Edit tour

Windows Analysis Report
BraveUpdateComRegisterShell64.exe

Overview

General Information

Sample name:BraveUpdateComRegisterShell64.exe
Analysis ID:1476976
MD5:e5ceb2c8343d7015398f92377bf44ee6
SHA1:a6dffc4c20830729f2bd13947864b07efe188958
SHA256:c21808e42c600163889484750eb9a89dedcdcfb23cdf68d16e2f19378026de5d
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: BraveUpdateComRegisterShell64.exeStatic PE information: certificate valid
Source: BraveUpdateComRegisterShell64.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdbT source: BraveUpdateComRegisterShell64.exe
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdb source: BraveUpdateComRegisterShell64.exe
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2EE70 FindFirstFileExW,0_2_00007FF6ADF2EE70
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://ocsp.digicert.com0
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: BraveUpdateComRegisterShell64.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF248F8 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,0_2_00007FF6ADF248F8
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF248F8 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,0_2_00007FF6ADF248F8
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2C8100_2_00007FF6ADF2C810
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2EE700_2_00007FF6ADF2EE70
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2E6840_2_00007FF6ADF2E684
Source: BraveUpdateComRegisterShell64.exeBinary or memory string: OriginalFilename vs BraveUpdateComRegisterShell64.exe
Source: BraveUpdateComRegisterShell64.exe, 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveUpdateComRegisterShell64.exe
Source: BraveUpdateComRegisterShell64.exeBinary or memory string: OriginalFilenamegoopdate.dllJ vs BraveUpdateComRegisterShell64.exe
Source: classification engineClassification label: clean5.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2126C LoadResource,LockResource,SizeofResource,0_2_00007FF6ADF2126C
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: BraveUpdateComRegisterShell64.exeStatic PE information: certificate valid
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: BraveUpdateComRegisterShell64.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: BraveUpdateComRegisterShell64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdbT source: BraveUpdateComRegisterShell64.exe
Source: Binary string: BraveUpdateComRegisterShell64_unsigned.pdb source: BraveUpdateComRegisterShell64.exe
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: BraveUpdateComRegisterShell64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF23A78 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_00007FF6ADF23A78
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF243E4 RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,0_2_00007FF6ADF243E4
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2EE70 FindFirstFileExW,0_2_00007FF6ADF2EE70
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2AB78 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6ADF2AB78
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF24C54 InitializeCriticalSectionAndSpinCount,GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF6ADF24C54
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF23A78 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_00007FF6ADF23A78
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF21480 GetProcessHeap,0_2_00007FF6ADF21480
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF2AB78 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6ADF2AB78
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF25778 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6ADF25778
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF253BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6ADF253BC
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF25958 SetUnhandledExceptionFilter,0_2_00007FF6ADF25958
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF33F40 cpuid 0_2_00007FF6ADF33F40
Source: C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exeCode function: 0_2_00007FF6ADF24034 GetSystemTimeAsFileTime,0_2_00007FF6ADF24034
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API
1
DLL Side-Loading
1
DLL Side-Loading
1
DLL Side-Loading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory3
Security Software Discovery
Remote Desktop Protocol2
Clipboard Data
Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS12
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1476976 Sample: BraveUpdateComRegisterShell64.exe Startdate: 19/07/2024 Architecture: WINDOWS Score: 5 4 BraveUpdateComRegisterShell64.exe 2->4         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
BraveUpdateComRegisterShell64.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1476976
Start date and time:2024-07-19 20:39:45 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:BraveUpdateComRegisterShell64.exe
Detection:CLEAN
Classification:clean5.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 97%
  • Number of executed functions: 13
  • Number of non-executed functions: 37
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com
  • VT rate limit hit for: BraveUpdateComRegisterShell64.exe
No simulations
No context
No context
No context
No context
No context
No created / dropped files found
File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.1928419739850655
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:BraveUpdateComRegisterShell64.exe
File size:174'104 bytes
MD5:e5ceb2c8343d7015398f92377bf44ee6
SHA1:a6dffc4c20830729f2bd13947864b07efe188958
SHA256:c21808e42c600163889484750eb9a89dedcdcfb23cdf68d16e2f19378026de5d
SHA512:3bee913916b11398f3593a9a2f8ae70fabce19ca45996789ac8ab899ab770290f40876df30ba1180ee797f876a540c835e47ca337929dee0b83ad27355f92314
SSDEEP:3072:7urxDnvsKxxDo4WVSWW/VaO7QAiOWdj/8kyVwvgB+cB/J:7M2Kxxc4oIt97QAYgqoB+c
TLSH:50045C1B73A430F9E1B78135C8924A16E7B2B8720B50E79F13A4477A1F33691DD2EB61
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`..@3..@3..@3..C2..@3..E2>.@3[.C2..@3[.D2..@3[.E2..@3..I2..@3..D2..@3..A2..@3..A3..@3..E2..@3...3..@3...3..@3..B2..@3Rich..@
Icon Hash:2f232d67b7934633
Entrypoint:0x140004ffc
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66953BA6 [Mon Jul 15 15:09:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:2
File Version Major:5
File Version Minor:2
Subsystem Version Major:5
Subsystem Version Minor:2
Import Hash:4f32214340f08cb2ab89522936793048
Signature Valid:true
Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 28/05/2024 02:00:00 07/08/2027 01:59:59
Subject Chain
  • CN="Brave Software, Inc.", O="Brave Software, Inc.", L=San Francisco, S=California, C=US
Version:3
Thumbprint MD5:9556B0EC482251182975F452FB6EFFBC
Thumbprint SHA-1:F8AC5F11DE7E26383B7A389FC19A2613835799D7
Thumbprint SHA-256:605F451998D85EFB906F1D062B20DE8BE591F69588C68F0226CE8A64EF27213F
Serial:0E982FDDF06E93E911065D037D4DD482
Instruction
dec eax
sub esp, 28h
call 00007F316C6EEB6Ch
dec eax
add esp, 28h
jmp 00007F316C6EE38Fh
int3
int3
jmp 00007F316C6EE83Ch
int3
int3
int3
dec eax
sub esp, 28h
call 00007F316C6EF1FCh
test eax, eax
je 00007F316C6EE533h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F316C6EE517h
dec eax
cmp ecx, eax
je 00007F316C6EE526h
xor eax, eax
dec eax
cmpxchg dword ptr [0001EEFCh], ecx
jne 00007F316C6EE500h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007F316C6EE509h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007F316C6EE519h
mov byte ptr [0001EEE5h], 00000001h
call 00007F316C6EEEE9h
call 00007F316C6EF748h
test al, al
jne 00007F316C6EE516h
xor al, al
jmp 00007F316C6EE526h
call 00007F316C6F616Bh
test al, al
jne 00007F316C6EE51Bh
xor ecx, ecx
call 00007F316C6EF758h
jmp 00007F316C6EE4FCh
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [0001EEACh], 00000000h
mov ebx, ecx
jne 00007F316C6EE579h
cmp ecx, 01h
jnbe 00007F316C6EE57Ch
call 00007F316C6EF172h
test eax, eax
je 00007F316C6EE53Ah
test ebx, ebx
jne 00007F316C6EE536h
dec eax
lea ecx, dword ptr [0001EE96h]
call 00007F316C6F5F8Ah
test eax, eax
jne 00007F316C6EE522h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x21b080x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x290000x3278.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x270000x16c8.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x280000x2818
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2d0000x87c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x1fc900x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x1fe800x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1fb500x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x160000x3d0.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x14b200x14c008f79759b66ee949ce50a9da83b92d4fdFalse0.5619470067771084DOS executable (COM)6.450943592947004IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x160000xc8080xca00245ef1e29a383b9e3e7c8015c5afb4e7False0.40911200495049505data4.645329277044868IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x230000x32600x10003993488bfaa4e46fa52568ae1b4d4ba6False0.150146484375data2.0416580595813913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x270000x16c80x18005a29405f6a011e34a4bf83071d3ed8baFalse0.45556640625data4.914221929139865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x290000x32780x340063d7d2e35db62f8217f337bb32a67182False0.3633563701923077data5.137004911463502IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x2d0000x87c0xa00c099ebeae87087463e5468ccc019bcdbFalse0.503515625data5.096857809701152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x298000x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
RT_ICON0x299280x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
RT_ICON0x29e900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
RT_ICON0x2a1780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
RT_ICON0x2aa200x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
RT_ICON0x2b0880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
RT_GROUP_ICON0x2bf300x5adataEnglishUnited States0.7333333333333333
RT_VERSION0x2bf900x2e8dataEnglishUnited States0.4368279569892473
RT_MANIFEST0x292200x5e0XML 1.0 document, ASCII textEnglishUnited States0.425531914893617
DLLImport
ADVAPI32.dllRegCloseKey, RegOverridePredefKey, RegOpenKeyExW, RegQueryValueExW
KERNEL32.dllFlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetFileType, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, SetFilePointerEx, GetConsoleOutputCP, GetConsoleMode, WriteConsoleW, FindResourceW, SizeofResource, LockResource, LoadResource, GetProcAddress, GetModuleHandleW, FindResourceExW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetProcessHeap, HeapSize, HeapFree, HeapReAlloc, HeapAlloc, HeapDestroy, GetLastError, RaiseException, DecodePointer, GetCommandLineW, GetModuleHandleExW, GetModuleFileNameW, GetEnvironmentVariableW, CloseHandle, GetCurrentProcessId, VirtualQuery, LocalFree, SetLastError, FindNextFileW, GetCurrentProcess, FindClose, GetFileAttributesExW, LoadLibraryW, FreeLibrary, lstrcmpiW, GetTickCount, LoadLibraryExW, TerminateProcess, Sleep, lstrlenW, MultiByteToWideChar, WideCharToMultiByte, WriteFile, CreateFileW, GetSystemTimeAsFileTime, FlushFileBuffers, GetPrivateProfileIntW, OutputDebugStringA, GetCurrentThreadId, OutputDebugStringW, TryEnterCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, ExitProcess, IsDebuggerPresent, GetStdHandle, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, QueryPerformanceCounter, InitializeSListHead, GetStartupInfoW, InitializeCriticalSectionEx, EncodePointer, GetStringTypeW, GetCPInfo, RtlUnwindEx, RtlPcToFileHeader, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree
USER32.dllwsprintfW, MessageBoxW, EmptyClipboard, CloseClipboard, OpenClipboard, SetClipboardData, CharLowerBuffW
SHLWAPI.dllPathStripPathW, PathRemoveExtensionW, PathRemoveFileSpecW, PathAppendW
SHELL32.dllCommandLineToArgvW
Language of compilation systemCountry where language is spokenMap
EnglishUnited States
No network behavior found
0246810s020406080100

Click to jump to process

Click to jump to process

Target ID:0
Start time:14:40:35
Start date:19/07/2024
Path:C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\BraveUpdateComRegisterShell64.exe"
Imagebase:0x7ff6adf20000
File size:174'104 bytes
MD5 hash:E5CEB2C8343D7015398F92377BF44EE6
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:7.1%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:4.9%
Total number of Nodes:958
Total number of Limit Nodes:15
Show Legend
Hide Nodes/Edges
execution_graph 10639 7ff6adf2c6c0 10642 7ff6adf2c644 10639->10642 10649 7ff6adf2ce10 EnterCriticalSection 10642->10649 10385 7ff6adf2d444 10386 7ff6adf2d449 10385->10386 10387 7ff6adf2d45e 10385->10387 10391 7ff6adf2d464 10386->10391 10392 7ff6adf2d4a6 10391->10392 10393 7ff6adf2d4ae 10391->10393 10395 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10392->10395 10394 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10393->10394 10396 7ff6adf2d4bb 10394->10396 10395->10393 10397 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10396->10397 10398 7ff6adf2d4c8 10397->10398 10399 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10398->10399 10400 7ff6adf2d4d5 10399->10400 10401 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10400->10401 10402 7ff6adf2d4e2 10401->10402 10403 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10402->10403 10404 7ff6adf2d4ef 10403->10404 10405 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10404->10405 10406 7ff6adf2d4fc 10405->10406 10407 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10406->10407 10408 7ff6adf2d509 10407->10408 10409 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10408->10409 10410 7ff6adf2d519 10409->10410 10411 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 10410->10411 10412 7ff6adf2d529 10411->10412 10417 7ff6adf2d314 10412->10417 10431 7ff6adf2ce10 EnterCriticalSection 10417->10431 10462 7ff6adf2e26c 10463 7ff6adf2e277 10462->10463 10471 7ff6adf3196c 10463->10471 10484 7ff6adf2ce10 EnterCriticalSection 10471->10484 9366 7ff6adf2c3ed 9367 7ff6adf2cd9c 54 API calls 9366->9367 9368 7ff6adf2c3f2 9367->9368 9369 7ff6adf2c419 GetModuleHandleW 9368->9369 9370 7ff6adf2c463 9368->9370 9369->9370 9376 7ff6adf2c426 9369->9376 9378 7ff6adf2c2f0 9370->9378 9373 7ff6adf2c4a6 9376->9370 9392 7ff6adf2c514 GetModuleHandleExW 9376->9392 9398 7ff6adf2ce10 EnterCriticalSection 9378->9398 9380 7ff6adf2c30c 9381 7ff6adf2c328 115 API calls 9380->9381 9382 7ff6adf2c315 9381->9382 9383 7ff6adf2ce64 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 9382->9383 9384 7ff6adf2c31d 9383->9384 9384->9373 9385 7ff6adf2c4bc 9384->9385 9399 7ff6adf2c4f0 9385->9399 9387 7ff6adf2c4c9 9388 7ff6adf2c4cd GetCurrentProcess TerminateProcess 9387->9388 9389 7ff6adf2c4de 9387->9389 9388->9389 9390 7ff6adf2c514 3 API calls 9389->9390 9391 7ff6adf2c4e5 ExitProcess 9390->9391 9393 7ff6adf2c548 GetProcAddress 9392->9393 9394 7ff6adf2c571 9392->9394 9395 7ff6adf2c55a 9393->9395 9396 7ff6adf2c576 FreeLibrary 9394->9396 9397 7ff6adf2c57d 9394->9397 9395->9394 9396->9397 9397->9370 9402 7ff6adf30308 9399->9402 9401 7ff6adf2c4f9 9401->9387 9403 7ff6adf30319 9402->9403 9404 7ff6adf30327 9403->9404 9406 7ff6adf2db1c 9403->9406 9404->9401 9407 7ff6adf2d960 5 API calls 9406->9407 9408 7ff6adf2db44 9407->9408 9408->9404 8229 7ff6adf24e88 8254 7ff6adf25054 8229->8254 8232 7ff6adf24fd4 8298 7ff6adf25778 IsProcessorFeaturePresent 8232->8298 8233 7ff6adf24ea4 8235 7ff6adf24fde 8233->8235 8238 7ff6adf24ec2 8233->8238 8236 7ff6adf25778 7 API calls 8235->8236 8237 7ff6adf24fe9 BuildCatchObjectHelperInternal 8236->8237 8239 7ff6adf24ee7 8238->8239 8242 7ff6adf24f04 __scrt_release_startup_lock 8238->8242 8262 7ff6adf2c264 8238->8262 8241 7ff6adf24f6d 8266 7ff6adf258c0 8241->8266 8242->8241 8287 7ff6adf2c5b8 8242->8287 8244 7ff6adf24f72 8269 7ff6adf2c1f4 8244->8269 8249 7ff6adf24f8e 8292 7ff6adf25904 GetModuleHandleW 8249->8292 8251 7ff6adf24f95 8251->8237 8294 7ff6adf251d8 8251->8294 8255 7ff6adf2505c 8254->8255 8305 7ff6adf262a0 8255->8305 8261 7ff6adf24e9c 8261->8232 8261->8233 8263 7ff6adf2c269 8262->8263 8264 7ff6adf2c29a 8262->8264 8263->8264 8378 7ff6adf21028 8263->8378 8264->8242 9023 7ff6adf34dd0 8266->9023 8268 7ff6adf258d7 GetStartupInfoW 8268->8244 8270 7ff6adf2fc68 67 API calls 8269->8270 8272 7ff6adf2c203 8270->8272 8271 7ff6adf24f7a 8274 7ff6adf24b48 GetModuleHandleW GetProcAddress 8271->8274 8272->8271 9025 7ff6adf30018 8272->9025 8275 7ff6adf24b7b GetCommandLineW 8274->8275 8276 7ff6adf24b74 8274->8276 9083 7ff6adf224f0 8275->9083 8276->8275 8278 7ff6adf24b8e 9092 7ff6adf2268c 8278->9092 8281 7ff6adf21c58 95 API calls 8282 7ff6adf24bb6 8281->8282 8283 7ff6adf21c58 95 API calls 8282->8283 8284 7ff6adf24bfa 8283->8284 9122 7ff6adf24a84 8284->9122 8286 7ff6adf24c39 8286->8249 8288 7ff6adf2c5f0 8287->8288 8289 7ff6adf2c5cf 8287->8289 9338 7ff6adf2cd9c 8288->9338 8289->8241 8293 7ff6adf25915 8292->8293 8293->8251 8296 7ff6adf251e9 8294->8296 8295 7ff6adf24fac 8295->8239 8296->8295 8297 7ff6adf262c8 7 API calls 8296->8297 8297->8295 8299 7ff6adf2579e __scrt_get_show_window_mode BuildCatchObjectHelperInternal 8298->8299 8300 7ff6adf257bd RtlCaptureContext RtlLookupFunctionEntry 8299->8300 8301 7ff6adf257e6 RtlVirtualUnwind 8300->8301 8302 7ff6adf25822 __scrt_get_show_window_mode 8300->8302 8301->8302 8303 7ff6adf25854 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8302->8303 8304 7ff6adf258a2 BuildCatchObjectHelperInternal 8303->8304 8304->8235 8322 7ff6adf27494 8305->8322 8308 7ff6adf2506d 8308->8261 8312 7ff6adf2ccd0 8308->8312 8313 7ff6adf30ef0 8312->8313 8314 7ff6adf2507a 8313->8314 8358 7ff6adf2e4d8 8313->8358 8314->8261 8316 7ff6adf262c8 8314->8316 8317 7ff6adf262da 8316->8317 8318 7ff6adf262d0 8316->8318 8317->8261 8370 7ff6adf27470 8318->8370 8321 7ff6adf274dc __vcrt_uninitialize_locks DeleteCriticalSection 8321->8317 8324 7ff6adf2749c 8322->8324 8325 7ff6adf274cd 8324->8325 8326 7ff6adf262a9 8324->8326 8339 7ff6adf2a8cc 8324->8339 8327 7ff6adf274dc __vcrt_uninitialize_locks DeleteCriticalSection 8325->8327 8326->8308 8328 7ff6adf27428 8326->8328 8327->8326 8354 7ff6adf2a7a0 8328->8354 8344 7ff6adf2a650 8339->8344 8342 7ff6adf2a917 InitializeCriticalSectionAndSpinCount 8343 7ff6adf2a90c 8342->8343 8343->8324 8345 7ff6adf2a694 __vcrt_InitializeCriticalSectionEx 8344->8345 8346 7ff6adf2a73a 8344->8346 8345->8346 8347 7ff6adf2a6c2 LoadLibraryExW 8345->8347 8348 7ff6adf2a781 GetProcAddress 8345->8348 8353 7ff6adf2a705 LoadLibraryExW 8345->8353 8346->8342 8346->8343 8349 7ff6adf2a761 8347->8349 8350 7ff6adf2a6e3 GetLastError 8347->8350 8348->8346 8352 7ff6adf2a792 8348->8352 8349->8348 8351 7ff6adf2a778 FreeLibrary 8349->8351 8350->8345 8351->8348 8352->8346 8353->8345 8353->8349 8355 7ff6adf2a650 __vcrt_InitializeCriticalSectionEx 5 API calls 8354->8355 8356 7ff6adf2a7c5 TlsAlloc 8355->8356 8369 7ff6adf2ce10 EnterCriticalSection 8358->8369 8360 7ff6adf2e4e8 8361 7ff6adf30430 53 API calls 8360->8361 8362 7ff6adf2e4f1 8361->8362 8363 7ff6adf2e4ff 8362->8363 8365 7ff6adf2e2e0 55 API calls 8362->8365 8364 7ff6adf2ce64 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 8363->8364 8366 7ff6adf2e50b 8364->8366 8367 7ff6adf2e4fa 8365->8367 8366->8313 8368 7ff6adf2e3d0 GetStdHandle GetFileType 8367->8368 8368->8363 8371 7ff6adf262d5 8370->8371 8372 7ff6adf2747f 8370->8372 8371->8321 8374 7ff6adf2a7e8 8372->8374 8375 7ff6adf2a650 __vcrt_InitializeCriticalSectionEx 5 API calls 8374->8375 8376 7ff6adf2a80f TlsFree 8375->8376 8381 7ff6adf24158 8378->8381 8380 7ff6adf21031 8409 7ff6adf21480 8381->8409 8384 7ff6adf24316 8385 7ff6adf21230 RaiseException 8384->8385 8396 7ff6adf24321 8385->8396 8386 7ff6adf24180 InitializeCriticalSection 8387 7ff6adf21480 57 API calls 8386->8387 8388 7ff6adf241c5 8387->8388 8389 7ff6adf2430c 8388->8389 8390 7ff6adf241d1 8388->8390 8523 7ff6adf21230 8389->8523 8424 7ff6adf2176c 8390->8424 8394 7ff6adf2422b 8438 7ff6adf21b08 8394->8438 8395 7ff6adf21bb0 48 API calls 8399 7ff6adf2420b 8395->8399 8527 7ff6adf24720 DeleteCriticalSection 8396->8527 8512 7ff6adf23c54 8399->8512 8400 7ff6adf243cb 8400->8380 8401 7ff6adf24243 __scrt_get_show_window_mode 8448 7ff6adf24070 8401->8448 8404 7ff6adf242bf 8493 7ff6adf21bb0 8404->8493 8410 7ff6adf214e1 8409->8410 8412 7ff6adf214b5 8409->8412 8528 7ff6adf252c4 AcquireSRWLockExclusive 8410->8528 8414 7ff6adf252c4 3 API calls 8412->8414 8423 7ff6adf214c8 8412->8423 8416 7ff6adf2153e 8414->8416 8416->8423 8533 7ff6adf25240 8416->8533 8423->8384 8423->8386 8425 7ff6adf21480 57 API calls 8424->8425 8426 7ff6adf2178b 8425->8426 8427 7ff6adf21799 GetEnvironmentVariableW 8426->8427 8428 7ff6adf21831 8426->8428 8431 7ff6adf217ba 8427->8431 8437 7ff6adf2180d 8427->8437 8429 7ff6adf21230 RaiseException 8428->8429 8436 7ff6adf217f4 8429->8436 8434 7ff6adf217dd GetEnvironmentVariableW 8431->8434 8431->8436 8552 7ff6adf22070 8431->8552 8432 7ff6adf21230 RaiseException 8433 7ff6adf21846 8432->8433 8434->8436 8436->8432 8436->8437 8437->8394 8437->8395 8439 7ff6adf21b34 8438->8439 8440 7ff6adf21480 57 API calls 8439->8440 8444 7ff6adf21b58 8439->8444 8441 7ff6adf21b47 8440->8441 8442 7ff6adf21ba3 8441->8442 8441->8444 8443 7ff6adf21230 RaiseException 8442->8443 8446 7ff6adf21bad 8443->8446 8744 7ff6adf21d54 8444->8744 8759 7ff6adf219c4 8448->8759 8452 7ff6adf24093 8453 7ff6adf219c4 98 API calls 8452->8453 8454 7ff6adf240a0 8453->8454 8775 7ff6adf21f8c 8454->8775 8456 7ff6adf240b1 8457 7ff6adf2414c 8456->8457 8458 7ff6adf240c1 lstrcmpiW 8456->8458 8459 7ff6adf21230 RaiseException 8457->8459 8460 7ff6adf240d6 8458->8460 8461 7ff6adf24103 8458->8461 8462 7ff6adf24156 8459->8462 8464 7ff6adf23c54 48 API calls 8460->8464 8461->8404 8463 7ff6adf21480 57 API calls 8462->8463 8465 7ff6adf2416e 8463->8465 8466 7ff6adf240f4 8464->8466 8467 7ff6adf24316 8465->8467 8470 7ff6adf24180 InitializeCriticalSection 8465->8470 8468 7ff6adf23c54 48 API calls 8466->8468 8469 7ff6adf21230 RaiseException 8467->8469 8468->8461 8480 7ff6adf24321 8469->8480 8471 7ff6adf21480 57 API calls 8470->8471 8472 7ff6adf241c5 8471->8472 8473 7ff6adf2430c 8472->8473 8474 7ff6adf241d1 8472->8474 8475 7ff6adf21230 RaiseException 8473->8475 8476 7ff6adf2176c 60 API calls 8474->8476 8475->8467 8477 7ff6adf241f1 8476->8477 8478 7ff6adf2422b 8477->8478 8479 7ff6adf21bb0 48 API calls 8477->8479 8481 7ff6adf21b08 58 API calls 8478->8481 8482 7ff6adf2420b 8479->8482 8788 7ff6adf24720 DeleteCriticalSection 8480->8788 8485 7ff6adf24243 __scrt_get_show_window_mode 8481->8485 8486 7ff6adf23c54 48 API calls 8482->8486 8484 7ff6adf243cb 8484->8404 8487 7ff6adf24070 112 API calls 8485->8487 8486->8478 8488 7ff6adf242bf 8487->8488 8489 7ff6adf21bb0 48 API calls 8488->8489 8490 7ff6adf242ce 8489->8490 8491 7ff6adf243e4 105 API calls 8490->8491 8492 7ff6adf24300 8491->8492 8492->8404 8494 7ff6adf21bd5 8493->8494 8499 7ff6adf21be8 8493->8499 8495 7ff6adf21c0e 8494->8495 8497 7ff6adf21be3 8494->8497 8496 7ff6adf21e5c 48 API calls 8495->8496 8496->8499 8498 7ff6adf21f8c 48 API calls 8497->8498 8498->8499 8500 7ff6adf243e4 RegOpenKeyExW 8499->8500 8501 7ff6adf24428 RegQueryValueExW RegCloseKey 8500->8501 8502 7ff6adf2446e 8500->8502 8501->8502 8996 7ff6adf2462c 8502->8996 8505 7ff6adf2449e GetPrivateProfileIntW GetPrivateProfileIntW GetPrivateProfileIntW GetPrivateProfileIntW 8506 7ff6adf2452e 8505->8506 8507 7ff6adf245f1 8506->8507 8508 7ff6adf2462c 96 API calls 8506->8508 8511 7ff6adf2459e GetPrivateProfileIntW 8506->8511 9005 7ff6adf24034 8507->9005 8508->8506 8511->8506 8515 7ff6adf23c93 8512->8515 8519 7ff6adf23d07 BuildCatchObjectHelperInternal 8512->8519 8513 7ff6adf21230 RaiseException 8514 7ff6adf23d67 8513->8514 8516 7ff6adf22070 48 API calls 8515->8516 8517 7ff6adf23ce5 __scrt_get_show_window_mode 8515->8517 8515->8519 8516->8517 8517->8519 8520 7ff6adf2afb0 _set_fmode 11 API calls 8517->8520 8518 7ff6adf23d30 8518->8394 8519->8513 8519->8518 8521 7ff6adf23d1d 8520->8521 8522 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8521->8522 8522->8519 8524 7ff6adf2123e 8523->8524 9022 7ff6adf21220 RaiseException 8524->9022 8527->8400 8529 7ff6adf252da 8528->8529 8530 7ff6adf252df ReleaseSRWLockExclusive 8529->8530 8532 7ff6adf252e4 SleepConditionVariableSRW 8529->8532 8532->8529 8537 7ff6adf25204 8533->8537 8535 7ff6adf2158d 8536 7ff6adf25258 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 8535->8536 8538 7ff6adf2521e 8537->8538 8540 7ff6adf25217 8537->8540 8541 7ff6adf2cb5c 8538->8541 8540->8535 8544 7ff6adf2c798 8541->8544 8551 7ff6adf2ce10 EnterCriticalSection 8544->8551 8554 7ff6adf2209a 8552->8554 8556 7ff6adf2208b 8552->8556 8553 7ff6adf220cc 8553->8434 8554->8553 8565 7ff6adf221a4 8554->8565 8557 7ff6adf22242 __scrt_get_show_window_mode 8556->8557 8558 7ff6adf222c5 8556->8558 8560 7ff6adf22264 BuildCatchObjectHelperInternal 8557->8560 8578 7ff6adf2afb0 8557->8578 8584 7ff6adf222cc 8558->8584 8560->8434 8566 7ff6adf221bd 8565->8566 8567 7ff6adf222cc RaiseException 8566->8567 8568 7ff6adf221d6 8566->8568 8569 7ff6adf221e8 8567->8569 8568->8553 8570 7ff6adf222c5 8569->8570 8574 7ff6adf22242 __scrt_get_show_window_mode 8569->8574 8571 7ff6adf222cc RaiseException 8570->8571 8573 7ff6adf222ca 8571->8573 8572 7ff6adf22264 BuildCatchObjectHelperInternal 8572->8553 8574->8572 8575 7ff6adf2afb0 _set_fmode 11 API calls 8574->8575 8576 7ff6adf2227a 8575->8576 8576->8572 8577 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8576->8577 8577->8572 8587 7ff6adf2d73c GetLastError 8578->8587 8580 7ff6adf2227a 8580->8560 8581 7ff6adf2ae44 8580->8581 8644 7ff6adf2acdc 8581->8644 8585 7ff6adf21230 RaiseException 8584->8585 8586 7ff6adf222ca 8585->8586 8588 7ff6adf2d77d FlsSetValue 8587->8588 8592 7ff6adf2d760 8587->8592 8589 7ff6adf2d78f 8588->8589 8601 7ff6adf2d76d SetLastError 8588->8601 8604 7ff6adf2ddfc 8589->8604 8592->8588 8592->8601 8594 7ff6adf2d7bc FlsSetValue 8597 7ff6adf2d7c8 FlsSetValue 8594->8597 8598 7ff6adf2d7da 8594->8598 8595 7ff6adf2d7ac FlsSetValue 8596 7ff6adf2d7b5 8595->8596 8611 7ff6adf2d924 8596->8611 8597->8596 8617 7ff6adf2d374 8598->8617 8601->8580 8610 7ff6adf2de0d _set_fmode 8604->8610 8605 7ff6adf2de5e 8607 7ff6adf2afb0 _set_fmode 10 API calls 8605->8607 8606 7ff6adf2de42 RtlAllocateHeap 8608 7ff6adf2d79e 8606->8608 8606->8610 8607->8608 8608->8594 8608->8595 8610->8605 8610->8606 8622 7ff6adf2cd24 8610->8622 8612 7ff6adf2d929 HeapFree 8611->8612 8613 7ff6adf2d958 8611->8613 8612->8613 8614 7ff6adf2d944 GetLastError 8612->8614 8613->8601 8615 7ff6adf2d951 Concurrency::details::SchedulerProxy::DeleteThis 8614->8615 8616 7ff6adf2afb0 _set_fmode 9 API calls 8615->8616 8616->8613 8630 7ff6adf2d24c 8617->8630 8625 7ff6adf2cd64 8622->8625 8626 7ff6adf2ce10 Concurrency::details::SchedulerProxy::DeleteThis EnterCriticalSection 8625->8626 8627 7ff6adf2cd71 8626->8627 8628 7ff6adf2ce64 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 8627->8628 8629 7ff6adf2cd36 8628->8629 8629->8610 8642 7ff6adf2ce10 EnterCriticalSection 8630->8642 8645 7ff6adf2ad07 8644->8645 8652 7ff6adf2ad78 8645->8652 8647 7ff6adf2ad51 8650 7ff6adf2ad66 8647->8650 8651 7ff6adf2aa58 _invalid_parameter_noinfo 47 API calls 8647->8651 8650->8560 8651->8650 8671 7ff6adf2aac0 8652->8671 8656 7ff6adf2ad2e 8656->8647 8662 7ff6adf2aa58 8656->8662 8663 7ff6adf2aaab 8662->8663 8664 7ff6adf2aa6b GetLastError 8662->8664 8663->8647 8665 7ff6adf2aa7b 8664->8665 8666 7ff6adf2d804 _invalid_parameter_noinfo 16 API calls 8665->8666 8667 7ff6adf2aa96 SetLastError 8666->8667 8667->8663 8668 7ff6adf2aab9 8667->8668 8709 7ff6adf2b66c 8668->8709 8672 7ff6adf2ab17 8671->8672 8673 7ff6adf2aadc GetLastError 8671->8673 8672->8656 8677 7ff6adf2ab2c 8672->8677 8674 7ff6adf2aaec 8673->8674 8684 7ff6adf2d804 8674->8684 8678 7ff6adf2ab48 GetLastError SetLastError 8677->8678 8679 7ff6adf2ab60 8677->8679 8678->8679 8679->8656 8680 7ff6adf2ae94 IsProcessorFeaturePresent 8679->8680 8681 7ff6adf2aea7 8680->8681 8701 7ff6adf2ab78 8681->8701 8685 7ff6adf2d83e FlsSetValue 8684->8685 8686 7ff6adf2d823 FlsGetValue 8684->8686 8688 7ff6adf2d84b 8685->8688 8690 7ff6adf2ab07 SetLastError 8685->8690 8687 7ff6adf2d838 8686->8687 8686->8690 8687->8685 8689 7ff6adf2ddfc _set_fmode 11 API calls 8688->8689 8691 7ff6adf2d85a 8689->8691 8690->8672 8692 7ff6adf2d878 FlsSetValue 8691->8692 8693 7ff6adf2d868 FlsSetValue 8691->8693 8695 7ff6adf2d896 8692->8695 8696 7ff6adf2d884 FlsSetValue 8692->8696 8694 7ff6adf2d871 8693->8694 8697 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8694->8697 8698 7ff6adf2d374 _set_fmode 11 API calls 8695->8698 8696->8694 8697->8690 8699 7ff6adf2d89e 8698->8699 8700 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8699->8700 8700->8690 8702 7ff6adf2abb2 __scrt_get_show_window_mode BuildCatchObjectHelperInternal 8701->8702 8703 7ff6adf2abda RtlCaptureContext RtlLookupFunctionEntry 8702->8703 8704 7ff6adf2ac4a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8703->8704 8705 7ff6adf2ac14 RtlVirtualUnwind 8703->8705 8706 7ff6adf2ac9c BuildCatchObjectHelperInternal 8704->8706 8705->8704 8707 7ff6adf25360 _log10_special 8 API calls 8706->8707 8708 7ff6adf2acbb GetCurrentProcess TerminateProcess 8707->8708 8718 7ff6adf2b70c 8709->8718 8712 7ff6adf2b684 8713 7ff6adf2b6b7 BuildCatchObjectHelperInternal 8712->8713 8714 7ff6adf2b68d IsProcessorFeaturePresent 8712->8714 8716 7ff6adf2b69c 8714->8716 8717 7ff6adf2ab78 BuildCatchObjectHelperInternal 14 API calls 8716->8717 8717->8713 8719 7ff6adf2b6c4 BuildCatchObjectHelperInternal EnterCriticalSection LeaveCriticalSection 8718->8719 8720 7ff6adf2b675 8719->8720 8720->8712 8721 7ff6adf2b75c 8720->8721 8722 7ff6adf2b78c 8721->8722 8724 7ff6adf2b7b3 8721->8724 8723 7ff6adf2d73c _set_fmode 11 API calls 8722->8723 8722->8724 8729 7ff6adf2b7a0 8722->8729 8723->8729 8725 7ff6adf2b888 8724->8725 8727 7ff6adf2ce10 Concurrency::details::SchedulerProxy::DeleteThis EnterCriticalSection 8724->8727 8728 7ff6adf2b9bc 8725->8728 8736 7ff6adf2b8b6 8725->8736 8739 7ff6adf2b8ef 8725->8739 8726 7ff6adf2b7f0 8726->8712 8727->8725 8730 7ff6adf2b9c9 BuildCatchObjectHelperInternal 8728->8730 8734 7ff6adf2ce64 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 8728->8734 8729->8724 8729->8726 8731 7ff6adf2b835 8729->8731 8732 7ff6adf2afb0 _set_fmode 11 API calls 8731->8732 8735 7ff6adf2b83a 8732->8735 8733 7ff6adf2ce64 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 8742 7ff6adf2b94d 8733->8742 8734->8730 8737 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8735->8737 8738 7ff6adf2d5c4 BuildCatchObjectHelperInternal 47 API calls 8736->8738 8736->8739 8737->8726 8740 7ff6adf2b8df 8738->8740 8739->8733 8739->8742 8741 7ff6adf2d5c4 BuildCatchObjectHelperInternal 47 API calls 8740->8741 8741->8739 8743 7ff6adf2d5c4 47 API calls BuildCatchObjectHelperInternal 8742->8743 8743->8742 8745 7ff6adf21d90 8744->8745 8754 7ff6adf21dfd BuildCatchObjectHelperInternal 8744->8754 8748 7ff6adf22070 48 API calls 8745->8748 8751 7ff6adf21dae __scrt_get_show_window_mode 8745->8751 8746 7ff6adf21230 RaiseException 8747 7ff6adf21e5b 8746->8747 8748->8751 8749 7ff6adf21b8a 8749->8401 8750 7ff6adf2afb0 _set_fmode 11 API calls 8752 7ff6adf21ddc 8750->8752 8751->8750 8753 7ff6adf21dc6 __scrt_get_show_window_mode BuildCatchObjectHelperInternal 8751->8753 8756 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8752->8756 8753->8754 8755 7ff6adf2afb0 _set_fmode 11 API calls 8753->8755 8754->8746 8754->8749 8757 7ff6adf21e13 8755->8757 8756->8753 8758 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8757->8758 8758->8754 8789 7ff6adf2197c 8759->8789 8764 7ff6adf21aaa 8766 7ff6adf21230 RaiseException 8764->8766 8765 7ff6adf21a1d PathRemoveExtensionW 8770 7ff6adf21a2b 8765->8770 8768 7ff6adf21ab4 8766->8768 8767 7ff6adf22070 48 API calls 8769 7ff6adf21a18 8767->8769 8769->8765 8770->8764 8771 7ff6adf21a44 8770->8771 8772 7ff6adf21f8c 48 API calls 8771->8772 8773 7ff6adf21a56 8772->8773 8774 7ff6adf21848 VirtualQuery 8773->8774 8774->8452 8776 7ff6adf21fac 8775->8776 8777 7ff6adf21fba BuildCatchObjectHelperInternal 8776->8777 8778 7ff6adf22069 8776->8778 8783 7ff6adf21fe0 __scrt_get_show_window_mode 8776->8783 8777->8456 8779 7ff6adf222cc RaiseException 8778->8779 8781 7ff6adf2206e 8779->8781 8780 7ff6adf22009 8782 7ff6adf2afb0 _set_fmode 11 API calls 8780->8782 8784 7ff6adf2200e 8782->8784 8783->8777 8783->8780 8785 7ff6adf2203c 8783->8785 8786 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8784->8786 8785->8777 8787 7ff6adf2afb0 _set_fmode 11 API calls 8785->8787 8786->8777 8787->8784 8788->8484 8808 7ff6adf21888 8789->8808 8791 7ff6adf2198f 8825 7ff6adf23d68 8791->8825 8794 7ff6adf21c58 8795 7ff6adf21480 57 API calls 8794->8795 8796 7ff6adf21c6d 8795->8796 8797 7ff6adf21cd9 8796->8797 8798 7ff6adf21c75 8796->8798 8799 7ff6adf21230 RaiseException 8797->8799 8801 7ff6adf21c90 8798->8801 8802 7ff6adf21cb1 8798->8802 8800 7ff6adf21ce3 8799->8800 8838 7ff6adf212fc 8801->8838 8856 7ff6adf21e5c 8802->8856 8805 7ff6adf219ed 8805->8764 8805->8765 8805->8767 8809 7ff6adf21480 57 API calls 8808->8809 8810 7ff6adf218ac 8809->8810 8811 7ff6adf21964 8810->8811 8814 7ff6adf218bb 8810->8814 8812 7ff6adf21230 RaiseException 8811->8812 8813 7ff6adf2196e 8812->8813 8815 7ff6adf21230 RaiseException 8813->8815 8814->8813 8816 7ff6adf218f6 GetModuleFileNameW 8814->8816 8817 7ff6adf218ec 8814->8817 8819 7ff6adf21979 8815->8819 8816->8817 8817->8813 8817->8814 8818 7ff6adf22070 48 API calls 8817->8818 8822 7ff6adf21946 8817->8822 8818->8816 8820 7ff6adf21888 96 API calls 8819->8820 8821 7ff6adf2198f 8820->8821 8823 7ff6adf23d68 96 API calls 8821->8823 8822->8791 8824 7ff6adf2199a 8823->8824 8824->8791 8826 7ff6adf21c58 95 API calls 8825->8826 8827 7ff6adf23d87 8826->8827 8828 7ff6adf23e28 8827->8828 8830 7ff6adf23dba PathStripPathW 8827->8830 8832 7ff6adf22070 48 API calls 8827->8832 8829 7ff6adf21230 RaiseException 8828->8829 8831 7ff6adf23e32 8829->8831 8833 7ff6adf23dc8 8830->8833 8834 7ff6adf23db5 8832->8834 8833->8828 8835 7ff6adf23de1 8833->8835 8834->8830 8836 7ff6adf21f8c 48 API calls 8835->8836 8837 7ff6adf2199a 8836->8837 8837->8794 8872 7ff6adf24d30 EnterCriticalSection 8838->8872 8840 7ff6adf21328 8841 7ff6adf21348 FindResourceExW 8840->8841 8842 7ff6adf24d30 83 API calls 8840->8842 8844 7ff6adf2138e 8840->8844 8894 7ff6adf2126c LoadResource 8840->8894 8841->8840 8842->8840 8844->8805 8845 7ff6adf220d4 FindResourceW 8844->8845 8846 7ff6adf2211c 8845->8846 8853 7ff6adf2216a 8845->8853 8847 7ff6adf2126c 3 API calls 8846->8847 8848 7ff6adf2212a 8847->8848 8849 7ff6adf22150 8848->8849 8850 7ff6adf22070 48 API calls 8848->8850 8848->8853 8971 7ff6adf216dc 8849->8971 8850->8849 8853->8805 8854 7ff6adf21230 RaiseException 8855 7ff6adf221a0 8854->8855 8857 7ff6adf21e8a 8856->8857 8861 7ff6adf21eae 8856->8861 8991 7ff6adf21ce4 8857->8991 8859 7ff6adf21230 RaiseException 8860 7ff6adf21f8b 8859->8860 8862 7ff6adf22070 48 API calls 8861->8862 8863 7ff6adf21eeb 8861->8863 8866 7ff6adf21f25 BuildCatchObjectHelperInternal 8861->8866 8862->8863 8865 7ff6adf21f07 8863->8865 8863->8866 8868 7ff6adf21f19 __scrt_get_show_window_mode 8863->8868 8864 7ff6adf21e8f 8864->8805 8867 7ff6adf2afb0 _set_fmode 11 API calls 8865->8867 8866->8859 8866->8864 8869 7ff6adf21f0c 8867->8869 8868->8866 8870 7ff6adf2afb0 _set_fmode 11 API calls 8868->8870 8871 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8869->8871 8870->8869 8871->8866 8873 7ff6adf24d68 LeaveCriticalSection 8872->8873 8874 7ff6adf24d5b 8872->8874 8873->8840 8874->8873 8875 7ff6adf24d64 8874->8875 8876 7ff6adf24d96 8874->8876 8875->8873 8877 7ff6adf21230 RaiseException 8876->8877 8878 7ff6adf24da0 8877->8878 8898 7ff6adf2c604 8878->8898 8880 7ff6adf24dc0 8904 7ff6adf25090 8880->8904 8882 7ff6adf25778 7 API calls 8883 7ff6adf24e59 8882->8883 8883->8840 8884 7ff6adf24dd8 _RTC_Initialize 8885 7ff6adf25240 50 API calls 8884->8885 8892 7ff6adf24e2d 8884->8892 8886 7ff6adf24ded 8885->8886 8909 7ff6adf2be20 8886->8909 8892->8882 8893 7ff6adf24e49 8892->8893 8893->8840 8895 7ff6adf212bb 8894->8895 8896 7ff6adf21294 LockResource 8894->8896 8895->8840 8896->8895 8897 7ff6adf212a5 SizeofResource 8896->8897 8897->8895 8899 7ff6adf2c615 8898->8899 8900 7ff6adf2c61d 8899->8900 8901 7ff6adf2afb0 _set_fmode 11 API calls 8899->8901 8900->8880 8902 7ff6adf2c62c 8901->8902 8903 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8902->8903 8903->8900 8905 7ff6adf250a1 8904->8905 8908 7ff6adf250a6 __scrt_release_startup_lock 8904->8908 8906 7ff6adf25778 7 API calls 8905->8906 8905->8908 8907 7ff6adf2511a 8906->8907 8908->8884 8910 7ff6adf2be40 8909->8910 8931 7ff6adf24df9 8909->8931 8911 7ff6adf2be48 8910->8911 8912 7ff6adf2be5e 8910->8912 8913 7ff6adf2afb0 _set_fmode 11 API calls 8911->8913 8941 7ff6adf2fc68 8912->8941 8915 7ff6adf2be4d 8913->8915 8917 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8915->8917 8916 7ff6adf2be63 8947 7ff6adf2f34c GetModuleFileNameW 8916->8947 8917->8931 8924 7ff6adf2beed 8927 7ff6adf2bbf8 47 API calls 8924->8927 8925 7ff6adf2bed5 8926 7ff6adf2afb0 _set_fmode 11 API calls 8925->8926 8928 7ff6adf2beda 8926->8928 8929 7ff6adf2bf09 8927->8929 8930 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8928->8930 8933 7ff6adf2bf3b 8929->8933 8934 7ff6adf2bf54 8929->8934 8939 7ff6adf2bf0f 8929->8939 8930->8931 8931->8892 8940 7ff6adf2571c InitializeSListHead 8931->8940 8932 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8932->8931 8935 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8933->8935 8937 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8934->8937 8936 7ff6adf2bf44 8935->8936 8938 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8936->8938 8937->8939 8938->8931 8939->8932 8942 7ff6adf2fcba 8941->8942 8943 7ff6adf2fc75 8941->8943 8942->8916 8944 7ff6adf2d698 52 API calls 8943->8944 8945 7ff6adf2fca4 8944->8945 8946 7ff6adf2f940 67 API calls 8945->8946 8946->8942 8948 7ff6adf2f391 GetLastError 8947->8948 8949 7ff6adf2f3a5 8947->8949 8950 7ff6adf2af24 11 API calls 8948->8950 8951 7ff6adf2b3a4 47 API calls 8949->8951 8958 7ff6adf2f39e 8950->8958 8952 7ff6adf2f3d3 8951->8952 8954 7ff6adf2db74 LoadLibraryW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 8952->8954 8957 7ff6adf2f3e4 8952->8957 8953 7ff6adf25360 _log10_special 8 API calls 8956 7ff6adf2be7a 8953->8956 8954->8957 8955 7ff6adf2d014 13 API calls 8955->8958 8959 7ff6adf2bbf8 8956->8959 8957->8955 8958->8953 8961 7ff6adf2bc36 8959->8961 8960 7ff6adf30018 47 API calls 8960->8961 8961->8960 8964 7ff6adf2bca2 8961->8964 8962 7ff6adf2bd93 8965 7ff6adf2bdc0 8962->8965 8963 7ff6adf30018 47 API calls 8963->8964 8964->8962 8964->8963 8966 7ff6adf2bdd8 8965->8966 8967 7ff6adf2be10 8965->8967 8966->8967 8968 7ff6adf2ddfc _set_fmode 11 API calls 8966->8968 8967->8924 8967->8925 8969 7ff6adf2be06 8968->8969 8970 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8969->8970 8970->8967 8972 7ff6adf216fa 8971->8972 8982 7ff6adf2b2e8 8972->8982 8974 7ff6adf21738 8974->8853 8974->8854 8975 7ff6adf2175d 8976 7ff6adf21230 RaiseException 8975->8976 8980 7ff6adf21768 8976->8980 8977 7ff6adf21720 8977->8974 8977->8975 8978 7ff6adf21752 8977->8978 8981 7ff6adf21230 RaiseException 8977->8981 8979 7ff6adf21230 RaiseException 8978->8979 8979->8975 8981->8978 8985 7ff6adf2b2f9 BuildCatchObjectHelperInternal 8982->8985 8986 7ff6adf2b2fd 8982->8986 8983 7ff6adf2b302 8984 7ff6adf2afb0 _set_fmode 11 API calls 8983->8984 8987 7ff6adf2b307 8984->8987 8985->8977 8986->8983 8986->8985 8988 7ff6adf2b346 8986->8988 8989 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 8987->8989 8988->8985 8990 7ff6adf2afb0 _set_fmode 11 API calls 8988->8990 8989->8985 8990->8987 8992 7ff6adf21d02 8991->8992 8993 7ff6adf21d0c 8991->8993 8992->8993 8994 7ff6adf21230 RaiseException 8992->8994 8993->8864 8995 7ff6adf21d52 8994->8995 8997 7ff6adf24658 GetFileAttributesExW 8996->8997 8998 7ff6adf24695 8996->8998 8997->8998 9000 7ff6adf2467c 8997->9000 8999 7ff6adf21c58 95 API calls 8998->8999 9001 7ff6adf2468c 8999->9001 9002 7ff6adf21f8c 48 API calls 9000->9002 9008 7ff6adf25360 9001->9008 9002->9001 9006 7ff6adf24063 9005->9006 9007 7ff6adf24044 GetSystemTimeAsFileTime 9005->9007 9006->8380 9007->9006 9009 7ff6adf25369 9008->9009 9010 7ff6adf24490 9009->9010 9011 7ff6adf253f0 IsProcessorFeaturePresent 9009->9011 9010->8505 9010->8506 9012 7ff6adf25408 9011->9012 9017 7ff6adf255e8 RtlCaptureContext 9012->9017 9018 7ff6adf25602 RtlLookupFunctionEntry 9017->9018 9019 7ff6adf25618 RtlVirtualUnwind 9018->9019 9020 7ff6adf2541b 9018->9020 9019->9018 9019->9020 9021 7ff6adf253bc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9020->9021 9024 7ff6adf34dc0 9023->9024 9024->8268 9024->9024 9026 7ff6adf2ffa4 9025->9026 9029 7ff6adf2b3a4 9026->9029 9030 7ff6adf2b3c8 9029->9030 9036 7ff6adf2b3c3 9029->9036 9030->9036 9037 7ff6adf2d5c4 GetLastError 9030->9037 9036->8272 9038 7ff6adf2d5e8 FlsGetValue 9037->9038 9039 7ff6adf2d605 FlsSetValue 9037->9039 9040 7ff6adf2d5ff 9038->9040 9056 7ff6adf2d5f5 9038->9056 9041 7ff6adf2d617 9039->9041 9039->9056 9040->9039 9043 7ff6adf2ddfc _set_fmode 11 API calls 9041->9043 9042 7ff6adf2d671 SetLastError 9044 7ff6adf2d691 9042->9044 9045 7ff6adf2b3e3 9042->9045 9046 7ff6adf2d626 9043->9046 9047 7ff6adf2b66c BuildCatchObjectHelperInternal 40 API calls 9044->9047 9059 7ff6adf2de74 9045->9059 9048 7ff6adf2d644 FlsSetValue 9046->9048 9049 7ff6adf2d634 FlsSetValue 9046->9049 9052 7ff6adf2d696 9047->9052 9050 7ff6adf2d650 FlsSetValue 9048->9050 9051 7ff6adf2d662 9048->9051 9053 7ff6adf2d63d 9049->9053 9050->9053 9055 7ff6adf2d374 _set_fmode 11 API calls 9051->9055 9054 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9053->9054 9054->9056 9057 7ff6adf2d66a 9055->9057 9056->9042 9058 7ff6adf2d924 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 9057->9058 9058->9042 9060 7ff6adf2de89 9059->9060 9062 7ff6adf2b406 9059->9062 9060->9062 9067 7ff6adf30df0 9060->9067 9063 7ff6adf2dee0 9062->9063 9064 7ff6adf2df08 9063->9064 9065 7ff6adf2def5 9063->9065 9064->9036 9065->9064 9080 7ff6adf2fcc8 9065->9080 9068 7ff6adf2d5c4 BuildCatchObjectHelperInternal 47 API calls 9067->9068 9069 7ff6adf30dff 9068->9069 9070 7ff6adf30e4a 9069->9070 9079 7ff6adf2ce10 EnterCriticalSection 9069->9079 9070->9062 9081 7ff6adf2d5c4 BuildCatchObjectHelperInternal 47 API calls 9080->9081 9082 7ff6adf2fcd1 9081->9082 9141 7ff6adf25380 9083->9141 9086 7ff6adf25380 4 API calls 9088 7ff6adf2253b ISource 9086->9088 9087 7ff6adf25380 4 API calls 9089 7ff6adf2258a 9087->9089 9088->9087 9090 7ff6adf25380 4 API calls 9089->9090 9091 7ff6adf2259e ISource 9090->9091 9091->8278 9093 7ff6adf21c58 95 API calls 9092->9093 9094 7ff6adf226af 9093->9094 9163 7ff6adf22d04 9094->9163 9097 7ff6adf22706 CommandLineToArgvW 9098 7ff6adf22720 9097->9098 9107 7ff6adf2272c 9097->9107 9189 7ff6adf23a28 GetLastError 9098->9189 9099 7ff6adf21888 97 API calls 9101 7ff6adf226d1 9099->9101 9104 7ff6adf21bb0 48 API calls 9101->9104 9102 7ff6adf22725 9102->8281 9102->8286 9105 7ff6adf226dd 9104->9105 9179 7ff6adf23f00 9105->9179 9108 7ff6adf21480 57 API calls 9107->9108 9117 7ff6adf2278c LocalFree 9107->9117 9109 7ff6adf22798 9108->9109 9110 7ff6adf229c1 9109->9110 9120 7ff6adf227a4 9109->9120 9111 7ff6adf21230 RaiseException 9110->9111 9112 7ff6adf229cb 9111->9112 9113 7ff6adf21c58 95 API calls 9113->9120 9114 7ff6adf22d04 48 API calls 9114->9120 9115 7ff6adf22a24 58 API calls 9115->9120 9117->9102 9119 7ff6adf22ab8 59 API calls 9119->9120 9120->9113 9120->9114 9120->9115 9120->9117 9120->9119 9121 7ff6adf223bc 50 API calls 9120->9121 9193 7ff6adf22c6c 9120->9193 9201 7ff6adf2240c 9120->9201 9121->9120 9296 7ff6adf24a08 RegOpenKeyExW 9122->9296 9127 7ff6adf21c58 95 API calls 9128 7ff6adf24ab7 9127->9128 9308 7ff6adf23b34 9128->9308 9131 7ff6adf24afd 9133 7ff6adf23a28 2 API calls 9131->9133 9132 7ff6adf24b04 9134 7ff6adf24b0c 9132->9134 9135 7ff6adf24b13 9132->9135 9136 7ff6adf24b02 9133->9136 9316 7ff6adf23ae4 9134->9316 9319 7ff6adf23b0c 9135->9319 9322 7ff6adf249d8 RegOverridePredefKey 9136->9322 9140 7ff6adf24b39 9140->8286 9142 7ff6adf2538b 9141->9142 9143 7ff6adf22523 9142->9143 9144 7ff6adf2cd24 _set_fmode 2 API calls 9142->9144 9145 7ff6adf253aa 9142->9145 9143->9086 9144->9142 9146 7ff6adf253b5 9145->9146 9150 7ff6adf25e58 9145->9150 9154 7ff6adf25e78 9146->9154 9151 7ff6adf25e66 std::bad_alloc::bad_alloc 9150->9151 9158 7ff6adf271e4 9151->9158 9153 7ff6adf25e77 9155 7ff6adf25e86 std::bad_alloc::bad_alloc 9154->9155 9156 7ff6adf271e4 Concurrency::cancel_current_task 2 API calls 9155->9156 9157 7ff6adf253bb 9156->9157 9159 7ff6adf27203 9158->9159 9160 7ff6adf2722c RtlPcToFileHeader 9159->9160 9161 7ff6adf2724e RaiseException 9159->9161 9162 7ff6adf27244 9160->9162 9161->9153 9162->9161 9165 7ff6adf22dbc 9163->9165 9166 7ff6adf22d3e 9163->9166 9164 7ff6adf226b8 9164->9097 9164->9099 9165->9164 9167 7ff6adf22e54 9165->9167 9169 7ff6adf22070 48 API calls 9165->9169 9176 7ff6adf22e96 BuildCatchObjectHelperInternal 9165->9176 9166->9165 9171 7ff6adf22070 48 API calls 9166->9171 9166->9176 9172 7ff6adf22e76 9167->9172 9174 7ff6adf22e88 9167->9174 9167->9176 9168 7ff6adf21230 RaiseException 9170 7ff6adf22eef 9168->9170 9169->9167 9171->9165 9173 7ff6adf2afb0 _set_fmode 11 API calls 9172->9173 9175 7ff6adf22e7b 9173->9175 9174->9176 9177 7ff6adf2afb0 _set_fmode 11 API calls 9174->9177 9178 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 9175->9178 9176->9164 9176->9168 9177->9175 9178->9176 9180 7ff6adf23f18 9179->9180 9181 7ff6adf23f4a 9179->9181 9182 7ff6adf23f55 9180->9182 9185 7ff6adf23f25 9180->9185 9181->9097 9183 7ff6adf21230 RaiseException 9182->9183 9184 7ff6adf23f5f 9183->9184 9210 7ff6adf23f60 9185->9210 9190 7ff6adf23a38 9189->9190 9191 7ff6adf23a6d 9190->9191 9192 7ff6adf23a5b RaiseException 9190->9192 9191->9102 9192->9191 9194 7ff6adf22c9e 9193->9194 9198 7ff6adf22cac 9193->9198 9195 7ff6adf21f8c 48 API calls 9194->9195 9197 7ff6adf22ca3 9195->9197 9196 7ff6adf21480 57 API calls 9199 7ff6adf22cc4 9196->9199 9197->9120 9198->9196 9198->9199 9228 7ff6adf230f4 9199->9228 9202 7ff6adf2242a 9201->9202 9203 7ff6adf22431 9201->9203 9202->9120 9242 7ff6adf231cc 9203->9242 9205 7ff6adf22436 9205->9202 9206 7ff6adf2246d 9205->9206 9207 7ff6adf22453 9205->9207 9247 7ff6adf23798 9206->9247 9208 7ff6adf21f8c 48 API calls 9207->9208 9208->9202 9211 7ff6adf23f98 9210->9211 9216 7ff6adf23fd6 BuildCatchObjectHelperInternal 9210->9216 9214 7ff6adf22070 48 API calls 9211->9214 9215 7ff6adf23fb2 9211->9215 9212 7ff6adf21230 RaiseException 9213 7ff6adf24030 9212->9213 9214->9215 9215->9216 9218 7ff6adf2afb0 _set_fmode 11 API calls 9215->9218 9216->9212 9217 7ff6adf23f40 9216->9217 9221 7ff6adf23bc8 9217->9221 9219 7ff6adf2401b 9218->9219 9220 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 9219->9220 9220->9216 9222 7ff6adf23bf7 9221->9222 9223 7ff6adf23c10 9221->9223 9222->9223 9225 7ff6adf22070 48 API calls 9222->9225 9224 7ff6adf21230 RaiseException 9223->9224 9226 7ff6adf23c1f 9223->9226 9227 7ff6adf23c52 9224->9227 9225->9223 9226->9181 9229 7ff6adf2311c 9228->9229 9235 7ff6adf231b7 9228->9235 9231 7ff6adf231ad 9229->9231 9233 7ff6adf231c2 9229->9233 9239 7ff6adf23153 __scrt_get_show_window_mode 9229->9239 9230 7ff6adf21230 RaiseException 9230->9233 9232 7ff6adf21230 RaiseException 9231->9232 9232->9235 9234 7ff6adf222cc RaiseException 9233->9234 9236 7ff6adf231c8 9234->9236 9235->9230 9237 7ff6adf23174 BuildCatchObjectHelperInternal 9237->9197 9238 7ff6adf2afb0 _set_fmode 11 API calls 9240 7ff6adf2318a 9238->9240 9239->9237 9239->9238 9241 7ff6adf2ae44 _invalid_parameter_noinfo 47 API calls 9240->9241 9241->9237 9245 7ff6adf231f0 9242->9245 9243 7ff6adf23226 9243->9205 9244 7ff6adf21230 RaiseException 9246 7ff6adf23258 9244->9246 9245->9243 9245->9244 9248 7ff6adf23922 9247->9248 9249 7ff6adf237e5 9247->9249 9250 7ff6adf23805 9249->9250 9251 7ff6adf2391d 9249->9251 9252 7ff6adf23825 9249->9252 9269 7ff6adf239ec 9250->9269 9283 7ff6adf22390 9251->9283 9252->9250 9254 7ff6adf23845 9252->9254 9256 7ff6adf23847 9252->9256 9257 7ff6adf21f8c 48 API calls 9254->9257 9258 7ff6adf25380 4 API calls 9256->9258 9259 7ff6adf2385f 9257->9259 9258->9254 9260 7ff6adf2389a 9259->9260 9265 7ff6adf23873 9259->9265 9261 7ff6adf238bf 9260->9261 9264 7ff6adf21f8c 48 API calls 9260->9264 9263 7ff6adf23898 9261->9263 9268 7ff6adf21f8c 48 API calls 9261->9268 9262 7ff6adf21f8c 48 API calls 9262->9265 9278 7ff6adf2392c 9263->9278 9264->9260 9265->9262 9265->9263 9267 7ff6adf238fd 9267->9202 9268->9261 9270 7ff6adf239f9 9269->9270 9277 7ff6adf23a1f 9269->9277 9272 7ff6adf25380 4 API calls 9270->9272 9271 7ff6adf22390 17 API calls 9273 7ff6adf23a25 9271->9273 9274 7ff6adf23a01 9272->9274 9275 7ff6adf23a09 9274->9275 9287 7ff6adf2ae64 9274->9287 9275->9254 9277->9271 9279 7ff6adf239b0 ISource 9278->9279 9280 7ff6adf23958 9278->9280 9279->9267 9280->9279 9281 7ff6adf2ae64 _invalid_parameter_noinfo_noreturn 47 API calls 9280->9281 9282 7ff6adf239e9 9281->9282 9284 7ff6adf2239e 9283->9284 9292 7ff6adf222f0 9284->9292 9288 7ff6adf2acdc _invalid_parameter_noinfo 47 API calls 9287->9288 9289 7ff6adf2ae7d 9288->9289 9290 7ff6adf2ae94 _invalid_parameter_noinfo_noreturn 17 API calls 9289->9290 9291 7ff6adf2ae92 9290->9291 9293 7ff6adf22305 9292->9293 9294 7ff6adf2ae94 _invalid_parameter_noinfo_noreturn 17 API calls 9293->9294 9295 7ff6adf22325 9294->9295 9297 7ff6adf24a58 9296->9297 9298 7ff6adf24a42 RegOverridePredefKey 9296->9298 9299 7ff6adf24a7a 9297->9299 9300 7ff6adf24a74 RegCloseKey 9297->9300 9298->9297 9299->9140 9301 7ff6adf21ab8 9299->9301 9300->9299 9324 7ff6adf21848 VirtualQuery 9301->9324 9303 7ff6adf21ac6 9304 7ff6adf21888 97 API calls 9303->9304 9305 7ff6adf21ad3 9304->9305 9325 7ff6adf23e34 9305->9325 9307 7ff6adf21ade 9307->9127 9309 7ff6adf23b67 9308->9309 9310 7ff6adf23b6c PathAppendW 9308->9310 9311 7ff6adf22070 48 API calls 9309->9311 9312 7ff6adf23b84 9310->9312 9311->9310 9313 7ff6adf23b9d 9312->9313 9314 7ff6adf21230 RaiseException 9312->9314 9313->9131 9313->9132 9315 7ff6adf23bc5 9314->9315 9330 7ff6adf23a78 LoadLibraryW 9316->9330 9320 7ff6adf23a78 5 API calls 9319->9320 9321 7ff6adf23b26 9320->9321 9321->9136 9323 7ff6adf249f1 9322->9323 9323->9140 9324->9303 9326 7ff6adf21c58 95 API calls 9325->9326 9327 7ff6adf23e53 9326->9327 9328 7ff6adf21230 RaiseException 9327->9328 9329 7ff6adf23efe 9328->9329 9331 7ff6adf23a9b 9330->9331 9332 7ff6adf23aa4 GetProcAddress 9330->9332 9333 7ff6adf23a28 2 API calls 9331->9333 9334 7ff6adf23ab5 9332->9334 9335 7ff6adf23aa0 9333->9335 9334->9335 9337 7ff6adf23ac7 FreeLibrary 9334->9337 9336 7ff6adf23ad0 9335->9336 9335->9337 9336->9136 9337->9336 9339 7ff6adf2d5c4 BuildCatchObjectHelperInternal 47 API calls 9338->9339 9341 7ff6adf2cda5 9339->9341 9340 7ff6adf2b66c BuildCatchObjectHelperInternal 47 API calls 9343 7ff6adf2cdc5 9340->9343 9341->9340 9344 7ff6adf2ce01 9343->9344 9345 7ff6adf2c5f5 9343->9345 9347 7ff6adf2dbd8 9343->9347 9352 7ff6adf2ce2c 9344->9352 9356 7ff6adf2d960 9347->9356 9350 7ff6adf2dc2d InitializeCriticalSectionAndSpinCount 9351 7ff6adf2dc13 9350->9351 9351->9343 9353 7ff6adf2ce57 9352->9353 9354 7ff6adf2ce3a DeleteCriticalSection 9353->9354 9355 7ff6adf2ce5b 9353->9355 9354->9353 9355->9345 9357 7ff6adf2d9bd 9356->9357 9364 7ff6adf2d9b8 __vcrt_InitializeCriticalSectionEx 9356->9364 9357->9350 9357->9351 9358 7ff6adf2d9ed LoadLibraryW 9359 7ff6adf2dac2 9358->9359 9360 7ff6adf2da12 GetLastError 9358->9360 9361 7ff6adf2dae2 GetProcAddress 9359->9361 9362 7ff6adf2dad9 FreeLibrary 9359->9362 9360->9364 9361->9357 9363 7ff6adf2daf3 9361->9363 9362->9361 9363->9357 9364->9357 9364->9358 9364->9361 9365 7ff6adf2da4c LoadLibraryExW 9364->9365 9365->9359 9365->9364 10631 7ff6adf356ae 10632 7ff6adf356bd 10631->10632 10634 7ff6adf356c7 10631->10634 10635 7ff6adf2ce64 LeaveCriticalSection 10632->10635

Executed Functions

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: PrivateProfile$CloseOpenQueryValue
  • String ID: AppendToFile$EnableLogging$IsEnabledLogToFile$LogToOutputDebug$LoggingLevel$LoggingSettings$ShowTime$Software\BraveSoftware\UpdateDev\
  • API String ID: 2210674228-3529394150
  • Opcode ID: 115fbec1d4a42698948695d2c0836bc1593e8245ed45dae9de9fe17afa550ed2
  • Instruction ID: 6915a222b48a269f8c123527794680aa7d7b721d98ff4a5f14ad9e679b841577
  • Opcode Fuzzy Hash: 115fbec1d4a42698948695d2c0836bc1593e8245ed45dae9de9fe17afa550ed2
  • Instruction Fuzzy Hash: 7261D332A06A81D6EB148F39D8013AA7BA0FB14B9CF054135DE6C87796EF7CE559C701

Control-flow Graph

APIs
  • LoadLibraryW.KERNELBASE ref: 00007FF6ADF23A8D
  • GetProcAddress.KERNEL32 ref: 00007FF6ADF23AAA
  • FreeLibrary.KERNEL32 ref: 00007FF6ADF23ACA
    • Part of subcall function 00007FF6ADF23A28: GetLastError.KERNEL32 ref: 00007FF6ADF23A2E
    • Part of subcall function 00007FF6ADF23A28: RaiseException.KERNEL32 ref: 00007FF6ADF23A67
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Library$AddressErrorExceptionFreeLastLoadProcRaise
  • String ID:
  • API String ID: 386220097-0
  • Opcode ID: e9b386c73a78a2753a789b7da6d848ad456b64507265a1b698f1c5cfe5f101ad
  • Instruction ID: f6c1a1893b0b072eb88b6beac5163db320dd84a27061397e0cd3973192e93b16
  • Opcode Fuzzy Hash: e9b386c73a78a2753a789b7da6d848ad456b64507265a1b698f1c5cfe5f101ad
  • Instruction Fuzzy Hash: A8F06265B1A78282FA546B32784013A92D1EF98BC4F1D9478DD1E8B754FE3CD4414B01

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: AddressFreeLibraryProc
  • String ID: api-ms-$ext-ms-
  • API String ID: 3013587201-537541572
  • Opcode ID: 4dffe4d231ed8c7d2a292f77a832a0bf8b8bbaf6f2e61c44569a865c9983286b
  • Instruction ID: f8d18c8b63207c1c342c42f3be57e333c0112430c14650cfdab54069338b037a
  • Opcode Fuzzy Hash: 4dffe4d231ed8c7d2a292f77a832a0bf8b8bbaf6f2e61c44569a865c9983286b
  • Instruction Fuzzy Hash: DD419C22B1BB4281FA15DB36AD04AA76291FF49FA8F094135DD1DCB789FE3CE4458780

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: AddressCommandHandleLineModuleProc
  • String ID: SetDefaultDllDirectories$kernel32.dll$unregister$user
  • API String ID: 147197560-815688805
  • Opcode ID: 9673f045043d755958723fdf7380b68598fef864f0be7e1b5a9f3d20e890e26f
  • Instruction ID: 1a8200f2086bc090b742ea20b79c858f67b1252e7303d5efb60b27bf24484d1b
  • Opcode Fuzzy Hash: 9673f045043d755958723fdf7380b68598fef864f0be7e1b5a9f3d20e890e26f
  • Instruction Fuzzy Hash: 6F315462B0AA8291DF10AB38D8811AB6760FF947B8F454331D57D872E6FE6CD649C740

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CloseOpenOverridePredef
  • String ID: Software\Classes
  • API String ID: 2630863477-1656466771
  • Opcode ID: 9ea64374da6e0c4303d51e988b69f4ff004675f91ca3130cc7a6adf9794beb3d
  • Instruction ID: 947b020949e8ae6e4068c80a56f582edf2aa08b08cde9797ccb69782e6a082cc
  • Opcode Fuzzy Hash: 9ea64374da6e0c4303d51e988b69f4ff004675f91ca3130cc7a6adf9794beb3d
  • Instruction Fuzzy Hash: 9BF0C861B1A64285EB104F39D88033753A0EF56BA0F540234DE7EC76E4EF1CD1449B14

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 86 7ff6adf24070-7ff6adf240bb call 7ff6adf219c4 call 7ff6adf21848 call 7ff6adf219c4 call 7ff6adf21f8c 95 7ff6adf2414c-7ff6adf24174 call 7ff6adf21230 call 7ff6adf21480 86->95 96 7ff6adf240c1-7ff6adf240d4 lstrcmpiW 86->96 112 7ff6adf24317-7ff6adf24356 call 7ff6adf21230 95->112 113 7ff6adf2417a-7ff6adf241cb InitializeCriticalSection call 7ff6adf21480 95->113 98 7ff6adf240d6-7ff6adf240fe call 7ff6adf2afd0 call 7ff6adf23c54 * 2 96->98 99 7ff6adf24103-7ff6adf24115 96->99 98->99 102 7ff6adf24117-7ff6adf2411a 99->102 103 7ff6adf24120-7ff6adf2412b 99->103 102->103 104 7ff6adf24139-7ff6adf2414b 103->104 105 7ff6adf2412d-7ff6adf24133 103->105 105->104 121 7ff6adf24358-7ff6adf24362 112->121 122 7ff6adf2430c-7ff6adf24316 call 7ff6adf21230 113->122 123 7ff6adf241d1-7ff6adf241fa call 7ff6adf2176c 113->123 124 7ff6adf24383-7ff6adf243e1 call 7ff6adf21c30 call 7ff6adf24720 call 7ff6adf21c30 121->124 125 7ff6adf24364-7ff6adf24372 121->125 122->112 135 7ff6adf2422b-7ff6adf24257 call 7ff6adf21b08 123->135 136 7ff6adf241fc-7ff6adf24226 call 7ff6adf21bb0 call 7ff6adf2afd0 call 7ff6adf23c54 123->136 128 7ff6adf2437f-7ff6adf24381 125->128 129 7ff6adf24374-7ff6adf24377 125->129 128->121 129->128 146 7ff6adf24259-7ff6adf2425c 135->146 147 7ff6adf24262-7ff6adf24276 135->147 136->135 146->147 148 7ff6adf24278-7ff6adf2427b 147->148 149 7ff6adf24281-7ff6adf242e2 call 7ff6adf34dd0 call 7ff6adf24070 call 7ff6adf21bb0 147->149 148->149 160 7ff6adf242ed-7ff6adf242fb call 7ff6adf243e4 149->160 161 7ff6adf242e4-7ff6adf242e7 149->161 163 7ff6adf24300-7ff6adf2430b 160->163 161->160
APIs
    • Part of subcall function 00007FF6ADF219C4: PathRemoveExtensionW.SHLWAPI(?,?,?,00007FF6ADF2408E,?,?,?,00007FF6ADF242BF,?,?,?,?,00007FF6ADF21031), ref: 00007FF6ADF21A20
    • Part of subcall function 00007FF6ADF21848: VirtualQuery.KERNEL32 ref: 00007FF6ADF2186F
  • lstrcmpiW.KERNELBASE(?,?,?,00007FF6ADF242BF,?,?,?,?,00007FF6ADF21031), ref: 00007FF6ADF240CC
    • Part of subcall function 00007FF6ADF23C54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ADF23D23
  • InitializeCriticalSection.KERNEL32(?,?,?,?,00007FF6ADF21031), ref: 00007FF6ADF241A0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CriticalExtensionInitializePathQueryRemoveSectionVirtual_invalid_parameter_noinfolstrcmpi
  • String ID: BraveUpdate.ini$SystemDrive
  • API String ID: 2459269748-4063966519
  • Opcode ID: 7280f7f356cddc769735e7ca56013052fe5d3c63b0074facccd19c59977d06ce
  • Instruction ID: edc968523c65299c9f8b745aff5f8fef3530acaf5339b1911d2ed425e2144b2c
  • Opcode Fuzzy Hash: 7280f7f356cddc769735e7ca56013052fe5d3c63b0074facccd19c59977d06ce
  • Instruction Fuzzy Hash: 7B716261B1AA8281EB40EB39D84126A73A0FF94BA8F444231EA6D877E5FF7CD545C740

Control-flow Graph

APIs
  • InitializeCriticalSection.KERNEL32(?,?,?,?,00007FF6ADF21031), ref: 00007FF6ADF241A0
    • Part of subcall function 00007FF6ADF21480: GetProcessHeap.KERNEL32 ref: 00007FF6ADF214F6
    • Part of subcall function 00007FF6ADF2176C: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6ADF241F1,?,?,?,?,00007FF6ADF21031), ref: 00007FF6ADF217AE
    • Part of subcall function 00007FF6ADF2176C: GetEnvironmentVariableW.KERNEL32(?,?,?,00007FF6ADF241F1,?,?,?,?,00007FF6ADF21031), ref: 00007FF6ADF217E6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: EnvironmentVariable$CriticalHeapInitializeProcessSection
  • String ID: BraveUpdate.ini$SystemDrive
  • API String ID: 1233028853-4063966519
  • Opcode ID: 755f1d8a2797bbcac033f4c0ec56801420cd2e1db601a1ae310ba010263d5a37
  • Instruction ID: 6581d1804b43c28e437cd167e403e7a77c896b370a469811bcdd2ee01fa7dcbc
  • Opcode Fuzzy Hash: 755f1d8a2797bbcac033f4c0ec56801420cd2e1db601a1ae310ba010263d5a37
  • Instruction Fuzzy Hash: 56619672A1AB8681EB00EB39D84026A7360FF94B68F404231DA6D877E5FF7CE585C740

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: fdbe1b61821a241cb9ec34ce6ad41edc72dd69d74c0cd383d1ae615a2e05750e
  • Instruction ID: bd77c60aa89f1d1dfa1eefe8f9ccd7706fa5ba062ec5cb263885f0dcd83daf14
  • Opcode Fuzzy Hash: fdbe1b61821a241cb9ec34ce6ad41edc72dd69d74c0cd383d1ae615a2e05750e
  • Instruction Fuzzy Hash: 85D05E20B0A28242EA443F701C4503B0211DF48B08F011478C86F83393FE6CE4098311

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 237 7ff6adf2268c-7ff6adf226c4 call 7ff6adf21c58 call 7ff6adf22d04 242 7ff6adf22706-7ff6adf2271e CommandLineToArgvW 237->242 243 7ff6adf226c6-7ff6adf226f2 call 7ff6adf21888 call 7ff6adf21bb0 237->243 244 7ff6adf2272c-7ff6adf22732 242->244 245 7ff6adf22720-7ff6adf22727 call 7ff6adf23a28 242->245 261 7ff6adf226fd-7ff6adf22701 call 7ff6adf23f00 243->261 262 7ff6adf226f4-7ff6adf226f7 243->262 248 7ff6adf22979 244->248 249 7ff6adf22738-7ff6adf2278a call 7ff6adf2325c * 2 244->249 255 7ff6adf22987-7ff6adf2299c 245->255 253 7ff6adf2297e-7ff6adf22981 LocalFree 248->253 265 7ff6adf2278c-7ff6adf2278e 249->265 266 7ff6adf22793-7ff6adf2279e call 7ff6adf21480 249->266 253->255 259 7ff6adf229a7-7ff6adf229c0 255->259 260 7ff6adf2299e-7ff6adf229a1 255->260 260->259 261->242 262->261 265->253 269 7ff6adf229c1-7ff6adf229cb call 7ff6adf21230 266->269 270 7ff6adf227a4-7ff6adf227b8 266->270 274 7ff6adf227be 270->274 275 7ff6adf228f5-7ff6adf2290a 270->275 276 7ff6adf227c3-7ff6adf227e8 call 7ff6adf21c58 call 7ff6adf22d04 call 7ff6adf229cc 274->276 275->265 277 7ff6adf22910-7ff6adf22919 275->277 285 7ff6adf2281b-7ff6adf22822 call 7ff6adf22a24 276->285 286 7ff6adf227ea-7ff6adf227f7 call 7ff6adf22ab8 276->286 277->265 291 7ff6adf228a3-7ff6adf228c1 call 7ff6adf2240c 285->291 292 7ff6adf22824-7ff6adf2282f call 7ff6adf22a24 285->292 293 7ff6adf227fd-7ff6adf2280d call 7ff6adf223bc 286->293 294 7ff6adf2291e 286->294 306 7ff6adf228c7-7ff6adf228da 291->306 307 7ff6adf2296b-7ff6adf22977 291->307 308 7ff6adf22835-7ff6adf22874 call 7ff6adf22c6c call 7ff6adf22ab8 292->308 309 7ff6adf22964-7ff6adf22969 292->309 293->294 303 7ff6adf22813-7ff6adf22816 293->303 296 7ff6adf22922-7ff6adf22926 294->296 300 7ff6adf2292a-7ff6adf22937 296->300 304 7ff6adf22939-7ff6adf2293c 300->304 305 7ff6adf22942-7ff6adf22957 300->305 303->306 304->305 305->253 310 7ff6adf22959-7ff6adf22962 305->310 311 7ff6adf228dc-7ff6adf228df 306->311 312 7ff6adf228e5-7ff6adf228eb 306->312 307->300 319 7ff6adf22876-7ff6adf22879 308->319 320 7ff6adf2287f-7ff6adf22881 308->320 309->294 310->253 311->312 312->276 315 7ff6adf228f1 312->315 315->275 319->320 320->296 321 7ff6adf22887-7ff6adf22898 call 7ff6adf223bc 320->321 321->296 324 7ff6adf2289e-7ff6adf228a1 321->324 324->306
APIs
  • CommandLineToArgvW.SHELL32 ref: 00007FF6ADF22712
    • Part of subcall function 00007FF6ADF21888: GetModuleFileNameW.KERNEL32(?,?,?,00007FF6ADF2198F,?,?,?,00007FF6ADF219E0,?,?,?,00007FF6ADF2408E,?,?,?,00007FF6ADF242BF), ref: 00007FF6ADF218FF
  • LocalFree.KERNEL32 ref: 00007FF6ADF22981
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ArgvCommandFileFreeLineLocalModuleName
  • String ID:
  • API String ID: 871553864-0
  • Opcode ID: 45d3d360cfb227a2d500fe3a0a5a521e918c09046c5a6df889b12db8793abc1f
  • Instruction ID: f227af8c8c6463767872fc7138d154f8d6676209713b3d4684e92e42eb1a87a5
  • Opcode Fuzzy Hash: 45d3d360cfb227a2d500fe3a0a5a521e918c09046c5a6df889b12db8793abc1f
  • Instruction Fuzzy Hash: 03A15462B06A8285EB109F79C8412AE37A1FB44BBCF444272DE2D977D5EF78D945C340

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: __scrt_get_show_window_mode__scrt_release_startup_lock
  • String ID:
  • API String ID: 2313669860-0
  • Opcode ID: 90fa0aeceba7f8a57a1a5d445f671707dc3e9496c262bfa384fb06f56731b52f
  • Instruction ID: e0d9e3ca7fc120a3d55fae5cf04721597c6c038849b2972c05af17e0378537c2
  • Opcode Fuzzy Hash: 90fa0aeceba7f8a57a1a5d445f671707dc3e9496c262bfa384fb06f56731b52f
  • Instruction Fuzzy Hash: 16313A21E0F2C795FA14A775E4923BB1291DF9174CF8440B4E91DCB7D7FE6CA8088251

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: HandleModule$AddressFreeLibraryProc
  • String ID:
  • API String ID: 3947729631-0
  • Opcode ID: f71596c3fe5440afaf4607693b9743b433d484c0ab975f02fcaf0e33d3b2012c
  • Instruction ID: 520f912514902554be9432d71ce0d12933b45befc907b9e74b44694bba809c9b
  • Opcode Fuzzy Hash: f71596c3fe5440afaf4607693b9743b433d484c0ab975f02fcaf0e33d3b2012c
  • Instruction Fuzzy Hash: 6C217F32E06B8189EB248F74D4802BE37A0EB44B1CF144636D6AD87AC9EF78D645C780

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID:
  • API String ID: 3215553584-0
  • Opcode ID: e905fc5fceb401ad07151be099cbafeae6e4b9a3ad716f9f878cd256808bb233
  • Instruction ID: 9f0bb9644cb22c115c554e27122a01aa6a28dbea8de5c973bace2a1b4c64d85f
  • Opcode Fuzzy Hash: e905fc5fceb401ad07151be099cbafeae6e4b9a3ad716f9f878cd256808bb233
  • Instruction Fuzzy Hash: 79118F7290AB8292F310DF24E45013BB2A4FF40744F560436E6ADCB7A6FE3CEA608741

Control-flow Graph

APIs
  • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6ADF2D79E,?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000), ref: 00007FF6ADF2DE51
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: AllocateHeap
  • String ID:
  • API String ID: 1279760036-0
  • Opcode ID: b1b63093aae9d3b7e30adcc2f3cdec2fbdfdd9a3f432c5ecdb161dcd88c7edc6
  • Instruction ID: 9c67ce9e87609f83b89ee643159bcb91902570a004edf35bb89d396ecb2e2035
  • Opcode Fuzzy Hash: b1b63093aae9d3b7e30adcc2f3cdec2fbdfdd9a3f432c5ecdb161dcd88c7edc6
  • Instruction Fuzzy Hash: 1FF04450B0BB8741FE6467729C612B75284DFA9FA8F0844B0C90EC7782FE2CE4818290

Non-executed Functions

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlocklstrlen
  • String ID:
  • API String ID: 2633044538-0
  • Opcode ID: 9a43b55c64501a910736edda568cdc33cd32edaf4aabff206ad069d84421e11a
  • Instruction ID: cf3bbc694db03ced777aa77ea70b1cb77e5a1bc6cb2953c2582d5153b7d48296
  • Opcode Fuzzy Hash: 9a43b55c64501a910736edda568cdc33cd32edaf4aabff206ad069d84421e11a
  • Instruction Fuzzy Hash: 8501ED20B0A74282EE445B71BD5813AA2A5EF59FD5F064038DD7E87769EE3CE4858301
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
  • String ID:
  • API String ID: 3140674995-0
  • Opcode ID: 06511b74fe360cd931a79cf0fabb72b087814192db87043e4613b3af030e8e1c
  • Instruction ID: 07c48e1d40f65101805c5ddf99da3d8af5c7a692d3e60f0ed0bfb5addbbfd32e
  • Opcode Fuzzy Hash: 06511b74fe360cd931a79cf0fabb72b087814192db87043e4613b3af030e8e1c
  • Instruction Fuzzy Hash: CA310F7660AB8186EB609F70E8403EE7364FB84748F45403ADA5E87B95EF7CD548C711
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
  • String ID:
  • API String ID: 1239891234-0
  • Opcode ID: ed3133f783eb8e67692d6a5c252bd68fc3a0721a93207d2db6aac162f13a1487
  • Instruction ID: 514b661f2db0b8d241bc93617be58d9f1d5a776c29b379c7fc3959fe8594e054
  • Opcode Fuzzy Hash: ed3133f783eb8e67692d6a5c252bd68fc3a0721a93207d2db6aac162f13a1487
  • Instruction Fuzzy Hash: B1315136619B8186DB60CF35E8402AE73A4FB88758F550136EEAD83BA5EF3CD555CB00
APIs
Strings
  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF6ADF24CD7
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
  • API String ID: 450123788-631824599
  • Opcode ID: 49c14b1b32860f2e1bc63abaeb26070e92eb2973fee688e381e1c0a470115ab7
  • Instruction ID: a19a2086496f8a0598120b1d8e28d8153fb8e77e7449f0cc754b1b9a205d4bea
  • Opcode Fuzzy Hash: 49c14b1b32860f2e1bc63abaeb26070e92eb2973fee688e381e1c0a470115ab7
  • Instruction Fuzzy Hash: 63114C32A1AB8296E7149B36EA543BA72A0FF44349F454135CA6DC3A90FF7CE0B4C751
APIs
  • LoadResource.KERNEL32(?,?,?,00007FF6ADF21370,?,00000000,?,00007FF6ADF21C9C,?,?,?,00007FF6ADF23D87,?,?,?,00007FF6ADF2199A), ref: 00007FF6ADF21289
  • LockResource.KERNEL32(?,?,?,00007FF6ADF21370,?,00000000,?,00007FF6ADF21C9C,?,?,?,00007FF6ADF23D87,?,?,?,00007FF6ADF2199A), ref: 00007FF6ADF21297
  • SizeofResource.KERNEL32(?,?,?,00007FF6ADF21370,?,00000000,?,00007FF6ADF21C9C,?,?,?,00007FF6ADF23D87,?,?,?,00007FF6ADF2199A), ref: 00007FF6ADF212AB
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Resource$LoadLockSizeof
  • String ID:
  • API String ID: 2853612939-0
  • Opcode ID: 1fede2ce2906f86a31a61fba20d832152c1d97c3416575450b93e1fd219656b2
  • Instruction ID: 4ce2b078aeca4775092773f794d641372c931020e3852b8374723eb1a3b990c5
  • Opcode Fuzzy Hash: 1fede2ce2906f86a31a61fba20d832152c1d97c3416575450b93e1fd219656b2
  • Instruction Fuzzy Hash: E6014052F1BA9281EE548BB1A80127B62B0EF55B99F1C4575EE6EC77D4FE3CE440C208
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ExceptionRaise_clrfp
  • String ID:
  • API String ID: 15204871-0
  • Opcode ID: bc35c87627de3dd1a88d5e2ee9e1bdafd81a91cfdea2f9c2ccb3cfd3e9e9d4e8
  • Instruction ID: 59ab77ad8e5860a049f480ece4255a8568348a9919e066c341474439d43fd135
  • Opcode Fuzzy Hash: bc35c87627de3dd1a88d5e2ee9e1bdafd81a91cfdea2f9c2ccb3cfd3e9e9d4e8
  • Instruction Fuzzy Hash: 05B15B77A01B888BE755CF29C44536D3BA4F784B4CF248862DAAD877A8DF39D451C700
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2b628bf235ba62c4318178c3a6fb1bf1713f3a4221dc99724d883fdaa4d7d3d7
  • Instruction ID: fe96b2585debb09be88c05fc7b37a12a96223ce3e3d6bdfe5ce8d64c607a68c7
  • Opcode Fuzzy Hash: 2b628bf235ba62c4318178c3a6fb1bf1713f3a4221dc99724d883fdaa4d7d3d7
  • Instruction Fuzzy Hash: FC51E422B19BD145FB209B72E8405AF7BA5FB40BA8F144274EE5CA7A99EE3CD441C700
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Time$FileSystem
  • String ID:
  • API String ID: 2086374402-0
  • Opcode ID: f734f005b1526a683768c733c4d1360d7d632e80defe270ee9b745185bc96e3c
  • Instruction ID: fa1355f8aa263c13e1ee123bfb69f88f2c8c2cb2fc28ff144024de30ef4a001c
  • Opcode Fuzzy Hash: f734f005b1526a683768c733c4d1360d7d632e80defe270ee9b745185bc96e3c
  • Instruction Fuzzy Hash: 6ED01721B3B68083DA44DB25E8C192A63A0FB98B00F442435E95E83714EE2CE4548B00
APIs
  • GetProcessHeap.KERNEL32 ref: 00007FF6ADF214F6
    • Part of subcall function 00007FF6ADF252C4: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF6ADF214ED), ref: 00007FF6ADF252D4
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: AcquireExclusiveHeapLockProcess
  • String ID:
  • API String ID: 3110430671-0
  • Opcode ID: 563414313ba3dc698448c7553972e571bf0be662365f026824de9af832a40d26
  • Instruction ID: 1820d615c53db98604b70a7cdaa6d8122a1231d298f8f4f73f92289c0799f845
  • Opcode Fuzzy Hash: 563414313ba3dc698448c7553972e571bf0be662365f026824de9af832a40d26
  • Instruction Fuzzy Hash: 6031DEB290AB8285EA10EB24EA8007B72A5FF50358F904276D95DC73A5FF7CE549C700
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ErrorFreeHeapLast
  • String ID:
  • API String ID: 485612231-0
  • Opcode ID: f5abb58053170308caf8deff877c568e4f86768839c398a7dc1e5ae99fa21225
  • Instruction ID: 1482516fd59141ae084dc218c0a6ec0d9d7bc78d13548bd9dd9b712f97048726
  • Opcode Fuzzy Hash: f5abb58053170308caf8deff877c568e4f86768839c398a7dc1e5ae99fa21225
  • Instruction Fuzzy Hash: BF41F672725A9582EF04CF7AD91416AB3A1FB58FC8B099132EE0DD7B58EE3CD1428300
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: cc5e43534e802707465050957e70bf5399529dc387e3b7888007180ac056cad1
  • Instruction ID: 49b51a49143ae9801a9b7902c0f83442d77fce6c6fcd6b5ed49620b61779bff8
  • Opcode Fuzzy Hash: cc5e43534e802707465050957e70bf5399529dc387e3b7888007180ac056cad1
  • Instruction Fuzzy Hash: EBF018B17196958ADB94DF39A54363A77E1E748384F908079D58DC3B14DA3CD4518F04
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 6b244d199b6e5d09cf7c74b2f3a9d532b7e4e212249ba900b5f540db00fc453e
  • Instruction ID: 838780e15832f4ba38ef706a03ced3103ef61ccae12ff2d1d2c3c9e3d23944a4
  • Opcode Fuzzy Hash: 6b244d199b6e5d09cf7c74b2f3a9d532b7e4e212249ba900b5f540db00fc453e
  • Instruction Fuzzy Hash: 93A0022190FC52D0EA048B20EC500327370EB50328F460171C83DD3570BF3CE484C721
APIs
  • __FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6ADF27EA5
    • Part of subcall function 00007FF6ADF2A208: __GetUnwindTryBlock.LIBCMT ref: 00007FF6ADF2A24B
    • Part of subcall function 00007FF6ADF2A208: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6ADF2A270
  • Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6ADF27F7D
  • __FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6ADF281CB
  • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6ADF282D8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
  • String ID: csm$csm$csm
  • API String ID: 849930591-393685449
  • Opcode ID: e1397d26fa57e5e414b193f862f38c9e0ade75eaf9f6893e13a59a89775c5cc8
  • Instruction ID: 032702c2f009adf346f778683fb28343f1e18a63c7cb9938e8881f64bc8523ca
  • Opcode Fuzzy Hash: e1397d26fa57e5e414b193f862f38c9e0ade75eaf9f6893e13a59a89775c5cc8
  • Instruction Fuzzy Hash: C5D18D72A0ABC18AEB209B75D4413AE77A0FB5579CF100175EE4D97B9AEF38E580C740
APIs
  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6ADF2A902,?,?,?,00007FF6ADF274B8,?,?,?,00007FF6ADF262A9), ref: 00007FF6ADF2A6D5
  • GetLastError.KERNEL32(?,?,?,00007FF6ADF2A902,?,?,?,00007FF6ADF274B8,?,?,?,00007FF6ADF262A9), ref: 00007FF6ADF2A6E3
  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6ADF2A902,?,?,?,00007FF6ADF274B8,?,?,?,00007FF6ADF262A9), ref: 00007FF6ADF2A70D
  • FreeLibrary.KERNEL32(?,?,?,00007FF6ADF2A902,?,?,?,00007FF6ADF274B8,?,?,?,00007FF6ADF262A9), ref: 00007FF6ADF2A77B
  • GetProcAddress.KERNEL32(?,?,?,00007FF6ADF2A902,?,?,?,00007FF6ADF274B8,?,?,?,00007FF6ADF262A9), ref: 00007FF6ADF2A787
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Library$Load$AddressErrorFreeLastProc
  • String ID: api-ms-
  • API String ID: 2559590344-2084034818
  • Opcode ID: 56b790adfa4111009ad537f86afe25c9ec553e99bf880a7c06dc79edd5a15f8e
  • Instruction ID: d05ff309319c1c7219dbe7d0fc4ea28da0feb29b1641f6b2097747824cfa08cb
  • Opcode Fuzzy Hash: 56b790adfa4111009ad537f86afe25c9ec553e99bf880a7c06dc79edd5a15f8e
  • Instruction Fuzzy Hash: BE31C221B1BA8291EE12DB26B80057673A4FF48BA8F5A0176DD2D87785FF3CE5458305
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ExitMessageProcesswsprintf
  • String ID: Exception$Exception %x in %s %s %u%hs:%d$base\logging.cc
  • API String ID: 1070390611-1730742759
  • Opcode ID: 3bf2240787664950a3e01168afc44e1317150f748665854e7e78e545325cb5bb
  • Instruction ID: 4ab1b5c73410909997008e5f930fd8e6dacbf7b9a9cd3cc24979bc14b3e5bcc6
  • Opcode Fuzzy Hash: 3bf2240787664950a3e01168afc44e1317150f748665854e7e78e545325cb5bb
  • Instruction Fuzzy Hash: 4631BE32A19AC681E710DB35E44026BB3A0FF94B68F554236E96D837E4EF7CD545CB40
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Value$ErrorLast
  • String ID:
  • API String ID: 2506987500-0
  • Opcode ID: f6e33aa8023605974a1217e6d339928d80800c309880df1cffbb9ba71b1bcd58
  • Instruction ID: 16c2f2c3419d9dd1d3818fdd760eabfc791fc76f51e8a483a8d56933b7f1168d
  • Opcode Fuzzy Hash: f6e33aa8023605974a1217e6d339928d80800c309880df1cffbb9ba71b1bcd58
  • Instruction Fuzzy Hash: F3218E20E0B7C242FA5863715E6513B6282EF44FB8F140774E93E87AD6FE2CB4014681
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
  • String ID: CONOUT$
  • API String ID: 3230265001-3130406586
  • Opcode ID: c039ff364faea56357dfef4cc99fd1765a74bd1cee96fe228580939cdd107833
  • Instruction ID: 6bdae393cadde3e74a883e2a5aa6d7c592fb4650057f26d30e06eac69186da66
  • Opcode Fuzzy Hash: c039ff364faea56357dfef4cc99fd1765a74bd1cee96fe228580939cdd107833
  • Instruction Fuzzy Hash: 23119021B29B8182E7508B62E94432AB6A0FB88FE4F054234EE7EC7794EF7CD4448741
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
  • String ID: csm$csm$csm
  • API String ID: 3523768491-393685449
  • Opcode ID: 05bbd918d9eb401b641d0de1b075adf657755be5447ac02583787240f03097ab
  • Instruction ID: 3b15e6a7b4b00eacf0cffd8cd89fea8a80047182a90a8fd7ab7d496d3468df32
  • Opcode Fuzzy Hash: 05bbd918d9eb401b641d0de1b075adf657755be5447ac02583787240f03097ab
  • Instruction Fuzzy Hash: 37E19E7290A6C28AEB209F75D8813EE7BA0FB4475CF145176DE8D87696EF38E581C700
APIs
  • GetLastError.KERNEL32(?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000,00007FF6ADF2B633,?,?,?), ref: 00007FF6ADF2D74B
  • FlsSetValue.KERNEL32(?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000,00007FF6ADF2B633,?,?,?), ref: 00007FF6ADF2D781
  • FlsSetValue.KERNEL32(?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000,00007FF6ADF2B633,?,?,?), ref: 00007FF6ADF2D7AE
  • FlsSetValue.KERNEL32(?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000,00007FF6ADF2B633,?,?,?), ref: 00007FF6ADF2D7BF
  • FlsSetValue.KERNEL32(?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000,00007FF6ADF2B633,?,?,?), ref: 00007FF6ADF2D7D0
  • SetLastError.KERNEL32(?,?,000066C9EB337148,00007FF6ADF2AFB9,?,?,?,?,00007FF6ADF2E5C6,?,?,00000000,00007FF6ADF2B633,?,?,?), ref: 00007FF6ADF2D7EB
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Value$ErrorLast
  • String ID:
  • API String ID: 2506987500-0
  • Opcode ID: 8a924690bce9fdd111f9bb3401fd416453b66af72d43d5ddcd9c16dbcd8df4f0
  • Instruction ID: 47a68d1ba66e247fd2fd3407d8844819f6a8a1f119016014468e712a43bf376f
  • Opcode Fuzzy Hash: 8a924690bce9fdd111f9bb3401fd416453b66af72d43d5ddcd9c16dbcd8df4f0
  • Instruction Fuzzy Hash: C9114D24E0F78242FA5867716E6513B6292DF44FB8F144774E83EC76D6FE2CB4028681
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: e30779ec795631c203037f7c8339e00691c419557dcb5048ec1b316f4552f117
  • Instruction ID: 6bd55ee4b969a6cfeae75c5112a3422adca184b4316956d1549a89e3c6ab5d69
  • Opcode Fuzzy Hash: e30779ec795631c203037f7c8339e00691c419557dcb5048ec1b316f4552f117
  • Instruction Fuzzy Hash: DFF06265A0AB4291EA148B34E85537BA320EF49B65F550635CA7EC76F4EF3CD088C711
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: AdjustPointer
  • String ID:
  • API String ID: 1740715915-0
  • Opcode ID: 1bf3bc4ad53d99018378158cf405500ceadc08bb50907adabc42e4c04bc8c28e
  • Instruction ID: eb9e7aece3312cdc0d1865aec2c5b5a21dd164f5c15c1cae67bd090e0adc8be9
  • Opcode Fuzzy Hash: 1bf3bc4ad53d99018378158cf405500ceadc08bb50907adabc42e4c04bc8c28e
  • Instruction Fuzzy Hash: 7AB1CFB2A0FBC281EA658B35948067B6290EF44B9CF1984B6DE4D87795FF3CE841C301
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: _set_statfp
  • String ID:
  • API String ID: 1156100317-0
  • Opcode ID: 6678863bc1662e34b4404f8bd50b92320c7bc59b1194ecab7f8a9474a1aa5830
  • Instruction ID: c545f08e27a2ae0a631b94dc20c27cfbc6ab10289f8c599d6191e41c85f99722
  • Opcode Fuzzy Hash: 6678863bc1662e34b4404f8bd50b92320c7bc59b1194ecab7f8a9474a1aa5830
  • Instruction Fuzzy Hash: 2811E322F5EA8B01F7549138D45237B95C0FF55374F1A2634ED7E8B3DAEE2EA8414202
APIs
  • FlsGetValue.KERNEL32(?,?,?,00007FF6ADF2AB07,?,?,00000000,00007FF6ADF2ADA2,?,?,?,?,?,00007FF6ADF2AD2E), ref: 00007FF6ADF2D823
  • FlsSetValue.KERNEL32(?,?,?,00007FF6ADF2AB07,?,?,00000000,00007FF6ADF2ADA2,?,?,?,?,?,00007FF6ADF2AD2E), ref: 00007FF6ADF2D842
  • FlsSetValue.KERNEL32(?,?,?,00007FF6ADF2AB07,?,?,00000000,00007FF6ADF2ADA2,?,?,?,?,?,00007FF6ADF2AD2E), ref: 00007FF6ADF2D86A
  • FlsSetValue.KERNEL32(?,?,?,00007FF6ADF2AB07,?,?,00000000,00007FF6ADF2ADA2,?,?,?,?,?,00007FF6ADF2AD2E), ref: 00007FF6ADF2D87B
  • FlsSetValue.KERNEL32(?,?,?,00007FF6ADF2AB07,?,?,00000000,00007FF6ADF2ADA2,?,?,?,?,?,00007FF6ADF2AD2E), ref: 00007FF6ADF2D88C
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Value
  • String ID:
  • API String ID: 3702945584-0
  • Opcode ID: 1e32f2c5f5ae5de83df26ddc8a2638748a9463e4c658ab7940fe64ae99ac88c2
  • Instruction ID: d93b4a39bc5a53c0e8fa20bd256b381ca09da73f6c66c760eba09bbf24759f73
  • Opcode Fuzzy Hash: 1e32f2c5f5ae5de83df26ddc8a2638748a9463e4c658ab7940fe64ae99ac88c2
  • Instruction Fuzzy Hash: 45114F60E0B3C241FA5867755E611BB2191EF85BB8F5C87B4E83D876D6FE2CF4418281
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Value
  • String ID:
  • API String ID: 3702945584-0
  • Opcode ID: a23ab7ede3433fb07216e1e677d2b9d936622034e04effeeb0c77d0087477cf5
  • Instruction ID: 3ab8f9e0a712a801977037676f960b271019bc8aa47afcbbbd1c383fc501b0a4
  • Opcode Fuzzy Hash: a23ab7ede3433fb07216e1e677d2b9d936622034e04effeeb0c77d0087477cf5
  • Instruction Fuzzy Hash: B9111864E0B78705FA58A2B55C6617B2181CF45B7CF5807B4D93E8B2D2FE2CB4028681
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CountCriticalEnterSectionTick$Sleep
  • String ID:
  • API String ID: 1544504822-0
  • Opcode ID: 5cf277748db217da2b457035f22cbb9722ae791f86d79aa18adc612ff8ede84a
  • Instruction ID: c336c9608e0b306aa3e41b84baec1564bfbff0b0ce524d4f2a61969147ba3498
  • Opcode Fuzzy Hash: 5cf277748db217da2b457035f22cbb9722ae791f86d79aa18adc612ff8ede84a
  • Instruction Fuzzy Hash: 84F09031A0AA8292EB509F31BD4403FA3A0EF59F84F114074DA3EC3655EF6CE4858201
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CallEncodePointerTranslator
  • String ID: MOC$RCC
  • API String ID: 3544855599-2084237596
  • Opcode ID: b770a33f19432dfb883f7dd34f837ec9993f1f526b1bf5a3ef4edaa48a7dc520
  • Instruction ID: 8e1a37d74350e4a98eb3bcc2a5c94d5b4a965306774697076f6eb738a77d07c9
  • Opcode Fuzzy Hash: b770a33f19432dfb883f7dd34f837ec9993f1f526b1bf5a3ef4edaa48a7dc520
  • Instruction Fuzzy Hash: E9917E73A0AB918AEB50CB75D8802EE7BB0FB44788F14416AEA4D97B55EF3CD195C700
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
  • String ID: csm
  • API String ID: 2395640692-1018135373
  • Opcode ID: 95400a70ffba255910a8eba6251ef1d1a76c203fa19fe6ec779101a849a1473e
  • Instruction ID: 0c55dae469a72086a324c7d78998b6461355fd64cd5ba1a3247b9cf0497a7483
  • Opcode Fuzzy Hash: 95400a70ffba255910a8eba6251ef1d1a76c203fa19fe6ec779101a849a1473e
  • Instruction Fuzzy Hash: 9C51A331B1A6829AEB14CF25D84467A73A1EB64B8CF118175DE6D83789FF7CE841C700
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
  • String ID: csm$csm
  • API String ID: 3896166516-3733052814
  • Opcode ID: bf219186f680495e691f6d2a2d115e07fa60f977b01424d17790efaca19a03eb
  • Instruction ID: c62cf49d4fa4664c03066301e57d56f8ec91d40534fa20a6a8b118473c7f3b5b
  • Opcode Fuzzy Hash: bf219186f680495e691f6d2a2d115e07fa60f977b01424d17790efaca19a03eb
  • Instruction Fuzzy Hash: C651B032A492C286EB748B32944526A76B0FB59B98F1841B5DE9CC3BC5DF3CE461CB01
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CallEncodePointerTranslator
  • String ID: MOC$RCC
  • API String ID: 3544855599-2084237596
  • Opcode ID: 8289e69907f3bf529c01b0df9455cddab0e14875c13545cf760911e82707e5d8
  • Instruction ID: 9129716b43ec5f0655935dc9c38a1258716ff9679a10176f3b9880882bffde3c
  • Opcode Fuzzy Hash: 8289e69907f3bf529c01b0df9455cddab0e14875c13545cf760911e82707e5d8
  • Instruction Fuzzy Hash: 5261B232909BC586DB608B25E4403EBBBA0FB85B98F044235EB9C47B55EF3CD194CB00
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: FileWrite$ConsoleErrorLastOutput
  • String ID:
  • API String ID: 2718003287-0
  • Opcode ID: 0f9a222ce5cde8de3c720e2b16ac4d6c457a586d2efdf849933d49e3810a4a87
  • Instruction ID: ab332aae2ea379647cd3e22cdc05436fa9ee6c14350d0a546af465a189c4bb3f
  • Opcode Fuzzy Hash: 0f9a222ce5cde8de3c720e2b16ac4d6c457a586d2efdf849933d49e3810a4a87
  • Instruction Fuzzy Hash: 27D10632B1AA819AEB11CF75D8402AD77B1FB54B98B054235CF6DDBB99EE38D406C340
APIs
  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6ADF32F7F), ref: 00007FF6ADF330B0
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6ADF32F7F), ref: 00007FF6ADF3313B
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ConsoleErrorLastMode
  • String ID:
  • API String ID: 953036326-0
  • Opcode ID: a8a520f721b93a4319f37ac694fe2f258c72ea617a0ee2ff615a45705dd5a7be
  • Instruction ID: 11dc0c0a751928cb9a9bc1de0f63efce810bf1e19e71c13efb647ed7078f69c6
  • Opcode Fuzzy Hash: a8a520f721b93a4319f37ac694fe2f258c72ea617a0ee2ff615a45705dd5a7be
  • Instruction Fuzzy Hash: 2491F362F0969295F750DF7998802BEABE0FB01B88F155139DE2E97685EF3CD481C702
APIs
  • EnterCriticalSection.KERNEL32(?,?,?,00007FF6ADF21328,?,00000000,?,00007FF6ADF21C9C,?,?,?,00007FF6ADF23D87,?,?,?,00007FF6ADF2199A), ref: 00007FF6ADF24D4E
  • LeaveCriticalSection.KERNEL32(?,?,?,00007FF6ADF21328,?,00000000,?,00007FF6ADF21C9C,?,?,?,00007FF6ADF23D87,?,?,?,00007FF6ADF2199A), ref: 00007FF6ADF24D6C
  • _set_fmode.LIBCMT ref: 00007FF6ADF24DBB
  • _RTC_Initialize.LIBCMT ref: 00007FF6ADF24DDC
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CriticalSection$EnterInitializeLeave_set_fmode
  • String ID:
  • API String ID: 2803588085-0
  • Opcode ID: 319e829813a59827e7a967cf8d9271d800474e4b2e09c73e0c3742706994a173
  • Instruction ID: c5ba614161f99cabf20ae929cdd424605ee7d93c7dc41df511f41ba6c6b4a33e
  • Opcode Fuzzy Hash: 319e829813a59827e7a967cf8d9271d800474e4b2e09c73e0c3742706994a173
  • Instruction Fuzzy Hash: 5F314B20E5E6C782FA2477B1A8461BF52A0EF94758F8404B0EA0DC7BD7FE6CF8454612
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 2933794660-0
  • Opcode ID: 28b2221adaf7ab3c9ddc0ea3f2ab86addf46026c1b07f177c2c295a23517d33c
  • Instruction ID: 49e49900d44c9f680bdcc02d6f293076adea0a0939ff71a00f301d7abc938ef0
  • Opcode Fuzzy Hash: 28b2221adaf7ab3c9ddc0ea3f2ab86addf46026c1b07f177c2c295a23517d33c
  • Instruction Fuzzy Hash: 8D111822B65B018AEB008B74E8542AA73A4FB19B58F450E35EE6D877A4EF7CD1948340
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: __except_validate_context_record
  • String ID: csm$csm
  • API String ID: 1467352782-3733052814
  • Opcode ID: b3d48a40b1774b01cd38955d26c3fd24897af4efe411d6b9e78751d6f8a38cbc
  • Instruction ID: 61276872adb29702f1991c7b10b1bc7e353857ff3f36d187f1cf8323b00de477
  • Opcode Fuzzy Hash: b3d48a40b1774b01cd38955d26c3fd24897af4efe411d6b9e78751d6f8a38cbc
  • Instruction Fuzzy Hash: 85719D7290A6C186DB608B35D4607BA7BB0FB05B8DF149171DE8C87B89EF2CE590C741
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: CreateFrameInfo__except_validate_context_record
  • String ID: csm
  • API String ID: 2558813199-1018135373
  • Opcode ID: 1f24b57c7a8d8824615166ef61e841d6581ee2d9aaaae3d972262b6119ac11ca
  • Instruction ID: d22493e42fa6c149895ecc0eee8892ea89a20ec52d639bd5902fac860ec9a720
  • Opcode Fuzzy Hash: 1f24b57c7a8d8824615166ef61e841d6581ee2d9aaaae3d972262b6119ac11ca
  • Instruction Fuzzy Hash: 5A512D7261A78187E624AB26E44026F77B4FB88B98F141175EF8D87B55EF38E491CB00
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ErrorFileLastWrite
  • String ID: U
  • API String ID: 442123175-4171548499
  • Opcode ID: 473395880f556805712db762a63d956a48fc9498859e52d7557dfa538f7aa7d1
  • Instruction ID: d3707bf671c459570a47fb4669aa2f2f20e746e8bac85804c994a61dffbdd20e
  • Opcode Fuzzy Hash: 473395880f556805712db762a63d956a48fc9498859e52d7557dfa538f7aa7d1
  • Instruction Fuzzy Hash: 6141C362B1AA8191DB209F35E4443AAA7A0FB98B84F454131EE5DC7798EF3CD541C741
APIs
  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6ADF25FBE), ref: 00007FF6ADF27234
  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6ADF25FBE), ref: 00007FF6ADF27275
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2121362492.00007FF6ADF21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ADF20000, based on PE: true
  • Associated: 00000000.00000002.2121345719.00007FF6ADF20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121380042.00007FF6ADF36000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121395375.00007FF6ADF43000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2121411446.00007FF6ADF47000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6adf20000_BraveUpdateComRegisterShell64.jbxd
Similarity
  • API ID: ExceptionFileHeaderRaise
  • String ID: csm
  • API String ID: 2573137834-1018135373
  • Opcode ID: f044d429b39af39a8b648e1ce86139056c78b3059d88f327f90d768c7320bfa9
  • Instruction ID: 806e4faba497b981aa8b1da22d4990adebe5ee78548eb671f16bcf1785507b0f
  • Opcode Fuzzy Hash: f044d429b39af39a8b648e1ce86139056c78b3059d88f327f90d768c7320bfa9
  • Instruction Fuzzy Hash: 57113072619B8182EB618F25F84026AB7E4FB88B98F584270EF9D47758EF3CD5518B00