 3cbb2b806c24a4c357c2b04213f390c878fb06902c0f5e7dd868a9311df41b0c
Opcode Fuzzy Hash: ab8ec26f031b61b12ef95caa3bbff78b7fbe671c8bf1130ddbf5fc69e68ce9ff
Instruction Fuzzy Hash: DFF1E162B09F9595EA20EF15F4402ADB3A0EB44BE0F898435DF4D17759EEBCD4AAC310

Function 00007FF712301620 Relevance: 24.2, APIs: 16, Instructions: 240COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF71230169E

Part of subcall function 00007FF7122FF4E0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122FF52B
Part of subcall function 00007FF7122FF4E0: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7122FF54A
Part of subcall function 00007FF7122FF4E0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122FF57C
Part of subcall function 00007FF7122FF4E0: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7122FF597
Part of subcall function 00007FF7122FF4E0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122FF5E5

memset.VCRUNTIME140 ref: 00007FF7123016D1
??7ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF71230170A
??7ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF712301727
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712301744
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?), ref: 00007FF712301781
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF712301803
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF71230182E
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF712301864
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF71230188C
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF7123018B0
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF7123018E5
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712301951
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF71230195B
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7123019A2
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7123019AF

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?sgetc@?$basic_streambuf@$V?$basic_streambuf@$??1?$basic_ios@??1?$basic_istream@??7ios_base@std@@?rdbuf@?$basic_ios@?sbumpc@?$basic_streambuf@D@std@@@2@memset$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@
String ID:
API String ID: 110866330-0
Opcode ID: 602da3e0376ddfab36aa621eb3ad3c432f0022a9404acd9938ed96bacf221cb9
Instruction ID: 303bf808f74c7a4a0cd64b29657a4baad2b02859857d2889681922ccb83edd62
Opcode Fuzzy Hash: 602da3e0376ddfab36aa621eb3ad3c432f0022a9404acd9938ed96bacf221cb9
Instruction Fuzzy Hash: 3CB19322A08AC185EB11AB2595503BAEBA0FF81769F840175DECD03AA5DFBCD549C738

Function 00007FF7122E2230 Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 325COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122F5800: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F58D5

_Mtx_init_in_situ.MSVCP140 ref: 00007FF7122E22AF

Part of subcall function 00007FF7122AC930: #115.WS2_32 ref: 00007FF7122AC971

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memset.VCRUNTIME140 ref: 00007FF7122E22FB

Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE79F
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE7CC
Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE851
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE860
Part of subcall function 00007FF7122AE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE86B

Part of subcall function 00007FF712297240: __std_fs_code_page.MSVCPRT ref: 00007FF712297263
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972B1
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972E9

Part of subcall function 00007FF712295C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295CCB

Strings

event, xrefs: 00007FF7122E23B3
NewRelic {} reporting is {}, xrefs: 00007FF7122E2717
metric, xrefs: 00007FF7122E240E
trace, xrefs: 00007FF7122E2441
disabled, xrefs: 00007FF7122E266C
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF7122E268A
enabled, xrefs: 00007FF7122E2661
__cdecl sj::nr::NewRelicService::Impl::Impl(const struct sj::cfg::NewRelic &,class sj::Storage &,class sj::nr::INewRelicClientFactory &), xrefs: 00007FF7122E270C
NewRelicService, xrefs: 00007FF7122E24CA
SJPulse, xrefs: 00007FF7122E2594
log, xrefs: 00007FF7122E23DB

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CreateErrorEventLast__std_fs_convert_narrow_to_wide_invalid_parameter_noinfo_noreturn$#115CloseHandleMtx_init_in_situ__std_fs_code_pagemallocmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$NewRelic {} reporting is {}$NewRelicService$SJPulse$__cdecl sj::nr::NewRelicService::Impl::Impl(const struct sj::cfg::NewRelic &,class sj::Storage &,class sj::nr::INewRelicClientFactory &)$disabled$enabled$event$log$metric$trace
API String ID: 4107774585-1555390895
Opcode ID: 23763a61aa03217cc7e5bc339df839449714799a9de26340880f8cf402f65421
Instruction ID: 1758372adce2805e5fcf772eba54bbf8f844fb6d8d144f7bcb10fa348211e2c3
Opcode Fuzzy Hash: 23763a61aa03217cc7e5bc339df839449714799a9de26340880f8cf402f65421
Instruction Fuzzy Hash: 63F19D32A08F819AEB14EF64E8403EDB3A4FB45758F905135EA8D53B55DFB8E568C310

Function 00007FF7122DD330 Relevance: 19.9, APIs: 5, Strings: 8, Instructions: 364COMMON

Download Yara Rule

Strings

type must be string, but is , xrefs: 00007FF7122DD9A5
cannot get value, xrefs: 00007FF7122DD9E4
config, xrefs: 00007FF7122DD3FC
name, xrefs: 00007FF7122DD75D, 00007FF7122DD7C5
env.json, xrefs: 00007FF7122DD386
env, xrefs: 00007FF7122DD3C1
?, xrefs: 00007FF7122DD48D
SJPulse, xrefs: 00007FF7122DD437

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$__std_exception_copy__std_fs_code_page_invalid_parameter_noinfo_noreturnmemcpy
String ID: ?$SJPulse$cannot get value$config$env$env.json$name$type must be string, but is
API String ID: 3289095054-3569255062
Opcode ID: 5808a64ef2eab9daea5ae3e877fc6b7c316384b71cd02619511f84d34f280188
Instruction ID: 6f96430d58bb3243ca5eeba21dd82bde0700bc030be7782c0debf0a1afb96967
Opcode Fuzzy Hash: 5808a64ef2eab9daea5ae3e877fc6b7c316384b71cd02619511f84d34f280188
Instruction Fuzzy Hash: 2E028E73A0CEC691EA70AB14E4803EEA360FB95754FD10132DA8D47A99DFBCE549CB50

Function 00007FF7122C2FC0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 353COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140 ref: 00007FF7122C33B5
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?), ref: 00007FF7122C3451
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?), ref: 00007FF7122C3482

Strings

cannot use key() for non-object iterators, xrefs: 00007FF7122C3380
build-date, xrefs: 00007FF7122C32AA
Invalid manifest data., xrefs: 00007FF7122C3358

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@?gptr@?$basic_streambuf@ExceptionThrow
String ID: Invalid manifest data.$build-date$cannot use key() for non-object iterators
API String ID: 3621651863-3298265133
Opcode ID: bf94b36126031f64accc6b0b461f4611051aa4008d56eb39a175f85407e2ac9f
Instruction ID: d9ca8490d49a3702332014052f75a76129e04a15fa098f06eeb95fa0bdf73543
Opcode Fuzzy Hash: bf94b36126031f64accc6b0b461f4611051aa4008d56eb39a175f85407e2ac9f
Instruction Fuzzy Hash: 98E1D622E18FC285EB11EF24D8012BDA3A0FF557A8F955531DE4D03665DFB8E6A8C350

Function 00007FF71229E0C0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 259COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E277
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E2C8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E310
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E357
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E3AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E3EA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E462

Strings

at byte , xrefs: 00007FF71229E18C
parse error, xrefs: 00007FF71229E231
parse_error, xrefs: 00007FF71229E1F0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy
String ID: at byte $parse error$parse_error
API String ID: 3063020102-616852484
Opcode ID: e1bb83677298a8d6269429520c1feaaadfc9e5b9a78e7139d53f3e8f64586d68
Instruction ID: b5ca94b557050174bc3366fab302dc70f5e47720ccf3e510df50b262746a9a69
Opcode Fuzzy Hash: e1bb83677298a8d6269429520c1feaaadfc9e5b9a78e7139d53f3e8f64586d68
Instruction Fuzzy Hash: FAB1B672E04F5585EF00EB69E4403BDA360EB457B4FA05232EA6D16AD9DEBCE4C8C314

Function 00007FF712296BB0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 374COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122D94B0: CreateMutexW.KERNEL32 ref: 00007FF7122D9538
Part of subcall function 00007FF7122D94B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D957B

memset.VCRUNTIME140 ref: 00007FF712296DC6

Part of subcall function 00007FF7122D95E0: ReleaseMutex.KERNEL32 ref: 00007FF7122D95F2
Part of subcall function 00007FF7122D95E0: CloseHandle.KERNEL32 ref: 00007FF7122D95FC

Strings

SJ Pulse Updater, xrefs: 00007FF712296EF7
sj-updater-app, xrefs: 00007FF712296BF2

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Mutex$CloseCreateHandleRelease_invalid_parameter_noinfo_noreturnmemset
String ID: SJ Pulse Updater$sj-updater-app
API String ID: 2500592025-1774081351
Opcode ID: e05c7b81ebc699e180c7caa0dbe35e7391e46a1ab421358f74cc591ec9b61956
Instruction ID: c577d483f9ce23a9e3f200339a4b2096682af9ad0f25115ee252968ead312af7
Opcode Fuzzy Hash: e05c7b81ebc699e180c7caa0dbe35e7391e46a1ab421358f74cc591ec9b61956
Instruction Fuzzy Hash: 1FF1B372A08A9681EE34AB15E4403FDE360FB857B0F958235DA9D077D5DEBCE489C710

Function 00007FF71229FBB0 Relevance: 15.2, Strings: 12, Instructions: 158COMMON

Download Yara Rule

Strings

/v1/accounts/1592627/events, xrefs: 00007FF71229FC24
/trace/v1, xrefs: 00007FF71229FE0D
/metric/v1, xrefs: 00007FF71229FD68
metric-api.newrelic.com, xrefs: 00007FF71229FD3B
insights-collector.newrelic.com, xrefs: 00007FF71229FBF8
log-api.newrelic.com, xrefs: 00007FF71229FC96
mt_, xrefs: 00007FF71229FD95
log_, xrefs: 00007FF71229FCF0
/log/v1, xrefs: 00007FF71229FCC3
tr_, xrefs: 00007FF71229FE3A
trace-api.newrelic.com, xrefs: 00007FF71229FDE0
ev_, xrefs: 00007FF71229FC4B

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: /log/v1$/metric/v1$/trace/v1$/v1/accounts/1592627/events$ev_$insights-collector.newrelic.com$log-api.newrelic.com$log_$metric-api.newrelic.com$mt_$tr_$trace-api.newrelic.com
API String ID: 1775671525-618816017
Opcode ID: 133b1d9794050b7147fd66e41572d950952107e0d52bc98ce958453fc4424269
Instruction ID: 3d5441d7b09be05e465e04e50789a56ca6d80a7f987fe324c7ab58a8d1177868
Opcode Fuzzy Hash: 133b1d9794050b7147fd66e41572d950952107e0d52bc98ce958453fc4424269
Instruction Fuzzy Hash: 94818E32924B9281EB14EF34E4402DD7364FB91B4CFB56232DA4C06561EFB9E6DAC354

Function 00007FF7122F08B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF7122F08E0

Part of subcall function 00007FF7123F3D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D88
Part of subcall function 00007FF7123F3D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D97

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F091B

Part of subcall function 00007FF7123F3DAC: MultiByteToWideChar.KERNEL32 ref: 00007FF7123F3DC8
Part of subcall function 00007FF7123F3DAC: GetLastError.KERNEL32 ref: 00007FF7123F3DD6

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F095D
__std_fs_code_page.MSVCPRT ref: 00007FF7122F0979
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F09B4
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F09F6

Part of subcall function 00007FF7122F0550: CoTaskMemFree.OLE32 ref: 00007FF7122F05D2

Part of subcall function 00007FF712295C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295CCB

Strings

SJPulse, xrefs: 00007FF7122F09AB, 00007FF7122F09ED
storage, xrefs: 00007FF7122F0912, 00007FF7122F0954

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$__std_fs_code_page$ApisByteCharErrorFileFreeLastMultiTaskWide___lc_codepage_func_invalid_parameter_noinfo_noreturn
String ID: SJPulse$storage
API String ID: 2936618919-2343843642
Opcode ID: 06fd5b8106a3d149084cf1d3409da65295ec256c758c8b07392851db1740427a
Instruction ID: d9f38d5c2b3c1b9b7656d9b1b3679f6854d2cf1e845a257d6fdf978531848360
Opcode Fuzzy Hash: 06fd5b8106a3d149084cf1d3409da65295ec256c758c8b07392851db1740427a
Instruction Fuzzy Hash: 0F517022B08A529AFF10EFB1E0502EC7372AB54368F811035EE0D67A89EF78D55DC754

Function 00007FF7122F0AD0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF7122F0B1F
GetTempPathW.KERNEL32 ref: 00007FF7122F0B2D
__std_fs_code_page.MSVCPRT ref: 00007FF7122F0B40

Part of subcall function 00007FF7123F3D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D88
Part of subcall function 00007FF7123F3D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D97

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F0B80

Part of subcall function 00007FF7123F3DAC: MultiByteToWideChar.KERNEL32 ref: 00007FF7123F3DC8
Part of subcall function 00007FF7123F3DAC: GetLastError.KERNEL32 ref: 00007FF7123F3DD6

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122F0BC6

Part of subcall function 00007FF71229BAF0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF71229C44F), ref: 00007FF71229BB2E

Part of subcall function 00007FF712295C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295CCB

Strings

v, xrefs: 00007FF7122F0C1F
SJPulse, xrefs: 00007FF7122F0B77, 00007FF7122F0BBD

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$ApisByteCharErrorFileLastMultiPathTempWide___lc_codepage_func__std_fs_code_page_invalid_parameter_noinfo_noreturnmemcpymemset
String ID: SJPulse$v
API String ID: 1916485501-1315662759
Opcode ID: ec4092f75762cadf11d1b50804423080506222c325646bd57f91ff5faec54b9c
Instruction ID: 14e1f4dc09015a9aa907a0cfd965b68bb1d22764fcc9360d03d4bb66cae6f58b
Opcode Fuzzy Hash: ec4092f75762cadf11d1b50804423080506222c325646bd57f91ff5faec54b9c
Instruction Fuzzy Hash: F741B532728B8182EB10EB61E4906EEB3A1FB84794F911136FE4D47A59DFBCD548CB10

Function 00007FF7122D8A90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF7122D8AE4
GetLastError.KERNEL32 ref: 00007FF7122D8AEE

Part of subcall function 00007FF7122D7680: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122D76C8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D8B88

Strings

Failed to start service ctrl dispatcher: {0}, xrefs: 00007FF7122D8B35
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp, xrefs: 00007FF7122D8B06
void __cdecl sj::WindowsService::run(void) const, xrefs: 00007FF7122D8B20

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@CtrlDispatcherErrorLastServiceStartVlogger@1@_invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp$Failed to start service ctrl dispatcher: {0}$void __cdecl sj::WindowsService::run(void) const
API String ID: 2901174767-2512971099
Opcode ID: 81e80174668aae78527a3d22d533a357a23e2f2fcf62dd5596daffd3cd5e445f
Instruction ID: 029029108ebcf92003451c8a73accd57a5a5dd0f167da6e58223bb4ca9038dd6
Opcode Fuzzy Hash: 81e80174668aae78527a3d22d533a357a23e2f2fcf62dd5596daffd3cd5e445f
Instruction Fuzzy Hash: 00313972B04F4699EB00EFB4E4413EC73B1EB04768F810136DA1D56A98EEB8D559C354

Function 00007FF7122F0650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF7122F06CB

Part of subcall function 00007FF7123F3D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D88
Part of subcall function 00007FF7123F3D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D97

__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122F0712

Part of subcall function 00007FF7123F3DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF7123F3E4F

__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122F0750

Part of subcall function 00007FF7123F3DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF7123F3E99
Part of subcall function 00007FF7123F3DF4: GetLastError.KERNEL32 ref: 00007FF7123F3EA7
Part of subcall function 00007FF7123F3DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF7123F3EDB
Part of subcall function 00007FF7123F3DF4: GetLastError.KERNEL32 ref: 00007FF7123F3EE9

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F07D2

Strings

Program Files\SJPulse, xrefs: 00007FF7122F06A6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast__std_fs_convert_wide_to_narrow$ApisFile___lc_codepage_func__std_fs_code_page_invalid_parameter_noinfo_noreturn
String ID: Program Files\SJPulse
API String ID: 2473933964-791770671
Opcode ID: ec1cbfb5e7155b761f2957f70375c2f8ed7b9e446a03c9bc84e2528982641ce3
Instruction ID: 5cffb7104c7baf685ad7bc82764c924337b8af196247379fd013d0656c4aabb8
Opcode Fuzzy Hash: ec1cbfb5e7155b761f2957f70375c2f8ed7b9e446a03c9bc84e2528982641ce3
Instruction Fuzzy Hash: 0851C322F18B418AFB10EF71E4402EDA361EB447A8F814136EE4D57B9ADEB8D549C350

Function 00007FF7122D7090 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,00000010,00007FF7122D71BD), ref: 00007FF7122D7099
HeapFree.KERNEL32(?,?,?,?,?,?,00000010,00007FF7122D71BD), ref: 00007FF7122D70A7

Part of subcall function 00007FF71229F340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF71229F383
Part of subcall function 00007FF71229F340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF71229F3D4

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp, xrefs: 00007FF7122D70B1
HeapFree failed, xrefs: 00007FF7122D70C5
void __cdecl sj::HeapFreer<struct _TOKEN_GROUPS>::operator ()(struct _TOKEN_GROUPS *) const, xrefs: 00007FF7122D70CC

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Heap$?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@FreeProcessUsource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp$HeapFree failed$void __cdecl sj::HeapFreer<struct _TOKEN_GROUPS>::operator ()(struct _TOKEN_GROUPS *) const
API String ID: 264169876-2394565865
Opcode ID: b4abf7fdec0333eec11a5c3edec9a55713945de45ee1d64f3298563f01cbc374
Instruction ID: 80f161c0528f08432f18bf275740aaa425e0b0afeb36ddc1e7a51d644ac7f76b
Opcode Fuzzy Hash: b4abf7fdec0333eec11a5c3edec9a55713945de45ee1d64f3298563f01cbc374
Instruction Fuzzy Hash: 94F05EB1A08F4682EB10AB61F8401AAB7A5FB48794F804139D94D06754EFBCE95CCB14

Function 00007FF7122B9660 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7122B0B59), ref: 00007FF7122B969A
LeaveCriticalSection.KERNEL32 ref: 00007FF7122B96AC
?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?), ref: 00007FF7122B991B

Strings

list too long, xrefs: 00007FF7122B9914

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$EnterLeaveXlength_error@std@@
String ID: list too long
API String ID: 3990814652-1124181908
Opcode ID: 3a53aae53e96b35a42094127b1d1e6d248f443c8fde39c4225935923ae6dc37d
Instruction ID: cbd2a70c97126e0eab01bc83d7498c5453cfc6aefd903698082169e75faf9e60
Opcode Fuzzy Hash: 3a53aae53e96b35a42094127b1d1e6d248f443c8fde39c4225935923ae6dc37d
Instruction Fuzzy Hash: 35818972B09F8581DA509F16E4406ADB3A4FB8DBD0B998536DF8D43B14DFB8D594C700

Function 00007FF7122B2F50 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF7122B30DF

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: 0ad60d682bba5a9e06aa07f50460c350072084a4257af08732143d6141a39fee
Instruction ID: 90fd5408a21d80199db10937f77e2d161986e7a60730c52ec9171fa90d1c159e
Opcode Fuzzy Hash: 0ad60d682bba5a9e06aa07f50460c350072084a4257af08732143d6141a39fee
Instruction Fuzzy Hash: 3AC1F462F18E5285EF10AB65D4402BCB3A0FB08BB4F954635DE5D17B98DFB8E689C310

Function 00007FF7122DB290 Relevance: 6.2, APIs: 4, Instructions: 233COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122F2AA0: memset.VCRUNTIME140 ref: 00007FF7122F2AD6
Part of subcall function 00007FF7122F2AA0: GetModuleFileNameW.KERNEL32 ref: 00007FF7122F2AE8

__std_fs_code_page.MSVCPRT ref: 00007FF7122DB472
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122DB4BB
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7122DB4F9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DB54C

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$FileModuleName__std_fs_code_page_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3045111054-0
Opcode ID: 3d3263bf0a1bdd566309f4b635d96eeace538a89510e601551dfb62fb518ffaf
Instruction ID: 38d5fee851ef892c20edf2beca018917d8316fa72145b442966640270afa9e1b
Opcode Fuzzy Hash: 3d3263bf0a1bdd566309f4b635d96eeace538a89510e601551dfb62fb518ffaf
Instruction Fuzzy Hash: 36912233F14A4682EF10AB65D4602BDA3A1FB54BA8F950136DF4D07A95EFBCE489C310

Function 00007FF7123F5DFC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7123F5E28
GetCurrentThreadId.KERNEL32 ref: 00007FF7123F5E36
GetCurrentProcessId.KERNEL32 ref: 00007FF7123F5E42
QueryPerformanceCounter.KERNEL32 ref: 00007FF7123F5E52

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 8fed4d3f3244356f4136f1ac9bef5449a1b3de035f590590b182b6f9e230f044
Instruction ID: bfeb9da4ed76b048d90d4e65a91263f26f4d315a7af8f58ad6b50aeab3a6f8d7
Opcode Fuzzy Hash: 8fed4d3f3244356f4136f1ac9bef5449a1b3de035f590590b182b6f9e230f044
Instruction Fuzzy Hash: CF112122B14F0189EB00DF60E8542B873A4F719768F840E35DE6D467A4DF7CD5A8C794

Function 00007FF7122B7210 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 197networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122AADF0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7122AC8B2), ref: 00007FF7122AAE0D

WSARecv.WS2_32 ref: 00007FF7122B7286
#111.WS2_32 ref: 00007FF7122B728E

Strings

M', xrefs: 00007FF7122B73EB

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: #111ExceptionRecvThrow
String ID: M'
API String ID: 1484990150-2701432540
Opcode ID: b2eebd1c0802e380f49fa7e4d5ff1498160064a6d7fa5bf25ec96f3ad61369d8
Instruction ID: 232b0e6e2ff27767661385b641ce2e3af15310b6306df73968f967ac548c3a95
Opcode Fuzzy Hash: b2eebd1c0802e380f49fa7e4d5ff1498160064a6d7fa5bf25ec96f3ad61369d8
Instruction Fuzzy Hash: F471FF73F28B1586EB149F24E84117CA2B0BB89B98B944135DE4D5B794DFBCE649C320

Function 00007FF7123F3C4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF71229A605), ref: 00007FF7123F3C72
FormatMessageA.KERNEL32 ref: 00007FF7123F3CA5

Strings

!x-sys-default-locale, xrefs: 00007FF7123F3C65

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: b3c7ed0d1dc5e6ebf051b7fa824190b1d4c5cba51badac68dbfcad8a1f9c8fbb
Instruction ID: 2fa891c7bbbe424f6d9638b8bc32a19b17ca40f508d7e4431230e76f6ae9e192
Opcode Fuzzy Hash: b3c7ed0d1dc5e6ebf051b7fa824190b1d4c5cba51badac68dbfcad8a1f9c8fbb
Instruction Fuzzy Hash: 4A01C871B08B8182EB119B12F44077AE761F784794F844039DA4906B84CF7CD949C714

Function 00007FF7122A2840 Relevance: 4.9, APIs: 3, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8714c76d784c7c05c6d162f7b152a32a6608948cb25c1d6d2a3984b42777fb7d
Instruction ID: ab4f821cc64ed3fc01f7d032e420191fd6624090cd81fcdaf424d082f3ddaf88
Opcode Fuzzy Hash: 8714c76d784c7c05c6d162f7b152a32a6608948cb25c1d6d2a3984b42777fb7d
Instruction Fuzzy Hash: C5F1D622F18E6285FB609F65D5003BDA3A1EB15BB8F814631DE4D13F89DFB8A499C310

Function 00007FF7122A5B80 Relevance: 4.8, APIs: 3, Instructions: 275COMMON

Download Yara Rule

APIs

?is_printable@detail@v10@fmt@@YA_NI@Z.FMT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7122A5D29
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7122A5D9D
?is_printable@detail@v10@fmt@@YA_NI@Z.FMT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7122A5EF6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?is_printable@detail@v10@fmt@@$memcpy
String ID:
API String ID: 3095726565-0
Opcode ID: 9136bdea6c655776aebb43345595dff126fa0f60d17349c3735a74b0031899ea
Instruction ID: e05f5bbec8a1f82941ea2ba5222192e23f7454309be8014deef89e2527d9e5c0
Opcode Fuzzy Hash: 9136bdea6c655776aebb43345595dff126fa0f60d17349c3735a74b0031899ea
Instruction Fuzzy Hash: 70B10333F14E908AEB509F2894053AD77A1FB48798F411235ED9DA3B84DB7CD829C790

Function 00007FF7122F79A0 Relevance: 2.7, Strings: 2, Instructions: 223COMMON

Download Yara Rule

Strings

UUUUUUUU, xrefs: 00007FF7122F7C4D
33333333, xrefs: 00007FF7122F7C5D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID: 33333333$UUUUUUUU
API String ID: 0-3483174168
Opcode ID: 27f0893e217e5b3ae2ec05280bac29d6909faee5ddd65d5463d85504c7ee1bcb
Instruction ID: d8a40dcec0bfdded18b4f64ead00a13f174e40fcf7cc69c1d52ab9a59b460cf7
Opcode Fuzzy Hash: 27f0893e217e5b3ae2ec05280bac29d6909faee5ddd65d5463d85504c7ee1bcb
Instruction Fuzzy Hash: 2681F733B15A4487EB48CB2AD91166DB3A2F7997A0F95C139DB4E83B84DE3DD505C700

Function 00007FF712308F60 Relevance: 1.5, APIs: 1, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF712309142

Part of subcall function 00007FF7123076B0: _Cnd_init_in_situ.MSVCP140(?,?,FFFFFFFF,00007FF712309154), ref: 00007FF7123076DF
Part of subcall function 00007FF7123076B0: _Mtx_init_in_situ.MSVCP140(?,?,FFFFFFFF,00007FF712309154), ref: 00007FF71230770A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Cnd_init_in_situMtx_init_in_situmallocmemset
String ID:
API String ID: 97985721-0
Opcode ID: fcbbd3fc3f1c9cf7c195226d8fc62e310fd86aaf680aab35ff5a2d53029849c9
Instruction ID: 621474bc3a0f8f8ea35622f51e890b92815706e9b61db67b429134e145884765
Opcode Fuzzy Hash: fcbbd3fc3f1c9cf7c195226d8fc62e310fd86aaf680aab35ff5a2d53029849c9
Instruction Fuzzy Hash: CD91AC32B05F418AEB509F66D8402ADB3B4FB88B68F48813ACE4D57754DF78D84AC364

Function 00007FF7123B6970 Relevance: .4, Instructions: 414COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: 76de1d1478927bc2e13a5d8bb29c382a246fa128169649abbf255f33824d9df5
Instruction ID: 61a3e97e13a171be6ebbe59f8c6240b6a14e3b609c80f4043614293aace55bfd
Opcode Fuzzy Hash: 76de1d1478927bc2e13a5d8bb29c382a246fa128169649abbf255f33824d9df5
Instruction Fuzzy Hash: 94027832B09F4589EB00DF65E4802AD73B0FB88B98F94412AEE4D57B68DF78D599C740

Function 00007FF7122F8030 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cc187e2938dcf951286eca84652d17b2269761e1e564f2e39c3ff6fb2937fb1
Instruction ID: a8e5a0d5633c205c80c4b4a295c6933a4476df24f5b78e52c9b4b86a51bc6426
Opcode Fuzzy Hash: 8cc187e2938dcf951286eca84652d17b2269761e1e564f2e39c3ff6fb2937fb1
Instruction Fuzzy Hash: 8351F533B11A5487E748CF2AC865A6DB7E2F3D8750F86C238DB1983794DE399906CB00

Function 00007FF7122F7CF0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcf0e7f388db4cbd039e4dfbfb7130d1790e8e195d59edd4a85268d150678e00
Instruction ID: c86139d7a6ced5be0eb76cd68c951f4b9770fd2f7f78cb96c5e0bc7f18dd0a25
Opcode Fuzzy Hash: bcf0e7f388db4cbd039e4dfbfb7130d1790e8e195d59edd4a85268d150678e00
Instruction Fuzzy Hash: E541B63371158487E78CCF3AC8659AE73A2F7DC344F85C239EA1A87389DA359905CB40

Function 00007FF7122F7EA0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50549f03aacc7cfb11e83456d0676adf1d5ab45dee3c00e89fed66d0e5a7704e
Instruction ID: 9375a47461431db868a2f390db5dfbe4503cec280f7b9e5d932eeaca9a72de97
Opcode Fuzzy Hash: 50549f03aacc7cfb11e83456d0676adf1d5ab45dee3c00e89fed66d0e5a7704e
Instruction Fuzzy Hash: B441733371555487E78CCF2AC825AAD73A2F398304F86C23DEA0AC7389DE399905CB40

Function 00007FF7122C36F0 Relevance: 51.1, APIs: 18, Strings: 11, Instructions: 390COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,?,?,00000000,?,?,00007FF7122BAE6D), ref: 00007FF7122C373A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,00007FF7122BAE6D), ref: 00007FF7122C374F
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,?,?,?,?,00000000,?,?,00007FF7122BAE6D), ref: 00007FF7122C376E
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,00007FF7122BAE6D), ref: 00007FF7122C37A2

Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF712293413
Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF712293428
Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF71229343D
Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293460
Part of subcall function 00007FF7122933D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF71229347F
Part of subcall function 00007FF7122933D0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293493
Part of subcall function 00007FF7122933D0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7122934A6
Part of subcall function 00007FF7122933D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122934B6
Part of subcall function 00007FF7122933D0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122935CE
Part of subcall function 00007FF7122933D0: ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122935D5
Part of subcall function 00007FF7122933D0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122935E1
Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122935F3

Part of subcall function 00007FF7122BEEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BEF25
Part of subcall function 00007FF7122BEEF0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122BEF44
Part of subcall function 00007FF7122BEEF0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BEF58
Part of subcall function 00007FF7122BEEF0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7122BEF6B
Part of subcall function 00007FF7122BEEF0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122BEF7B
Part of subcall function 00007FF7122BEEF0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BEF9B
Part of subcall function 00007FF7122BEEF0: ?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF7122BEFCA
Part of subcall function 00007FF7122BEEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BEFF7
Part of subcall function 00007FF7122BEEF0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7122BF00A
Part of subcall function 00007FF7122BEEF0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BF016
Part of subcall function 00007FF7122BEEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF03C
Part of subcall function 00007FF7122BEEF0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BF049

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z.MSVCP140 ref: 00007FF7122C39CB

Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF71229353D
Part of subcall function 00007FF7122933D0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF71229354C
Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293566
Part of subcall function 00007FF7122933D0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF712293579
Part of subcall function 00007FF7122933D0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF712293585

Part of subcall function 00007FF7122BEEF0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BEFB6
Part of subcall function 00007FF7122BEEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF073
Part of subcall function 00007FF7122BEEF0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7122BF086
Part of subcall function 00007FF7122BEEF0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BF092
Part of subcall function 00007FF7122BEEF0: ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF7122BF0CA
Part of subcall function 00007FF7122BEEF0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122BF0DF
Part of subcall function 00007FF7122BEEF0: ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122BF0E6
Part of subcall function 00007FF7122BEEF0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122BF0F2
Part of subcall function 00007FF7122BEEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF103

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z.MSVCP140 ref: 00007FF7122C3A04
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z.MSVCP140 ref: 00007FF7122C3A2E

Part of subcall function 00007FF7122F78F0: ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122F797F

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C1A
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C2A
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C38
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C52
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122C3C5A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122C3C61
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C75
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C85
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C3C93
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122C3CF1
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122C3CFB

Part of subcall function 00007FF7122933D0: ?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF7122934DC
Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122934FF
Part of subcall function 00007FF7122933D0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF712293512
Part of subcall function 00007FF7122933D0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF71229351E
Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF7122935A8

Strings

name: , xrefs: 00007FF7122C38D2
sha256: , xrefs: 00007FF7122C3AFD
url: , xrefs: 00007FF7122C390A
max: , xrefs: 00007FF7122C3A14
build-date: , xrefs: 00007FF7122C37C3
version: , xrefs: 00007FF7122C384B
url: , xrefs: 00007FF7122C3AC5
stage , xrefs: 00007FF7122C39B4
sha256: , xrefs: 00007FF7122C3942
min: , xrefs: 00007FF7122C39EA
version: , xrefs: 00007FF7122C3A3E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$V?$basic_streambuf@$?rdbuf@?$basic_ios@$?width@ios_base@std@@$?sputc@?$basic_streambuf@$?fill@?$basic_ios@?good@ios_base@std@@$??6?$basic_ostream@$?flags@ios_base@std@@?flush@?$basic_ostream@?pptr@?$basic_streambuf@?setstate@?$basic_ios@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V01@V12@V?$basic_ostream@_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@?sputn@?$basic_streambuf@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@std@@@1@_D@v10@fmt@@@12@@V01@_V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@memset
String ID: max: $ min: $ sha256: $ url: $ version: $ name: $ sha256: $ stage $ url: $ version: $build-date:
API String ID: 787992713-1789690344
Opcode ID: 11c2f6d155028b4d349ce13c0ef6e2376e2f68db1fee7bbef08c495a7c9fdd00
Instruction ID: 21d0def00de5272f66b133d39d148c1d7e02e3dae5cb0c5be98f35f22de21ff0
Opcode Fuzzy Hash: 11c2f6d155028b4d349ce13c0ef6e2376e2f68db1fee7bbef08c495a7c9fdd00
Instruction Fuzzy Hash: 3002A132B18F4691EA00EB15E4542ADA362FB84BA4FC15036DA4E077A5DFBCE59DC390

Function 00007FF712292000 Relevance: 49.8, APIs: 9, Strings: 24, Instructions: 345COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF0
Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF6

memmove.VCRUNTIME140 ref: 00007FF7122920D6
memmove.VCRUNTIME140 ref: 00007FF71229214C
memmove.VCRUNTIME140 ref: 00007FF7122921C2
memmove.VCRUNTIME140 ref: 00007FF712292238
memmove.VCRUNTIME140 ref: 00007FF7122922C1
memmove.VCRUNTIME140 ref: 00007FF71229233C
memmove.VCRUNTIME140 ref: 00007FF7122923B2
memmove.VCRUNTIME140 ref: 00007FF712292428
memmove.VCRUNTIME140 ref: 00007FF71229249E

Part of subcall function 00007FF7123C3C20: memmove.VCRUNTIME140(00000000,Opera/,OPR/,00007FF7122924F9), ref: 00007FF7123C3CC8

Part of subcall function 00007FF7123C3C20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Opera/,OPR/,00007FF7122924F9), ref: 00007FF7123C3C99
Part of subcall function 00007FF7123C3C20: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123C3CEB

Part of subcall function 00007FF7123C3C20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF7122924F9), ref: 00007FF7123C3D57

Part of subcall function 00007FF7123C3C20: memchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7122924F9), ref: 00007FF7123C3E02

Strings

Safari/, xrefs: 00007FF712292747
Chromium/, xrefs: 00007FF712292670
SeaMonkey/, xrefs: 00007FF712292511
Edg/, xrefs: 00007FF7122920FA
chrome/, xrefs: 00007FF7122926F8
; MSIE , xrefs: 00007FF7122925D5
Firefox/, xrefs: 00007FF712292621
Slack/, xrefs: 00007FF712292084
PaleMoon/, xrefs: 00007FF7122924C2
Avast/, xrefs: 00007FF7122923D6
Chrome/, xrefs: 00007FF7122926BF
Edge/, xrefs: 00007FF712292560
Trident/7.0; rv:, xrefs: 00007FF7122925AF
Vivaldi/, xrefs: 00007FF712292170
YaBrowser/, xrefs: 00007FF7122921E6
Waterfox/, xrefs: 00007FF71229244C
Version/, xrefs: 00007FF71229277E
Opera/, xrefs: 00007FF71229226F
OPR/, xrefs: 00007FF71229225C
AVG/, xrefs: 00007FF712292360
Trident/7.0; Touch; rv:, xrefs: 00007FF7122925C2
Chrome WIN , xrefs: 00007FF7122926D2
Chrome Mobile/, xrefs: 00007FF7122926E5
; Zoom , xrefs: 00007FF71229201A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn$mallocmemchr
String ID: ; MSIE $; Zoom $AVG/$Avast/$Chrome Mobile/$Chrome WIN $Chrome/$Chromium/$Edg/$Edge/$Firefox/$OPR/$Opera/$PaleMoon/$Safari/$SeaMonkey/$Slack/$Trident/7.0; Touch; rv:$Trident/7.0; rv:$Version/$Vivaldi/$Waterfox/$YaBrowser/$chrome/
API String ID: 459239740-828318033
Opcode ID: ec8dd49c3cb23b746d209448ef74dd82ecb00fd3e3f60b46937e1f6a92fa1598
Instruction ID: ade045e55d2465dc31b7b77ffdfa3a07e8dc07f4fbcda0c9ecbd63632011b979
Opcode Fuzzy Hash: ec8dd49c3cb23b746d209448ef74dd82ecb00fd3e3f60b46937e1f6a92fa1598
Instruction Fuzzy Hash: 4232CBB5A09F0299EB10EF60F8803A873A6FB05714F914539DD4C12B64DFBCA96DD368

Function 00007FF7122D8CD0 Relevance: 36.2, APIs: 24, Instructions: 212COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8D13
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8D28
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8D3D
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8D60
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8D7F
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8D93
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8DA6
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8DB6
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8DE1

Part of subcall function 00007FF7122D93A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D93CD
Part of subcall function 00007FF7122D93A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D93E7
Part of subcall function 00007FF7122D93A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D9419
Part of subcall function 00007FF7122D93A0: ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D9443
Part of subcall function 00007FF7122D93A0: std::_Facet_Register.LIBCPMT ref: 00007FF7122D945C
Part of subcall function 00007FF7122D93A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D947B

?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8E28
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8E4F
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8E62
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8E6E
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8E9D
?widen@?$ctype@_W@std@@QEBA_WD@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8EB3
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8EBF
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8F71
?uncaught_exceptions@std@@YAHXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8F78
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8F84
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D8F95

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@_$W@std@@@std@@$W@std@@@2@$?rdbuf@?$basic_ios@_V?$basic_streambuf@_$?width@ios_base@std@@$?good@ios_base@std@@?sputc@?$basic_streambuf@_Lockit@std@@W@std@@$??0_??1_?fill@?$basic_ios@_?flags@ios_base@std@@?flush@?$basic_ostream@_?getloc@ios_base@std@@?setstate@?$basic_ios@_?tie@?$basic_ios@_?uncaught_exceptions@std@@?widen@?$ctype@_Bid@locale@std@@Facet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@Osfx@?$basic_ostream@_RegisterV12@V42@@V?$basic_ostream@_Vfacet@locale@2@Vlocale@2@std::_
String ID:
API String ID: 1033123739-0
Opcode ID: 6b0e4152cc2fd2e4f22db60a8f152c2f58493f218a1e09097067f1199f1bf8b2
Instruction ID: 41e24330d254041845c8f4b1c9ddc941b1205433d1c2d22bcd34df23d08b287f
Opcode Fuzzy Hash: 6b0e4152cc2fd2e4f22db60a8f152c2f58493f218a1e09097067f1199f1bf8b2
Instruction Fuzzy Hash: 29816232A09E45C2EE24AF29E45027DA760FF95F66B858431DE4E43391CFBCD45AC319

Function 00007FF7122A5210 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 203COMMON

Download Yara Rule

APIs

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122A524C
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7122A5275
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140 ref: 00007FF7122A5293
??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF7122A52C5
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF7122A52DE
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF7122A5310
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF7122A5338
std::_Facet_Register.LIBCPMT ref: 00007FF7122A5353
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122A5378
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122A539B
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF7122A53D8
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122A53E8
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7122A53F3
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122A5446
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122A547C
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122A5482
__std_type_info_compare.VCRUNTIME140 ref: 00007FF7122A54BE
__std_type_info_compare.VCRUNTIME140 ref: 00007FF7122A54E7

Strings

, xrefs: 00007FF7122A53C4
failed to format time, xrefs: 00007FF7122A542E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$V?$ostreambuf_iterator@$D@std@@@2@D@std@@@std@@@std@@Lockit@std@@V?$basic_streambuf@__std_type_info_compare$??0?$basic_ostream@??0?$basic_streambuf@??0_??1?$basic_streambuf@??1_?imbue@?$basic_ios@?put@?$time_put@?rdbuf@?$basic_ios@Bid@locale@std@@Concurrency::cancel_current_taskD?$basic_ostream@D@std@@@1@_ExceptionFacet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterThrowUtm@@V32@V32@@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@__std_exception_copystd::_
String ID: $failed to format time
API String ID: 3613435534-707504293
Opcode ID: 5872e052457b76f7af2ea9bb7810bf92585d8615843d1f99645e02d90cf4c27c
Instruction ID: aeaedefb86514edf8de591c43b7a1f3bf4368ddb10d04d370e75142f09e864c5
Opcode Fuzzy Hash: 5872e052457b76f7af2ea9bb7810bf92585d8615843d1f99645e02d90cf4c27c
Instruction Fuzzy Hash: 14919122A08F8285EB10EF65E8402ADB770FB84BA8F945135DE4D57B68DFB8D499C710

Function 00007FF7122C9FF0 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 378COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF7122CADAC
__std_exception_destroy.VCRUNTIME140 ref: 00007FF7122CADB9

Strings

invalid value to unflatten, xrefs: 00007FF7122CB1C1
only objects can be unflattened, xrefs: 00007FF7122CB1FA
value, xrefs: 00007FF7122CACFA
values in object must be primitive, xrefs: 00007FF7122CB187

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_destroy
String ID: invalid value to unflatten$only objects can be unflattened$value$values in object must be primitive
API String ID: 2453523683-2275083263
Opcode ID: 5bfb4d67e0a611824dd98c5c233383c50d52d4e84830eb195c7c192544ae60e9
Instruction ID: c092ee98e469f9d5e794e7db73de37a4db1e5fa00a89f6813188be236236207f
Opcode Fuzzy Hash: 5bfb4d67e0a611824dd98c5c233383c50d52d4e84830eb195c7c192544ae60e9
Instruction Fuzzy Hash: 84F1C063A18E4296EB00EB24D8416EDB761FB857A8FC14032DE4C076AADFBCE55DC710

Function 00007FF7123A80D0 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 255COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122A65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A82B8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A8309
sentry_options_set_dsn.SENTRY ref: 00007FF7123A833D
sentry_options_set_environment.SENTRY ref: 00007FF7123A8351
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7123A83B9
sentry_options_set_release.SENTRY ref: 00007FF7123A83D4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A840C
sentry_set_tag.SENTRY ref: 00007FF7123A8461
sentry_init.SENTRY ref: 00007FF7123A846E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A84AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A84FA

Strings

bool __cdecl sj::CrashHandler::Impl::startHandler(void) const, xrefs: 00007FF7123A810C
Crash report server url: {}, xrefs: 00007FF7123A8117
sj-pulse-desktop@{}.{}, xrefs: 00007FF7123A8397
production, xrefs: 00007FF7123A8343
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp, xrefs: 00007FF7123A8101
2.4.5, xrefs: 00007FF7123A8357
component, xrefs: 00007FF7123A845A
https://, xrefs: 00007FF7123A8193

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@Vlogger@1@sentry_initsentry_options_set_dsnsentry_options_set_environmentsentry_options_set_releasesentry_set_tag
String ID: 2.4.5$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp$Crash report server url: {}$bool __cdecl sj::CrashHandler::Impl::startHandler(void) const$component$https://$production$sj-pulse-desktop@{}.{}
API String ID: 1656940413-327567173
Opcode ID: f4d1e718385f3609cd8eadf85b1453691ad4417f352f658fd2118d96c764975d
Instruction ID: 5e5dc79e005c940a87d1108a14ae3881ee08269158f74a5bc335255151c99356
Opcode Fuzzy Hash: f4d1e718385f3609cd8eadf85b1453691ad4417f352f658fd2118d96c764975d
Instruction Fuzzy Hash: A8D19472E18F8585EB00DF64E4403ADB361FB957A8F904335EA9C12A99DFBCE588C350

Function 00007FF7123A8650 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 223COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF7123A8716
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123A872B
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7123A874A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123A877E
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7123A87B0

Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF712293413
Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF712293428
Part of subcall function 00007FF7122933D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF71229343D
Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293460
Part of subcall function 00007FF7122933D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF71229347F
Part of subcall function 00007FF7122933D0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293493
Part of subcall function 00007FF7122933D0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7122934A6
Part of subcall function 00007FF7122933D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122934B6
Part of subcall function 00007FF7122933D0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122935CE
Part of subcall function 00007FF7122933D0: ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122935D5
Part of subcall function 00007FF7122933D0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122935E1
Part of subcall function 00007FF7122933D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122935F3

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7123A87DA
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z.MSVCP140 ref: 00007FF7123A8804
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z.MSVCP140 ref: 00007FF7123A882B
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A8876
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A8886
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A8894
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A88A6
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A88CA
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A88DA
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7123A88E8
memmove.VCRUNTIME140 ref: 00007FF7123A8925
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7123A898F
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7123A8999

Strings

ms , xrefs: 00007FF7123A8834

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@$?width@ios_base@std@@D@std@@@2@V?$basic_streambuf@$?good@ios_base@std@@?pptr@?$basic_streambuf@?rdbuf@?$basic_ios@V01@V01@_$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?flush@?$basic_ostream@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@?setstate@?$basic_ios@?tie@?$basic_ios@?uncaught_exceptions@std@@D@std@@@1@_Osfx@?$basic_ostream@V12@V?$basic_ostream@memmovememset
String ID: ms
API String ID: 604577932-2150796188
Opcode ID: ecf142be0f431ff435b797afdcfa980e3b7ade9beb3a7ca0fb04102a1889cd53
Instruction ID: 920159e547b6d5c50ea84152887b75fafee1e421080d4c0a56256e67cf7db292
Opcode Fuzzy Hash: ecf142be0f431ff435b797afdcfa980e3b7ade9beb3a7ca0fb04102a1889cd53
Instruction Fuzzy Hash: 15A1C762B18F4681EB10EB15E9442A9F3A4FF84BA4F844036DD4D47BA4EFBCE949C714

Function 00007FF7122933D0 Relevance: 33.2, APIs: 22, Instructions: 175COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF712293413
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF712293428
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF71229343D
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293460
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF71229347F
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293493
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7122934A6
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122934B6
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF7122934DC
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122934FF
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF712293512
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF71229351E
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF71229353D
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF71229354C
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF712293566
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF712293579
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF712293585
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF7122935A8
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122935CE
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122935D5
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122935E1
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122935F3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@V?$basic_ostream@
String ID:
API String ID: 3587750849-0
Opcode ID: 86d41b6e66ac56dc3bca40f51ae9683922de4e3717e008307c2ba5f11c721ea3
Instruction ID: 4848bfd18f22e44da9d4c618b8af8f0cd7a98421873457193fbef8524f68a48f
Opcode Fuzzy Hash: 86d41b6e66ac56dc3bca40f51ae9683922de4e3717e008307c2ba5f11c721ea3
Instruction Fuzzy Hash: A1615E22A08E5182EE14AF19E45427CA7A0FF89FA6B969431CE5E43791CF7CD45AC31C

Function 00007FF7122D9140 Relevance: 33.2, APIs: 22, Instructions: 175COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9175
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D918A
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D919F
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D91C2
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D91E1
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D91F5
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9208
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9218
?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D923E
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9263
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9276
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9282
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D92B0
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D92BF
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D92DF
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D92F2
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D92FE
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9325
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D934E
?uncaught_exceptions@std@@YAHXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9355
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9361
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9373

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@_$W@std@@@std@@$W@std@@@2@$?rdbuf@?$basic_ios@_V?$basic_streambuf@_$?width@ios_base@std@@$?fill@?$basic_ios@_?good@ios_base@std@@?sputc@?$basic_streambuf@_$?flags@ios_base@std@@?flush@?$basic_ostream@_?setstate@?$basic_ios@_?sputn@?$basic_streambuf@_?tie@?$basic_ios@_?uncaught_exceptions@std@@Osfx@?$basic_ostream@_V12@V?$basic_ostream@_
String ID:
API String ID: 281413979-0
Opcode ID: e8759c1eb04dc2f0a11a66c07528cfe179e871d1d46fa33d60e9c8dc1c872b7a
Instruction ID: bbfabfbaef2f1bad6e9534fb293e72631bf240322677aa3e129ceead6f6b9768
Opcode Fuzzy Hash: e8759c1eb04dc2f0a11a66c07528cfe179e871d1d46fa33d60e9c8dc1c872b7a
Instruction Fuzzy Hash: 82614C32B09E4582EB14EB15D69437CA7A1FF85BA6B868431DE0E47750CFBCD469C328

Function 00007FF7122BF950 Relevance: 33.2, APIs: 22, Instructions: 173COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BF985
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BF99A
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BF9AF
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF9D2
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122BF9F1
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BFA05
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7122BFA18
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122BFA28
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF7122BFA4E
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BFA6F
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7122BFA82
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BFA8E
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BFAB3
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7122BFAC2
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BFADF
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7122BFAF2
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BFAFE
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF7122BFB21
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122BFB47
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122BFB4E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122BFB5A
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BFB6B

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@V?$basic_ostream@
String ID:
API String ID: 3587750849-0
Opcode ID: 99836083b792d2877106b2611fb5480b2604ff405cf96738ff6342d57824f285
Instruction ID: 41b5d44d1427597893211252b74f7c1ee3e8008ac8f1f1379750d8671b0c79c0
Opcode Fuzzy Hash: 99836083b792d2877106b2611fb5480b2604ff405cf96738ff6342d57824f285
Instruction Fuzzy Hash: 4A613E22A09E0182EA14AB15D69063CA7A0FF89BE2B868431DE1E43760CF7DD569C35C

Function 00007FF7122E4030 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 325COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF7122E4089
memmove.VCRUNTIME140 ref: 00007FF7122E40D6
memmove.VCRUNTIME140 ref: 00007FF7122E4135
memmove.VCRUNTIME140 ref: 00007FF7122E417D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E4403
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E4444
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E4495
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E44E4
memmove.VCRUNTIME140 ref: 00007FF7122E452C
memmove.VCRUNTIME140 ref: 00007FF7122E4583

Strings

%^[%L][%t] %v%$, xrefs: 00007FF7122E40CC, 00007FF7122E40E1
error, xrefs: 00007FF7122E4522, 00007FF7122E4537
trace, xrefs: 00007FF7122E407F, 00007FF7122E4094, 00007FF7122E412B, 00007FF7122E4140, 00007FF7122E4579, 00007FF7122E458E
[%Y-%m-%d %H:%M:%S.%e][%L][%t] %v, xrefs: 00007FF7122E4173, 00007FF7122E4188
.log, xrefs: 00007FF7122E437E
?, xrefs: 00007FF7122E428E
SJPulse, xrefs: 00007FF7122E4201
logs, xrefs: 00007FF7122E41DA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: %^[%L][%t] %v%$$.log$?$SJPulse$[%Y-%m-%d %H:%M:%S.%e][%L][%t] %v$error$logs$trace
API String ID: 2580228974-1472015732
Opcode ID: 54fb716212b9cc615a6e18b4eb35a4668766322d5b71a6ade54b0a1f9a3cecc1
Instruction ID: 1404a3a7d72b8fe105d917ebc77fe87332d489e54b5fe136adf0a8bfa377a47d
Opcode Fuzzy Hash: 54fb716212b9cc615a6e18b4eb35a4668766322d5b71a6ade54b0a1f9a3cecc1
Instruction Fuzzy Hash: F9F1A222B18F8695EF00EB24E4403EDA361FB45764FE14131EA5C17AAADFBCE548D760

Function 00007FF7122BEEF0 Relevance: 31.7, APIs: 21, Instructions: 168COMMON

Download Yara Rule

APIs

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BEF25
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122BEF44
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BEF58
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7122BEF6B
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122BEF7B
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BEF9B
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF7122BEFB6
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF7122BEFCA
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BEFF7
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7122BF00A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BF016
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF03C
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BF049
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF073
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF7122BF086
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7122BF092
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF7122BF0CA
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122BF0DF
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122BF0E6
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122BF0F2
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122BF103

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?sputc@?$basic_streambuf@?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@V?$basic_ostream@
String ID:
API String ID: 2785897995-0
Opcode ID: 35a10d01a611c5bd5d0ee717ef8ed966192d9ce4e80a1c431bd113a925cddf11
Instruction ID: 7148d3987f9433a983334cf673d1026a29668ced8b92f61bc45eca4198633915
Opcode Fuzzy Hash: 35a10d01a611c5bd5d0ee717ef8ed966192d9ce4e80a1c431bd113a925cddf11
Instruction Fuzzy Hash: 2E615122A08E4182EB14AF19D49423CA7A0FF99F66B858835DE4E437A0CF7DD55AC35C

Function 00007FF7122A3060 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 429COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229F471), ref: 00007FF7122A30B3
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229F471), ref: 00007FF7122A30F9
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229F471), ref: 00007FF7122A310B
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229F471), ref: 00007FF7122A318F
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229F471), ref: 00007FF7122A31A2
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229F471), ref: 00007FF7122A31B8
memmove.VCRUNTIME140 ref: 00007FF7122A326B
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122A3339
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A3380
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122A33F4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A343C
memset.VCRUNTIME140 ref: 00007FF7122A351D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A375E

Strings

SJPulse/config, xrefs: 00007FF7122A3448
{}/version-info-{}.json, xrefs: 00007FF7122A3315
{}/desktop-feature-flags.json, xrefs: 00007FF7122A33D0
https://pulse.surveyjunkie.com/downloads, xrefs: 00007FF7122A3261, 00007FF7122A3276

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn$?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@$memcpymemset
String ID: SJPulse/config$https://pulse.surveyjunkie.com/downloads${}/desktop-feature-flags.json${}/version-info-{}.json
API String ID: 3751110976-4015184254
Opcode ID: d4ed5b9d11b68af019ad09edaefeced41fc323d879569b749dd64fd2fdbe8ceb
Instruction ID: 7b2f6a95f4ddddffb0a82c175df4b646f96832707a1f2f101496ec8e802d7828
Opcode Fuzzy Hash: d4ed5b9d11b68af019ad09edaefeced41fc323d879569b749dd64fd2fdbe8ceb
Instruction Fuzzy Hash: C412B562A18F8586DB60EF24E4403EDB360F7447A8F914236DB9D07A95DFBCE689C710

Function 00007FF7122B2200 Relevance: 30.1, APIs: 5, Strings: 12, Instructions: 355COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122AC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122AC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp,?,bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const,00000000,00000000,?,?), ref: 00007FF7122B22E9

Part of subcall function 00007FF7122A6840: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6888

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B23AA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B24A8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B25E8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B277C

Strings

<-- , xrefs: 00007FF7122B2245
bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const, xrefs: 00007FF7122B232D
bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF7122B220A
--> , xrefs: 00007FF7122B2261
Available version: {}., xrefs: 00007FF7122B2338
Unable to locate executable: '{}'. Installation: '{}'. Installed files:'{}'., xrefs: 00007FF7122B241E
checkForUpdate, xrefs: 00007FF7122B2289
Installed version: {}., xrefs: 00007FF7122B2576
E, xrefs: 00007FF7122B243B
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122B220E, 00007FF7122B2322
File '{}' doesn't exists, ec: {}, message: {}, xrefs: 00007FF7122B26F7
-, xrefs: 00007FF7122B2703

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@$memcpy
String ID: -$--> $<-- $Available version: {}.$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$E$File '{}' doesn't exists, ec: {}, message: {}$Installed version: {}.$Unable to locate executable: '{}'. Installation: '{}'. Installed files:'{}'.$bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const$checkForUpdate
API String ID: 4161231769-3821903921
Opcode ID: 5cbd524953b1875fc5b1552a01c578c90f76502cf4f6922e8b1b18ce60f6860f
Instruction ID: f601c68254d1fad4c3f489988fbefd4443f6cdf6db42ae171358cffc03059a8f
Opcode Fuzzy Hash: 5cbd524953b1875fc5b1552a01c578c90f76502cf4f6922e8b1b18ce60f6860f
Instruction Fuzzy Hash: 4AF1C472A18F8586EB10DF24E4402FDB361FB497A8F804235EA9D17A99DFBCD648C750

Function 00007FF7122B9930 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 205synchronizationCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 00007FF7122B996A
GetLastError.KERNEL32 ref: 00007FF7122B998A
CreateEventW.KERNEL32 ref: 00007FF7122B9A2E
GetLastError.KERNEL32 ref: 00007FF7122B9A46
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B9B01
GetLastError.KERNEL32 ref: 00007FF7122B9B14
CloseHandle.KERNEL32 ref: 00007FF7122B9B32
CloseHandle.KERNEL32 ref: 00007FF7122B9B41
WaitForSingleObject.KERNEL32 ref: 00007FF7122B9BC9
CloseHandle.KERNEL32 ref: 00007FF7122B9BD2

Strings

f, xrefs: 00007FF7122B9BA0
L, xrefs: 00007FF7122B99FE
start_thread, xrefs: 00007FF7122B99EC, 00007FF7122B9AAA, 00007FF7122B9B8E
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_thread.ipp, xrefs: 00007FF7122B99D6, 00007FF7122B9A94, 00007FF7122B9B78
thread, xrefs: 00007FF7122B9C00
thread.entry_event, xrefs: 00007FF7122B9C15
thread.exit_event, xrefs: 00007FF7122B9C2A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CloseErrorHandleLast$CreateEvent$ObjectSingleWait_beginthreadex
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_thread.ipp$L$f$start_thread$thread$thread.entry_event$thread.exit_event
API String ID: 1716156957-1523787917
Opcode ID: caf1dd84139e5b5f6fdfdb18573c4bd88b1b281908d4ac21310e3bf83bf38af1
Instruction ID: 1261d2c9116da95fe4b24b529fc87f13012839e168baf31e3daa5e783ca3791e
Opcode Fuzzy Hash: caf1dd84139e5b5f6fdfdb18573c4bd88b1b281908d4ac21310e3bf83bf38af1
Instruction Fuzzy Hash: 0B817D72F04F1286EB10EFA1E8401ADB3A5BB487A8F91413ACE0D17B54DFBC9599C754

Function 00007FF7122AA070 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 308COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA2A8
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA2D7
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA2FB
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA32A
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA34E
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA37D
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA39E
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA3CB
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA3EC
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA419
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA43A
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA467

Strings

invalid format, xrefs: 00007FF7122AA0CC

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow__std_exception_copy
String ID: invalid format
API String ID: 1552479455-2457281804
Opcode ID: 1ed3a25da62c24963a70387f67729c91579b3bc1412c13f3acd93afde6216ae9
Instruction ID: b20afbaab8e3e361a3d3df6efa1823b9ae1a5a276f160118524d85de2685526a
Opcode Fuzzy Hash: 1ed3a25da62c24963a70387f67729c91579b3bc1412c13f3acd93afde6216ae9
Instruction Fuzzy Hash: 9CD19333508B828BD711DF34E4501EDBBB0F785768FD54122E68C8295AEBBCD59ACB11

Function 00007FF7122BBF10 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 363COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC016
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC02B
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC03B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC06F
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC079
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC089
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF7122FD4C5,?,?,?,?,?,?), ref: 00007FF7122BC099
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122BC0CB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,No file at: ,?,0000000100000000), ref: 00007FF7122BC161
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122BC1F5

Strings

, xrefs: 00007FF7122BC365
sj-restarter.exe, xrefs: 00007FF7122BC243
../sj-restarter/sj-restarter.exe, xrefs: 00007FF7122BC359
No file at: , xrefs: 00007FF7122BBF15

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: $../sj-restarter/sj-restarter.exe$No file at: $sj-restarter.exe
API String ID: 1775671525-437993709
Opcode ID: 7dbbf149357202865e718c6c9adb1ae73d256902cc9beaa6f5251a831621d738
Instruction ID: 416625ee4a1ed6724dfad27810da5529e2787d5e802eae86010c52c41599cc47
Opcode Fuzzy Hash: 7dbbf149357202865e718c6c9adb1ae73d256902cc9beaa6f5251a831621d738
Instruction Fuzzy Hash: 68D1E132B18E4285EB10EF25E4402ADA360FB487A4FD54235EE9D57B99DFBCDA49C310

Function 00007FF7122AA1BF Relevance: 24.3, APIs: 16, Instructions: 265COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA209
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA236
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA257
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA284
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA2A8
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA2D7
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA2FB
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA32A
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA34E
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA37D
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA39E
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA43A
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA467

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_copy$ExceptionThrow
String ID:
API String ID: 391329204-0
Opcode ID: 37d4b645b299dcea29c621e6c49a24da9f3452e5f79a15079197bfef2cf3d48e
Instruction ID: a507890ed69d5cb43f823b3dedafcac7a7bbe80e4cd6d8972c18696c6aedb353
Opcode Fuzzy Hash: 37d4b645b299dcea29c621e6c49a24da9f3452e5f79a15079197bfef2cf3d48e
Instruction Fuzzy Hash: 4EB19433508BC28BD711DF34D4501ED7BB0F79172CF954122E6888295AEBBCD69ACB11

Function 00007FF712302EA0 Relevance: 24.2, APIs: 16, Instructions: 165COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF712302EE9
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF712302F02
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF712302F21
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF712302F55
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF712302F7C
?exceptions@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF712302FB5
?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FF712302FC3
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF712303013
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF712303023
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF71230308A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF7123030A0
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF7123030B0
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF71230310F
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712303147
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712303155

Part of subcall function 00007FF7122FDCC0: ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FDCDD
Part of subcall function 00007FF7122FDCC0: ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF7122FDD00

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF712303174

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??1?$basic_ostream@$??1?$basic_ios@?exceptions@ios_base@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@?clear@?$basic_ios@?eback@?$basic_streambuf@?setg@?$basic_streambuf@?setstate@?$basic_ios@?tellp@?$basic_ostream@?write@?$basic_ostream@D00@D@std@@@1@_Init@?$basic_streambuf@Mbstatet@@@2@V12@V?$basic_streambuf@V?$fpos@memset
String ID:
API String ID: 2731233990-0
Opcode ID: 906e880efb86aacd9cb6fc6286c740b54320bc5c910a44c62e9a8cc359850d6d
Instruction ID: f509e93d3507d0aae426486269e06e0aa76e9500783fff83cd4369464dbd1688
Opcode Fuzzy Hash: 906e880efb86aacd9cb6fc6286c740b54320bc5c910a44c62e9a8cc359850d6d
Instruction Fuzzy Hash: 6D813F32608F82C2DB20DF15E8446AAF7A0FB84764F858535DE8D43A64DFBCD599CB14

Function 00007FF712348D90 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712352660: __std_exception_copy.VCRUNTIME140(?,?,?,00007FF712348DA4), ref: 00007FF712352696

_CxxThrowException.VCRUNTIME140 ref: 00007FF712348DB0
std::bad_exception::bad_exception.LIBCMT ref: 00007FF712348DFE

Part of subcall function 00007FF712348D90: _CxxThrowException.VCRUNTIME140 ref: 00007FF712348E2D
Part of subcall function 00007FF712348D90: _CxxThrowException.VCRUNTIME140 ref: 00007FF712348E5D
Part of subcall function 00007FF712348D90: EnterCriticalSection.KERNEL32 ref: 00007FF712348EA6
Part of subcall function 00007FF712348D90: __std_type_info_compare.VCRUNTIME140 ref: 00007FF712348EF1
Part of subcall function 00007FF712348D90: LeaveCriticalSection.KERNEL32 ref: 00007FF712348F0A

Part of subcall function 00007FF71234B710: EnterCriticalSection.KERNEL32 ref: 00007FF71234B787
Part of subcall function 00007FF71234B710: LeaveCriticalSection.KERNEL32 ref: 00007FF71234B7A3

EnterCriticalSection.KERNEL32 ref: 00007FF712348F63
__std_type_info_compare.VCRUNTIME140 ref: 00007FF712348F9B
LeaveCriticalSection.KERNEL32 ref: 00007FF712348FBC
LeaveCriticalSection.KERNEL32 ref: 00007FF712348FED

Strings

throw_exception, xrefs: 00007FF712348DD5
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/static_string/static_string.hpp, xrefs: 00007FF712348DE2

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$EnterExceptionThrow$__std_type_info_compare$__std_exception_copystd::bad_exception::bad_exception
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/static_string/static_string.hpp$throw_exception
API String ID: 1962774896-1744561374
Opcode ID: 629f7ac8e86476d43ab14fac3e56f7f32c35bc3d0863dd2c84e2bc1f5781f6ce
Instruction ID: 49c23155a140b2f514a8d440da38741b9e4bdac412f0b72c262f675c356df996
Opcode Fuzzy Hash: 629f7ac8e86476d43ab14fac3e56f7f32c35bc3d0863dd2c84e2bc1f5781f6ce
Instruction Fuzzy Hash: 0551A522A18F8282EE50EB21EC501B9A361FF94F94F984675EE4D07759DFBCE588C710

Function 00007FF71229CDB0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 135stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229CE35
strtoull.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF71229CE4C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229CE63
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229CEEE
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229CF31
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229CF79
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229CFC1

Strings

' must not begin with '0', xrefs: 00007FF71229CF37
array index , xrefs: 00007FF71229CEBB
array index ', xrefs: 00007FF71229CF41, 00007FF71229CF89
exceeds size_type, xrefs: 00007FF71229CEB1
unresolved reference token ', xrefs: 00007FF71229CEFE
' is not a number, xrefs: 00007FF71229CF7F

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$_errno$strtoull
String ID: exceeds size_type$' is not a number$' must not begin with '0'$array index $array index '$unresolved reference token '
API String ID: 1530075028-3403031426
Opcode ID: 6d07d707648b9c003e4a4e17ff4e9c1e032ffb15936c3189bf8b0562162d952f
Instruction ID: df63fab9ae5a043356fda45439d6ea7655420a9443674fcbce0800cf1a0dfe1d
Opcode Fuzzy Hash: 6d07d707648b9c003e4a4e17ff4e9c1e032ffb15936c3189bf8b0562162d952f
Instruction Fuzzy Hash: F6516132A18E9691EB20FB24E4506ADB321FB85BA4FD10432DA8D43695DEFCD959C720

Function 00007FF7123F4490 Relevance: 19.7, APIs: 13, Instructions: 154COMMON

Download Yara Rule

APIs

__std_fs_open_handle.LIBCPMT ref: 00007FF7123F44D0

Part of subcall function 00007FF7123F4438: CreateFileW.KERNEL32 ref: 00007FF7123F446B
Part of subcall function 00007FF7123F4438: GetLastError.KERNEL32 ref: 00007FF7123F447A

SetFileInformationByHandle.KERNEL32 ref: 00007FF7123F44FA
__std_fs_open_handle.LIBCPMT ref: 00007FF7123F4532
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71230279C), ref: 00007FF7123F454C
GetLastError.KERNEL32 ref: 00007FF7123F4580
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF7123F45CC
GetLastError.KERNEL32 ref: 00007FF7123F45DA
CloseHandle.KERNEL32 ref: 00007FF7123F45F0
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123F45FE
SetFileInformationByHandle.KERNEL32 ref: 00007FF7123F461E
SetFileInformationByHandle.KERNEL32 ref: 00007FF7123F4652
GetLastError.KERNEL32 ref: 00007FF7123F4674
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71230279C), ref: 00007FF7123F46AC

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handleabort$Create
String ID:
API String ID: 503677281-0
Opcode ID: 3139647964f723243ce3bc6f56f3665362c2935df82bc9e5015c43630d6dfa0e
Instruction ID: fcb86b267e36c88fef3e84c1b3b35c8acf211124996738351e9fee45c64c447a
Opcode Fuzzy Hash: 3139647964f723243ce3bc6f56f3665362c2935df82bc9e5015c43630d6dfa0e
Instruction Fuzzy Hash: 5251B621F08A4289FB20ABB5A4001BD6BA0EF547B8F94017DCF1D57AD8DFACD449C721

Function 00007FF7122AB630 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF7122AB664
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF7122AB67D
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF7122AB6AF
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF7122AB6D7
std::_Facet_Register.LIBCPMT ref: 00007FF7122AB6F2
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122AB717
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z.MSVCP140 ref: 00007FF7122AB75C
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AB7AD
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AB7DD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122AB7E3

Strings

failed to format time, xrefs: 00007FF7122AB796

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Lockit@std@@Mbstatet@@@std@@$??0_??1_?in@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskExceptionFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterThrowV42@@Vfacet@locale@2@__std_exception_copystd::_
String ID: failed to format time
API String ID: 1980819556-3478406193
Opcode ID: bfbfe1a0afb0499c7d4dd29e152e8b2937da9331d58634ac04d6b4df2b2b24ba
Instruction ID: 98fc7174968cdaf3fc29c5d0cde86496e8ed1826a6902060526b1217c1ecb533
Opcode Fuzzy Hash: bfbfe1a0afb0499c7d4dd29e152e8b2937da9331d58634ac04d6b4df2b2b24ba
Instruction Fuzzy Hash: 15516D22B08F4199EB10EF61E8503EC7360FB58B68F854535DE0D17A99EFB8D5A9C360

Function 00007FF7122FDA00 Relevance: 18.1, APIs: 12, Instructions: 134COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122FDA53
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7122FDA72
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122FDAA4
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7122FDABF
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z.MSVCP140 ref: 00007FF7122FDAE6
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7122FDB02
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7122FDB29
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z.MSVCP140 ref: 00007FF7122FDB50
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF7122FDB74
?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7122FDB89
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7122FDBA0
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122FDBE1

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$Init@?$basic_streambuf@$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Fiopen@std@@H001@U_iobuf@@V?$basic_streambuf@Vlocale@2@_get_stream_buffer_pointers
String ID:
API String ID: 2219270862-0
Opcode ID: 26b8ca6df97794c3762c11ea2bd4cb59bd5ef9fe2a3e99b2d6513c1e835a8554
Instruction ID: f993a903289d7f83103b261454eb63c72fd99a0c8081a01f03deb51a76f88cbf
Opcode Fuzzy Hash: 26b8ca6df97794c3762c11ea2bd4cb59bd5ef9fe2a3e99b2d6513c1e835a8554
Instruction Fuzzy Hash: A6514636A08F8282EB00DF25E550369B7A0FB89BA4F804435DE4D03B64DF7CE46AC754

Function 00007FF7122EFCD0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

_Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF71229A0B7), ref: 00007FF7122EFDD3
_Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF71229A0B7), ref: 00007FF7122EFDDB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF71229A0B7), ref: 00007FF7122EFF55
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122EFFC5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F002F
_localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7122F003F
asctime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7122F004D
memmove.VCRUNTIME140 ref: 00007FF7122F0091
memchr.VCRUNTIME140 ref: 00007FF7122F00D4

Strings

last_write_time, xrefs: 00007FF7122F0141

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xtime_get_ticks$_localtime64asctimememchrmemmove
String ID: last_write_time
API String ID: 1522903263-3138894124
Opcode ID: 3652966d2b94d33beab6572ee22c4e2890047403c5f09a200e79e3bdcb38cbe2
Instruction ID: 60f1d63b6a895bb53cc634a028c3376e9c30520c8de9ab2a8be98eeb03a75b4e
Opcode Fuzzy Hash: 3652966d2b94d33beab6572ee22c4e2890047403c5f09a200e79e3bdcb38cbe2
Instruction Fuzzy Hash: 52D1E262F14B4281EF10AB25E4007BDA3A1FB05BA4F954235DE6D16BDADFBCE489D310

Function 00007FF7122D5530 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 233COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122B49E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B4ACD
Part of subcall function 00007FF7122B49E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B4B25

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122D55DC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D5727
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D572E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D582F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D5870

Strings

created, xrefs: 00007FF7122D579D
destroyed, xrefs: 00007FF7122D5774
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF7122D560A
{}{}, xrefs: 00007FF7122D5635
__cdecl sj::ScopedLogger<2>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc, xrefs: 00007FF7122D562A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@
String ID: created$ destroyed$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<2>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc${}{}
API String ID: 1965997411-467006353
Opcode ID: 24f54d5c7ecbbf42aec03c149b52548008d0132ef9376027c60540c5d373dcde
Instruction ID: e5055279af4bd9ae3ef4f0cfcfdc7fa3c8ea2085357cb086f9b78c488533de7f
Opcode Fuzzy Hash: 24f54d5c7ecbbf42aec03c149b52548008d0132ef9376027c60540c5d373dcde
Instruction Fuzzy Hash: 81A1A273A08F8581EB10DB24E4403ADB3A1FB557A4F905235EF9D12A99DFB8E5E9C310

Function 00007FF7122AE760 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE79F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE7CC
CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE851
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE860
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE86B

Strings

event, xrefs: 00007FF7122AE90C, 00007FF7122AE923
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_event.ipp, xrefs: 00007FF7122AE7B9
<, xrefs: 00007FF7122AE8BE
win_event, xrefs: 00007FF7122AE7C0
., xrefs: 00007FF7122AE821

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CreateErrorEventLast$CloseHandle
String ID: .$<$C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_event.ipp$event$win_event
API String ID: 781342481-683092726
Opcode ID: 88bfd23d812b0dc710e713a61489a50072035aea9213597882c3c86b08321031
Instruction ID: cf84f8548b2e7ed3992ff4cd952e923ef1ee2b54ab979b274b1d10d4f4e62300
Opcode Fuzzy Hash: 88bfd23d812b0dc710e713a61489a50072035aea9213597882c3c86b08321031
Instruction Fuzzy Hash: BC518332A18F4286EB60AF11E444269B3A4FB84B64F900135EE9D03F94CFBCD55ACB14

Function 00007FF712306310 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF712306460
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123064A7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123064FD
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF71230663B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712306682
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71230670C

Strings

Failed to parse file '{}', desc: {}, xrefs: 00007FF712306617
#, xrefs: 00007FF712306623
Unable to read file '{}': {}, xrefs: 00007FF71230643C

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@
String ID: #$Failed to parse file '{}', desc: {}$Unable to read file '{}': {}
API String ID: 2762475784-1842396143
Opcode ID: 5842dfcec9742fdd6a1f02b111a3477cb56ddff484136fa9e0437d59496efc7f
Instruction ID: 922913e567d3dc2985543bb285bb580373f0efd4b9e700655931cf99dbaae581
Opcode Fuzzy Hash: 5842dfcec9742fdd6a1f02b111a3477cb56ddff484136fa9e0437d59496efc7f
Instruction Fuzzy Hash: 16B1A662A0CFC585EA609B14F4403ADA360FB897B4F505335EADD02AADDF7CD588DB24

Function 00007FF7122A3850 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140 ref: 00007FF7122A38EE
memchr.VCRUNTIME140 ref: 00007FF7122A398B
memchr.VCRUNTIME140 ref: 00007FF7122A39F8
memchr.VCRUNTIME140 ref: 00007FF7122A3AB7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A3ADE
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122A3B54
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122A3B93

Strings

JSON pointer must be empty or begin with '/' - was: ', xrefs: 00007FF7122A3B1F
escape character '~' must be followed with '0' or '1', xrefs: 00007FF7122A3B5A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memchr$ExceptionThrow$_invalid_parameter_noinfo_noreturn
String ID: JSON pointer must be empty or begin with '/' - was: '$escape character '~' must be followed with '0' or '1'
API String ID: 535824585-3042630592
Opcode ID: 6c4c3c7adf04459d8d76c3136931c0c28aa64cbde34a54dd61a599d6d6b36dea
Instruction ID: 9a61aab3af00d13d412c3fcd5ed7b4919df0ab77753fa20c5c3c894a48ef6d2a
Opcode Fuzzy Hash: 6c4c3c7adf04459d8d76c3136931c0c28aa64cbde34a54dd61a599d6d6b36dea
Instruction Fuzzy Hash: BD91C122F08E9696EB50EF61D4002ADA761AB04BB4F954632DE2D17FC6DFBCE549C310

Function 00007FF7122A8370 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A83BB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A83CF
memset.VCRUNTIME140 ref: 00007FF7122A83F6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A84FC
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A8601
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A861A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A866E

Strings

bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF7122A8376
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122A837A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const
API String ID: 3906636330-4290690388
Opcode ID: cc0e8f2a7b399039082bb127cdca5a37c5d626e2fd1400119cc8cc97f8a7567b
Instruction ID: 9243bd532f49eebf950ae8fa7f05c885c0c136e8b3d3606a9d0c1344cb3b7398
Opcode Fuzzy Hash: cc0e8f2a7b399039082bb127cdca5a37c5d626e2fd1400119cc8cc97f8a7567b
Instruction Fuzzy Hash: BF811A32608FC581DB619B15F4443AEB3A4FB89BA4F804126DBDD03B69DFB8D599CB10

Function 00007FF7123A74D0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712297240: __std_fs_code_page.MSVCPRT ref: 00007FF712297263
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972B1
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972E9

Part of subcall function 00007FF7122F28F0: memset.VCRUNTIME140 ref: 00007FF7122F2930
Part of subcall function 00007FF7122F28F0: GetModuleFileNameW.KERNEL32 ref: 00007FF7122F2942

Part of subcall function 00007FF712295C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295CCB

__std_fs_code_page.MSVCPRT ref: 00007FF7123A7601
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7123A764D
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7123A768B
sentry_options_set_handler_path.SENTRY ref: 00007FF7123A76B0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A76E8

Part of subcall function 00007FF7122A6540: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6588

Part of subcall function 00007FF7122993F0: _CxxThrowException.VCRUNTIME140 ref: 00007FF712299423

Part of subcall function 00007FF7122993B0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7122993E3

Strings

crashpad_handler.exe, xrefs: 00007FF7123A74FA
crashpad_handler executable not found at path {}, xrefs: 00007FF7123A75AF
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp, xrefs: 00007FF7123A7599
bool __cdecl sj::CrashHandler::Impl::initHandlerPath(void), xrefs: 00007FF7123A75A4

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow__std_fs_code_page__std_fs_convert_narrow_to_wide__std_fs_convert_wide_to_narrow_invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@FileModuleNameVlogger@1@memsetsentry_options_set_handler_path
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp$bool __cdecl sj::CrashHandler::Impl::initHandlerPath(void)$crashpad_handler executable not found at path {}$crashpad_handler.exe
API String ID: 2297559408-2725342653
Opcode ID: 4ac8c9642c532bc9bcaa9bb5619c61d2b7cc63dede49773e473bbcbd7de4fe47
Instruction ID: 1d18f2b8321b599326540c2e4528e19029d9ecacb58e5d45dc7ed4f7ff85f8a2
Opcode Fuzzy Hash: 4ac8c9642c532bc9bcaa9bb5619c61d2b7cc63dede49773e473bbcbd7de4fe47
Instruction Fuzzy Hash: ED619132B14B469AFB10EF64D4503EDA3B1EB447A8F801136EE0D57A99DFB8D549C3A0

Function 00007FF7122980B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122980FB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF71229810F
memset.VCRUNTIME140 ref: 00007FF712298136
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF71229821D
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF712298322
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF71229833B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229838F

Strings

<, xrefs: 00007FF71229819F
initialCheckDelay, xrefs: 00007FF7122980B3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: <$initialCheckDelay
API String ID: 3906636330-2457864576
Opcode ID: e8f2cd1f34f893a1bd19302fb1ea429a1f2908c6eef12f8b7a6f3ad480f1382b
Instruction ID: fe24a2aeae869227846b26ed58df1b6521a3b09c0be4cb14668bb4e92e844884
Opcode Fuzzy Hash: e8f2cd1f34f893a1bd19302fb1ea429a1f2908c6eef12f8b7a6f3ad480f1382b
Instruction Fuzzy Hash: 93810A32608FC581DB619B15F4443EEB364FB897A4F804226DBCD02B59DFB8D599CB10

Function 00007FF7122A7D30 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A7D7B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A7D8F
memset.VCRUNTIME140 ref: 00007FF7122A7DB6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A7E92
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A7FA7
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A7FC0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A8014

Strings

bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF7122A7D36
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122A7D3A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const
API String ID: 3906636330-4290690388
Opcode ID: 559aa2695a4f495cb18d4a9e2d29d9abf39c3bed67e6de4ea7b8c1f20ea301fc
Instruction ID: e09c604032db0325ecfbf9768c5ad7e01821e7ef98af9d0ed4534a4ec50c6de8
Opcode Fuzzy Hash: 559aa2695a4f495cb18d4a9e2d29d9abf39c3bed67e6de4ea7b8c1f20ea301fc
Instruction Fuzzy Hash: 08810932609FC581DB619B15F4443EEB364FB897A4F804222DACD43B69EFB8D599CB10

Function 00007FF7122A6CB0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A6CFB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A6D0F
memset.VCRUNTIME140 ref: 00007FF7122A6D36
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A6E0B
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A6F17
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A6F30
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A6F84

Strings

class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann::json_abi_v3_11_2::a, xrefs: 00007FF7122A6CBA
Skip: {}, xrefs: 00007FF7122A6CB6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: Skip: {}$class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann::json_abi_v3_11_2::a
API String ID: 3906636330-3879659612
Opcode ID: e677bd11590f1e5904471a6ce7d6954ef26394f098cdcce1f7a066ade6fad61e
Instruction ID: e68ef912ac50677e09d3c99586cb148c46e8b30a1c492e7a8e935abc32f669f4
Opcode Fuzzy Hash: e677bd11590f1e5904471a6ce7d6954ef26394f098cdcce1f7a066ade6fad61e
Instruction Fuzzy Hash: 9E711832609FC585DB719B15F4843EEB364FB887A4F804222DACD42B69DF78D599CB10

Function 00007FF7122BAD00 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122AC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122AC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BADF0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122BAF20

Strings

*, xrefs: 00007FF7122BAEAD
<-- , xrefs: 00007FF7122BAD34
updateComponents, xrefs: 00007FF7122BAD89
bool __cdecl sj::Updater::Impl::updateComponents(void) noexcept, xrefs: 00007FF7122BAE92
--> , xrefs: 00007FF7122BAD58
Version information file is downloaded{}, xrefs: 00007FF7122BAEA1
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122BAE83

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@memcpy
String ID: *$--> $<-- $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Version information file is downloaded{}$bool __cdecl sj::Updater::Impl::updateComponents(void) noexcept$updateComponents
API String ID: 2778819636-2649363370
Opcode ID: 40c8369a06b7e6bb3d283250fd811241f6f34a5991d5ca84975c3030587f2813
Instruction ID: ab5404ea457e893632fc0fd200ab0c0f6e32eb1266203075305b89d8464f019a
Opcode Fuzzy Hash: 40c8369a06b7e6bb3d283250fd811241f6f34a5991d5ca84975c3030587f2813
Instruction Fuzzy Hash: 1B618862A0CFC651EA60EB14E4513EEB350FB897A0F914231EADD06A99DFACD54DC710

Function 00007FF7122E3440 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 142COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E3515
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E364E

Strings

event, xrefs: 00007FF7122E356E
Sending NewRelic {}: '{}', xrefs: 00007FF7122E35A5
metric, xrefs: 00007FF7122E354C
void __cdecl sj::nr::NewRelicService::Impl::send(const enum sj::nr::MessageType,class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,u, xrefs: 00007FF7122E359A
trace, xrefs: 00007FF7122E3543
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF7122E358F
log, xrefs: 00007FF7122E355D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$Sending NewRelic {}: '{}'$event$log$metric$trace$void __cdecl sj::nr::NewRelicService::Impl::send(const enum sj::nr::MessageType,class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,u
API String ID: 3668304517-958141585
Opcode ID: adf11d9a6af54a0aa89c450b2eddd30db7b5bc3a6bd5338bb469d2547833071a
Instruction ID: 7509a97cebb92734f5de4b24900333e106e605014677e18b7a740bc2834f4636
Opcode Fuzzy Hash: adf11d9a6af54a0aa89c450b2eddd30db7b5bc3a6bd5338bb469d2547833071a
Instruction Fuzzy Hash: 15616E62F08F8599FB10DBA4E4403FC7371AB4876CF814235DE4D26B98DEB8A598D354

Function 00007FF7122D7AE0 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 98COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122D7C0A
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122D7C1B

Part of subcall function 00007FF7122F4AD0: std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122F4AFC
Part of subcall function 00007FF7122F4AD0: _CxxThrowException.VCRUNTIME140 ref: 00007FF7122F4B0D
Part of subcall function 00007FF7122F4AD0: _CxxThrowException.VCRUNTIME140 ref: 00007FF7122F4B95

Strings

Runnable initialization attempt with nullptr, xrefs: 00007FF7122D7C45
C, xrefs: 00007FF7122D7B78
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp, xrefs: 00007FF7122D7B88
WindowsService is already initialized, xrefs: 00007FF7122D7C21
Working as a windows service, xrefs: 00007FF7122D7BA0
Service name is not specified!, xrefs: 00007FF7122D7BFE
__cdecl sj::WindowsService::WindowsService(const class std::shared_ptr<class sj::Runnable> &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >), xrefs: 00007FF7122D7B94

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$std::bad_exception::bad_exception
String ID: C$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp$Runnable initialization attempt with nullptr$Service name is not specified!$WindowsService is already initialized$Working as a windows service$__cdecl sj::WindowsService::WindowsService(const class std::shared_ptr<class sj::Runnable> &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)
API String ID: 387331647-3463644464
Opcode ID: 4549967a1557c6629ed4993ce1faa10ece34ebdb84e8ff6315ea06df01cac2e1
Instruction ID: 2cc91ef855ab6db07959ab3e095701661c107da68f503a85c5848dcc1fbef9b2
Opcode Fuzzy Hash: 4549967a1557c6629ed4993ce1faa10ece34ebdb84e8ff6315ea06df01cac2e1
Instruction Fuzzy Hash: 0E418232908F8581E710DF24E441369B3B0FB98758FA15235EA8C43659DF7CE5A8C750

Function 00007FF7122F45D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 98libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7122F4731
memset.VCRUNTIME140 ref: 00007FF7122F4746
GetProcAddress.KERNEL32 ref: 00007FF7122F475A
GetLastError.KERNEL32 ref: 00007FF7122F478F

Strings

{}.{}.{}, xrefs: 00007FF7122F46CB
ntdll.dll, xrefs: 00007FF7122F472A
Failed to get OS version, xrefs: 00007FF7122F477A
RtlGetVersion, xrefs: 00007FF7122F4750

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProcmemset
String ID: Failed to get OS version$RtlGetVersion$ntdll.dll${}.{}.{}
API String ID: 1371268722-418650401
Opcode ID: 8d7f4d0ff32dec40d18458a543befdfde198ebe3ac4c0484f996103339b731d0
Instruction ID: 40dd26380d8ddf8ca5d39fe83717b65e22f8727b5a412518c8567a821e7df7b2
Opcode Fuzzy Hash: 8d7f4d0ff32dec40d18458a543befdfde198ebe3ac4c0484f996103339b731d0
Instruction Fuzzy Hash: FC515432A18F85C6E710EF64F4502A9B3A0FB98764F844235DE8C42B64DFBCE599CB10

Function 00007FF7122D4B90 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 71COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D4CD1

Part of subcall function 00007FF71229F340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF71229F383
Part of subcall function 00007FF71229F340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF71229F3D4

Strings

M, xrefs: 00007FF7122D4C5D
, details: , xrefs: 00007FF7122D4BA5
+, xrefs: 00007FF7122D4C49
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetectionService.cpp, xrefs: 00007FF7122D4BE0, 00007FF7122D4C65
#, xrefs: 00007FF7122D4C55
Failed to start crash detection service: {}, xrefs: 00007FF7122D4C3A
auto __cdecl sj::CrashDetectionService::start::<lambda_1>::operator ()(void) const, xrefs: 00007FF7122D4BEC, 00007FF7122D4C71
Started crash detection service, xrefs: 00007FF7122D4BF8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@_invalid_parameter_noinfo_noreturn
String ID: #$+$, details: $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetectionService.cpp$Failed to start crash detection service: {}$M$Started crash detection service$auto __cdecl sj::CrashDetectionService::start::<lambda_1>::operator ()(void) const
API String ID: 298516329-1322712142
Opcode ID: ca4a0297727a0cd6c204dcbaa7e37a330f1319a4e16cd76b92d85ed9aae7b0de
Instruction ID: d5cdd5190ff8f208925909d0a227118da20f9975b15fd6e6145dfb8935e0c76f
Opcode Fuzzy Hash: ca4a0297727a0cd6c204dcbaa7e37a330f1319a4e16cd76b92d85ed9aae7b0de
Instruction Fuzzy Hash: E5315072A08F8685EB10AB14F4403EDB361FB847A4F904136DA9D07799DFBCE458C720

Function 00007FF7122E7540 Relevance: 15.1, APIs: 10, Instructions: 125COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF7122E757C
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF7122E7591
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF7122E75C8
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122E76F8

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

??0_Locinfo@std@@QEAA@PEBD@Z.MSVCP140 ref: 00007FF7122E7633
??0facet@locale@std@@IEAA@_K@Z.MSVCP140 ref: 00007FF7122E764A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ.MSVCP140 ref: 00007FF7122E7663
??1_Locinfo@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122E7683
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E76C4
std::_Facet_Register.LIBCPMT ref: 00007FF7122E76DB

Part of subcall function 00007FF7122EF3D0: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7122E7618), ref: 00007FF7122EF3F9
Part of subcall function 00007FF7122EF3D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7122E7618), ref: 00007FF7122EF511

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Locinfo@std@@$??0_??1_Lockit@std@@_invalid_parameter_noinfo_noreturn$??0facet@locale@std@@?c_str@?$_Bid@locale@std@@Collvec@@D@std@@Facet_Getcoll@_Getgloballocale@locale@std@@Locimp@12@RegisterYarn@mallocstd::_
String ID:
API String ID: 770176852-0
Opcode ID: b1adb42a13c6693f8ab160bfb8b6194fd320847d41616f86927bdc0fb6e911c9
Instruction ID: be42146d84b708a70309e068b7d434ac58446e4c03200d84a4e33b9526fcc339
Opcode Fuzzy Hash: b1adb42a13c6693f8ab160bfb8b6194fd320847d41616f86927bdc0fb6e911c9
Instruction Fuzzy Hash: 9E51AE62A08F4191EA18AF15E5443BDA361FB48BF4F954232CE5D137A4DFBCE899C360

Function 00007FF71238F250 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 181COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF71238F35A
memcpy.VCRUNTIME140 ref: 00007FF71238F36B
std::bad_exception::bad_exception.LIBCMT ref: 00007FF71238F3FC
std::bad_exception::bad_exception.LIBCMT ref: 00007FF71238F443

Strings

C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/beast/http/impl/fields.hpp, xrefs: 00007FF71238F3DC, 00007FF71238F423
field value too large, xrefs: 00007FF71238F3F0
new_element, xrefs: 00007FF71238F3CF, 00007FF71238F416
field name too large, xrefs: 00007FF71238F437

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpystd::bad_exception::bad_exception
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/beast/http/impl/fields.hpp$field name too large$field value too large$new_element
API String ID: 1157262936-3644844388
Opcode ID: 8c12241656f4b47ceb80d2d047a704909f028cfc9c23d66f22ed6909f06b2f45
Instruction ID: b60d39f115cbc15ed32c4538b34f40e0a32d5d30bf5612c070b4d37bcdc8fc7a
Opcode Fuzzy Hash: 8c12241656f4b47ceb80d2d047a704909f028cfc9c23d66f22ed6909f06b2f45
Instruction Fuzzy Hash: EE61E722B08A8182DB10AB15D441379B7A0FF55B98FC48136EF9D47385EFBCD499C361

Function 00007FF7122A79D0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 173COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A7A15
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A7A29
memset.VCRUNTIME140 ref: 00007FF7122A7A50
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A7B7A
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A7C87
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A7CA0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A7CF4

Strings

bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const, xrefs: 00007FF7122A79D4

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const
API String ID: 3906636330-941177291
Opcode ID: 8bccd7b1025cba05118609d7755b6bb65666a9d9092d82dd8580f6b5e11bc240
Instruction ID: eae82c2c448100f48fec0187b8b804ef98914dbc416fcacb73072c65b9089099
Opcode Fuzzy Hash: 8bccd7b1025cba05118609d7755b6bb65666a9d9092d82dd8580f6b5e11bc240
Instruction Fuzzy Hash: 68910932608FC581DB619B15F4443EEB3A4FB897A4F804226DACD03B69EF78D599CB10

Function 00007FF7122A7660 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A76A5
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A76B9
memset.VCRUNTIME140 ref: 00007FF7122A76E0
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A7817
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A7927
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A7940
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A7994

Strings

bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const, xrefs: 00007FF7122A7664

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const
API String ID: 3906636330-941177291
Opcode ID: b45a27d507d5a1f92ac54fd9441722b66895ca71883a35963c61990113dbf553
Instruction ID: b40ae030cd48f119fdd9c0faa06c6e58424922d1838ac1a493057b0ae5b8cf31
Opcode Fuzzy Hash: b45a27d507d5a1f92ac54fd9441722b66895ca71883a35963c61990113dbf553
Instruction Fuzzy Hash: 3F911932609FC585DA619B14F4443EEB364FB897A4F804226DACD03B69EFB8D599CB10

Function 00007FF7122983C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF71229840B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF71229841F
memset.VCRUNTIME140 ref: 00007FF712298446
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF712298540
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF712298651
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF71229866A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122986BE

Strings

app.name, xrefs: 00007FF7122983C3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: app.name
API String ID: 3906636330-2680132313
Opcode ID: a1abd8d85ab48d436a2a69a848019feb957c861f32b57d0af472e6a2e71bd9e3
Instruction ID: 91564e17612a94f45f59ace003b44127d9edb4b45ab1fdc70202138b2a28c927
Opcode Fuzzy Hash: a1abd8d85ab48d436a2a69a848019feb957c861f32b57d0af472e6a2e71bd9e3
Instruction Fuzzy Hash: 97811A32608FC581DB619B15F4443AEB364FB89794F904126DBCD03B69DFB8D599CB10

Function 00007FF7122B1E00 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 164COMMON

Download Yara Rule

APIs

_Xtime_get_ticks.MSVCP140 ref: 00007FF7122B1E62
_localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7122B1EAE
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122B1F26

Part of subcall function 00007FF7122A65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B1FC0

Strings

void __cdecl sj::Updater::Impl::asyncWaitTimer(void) noexcept, xrefs: 00007FF7122B1F45
Next check scheduled on: {}, xrefs: 00007FF7122B1F50
{:%Y-%m-%d %H:%M:%S}, xrefs: 00007FF7122B1EEF
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122B1F3A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@Vlogger@1@Xtime_get_ticks_invalid_parameter_noinfo_noreturn_localtime64_s
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Next check scheduled on: {}$void __cdecl sj::Updater::Impl::asyncWaitTimer(void) noexcept${:%Y-%m-%d %H:%M:%S}
API String ID: 2532722630-3149286030
Opcode ID: fa8436c991509790ae7b6e2ec7a6c3a95bb17aeda6efab635c7a325dd7123fad
Instruction ID: 1f244499d00bfa01272f000923b7faabe48779cccf362e4ed5ecb7c5df689d21
Opcode Fuzzy Hash: fa8436c991509790ae7b6e2ec7a6c3a95bb17aeda6efab635c7a325dd7123fad
Instruction Fuzzy Hash: D5817B32A14F858AEB00DF24E8402EDB3B0FB48758F905226EE8C17B59EF78D195C750

Function 00007FF712297A80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF712297ACB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF712297ADF
memset.VCRUNTIME140 ref: 00007FF712297B06
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF712297BF6
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF712297D01
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF712297D1A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712297D6E

Strings

app.path, xrefs: 00007FF712297A83

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: app.path
API String ID: 3906636330-3402131408
Opcode ID: 37236fcd9b7fb9c5f02c2468e3477a324a1c7a38487b24b09329f0f6f95c0c87
Instruction ID: 5bc07ea0400301dbdee9401841d627be432148e9b0751746aedc1480016dbde0
Opcode Fuzzy Hash: 37236fcd9b7fb9c5f02c2468e3477a324a1c7a38487b24b09329f0f6f95c0c87
Instruction Fuzzy Hash: FD811A72608FC581DB619B14F4443EEB364FB89764F904226EBCD02B69EFB8D599CB10

Function 00007FF712297DA0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF712297DEB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF712297DFF
memset.VCRUNTIME140 ref: 00007FF712297E26
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF712297F0B
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF712298011
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF71229802A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229807E

Strings

maxRetryAttempts, xrefs: 00007FF712297DA3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: maxRetryAttempts
API String ID: 3906636330-3836769744
Opcode ID: 1d4abca1f4f3179f0921685532641b7b206257e9e0022d38d82c7d1beb9f2f4c
Instruction ID: 7c44bfc0ff8d6dd26c8e0eda1774e62244387f751789b19c7a999393c352eb1a
Opcode Fuzzy Hash: 1d4abca1f4f3179f0921685532641b7b206257e9e0022d38d82c7d1beb9f2f4c
Instruction Fuzzy Hash: CB81FA32608FC581DB619B15F4443EEB364FB897A4F904226EACD03B59DFB8D599CB10

Function 00007FF7122D63D0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122D641B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122D642F
memset.VCRUNTIME140 ref: 00007FF7122D6456
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122D652A
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122D6637
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122D6650
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D66A4

Strings

sj::ConsoleApplication::run, xrefs: 00007FF7122D63D3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: sj::ConsoleApplication::run
API String ID: 3906636330-432001771
Opcode ID: cc7278577617488992a980c7cb74f26a1aefd9c20f0afe1fa37d15278232f202
Instruction ID: 2d66f7d1eece5ab8d9aee7b69f9e507ef4412349286bcbc47ac2247ed3513372
Opcode Fuzzy Hash: cc7278577617488992a980c7cb74f26a1aefd9c20f0afe1fa37d15278232f202
Instruction Fuzzy Hash: 3B711732609FC585DB719B14F4843EEB364FB88764F804222DACD02B69EFB8D599CB50

Function 00007FF7122E2D50 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 141COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140 ref: 00007FF7122E2E1C
_Mtx_unlock.MSVCP140 ref: 00007FF7122E2E7E

Part of subcall function 00007FF7122A69C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6A08

?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF7122E2EE9
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF7122E2EF4

Strings

Sending NewRelic {} is not enabled, xrefs: 00007FF7122E2DBF
bool __cdecl sj::nr::NewRelicService::Impl::isEnabled(const enum sj::nr::MessageType) noexcept const, xrefs: 00007FF7122E2DB4
metric, xrefs: 00007FF7122E2D88
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF7122E2DA9

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$?default_logger_raw@spdlog@@Mtx_lockMtx_unlockVlogger@1@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$Sending NewRelic {} is not enabled$bool __cdecl sj::nr::NewRelicService::Impl::isEnabled(const enum sj::nr::MessageType) noexcept const$metric
API String ID: 2215757343-4065012269
Opcode ID: fa2f9802cc518e1b998c9d7512411f9f020f14db03d953165377fcdaa5b5f194
Instruction ID: 296981c08e61843b3fd56d51fa409b7d77ae10eb2c2e99a2472c5a2ce48140f0
Opcode Fuzzy Hash: fa2f9802cc518e1b998c9d7512411f9f020f14db03d953165377fcdaa5b5f194
Instruction Fuzzy Hash: 28618D32604F8599EB00EF25E4413EC73A0EB45B98F945036EB4D13B99DF78E5A9C360

Function 00007FF7122B5350 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712303A90: _Xtime_get_ticks.MSVCP140(?,?,?,?,00007FF7122DEF58), ref: 00007FF712303A94

_Xtime_get_ticks.MSVCP140 ref: 00007FF7122B53E6
_localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7122B542F
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122B549F

Part of subcall function 00007FF7122939D0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF712293A18

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B5543

Strings

void __cdecl sj::`anonymous-namespace'::handleErrorsExpiration(class sj::UpdaterStorage &,class std::chrono::duration<__int64,struct std::ratio<1,1000> >), xrefs: 00007FF7122B54C3
Next expiration for '{}' will took place on: {}, xrefs: 00007FF7122B54DC
{:%Y-%m-%d %H:%M:%S}, xrefs: 00007FF7122B547A
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122B54AD

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Xtime_get_ticks$?default_logger_raw@spdlog@@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@Vlogger@1@_invalid_parameter_noinfo_noreturn_localtime64_s
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Next expiration for '{}' will took place on: {}$void __cdecl sj::`anonymous-namespace'::handleErrorsExpiration(class sj::UpdaterStorage &,class std::chrono::duration<__int64,struct std::ratio<1,1000> >)${:%Y-%m-%d %H:%M:%S}
API String ID: 374219349-3552591738
Opcode ID: f5fb34671b482da7b82e4ad233f084f196c2680ea549da08b5570cf656f173d3
Instruction ID: 2126de18f2db7c01842fd0a73327fd37447180192a7373f7c81de4cf7681da35
Opcode Fuzzy Hash: f5fb34671b482da7b82e4ad233f084f196c2680ea549da08b5570cf656f173d3
Instruction Fuzzy Hash: 9B516F62F04F458AEB00EB74E4412EC73B1EB58798F904235DE4C2AB59EF78E199C394

Function 00007FF7122B20E0 Relevance: 13.6, APIs: 9, Instructions: 62COMMON

Download Yara Rule

APIs

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z.MSVCP140 ref: 00007FF7122B2134
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z.MSVCP140 ref: 00007FF7122B215D
?__ExceptionPtrDestroy@@YAXPEAX@Z.MSVCP140 ref: 00007FF7122B2167
?__ExceptionPtrCreate@@YAXPEAX@Z.MSVCP140 ref: 00007FF7122B217A
?__ExceptionPtrDestroy@@YAXPEAX@Z.MSVCP140 ref: 00007FF7122B219A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF7122B21B0
?__ExceptionPtrCreate@@YAXPEAX@Z.MSVCP140 ref: 00007FF7122B21CC
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z.MSVCP140 ref: 00007FF7122B21E4
?__ExceptionPtrDestroy@@YAXPEAX@Z.MSVCP140 ref: 00007FF7122B21EE

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Exception$Destroy@@$Copy@@Create@@$Assign@@__std_exception_destroy
String ID:
API String ID: 1226646100-0
Opcode ID: 31dff0feb1699c8a4422c74ac2fb4a3a02ec7dff8dd1929e90be58e97bd81aaf
Instruction ID: d0cdbd1bd7eee7df6e181714efd618d0022fc5ea4994ca79edc185b2a2858b5a
Opcode Fuzzy Hash: 31dff0feb1699c8a4422c74ac2fb4a3a02ec7dff8dd1929e90be58e97bd81aaf
Instruction Fuzzy Hash: 73214022E18F8691EF10EB24E4410BEA361FFD9364FD04235EB8D42566EFACD289C750

Function 00007FF7122DA1B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 307COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122DA42E

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DA427
memcmp.VCRUNTIME140 ref: 00007FF7122DA4BF
memcmp.VCRUNTIME140 ref: 00007FF7122DA4F3
memcmp.VCRUNTIME140 ref: 00007FF7122DA588

Strings

gfffffff, xrefs: 00007FF7122DA3B1
gfffffff, xrefs: 00007FF7122DA1DB

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcmp$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID: gfffffff$gfffffff
API String ID: 97214780-161084747
Opcode ID: e03502ec7ecc94280be2ed7e6a13344c142164b2e312d7560dc89cbee86b7a1d
Instruction ID: 7f3838cc24440a1c720f025467940b91bb30f806cc6cff2e208cd04c0c5c04a4
Opcode Fuzzy Hash: e03502ec7ecc94280be2ed7e6a13344c142164b2e312d7560dc89cbee86b7a1d
Instruction Fuzzy Hash: 71C1D073B08B8982DA20EB12F40496DA765F748BD4F898136EE9D47785CF7CE194C311

Function 00007FF7122C57F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769

Part of subcall function 00007FF7122A2DD0: memmove.VCRUNTIME140 ref: 00007FF7122A2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C58F7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C5948
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C5987
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C59D7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C5A52

Strings

parse error, xrefs: 00007FF7122C58B1
parse_error, xrefs: 00007FF7122C586F

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: parse error$parse_error
API String ID: 1675611454-1820534363
Opcode ID: 36d097a5b747bfcb70958d877363c18ac4d8d05215aa0597913fa7995ad393c3
Instruction ID: 0233b9fcdc6bb953710a8ca1265fa613b56a0c908fe5079694abf5e77400efca
Opcode Fuzzy Hash: 36d097a5b747bfcb70958d877363c18ac4d8d05215aa0597913fa7995ad393c3
Instruction Fuzzy Hash: 9B71A662F18F4644FA10EB65F4403ADA321AB457B4F905331EE6D22AE9DEBCE4D8C314

Function 00007FF7123C3C20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 170COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Opera/,OPR/,00007FF7122924F9), ref: 00007FF7123C3C99
memmove.VCRUNTIME140(00000000,Opera/,OPR/,00007FF7122924F9), ref: 00007FF7123C3CC8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123C3CEB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF7122924F9), ref: 00007FF7123C3D57
memchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7122924F9), ref: 00007FF7123C3E02

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Strings

Opera/, xrefs: 00007FF7123C3C2B
OPR/, xrefs: 00007FF7123C3C2A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemchrmemmove
String ID: OPR/$Opera/
API String ID: 2753702255-1531271886
Opcode ID: c9ba7e3ea939cfa4c84405637764614e8252604aee2d84b0f892cc165385e758
Instruction ID: c8414aa4434ae8ae511dd4170a240220bc45a7765713d52584384cf5ca3ca6ee
Opcode Fuzzy Hash: c9ba7e3ea939cfa4c84405637764614e8252604aee2d84b0f892cc165385e758
Instruction Fuzzy Hash: F851A062719F8185EE10AB65E4041A9E2A0EB04BF4F984636EF7C07BE9CF7CD5A5C350

Function 00007FF7122CEBE0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122CED8F

Strings

bool __cdecl sj::FeatureFlags::generateConfig(enum sj::ComponentType,const class std::filesystem::path &) const, xrefs: 00007FF7122CEDF8
j, xrefs: 00007FF7122CEDD3
version, xrefs: 00007FF7122CECB1
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\FeatureFlags.cpp, xrefs: 00007FF7122CEDE9
=, xrefs: 00007FF7122CEE16
Feature flags does not contain information for component '{}', xrefs: 00007FF7122CEE07

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: =$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\FeatureFlags.cpp$Feature flags does not contain information for component '{}'$bool __cdecl sj::FeatureFlags::generateConfig(enum sj::ComponentType,const class std::filesystem::path &) const$j$version
API String ID: 3668304517-220080064
Opcode ID: e81428f6cfcba8bdea5d318c92e6691622b57c08598323300aa1873e395e6f1c
Instruction ID: 5f8ab2699bad492659d45b402a85212ef09ebb675520b29c8e1a85f49c680afb
Opcode Fuzzy Hash: e81428f6cfcba8bdea5d318c92e6691622b57c08598323300aa1873e395e6f1c
Instruction Fuzzy Hash: C961716261CBC581DB60DB14E4803AEF761FB957A4F819136EA8D03BA9DFBCD158CB10

Function 00007FF7122A8BF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 134COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A8CA5
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT(?,?,?,?,?,?,?,?,?,?,?,00007FF7122AA628), ref: 00007FF7122A8DAB

Strings

invalid format string, xrefs: 00007FF7122A8CD2, 00007FF7122A8D7D
cannot switch from manual to automatic argument indexing, xrefs: 00007FF7122A8DA4
cannot switch from automatic to manual argument indexing, xrefs: 00007FF7122A8C9E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: cannot switch from automatic to manual argument indexing$cannot switch from manual to automatic argument indexing$invalid format string
API String ID: 4276112833-2389466755
Opcode ID: f96f31ba52da6647e1ac8f56c008f0bc7987eabce5b7e28dbee4173007e0f3de
Instruction ID: 54ff06f10bbe812ff15f2aaa68e8447e9711b093dab4580bd599506e8fad981b
Opcode Fuzzy Hash: f96f31ba52da6647e1ac8f56c008f0bc7987eabce5b7e28dbee4173007e0f3de
Instruction Fuzzy Hash: 7751C722A0CE8581E6A4AF24D4002BDA760FF59FB4FC54131EA8D42E95DFFCE489CB11

Function 00007FF7122B04E0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B0628

Part of subcall function 00007FF71229F340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF71229F383
Part of subcall function 00007FF71229F340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF71229F3D4

Strings

Feature flags check is postponed., xrefs: 00007FF7122B068A
<-- , xrefs: 00007FF7122B058C
performUpdate, xrefs: 00007FF7122B05CA
--> , xrefs: 00007FF7122B05A0
void __cdecl sj::Updater::Impl::performUpdate(void) noexcept, xrefs: 00007FF7122B067E
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122B0672

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@_invalid_parameter_noinfo_noreturn
String ID: --> $<-- $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Feature flags check is postponed.$performUpdate$void __cdecl sj::Updater::Impl::performUpdate(void) noexcept
API String ID: 298516329-4085169699
Opcode ID: 5856560ca6d758134cbf83f19b6790a059f74ba6c41449f8e19a53d1b1c5c2b3
Instruction ID: 4d192dc4b9bd7baf4004bd484013ff28172154ca63798ca9404cee3cfe4fe49e
Opcode Fuzzy Hash: 5856560ca6d758134cbf83f19b6790a059f74ba6c41449f8e19a53d1b1c5c2b3
Instruction Fuzzy Hash: 6951CA71A08F4242EA10EB25F4502FEF361FB857A4F915132EA8D07A96DFACE649C710

Function 00007FF712295790 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 54COMMON

Download Yara Rule

APIs

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122957B9

Strings

, details: , xrefs: 00007FF7122957A1
=, xrefs: 00007FF712295867
auto __cdecl sj::ScopedLogger<2>::{dtor}::<lambda_1>::operator ()(void) const, xrefs: 00007FF71229581E
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF7122957F9
,, xrefs: 00007FF7122957EE
{}{}, xrefs: 00007FF71229582D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@
String ID: ,$, details: $=$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$auto __cdecl sj::ScopedLogger<2>::{dtor}::<lambda_1>::operator ()(void) const${}{}
API String ID: 3714795773-7912079
Opcode ID: c3e8b44bb5b772fa5a3cc45628adc2e92af1528e27643011ca1d7199d7e36f9b
Instruction ID: 8d9f2170242f670aee330be5f984129a1be63eacb56b64f433a41a0d1aee869f
Opcode Fuzzy Hash: c3e8b44bb5b772fa5a3cc45628adc2e92af1528e27643011ca1d7199d7e36f9b
Instruction Fuzzy Hash: FB21F932909F95D5EB619B14F4043EDB3A4FF84354FA04236DA8802A94EFBDD5ADCB11

Function 00007FF7122B0190 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 53COMMON

Download Yara Rule

APIs

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122B01B9

Strings

, details: , xrefs: 00007FF7122B01A1
,, xrefs: 00007FF7122B01EE
auto __cdecl sj::ScopedLogger<0>::{dtor}::<lambda_1>::operator ()(void) const, xrefs: 00007FF7122B021E
=, xrefs: 00007FF7122B0267
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF7122B01F9
{}{}, xrefs: 00007FF7122B022D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@
String ID: ,$, details: $=$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$auto __cdecl sj::ScopedLogger<0>::{dtor}::<lambda_1>::operator ()(void) const${}{}
API String ID: 3714795773-3554755221
Opcode ID: 63ab663453a1ebd481734043507adb35553b16dddc6b69db1e498707d21cc316
Instruction ID: 11003488e90aac9cee5c527f51ce72af525de460e63a4e9cd1be3b0f6d9efa1e
Opcode Fuzzy Hash: 63ab663453a1ebd481734043507adb35553b16dddc6b69db1e498707d21cc316
Instruction Fuzzy Hash: 45210C3290DF85D5EB669F14F0043AEB3A4FB48354F90523ADA88126A4DFBCD65DCB11

Function 00007FF7122AFAE0 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF7122AFB19
SetEvent.KERNEL32 ref: 00007FF7122AFB3F
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AFB73
CloseHandle.KERNEL32 ref: 00007FF7122AFB98
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AFBB4
CloseHandle.KERNEL32 ref: 00007FF7122AFC1C
CloseHandle.KERNEL32 ref: 00007FF7122AFC26
DeleteCriticalSection.KERNEL32 ref: 00007FF7122AFC30

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$CloseHandle$Leave$DeleteEnterEvent
String ID:
API String ID: 1870084288-0
Opcode ID: c911e8eabcb18470f2729bc5f1e00cf57b61314b285eb44e439f9ef2ddbc456c
Instruction ID: 023dcc1b4db1a3d5fd5ff8e5b88fb85a2f091664e1c030362e8ce1ed599aac3b
Opcode Fuzzy Hash: c911e8eabcb18470f2729bc5f1e00cf57b61314b285eb44e439f9ef2ddbc456c
Instruction Fuzzy Hash: 60415322A09F81C6EB54AF21D4547ADB3A0FB48F68F884535DE4D07A94DFBDD898C324

Function 00007FF7122FEE30 Relevance: 12.1, APIs: 8, Instructions: 81COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEE76
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEE84
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEE90
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEEB1
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEEC2
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEED0
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FEEDC
memmove.VCRUNTIME140 ref: 00007FF7122FEF12

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@memmove
String ID:
API String ID: 1084301519-0
Opcode ID: 63a78ba685fe670b5381cd139ebff67eb31b732d5e5721fe063cb7ae6b7021b5
Instruction ID: a50ecfe4ea18c2a1130921cd254ea7a37b01ba21b9761360d9069b6da7d795cb
Opcode Fuzzy Hash: 63a78ba685fe670b5381cd139ebff67eb31b732d5e5721fe063cb7ae6b7021b5
Instruction Fuzzy Hash: 8131D721A09F5186EB25AF21E40426DA390FF84FD4F890131DE8D47795DF7CE59AC718

Function 00007FF7122C1B10 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C1B2D
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C1B3B
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C1B43
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C1B4F
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122C1B5B
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF7122C1B98
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z.MSVCP140 ref: 00007FF7122C1BA6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122C1BCC

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@$?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@D00@_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3548242540-0
Opcode ID: e4a3473cf8bb8f8b81c3db78e0d12dd373cc025e369511375e62d958eade09cb
Instruction ID: a9bb2e11a5bfa396e7bad06bdbd11204b1bedd5e7be2230a773e966e58023b7c
Opcode Fuzzy Hash: e4a3473cf8bb8f8b81c3db78e0d12dd373cc025e369511375e62d958eade09cb
Instruction Fuzzy Hash: 98117535B15F5281EB14AF69E81936CA250AF89BB4F940130DE1E427E4DEBC94A9C718

Function 00007FF7122DC310 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 384COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DC6F2

Part of subcall function 00007FF712297240: __std_fs_code_page.MSVCPRT ref: 00007FF712297263
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972B1
Part of subcall function 00007FF712297240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7122972E9

Part of subcall function 00007FF712295C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295CCB

Part of subcall function 00007FF7122DA1B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DA427
Part of subcall function 00007FF7122DA1B0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122DA42E
Part of subcall function 00007FF7122DA1B0: memcmp.VCRUNTIME140 ref: 00007FF7122DA4BF
Part of subcall function 00007FF7122DA1B0: memcmp.VCRUNTIME140 ref: 00007FF7122DA4F3

Part of subcall function 00007FF7122DA1B0: memcmp.VCRUNTIME140 ref: 00007FF7122DA588

Strings

.user.json, xrefs: 00007FF7122DC849
config, xrefs: 00007FF7122DC3D2
sj-common.json, xrefs: 00007FF7122DC49D
env, xrefs: 00007FF7122DC4E8
SJPulse, xrefs: 00007FF7122DC3F9

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcmp$__std_fs_convert_narrow_to_wide$Concurrency::cancel_current_task__std_fs_code_page
String ID: .user.json$SJPulse$config$env$sj-common.json
API String ID: 758345005-546559227
Opcode ID: bcb82b46270fba77c42b15c136fbc1f5d7da0349af45b7d6153be3244755b65d
Instruction ID: ad18c64fd3baf20c293ff5b8ff3f6618582b46d9daf7583a5319cf050ddae2fa
Opcode Fuzzy Hash: bcb82b46270fba77c42b15c136fbc1f5d7da0349af45b7d6153be3244755b65d
Instruction Fuzzy Hash: A712A363A18F8295EB10EF24D4403EDA360FB95358FD16131EA8C579AADFB8D688C750

Function 00007FF712297480 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229953C), ref: 00007FF71229751E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229953C), ref: 00007FF712297576
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71229953C), ref: 00007FF712297580
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122976A2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712297748

Strings

{0}, xrefs: 00007FF71229767B

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcpy$??$vformat_to@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@@12@V?$basic_format_args@V?$basic_format_context@V?$basic_string_view@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@
String ID: {0}
API String ID: 1452291513-1444373969
Opcode ID: 85d069f9a62ef2684019c043d1192520ff0fd4d764a6813e41d85d9f230a5784
Instruction ID: d522361e1c868f462c7d1863b0ad2f40f8b1998cb196c042daed13b0d63b066f
Opcode Fuzzy Hash: 85d069f9a62ef2684019c043d1192520ff0fd4d764a6813e41d85d9f230a5784
Instruction Fuzzy Hash: 6A81AF62B04F9585EB10EB25E5402ADB3A0FB48BE4F954232DE9D07B98EF7CD159C700

Function 00007FF712307170 Relevance: 10.7, APIs: 7, Instructions: 203COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000002,?,00000000,00007FF712306DBB), ref: 00007FF71230722A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000002,?,00000000,00007FF712306DBB), ref: 00007FF712307243
memmove.VCRUNTIME140(00000002,?,00000000,00007FF712306DBB), ref: 00007FF71230726D
memmove.VCRUNTIME140(00000002,?,00000000,00007FF712306DBB), ref: 00007FF71230728B
memmove.VCRUNTIME140(00000002,?,00000000,00007FF712306DBB), ref: 00007FF7123072B5
memset.VCRUNTIME140 ref: 00007FF712307370

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 1392643149-0
Opcode ID: 022f988f29079a02106b2ffc7a6c0b703d0e808805a31999be6f43207e2f8f7a
Instruction ID: e87845f32be758d32b93d93caabcad2e8fac6504267ccb953248a81264cf26dd
Opcode Fuzzy Hash: 022f988f29079a02106b2ffc7a6c0b703d0e808805a31999be6f43207e2f8f7a
Instruction Fuzzy Hash: 6F71F722B09F8185EB05EB25E44037DA354EB48BE0F984579DE4C07795DF7CD099C320

Function 00007FF7122A4F10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF7122A4F5A
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A4FDE
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A508F
??$get@Vlocale@std@@@locale_ref@detail@v10@fmt@@QEBA?AVlocale@std@@XZ.FMT ref: 00007FF7122A50EA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A51D7

Part of subcall function 00007FF7122B1C80: memcmp.VCRUNTIME140 ref: 00007FF7122B1D19

Strings

argument not found, xrefs: 00007FF7122A4FD7, 00007FF7122A5088

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@$??$get@Vlocale@std@@Vlocale@std@@@locale_ref@detail@v10@fmt@@_invalid_parameter_noinfo_noreturnmemcmpmemset
String ID: argument not found
API String ID: 2706344375-3524968529
Opcode ID: 8ddaeadf23830fbfaf3a19409a215e032c998ec2118d3b36c8804dbe5eedb5d9
Instruction ID: b7ba207e347b0e65ff73d5620e346cfbcfe4d1a04f489ead5ae9d695444cddfd
Opcode Fuzzy Hash: 8ddaeadf23830fbfaf3a19409a215e032c998ec2118d3b36c8804dbe5eedb5d9
Instruction Fuzzy Hash: BE91C122E18F8186EB41DB78E4402FEB3B0FB99768F504225EE4D16E59EF78D199C710

Function 00007FF712294730 Relevance: 10.7, APIs: 7, Instructions: 185COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF71229477B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF71229478F
memset.VCRUNTIME140 ref: 00007FF7122947B6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF712294945
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF712294A5B
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF712294A74
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712294AC8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 477caff914549137520409a76789c44fdde8969191c31e8308fcd1561b4dc563
Instruction ID: 87947a1e50503d030e9afe879c547e510d6d3410ec5b36e2f5a3817fce15ebd3
Opcode Fuzzy Hash: 477caff914549137520409a76789c44fdde8969191c31e8308fcd1561b4dc563
Instruction Fuzzy Hash: 81A10832608FC595DA319B19F4443EAB3A4FB89794F804226DBCD03B69EF78D599CB10

Function 00007FF712294380 Relevance: 10.7, APIs: 7, Instructions: 180COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122943CB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122943DF
memset.VCRUNTIME140 ref: 00007FF712294406
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF712294572
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF71229468B
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122946A4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122946F8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 5251e409ef4c27480c52c8a95b905093ffc9aaf0657bad49e8300587c316af58
Instruction ID: 381050c029ad6a81d1af7eee8e1d8649aba690b1ead79cf0107a3a4d369d4fc5
Opcode Fuzzy Hash: 5251e409ef4c27480c52c8a95b905093ffc9aaf0657bad49e8300587c316af58
Instruction Fuzzy Hash: 39911636608FC581DB719B19F4443EAB364FB89794F804226DACD03B69EF78D599CB10

Function 00007FF7122A72E0 Relevance: 10.7, APIs: 7, Instructions: 177COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A7325
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A7339
memset.VCRUNTIME140 ref: 00007FF7122A7360
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A74A8
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A75B7
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A75D0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A7624

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: ca399d3ec58a29a4a19a612613ee7fc495ef3d9279e0ab59c4cfcc9290e77174
Instruction ID: 1dbe36830801e8e633b6f03c01443946e1dba9987ede91bfddcdf4c5514eadae
Opcode Fuzzy Hash: ca399d3ec58a29a4a19a612613ee7fc495ef3d9279e0ab59c4cfcc9290e77174
Instruction Fuzzy Hash: 44911A32609FC585DB619B14F4443AEF3A4FB897A4F804126DACD03B69EF78D599CB10

Function 00007FF7122FFB20 Relevance: 10.7, APIs: 7, Instructions: 173COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122FFB65
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122FFB79
memset.VCRUNTIME140 ref: 00007FF7122FFBA0
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122FFCDE
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122FFDE9
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122FFE02
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122FFE56

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 786df2c517e17aeb9c2e58edc998353f7e174cb8cc10bf2970a98d6d8e40b1fb
Instruction ID: 3022679f368e9a2304218695b5480b5bb47d858e6ff95c00ec507190a4734ec8
Opcode Fuzzy Hash: 786df2c517e17aeb9c2e58edc998353f7e174cb8cc10bf2970a98d6d8e40b1fb
Instruction Fuzzy Hash: 27911A32608FC582DB619B14F4443EEB364FB897A4F804126DACD43B69EF78D599CB50

Function 00007FF712293D30 Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF712293D7B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF712293D8F
memset.VCRUNTIME140 ref: 00007FF712293DB6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF712293EC6
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF712293FD1
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF712293FEA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229403E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: e22f9a8dae4e87dfb2867837728cd96dfc1fe08a7cbb77c3a63fe73f632f0a66
Instruction ID: 9d6ad559d532cd451ba117933e301bcfdb6e69c30568bbea0076b6d625ae71b6
Opcode Fuzzy Hash: e22f9a8dae4e87dfb2867837728cd96dfc1fe08a7cbb77c3a63fe73f632f0a66
Instruction Fuzzy Hash: 6B811A32A08FC581DB619B15F4443AEB3A4FB89794F904126EBCD03B69DFB8D599CB10

Function 00007FF7122A86A0 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A86EB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A86FF
memset.VCRUNTIME140 ref: 00007FF7122A8726
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A8822
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A8931
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A894A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A899E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 2b5eec5e36ea4908f1b7b99489612c0141f7c9cc658afbeb9e8cece5d66bbc1a
Instruction ID: 9db4ba412e21b26eb51d9188d9885327695b44d505b875bcefbb805866b18082
Opcode Fuzzy Hash: 2b5eec5e36ea4908f1b7b99489612c0141f7c9cc658afbeb9e8cece5d66bbc1a
Instruction Fuzzy Hash: A381E932609FC581DB619B15F4443EAB364FB897A4F804226DBCD03B69DFB8D599CB10

Function 00007FF7123B80D0 Relevance: 10.7, APIs: 7, Instructions: 162COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7123B811B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7123B812F
memset.VCRUNTIME140 ref: 00007FF7123B8156
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7123B8247
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7123B8351
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7123B836A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123B83BE

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 2c8bb85613cca43e580097fc06bae1eafb84174dc8e0fdea86be1d187ad1eecc
Instruction ID: 3f2277c18a61a798326d191cc0f8c3cc6f254b52940195e5cebca04a32d78206
Opcode Fuzzy Hash: 2c8bb85613cca43e580097fc06bae1eafb84174dc8e0fdea86be1d187ad1eecc
Instruction Fuzzy Hash: 1C811A32609FC586DB619B14F4443EAB364FB89764F804226DBCD03B59DFB8D599CB10

Function 00007FF7122A6FC0 Relevance: 10.7, APIs: 7, Instructions: 161COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122A700D
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122A701E
memset.VCRUNTIME140 ref: 00007FF7122A7045
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122A7129
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122A723A
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122A7253
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A72A7

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: bfe2785224e012604408371ff55be6b16cc8ffa755e39fd9eca93efcaf815295
Instruction ID: 21515c9331b875487d087717dc6925b59772cdc3a22d7bbc65d870b9d83ed2d9
Opcode Fuzzy Hash: bfe2785224e012604408371ff55be6b16cc8ffa755e39fd9eca93efcaf815295
Instruction Fuzzy Hash: 42812C32518FC581DB619B15F4843EEB3A4FB88764F804125DACD03B68DF78D599CB10

Function 00007FF71229D070 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

_CxxThrowException.VCRUNTIME140 ref: 00007FF71229D204
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229D28D

Strings

Number expected for '{}', but {} given., xrefs: 00007FF71229D29D
Rounding detected for '{}'. {} become {}, xrefs: 00007FF71229D23E
', xrefs: 00007FF71229D2A9
(, xrefs: 00007FF71229D24A
Attempting to assign negative number '{}' to a variable expecting positive number '{}', xrefs: 00007FF71229D1BF

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrowmemchr
String ID: '$($Attempting to assign negative number '{}' to a variable expecting positive number '{}'$Number expected for '{}', but {} given.$Rounding detected for '{}'. {} become {}
API String ID: 4071565095-2198650091
Opcode ID: 74dc02c9c717f047005757f268b2aa3c334873b52a847ef64fb3c1be66dec98f
Instruction ID: 5a2a81ea26f6cda0390a1c5cff1bcdc4e445a9fa28152295ade2aa6076e46eae
Opcode Fuzzy Hash: 74dc02c9c717f047005757f268b2aa3c334873b52a847ef64fb3c1be66dec98f
Instruction Fuzzy Hash: 8E61F422A18E8195EE11BB20E4412FEE360FF957A0FD14236FA8D13A59EFBCD549C710

Function 00007FF7122D7730 Relevance: 10.7, APIs: 7, Instructions: 156COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122D777B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122D778F
memset.VCRUNTIME140 ref: 00007FF7122D77B6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122D788B
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122D7997
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122D79B0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D7A04

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 6d7f3f8e7ed4ab6d9ba08be01be26cdee563922883153caada6aa637d8916fc9
Instruction ID: 87822af3abca622d42a5ebadc073edd1c91115c4d118dc2f7aefb724595989e3
Opcode Fuzzy Hash: 6d7f3f8e7ed4ab6d9ba08be01be26cdee563922883153caada6aa637d8916fc9
Instruction Fuzzy Hash: 00711732608FC581DB619B14F8843EEB364FB88764F804226DACD43A69DFBCD599CB10

Function 00007FF7122D5220 Relevance: 10.7, APIs: 7, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122D526B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122D527F
memset.VCRUNTIME140 ref: 00007FF7122D52A6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122D537D
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122D5488
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122D54A1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D54F5

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: c1a8e7853a77cf52d7fc41c31ded951125bc15e8d19691b2e8185e7862f57f6b
Instruction ID: 8d367cd00796b9ff9f9a0b8367e3408dd3c3f82adf16c73a1f3ebca23f50eeaf
Opcode Fuzzy Hash: c1a8e7853a77cf52d7fc41c31ded951125bc15e8d19691b2e8185e7862f57f6b
Instruction Fuzzy Hash: C6710B32608FC581DB619B15F4843EEB364FB88765F804226DACD43B69DFB8D599CB10

Function 00007FF712294070 Relevance: 10.7, APIs: 7, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF7122940BB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF7122940CF
memset.VCRUNTIME140 ref: 00007FF7122940F6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122941CD
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF7122942D8
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF7122942F1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712294345

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: dd0194b5a12faf51e93738dfb1abf8c36334fbcde7dddc78c1cba55ed25f8f97
Instruction ID: e553efed12eeac2be0a58f50ff1614f7ce45f821e34974211d1c7669447efbfe
Opcode Fuzzy Hash: dd0194b5a12faf51e93738dfb1abf8c36334fbcde7dddc78c1cba55ed25f8f97
Instruction Fuzzy Hash: 1A711932608FC581DB619B15F4843EEB364FB88764F804226DACD43B69DFB8D599CB10

Function 00007FF7122AC300 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 153COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122B49E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B4ACD
Part of subcall function 00007FF7122B49E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B4B25

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122AC3AC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122AC4F3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122AC4FA

Strings

__cdecl sj::ScopedLogger<0>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc, xrefs: 00007FF7122AC3F7
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF7122AC3DA
{}{}, xrefs: 00007FF7122AC402

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<0>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc${}{}
API String ID: 1965997411-2365327245
Opcode ID: 98f6d69e185f5ce941139f3f2c5b52a76e29f0ca814b2cf19e7af23f4e4f4936
Instruction ID: c83e5f5c0c04cd8c235bebf3e689cca7bd50398e12971ef2f81bb264acfc92a6
Opcode Fuzzy Hash: 98f6d69e185f5ce941139f3f2c5b52a76e29f0ca814b2cf19e7af23f4e4f4936
Instruction Fuzzy Hash: 4F518962A08F8186E710DF24E4403AD73B0FB15B58F815535DF8817A56DFB8E5E9C354

Function 00007FF7122FF7B0 Relevance: 10.6, APIs: 7, Instructions: 148COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF7122FF8B2
memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF7122FF8C2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF7122FF8FA
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF7122FF904
memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF7122FF912
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122FF94B
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122FF9AA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpymemset$?vformat@v10@fmt@@Concurrency::cancel_current_taskD@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3674355824-0
Opcode ID: 553357235264cbe47d3ab93ff114a3c94fd35580af6d0d54b52bb9ba995142bd
Instruction ID: 32c2c687dd37d38b3617fb898cac5472d23b5e515a5a5143ab9cd97ed1fdcd85
Opcode Fuzzy Hash: 553357235264cbe47d3ab93ff114a3c94fd35580af6d0d54b52bb9ba995142bd
Instruction Fuzzy Hash: C751AF62B08F8582EB10AB15E1042ADB361FB48BE0FA44235DFAD07795DFBCD599C350

Function 00007FF7122AC510 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF7122AC5A4
memmove.VCRUNTIME140 ref: 00007FF7122AC5E8
memcpy.VCRUNTIME140 ref: 00007FF7122AC600
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122AC683
memcpy.VCRUNTIME140 ref: 00007FF7122AC6B5
memcpy.VCRUNTIME140 ref: 00007FF7122AC6D0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122AC6F3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemmove
String ID:
API String ID: 1624905924-0
Opcode ID: 601c5481530e0f397be1479fba8c7a944ba2309148df3cdfb556d0716856c3ca
Instruction ID: 5bdddfd28aa6e389af6a944e30bcfd038a20e90662e3c64fe8e9902739a87813
Opcode Fuzzy Hash: 601c5481530e0f397be1479fba8c7a944ba2309148df3cdfb556d0716856c3ca
Instruction Fuzzy Hash: E051F332A08F8192EA40EF25E54026D7360FB54FA4F954636DF6C17B81CFB8E598D350

Function 00007FF712303F80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122C57F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C58F7
Part of subcall function 00007FF7122C57F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF712303FA9), ref: 00007FF7122C5948

Part of subcall function 00007FF7122CF730: memmove.VCRUNTIME140 ref: 00007FF7122CF81F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,000001A4,00000001,00007FF712306280), ref: 00007FF7123040AB
__std_exception_destroy.VCRUNTIME140(?,?,?,?,?,000001A4,00000001,00007FF712306280), ref: 00007FF7123040D7
__std_exception_destroy.VCRUNTIME140(?,?,?,?,?,000001A4,00000001,00007FF712306280), ref: 00007FF7123040E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,000001A4,00000001,00007FF712306280), ref: 00007FF71230411C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,000001A4,00000001,00007FF712306280), ref: 00007FF71230416B

Strings

value, xrefs: 00007FF712303FEA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memcpymemmove
String ID: value
API String ID: 3736344271-494360628
Opcode ID: 288d04e3c262521ef4960561f3e11cbe8817ad90a21e14f412ff6aebfac9e90c
Instruction ID: 3c42e34d619d517806b420ff93867a9dfd2a3134df3c77547fe1858cde20325c
Opcode Fuzzy Hash: 288d04e3c262521ef4960561f3e11cbe8817ad90a21e14f412ff6aebfac9e90c
Instruction Fuzzy Hash: 2C51D062F04E4285FB10EB74E0003FDA321EB557B8F805335DE6D22ADADEB8D589C264

Function 00007FF7122AB5D5 Relevance: 10.6, APIs: 7, Instructions: 135COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF7122AB664
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF7122AB67D
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF7122AB6AF
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF7122AB6D7
std::_Facet_Register.LIBCPMT ref: 00007FF7122AB6F2
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122AB717
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z.MSVCP140 ref: 00007FF7122AB75C
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AB7AD
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AB7DD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122AB7E3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Lockit@std@@Mbstatet@@@std@@$??0_??1_?in@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskExceptionFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterThrowV42@@Vfacet@locale@2@__std_exception_copystd::_
String ID:
API String ID: 1980819556-0
Opcode ID: 4e8b500a9831ba73ae607ce28a9e8650e87a1a22a1ad9aca4b6363d5e2f01a2e
Instruction ID: 7c2c52c06819702d404621a5c2eaf911096a6372848d5fbf5977f1c9ff826bc7
Opcode Fuzzy Hash: 4e8b500a9831ba73ae607ce28a9e8650e87a1a22a1ad9aca4b6363d5e2f01a2e
Instruction Fuzzy Hash: 09416A22A09F4196EB11AF65E8503EC7360FB58BA8F854536DE4C47B94EFBCD499C320

Function 00007FF712293820 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF712293922
memset.VCRUNTIME140 ref: 00007FF712293932
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229396A
memset.VCRUNTIME140 ref: 00007FF712293982
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122939BB

Strings

sj-app, xrefs: 00007FF712293824

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemcpy
String ID: sj-app
API String ID: 1584038639-2340515614
Opcode ID: 3bef9efe2ad90a34ad4514a73887f4d0cafa64aedcbdaeea57daf3d12e439c70
Instruction ID: 9b0884159fbd9072f7213c1aa76c982875af15a378b07ce4834046af84a1bcfa
Opcode Fuzzy Hash: 3bef9efe2ad90a34ad4514a73887f4d0cafa64aedcbdaeea57daf3d12e439c70
Instruction Fuzzy Hash: 6E41B262B09B9185EE20AB15E1043ADA3A1FB04BE4FA54635DFAD0B789DFBCD459C310

Function 00007FF7122B4500 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B46D6

Part of subcall function 00007FF7122A65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B4613

Strings

#, xrefs: 00007FF7122B459C
Failed to download JSON file: '{}'., xrefs: 00007FF7122B4590
class std::optional<class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann:, xrefs: 00007FF7122B4581
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF7122B4575

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@
String ID: #$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Failed to download JSON file: '{}'.$class std::optional<class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann:
API String ID: 1965997411-2301830536
Opcode ID: aaa598d28d0ba1703fdfa66e926a40339ce5c342764f547ed5d16dc0cbca9074
Instruction ID: b27b45df6dc28e6e85891ec4eaa27dd9c491a128e3c48e8a0d0a2564fb1c3458
Opcode Fuzzy Hash: aaa598d28d0ba1703fdfa66e926a40339ce5c342764f547ed5d16dc0cbca9074
Instruction Fuzzy Hash: 69516262618FC585EB209B24E0543AEB3A1FB897A4F514235DBDC07B99DFBCD588CB10

Function 00007FF7122AEAF0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 109COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122AEC60

Strings

__cdecl sj::ScopedLogger<0>::~ScopedLogger(void) noexcept, xrefs: 00007FF7122AEB16
~ScopedLogger, xrefs: 00007FF7122AEAFF
3, xrefs: 00007FF7122AEB45
3, xrefs: 00007FF7122AEB29
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF7122AEB31

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: 3$3$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<0>::~ScopedLogger(void) noexcept$~ScopedLogger
API String ID: 3668304517-2941667751
Opcode ID: 311d0b94104fc622cefa3433c9a713e480951b7e99620925dc2cc3bbe3bb7180
Instruction ID: 881b90678f5ad52f04da5e0e708e04f28878a0e1f2e6509750387caa2f326c28
Opcode Fuzzy Hash: 311d0b94104fc622cefa3433c9a713e480951b7e99620925dc2cc3bbe3bb7180
Instruction Fuzzy Hash: A7418072608B8481EB51EF24E09836DB3A1F744FA8F914136DB8D07A59DFBDC999C350

Function 00007FF71229A850 Relevance: 10.6, APIs: 7, Instructions: 109COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140 ref: 00007FF71229A874
_Mtx_unlock.MSVCP140 ref: 00007FF71229A8B6
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF71229A8D0
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF71229A8DB
_Mtx_lock.MSVCP140 ref: 00007FF71229A920
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF71229A970
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF71229A97B

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$Mtx_lock$Mtx_unlock
String ID:
API String ID: 134073552-0
Opcode ID: ab8af4836c3803c3d1614d797c9068100af42ed2297bfc98a56bb43e76902045
Instruction ID: 93672b4b9e2102c6fc2d110d2e1d9729b1080aa14658ea60a46a32ae01be85c5
Opcode Fuzzy Hash: ab8af4836c3803c3d1614d797c9068100af42ed2297bfc98a56bb43e76902045
Instruction Fuzzy Hash: A931D321A08A8586EF18AB35D05137DA350FF84BA4FA88134DB5D436D5DFACD899C721

Function 00007FF7122958A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 107COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712295A38

Strings

3, xrefs: 00007FF7122958F7
~ScopedLogger, xrefs: 00007FF7122958B3
3, xrefs: 00007FF7122958E0
__cdecl sj::ScopedLogger<2>::~ScopedLogger(void) noexcept, xrefs: 00007FF7122958CA
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF7122958D9

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: 3$3$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<2>::~ScopedLogger(void) noexcept$~ScopedLogger
API String ID: 3668304517-1355120257
Opcode ID: 191744375a2de65ab047132604da87dc71376fd87646923001e339cb40b87425
Instruction ID: a73d82f6ddc66fcf0c0a0445e4f076fd3e66c3d8c781da10667690cc06771b6a
Opcode Fuzzy Hash: 191744375a2de65ab047132604da87dc71376fd87646923001e339cb40b87425
Instruction Fuzzy Hash: 8E417072708B8185EB149B14E0983AC7361FB45BA8F914135DB9C0A759DFBDD9ECC350

Function 00007FF7122F6BF0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F6C84

Strings

/log, xrefs: 00007FF7122F6CF0
/metric, xrefs: 00007FF7122F6D1F
/newrelic, xrefs: 00007FF7122F6C33
/trace, xrefs: 00007FF7122F6D4E
/event, xrefs: 00007FF7122F6CC4

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memchr$_invalid_parameter_noinfo_noreturnmemcpy
String ID: /event$/log$/metric$/newrelic$/trace
API String ID: 3101834445-764407026
Opcode ID: f548bbcb6fb1eea0f5484e6b0a2f2d4bd8b7e397df3af7f8c53ff400d2c63939
Instruction ID: ee56e86967f194747350c0a84a350d5c558661f6e6d805f1f953bc90007ad61c
Opcode Fuzzy Hash: f548bbcb6fb1eea0f5484e6b0a2f2d4bd8b7e397df3af7f8c53ff400d2c63939
Instruction Fuzzy Hash: 71516D62F14F5298FB00ABB4D8413ECA371FB48768F915235DE5C26A59EFB8A159C310

Function 00007FF7122AB160 Relevance: 10.6, APIs: 7, Instructions: 99COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF7122A4C70), ref: 00007FF7122AB19E
__std_type_info_compare.VCRUNTIME140 ref: 00007FF7122AB1ED
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AB206
EnterCriticalSection.KERNEL32 ref: 00007FF7122AB228
__std_type_info_compare.VCRUNTIME140 ref: 00007FF7122AB260
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AB281
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AB2BA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$Enter__std_type_info_compare
String ID:
API String ID: 1305417736-0
Opcode ID: b7ab21b11e32ef0b14fb0a12f2bf48d4ee7e65be1d4a5d5d2aaede0b50970431
Instruction ID: e8f9c6b1ef9bb430b654a64ec59d00ec0244d00355fa75b99fa7d75c1ab508dc
Opcode Fuzzy Hash: b7ab21b11e32ef0b14fb0a12f2bf48d4ee7e65be1d4a5d5d2aaede0b50970431
Instruction Fuzzy Hash: 7F414F22A09F8185EA95AF21944027DA3A0FF99FA4F494536EE8D03F59EFBCE444C314

Function 00007FF7122AAE80 Relevance: 10.6, APIs: 7, Instructions: 99COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF7122AAEBD
__std_type_info_compare.VCRUNTIME140 ref: 00007FF7122AAF0D
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AAF26
EnterCriticalSection.KERNEL32 ref: 00007FF7122AAF48
__std_type_info_compare.VCRUNTIME140 ref: 00007FF7122AAF80
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AAFA1
LeaveCriticalSection.KERNEL32 ref: 00007FF7122AAFDA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$Enter__std_type_info_compare
String ID:
API String ID: 1305417736-0
Opcode ID: 934303032dca120c12c4baf4570b7d858df67c2923e339e288e6d7572d2c8304
Instruction ID: 21b25d87d6c9ad8bf55f06be36be0e848a1f1bdea1698e62d92ab3cdd2e05bd7
Opcode Fuzzy Hash: 934303032dca120c12c4baf4570b7d858df67c2923e339e288e6d7572d2c8304
Instruction Fuzzy Hash: AD416F62A09F8285EA99AF11944027DE360FF88FA4F494531EE8D47F49DFBDE448C714

Function 00007FF7122D6D50 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122D6270: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122D62B8

Part of subcall function 00007FF71229F340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF71229F383
Part of subcall function 00007FF71229F340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF71229F3D4

signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D6E13
signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D6E25

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\ConsoleApplication.cpp, xrefs: 00007FF7122D6D8B
Registered SIGINT and SIGTERM, xrefs: 00007FF7122D6DF2
sj::ConsoleApplication::run, xrefs: 00007FF7122D6DC6
void __cdecl sj::ConsoleApplication::run(void) const, xrefs: 00007FF7122D6D96

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@signal$?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@W4level_enum@level@2@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\ConsoleApplication.cpp$Registered SIGINT and SIGTERM$sj::ConsoleApplication::run$void __cdecl sj::ConsoleApplication::run(void) const
API String ID: 2709538909-2736404026
Opcode ID: 76665a8892fd6cc400b0e809d455ab74943f8cb60b669b62b3bb206923bf2aec
Instruction ID: 653c4ee31636e28f63073648133f03b0fc7359dda42f38abdd3eb06b952f6c3b
Opcode Fuzzy Hash: 76665a8892fd6cc400b0e809d455ab74943f8cb60b669b62b3bb206923bf2aec
Instruction Fuzzy Hash: D7415932B04F4589EB20DF70E4406ACB3A5FB48B98F854536EE4D17A59CF78E959C350

Function 00007FF7122D93A0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D93CD
??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D93E7
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D9419
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D9443
std::_Facet_Register.LIBCPMT ref: 00007FF7122D945C
??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7122D8DF0,?,?,?,00000000,?,?,?,00007FF7122D970C), ref: 00007FF7122D947B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122D94A6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@RegisterV42@@Vfacet@locale@2@W@std@@std::_
String ID:
API String ID: 3972169111-0
Opcode ID: 7190d2af73d65b90328849dad8d247bc0bb61af88903315c2e7bd7e9c7039273
Instruction ID: 386940ae996fbf0c5aa258dfb73e7dd522e1bd5334ab33b7b3d6b03b8bed177d
Opcode Fuzzy Hash: 7190d2af73d65b90328849dad8d247bc0bb61af88903315c2e7bd7e9c7039273
Instruction Fuzzy Hash: 83316036608F4581EB24AF11E440169B361FB88BB4F884631EF8E077A5DF7CE899C714

Function 00007FF7122AA18C Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA39E
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA3CB
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA3EC
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA419
__std_exception_copy.VCRUNTIME140 ref: 00007FF7122AA43A
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122AA467

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow__std_exception_copy
String ID:
API String ID: 1552479455-0
Opcode ID: 17ff3a1a2724ef56e09fa7d03955a1be1c203bc3fc2dd94bc7b1faf0ebed9fab
Instruction ID: 77c8d870490e1202962d60a7ae3a3cf4421c034b2fa8eab7a33dc1322e04483a
Opcode Fuzzy Hash: 17ff3a1a2724ef56e09fa7d03955a1be1c203bc3fc2dd94bc7b1faf0ebed9fab
Instruction Fuzzy Hash: 21515F335097828FD7529F74D8501DC7BB0F781B2CB958162D788C258BEBAD998BCB21

Function 00007FF7122E18E0 Relevance: 9.1, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122E19BB
memmove.VCRUNTIME140 ref: 00007FF7122E19EE
memmove.VCRUNTIME140 ref: 00007FF7122E1A28
memmove.VCRUNTIME140 ref: 00007FF7122E1A42
memmove.VCRUNTIME140 ref: 00007FF7122E1A65

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122E1A79

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 9d8632279ebb0ee8656ddec0a53f2c0a3f2a3af4e58a05a84ce15df877356b82
Instruction ID: 3788ef41c6c04f86f75d701b93be1bd3c3f00d67be2fe79d092890c694017cb5
Opcode Fuzzy Hash: 9d8632279ebb0ee8656ddec0a53f2c0a3f2a3af4e58a05a84ce15df877356b82
Instruction Fuzzy Hash: BF41EE62B05E9195EA10AA51E4441FCA264EB04BF0F9A4235CF6D177C5DEBCE89AC320

Function 00007FF712301AE0 Relevance: 9.1, APIs: 6, Instructions: 138COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION ref: 00007FF712301B42
memset.VCRUNTIME140 ref: 00007FF712301BBA
GetFileVersionInfoW.VERSION ref: 00007FF712301BDA
VerQueryValueW.VERSION ref: 00007FF712301C02
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712301C77
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712301CC6
GetLastError.KERNEL32 ref: 00007FF712301CF8
_CxxThrowException.VCRUNTIME140 ref: 00007FF712301D28
GetLastError.KERNEL32 ref: 00007FF712301D2E
_CxxThrowException.VCRUNTIME140 ref: 00007FF712301D56

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

_CxxThrowException.VCRUNTIME140 ref: 00007FF712301DAE
GetLastError.KERNEL32 ref: 00007FF712301DB4
_CxxThrowException.VCRUNTIME140 ref: 00007FF712301DE3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF712301DE9
GetLastError.KERNEL32 ref: 00007FF712301DEF
_CxxThrowException.VCRUNTIME140 ref: 00007FF712301E1E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$ErrorLast$FileInfoVersion_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskQuerySizeValuemallocmemset
String ID:
API String ID: 3580527793-0
Opcode ID: d094d344cdc5789908d9915625bd0a99286dca60e812325d45b2271169d18777
Instruction ID: 27bc4124fa05a3147ed2603b455645db352c7e6afe3a6044a5d755ad050715d9
Opcode Fuzzy Hash: d094d344cdc5789908d9915625bd0a99286dca60e812325d45b2271169d18777
Instruction Fuzzy Hash: 2351B672B04F4295EB10EF65D4403BCB3A1EB447A8F808276DE9D16AD9DFB8D548C324

Function 00007FF712302160 Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7123021B6
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7123021DF
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z.MSVCP140 ref: 00007FF712302206
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF71230222A

Part of subcall function 00007FF7122FDA00: ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF7122FD91D
Part of subcall function 00007FF7122FDA00: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF7122FD937
Part of subcall function 00007FF7122FDA00: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF7122FD969
Part of subcall function 00007FF7122FDA00: ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF7122FD993
Part of subcall function 00007FF7122FDA00: std::_Facet_Register.LIBCPMT ref: 00007FF7122FD9AC
Part of subcall function 00007FF7122FDA00: ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122FD9CB

?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF71230223F
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF712302256

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$Init@?$basic_streambuf@$Lockit@std@@$??0_??1_?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@H001@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@Vlocale@2@_get_stream_buffer_pointersstd::_
String ID:
API String ID: 438086469-0
Opcode ID: 7f571201aae912395869e43eb9757e61f122639b51d5bc545452760d667e6ffe
Instruction ID: 35699fff0943bd9da1adec6d492b5a517fa97874a956c25d726e4554868e9542
Opcode Fuzzy Hash: 7f571201aae912395869e43eb9757e61f122639b51d5bc545452760d667e6ffe
Instruction Fuzzy Hash: 44315C22A19F4281EB50AFA5B404369A3A4FB89FE4F940039DE4D07B54DFBCD459C754

Function 00007FF7122F4AD0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122F4AFC
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122F4B0D
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122F4B95
#111.WS2_32 ref: 00007FF7122F4CCA

Strings

?', xrefs: 00007FF7122F4C79

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$#111std::bad_exception::bad_exception
String ID: ?'
API String ID: 1751064157-3155004840
Opcode ID: 60753bd758074273af37a94271c66123a120dccab6db30e6d1ab063559282264
Instruction ID: 0e9ca77a543edfb4e1afd9c2b2303526369ab333ff113e4ed347d7689d97098c
Opcode Fuzzy Hash: 60753bd758074273af37a94271c66123a120dccab6db30e6d1ab063559282264
Instruction Fuzzy Hash: 2151E862F1CA4542EB50AF29F4011AEA310FF84794FD58131EA5D06B5AEEFCD699CB10

Function 00007FF7122D4E90 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712303580: strnlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7122D4EE8), ref: 00007FF7123035B2

memset.VCRUNTIME140 ref: 00007FF7122D4F5C
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF7122D5074

Part of subcall function 00007FF7122D4D90: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122D4DD3
Part of subcall function 00007FF7122D4D90: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF7122D4E08

Strings

, details: , xrefs: 00007FF7122D4F81
D, xrefs: 00007FF7122D505A
Thrown structured exception in file '{}', line {}, function '{}'{}{}, xrefs: 00007FF7122D504E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@?default_logger_raw@spdlog@@?log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@@D@v10@fmt@@@12@Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@Vlogger@1@W4level_enum@level@2@memsetstrnlen
String ID: , details: $D$Thrown structured exception in file '{}', line {}, function '{}'{}{}
API String ID: 752384624-1457298303
Opcode ID: b11832fa27a8e5d4500b269d232beb03665b6bce695a123fbb7f2a3ea2f0b072
Instruction ID: 890a85ffd2a462284f1051992fdb45c4f347e025fff457e286f51ac182bd465d
Opcode Fuzzy Hash: b11832fa27a8e5d4500b269d232beb03665b6bce695a123fbb7f2a3ea2f0b072
Instruction Fuzzy Hash: 68914D32618FC48AE7118F64E8402EDB7B4FB98758F449225EB8D13B58EF78D295C740

Function 00007FF7122B0EF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF7122B0F4F

Part of subcall function 00007FF7123F3D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D88
Part of subcall function 00007FF7123F3D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF7122997E9), ref: 00007FF7123F3D97

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B10E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B1132

Strings

: ", xrefs: 00007FF7122B1017
", ", xrefs: 00007FF7122B104A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ApisFile___lc_codepage_func__std_fs_code_page
String ID: ", "$: "
API String ID: 956348032-747220369
Opcode ID: 5855ae214c45b8c9575d129737d96dfe4a9c0936026e9b3a46c58d9a08613a75
Instruction ID: c43d38f7ade7409775ab1d5f8edcb205b0acbd6a456d7c3351702502d0f38459
Opcode Fuzzy Hash: 5855ae214c45b8c9575d129737d96dfe4a9c0936026e9b3a46c58d9a08613a75
Instruction Fuzzy Hash: 1771AF72B04F518AEB00EF65E1403AC6372EB48BA8F908535DE5D27B99DFB8D159C390

Function 00007FF7123A6D40 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF712294BC0: memset.VCRUNTIME140(?,?,00000000,00007FF7122918E1), ref: 00007FF712294C10

sentry_options_new.SENTRY ref: 00007FF7123A6F9D
sentry_options_free.SENTRY ref: 00007FF7123A6FB6

Strings

?, xrefs: 00007FF7123A6EEE
sentry, xrefs: 00007FF7123A6EB2
sentry.prd.amtr.disqotech.com//3, xrefs: 00007FF7123A6D80

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpymemsetsentry_options_freesentry_options_new
String ID: ?$sentry$sentry.prd.amtr.disqotech.com//3
API String ID: 3970762193-410467485
Opcode ID: 04e5cacfe29f9aea9a5cf147dec9e3950c70b4c9e2dc2bc2160f0815cfe2f74c
Instruction ID: ffe79388fb707debe09de4a89fe62bf194bbf868f3bc716d487ba4753adfaa8a
Opcode Fuzzy Hash: 04e5cacfe29f9aea9a5cf147dec9e3950c70b4c9e2dc2bc2160f0815cfe2f74c
Instruction Fuzzy Hash: F9719232608B82A6EB14EF24E0503AEB760FB84354F915135EB8D43A65DFBCE5A9C710

Function 00007FF7122AB930 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122AFF00: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,00000000,00007FF7122A5124), ref: 00007FF7122AFF33
Part of subcall function 00007FF7122AFF00: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,00000000,00007FF7122A5124), ref: 00007FF7122AFF56
Part of subcall function 00007FF7122AFF00: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,00000000,00007FF7122A5124), ref: 00007FF7122AFF71

Part of subcall function 00007FF7122AB630: ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF7122AB664
Part of subcall function 00007FF7122AB630: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF7122AB67D
Part of subcall function 00007FF7122AB630: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF7122AB6AF
Part of subcall function 00007FF7122AB630: ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF7122AB6D7
Part of subcall function 00007FF7122AB630: std::_Facet_Register.LIBCPMT ref: 00007FF7122AB6F2
Part of subcall function 00007FF7122AB630: ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF7122AB717
Part of subcall function 00007FF7122AB630: ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z.MSVCP140 ref: 00007FF7122AB75C

memset.VCRUNTIME140 ref: 00007FF7122AB9A0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122ABA9A

Part of subcall function 00007FF712295F00: memmove.VCRUNTIME140 ref: 00007FF712295F47

__std_exception_copy.VCRUNTIME140 ref: 00007FF7122ABB0C
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122ABB42

Strings

failed to format time, xrefs: 00007FF7122ABAF1

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?c_str@?$_D@std@@Yarn@$Lockit@std@@Mbstatet@@@std@@$??0_??1_?in@?$codecvt@_Bid@locale@std@@ExceptionFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterThrowV42@@Vfacet@locale@2@__std_exception_copy_invalid_parameter_noinfo_noreturnmemmovememsetstd::_
String ID: failed to format time
API String ID: 3487375415-3478406193
Opcode ID: 2debe2969c022d53dcb64362949d5e65cfdbbb9c60043b5fabb37456b58b986b
Instruction ID: ff8f88b09e445ab19da14b7c12315f91032843710e1c13f6064079da4094fb06
Opcode Fuzzy Hash: 2debe2969c022d53dcb64362949d5e65cfdbbb9c60043b5fabb37456b58b986b
Instruction Fuzzy Hash: 29518222B18F4189EB40EB65E8403EDA360FB597A8F804135EE9D53B99EFBCD149C710

Function 00007FF71229E490 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769

Part of subcall function 00007FF7122A2DD0: memmove.VCRUNTIME140 ref: 00007FF7122A2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E55E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E5AD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E5EC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E65F

Strings

type_error, xrefs: 00007FF71229E4F6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: type_error
API String ID: 1675611454-1406221190
Opcode ID: cd57a0b419e4f3c311e881ce81f6a17751f47686868a109d96df47cd17d7c469
Instruction ID: 34d6bdc704ddf4a59c8aa8cb22821ccdfd748d75a0ebf0228e7b97dbd4c814da
Opcode Fuzzy Hash: cd57a0b419e4f3c311e881ce81f6a17751f47686868a109d96df47cd17d7c469
Instruction Fuzzy Hash: 7E51C8A2F14F5685FF10EB74E4403AC6321EB457B4F905332EE2C16AD9EEA8D499C314

Function 00007FF71229DCC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769

Part of subcall function 00007FF7122A2DD0: memmove.VCRUNTIME140 ref: 00007FF7122A2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF71229FA48), ref: 00007FF71229DD8E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF71229FA48), ref: 00007FF71229DDDD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF71229FA48), ref: 00007FF71229DE1C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF71229FA48), ref: 00007FF71229DE8F

Strings

other_error, xrefs: 00007FF71229DD26

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: other_error
API String ID: 1675611454-896093151
Opcode ID: 8d3778c16a33bb80b5c2d381c3b6933fd90dd14974ba479d2923a914388cbea6
Instruction ID: bb26807e46329bef956372981070ffe8ba18a5d5e8e5fe35cf2ad7330661c81b
Opcode Fuzzy Hash: 8d3778c16a33bb80b5c2d381c3b6933fd90dd14974ba479d2923a914388cbea6
Instruction Fuzzy Hash: 2B51D062F08F4284FF10EB78E4403AC6321EB557B4F905332EA6C16AD9DEA8E499D310

Function 00007FF7122C11C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769

Part of subcall function 00007FF7122A2DD0: memmove.VCRUNTIME140 ref: 00007FF7122A2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF7122BF1C5), ref: 00007FF7122C128E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF7122BF1C5), ref: 00007FF7122C12DD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF7122BF1C5), ref: 00007FF7122C131C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF7122BF1C5), ref: 00007FF7122C138F

Strings

invalid_iterator, xrefs: 00007FF7122C1226

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: invalid_iterator
API String ID: 1675611454-2508626007
Opcode ID: 370467f2b25f2973224c4cbe2f9471fedf0aa129c0b87eb079668420b5ec6d47
Instruction ID: d34ca00097a75c6a90ff3e82543d8f2eab078270a0c7ff25c2fdc04b5b78eca0
Opcode Fuzzy Hash: 370467f2b25f2973224c4cbe2f9471fedf0aa129c0b87eb079668420b5ec6d47
Instruction Fuzzy Hash: 7151B262F18F4685EF10EB74E4413AC6321AB457B4F905332EE2D16AE9DEA8E499C314

Function 00007FF71229DEC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769

Part of subcall function 00007FF7122A2DD0: memmove.VCRUNTIME140 ref: 00007FF7122A2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229DF8E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229DFDD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E01C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E08F

Strings

out_of_range, xrefs: 00007FF71229DF26

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: out_of_range
API String ID: 1675611454-3053435996
Opcode ID: 5857a3362f06b1e021c572f5196cf7b4abd5dbfae2aa511d81110b8af0e22a4b
Instruction ID: 22adad4f4fc6efc115e519408cee8bdb7430387c0c0e206d7e61f3a6651f5f27
Opcode Fuzzy Hash: 5857a3362f06b1e021c572f5196cf7b4abd5dbfae2aa511d81110b8af0e22a4b
Instruction Fuzzy Hash: D151C262F08F5284FF10EB74E4403AC6321EB557B4F905332EE2D26AD9DEA8E499C314

Function 00007FF7123BE9E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123BEA79
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123BEAFE

Strings

void __cdecl sj::IocThread::stop(class std::chrono::duration<__int64,struct std::ratio<1,1000> >) noexcept, xrefs: 00007FF7123BEA36
T, xrefs: 00007FF7123BEA41
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\IocThread.cpp, xrefs: 00007FF7123BEA2B

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnterminate
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\IocThread.cpp$T$void __cdecl sj::IocThread::stop(class std::chrono::duration<__int64,struct std::ratio<1,1000> >) noexcept
API String ID: 664030348-206961168
Opcode ID: bef1ba6b60e897741a4cde974c7d32bb99dc7b7dbb2ac9b4fe04523f4559de71
Instruction ID: 0ab044830b340256973c8ddd22eb9d4b88a4db16604fd2f9cf8fe3961adaf015
Opcode Fuzzy Hash: bef1ba6b60e897741a4cde974c7d32bb99dc7b7dbb2ac9b4fe04523f4559de71
Instruction Fuzzy Hash: EB510672A18F8082EB00DF28E04437DB360FB45BA4F941239EA9D07695CFBDC999C750

Function 00007FF7122F6520 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F65B9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F66A3

Strings

/log, xrefs: 00007FF7122F66AF
/dir, xrefs: 00007FF7122F660E
/coralogix, xrefs: 00007FF7122F6568

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemchr$memcpy
String ID: /coralogix$/dir$/log
API String ID: 3565627297-1670645063
Opcode ID: 4750bf17e99bdb18846f798fc89cd57b770d14cabcf687ed7df576f7b67be8da
Instruction ID: ac6221a4c024dc4e2695054131a2299c138aa1f888e6075a32ed36633bfce55f
Opcode Fuzzy Hash: 4750bf17e99bdb18846f798fc89cd57b770d14cabcf687ed7df576f7b67be8da
Instruction Fuzzy Hash: 07510762F14F4289EB00EF34D4402FCA361EB457A8F915231EA5C13A99EEB8E598C350

Function 00007FF7122D7C70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D7CF9

Strings

auto __cdecl sj::WindowsService::shutdown::<lambda_1>::operator ()(void) const, xrefs: 00007FF7122D7DB0
, details: , xrefs: 00007FF7122D7D27
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp, xrefs: 00007FF7122D7DA1
q, xrefs: 00007FF7122D7D8B

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: , details: $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp$auto __cdecl sj::WindowsService::shutdown::<lambda_1>::operator ()(void) const$q
API String ID: 3668304517-2717326734
Opcode ID: 267fdb89c4a3a93a076490ca27fd36b65a40b90e73a54e31afb4e3843c5a5b31
Instruction ID: 9cd5e6f82bebdb08863597b3faadc6af8448c7800b199190b140a44b066ef581
Opcode Fuzzy Hash: 267fdb89c4a3a93a076490ca27fd36b65a40b90e73a54e31afb4e3843c5a5b31
Instruction Fuzzy Hash: A3519E32A08FC585EB659F25E4403AEB3A0FB88BA4F954135CA8C07799CF7CD499C750

Function 00007FF7122F6180 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 104COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F6216

Strings

/disk-usage, xrefs: 00007FF7122F62CB
/heartbeat, xrefs: 00007FF7122F61C0
/cpu-usage, xrefs: 00007FF7122F6269
/memory-usage, xrefs: 00007FF7122F629A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memchr$_invalid_parameter_noinfo_noreturnmemcpy
String ID: /cpu-usage$/disk-usage$/heartbeat$/memory-usage
API String ID: 3101834445-720066337
Opcode ID: 72bc09f3ea018cedf471415c1c5334674dbfb0e7f1d0d5ef752af7975ee4f23e
Instruction ID: d0453d432f3211d532ba4aefaf833a50a9a10b7e5d465694d698b77f8002a409
Opcode Fuzzy Hash: 72bc09f3ea018cedf471415c1c5334674dbfb0e7f1d0d5ef752af7975ee4f23e
Instruction Fuzzy Hash: 7C418A62A18F8156DB10EB24F4412BDE370FB857A0F905235EB9D03A59DFBCD558C710

Function 00007FF7122D58D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122D5170: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122D51B8

Part of subcall function 00007FF7123A8650: memset.VCRUNTIME140 ref: 00007FF7123A8716
Part of subcall function 00007FF7123A8650: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123A872B
Part of subcall function 00007FF7123A8650: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7123A874A
Part of subcall function 00007FF7123A8650: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123A877E
Part of subcall function 00007FF7123A8650: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7123A87B0
Part of subcall function 00007FF7123A8650: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7123A87DA

Part of subcall function 00007FF7122A65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122A6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D59F5

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Tracer.cpp, xrefs: 00007FF7122D590A
Stop request handled in {} ms, xrefs: 00007FF7122D5920
Running time was {}, xrefs: 00007FF7122D598C
__cdecl sj::RuntimeTrace::~RuntimeTrace(void), xrefs: 00007FF7122D5915

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@?default_logger_raw@spdlog@@V01@Vlogger@1@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@D@std@@@1@_V?$basic_streambuf@_invalid_parameter_noinfo_noreturnmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Tracer.cpp$Running time was {}$Stop request handled in {} ms$__cdecl sj::RuntimeTrace::~RuntimeTrace(void)
API String ID: 2862231943-3762610784
Opcode ID: 673b989972531c358cd3e346d135ab5520f3b2c4bfbabfffe706e4f85799870b
Instruction ID: 7915b1a2855c2e1a4b019d59c80fc162fe2a583b5175083482535de2e31aae50
Opcode Fuzzy Hash: 673b989972531c358cd3e346d135ab5520f3b2c4bfbabfffe706e4f85799870b
Instruction Fuzzy Hash: 2C318A72B04F4599E710EF64E0413EC73B5EB047A8F804226EE5D27A99DFB8D25AC390

Function 00007FF7122AC930 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON

Download Yara Rule

APIs

#115.WS2_32 ref: 00007FF7122AC971

Strings

throw_on_error, xrefs: 00007FF7122AC9F0
winsock, xrefs: 00007FF7122ACA4A
H, xrefs: 00007FF7122ACA0D
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/winsock_init.ipp, xrefs: 00007FF7122AC9D8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: #115
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/winsock_init.ipp$H$throw_on_error$winsock
API String ID: 646222842-725358513
Opcode ID: b78f613f568d0cf22fcc1572038d3c2c04a003b8273f93aab324d6a4860d2f36
Instruction ID: b6406c6d3fae0e250fc5c1ed7c106bddb1904ca44e6090c5b356ba650d08a8ec
Opcode Fuzzy Hash: b78f613f568d0cf22fcc1572038d3c2c04a003b8273f93aab324d6a4860d2f36
Instruction Fuzzy Hash: 98314C31918F5286EBA0EF15F4903B9B360FB95764F800035DA8D47A58DFBCE859CB54

Function 00007FF7122DEC50 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 219COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122AC930: #115.WS2_32 ref: 00007FF7122AC971

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memset.VCRUNTIME140 ref: 00007FF7122DECDB

Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE79F
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE7CC
Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE851
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE860
Part of subcall function 00007FF7122AE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE86B

Part of subcall function 00007FF7123B8E90: _Mtx_init_in_situ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7122DEF32), ref: 00007FF7123B8FCE

Strings

coralogix, xrefs: 00007FF7122DEDF4
CoralogixService, xrefs: 00007FF7122DEF7B
SJPulse, xrefs: 00007FF7122DEE1B
8, xrefs: 00007FF7122DEE42

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CreateErrorEventLast$#115CloseHandleMtx_init_in_situmallocmemset
String ID: 8$CoralogixService$SJPulse$coralogix
API String ID: 627447141-2749166383
Opcode ID: 6530ce8c60280a866e04609a623624b765a45377b7098071e30fe95c71ff4f03
Instruction ID: 7ca8355b0b919deb727d2a95715719e4fc617ac963d13c37523b9d053268f190
Opcode Fuzzy Hash: 6530ce8c60280a866e04609a623624b765a45377b7098071e30fe95c71ff4f03
Instruction Fuzzy Hash: 25A1A032619F9196EB10EB24E4403EEB3A4FB85354F915135EB8D43BA5DFB8E528C710

Function 00007FF7122967F0 Relevance: 7.6, APIs: 5, Instructions: 148windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF712292C54), ref: 00007FF712296847
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF712292C54), ref: 00007FF712296889
LocalFree.KERNEL32 ref: 00007FF7122969E1

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ByteCharFormatFreeLocalMessageMultiWide
String ID:
API String ID: 2906450291-0
Opcode ID: 0720c4bcef2423c73aa5e8288174af3120c828c6d9aa48f9011670c80f6e739a
Instruction ID: eaa7f98f52bd5d07bfcdc5423208570ac0cd75ae3a7b6cdbb0a1b61f9b3c0ec2
Opcode Fuzzy Hash: 0720c4bcef2423c73aa5e8288174af3120c828c6d9aa48f9011670c80f6e739a
Instruction Fuzzy Hash: 3D510223F28F6089FB30DB65E4407BDA6E0BB48BA8F954235DE4D12A95CF78D088C710

Function 00007FF71229F540 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140 ref: 00007FF71229F674
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229F6CE

Strings

Number expected for '{}', but {} given., xrefs: 00007FF71229F6DD
Rounding detected for '{}'. {} become {}, xrefs: 00007FF71229F62C
Attempting to assign negative number '{}' to a variable expecting positive number '{}', xrefs: 00007FF71229F68F

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow
String ID: Attempting to assign negative number '{}' to a variable expecting positive number '{}'$Number expected for '{}', but {} given.$Rounding detected for '{}'. {} become {}
API String ID: 432778473-3898387364
Opcode ID: 98d85df994309eff1e9782338a156de0961ffd3fb86e95b79c459fab43152b9b
Instruction ID: b15ed1c6d17325b8c441de30431e5b233952d3a165430d7849ce8b6410f76ccd
Opcode Fuzzy Hash: 98d85df994309eff1e9782338a156de0961ffd3fb86e95b79c459fab43152b9b
Instruction Fuzzy Hash: BD51B222B04F46A9EB11FF30D4413FDA365EF40758F914672EA4D16A59FE68E258C310

Function 00007FF7122B70B0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF7122B712A
LeaveCriticalSection.KERNEL32 ref: 00007FF7122B718C
SetEvent.KERNEL32 ref: 00007FF7122B719E
LeaveCriticalSection.KERNEL32 ref: 00007FF7122B71DB
LeaveCriticalSection.KERNEL32 ref: 00007FF7122B71EC

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$EnterEvent
String ID:
API String ID: 3394196147-0
Opcode ID: 7d168d637cff0bf55ef157c97221fe1e6b7e8df78117dc155d927791e92ae052
Instruction ID: 6498908745f1aaf74537bdff38017408de06bcec4fc9a1fa3a6f27d76bb1d0b7
Opcode Fuzzy Hash: 7d168d637cff0bf55ef157c97221fe1e6b7e8df78117dc155d927791e92ae052
Instruction Fuzzy Hash: 0A41E223A1CF4181FB29AF21944037CB790FB49B68F9D0035CE89066A9CFBC959AD334

Function 00007FF7122C1070 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 99COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140 ref: 00007FF7122C11AB

Part of subcall function 00007FF7122BF2E0: memcmp.VCRUNTIME140(?,?,00000000,00007FF7122C10E5), ref: 00007FF7122BF312

_CxxThrowException.VCRUNTIME140 ref: 00007FF7122C115D

Strings

' not found, xrefs: 00007FF7122C1120
key ', xrefs: 00007FF7122C112A
cannot use at() with , xrefs: 00007FF7122C1178

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$memcmp
String ID: ' not found$cannot use at() with $key '
API String ID: 195029943-3748837117
Opcode ID: d3987ad2706ede3f2bf8c917e409eb974039125bf30a535aeed444bf9a90220c
Instruction ID: 34cb0371e3fef4c5432d6162168bf5dc094c6aca3ef82ae174bb506730837f80
Opcode Fuzzy Hash: d3987ad2706ede3f2bf8c917e409eb974039125bf30a535aeed444bf9a90220c
Instruction Fuzzy Hash: AA318322A18E8291EB10EB11D5413EDA361FB44BE4FE54032DE8C13A66DFBDD959C750

Function 00007FF712297330 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF71229953C), ref: 00007FF7122973E6
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF71229953C), ref: 00007FF7122973F4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FF71229953C), ref: 00007FF712297432
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF71229953C), ref: 00007FF71229743C
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF71229953C), ref: 00007FF71229744A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2665656946-0
Opcode ID: 23cd7d818abff32a51851b12956baf6b28880998994fb634fbcd6705ebdef49e
Instruction ID: 9d8df6bd7174753afc18cc84265e874589a8ec95a0e3b467ba4b8219f862754e
Opcode Fuzzy Hash: 23cd7d818abff32a51851b12956baf6b28880998994fb634fbcd6705ebdef49e
Instruction Fuzzy Hash: E431FEA2B14A8191DE04AF26E9041AEB365FB48FE0F984132DF5D0BB99DE7CD05AC314

Function 00007FF7122A1885 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF71229DEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229DF8E
Part of subcall function 00007FF71229DEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229DFDD
Part of subcall function 00007FF71229DEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E01C

_CxxThrowException.VCRUNTIME140 ref: 00007FF7122A1940

Part of subcall function 00007FF71229DEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229E08F

_CxxThrowException.VCRUNTIME140 ref: 00007FF7122A1986

Strings

unresolved reference token ', xrefs: 00007FF7122A1950
array index '-' (, xrefs: 00007FF7122A190A
) is out of range, xrefs: 00007FF7122A1900

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow
String ID: ) is out of range$array index '-' ($unresolved reference token '
API String ID: 912942878-3172047162
Opcode ID: cb9dc0cc6c036a7aba1274e50b55283804e48b4d67db96d4807d0aa39c676a24
Instruction ID: 32f9a1109ea1c0e1593b9fc1b93d1ff7341f262bbaf0f8472761002b9d52fb2e
Opcode Fuzzy Hash: cb9dc0cc6c036a7aba1274e50b55283804e48b4d67db96d4807d0aa39c676a24
Instruction Fuzzy Hash: 2131B532A48A4286EB61BF35D4502EDB361EB40FF4FD14436DA4C43E96DEACD919C760

Function 00007FF7122FF4E0 Relevance: 7.6, APIs: 5, Instructions: 83COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122FF52B
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7122FF54A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7122FF57C
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7122FF597
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122FF5E5

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@
String ID:
API String ID: 1184074665-0
Opcode ID: f71828065cb3a09847807b586e683d5ee68e92d75a76b62909645915c3c4c711
Instruction ID: 49cc3281f11f77fc423aaaf534e904a5ee89677d09b0faaa36ac00fe3c338284
Opcode Fuzzy Hash: f71828065cb3a09847807b586e683d5ee68e92d75a76b62909645915c3c4c711
Instruction Fuzzy Hash: 24319A32705B8285EB20DF29EA84B2DB7A0FB45BA9F848131CE0D43710DF78D46AC744

Function 00007FF7122F2270 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7122F2309
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122F2338

Strings

Desktop, xrefs: 00007FF7122F22CA
GetPwrCapabilities() failed, xrefs: 00007FF7122F2319
Laptop, xrefs: 00007FF7122F22C3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ErrorExceptionLastThrow
String ID: Desktop$GetPwrCapabilities() failed$Laptop
API String ID: 256353096-51484051
Opcode ID: a7a4828832e204bdec1b43b66c04416804cb912ca292263b5d822f5602f27d52
Instruction ID: b36ce69d14a2e785513d5bfd516944c0710c6b3d8f160efbba2a7eaed785c61a
Opcode Fuzzy Hash: a7a4828832e204bdec1b43b66c04416804cb912ca292263b5d822f5602f27d52
Instruction Fuzzy Hash: 3111A762E18F8585EB10EB20E4003AAB350EB99774F815335EA9C066D5EFBCE598C710

Function 00007FF7122B58D0 Relevance: 7.5, APIs: 5, Instructions: 43synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32 ref: 00007FF7122B590C
CloseHandle.KERNEL32 ref: 00007FF7122B5916
TerminateThread.KERNEL32 ref: 00007FF7122B5930
QueueUserAPC.KERNEL32 ref: 00007FF7122B5956
WaitForSingleObject.KERNEL32 ref: 00007FF7122B5965

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Wait$CloseHandleMultipleObjectObjectsQueueSingleTerminateThreadUser
String ID:
API String ID: 3892215915-0
Opcode ID: 4cf57ee2fc5b170383fe730725d1badba4907ae668e0e134e002b0995a3b7a1f
Instruction ID: 54f0b057625343285beb6dfc1c42f530f1293726269c6d176469140c89501cdc
Opcode Fuzzy Hash: 4cf57ee2fc5b170383fe730725d1badba4907ae668e0e134e002b0995a3b7a1f
Instruction Fuzzy Hash: 1D11C122A18F41C2EB50EB25F85112AB360FB8CBB4B840135DD5E4A7A4DF6CD869CB14

Function 00007FF7122DA6B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON

Download Yara Rule

APIs

ceilf.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF7122DA820
memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF7122DA8D7
?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF7122DA9C7

Strings

unordered_map/set too long, xrefs: 00007FF7122DA9C0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Xlength_error@std@@ceilfmemcmp
String ID: unordered_map/set too long
API String ID: 3940129459-306623848
Opcode ID: b7c3e42d31e08f1f229036e38b19c78ec8728113cc0b7affbf5464040b60ef20
Instruction ID: 8825e60ea2f73e9af544b2384e22b4981233d92d5678ae52220cd2f574c3f084
Opcode Fuzzy Hash: b7c3e42d31e08f1f229036e38b19c78ec8728113cc0b7affbf5464040b60ef20
Instruction Fuzzy Hash: 3781C233A09F4981EA20AB16E4407ADE360FB49BE4F998632EE8D57754DF7CE495C310

Function 00007FF7123A7190 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 176COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A7215

Strings

>, xrefs: 00007FF7123A7323
SJPulse, xrefs: 00007FF7123A72BB
logs, xrefs: 00007FF7123A7294

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: >$SJPulse$logs
API String ID: 3668304517-1499787770
Opcode ID: cf6c269c443d5e7a12e4abf60ce3972159cdc2e9717994f0d6055460fc7cd14d
Instruction ID: f4b3b33cd14992b997ed9fc5e2278d7a8e4856f2df3a46e8fd3e4ca4bdd83be6
Opcode Fuzzy Hash: cf6c269c443d5e7a12e4abf60ce3972159cdc2e9717994f0d6055460fc7cd14d
Instruction Fuzzy Hash: 9D718333A18E8195EF10EF64E8502EDA360FB85794F915036EA8D43AA9DFBCD949C710

Function 00007FF7122DBD40 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 169COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140 ref: 00007FF7122DBE91
memcmp.VCRUNTIME140 ref: 00007FF7122DBEFF
?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FF7122DBFB9

Strings

invalid hash bucket count, xrefs: 00007FF7122DBFB2

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcmp$Xlength_error@std@@
String ID: invalid hash bucket count
API String ID: 2545355192-1101463472
Opcode ID: 8a4cab149706610bf47fe5775953cfc87a546e317f748ed55aea9b2c09550483
Instruction ID: ca1a6c379eddae0c2c52ac09bbc1f5bccf3c3e56e0b839dca9c30652b9befff1
Opcode Fuzzy Hash: 8a4cab149706610bf47fe5775953cfc87a546e317f748ed55aea9b2c09550483
Instruction Fuzzy Hash: C3716973605F8582DB149F12E45016DB3A8F748BE4B958436EFAD47B94EF78D8A4C310

Function 00007FF712299D7A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712299E8C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712299F50
_Mtx_unlock.MSVCP140 ref: 00007FF712299F6F

Strings

gfffffff, xrefs: 00007FF712299F0C

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Mtx_unlock
String ID: gfffffff
API String ID: 3867719841-1523873471
Opcode ID: c347bb27043396684fb530333f19fcdac3c76703e959f30662b0f6ef17b9d8ff
Instruction ID: 4a2b44a7106fc82c3e64187109d35ce26d7f377a42244fa1a96de7e551c84f13
Opcode Fuzzy Hash: c347bb27043396684fb530333f19fcdac3c76703e959f30662b0f6ef17b9d8ff
Instruction Fuzzy Hash: C951D472B04BC245EF21EF29E8403ECA311EB457B4F954232DA6D46AD9DFA8D589C311

Function 00007FF7122B1A30 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122AC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122AC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122B1B14

Part of subcall function 00007FF7122B11A0: _CxxThrowException.VCRUNTIME140 ref: 00007FF7122B11C9

Strings

<-- , xrefs: 00007FF7122B1A61
--> , xrefs: 00007FF7122B1A82
applyFeatures, xrefs: 00007FF7122B1AB0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@ExceptionThrowVlogger@1@_invalid_parameter_noinfo_noreturnmemcpy
String ID: --> $<-- $applyFeatures
API String ID: 2754777358-3880693748
Opcode ID: 47ba62d9c77227857e0959b267545b70627046f0f9cd6fe1a2594a67df9660b0
Instruction ID: 930d7c0ed83c5cda4e37e2c954af807b2f6b6345f229118cec6eca168ada95a0
Opcode Fuzzy Hash: 47ba62d9c77227857e0959b267545b70627046f0f9cd6fe1a2594a67df9660b0
Instruction Fuzzy Hash: CD518922A0CFC241EA60EB14F4503EEF361FB857A0F915136E68D17A96EFACD549C750

Function 00007FF7123A5B50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A2010: memmove.VCRUNTIME140(?,?,?,?,?,00007FF7123A5F54), ref: 00007FF7122A2056

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A5C79
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A5CC8

Strings

health, xrefs: 00007FF7123A5C0F
Crashes, xrefs: 00007FF7123A5B9D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpymemmove
String ID: Crashes$health
API String ID: 3342947056-1343094676
Opcode ID: 39ac023168b63cb63d0ed03efdb27b710be7cbf8612e8ce0afc7ffbe69ef2d5e
Instruction ID: 9f9a86e519f31ca494faa79657469096d2d5ea6f403e1131c915e918ab220a0c
Opcode Fuzzy Hash: 39ac023168b63cb63d0ed03efdb27b710be7cbf8612e8ce0afc7ffbe69ef2d5e
Instruction Fuzzy Hash: 4F419D62F18F8589EB00DB74E4403EC6372EB597A8F805235EE5C22B9ADF789198C354

Function 00007FF7123A5EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Part of subcall function 00007FF7122A2010: memmove.VCRUNTIME140(?,?,?,?,?,00007FF7123A5F54), ref: 00007FF7122A2056

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A6009
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A6058

Strings

health, xrefs: 00007FF7123A5F9F
Status, xrefs: 00007FF7123A5F2D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpymemmove
String ID: Status$health
API String ID: 3342947056-780223610
Opcode ID: 374f8e0efc4a2be6d927630b3a14ccab8e588f0b79b3d4f1a9ffaa31c54dd55c
Instruction ID: 9fe85744fa2dc19f562dd49783c03723a4d2707aa8a5d9eea1e890bc1507512d
Opcode Fuzzy Hash: 374f8e0efc4a2be6d927630b3a14ccab8e588f0b79b3d4f1a9ffaa31c54dd55c
Instruction Fuzzy Hash: B2418F63F18F8589EB00DB74E4413EC6372EB997A8F405235EE5C12B9ADF789198C354

Function 00007FF712300AB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF712300BE1

Strings

Failed to create {0} directory: {1}, message: {2}, xrefs: 00007FF712300B7B
bool __cdecl sj::file::createDirectories(const class std::filesystem::path &,class std::basic_string_view<char,struct std::char_traits<char> >), xrefs: 00007FF712300B59
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\File.cpp, xrefs: 00007FF712300B43

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\File.cpp$Failed to create {0} directory: {1}, message: {2}$bool __cdecl sj::file::createDirectories(const class std::filesystem::path &,class std::basic_string_view<char,struct std::char_traits<char> >)
API String ID: 3668304517-1138124595
Opcode ID: 8bbf276e30d0b0a0a7289de4286db50f3153d865d424e81a8149eff44283ccec
Instruction ID: 409f13760626abd01a44391fe1625b3b0a0ebd9481e9450ceaa0e1d96ef94cd8
Opcode Fuzzy Hash: 8bbf276e30d0b0a0a7289de4286db50f3153d865d424e81a8149eff44283ccec
Instruction Fuzzy Hash: 15414A32B04E458AEB10DF64D4403ECB3B5EB487ACF904229DA4C16A98EF78D55AC754

Function 00007FF7122F2340 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122F2431
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122F246C

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

Strings

{}, errorCode = {}, desc: {}, xrefs: 00007FF7122F240F
M, xrefs: 00007FF7122F23EE

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_invalid_parameter_noinfo_noreturnmemcpy
String ID: M${}, errorCode = {}, desc: {}
API String ID: 2203548047-1374277234
Opcode ID: 2ec4aa90d27d369503451c622cc6da923bc0ddefc1e607155f95c58265357023
Instruction ID: d4410923b8063a5fe60eb39563c19b7be9185e4b076b4ec8f6cc38d31cec9118
Opcode Fuzzy Hash: 2ec4aa90d27d369503451c622cc6da923bc0ddefc1e607155f95c58265357023
Instruction Fuzzy Hash: 65316062A08F8581EA209B15F4403AEB360FB9A7A4F509231EFDC02B59DF7CD1D5C700

Function 00007FF7122DEB40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memset.VCRUNTIME140 ref: 00007FF7122DEBA5

Part of subcall function 00007FF7122DEC50: memset.VCRUNTIME140 ref: 00007FF7122DECDB

Part of subcall function 00007FF7122A4150: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7122B0F8D), ref: 00007FF7122A4280

std::bad_exception::bad_exception.LIBCMT ref: 00007FF7122DEC36
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122DEC47

Strings

Observable object is null., xrefs: 00007FF7122DEC2A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memset$ExceptionThrowmallocmemmovestd::bad_exception::bad_exception
String ID: Observable object is null.
API String ID: 811297888-1264078947
Opcode ID: 8379f625c034ec5328940453baf03467528592e9c3b59f26a262ec4a5efa2fc4
Instruction ID: 85be53ad7e4084689b9aea076ddc6ae6e9b8a750e2f1f77c4c6e4de0e8e99638
Opcode Fuzzy Hash: 8379f625c034ec5328940453baf03467528592e9c3b59f26a262ec4a5efa2fc4
Instruction Fuzzy Hash: 9921BC32608F4681EA25AF15E4510A9B2A0FF84BA4F984435EE8C07B55EF7CE85AC721

Function 00007FF7122D94B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF71229BAF0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF71229C44F), ref: 00007FF71229BB2E

Part of subcall function 00007FF7122D8FC0: memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D90F1
Part of subcall function 00007FF7122D8FC0: memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9101

CreateMutexW.KERNEL32 ref: 00007FF7122D9538
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122D957B
GetLastError.KERNEL32 ref: 00007FF7122D95A5

Strings

Global\, xrefs: 00007FF7122D9513

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$CreateErrorLastMutex_invalid_parameter_noinfo_noreturnmalloc
String ID: Global\
API String ID: 157778548-188423391
Opcode ID: e6bca1b41bb419770f6ffa834a410fd878bb7cc895152c258c93daf4573b267e
Instruction ID: 8606523db2896e43f34e3a52111284b518a864de2d16ef9206bcd9a38b5b2ad4
Opcode Fuzzy Hash: e6bca1b41bb419770f6ffa834a410fd878bb7cc895152c258c93daf4573b267e
Instruction Fuzzy Hash: 59310773E08F8281EB10AF14E4402ACB761EB98BA4F914235EB8D03795DFBCE588C314

Function 00007FF7122B59D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122B5A16
memcpy.VCRUNTIME140 ref: 00007FF7122B5A9B

Strings

string pointer is null, xrefs: 00007FF7122B5A0F
???, xrefs: 00007FF7122B5A30

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@memcpy
String ID: ???$string pointer is null
API String ID: 3266568664-321206555
Opcode ID: 86f585543508c5327c99ed386d71013f37be9285687acbf7d8dd3ee76f2ac370
Instruction ID: 2237578b245adaf02f9aba9fd14ffafd06ac7f11d6375acdf7b12ddeb5f58aa8
Opcode Fuzzy Hash: 86f585543508c5327c99ed386d71013f37be9285687acbf7d8dd3ee76f2ac370
Instruction Fuzzy Hash: B1217C36A08E40C6D720AF11F4401ADB760FB49BA4F994221DFAD07BA4CF7DD9AAC714

Function 00007FF7122B5AD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122B5B16
memcpy.VCRUNTIME140 ref: 00007FF7122B5B9B

Strings

string pointer is null, xrefs: 00007FF7122B5B0F
???, xrefs: 00007FF7122B5B30

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@memcpy
String ID: ???$string pointer is null
API String ID: 3266568664-321206555
Opcode ID: 443b089859f033496887ae98579ca935639ddf37ca743eb6820748fb60766d3d
Instruction ID: 595961483fcb9eb7999d36c511adac9cf19d3717fd989f3ba25248bee08640a6
Opcode Fuzzy Hash: 443b089859f033496887ae98579ca935639ddf37ca743eb6820748fb60766d3d
Instruction Fuzzy Hash: CB217C76608E40C6D720AF11F4401ADB760FB49BA4F994225CFAC07BA8CFB9D9A6C714

Function 00007FF7122F0550 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

CoTaskMemFree.OLE32 ref: 00007FF7122F05D2
GetLastError.KERNEL32 ref: 00007FF7122F0614
_CxxThrowException.VCRUNTIME140 ref: 00007FF7122F0643

Strings

SHGetKnownFolderPath failed, xrefs: 00007FF7122F0624

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ErrorExceptionFreeLastTaskThrow
String ID: SHGetKnownFolderPath failed
API String ID: 610400750-3999342879
Opcode ID: 71cb8c1f47cefbbeb995ad7ea0181c058c51c509a8fe54df2ec29b0fd790491c
Instruction ID: eaca7d3d40fe5df6659c9f152f4005230885ede421ffe929251658101221ab03
Opcode Fuzzy Hash: 71cb8c1f47cefbbeb995ad7ea0181c058c51c509a8fe54df2ec29b0fd790491c
Instruction Fuzzy Hash: F8218821A18F8542EB00EB61F4503ABE350FF947B0F915235E99D47AA5DEBCD458C710

Function 00007FF7122A6416 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A6424
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A644B

Strings

number is too big, xrefs: 00007FF7122A6444
negative width, xrefs: 00007FF7122A641D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: negative width$number is too big
API String ID: 4276112833-3850433991
Opcode ID: 4992826b4aaeef820654ec58dea5c6f29afef2cf689344ff19cbc58406afb27a
Instruction ID: ae39306eb5a00e26c67381fff119843dcc198d8134be729e37520a7790e4b58d
Opcode Fuzzy Hash: 4992826b4aaeef820654ec58dea5c6f29afef2cf689344ff19cbc58406afb27a
Instruction Fuzzy Hash: 33E01A50F0880282EA60BB00E8802B86210AF54735FD90131CC5D419D08F9CBCEED634

Function 00007FF7122A6430 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A6424
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A644B

Strings

number is too big, xrefs: 00007FF7122A6444
negative width, xrefs: 00007FF7122A641D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: negative width$number is too big
API String ID: 4276112833-3850433991
Opcode ID: cb72e779278742215f8d0b135b92d509bf1e374171fdef89ed7e006aaebf5138
Instruction ID: bfc283b36c0e3e54fcb7d73b58266df6e4c0b3954aa6e41757b1fd6ec5e3e24a
Opcode Fuzzy Hash: cb72e779278742215f8d0b135b92d509bf1e374171fdef89ed7e006aaebf5138
Instruction Fuzzy Hash: 07E0BF50E08C0295FE74BB00E4501BC9250AF54B34FD94131CD5D419D48F9CB8DED634

Function 00007FF7122DB9D0 Relevance: 6.3, APIs: 4, Instructions: 263COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DBADE
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122DBAFD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122DBB60
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122DBB97

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn$malloc
String ID:
API String ID: 3700908427-0
Opcode ID: 8ea52675089b041dee708b0995a6df6d67a795c6e258c87bb7d22281c1e9f697
Instruction ID: 116e30ca961c3fed7d4974733be9f51f429083e171835163685e024453214a6d
Opcode Fuzzy Hash: 8ea52675089b041dee708b0995a6df6d67a795c6e258c87bb7d22281c1e9f697
Instruction Fuzzy Hash: FDA1FF33B09F8984EE15AB15E02437CA791EB48BB4F994535CA5D077D4EEACE49AC310

Function 00007FF712306C40 Relevance: 6.2, APIs: 4, Instructions: 206COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF712306D48
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF712306E01
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF712306E51
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF712306E7A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency@@EventLogger@details@ScheduleTaskTask@_memmove
String ID:
API String ID: 396455994-0
Opcode ID: 2a8dd91546e4f4c81b8f2858e902edbbfc66d45c6a6d057d91a99eada70297d7
Instruction ID: 4ce17f937e273515c49190c0b4500cbe1a907a1110364b20a5cf32c5b3008ab3
Opcode Fuzzy Hash: 2a8dd91546e4f4c81b8f2858e902edbbfc66d45c6a6d057d91a99eada70297d7
Instruction Fuzzy Hash: 3381DF73B05F8189EB00DBA5E4403ADB3A1EB48BA4F65823ADE5C13799CF78D499C354

Function 00007FF7122ABB50 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 186COMMON

Download Yara Rule

Strings

00000000, xrefs: 00007FF7122ABCC0
00000000, xrefs: 00007FF7122ABDAB

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID: 00000000$00000000
API String ID: 0-1334471030
Opcode ID: dbe4742480f445492a1c01f9528298fba5bfef167ec8375b5b605829e4dc17d8
Instruction ID: 0e5f69c0a0919f31d72621693bfde06ba1cd93aa514e74bdd0886c4ea8714054
Opcode Fuzzy Hash: dbe4742480f445492a1c01f9528298fba5bfef167ec8375b5b605829e4dc17d8
Instruction Fuzzy Hash: A581DE67B08F8585DB449F29D54026CBB61F7A8FE8B854422DF5E03B58EF78C45AC710

Function 00007FF7122C8F60 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7122C9EE4), ref: 00007FF7122C8F91

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: 94c3b8ba4955e49d7ca8d3c559f95e8769a566f88cb60d80466ea7a92f2a3978
Instruction ID: 5b9ab54878c6bdcc3de04fa705c30cc04a7b2cbbb202646e959a728b389926cf
Opcode Fuzzy Hash: 94c3b8ba4955e49d7ca8d3c559f95e8769a566f88cb60d80466ea7a92f2a3978
Instruction Fuzzy Hash: E1517B33618B8196EB54EB21E5803AEB7A4FB44B94F944125DB8D03B65CFBCE4B8C710

Function 00007FF712301F00 Relevance: 6.2, APIs: 4, Instructions: 151COMMON

Download Yara Rule

APIs

_Query_perf_frequency.MSVCP140 ref: 00007FF712302004
_Query_perf_counter.MSVCP140 ref: 00007FF71230200C
_Xtime_get_ticks.MSVCP140 ref: 00007FF71230209E
_Thrd_sleep.MSVCP140 ref: 00007FF7123020F7

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Query_perf_counterQuery_perf_frequencyThrd_sleepXtime_get_ticks
String ID:
API String ID: 3083224308-0
Opcode ID: ade2907be6bac4d068bf5e4b1ecab8473e0259fc9cb2ba2ad9f45168235f72f0
Instruction ID: d6e1349a59c7233bc5a99fac833508966a48af6df48a3ab5c245a500728aee17
Opcode Fuzzy Hash: ade2907be6bac4d068bf5e4b1ecab8473e0259fc9cb2ba2ad9f45168235f72f0
Instruction Fuzzy Hash: 82513C52B08F8541DE14EB19A4011B9E394FF487E4F94523AEE5E1B7D5EE7CE04AC720

Function 00007FF712303770 Relevance: 6.1, APIs: 4, Instructions: 143COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF71230389A
WideCharToMultiByte.KERNEL32 ref: 00007FF71230391A
WideCharToMultiByte.KERNEL32 ref: 00007FF71230395E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ByteCharMultiWide$Concurrency::cancel_current_task
String ID:
API String ID: 2514540991-0
Opcode ID: 389030662485acbe18035a11abb9e0daae1d41d88ffec9ff02d407f6e36ccd72
Instruction ID: bbeab29370f9e354c7f9d46838498ed237cfae8d283a344476def516f7513e58
Opcode Fuzzy Hash: 389030662485acbe18035a11abb9e0daae1d41d88ffec9ff02d407f6e36ccd72
Instruction Fuzzy Hash: 4E51D772A08F8181EB14AF25E04032AB7A1FB44FA4F544279DB9D07B99CF7CD499C318

Function 00007FF7122A4150 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7122B0F8D), ref: 00007FF7122A4280

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7122B0F8D), ref: 00007FF7122A426D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7122B0F8D), ref: 00007FF7122A42EF
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122A42F6

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 284e2d78b6a9c917c61611b10cee082f74cbe1be00ce1472c9e51d2375fb44da
Instruction ID: b0ebe587c6229c8b1058a18c73da95bc779b8fa7a3a9b64fd008cd146892f91c
Opcode Fuzzy Hash: 284e2d78b6a9c917c61611b10cee082f74cbe1be00ce1472c9e51d2375fb44da
Instruction Fuzzy Hash: 8B419D62718F8591DA54EB65E0442AEB360FB48BF0F958639DB6D03B84CFBCE499C310

Function 00007FF7122A4310 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF7122A443F

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memmove.VCRUNTIME140 ref: 00007FF7122A442C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A44B1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122A44B8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: e2e27bf9525e3c454ec943c6ef759883ffde707cb72a8567a517c27fb0db6143
Instruction ID: 3c2e15bea1c24122d38e5db8ba88e242318e0da42c08083b81a713f9ea83f5bc
Opcode Fuzzy Hash: e2e27bf9525e3c454ec943c6ef759883ffde707cb72a8567a517c27fb0db6143
Instruction Fuzzy Hash: 1C41BC62718E9582EA50EB65E4441ADA2A0FB04BF4BA14735EBAD07FC5CF7CE095C210

Function 00007FF7122B2920 Relevance: 6.1, APIs: 4, Instructions: 129COMMON

Download Yara Rule

APIs

#21.WS2_32 ref: 00007FF7122B298C
#3.WS2_32 ref: 00007FF7122B29A3
#10.WS2_32 ref: 00007FF7122B2ABF
#3.WS2_32 ref: 00007FF7122B2ACC

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e7b3923b4e7e253eeac2e5ee6b6dc9f5c91ff5a412ff6ceabbf544e8eeb099
Instruction ID: 7ac21eced7fe403fd05131737203d13f869bdae090eb71975b3d02141f20ad33
Opcode Fuzzy Hash: 97e7b3923b4e7e253eeac2e5ee6b6dc9f5c91ff5a412ff6ceabbf544e8eeb099
Instruction Fuzzy Hash: EE51A422B08F5186F720DF61A4503BE73A1FB4AB98F804231DE4D17B85DEBC9569D314

Function 00007FF7123B8C80 Relevance: 6.1, APIs: 4, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF712293690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123B8D8B
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF7123B8DA6
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7123B8DD8
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7123B8DF3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@D@std@@@1@@Init@?$basic_streambuf@V?$basic_streambuf@mallocmemcpy
String ID:
API String ID: 4276565042-0
Opcode ID: 2a3d35135513db8fce08fafc9321c7b03ffc2304d2fc382de11b0cb013cffa81
Instruction ID: 1b9383c7f25b5a1c2b02911b6db56741bfbadcd8d190e8d63f80255a3e429a66
Opcode Fuzzy Hash: 2a3d35135513db8fce08fafc9321c7b03ffc2304d2fc382de11b0cb013cffa81
Instruction Fuzzy Hash: FD519D32918F8186E711DF25F8403AAB3A4FB58B54FA59139DB8D43721DF78E1AAC740

Function 00007FF71229BD70 Relevance: 6.1, APIs: 4, Instructions: 113COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002,00007FF7122A2B13), ref: 00007FF71229BE39
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002,00007FF7122A2B13), ref: 00007FF71229BEAC

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002,00007FF7122A2B13), ref: 00007FF71229BE99
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF71229BEE0

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: b8ffe146ab6153751a4f2112104dee007a84bd9599e5a7fadec61f1b6c665ac3
Instruction ID: a09c815da3cf6c460f0f59dd0b355bcece6527b0698ca76e64ab757e38136317
Opcode Fuzzy Hash: b8ffe146ab6153751a4f2112104dee007a84bd9599e5a7fadec61f1b6c665ac3
Instruction Fuzzy Hash: 71419062708F9981DE10EB66A44406EE298EB48FF0BE58635DFAD03BD5DE7CD445C210

Function 00007FF71229BC00 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000010,?,00000000,?,00000002,00007FF7122A2B13), ref: 00007FF71229BCBB
memmove.VCRUNTIME140(?,?,00000010,?,00000000,?,00000002,00007FF7122A2B13), ref: 00007FF71229BD2A

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memmove.VCRUNTIME140(?,?,00000010,?,00000000,?,00000002,00007FF7122A2B13), ref: 00007FF71229BD17
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF71229BD59

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 8fef0472069c821175c2c846d5dceda37912b9250457431948ef2f37dbc0b77a
Instruction ID: cf595bb8ec6225599d50cf475260bd8bd09121f8b88d4f86eff7995f5f4b1d4f
Opcode Fuzzy Hash: 8fef0472069c821175c2c846d5dceda37912b9250457431948ef2f37dbc0b77a
Instruction Fuzzy Hash: 9131C262708F9545ED14EB66B4042BDA690AB08BF0FE58635DE6D07BD5DEBCE045C320

Function 00007FF7122D8FC0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D90C1
memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D90F1
memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF7122D9524), ref: 00007FF7122D9101
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122D9135

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: 8f888e23a4a2d030ab1ae8c541eac15482c98a6ea2d8d95329dcc3c816cd923a
Instruction ID: d28021b6e67dfa73b0e9a07517ebb4c6903b07df25a40d09033ab552535e2df7
Opcode Fuzzy Hash: 8f888e23a4a2d030ab1ae8c541eac15482c98a6ea2d8d95329dcc3c816cd923a
Instruction Fuzzy Hash: 3F31C072B09E9981DA10EB11B40417DA2A5AB04BF0FD58735EE7E53BD4DEB8E499C310

Function 00007FF71229B4D0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF71229B53E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: e4f6586f6e2c904826065ead7285321132ca18020fa282a82dbc1e7897f69e42
Instruction ID: 1d57c9ffee34055e119e05b0eba8f393cf353d9f12ec3097124579a5ffbc834b
Opcode Fuzzy Hash: e4f6586f6e2c904826065ead7285321132ca18020fa282a82dbc1e7897f69e42
Instruction Fuzzy Hash: B3310162B09B9245EE16AB65B54037CA2509F00BF4FA50630DE2C07BD1EEB8A4D7D320

Function 00007FF7122A3F00 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A3FEA
memcpy.VCRUNTIME140 ref: 00007FF7122A4017
memcpy.VCRUNTIME140 ref: 00007FF7122A4026
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122A4058

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: 8b4c48627a163a35239f91b9667ca76d414c5d0c4c8cd65418465c9b50966000
Instruction ID: f36a687f3078f04b9b50bad9e422b6e602d0ae8313c451545f878feb3b13e170
Opcode Fuzzy Hash: 8b4c48627a163a35239f91b9667ca76d414c5d0c4c8cd65418465c9b50966000
Instruction Fuzzy Hash: 6E31D122B19F8141EA54EB11A50422DA295EB04FF0F968731EE7E47FC9DEB8E489C310

Function 00007FF7123035D0 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF712303628
memmove.VCRUNTIME140 ref: 00007FF712303681
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7123036A7
memmove.VCRUNTIME140 ref: 00007FF7123036EE

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: isspacememmove
String ID:
API String ID: 2277018807-0
Opcode ID: 589159fc9197f31c52cc9c3876d15ceaeff90be577bcd55d8144fc6578f68daa
Instruction ID: f49d0a28cb19985a6493d05c60bc1615f98d6fb7922cc05ef8f29976a5a268ba
Opcode Fuzzy Hash: 589159fc9197f31c52cc9c3876d15ceaeff90be577bcd55d8144fc6578f68daa
Instruction Fuzzy Hash: 0331EB22B04EA981DB10AF66D2841BDE3A0FB40FD4B584035CB1D5BB55CF78D56BD324

Function 00007FF71229BA80 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF71229C44F,?,?,?,?,?,?,00000000,00007FF7122A2375), ref: 00007FF71229BACD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF71229BAE9
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF71229C44F), ref: 00007FF71229BB2E
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF71229C44F), ref: 00007FF71229BB89

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: 569a150717ac1c7e450aa9e0b7952a267951aa34f9fba8ee3a445350757a466b
Instruction ID: a10a3f58d0197ed7136d6136dfd3f1836ef02c14f5768757ebc6bcb10a334735
Opcode Fuzzy Hash: 569a150717ac1c7e450aa9e0b7952a267951aa34f9fba8ee3a445350757a466b
Instruction Fuzzy Hash: 2A210352B06B4285EE14BB52B8003ACA290EF09BB0FD80731DE7D467D5EEBCE586C300

Function 00007FF712294BC0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,00000000,00007FF7122918E1), ref: 00007FF712294C10
memset.VCRUNTIME140(?,?,00000000,00007FF7122918E1), ref: 00007FF712294CAA
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF712294CC8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memset$Concurrency::cancel_current_task
String ID:
API String ID: 3006004123-0
Opcode ID: 728753e0d56d2ad63d178040301d9b301dcee230adc17bdb2e1a5ac7cf472fe2
Instruction ID: a3ef1c19be39252c64583c3af8eadf9f91b970f78edadbb0cde25dd35ef96ad0
Opcode Fuzzy Hash: 728753e0d56d2ad63d178040301d9b301dcee230adc17bdb2e1a5ac7cf472fe2
Instruction Fuzzy Hash: C7212522B09B9245FE15BB65A50037CA240DF04BF1FA54734DE3C07BD6DEB86496D320

Function 00007FF7122C18F0 Relevance: 6.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122C19AC

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

memcpy.VCRUNTIME140 ref: 00007FF7122C19D9
memcpy.VCRUNTIME140 ref: 00007FF7122C19E8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7122C1A09

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: ed6c2af39ee7660d0bed833a37bc19893379659f5e0fe59dfa76f0b8dd468947
Instruction ID: bd0126ba860143b835fa0e0418af840e722f8e41dbc7faf610f495ecc0b31d2c
Opcode Fuzzy Hash: ed6c2af39ee7660d0bed833a37bc19893379659f5e0fe59dfa76f0b8dd468947
Instruction Fuzzy Hash: 1D312622B04F4580EA24AB52B5003ADA290AF44BF4F954735DFAD077D1DEBCE099C310

Function 00007FF712293690 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF7122936C8
memcpy.VCRUNTIME140(?,00000000,?,?,00007FF712291360), ref: 00007FF712293769
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF712293787

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task
String ID:
API String ID: 326894585-0
Opcode ID: e84bc5a91a15ea117522a25a566df0ee6343534123993101346500784b5fb2fd
Instruction ID: 7c85be89c2e6dce6e0cb0b8e5636d366261bd8a2a58ec9e8c0f55a3e16f28d31
Opcode Fuzzy Hash: e84bc5a91a15ea117522a25a566df0ee6343534123993101346500784b5fb2fd
Instruction Fuzzy Hash: CA21D662B09B6645EE15BB51B5403BCA2449B04BB0FA50634DF6D07BC5DEBDA49AC320

Function 00007FF71230A360 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140 ref: 00007FF71230A39E
_Mtx_unlock.MSVCP140 ref: 00007FF71230A3E3
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF71230A412
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF71230A422

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$Mtx_lockMtx_unlock
String ID:
API String ID: 3599876872-0
Opcode ID: 60265d954e970cebc199702e4548074a3d1b4a73bfd2f80d6fac9bd404776c72
Instruction ID: a239f1ea54913587c49c5d1a7173baae175451f8c1499bf7cd66da7ba944966b
Opcode Fuzzy Hash: 60265d954e970cebc199702e4548074a3d1b4a73bfd2f80d6fac9bd404776c72
Instruction Fuzzy Hash: 0521F522A08A8146EB20EB25E45037DA790EB887A4F444238EB8D077D5DF6CD495CB20

Function 00007FF7123F3F18 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF7123F3F61
GetLastError.KERNEL32 ref: 00007FF7123F3F6F
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF7122A40C9), ref: 00007FF7123F3FA4
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF7122A40C9), ref: 00007FF7123F3FB2

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 93d6d66120067a7be0434c076a81461df443d59f5a315318fc383829697d1ba0
Instruction ID: e9c13a2749b5ed064c05a6bf2b03a0224f823cc78b6f82b9e03d123054eec6df
Opcode Fuzzy Hash: 93d6d66120067a7be0434c076a81461df443d59f5a315318fc383829697d1ba0
Instruction Fuzzy Hash: 95212972A18B8187E7109F11E44432EB6B4F788F94F640239DB8957B54DF7CD855CB14

Function 00007FF7122FE000 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF7122FE01C
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF7122FE03F
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7122FE05C
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF7122FE07E

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@?setg@?$basic_streambuf@D00@Init@?$basic_streambuf@fclose
String ID:
API String ID: 1330854910-0
Opcode ID: 1af0b482c404b12b21c1fe4c5533ed09c4cb117b630ac41331082a0a84f3a560
Instruction ID: 69bc7aae2d0ce61d34d28e62a110a768428ef0a039c7f7d04317ca2b769230cb
Opcode Fuzzy Hash: 1af0b482c404b12b21c1fe4c5533ed09c4cb117b630ac41331082a0a84f3a560
Instruction Fuzzy Hash: E511A026A08F42C2EB44AB65E64436DA7A1FB48BD4F844035CF5947B50CFBCE879C350

Function 00007FF7122935B1 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7122935CE
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF7122935D5
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7122935E1
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF7122935F3

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?rdbuf@?$basic_ios@?setstate@?$basic_ios@?uncaught_exceptions@std@@D@std@@@2@Osfx@?$basic_ostream@V?$basic_streambuf@
String ID:
API String ID: 3156628947-0
Opcode ID: 2b16a58e7f79a2b7e58f2c7fc8d8c964df8711148af7e36e5ca8e02e71ea44f9
Instruction ID: c3b21ce52cdf0d846ab1a002da47eaaad4c55bae96515b7660739cfee0734142
Opcode Fuzzy Hash: 2b16a58e7f79a2b7e58f2c7fc8d8c964df8711148af7e36e5ca8e02e71ea44f9
Instruction Fuzzy Hash: BCF06D27B04B5582EF10DB16E05012EA7A0FF8AFA6B854422CE4D13754CE3CE486C708

Function 00007FF7123F3D0C Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNEL32 ref: 00007FF7123F3D2C
GetLastError.KERNEL32 ref: 00007FF7123F3D36
SetFileInformationByHandle.KERNEL32 ref: 00007FF7123F3D69
GetLastError.KERNEL32 ref: 00007FF7123F3D73

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ErrorFileHandleInformationLast
String ID:
API String ID: 275135790-0
Opcode ID: b9748472765abdbe411f80428384f578a8a47290666029b16d576a7d48743f65
Instruction ID: 4286cc84f749b5c544e673f4a49acff4d6652012dd4e3f968be7d81eedf521a0
Opcode Fuzzy Hash: b9748472765abdbe411f80428384f578a8a47290666029b16d576a7d48743f65
Instruction Fuzzy Hash: 9FF0D632A08E8182FB556B70E4546B4A6909F14720F940139FA06455A4DFECE9CCC726

Function 00007FF7123C8CF0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 208COMMON

Download Yara Rule

Strings

Empty host name, xrefs: 00007FF7123C8F3A
Invalid http protocol: {}, xrefs: 00007FF7123C8F66

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID:
String ID: Empty host name$Invalid http protocol: {}
API String ID: 0-3721568922
Opcode ID: 85d91dd5a24688f098aaea6ad137ceeaf44574177736c6170d1251d57fdf29e5
Instruction ID: 86c62f8c2c6e3d8a199309241ef480cecbd4d888469f0e43e6f4f22e5d7e6965
Opcode Fuzzy Hash: 85d91dd5a24688f098aaea6ad137ceeaf44574177736c6170d1251d57fdf29e5
Instruction Fuzzy Hash: 69A1BD72A04F9185E715DB28E8443EC73B4FB48B58FA48139DB8D47661EF79D59AC300

Function 00007FF7122BCDA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 171COMMON

Download Yara Rule

APIs

_Mtx_init_in_situ.MSVCP140 ref: 00007FF7122BCDEE

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF7122AC930: #115.WS2_32 ref: 00007FF7122AC971

Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF0
Part of subcall function 00007FF7123F4DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7123F4DF6

memset.VCRUNTIME140 ref: 00007FF7122BCE65

Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE79F
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE7CC
Part of subcall function 00007FF7122AE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE851
Part of subcall function 00007FF7122AE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE860
Part of subcall function 00007FF7122AE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF7122E2337), ref: 00007FF7122AE86B

Strings

SynchronousDownloader, xrefs: 00007FF7122BCFF2

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: Concurrency::cancel_current_taskCreateErrorEventLast$#115CloseHandleMtx_init_in_situmallocmemset
String ID: SynchronousDownloader
API String ID: 1929616685-1236417834
Opcode ID: 4c0ec8cd42f221e3856db36630d032f99867ee9a4e8e232b5733c5224368e29b
Instruction ID: b0e97e415d94cd56919a16626eaf1d4526fb9463fb316b68abb05096ff3a0dad
Opcode Fuzzy Hash: 4c0ec8cd42f221e3856db36630d032f99867ee9a4e8e232b5733c5224368e29b
Instruction Fuzzy Hash: B871EA32605F8186EB54EF25F4402ADB3A8FB89B60F554239EB9C07B91DF78E1A5C350

Function 00007FF7122A2DD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF7122A2EF6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7122A3025

Strings

[json.exception., xrefs: 00007FF7122A2EEC, 00007FF7122A2F0A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemmove
String ID: [json.exception.
API String ID: 4032823789-791563284
Opcode ID: b390ec8f9af7463146ca04b12ed2aeed8b35a9531a73bd46fe9c72df6ff1ea84
Instruction ID: bf2914b7e352a9f60868fd33fb386e27b16afe8f3135afb19ea76af7d363525f
Opcode Fuzzy Hash: b390ec8f9af7463146ca04b12ed2aeed8b35a9531a73bd46fe9c72df6ff1ea84
Instruction Fuzzy Hash: EA610522A18B9182EB14EB29E14036DB761FB85BE0F804131EB9D03F95CFBDE099D750

Function 00007FF71229D2F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A38EE
Part of subcall function 00007FF7122A3850: memchr.VCRUNTIME140 ref: 00007FF7122A398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF71229D424
_CxxThrowException.VCRUNTIME140 ref: 00007FF71229D4A0

Strings

type must be string, but is , xrefs: 00007FF71229D470

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: memchr$ExceptionThrow_invalid_parameter_noinfo_noreturn
String ID: type must be string, but is
API String ID: 3608948996-1861512233
Opcode ID: c1288b6ea4e385bbba9f34e49b2e74f732b2e3705969180e2eec5f19c6fd9361
Instruction ID: 66668a4cb5e7b3447a1e2c1db354bcf1366a23ef3a9daad333e416dac4e444ab
Opcode Fuzzy Hash: c1288b6ea4e385bbba9f34e49b2e74f732b2e3705969180e2eec5f19c6fd9361
Instruction Fuzzy Hash: 3751C162F08E4299EF00FFB0D4403FC6361EB517A8FD11532EA0D1BA99DEA8E599C350

Function 00007FF7123041A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF712305068
__std_exception_destroy.VCRUNTIME140 ref: 00007FF712305075

Strings

value, xrefs: 00007FF712304F9D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 120ff347780bebb6b864a59579c506270729c4525bd8babaa6c612a8c1da210d
Instruction ID: 03a00acc6436ccb666aea786459183310bd1d00872103bff0efc9245f2d85bf5
Opcode Fuzzy Hash: 120ff347780bebb6b864a59579c506270729c4525bd8babaa6c612a8c1da210d
Instruction Fuzzy Hash: 3051E822E18FC586E701DB74E4016EEB360FB85764F901236EE4D13A99DFB8D589C750

Function 00007FF7122C91A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF7122C9F1E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF7122C9F2B

Strings

value, xrefs: 00007FF7122C9E6A

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: e7261f1b1aa2e4bc0d1fdcba35ae9b5817c6e220d6578cda23aced0531577bf7
Instruction ID: 0645ed6037737fb5158ab429bfc22efb9681b6843bc9089fa7f1483d822f56e7
Opcode Fuzzy Hash: e7261f1b1aa2e4bc0d1fdcba35ae9b5817c6e220d6578cda23aced0531577bf7
Instruction Fuzzy Hash: AE410363E18F8585E700EB75E8402FDA760FB85398F901132EE4D13A5ADFB8E198C750

Function 00007FF7123A8C50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7123A8D4C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A8DD0

Strings

Bearer {}, xrefs: 00007FF7123A8D2D

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_invalid_parameter_noinfo_noreturn
String ID: Bearer {}
API String ID: 448292810-2946171165
Opcode ID: cc4fa06fef6759143cf7ab9e5ba66c8570a5346837d1c5ebbb1b9bbc50ec41b5
Instruction ID: 7d0b761bcf1f6a7e574f3308af5707113b456119ae92de862df5baa3fb5e7e8e
Opcode Fuzzy Hash: cc4fa06fef6759143cf7ab9e5ba66c8570a5346837d1c5ebbb1b9bbc50ec41b5
Instruction Fuzzy Hash: D6514B32B14B459AE700DFA5E4402ECB3B1FB48B68F404226DE8D63B58EF74D999C354

Function 00007FF7122AA560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT(?,?,?,?,?,00007FF7122B6F56), ref: 00007FF7122AA64A

Strings

invalid format string, xrefs: 00007FF7122AA643
number is too big, xrefs: 00007FF7122AA5F8

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: invalid format string$number is too big
API String ID: 4276112833-4130106228
Opcode ID: 7685011a27de2bccb8cdd5f5240c374d0dd95c05714106fed2110c0798d49b06
Instruction ID: d1547aca5f063ad31e20e73dc1fb6b29be98147149c47b2a6aaf95eec17a641f
Opcode Fuzzy Hash: 7685011a27de2bccb8cdd5f5240c374d0dd95c05714106fed2110c0798d49b06
Instruction Fuzzy Hash: 7F21D461B18D5686EEA09B09E5002BDA3A1FF44FF4FC90131CB6C42F95DA6CE59DCB14

Function 00007FF7123A6140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7123A6207

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetector.cpp, xrefs: 00007FF7123A616C
__cdecl sj::CrashDetector::~CrashDetector(void) noexcept, xrefs: 00007FF7123A614F

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetector.cpp$__cdecl sj::CrashDetector::~CrashDetector(void) noexcept
API String ID: 3668304517-622803845
Opcode ID: 29d1a1a8700e94298505865ca03f563e8c4a06911b2947dfc9c8271ae3d0154d
Instruction ID: 1d112b9342a11cdaf30bb743cd18b0e1564eaa3a6fca565588d084aeac3093ec
Opcode Fuzzy Hash: 29d1a1a8700e94298505865ca03f563e8c4a06911b2947dfc9c8271ae3d0154d
Instruction Fuzzy Hash: 6021BE72A09F8485DB10DF64E4443ADB3A0FB48BA4F910239DAAC42698DFBCC998C750

Function 00007FF7122F4420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7122F1620: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF7122F1663
Part of subcall function 00007FF7122F1620: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF7122F16B5

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7122F47AC), ref: 00007FF7122F44BD

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Sys.cpp, xrefs: 00007FF7122F445D
void __cdecl sj::sys::logError(class std::basic_string_view<char,struct std::char_traits<char> >,unsigned __int64) noexcept, xrefs: 00007FF7122F4469

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@_invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Sys.cpp$void __cdecl sj::sys::logError(class std::basic_string_view<char,struct std::char_traits<char> >,unsigned __int64) noexcept
API String ID: 298516329-1219557809
Opcode ID: 74ba7621bcb060175016eebe0053ce773e17a64ea4a2c787ff87fb66cfffdf27
Instruction ID: 08e4f466ec76bee7c6eb920e2147b6356ddb321bd8b956c1f56c51b89c0f9ea7
Opcode Fuzzy Hash: 74ba7621bcb060175016eebe0053ce773e17a64ea4a2c787ff87fb66cfffdf27
Instruction Fuzzy Hash: 96116371A08E8185EB10AB14F4412AEB360FB857B4F901231EB9C167E5DEBCE589C750

Function 00007FF7122A9069 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF7122A908E
memcpy.VCRUNTIME140 ref: 00007FF7122A90F4

Strings

string pointer is null, xrefs: 00007FF7122A9087

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@memcpy
String ID: string pointer is null
API String ID: 3266568664-3607014066
Opcode ID: ab65d7a8ee0861cbda4b976a951de194d4b674da85fb3cd8e80882ded8c830d9
Instruction ID: 5ee0324fb7347f389e6053ec9b697d97503b47d32342a742b9680963b9552635
Opcode Fuzzy Hash: ab65d7a8ee0861cbda4b976a951de194d4b674da85fb3cd8e80882ded8c830d9
Instruction Fuzzy Hash: AD115A22B08E0682DA44EB22D45123DA761FB00FB4FC50632CE2E43B94CFB9E858C350

Function 00007FF7122F78F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF7122F797F

Strings

{0}.{1}.{2}.{3}, xrefs: 00007FF7122F7942
"", xrefs: 00007FF7122F7949

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@
String ID: ""${0}.{1}.{2}.{3}
API String ID: 2793583501-2861956240
Opcode ID: c8406281fd46a207923ddaa1e9e22a369e366dc2522e3131d628f1cb390a642f
Instruction ID: 96148d892ebc2a0928685b99e814dab43a944e1b03b10b0f4aee2add47a05592
Opcode Fuzzy Hash: c8406281fd46a207923ddaa1e9e22a369e366dc2522e3131d628f1cb390a642f
Instruction Fuzzy Hash: C211DA76508BC496D7218F28E005799B3B0FB98768F145225EFCC42715EB7DD69ACB40

Function 00007FF7122B9FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF7122BA004

Part of subcall function 00007FF7122ADFC0: __std_exception_copy.VCRUNTIME140 ref: 00007FF7122ADFE4

_CxxThrowException.VCRUNTIME140 ref: 00007FF7122BA03A

Strings

no format, xrefs: 00007FF7122B9FE9

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_copy$ExceptionThrow
String ID: no format
API String ID: 391329204-3685095023
Opcode ID: 10cf889178c9e3f664efd049b926dc0df05791ab3fbae8b3c57afc1507dc0831
Instruction ID: 351d831a4a2a57a059fde9cbdbcc9a380de5ef882d3dcf549f330dc35155be22
Opcode Fuzzy Hash: 10cf889178c9e3f664efd049b926dc0df05791ab3fbae8b3c57afc1507dc0831
Instruction Fuzzy Hash: 0B01752251CF8695DB10EB10F4401AAF760FB98354FD44135E9DC42A69EFACE59CCB50

Function 00007FF7122A4810 Relevance: 5.2, APIs: 4, Instructions: 175COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF7122A4843
LeaveCriticalSection.KERNEL32 ref: 00007FF7122A494B
EnterCriticalSection.KERNEL32 ref: 00007FF7122A49B9
LeaveCriticalSection.KERNEL32 ref: 00007FF7122A4A07

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 129f1f8990404c67cd8dddf24f8df5419b01036c19c459ceb7d1a340435ad99f
Instruction ID: 9d7dc8bbdf4d30514ef5e2e9012888ae65407afdfb9f55b08bfeb7134860f494
Opcode Fuzzy Hash: 129f1f8990404c67cd8dddf24f8df5419b01036c19c459ceb7d1a340435ad99f
Instruction Fuzzy Hash: 27717C22E08F9184EB65DF21A8502ADA7A4FB48FA8F994135CE4D27F49DF78D499C310

Function 00007FF7122A4BE0 Relevance: 5.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7123F4DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF7122938C4), ref: 00007FF7123F4DDA

Part of subcall function 00007FF7122AB160: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF7122A4C70), ref: 00007FF7122AB19E
Part of subcall function 00007FF7122AB160: __std_type_info_compare.VCRUNTIME140 ref: 00007FF7122AB1ED
Part of subcall function 00007FF7122AB160: LeaveCriticalSection.KERNEL32 ref: 00007FF7122AB206
Part of subcall function 00007FF7122AB160: EnterCriticalSection.KERNEL32 ref: 00007FF7122AB228
Part of subcall function 00007FF7122AB160: __std_type_info_compare.VCRUNTIME140 ref: 00007FF7122AB260
Part of subcall function 00007FF7122AB160: LeaveCriticalSection.KERNEL32 ref: 00007FF7122AB281

EnterCriticalSection.KERNEL32 ref: 00007FF7122A4C8A
LeaveCriticalSection.KERNEL32 ref: 00007FF7122A4D02
EnterCriticalSection.KERNEL32 ref: 00007FF7122A4D14
LeaveCriticalSection.KERNEL32 ref: 00007FF7122A4D30

Memory Dump Source

Source File: 00000000.00000002.2897742005.00007FF712291000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712290000, based on PE: true

Associated: 00000000.00000002.2897727564.00007FF712290000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897867726.00007FF71240C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897884634.00007FF71240E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897924454.00007FF712464000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897943061.00007FF712465000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897958188.00007FF712466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2897984777.00007FF71248C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff712290000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$EnterLeave$__std_type_info_compare$malloc
String ID:
API String ID: 2801097596-0
Opcode ID: c9c13417e019b7047018e2c4698dfa376b7fec7e758ea7216874753a9204436d
Instruction ID: 0a0adcd47057db03e3c3bfef24aa4a88a57fff700afb8a92fa551a4d740804cc
Opcode Fuzzy Hash: c9c13417e019b7047018e2c4698dfa376b7fec7e758ea7216874753a9204436d
Instruction Fuzzy Hash: 05417E32908F8182D760DF11E4502ADB7A8FB98BA4F465236DF8D03B65DF78E5A5C314

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sj-updater-app.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: sj-updater-app.exePID: 7460, Parent PID: 2580

General

Chronological Activities

Analysis Process: conhost.exePID: 7468, Parent PID: 7460

General

Chronological Activities

Disassembly

Analysis Process: sj-updater-app.exePID: 7460, Parent PID: 2580COMMON

Windows Analysis Report
sj-updater-app.exe