Edit tour

Windows Analysis Report
UDCC Launcher.exe

Overview

General Information

Sample name:	UDCC Launcher.exe
Analysis ID:	1559401
MD5:	47825d6efa91f5aef6974a9a4d0a0c93
SHA1:	2d50927f87df83b3ceff8c547da1fc2b681ee73d
SHA256:	fd0c79e2e708c31acec9421dd40cd8c7f7e254c1f46fd931dcfd8141dd44c7db

Detection

Score:	7
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to enumerate running services

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

UDCC Launcher.exe (PID: 2108 cmdline: "C:\Users\user\Desktop\UDCC Launcher.exe" MD5: 47825D6EFA91F5AEF6974A9A4D0A0C93)

cleanup

Joe Sandbox Signatures

• Cryptography
• Compliance
• Spreading
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3E6840 LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,		0_2_00007FF6AB3E6840
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3A86A0 Concurrency::details::WorkQueue::IsStructuredEmpty,WinVerifyTrust,Concurrency::details::WorkQueue::IsStructuredEmpty,CryptQueryObject,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringW,LocalAlloc,CertGetNameStringW,lstrcmpiW,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,		0_2_00007FF6AB3A86A0

Source: UDCC Launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\AutoInstall\Libs\UiLib_d_x64.pdbh source: UDCC Launcher.exe
Source:	Binary string: C:\Users\Admin\Desktop\AutoInstall\Libs\UiLib_d_x64.pdb source: UDCC Launcher.exe
Source:	Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb source: UDCC Launcher.exe
Source:	Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb< source: UDCC Launcher.exe

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DBBE4 FindFirstFileExW,	0_2_00007FF6AB3DBBE4
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DBD68 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6AB3DBD68
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C0494 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	0_2_00007FF6AB3C0494
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C0420 FindClose,FindFirstFileExW,GetLastError,	0_2_00007FF6AB3C0420

Source: UDCC Launcher.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: UDCC Launcher.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: UDCC Launcher.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: UDCC Launcher.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: UDCC Launcher.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: UDCC Launcher.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: UDCC Launcher.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: UDCC Launcher.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: UDCC Launcher.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: UDCC Launcher.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: UDCC Launcher.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: UDCC Launcher.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: UDCC Launcher.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: UDCC Launcher.exe	String found in binary or memory: http://www.digicert.com/CPS0

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3D3D08	0_2_00007FF6AB3D3D08
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DED2C	0_2_00007FF6AB3DED2C
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3E1B80	0_2_00007FF6AB3E1B80
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3A7BB0	0_2_00007FF6AB3A7BB0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3CEC18	0_2_00007FF6AB3CEC18
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C9BE4	0_2_00007FF6AB3C9BE4
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DBBE4	0_2_00007FF6AB3DBBE4
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DAA88	0_2_00007FF6AB3DAA88
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3AAB00	0_2_00007FF6AB3AAB00
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3A9B30	0_2_00007FF6AB3A9B30
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3CF12C	0_2_00007FF6AB3CF12C
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C9FFC	0_2_00007FF6AB3C9FFC
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3CFFD0	0_2_00007FF6AB3CFFD0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3A7FE0	0_2_00007FF6AB3A7FE0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3A8EB0	0_2_00007FF6AB3A8EB0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DBD68	0_2_00007FF6AB3DBD68
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3CAE04	0_2_00007FF6AB3CAE04
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C9DF0	0_2_00007FF6AB3C9DF0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C0494	0_2_00007FF6AB3C0494
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3D13CC	0_2_00007FF6AB3D13CC
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DB250	0_2_00007FF6AB3DB250
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3D2274	0_2_00007FF6AB3D2274
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3E0194	0_2_00007FF6AB3E0194
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3D41A0	0_2_00007FF6AB3D41A0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3E2228	0_2_00007FF6AB3E2228
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3D4818	0_2_00007FF6AB3D4818
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DD7E0	0_2_00007FF6AB3DD7E0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3A86A0	0_2_00007FF6AB3A86A0

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: String function: 00007FF6AB3A8CD0 appears 32 times

Source: UDCC Launcher.exe

Static PE information: Resource name: ZIPRES type: Zip archive data, at least v2.0 to extract, compression method=deflate

Source: classification engine

Classification label: clean7.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3BC4E0 LoadResource,LockResource,SizeofResource,

0_2_00007FF6AB3BC4E0

Source: UDCC Launcher.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Section loaded: uilib_d_x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Section loaded: winhttp.dll	Jump to behavior

Source: UDCC Launcher.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: UDCC Launcher.exe

Static file information: File size 3939392 > 1048576

Source: UDCC Launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: UDCC Launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: UDCC Launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: UDCC Launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: UDCC Launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: UDCC Launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: UDCC Launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: UDCC Launcher.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\Admin\Desktop\AutoInstall\Libs\UiLib_d_x64.pdbh source: UDCC Launcher.exe
Source:	Binary string: C:\Users\Admin\Desktop\AutoInstall\Libs\UiLib_d_x64.pdb source: UDCC Launcher.exe
Source:	Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb source: UDCC Launcher.exe
Source:	Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb< source: UDCC Launcher.exe

Source: UDCC Launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: UDCC Launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: UDCC Launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: UDCC Launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: UDCC Launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: UDCC Launcher.exe

Static PE information: real checksum: 0x108776 should be: 0x3c49de

Source: UDCC Launcher.exe

Static PE information: section name: .fptable

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3ACA80 Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,GetPrivateProfileStringW,type_info::_name_internal_method,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,GetPrivateProfileStringW,Concurrency::details::WorkQueue::IsStructuredEmpty,type_info::_name_internal_method,CreateMutexW,GetLastError,_CallMemberFunction0,CloseHandle,CoInitialize,?SetInstance@CPaintManagerUI@UiLib@@SAXPEAUHINSTANCE__@@@Z,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,WritePrivateProfileStringW,?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z,?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z,CoUninitialize,

0_2_00007FF6AB3ACA80

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: OpenSCManagerW,EnumServicesStatusExW,GetLastError,CloseServiceHandle,EnumServicesStatusExW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

0_2_00007FF6AB3A7830

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DBBE4 FindFirstFileExW,	0_2_00007FF6AB3DBBE4
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3DBD68 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6AB3DBD68
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C0494 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	0_2_00007FF6AB3C0494
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C0420 FindClose,FindFirstFileExW,GetLastError,	0_2_00007FF6AB3C0420

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3C8C58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF6AB3C8C58

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3BECCC __vcrt_InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF6AB3BECCC

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3DCF10 GetProcessHeap,

0_2_00007FF6AB3DCF10

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C8C58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6AB3C8C58
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C3CD0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6AB3C3CD0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C2F88 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6AB3C2F88
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: 0_2_00007FF6AB3C3EB0 SetUnhandledExceptionFilter,	0_2_00007FF6AB3C3EB0

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3A6920 ShellExecuteExW,WaitForSingleObject,CloseHandle,SetEvent,SetEvent,

0_2_00007FF6AB3A6920

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3E4770 cpuid

0_2_00007FF6AB3E4770

Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF6AB3DFD34
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF6AB3DFB3C
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: GetLocaleInfoW,	0_2_00007FF6AB3DFBF0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: GetLocaleInfoW,	0_2_00007FF6AB3DF9E4
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6AB3D6050
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_00007FF6AB3BF05C
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: GetLocaleInfoW,	0_2_00007FF6AB3D646C
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF6AB3DF2D4
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF6AB3DF7A0
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6AB3DF638
Source: C:\Users\user\Desktop\UDCC Launcher.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6AB3DF708

Source: C:\Users\user\Desktop\UDCC Launcher.exe

Code function: 0_2_00007FF6AB3C3F1C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6AB3C3F1C

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 DLL Side-Loading	LSASS Memory	3 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	22 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Service Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1559401
Start date and time:	2024-11-20 13:40:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	UDCC Launcher.exe
Detection:	CLEAN
Classification:	clean7.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 134
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target UDCC Launcher.exe, PID 2108 because there are no executed function
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: UDCC Launcher.exe

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.719887206744112
TrID:	Win64 Executable GUI (202006/5) 77.82% Win32 EXE PECompact compressed (generic) (41571/9) 16.01% Win64 Executable (generic) (12005/4) 4.62% Generic Win/DOS Executable (2004/3) 0.77% DOS Executable Generic (2002/1) 0.77%
File name:	UDCC Launcher.exe
File size:	3'939'392 bytes
MD5:	47825d6efa91f5aef6974a9a4d0a0c93
SHA1:	2d50927f87df83b3ceff8c547da1fc2b681ee73d
SHA256:	fd0c79e2e708c31acec9421dd40cd8c7f7e254c1f46fd931dcfd8141dd44c7db
SHA512:	367801e88e830d13f960ea513e3af5104de9d25c5440aadf78e94ee46787bf6104381b75ddf31ae571ff140cd5199820121ff84f2dd1e336d8c46cfe0984852c
SSDEEP:	49152:ZlP/rZLtTfsMizM/zKHXx0z+sdKf3xQfbdAuV4TmJepHke4+ae6JqfL9:/lLtTfIzM/zCucO4KIpEe4+GE
TLSH:	A8069D2BB26142E8D0A7C17889638A55EA717C140721A7CF06E5BB6F1F33BE01A7F715
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x......Jx.......x.......x..=....x..=....x.......x..=....x.......x...x...y.......x....=..x.......x..Rich.x.........

File Icon


Icon Hash:	0f274d444d71138e

Static PE Info

General

Entrypoint:	0x1400237a4
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67371F10 [Fri Nov 15 10:14:40 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	8bd950ea6c7b3e36283d0a40b27e69a7

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FB91D3D9EF4h
dec eax
add esp, 28h
jmp 00007FB91D3D95FFh
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007FB91D3D9792h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007FB91D3D9795h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007FB91D3D978Dh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007FB91D3D8E42h
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+08h], ebx
dec eax
mov dword ptr [eax+10h], ebp
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
inc ecx
push esi
dec eax
sub esp, 20h
dec ecx
mov ebx, dword ptr [ecx+38h]
dec eax
mov esi, edx
dec ebp
mov esi, eax
dec eax
mov ebp, ecx
dec ecx
mov edx, ecx
dec eax
mov ecx, esi
dec ecx
mov edi, ecx
dec esp
lea eax, dword ptr [ebx+04h]
call 00007FB91D3D96F1h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5c630	0xf0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x9a590	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x63000	0x4e84	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0xffe00	0x2920	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x104000	0xc74	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x55b30	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x55d00	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x559f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x48000	0x708	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x46f8e	0x47000	af099a7b491a7b59fedc24346dd96a97	False	0.461394833846831	data	6.156815738498735	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x48000	0x1654a	0x16600	5cfa08d02ab5c2d86873d52b8dc03ee0	False	0.39052679818435754	data	4.849513356739472	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5f000	0x39f4	0x1e00	6e170c7bd632378a86f9330cc87a3353	False	0.18046875	DOS executable (block device driver)	3.40709858794464	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x63000	0x4e84	0x5000	239ce4bf855fcc24f84771a6992300cc	False	0.4576171875	data	5.535352131788659	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.fptable	0x68000	0x100	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x9a590	0x9a600	a6af6889db7596a4323d868bfe54ea41	False	0.7977416497975709	data	7.445147893884647	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x104000	0xc74	0xe00	84db3eac539ea1146c7b5aef0d9f1220	False	0.4453125	data	5.21571073873519	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
ZIPRES	0xb3e50	0x4f73b	Zip archive data, at least v2.0 to extract, compression method=deflate	Chinese	China	0.9792308755972775
RT_ICON	0x69280	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Chinese	China	0.7393617021276596
RT_ICON	0x696e8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Chinese	China	0.5975409836065574
RT_ICON	0x6a070	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Chinese	China	0.5220450281425891
RT_ICON	0x6b118	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Chinese	China	0.4074688796680498
RT_ICON	0x6d6c0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	Chinese	China	0.3299480396787907
RT_ICON	0x718e8	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736	Chinese	China	0.3008780036968577
RT_ICON	0x76d70	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864	Chinese	China	0.2389899096068951
RT_ICON	0x80218	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	Chinese	China	0.1853040340707441
RT_ICON	0x90a40	0x23381	PNG image data, 256 x 256, 16-bit/color RGBA, non-interlaced	Chinese	China	0.9986759741295049
RT_GROUP_ICON	0xb3dc8	0x84	data	Chinese	China	0.75

Imports

DLL	Import
KERNEL32.dll	LocalFree, Sleep, CreateEventW, WritePrivateProfileStringW, GetUserDefaultUILanguage, GetPrivateProfileStringW, CreateMutexW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, lstrcmpiW, LoadResource, FindResourceExW, FindResourceW, InitializeCriticalSectionEx, DecodePointer, WriteConsoleW, SetEndOfFile, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, LocalAlloc, LockResource, DeleteFileW, CreateDirectoryW, GetLastError, ReadFile, CreateProcessW, GetStartupInfoW, CreatePipe, IsValidCodePage, ReadConsoleW, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, SetEvent, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, VirtualProtect, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, SetFilePointerEx, GetFileSizeEx, GetFileType, WriteFile, GetStdHandle, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, CreateThread, LoadLibraryExW, FreeLibrary, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, SetLastError, RtlPcToFileHeader, RtlUnwindEx, InitializeSListHead, GetCurrentProcessId, IsProcessorFeaturePresent, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, GetCPInfo, LCMapStringEx, EncodePointer, SleepConditionVariableSRW, WakeAllConditionVariable, TryAcquireSRWLockExclusive, AcquireSRWLockExclusive, CloseHandle, WaitForSingleObject, GetFileAttributesW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, EnumSystemLocalesW, InitializeCriticalSection, ReleaseSRWLockExclusive, IsDebuggerPresent, OutputDebugStringW, RaiseException, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentThreadId, FormatMessageA, GetLocaleInfoEx, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CreateFileW, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, SetFileInformationByHandle, AreFileApisANSI, GetModuleHandleW, GetProcAddress, GetFileInformationByHandleEx, GetSystemTimeAsFileTime, RtlUnwind
USER32.dll	SetWindowRgn, InvalidateRect, SendMessageW, SetWindowPos, SetWindowLongW, GetWindowLongW, GetSystemMetrics
GDI32.dll	CreateRoundRectRgn, DeleteObject
ADVAPI32.dll	RegOpenKeyExW, OpenSCManagerW, EnumServicesStatusExW, CloseServiceHandle, RegCloseKey
SHELL32.dll	ShellExecuteExW, ShellExecuteW
ole32.dll	CoUninitialize, CoInitialize
OLEAUT32.dll	VariantClear, SysAllocString, SysFreeString
UiLib_d_x64.dll	??0CDuiString@UiLib@@QEAA@PEB_WH@Z, ?DeleteTrayIcon@CDuiTrayIcon@UiLib@@QEAAXXZ, ?GetTrayObject@CPaintManagerUI@UiLib@@QEAAAEAVCDuiTrayIcon@2@XZ, ??0CWindowWnd@UiLib@@QEAA@XZ, ?GetMessageMap@CNotifyPump@UiLib@@MEBAPEBUDUI_MSGMAP@2@XZ, ??0CStdStringPtrMap@UiLib@@QEAA@H@Z, ??1CStdStringPtrMap@UiLib@@QEAA@XZ, ?GetSuperClassName@CWindowWnd@UiLib@@MEBAPEB_WXZ, ?GetClassStyle@WindowImplBase@UiLib@@UEBAIXZ, ?HandleMessage@WindowImplBase@UiLib@@UEAA_JI_K_J@Z, ?OnFinalMessage@WindowImplBase@UiLib@@UEAAXPEAUHWND__@@@Z, ?OnClick@WindowImplBase@UiLib@@MEAAXAEAUtagTNotifyUI@2@@Z, ?GetResourceType@WindowImplBase@UiLib@@UEBA?AW4UILIB_RESOURCETYPE@2@XZ, ?GetZIPFileName@WindowImplBase@UiLib@@UEBA?AVCDuiString@2@XZ, ?GetResourceID@WindowImplBase@UiLib@@UEBAPEB_WXZ, ??0CDuiString@UiLib@@QEAA@AEBV01@@Z, ?OnDestroy@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnNcActivate@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnNcCalcSize@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnNcPaint@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnNcHitTest@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnGetMinMaxInfo@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnMouseWheel@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnMouseHover@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnSize@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnChar@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnSysCommand@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnCreate@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnKeyDown@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnKillFocus@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnSetFocus@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnLButtonDown@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnLButtonUp@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?OnMouseMove@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?HandleCustomMessage@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z, ?GetStyle@WindowImplBase@UiLib@@UEAAJXZ, ?GetMessageMap@WindowImplBase@UiLib@@MEBAPEBUDUI_MSGMAP@2@XZ, ?Notify@WindowImplBase@UiLib@@UEAAXAEAUtagTNotifyUI@2@@Z, ?MessageHandler@WindowImplBase@UiLib@@UEAA_JI_K_JAEA_N@Z, ?CreateControl@WindowImplBase@UiLib@@UEAAPEAVCControlUI@2@PEB_W@Z, ??0CPaintManagerUI@UiLib@@QEAA@XZ, ??1CPaintManagerUI@UiLib@@QEAA@XZ, ?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z, ?SetValue@CProgressUI@UiLib@@QEAAXH@Z, ??BCDuiString@UiLib@@QEBAPEB_WXZ, ?GetCheck@CCheckBoxUI@UiLib@@QEBA_NXZ, ?GetHWND@CWindowWnd@UiLib@@QEBAPEAUHWND__@@XZ, ?Close@CWindowWnd@UiLib@@QEAAXI@Z, ?SetInstance@CPaintManagerUI@UiLib@@SAXPEAUHINSTANCE__@@@Z, ?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z, ?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z, ??1CDuiString@UiLib@@QEAA@XZ, ?OnClose@WindowImplBase@UiLib@@UEAA_JI_K_JAEAH@Z
WINTRUST.dll	WinVerifyTrust
CRYPT32.dll	CryptMsgClose, CertFindCertificateInStore, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CryptQueryObject, CryptMsgGetParam
WINHTTP.dll	WinHttpReadData, WinHttpQueryHeaders, WinHttpConnect, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpOpen, WinHttpCloseHandle, WinHttpOpenRequest

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China

• UDCC Launcher.exe

Click to jump to process

Memory Usage

• UDCC Launcher.exe

Click to jump to process

Target ID:	0
Start time:	07:41:14
Start date:	20/11/2024
Path:	C:\Users\user\Desktop\UDCC Launcher.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\UDCC Launcher.exe"
Imagebase:	0x7ff6ab3a0000
File size:	3'939'392 bytes
MD5 hash:	47825D6EFA91F5AEF6974A9A4D0A0C93
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 00007FF6AB3AAB00 Relevance: 142.9, APIs: 60, Strings: 21, Instructions: 1128COMMON

Download Yara Rule

APIs

??BCDuiString@UiLib@@QEBAPEB_WXZ.UILIB_D_X64 ref: 00007FF6AB3AAB36

Part of subcall function 00007FF6AB3CC9A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CC9C5

??BCDuiString@UiLib@@QEBAPEB_WXZ.UILIB_D_X64 ref: 00007FF6AB3AABD2
??BCDuiString@UiLib@@QEBAPEB_WXZ.UILIB_D_X64 ref: 00007FF6AB3AAC66

Part of subcall function 00007FF6AB3CC9A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CCA1E

??1CDuiString@UiLib@@QEAA@XZ.UILIB_D_X64 ref: 00007FF6AB3AACB2
??1CDuiString@UiLib@@QEAA@XZ.UILIB_D_X64 ref: 00007FF6AB3AACD1
InvalidateRect.USER32 ref: 00007FF6AB3AAE3B
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3AAE73
?GetCheck@CCheckBoxUI@UiLib@@QEBA_NXZ.UILIB_D_X64 ref: 00007FF6AB3AAF14
CreateEventW.KERNEL32 ref: 00007FF6AB3AAF41
??BCDuiString@UiLib@@QEBAPEB_WXZ.UILIB_D_X64 ref: 00007FF6AB3ABE14
??1CDuiString@UiLib@@QEAA@XZ.UILIB_D_X64 ref: 00007FF6AB3ABE50
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3ABE86
?GetCheck@CCheckBoxUI@UiLib@@QEBA_NXZ.UILIB_D_X64 ref: 00007FF6AB3ABF0E
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3ABF37
?Notify@WindowImplBase@UiLib@@UEAAXAEAUtagTNotifyUI@2@@Z.UILIB_D_X64 ref: 00007FF6AB3AC41F

Strings

first, xrefs: 00007FF6AB3ABC81, 00007FF6AB3ABE77
third, xrefs: 00007FF6AB3AAE64, 00007FF6AB3AC037
CheckBox, xrefs: 00007FF6AB3ABD91
continue_btn, xrefs: 00007FF6AB3AAC6C
close_btn, xrefs: 00007FF6AB3ABA7C
checkbox_ldcc, xrefs: 00007FF6AB3AB0E2, 00007FF6AB3AB329
fourth, xrefs: 00007FF6AB3AB082, 00007FF6AB3AC20E
true, xrefs: 00007FF6AB3ABD2C, 00007FF6AB3ABF22, 00007FF6AB3AC0E2, 00007FF6AB3AC2B9, 00007FF6AB3AC3BE
remind, xrefs: 00007FF6AB3ABC24, 00007FF6AB3ABCE1, 00007FF6AB3ABE1A, 00007FF6AB3ABED7
false, xrefs: 00007FF6AB3ABD51, 00007FF6AB3ABF47, 00007FF6AB3AC107, 00007FF6AB3AC2DE, 00007FF6AB3AC3E3
C:\LADM\, xrefs: 00007FF6AB3AB71D
remind_go, xrefs: 00007FF6AB3ABFDA, 00007FF6AB3AC097
./config.ini, xrefs: 00007FF6AB3ABD25, 00007FF6AB3ABD4A, 00007FF6AB3ABF1B, 00007FF6AB3ABF40, 00007FF6AB3AC0DB, 00007FF6AB3AC100, 00007FF6AB3AC2B2, 00007FF6AB3AC2D7, 00007FF6AB3AC3B7, 00007FF6AB3AC3DC
checkbox_go, xrefs: 00007FF6AB3AAEC4, 00007FF6AB3AB44C
click, xrefs: 00007FF6AB3AAB3C
install_btn, xrefs: 00007FF6AB3AABD8
prompt, xrefs: 00007FF6AB3ABD33, 00007FF6AB3ABD58, 00007FF6AB3ABF29, 00007FF6AB3ABF4E, 00007FF6AB3AC0E9, 00007FF6AB3AC10E, 00007FF6AB3AC2C0, 00007FF6AB3AC2E5, 00007FF6AB3AC3C5, 00007FF6AB3AC3EA
closetip_btn, xrefs: 00007FF6AB3ABB10
fifth, xrefs: 00007FF6AB3AB2CF, 00007FF6AB3AC313
remind_ldcc, xrefs: 00007FF6AB3AC19A, 00007FF6AB3AC26E, 00007FF6AB3AC373
Settings, xrefs: 00007FF6AB3ABD3A, 00007FF6AB3ABD5F, 00007FF6AB3ABF30, 00007FF6AB3ABF55, 00007FF6AB3AC0F0, 00007FF6AB3AC115, 00007FF6AB3AC2C7, 00007FF6AB3AC2EC, 00007FF6AB3AC3CC, 00007FF6AB3AC3F1

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Lib@@$String@$CheckCheck@ControlControl@FindI@2@ManagerPaint_invalid_parameter_noinfo$Base@CreateEventI@2@@ImplInvalidateNotifyNotify@PrivateProfileRectStringUtagWindowWrite
String ID: ./config.ini$C:\LADM\$CheckBox$Settings$checkbox_go$checkbox_ldcc$click$close_btn$closetip_btn$continue_btn$false$fifth$first$fourth$install_btn$prompt$remind$remind_go$remind_ldcc$third$true
API String ID: 2737263713-2225711608
Opcode ID: 6977f0f9ec73c61a283dde69359bef9bc5bcdd83000aea82d38ef40d3eafdd8a
Instruction ID: c34c0247bceff4896e85279908a14374b971fca2e6a61d7297050a3236895932
Opcode Fuzzy Hash: 6977f0f9ec73c61a283dde69359bef9bc5bcdd83000aea82d38ef40d3eafdd8a
Instruction Fuzzy Hash: 75D2D73660AFC691EA609B15E8843EEB7A0FB89B40F504136DA8D87779DF3DD548CB40

Function 00007FF6AB3A9B30 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 707sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF6AB3A9C7A
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9CA4
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9CD2
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9D26
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9D54
Sleep.KERNEL32 ref: 00007FF6AB3A9DBD
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9DE7
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9E15
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9E69
?GetCheck@CCheckBoxUI@UiLib@@QEBA_NXZ.UILIB_D_X64 ref: 00007FF6AB3A9F0D
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9F8D
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9FBB

Strings

first, xrefs: 00007FF6AB3A9D17, 00007FF6AB3A9D45, 00007FF6AB3A9F7E, 00007FF6AB3A9FAC, 00007FF6AB3AA320, 00007FF6AB3AA34E, 00007FF6AB3AA777, 00007FF6AB3AA7A5
third, xrefs: 00007FF6AB3A9E5A, 00007FF6AB3AA00E, 00007FF6AB3AA03C, 00007FF6AB3AA09E, 00007FF6AB3AA0CC, 00007FF6AB3AA98B, 00007FF6AB3AA9B9
checkbox_go, xrefs: 00007FF6AB3A9EA0, 00007FF6AB3AA5DB
SOFTWARE\Lenovo\Lenovo Go Central, xrefs: 00007FF6AB3A9F2E, 00007FF6AB3AA6AC
SYSTEM\CurrentControlSet\Services\LenovoDisplayControlCenterService, xrefs: 00007FF6AB3AA2D0, 00007FF6AB3AA667
second, xrefs: 00007FF6AB3A9C95, 00007FF6AB3A9CC3, 00007FF6AB3A9DD8, 00007FF6AB3A9E06, 00007FF6AB3AA168, 00007FF6AB3AA196, 00007FF6AB3AA50A, 00007FF6AB3AA538
checkbox_ldcc, xrefs: 00007FF6AB3AA23F, 00007FF6AB3AA619
fourth, xrefs: 00007FF6AB3AA1F3, 00007FF6AB3AA3B0, 00007FF6AB3AA3DE, 00007FF6AB3AA440, 00007FF6AB3AA46E, 00007FF6AB3AAA7F, 00007FF6AB3AAAAD
fifth, xrefs: 00007FF6AB3AA595, 00007FF6AB3AA807, 00007FF6AB3AA835, 00007FF6AB3AA897, 00007FF6AB3AA8C5

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Lib@@$ControlControl@FindI@2@ManagerPaint$Sleep$CheckCheck@
String ID: SOFTWARE\Lenovo\Lenovo Go Central$SYSTEM\CurrentControlSet\Services\LenovoDisplayControlCenterService$checkbox_go$checkbox_ldcc$fifth$first$fourth$second$third
API String ID: 2992203187-2558743217
Opcode ID: 62e7bafab7f91ed8037c3d4e9cced1f4db3b3c986ee48f5e98eff1b8adb34b22
Instruction ID: b95138cfb2bb232b4bf536d7b11ab89d276a3aee1e94da5374858c424fd33878
Opcode Fuzzy Hash: 62e7bafab7f91ed8037c3d4e9cced1f4db3b3c986ee48f5e98eff1b8adb34b22
Instruction Fuzzy Hash: A482933660AFC595EA618B15E8843AEB7A4FBC9B80F404136DA8D87B79DF3CD544CB40

Function 00007FF6AB3A8EB0 Relevance: 75.6, APIs: 30, Strings: 13, Instructions: 352COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 00007FF6AB3A8ECD
SetWindowLongW.USER32 ref: 00007FF6AB3A8EFA
GetSystemMetrics.USER32 ref: 00007FF6AB3A8F02
GetSystemMetrics.USER32 ref: 00007FF6AB3A8F11
CreateRoundRectRgn.GDI32 ref: 00007FF6AB3A8F58
SetWindowRgn.USER32 ref: 00007FF6AB3A8F7A
SetWindowPos.USER32 ref: 00007FF6AB3A8FCA
DeleteObject.GDI32 ref: 00007FF6AB3A8FD5
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A8FFE
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9036
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A906E
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A90CB
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9123
CreateRoundRectRgn.GDI32 ref: 00007FF6AB3A91BA
SetWindowRgn.USER32 ref: 00007FF6AB3A91DC
SetWindowPos.USER32 ref: 00007FF6AB3A922C
DeleteObject.GDI32 ref: 00007FF6AB3A9237
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A92DF
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A9663
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A969B
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A96D3
?FindControl@CPaintManagerUI@UiLib@@QEBAPEAVCControlUI@2@PEB_W@Z.UILIB_D_X64 ref: 00007FF6AB3A970B

Strings

label_download, xrefs: 00007FF6AB3A968C
first, xrefs: 00007FF6AB3A8FEF, 00007FF6AB3A92D0, 00007FF6AB3A9416, 00007FF6AB3A953F
LenovoDisplayControlCenterService, xrefs: 00007FF6AB3A9277
third, xrefs: 00007FF6AB3A9472, 00007FF6AB3A959B
err_tip, xrefs: 00007FF6AB3A96FC
@, xrefs: 00007FF6AB3A91FC
continue_btn, xrefs: 00007FF6AB3A90BC
bar_download, xrefs: 00007FF6AB3A9654
second, xrefs: 00007FF6AB3A9027, 00007FF6AB3A9114
download_tip, xrefs: 00007FF6AB3A96C4
fourth, xrefs: 00007FF6AB3A9323, 00007FF6AB3A95F7
install_btn, xrefs: 00007FF6AB3A905F
fifth, xrefs: 00007FF6AB3A9376, 00007FF6AB3A94CE

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ControlControl@FindI@2@Lib@@ManagerPaint$Window$CreateDeleteLongMetricsObjectRectRoundSystem
String ID: @$LenovoDisplayControlCenterService$bar_download$continue_btn$download_tip$err_tip$fifth$first$fourth$install_btn$label_download$second$third
API String ID: 1694235912-3215884354
Opcode ID: 23c965180244791b44b4d4b96d8a73f31ff0c60199c10fddd1722231e756b2d8
Instruction ID: 237d755d26fd8944b405f0a5a5c5d79bc1ecb786381190954320b38ef91bfe12
Opcode Fuzzy Hash: 23c965180244791b44b4d4b96d8a73f31ff0c60199c10fddd1722231e756b2d8
Instruction Fuzzy Hash: B122933660AFC585EB619B15E8447EEB7A0FBC9B80F008126CA8D87B68DF7DD545CB40

Function 00007FF6AB3ACA80 Relevance: 73.9, APIs: 23, Strings: 19, Instructions: 367COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3AE650: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF6AB3AE691

Part of subcall function 00007FF6AB3A7830: OpenSCManagerW.ADVAPI32 ref: 00007FF6AB3A785D

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACB35
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACB4A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACB5F
GetPrivateProfileStringW.KERNEL32 ref: 00007FF6AB3ACBA0
type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3ACBCA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACBD7
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACBEC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACC01
GetPrivateProfileStringW.KERNEL32 ref: 00007FF6AB3ACC42
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3ACC65
type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3ACC85

Strings

#, xrefs: 00007FF6AB3ACEAE
times, xrefs: 00007FF6AB3AE060
Another instance is already running., xrefs: 00007FF6AB3ACD1D
times, xrefs: 00007FF6AB3ACBBB
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_sc.xml, xrefs: 00007FF6AB3ACFB6
./config.ini, xrefs: 00007FF6AB3ACADD
MainWnd_udcc_portuguese.xml, xrefs: 00007FF6AB3AD2BC
prompt, xrefs: 00007FF6AB3ACB05
LenovoDisplayControlCenterService, xrefs: 00007FF6AB3ACE3B
./config.ini, xrefs: 00007FF6AB3AE056
MainWnd_udcc_spanish.xml, xrefs: 00007FF6AB3AD23B
true, xrefs: 00007FF6AB3ACC76
UDCCLauncher, xrefs: 00007FF6AB3ACCF0
LenovoAccessoriesandDisplayManagerService, xrefs: 00007FF6AB3ACABB
MainWnd_udcc_serbianlatin.xml, xrefs: 00007FF6AB3ADDD2
Settings, xrefs: 00007FF6AB3ACAF1
MainWnd_udcc_en.xml, xrefs: 00007FF6AB3ADFD3
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$PrivateProcessorProfileStringVirtualtype_info::_name_internal_method$Concurrency::ManagerOpenRootRoot::
String ID: #$./config.ini$./config.ini$Another instance is already running.$LenovoAccessoriesandDisplayManagerService$LenovoDisplayControlCenterService$MainWnd_udcc_en.xml$MainWnd_udcc_portuguese.xml$MainWnd_udcc_sc.xml$MainWnd_udcc_serbianlatin.xml$MainWnd_udcc_spanish.xml$Settings$Settings$UDCCLauncher$UDCCLauncher$prompt$times$times$true
API String ID: 502227251-2579440469
Opcode ID: f00e581d7ed829687dea3e0d718da281359cdd137d04b1554f69b85a5d743f0a
Instruction ID: 62331b2a9c6daac767594c37641db0db86d09f8417ebc5f9f5a57578445e83b9
Opcode Fuzzy Hash: f00e581d7ed829687dea3e0d718da281359cdd137d04b1554f69b85a5d743f0a
Instruction Fuzzy Hash: A022E77291EEC691EA60DB14E4543EEB3A0FB88344F504139E68D87ABADF7DE454CB40

Function 00007FF6AB3A7FE0 Relevance: 65.1, APIs: 31, Strings: 6, Instructions: 329COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3B0A20: _WChar_traits.LIBCPMTD ref: 00007FF6AB3B0A4D

Part of subcall function 00007FF6AB3A8BD0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A8C11

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A8050
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A809C
CreateDirectoryW.KERNEL32 ref: 00007FF6AB3A80A6
WinHttpOpen.WINHTTP ref: 00007FF6AB3A80F6

Part of subcall function 00007FF6AB3B5800: char_traits.LIBCPMTD ref: 00007FF6AB3B5833

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A80D9
WinHttpConnect.WINHTTP ref: 00007FF6AB3A8157
WinHttpCloseHandle.WINHTTP ref: 00007FF6AB3A816F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A81B8
WinHttpOpenRequest.WINHTTP ref: 00007FF6AB3A81E9
WinHttpCloseHandle.WINHTTP ref: 00007FF6AB3A8201
WinHttpCloseHandle.WINHTTP ref: 00007FF6AB3A820C

Strings

d, xrefs: 00007FF6AB3A8558
C:\LADM, xrefs: 00007FF6AB3A800E
User-Agent, xrefs: 00007FF6AB3A80EF
download.lenovo.com, xrefs: 00007FF6AB3A814B
Directory already exists., xrefs: 00007FF6AB3A80AF
GET, xrefs: 00007FF6AB3A81DD

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Http$Concurrency::details::EmptyQueue::StructuredWork$CloseHandle$Open$CallChar_traitsConnectCreateDirectoryFunction0MemberRequestchar_traits
String ID: C:\LADM$Directory already exists.$GET$User-Agent$d$download.lenovo.com
API String ID: 456047234-954846421
Opcode ID: 2b7eeae7411375a1f532eae02732089c2a2fa03fcdfd64c7e140fe7a95d66ac8
Instruction ID: fd6972b1acc3b1a7919a3b4b1d7477f685ba43398f64db39e9817ab41bd698ba
Opcode Fuzzy Hash: 2b7eeae7411375a1f532eae02732089c2a2fa03fcdfd64c7e140fe7a95d66ac8
Instruction Fuzzy Hash: EE02EC3190EE8196EB20DB21E4547AEA760FBC9740F104536E68DD7AB9DFBDD4448F40

Function 00007FF6AB3A7BB0 Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 199COMMON

Download Yara Rule

APIs

WinHttpOpen.WINHTTP ref: 00007FF6AB3A7BF2
WinHttpConnect.WINHTTP ref: 00007FF6AB3A7C45
WinHttpCloseHandle.WINHTTP ref: 00007FF6AB3A7C5D

Part of subcall function 00007FF6AB3B1160: char_traits.LIBCPMTD ref: 00007FF6AB3B118D

Strings

User-Agent, xrefs: 00007FF6AB3A7BEB
download.lenovo.com, xrefs: 00007FF6AB3A7C39
/consumer/options/ladmversion.txt, xrefs: 00007FF6AB3A7CAC
GET, xrefs: 00007FF6AB3A7CB3

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Http$CloseConnectHandleOpenchar_traits
String ID: /consumer/options/ladmversion.txt$GET$User-Agent$download.lenovo.com
API String ID: 394438176-1046114295
Opcode ID: c5d900281813edbbc21ddb9fb3d75130968f619f498d7d5176b17196c7c6b7af
Instruction ID: 3624679ecaada7a3219fde93a739a8fb227fb0863d0db6808e87e0011488e40a
Opcode Fuzzy Hash: c5d900281813edbbc21ddb9fb3d75130968f619f498d7d5176b17196c7c6b7af
Instruction Fuzzy Hash: F9B10B32A1EE85D6EB20DB15E89036EB7A0FBC9794F104132D68D86AB9CF7DD444CB40

Function 00007FF6AB3A86A0 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 232encryptionCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A86F1
WinVerifyTrust.WINTRUST ref: 00007FF6AB3A882E
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A88E5
CryptQueryObject.CRYPT32 ref: 00007FF6AB3A8950
LocalFree.KERNEL32 ref: 00007FF6AB3A8B2D
LocalFree.KERNEL32 ref: 00007FF6AB3A8B47
CertFreeCertificateContext.CRYPT32 ref: 00007FF6AB3A8B5B
CertCloseStore.CRYPT32 ref: 00007FF6AB3A8B77
CryptMsgClose.CRYPT32 ref: 00007FF6AB3A8B91
LocalFree.KERNEL32 ref: 00007FF6AB3A8BA5

Strings

X, xrefs: 00007FF6AB3A878F
, xrefs: 00007FF6AB3A86DE
O, xrefs: 00007FF6AB3A875B
Lenovo, xrefs: 00007FF6AB3A8B02

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Free$Local$CertCloseConcurrency::details::CryptEmptyQueue::StructuredWork$CertificateContextObjectQueryStoreTrustVerify
String ID: $Lenovo$O$X
API String ID: 3625653005-2040236086
Opcode ID: 73e3c60c96b440b56f9ba16100c5626d13325b8ef07d2cfaae9c12ec8b2c4219
Instruction ID: 89cc226de5ce186b6010a4c145e0472238dfc7536a21c37a003845b2124455be
Opcode Fuzzy Hash: 73e3c60c96b440b56f9ba16100c5626d13325b8ef07d2cfaae9c12ec8b2c4219
Instruction Fuzzy Hash: 7ED1C37290DBC186E7708B24F4583ABBBA0F789744F504129D6CD86AA8DFBDD589CF40

Function 00007FF6AB3C0494 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32 ref: 00007FF6AB3C0541
GetLastError.KERNEL32 ref: 00007FF6AB3C054B
FindFirstFileW.KERNEL32 ref: 00007FF6AB3C0562
GetLastError.KERNEL32 ref: 00007FF6AB3C056E
FindClose.KERNEL32 ref: 00007FF6AB3C057C
__std_fs_open_handle.LIBCPMT ref: 00007FF6AB3C060F
CloseHandle.KERNEL32 ref: 00007FF6AB3C0625
CloseHandle.KERNEL32 ref: 00007FF6AB3C0798

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: 0243d35fff3020249423783fbb3c93afdf4c4e116118fb0d7b3d62d4772c2654
Instruction ID: b7165524b420eef5888fed63545073262365aee346b5d4ff58c25c4ece869bc5
Opcode Fuzzy Hash: 0243d35fff3020249423783fbb3c93afdf4c4e116118fb0d7b3d62d4772c2654
Instruction Fuzzy Hash: 9F919835B0AE9286E6744BA5A8146792690EF8E774F144331DABEC77F4DE3CF8098700

Function 00007FF6AB3E0194 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1223COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6AB3E01E7
memcpy_s.LIBCPMT ref: 00007FF6AB3E04C5
memcpy_s.LIBCPMT ref: 00007FF6AB3E086F
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E0A74
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E0C88
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E0EDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E10D6

Strings

1#IND, xrefs: 00007FF6AB3E02DB
1#QNAN, xrefs: 00007FF6AB3E0307
1#SNAN, xrefs: 00007FF6AB3E02FE
1#INF, xrefs: 00007FF6AB3E0317

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 081fc84a3558d8ffeb6d9c7c260e7c7e190c7effca04de5ab63cfbd013efa50a
Instruction ID: d0c5a1d14b2d8dfa786127688a2bb14a74e36519d1978a7137f18ede345ede57
Opcode Fuzzy Hash: 081fc84a3558d8ffeb6d9c7c260e7c7e190c7effca04de5ab63cfbd013efa50a
Instruction Fuzzy Hash: B6B2E572A1AA828BE765CF64D5417FD37E1FB49388F505136DA0A97AA4DF3CAD00CB40

Function 00007FF6AB3A6920 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 58synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3B0A20: _WChar_traits.LIBCPMTD ref: 00007FF6AB3B0A4D

Part of subcall function 00007FF6AB3A68C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A68D3
Part of subcall function 00007FF6AB3A68C0: GetFileAttributesW.KERNEL32 ref: 00007FF6AB3A68DB

ShellExecuteExW.SHELL32 ref: 00007FF6AB3A69D8
WaitForSingleObject.KERNEL32 ref: 00007FF6AB3A69EF
CloseHandle.KERNEL32 ref: 00007FF6AB3A69FD
SetEvent.KERNEL32 ref: 00007FF6AB3A6A0E
SetEvent.KERNEL32 ref: 00007FF6AB3A6A20

Strings

runas, xrefs: 00007FF6AB3A69A4
@, xrefs: 00007FF6AB3A699C
/VERYSILENT, xrefs: 00007FF6AB3A69BC
p, xrefs: 00007FF6AB3A6994
C:\Program Files\Lenovo\Lenovo Go Central\unins000.exe, xrefs: 00007FF6AB3A6944, 00007FF6AB3A69B0

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Event$AttributesChar_traitsCloseConcurrency::details::EmptyExecuteFileHandleObjectQueue::ShellSingleStructuredWaitWork
String ID: /VERYSILENT$@$C:\Program Files\Lenovo\Lenovo Go Central\unins000.exe$p$runas
API String ID: 3271699580-62216219
Opcode ID: 4a1ff8c69e5953f0b0fc98caa20e3fc00cbc39285130dc449924636f2511f159
Instruction ID: c12f107b7780c1071abb8aa5839bda25ba82ee4d17a9a73c233edd2b599fde6c
Opcode Fuzzy Hash: 4a1ff8c69e5953f0b0fc98caa20e3fc00cbc39285130dc449924636f2511f159
Instruction Fuzzy Hash: 9E211E21A0EE8186EB20DB21F85036AB7A4FF89784F404636D68D87679DF7CD509CB40

Function 00007FF6AB3E2228 Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3E1E00: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E1E4F
Part of subcall function 00007FF6AB3E1E00: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E1EC7
Part of subcall function 00007FF6AB3E1E00: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E1F18

CreateFileW.KERNEL32 ref: 00007FF6AB3E233E
CreateFileW.KERNEL32 ref: 00007FF6AB3E239C
GetLastError.KERNEL32 ref: 00007FF6AB3E23CC
GetFileType.KERNEL32 ref: 00007FF6AB3E23E4
GetLastError.KERNEL32 ref: 00007FF6AB3E23EE
CloseHandle.KERNEL32 ref: 00007FF6AB3E2421
CloseHandle.KERNEL32 ref: 00007FF6AB3E2587
CreateFileW.KERNEL32 ref: 00007FF6AB3E25BC
GetLastError.KERNEL32 ref: 00007FF6AB3E25CB

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 4115804a1e25e7c70376fb8e71e1ff36d382ea1b33205e3216e4edb8fdf8d6a7
Instruction ID: 709025826ccbce2aabac7cf1106526feeb8945d82ecfefa5a347cc4e3b3be68d
Opcode Fuzzy Hash: 4115804a1e25e7c70376fb8e71e1ff36d382ea1b33205e3216e4edb8fdf8d6a7
Instruction Fuzzy Hash: 89C1A133B25E4285EB50CF68C8912AC37A1F78AB98B115226DB5E977A4DF38E855C700

Function 00007FF6AB3A7830 Relevance: 12.2, APIs: 8, Instructions: 151serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00007FF6AB3A785D
EnumServicesStatusExW.ADVAPI32 ref: 00007FF6AB3A78DD
GetLastError.KERNEL32 ref: 00007FF6AB3A78E4
CloseServiceHandle.ADVAPI32 ref: 00007FF6AB3A78F6

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CloseEnumErrorHandleLastManagerOpenServiceServicesStatus
String ID:
API String ID: 2025378053-0
Opcode ID: 5e5b08957e855e1e9417cde708c4218e46768f2a7f7ccb6c7fd71262cf9b3df4
Instruction ID: 8836ff6d4ae606827fb7550cddcecc25c9efa98a6874fcebeaabf6efbea5442f
Opcode Fuzzy Hash: 5e5b08957e855e1e9417cde708c4218e46768f2a7f7ccb6c7fd71262cf9b3df4
Instruction Fuzzy Hash: 1081F73260EFC185EB609B10E4907AAB7A4FB89790F104139D6CD87BA9DF7DD489CB40

Function 00007FF6AB3DF2D4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

APIs

TranslateName.LIBCMT ref: 00007FF6AB3DF346

Part of subcall function 00007FF6AB3DD09C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3DD0CF

TranslateName.LIBCMT ref: 00007FF6AB3DF384
GetACP.KERNEL32(?,00000000,?,00000092,?,00007FF6AB3D243A), ref: 00007FF6AB3DF3CE
IsValidCodePage.KERNEL32(?,00000000,?,00000092,?,00007FF6AB3D243A), ref: 00007FF6AB3DF406
GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DF5BD

Strings

utf8, xrefs: 00007FF6AB3DF4E5

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
String ID: utf8
API String ID: 2487361160-905460609
Opcode ID: 790798240de80347087398e635db293d68430c581eae5d7999620a8630e8abae
Instruction ID: ed7319330cf298fe37161e533ae10ae657088b4b48776fa0a62e246088e3f423
Opcode Fuzzy Hash: 790798240de80347087398e635db293d68430c581eae5d7999620a8630e8abae
Instruction Fuzzy Hash: E091AE36A0AA4286EB609F62F4807BE33E5BF49B88F444935DE4C877A5DF3CE5558301

Function 00007FF6AB3C3CD0 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6AB3C3CEC
RtlCaptureContext.KERNEL32 ref: 00007FF6AB3C3D19
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6AB3C3D33
RtlVirtualUnwind.KERNEL32 ref: 00007FF6AB3C3D74
IsDebuggerPresent.KERNEL32 ref: 00007FF6AB3C3DC8
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6AB3C3DE5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6AB3C3DF0

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 50852a6b97b2e6566e9b206ca20e52140b2911aa3e992d7c8e1cb277bf821f1f
Instruction ID: 3bce68a337cbfb2adedddcff8db5a9b4e7a84de2c7298a1e857b5f8758640bfa
Opcode Fuzzy Hash: 50852a6b97b2e6566e9b206ca20e52140b2911aa3e992d7c8e1cb277bf821f1f
Instruction Fuzzy Hash: C7317476A06F8189EB608F64E8903EE77A0FB49744F44403ADA4E87BA5DF7CD548C710

Function 00007FF6AB3DFD34 Relevance: 9.2, APIs: 6, Instructions: 171COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF6AB3D2433), ref: 00007FF6AB3DFE8D
GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF6AB3DFEA6
IsValidCodePage.KERNEL32 ref: 00007FF6AB3DFEE2
IsValidLocale.KERNEL32 ref: 00007FF6AB3DFEF8
GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DFF54
GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DFF70

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
String ID:
API String ID: 3082464267-0
Opcode ID: 6b434ee1e51647b9f70947cbf40b8ff6069f0248f1a19c632a46a6cdbec7ef1d
Instruction ID: fee8a0396b0d887819c571cc50c9d67526b9723e105f7bcb6ea35d148e5a6e06
Opcode Fuzzy Hash: 6b434ee1e51647b9f70947cbf40b8ff6069f0248f1a19c632a46a6cdbec7ef1d
Instruction Fuzzy Hash: FD717962F0AA4289EB119B64E4907BC27E4BF4DB48F44483ACE5D937A5EF3CE845C350

Function 00007FF6AB3C8C58 Relevance: 9.1, APIs: 6, Instructions: 86COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6AB3C8CE3
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6AB3C8CFB
RtlVirtualUnwind.KERNEL32 ref: 00007FF6AB3C8D36
IsDebuggerPresent.KERNEL32 ref: 00007FF6AB3C8D6F
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6AB3C8D79
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6AB3C8D84

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 9201796ebb029ef5253405aa967ae63c12afb5e52d0fec21c1930a418890a044
Instruction ID: 109cad4acd0164f101e57580730d0ec81037365d1c453d418c7e8f7fe06b5745
Opcode Fuzzy Hash: 9201796ebb029ef5253405aa967ae63c12afb5e52d0fec21c1930a418890a044
Instruction Fuzzy Hash: 92419136A09F8186D760CF64E8443AE77A0FB89754F500136EA8D87BA9DF7CD549CB00

Function 00007FF6AB3E6840 Relevance: 9.0, APIs: 6, Instructions: 43encryptionCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32 ref: 00007FF6AB3E6854
LocalFree.KERNEL32 ref: 00007FF6AB3E686D
CertFreeCertificateContext.CRYPT32 ref: 00007FF6AB3E6880
CertCloseStore.CRYPT32 ref: 00007FF6AB3E689B
CryptMsgClose.CRYPT32 ref: 00007FF6AB3E68B4
LocalFree.KERNEL32 ref: 00007FF6AB3E68C7

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Free$Local$CertClose$CertificateContextCryptStore
String ID:
API String ID: 506982671-0
Opcode ID: 89759933fd20cb34aab00286836bba88eb35e95742246ffe91fc6bfb558e4cf0
Instruction ID: 5cf943ba6da26e5404c8cc3a429c0261b136e992cdc6beddc3967a007b404bf8
Opcode Fuzzy Hash: 89759933fd20cb34aab00286836bba88eb35e95742246ffe91fc6bfb558e4cf0
Instruction Fuzzy Hash: 10117E21D19D8189E7659F36D8583BC27A0EB8BB89F146036C50DDA5B4CF78AD89C244

Function 00007FF6AB3DFB3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3DFED5), ref: 00007FF6AB3DFB95
GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3DFED5), ref: 00007FF6AB3DFBC2
GetACP.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3DFED5), ref: 00007FF6AB3DFBD8

Strings

ACP, xrefs: 00007FF6AB3DFB61
OCP, xrefs: 00007FF6AB3DFB71

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 0f321d06b21ff708f611fb88493b35f0ad2be07ce695c634cac436e9a565fabf
Instruction ID: 9428f546c8b2185dc31568e7980a1b6d272b913fb7a4b8c7d8dd264bc1c54c38
Opcode Fuzzy Hash: 0f321d06b21ff708f611fb88493b35f0ad2be07ce695c634cac436e9a565fabf
Instruction Fuzzy Hash: 2F118421B1AA8392F6648B61B89067E77E0FF5C784F044632EA4EC36A4DF7CE841C700

Function 00007FF6AB3BECCC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__vcrt_InitializeCriticalSectionEx.LIBVCRUNTIMED ref: 00007FF6AB3BED24

Part of subcall function 00007FF6AB3BECA0: InitializeCriticalSectionEx.KERNEL32 ref: 00007FF6AB3BECC0

GetLastError.KERNEL32 ref: 00007FF6AB3BED2D
IsDebuggerPresent.KERNEL32 ref: 00007FF6AB3BED45
OutputDebugStringW.KERNEL32 ref: 00007FF6AB3BED56

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF6AB3BED4F

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CriticalInitializeSection$DebugDebuggerErrorLastOutputPresentString__vcrt_
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3055932891-631824599
Opcode ID: 0a7ab05b34f93d01cf30ef06dfbc131da76089fa118c875c07ce56c575cc9dfc
Instruction ID: ee19bff33f6f91c72f1df6610a03c2a8fac7b59594c924a5f3eabc841e8ee1c3
Opcode Fuzzy Hash: 0a7ab05b34f93d01cf30ef06dfbc131da76089fa118c875c07ce56c575cc9dfc
Instruction Fuzzy Hash: CE114C32A16F529AF7149B26DA543B933E4FF48745F40403ACA4D82AA5EFBCE468C700

Function 00007FF6AB3DBD68 Relevance: 6.2, APIs: 4, Instructions: 240fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF6AB3DBEE9
FindNextFileW.KERNEL32 ref: 00007FF6AB3DC01F
FindClose.KERNEL32 ref: 00007FF6AB3DC05F
FindClose.KERNEL32 ref: 00007FF6AB3DC08B

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: f586bc2511dcebc3303791ef9607899cdf91048d6451607d0caf6921461a4ebe
Instruction ID: fe7092cf66464c5e2e5c3a9a53b0c3a7698f629ad08ecc9e207db373d18b0704
Opcode Fuzzy Hash: f586bc2511dcebc3303791ef9607899cdf91048d6451607d0caf6921461a4ebe
Instruction Fuzzy Hash: 51A11422F19E8289FB208B75B4402BD6BE0EB49B94F144935DE8CA7AB9DE3DD4458700

Function 00007FF6AB3C3F1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6AB3C3F48
GetCurrentThreadId.KERNEL32 ref: 00007FF6AB3C3F56
GetCurrentProcessId.KERNEL32 ref: 00007FF6AB3C3F62
QueryPerformanceCounter.KERNEL32 ref: 00007FF6AB3C3F72

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: c27c1ec29e146dc5b793f239d5ac51f622f315c2650aaf700eacaa8cd0af10d5
Instruction ID: 7fe1f44fc45d3a0a2aa999824988d1e644d1e330011ad956375dee961d068206
Opcode Fuzzy Hash: c27c1ec29e146dc5b793f239d5ac51f622f315c2650aaf700eacaa8cd0af10d5
Instruction Fuzzy Hash: 57112A26B16F018AEB00CF60E8542BD33A4FB5E758F441E32EE6D867A4DF78E5588340

Function 00007FF6AB3BF05C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3A219A), ref: 00007FF6AB3BF082
FormatMessageA.KERNEL32 ref: 00007FF6AB3BF0B5

Strings

!x-sys-default-locale, xrefs: 00007FF6AB3BF075

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: f440060f5359b28c8aa4c82af2fb8eb812e021a7a21cb88bb8bb48fa3d202fe7
Instruction ID: 9146a95361dbfe45d5691a4187c882ef54dde2af193e11b283213be2485d1740
Opcode Fuzzy Hash: f440060f5359b28c8aa4c82af2fb8eb812e021a7a21cb88bb8bb48fa3d202fe7
Instruction Fuzzy Hash: C5018476F19F8682EB118B11B45077EA791FB897D4F048036DA4986AA9DF7CD905C700

Function 00007FF6AB3CFFD0 Relevance: 4.8, APIs: 3, Instructions: 333COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6AB3D0036
memcpy_s.LIBCPMT ref: 00007FF6AB3D0061

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 9dda451082425a356c5d6ecdbef5c2fa0a62b87284da3d53c4d1155c83b4633e
Instruction ID: a280eb51e2b8f33b11dedf757cbf6958bb7feff506bc0be61002f22f69fab110
Opcode Fuzzy Hash: 9dda451082425a356c5d6ecdbef5c2fa0a62b87284da3d53c4d1155c83b4633e
Instruction Fuzzy Hash: 33C1D272A1AA8687E724CF29B154A6AB7E1F788B84F408534DB4E93754DF3DE801CB40

Function 00007FF6AB3DF7A0 Relevance: 4.7, APIs: 3, Instructions: 165COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DF80C

Part of subcall function 00007FF6AB3CC9A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CC9C5

GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DF855

Part of subcall function 00007FF6AB3CC9A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CCA1E

GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DF919

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: InfoLocale$_invalid_parameter_noinfo
String ID:
API String ID: 4006003004-0
Opcode ID: a759a6f2f1d7f5e3376b3e19792dff7428ae982f1c0dd8667dbc53a6083b8748
Instruction ID: 9dd9b1b61bb5aab8a7e0d248ae82f2b54e66b26307cbce5e20145b1c4df4fd11
Opcode Fuzzy Hash: a759a6f2f1d7f5e3376b3e19792dff7428ae982f1c0dd8667dbc53a6083b8748
Instruction Fuzzy Hash: 0B617932A0AA429AEB248F21E5913BD73E1FB88748F408535DB9ED36A1DF3CE455C701

Function 00007FF6AB3BC4E0 Relevance: 4.6, APIs: 3, Instructions: 59COMMON

Download Yara Rule

APIs

LoadResource.KERNEL32 ref: 00007FF6AB3BC4FD
LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6AB3BC632), ref: 00007FF6AB3BC51C

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Resource$LoadLock
String ID:
API String ID: 1037334470-0
Opcode ID: dd076884c17e5399440433552542ab2d3392c7877a32960aa8c41ccf7daa4d24
Instruction ID: 4c054f975c4a37d4ed8e0bc668d2f2772b275de312e8c50fa3cc215ac671e79f
Opcode Fuzzy Hash: dd076884c17e5399440433552542ab2d3392c7877a32960aa8c41ccf7daa4d24
Instruction Fuzzy Hash: CD21D832A1DE4586DB70DB16E48062AB7A0F78C794F500636FA8EC2B69DF7CD5948B04

Function 00007FF6AB3C2F88 Relevance: 4.5, APIs: 3, Instructions: 13COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?,?,00000001,00007FF6AB3C3089), ref: 00007FF6AB3C2F93
UnhandledExceptionFilter.KERNEL32(?,?,00000001,00007FF6AB3C3089), ref: 00007FF6AB3C2F9C
GetCurrentProcess.KERNEL32(?,?,00000001,00007FF6AB3C3089), ref: 00007FF6AB3C2FA2

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CurrentProcess
String ID:
API String ID: 1249254920-0
Opcode ID: 99af12c64f95a99f48f50471b5cb7b1a2caf6749358b20bd1c9cdf5a707f42b7
Instruction ID: 0d6848007d144cc34c552574281ed23e16e67e8ecd1bae0480bcd1ff9deac77a
Opcode Fuzzy Hash: 99af12c64f95a99f48f50471b5cb7b1a2caf6749358b20bd1c9cdf5a707f42b7
Instruction Fuzzy Hash: 31D0C965E0AE0786FB181B62AC2513D16A1AB5EF41F051036CA5BA6331DEBC9C868304

Function 00007FF6AB3D646C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF6AB3D2606), ref: 00007FF6AB3D64E5

Strings

GetLocaleInfoEx, xrefs: 00007FF6AB3D649D, 00007FF6AB3D64AB

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 377e15d5a8fc384d2ed470240429d8e56772e48286109bfd2181d0a867a9a504
Instruction ID: cb20d9148a517d1816753a60560df073539b4aceb83753fb5dad5b1f118b2deb
Opcode Fuzzy Hash: 377e15d5a8fc384d2ed470240429d8e56772e48286109bfd2181d0a867a9a504
Instruction Fuzzy Hash: 50019224F0AE5285EA009B16B400069A7E0AF5DBE4F584A36DE3C837FADE3CE9418740

Function 00007FF6AB3D41A0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 00007FF6AB3D42AD
gfff, xrefs: 00007FF6AB3D432A

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: ed0ef86052ded33bbd854113a2f39c03904e168e4a2062e3835c3a98b23f8950
Instruction ID: 55a4182d45ea227c2cfc68736b8bafe019c393e9e2feb1724f619df622fe64ed
Opcode Fuzzy Hash: ed0ef86052ded33bbd854113a2f39c03904e168e4a2062e3835c3a98b23f8950
Instruction Fuzzy Hash: F4517922B19BC556E7248F39B8017696BD1F748B94F488632CB9C87AE1CF3DE4448700

Function 00007FF6AB3CF12C Relevance: 1.9, APIs: 1, Instructions: 373COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF6AB3CF281

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: fd88be04eda778e833608fe199eba5cbc33ad0031f5ec0ee443e7e3f930edb9f
Instruction ID: f42dc64f2c54fa02d9d66dca830ed054940a6a067e6bd3d21af5a838caf2ad55
Opcode Fuzzy Hash: fd88be04eda778e833608fe199eba5cbc33ad0031f5ec0ee443e7e3f930edb9f
Instruction Fuzzy Hash: 2002BB62A0ABD186E711CF3894412FD73A0FB5D748F159236EB9C87662EF38E599C700

Function 00007FF6AB3DD7E0 Relevance: 1.8, APIs: 1, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ada403f308d17fe83d0fa4013d35409a79668cbbb523354a38b3931aeaf200
Instruction ID: 4a8e81846ad6d95522aaa84370d9e964ebe879083a36f23e8f0bf93bcea3b431
Opcode Fuzzy Hash: 12ada403f308d17fe83d0fa4013d35409a79668cbbb523354a38b3931aeaf200
Instruction Fuzzy Hash: DEE16032A05F8186E720DB61E5402EE77A4FB58788F404A32DF8D97B66EF78E245C340

Function 00007FF6AB3DBBE4 Relevance: 1.7, APIs: 1, Instructions: 234COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3D8780: HeapAlloc.KERNEL32(?,?,00000000,00007FF6AB3D38E3), ref: 00007FF6AB3D87D5

Part of subcall function 00007FF6AB3E2894: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E28C7

FindFirstFileExW.KERNEL32 ref: 00007FF6AB3DBEE9

Part of subcall function 00007FF6AB3D3B70: HeapFree.KERNEL32(?,?,00000000,00007FF6AB3DE06E,?,?,?,00007FF6AB3DE3EB,?,?,00000000,00007FF6AB3DE965,?,?,?,00007FF6AB3DE897), ref: 00007FF6AB3D3B86
Part of subcall function 00007FF6AB3D3B70: GetLastError.KERNEL32(?,?,00000000,00007FF6AB3DE06E,?,?,?,00007FF6AB3DE3EB,?,?,00000000,00007FF6AB3DE965,?,?,?,00007FF6AB3DE897), ref: 00007FF6AB3D3B90

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Heap$AllocErrorFileFindFirstFreeLast_invalid_parameter_noinfo
String ID:
API String ID: 2436724071-0
Opcode ID: 20d3f7418b11430acdb0485b319bf588a412ce5c8fba5d19fbe35b3dd67ddd75
Instruction ID: 1baa0c38cb19f2d669f3350a8a3ac3f396ec1019cbc158cf014b9d20f022f400
Opcode Fuzzy Hash: 20d3f7418b11430acdb0485b319bf588a412ce5c8fba5d19fbe35b3dd67ddd75
Instruction Fuzzy Hash: 79810722B0AE8145FB20DF26B4502BE67D1FB497D0F444A35EE9D877A5EE3DE4458700

Function 00007FF6AB3DB250 Relevance: 1.7, APIs: 1, Instructions: 222COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00007FF6AB3DB4A0

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 97c61b12f95af5c4365f12e5850b2239592b298098fdffe11c67818369da841c
Instruction ID: 8ddc2be7d29804a73d0c8f41e0416b7ad934703ca3e616302cfb6250fef8bb29
Opcode Fuzzy Hash: 97c61b12f95af5c4365f12e5850b2239592b298098fdffe11c67818369da841c
Instruction Fuzzy Hash: BDB13A73905B858AE719CF29D44636C77A0F748BA8F048A26DB6E877E4DF39D461C700

Function 00007FF6AB3DF9E4 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 00007FF6AB3DFA4C

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e3574dce622f59e7d5c104d943270d7b977772e1343f2c766e4218c5fea1fda1
Instruction ID: 3caf24fcc400c7ab1b1ff46cdb9ec0cae4f7ac1cef6390e17f0b6be4bc6eb6d7
Opcode Fuzzy Hash: e3574dce622f59e7d5c104d943270d7b977772e1343f2c766e4218c5fea1fda1
Instruction Fuzzy Hash: E7319532B0AA8246EB248B21E4813BE73E1FB8C784F448535DA5DC37A5DF3CE4458B00

Function 00007FF6AB3DF638 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6AB3DFE39,?,00000000,00000092,?,?,00000000,?,00007FF6AB3D2433), ref: 00007FF6AB3DF6D6

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: c29107391be345605e93537e758bb290e056d91b6bdb4411b7a463790b6adfe1
Instruction ID: a492dd4a5acc4461b2f7f18343e8c9271a6cc11147483c06aaf80a20291663a8
Opcode Fuzzy Hash: c29107391be345605e93537e758bb290e056d91b6bdb4411b7a463790b6adfe1
Instruction Fuzzy Hash: 2B110267A09A418AEB118F15E0803AC3BE0FB84BA0F448135D629833E0CE38D5D1C700

Function 00007FF6AB3DFBF0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,00007FF6AB3DF996), ref: 00007FF6AB3DFC2F

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 939c5b5be0cbdeaf47e801c6b814b4612278d28d5b080891b14d177bc8a1270c
Instruction ID: 3df6fa0bd8b5efc67614c3260b1706ff6423500f6849cfbc79f2f221b26b147d
Opcode Fuzzy Hash: 939c5b5be0cbdeaf47e801c6b814b4612278d28d5b080891b14d177bc8a1270c
Instruction Fuzzy Hash: 80112932A18A5286E7609F26F08037D73E1EB88B54F944A36DB6D833D4CF38E891C704

Function 00007FF6AB3DF708 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6AB3DFDF4,?,00000000,00000092,?,?,00000000,?,00007FF6AB3D2433), ref: 00007FF6AB3DF786

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 7f53d1c243c2d73c5e34168c4463e0365cfe6e10d039e1aeca2033bcd6a982a9
Instruction ID: 3cb364a8958af1fc1a4729dd2dc421613c5edbcead29343879f23a2c1da4ee7b
Opcode Fuzzy Hash: 7f53d1c243c2d73c5e34168c4463e0365cfe6e10d039e1aeca2033bcd6a982a9
Instruction Fuzzy Hash: 2401B17AE0AA8186E7504F25F4807FD77E1EB48BE4F458632D668872E4CF7898818700

Function 00007FF6AB3D6050 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6AB3D6430,?,?,?,?,?,?,?,?,00000000,00007FF6AB3DEC68), ref: 00007FF6AB3D6086

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 570a41b1f38b773b23f318824c67c32e6c81b26580e63a9fcba5929c54a9de43
Instruction ID: 0ed3679af0bc5ab33e8bd16b047bee36478e58f6d8f7dc8fe41d016da9c805f1
Opcode Fuzzy Hash: 570a41b1f38b773b23f318824c67c32e6c81b26580e63a9fcba5929c54a9de43
Instruction Fuzzy Hash: F7F0F832A09A4582E7009B55F49076973A1FF9CB84F549035E65D877B9CF3CE9A4CB80

Function 00007FF6AB3D3D08 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF6AB3D4046

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: eb7e007e317f28c51d39c2cab2023f4046dd1e1f42dc13c2eff4319e78601cd5
Instruction ID: 5b8c4b6e5c2f79e82cad772bcb908c4953f6f9f9c627f44752ae302283084f69
Opcode Fuzzy Hash: eb7e007e317f28c51d39c2cab2023f4046dd1e1f42dc13c2eff4319e78601cd5
Instruction Fuzzy Hash: 78A14863A0ABCA46EB21CB29B4007A9B7E4FB58784F058532DE4D877E5DE3DE905C701

Function 00007FF6AB3DAA88 Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6AB3DAB2D

Part of subcall function 00007FF6AB3D8780: HeapAlloc.KERNEL32(?,?,00000000,00007FF6AB3D38E3), ref: 00007FF6AB3D87D5

Part of subcall function 00007FF6AB3D3B70: HeapFree.KERNEL32(?,?,00000000,00007FF6AB3DE06E,?,?,?,00007FF6AB3DE3EB,?,?,00000000,00007FF6AB3DE965,?,?,?,00007FF6AB3DE897), ref: 00007FF6AB3D3B86
Part of subcall function 00007FF6AB3D3B70: GetLastError.KERNEL32(?,?,00000000,00007FF6AB3DE06E,?,?,?,00007FF6AB3DE3EB,?,?,00000000,00007FF6AB3DE965,?,?,?,00007FF6AB3DE897), ref: 00007FF6AB3D3B90

Part of subcall function 00007FF6AB3E2894: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E28C7

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
String ID:
API String ID: 916656526-0
Opcode ID: 1f56263665d03bd1057c31108c2b30024b03e764f7cc10db5c6df51486b8de42
Instruction ID: 1097ae488864804443eb81a71ab467c4f73080adc303ee69cbe0b89717ce3fb1
Opcode Fuzzy Hash: 1f56263665d03bd1057c31108c2b30024b03e764f7cc10db5c6df51486b8de42
Instruction Fuzzy Hash: A241E661B0BA8302FA605B227A1177AA7D17F8D7C0F444A35DF4DC77A5EE3CE4058200

Function 00007FF6AB3DCF10 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF6AB3DCF14

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 25688e42f228e1e2a5e28d8c0bd18fe948d6dbff71afe077ece1ec2173d9c5af
Instruction ID: fbe91835676c0002e2f334d99ae4dde12befcc60d492999a04839c17b7ae40e2
Opcode Fuzzy Hash: 25688e42f228e1e2a5e28d8c0bd18fe948d6dbff71afe077ece1ec2173d9c5af
Instruction Fuzzy Hash: B0B09224E0BA02C2EE086B116C8221822E4BF5C700F884139C40D90330DF3C29A96700

Function 00007FF6AB3CAE04 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f554e0f6912e0b8ec295e054b4be1c9d0606b179e3fddf1f95b4229c68626c
Instruction ID: 5c60594f78f4e646f71942f8ff19d3cf42de4a8631fede2cadc93bacf7a6e52b
Opcode Fuzzy Hash: 67f554e0f6912e0b8ec295e054b4be1c9d0606b179e3fddf1f95b4229c68626c
Instruction Fuzzy Hash: 3D02BC73A0AE6685E7648F6AC44017C37A1FB4EB58B144631CA1D877B8EF39F956C340

Function 00007FF6AB3D2274 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: NameTranslate$CodePageValid_invalid_parameter_noinfo
String ID:
API String ID: 4003095782-0
Opcode ID: 2c60575b9811075ac3bb7d2b812b0694b6773254d3ffa601cd89f13c56f1b5ac
Instruction ID: a632a68f27d57a9a5e0b7b155a8a51d0724f4af540167b6255e519b6fbd10d4d
Opcode Fuzzy Hash: 2c60575b9811075ac3bb7d2b812b0694b6773254d3ffa601cd89f13c56f1b5ac
Instruction Fuzzy Hash: EBC1BA65B0AA8245FBA09B61EC107BA67E1FF98788F408835DE8DC76A5DF3CE545C300

Function 00007FF6AB3DED2C Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d05541bd554ef12b2656785cba14dc609f4458bd09aaf97a50d3079997c817e2
Instruction ID: a94bde3f8e0131ff07ced66917b2f34ecd45c366dad23fa94d930eadd77efa6d
Opcode Fuzzy Hash: d05541bd554ef12b2656785cba14dc609f4458bd09aaf97a50d3079997c817e2
Instruction Fuzzy Hash: A7B10332A0AA5686EB649F20E4017B937E4FF98B48F044A35DA1DD36E9DF3CE5518780

Function 00007FF6AB3CEC18 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 139392308c11aa310c50b6ea6fb55b3019fc2fd05d22a9050cacbb2e468bdf56
Instruction ID: 8a7b4edbaf0e949cbd80eed827ecb4700752a1fae0c1b603911c7edcd79e9a5f
Opcode Fuzzy Hash: 139392308c11aa310c50b6ea6fb55b3019fc2fd05d22a9050cacbb2e468bdf56
Instruction Fuzzy Hash: D381A272A06E6185EB60CF69D48137D27A0FF49BD8F148636EE6E877A5CF38E4458340

Function 00007FF6AB3D4818 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8d4dcefea59f8f4accdb8bac6a399ca748f3099765a0511318fd315e9924a9f
Instruction ID: f6829f5fb25a19b539d789bc54a4ef6e465c2dd717a45047321a162e7a94564c
Opcode Fuzzy Hash: c8d4dcefea59f8f4accdb8bac6a399ca748f3099765a0511318fd315e9924a9f
Instruction Fuzzy Hash: 5F81E472A09B8146EB74CB2AB4803796BD1FB897D4F544635DB9D83BA5DF3DE5008B00

Function 00007FF6AB3E1B80 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4ada090a16be8517ab88117258a1f82fb6a64313d5bd96081db84b7001db16ba
Instruction ID: f7b3e953d9df653c07e391a9eb775cc355590e70262b5f5970fec380457427be
Opcode Fuzzy Hash: 4ada090a16be8517ab88117258a1f82fb6a64313d5bd96081db84b7001db16ba
Instruction Fuzzy Hash: DF610922E0EE9286F7648A29944037E66D1AF5E760F150737DB1EC26F4DE7DEC04A700

Function 00007FF6AB3C9BE4 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3965c9102a359c4935203157fcb7e5826646d640fa7c3e35116d4a095aa0a4ae
Instruction ID: d7422efe210050d97ed222443214be78cc89e6fc04dda40b13f0f38fe69be4de
Opcode Fuzzy Hash: 3965c9102a359c4935203157fcb7e5826646d640fa7c3e35116d4a095aa0a4ae
Instruction Fuzzy Hash: 6151A776A19E61C1E7258B69C04423837A0EB5EF58F258231CE4E977B5CF3AF85AC740

Function 00007FF6AB3C9FFC Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a740b278f940c61530b7cd8f0c955d00a75503dd8d311a7643bf6d4753a0c30
Instruction ID: 93506d6129e73589cf3ce84d0bca231e7719d7695479fe440dac94f018d08640
Opcode Fuzzy Hash: 7a740b278f940c61530b7cd8f0c955d00a75503dd8d311a7643bf6d4753a0c30
Instruction Fuzzy Hash: 8E517676A19EB585E7648B69C05423837A0EB4AB98F245131CA4D977B8CF3AF847C740

Function 00007FF6AB3C9DF0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54d244641ab20f39d7b9030c80d76f6abfeaa2c8815101edcf36f96b32d976f
Instruction ID: 5b0b3dba211dec94b758c48432b09dd8f5d04e580e112e86c10ebbafe39b23a3
Opcode Fuzzy Hash: d54d244641ab20f39d7b9030c80d76f6abfeaa2c8815101edcf36f96b32d976f
Instruction Fuzzy Hash: 55518332A19A6186E7258B69C04023833A0EB5EF58F254235DA4E977E8CF3AF857C740

Function 00007FF6AB3D13CC Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 38843f80ca5d8d1cfa26dbe07dd4ee4500000db6922cab7f2980c0da88c302b9
Instruction ID: 25e36030732b8ba4917e3619f64c469cb26a418899ffe3bf088bfaec612be1ce
Opcode Fuzzy Hash: 38843f80ca5d8d1cfa26dbe07dd4ee4500000db6922cab7f2980c0da88c302b9
Instruction Fuzzy Hash: 7A41D262716E5586EF44CF6AE955569B3A1FB8CFD0B099432EE0DC7B68DE3CD4418300

Function 00007FF6AB3E4770 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 396ade3dfa4cea08812df1cf2dbbbcdca96df3f9aaf9b0eb09379ae8c9d8a255
Instruction ID: b01b4cc690db098447bc6562a8152359f5f13c2bad6ddfa339975e75293667b8
Opcode Fuzzy Hash: 396ade3dfa4cea08812df1cf2dbbbcdca96df3f9aaf9b0eb09379ae8c9d8a255
Instruction Fuzzy Hash: D71165B6E1E5528AFB598F28941233D36D0EB1E380F48813AD45DC6AE4CF3DE4618B00

Function 00007FF6AB3C3EB0 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7d6ff5cae861421814f1023320daa7b45d1edc5c2e755bb37e4fb2993e64df9
Instruction ID: 96af4d8e355e012b5d708eb5ef5a1c77ac2bba3c1b246cf8ef078d6d44cbf462
Opcode Fuzzy Hash: b7d6ff5cae861421814f1023320daa7b45d1edc5c2e755bb37e4fb2993e64df9
Instruction Fuzzy Hash: 11A00226D0EC12D0E7448B54F8601793B72FB5A300B400072E04DC20B19FBDFC04D301

Function 00007FF6AB3A71E0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3B1160: char_traits.LIBCPMTD ref: 00007FF6AB3B118D

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A732F
_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A741B
_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A74BF
_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A7505

Part of subcall function 00007FF6AB3A6FE0: Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF6AB3A7056

Part of subcall function 00007FF6AB3B5800: char_traits.LIBCPMTD ref: 00007FF6AB3B5833

Part of subcall function 00007FF6AB3B5BD0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3B5BF2

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A753F

Strings

LDCC Service Version: , xrefs: 00007FF6AB3A72FB, 00007FF6AB3A73E7
C:\Program Files\Lenovo\LenovoDisplayControlCenterService\Version.txt, xrefs: 00007FF6AB3A723D
C:\Program Files (x86)\Lenovo\LenovoDisplayControlCenterService\ProductCode.txt, xrefs: 00007FF6AB3A71FE
/qn, xrefs: 00007FF6AB3A7472
Remove LDCC Service, xrefs: 00007FF6AB3A74E1
C:\Program Files (x86)\Lenovo\LenovoDisplayControlCenterService\Version.txt, xrefs: 00007FF6AB3A7213
C:\Program Files\Lenovo\LenovoDisplayControlCenterService\ProductCode.txt, xrefs: 00007FF6AB3A7228
msiexec.exe /x , xrefs: 00007FF6AB3A744F
LDCC Service is not installed., xrefs: 00007FF6AB3A751B

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CallFunction0Member$Concurrency::details::char_traits$EmptyProcessorProxyQueue::Root::SchedulerStructuredVirtualWork
String ID: /qn$C:\Program Files (x86)\Lenovo\LenovoDisplayControlCenterService\ProductCode.txt$C:\Program Files (x86)\Lenovo\LenovoDisplayControlCenterService\Version.txt$C:\Program Files\Lenovo\LenovoDisplayControlCenterService\ProductCode.txt$C:\Program Files\Lenovo\LenovoDisplayControlCenterService\Version.txt$LDCC Service Version: $LDCC Service is not installed.$Remove LDCC Service$msiexec.exe /x
API String ID: 785260031-135876923
Opcode ID: 80817dbc5de5e3c2a182a96117ed07343ed8e183a7ee22ede8bc4b0fdcdd049d
Instruction ID: f86c0196a84de7935e0dc272f6ce2688c8d9fe09a4ac506d79fa0c7b0e896303
Opcode Fuzzy Hash: 80817dbc5de5e3c2a182a96117ed07343ed8e183a7ee22ede8bc4b0fdcdd049d
Instruction Fuzzy Hash: DB91DF7291FEC6A1DA21EB54E4912EAA361FFD9740F801432D68DC65BFDE6CD604CB40

Function 00007FF6AB3A6BE0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 122processpipeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3A76C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A7701

Part of subcall function 00007FF6AB3B6180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3B61A2

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6C5B
CreatePipe.KERNEL32 ref: 00007FF6AB3A6C8E
GetStartupInfoW.KERNEL32 ref: 00007FF6AB3A6CD2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A6D1C
CreateProcessW.KERNEL32 ref: 00007FF6AB3A6D68

Strings

h, xrefs: 00007FF6AB3A6CAB
pszCmd_w is , xrefs: 00007FF6AB3A6C27
strRetTmp:, xrefs: 00007FF6AB3A6E16

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Create$CallFunction0InfoMemberPipeProcessStartup
String ID: h$pszCmd_w is $strRetTmp:
API String ID: 4039281183-809689259
Opcode ID: 955b810107339300280e2e255b90c12485c54d119ce8f9b5f02f9f3af4194c30
Instruction ID: 2bfd63d6eaf38b0b386dc69f9955fecffb1b58bda26744922ae48cb0f2abbac7
Opcode Fuzzy Hash: 955b810107339300280e2e255b90c12485c54d119ce8f9b5f02f9f3af4194c30
Instruction Fuzzy Hash: 0C511C3260EEC691EB60DB15F8543EAB7A0FB98784F405035D68D87AA9DF7DD148CB40

Function 00007FF6AB3AC4C0 Relevance: 24.2, APIs: 16, Instructions: 190sleepsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF6AB3AC52B
CloseHandle.KERNEL32 ref: 00007FF6AB3AC543
Sleep.KERNEL32 ref: 00007FF6AB3AC54E
WaitForSingleObject.KERNEL32 ref: 00007FF6AB3AC59D
CloseHandle.KERNEL32 ref: 00007FF6AB3AC5B5
Sleep.KERNEL32 ref: 00007FF6AB3AC5C0
WaitForSingleObject.KERNEL32 ref: 00007FF6AB3AC617
CloseHandle.KERNEL32 ref: 00007FF6AB3AC62F
Sleep.KERNEL32 ref: 00007FF6AB3AC63A
WaitForSingleObject.KERNEL32 ref: 00007FF6AB3AC657
CloseHandle.KERNEL32 ref: 00007FF6AB3AC66F
Sleep.KERNEL32 ref: 00007FF6AB3AC67A

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CloseHandleObjectSingleSleepWait
String ID:
API String ID: 640476663-0
Opcode ID: 8c9a25238e3ca8f5859f7370d11c1f8681b868ed8274167cfbaac1577e8f9078
Instruction ID: 23a40fabbb6cef82f347f22d8ee31027f430784e2060edc436186d7551527db4
Opcode Fuzzy Hash: 8c9a25238e3ca8f5859f7370d11c1f8681b868ed8274167cfbaac1577e8f9078
Instruction Fuzzy Hash: 48A1CA36619FC9C5DA609B26E8903AE77A0FBC9B80F544136DA8D837B9DF3CD4059B40

Function 00007FF6AB3ADC9B Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_norwegian.xml, xrefs: 00007FF6AB3ADCD0
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_norwegian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-881658330
Opcode ID: 2da7649cd62da835304033562b633281a725ed7eaa4f67b566b6a4dcadd37c44
Instruction ID: 0002dbcf2923037315e425e5c3055e6f4c6525d395012a9c32f17e729e2786b5
Opcode Fuzzy Hash: 2da7649cd62da835304033562b633281a725ed7eaa4f67b566b6a4dcadd37c44
Instruction Fuzzy Hash: 3051087250EE8691EA60DB14F4543EBA7A0FB89784F504035E68D87ABADF7DE444CB40

Function 00007FF6AB3ADD1C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_romanian.xml, xrefs: 00007FF6AB3ADD51
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_romanian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2850250308
Opcode ID: 4f2b4f5f18ad3c29f6d7501db9da3cc1a8f0ea014991166e91b63fd9a76a6617
Instruction ID: 39a3057614227b73ab88b9a8c5c5cb8ff5f13a94945e96c9f6419ed132812809
Opcode Fuzzy Hash: 4f2b4f5f18ad3c29f6d7501db9da3cc1a8f0ea014991166e91b63fd9a76a6617
Instruction Fuzzy Hash: 02510A7250EE8691EA60DB14F4903EEB760FB89744F504135E68D87ABADF7DD444CB40

Function 00007FF6AB3ADC1A Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_hebrew.xml, xrefs: 00007FF6AB3ADC4F
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_hebrew.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-332244375
Opcode ID: 8927936a929c4476cc6d307d41d52b20f2f2863876c7a01483a7425efc0aa4b3
Instruction ID: c2df15e83a825216b4bd8626b056e530fc2bbbc4fdad7d64f6089e479896737e
Opcode Fuzzy Hash: 8927936a929c4476cc6d307d41d52b20f2f2863876c7a01483a7425efc0aa4b3
Instruction Fuzzy Hash: 9651087250EE8691EA20DB14F4943EAA7A0FBC9784F500035E68D87ABADF7DD444CB40

Function 00007FF6AB3ADA97 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_dutch.xml, xrefs: 00007FF6AB3ADACC
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_dutch.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-687907287
Opcode ID: 32cda1fec0493654c6e5cad021c11c591ed2d74e73c1eb2a74076afc8559b0f3
Instruction ID: 5b81a6310dc73f65993f7a797991b4e77ab20a275dd315a4942f0758e5cf46e6
Opcode Fuzzy Hash: 32cda1fec0493654c6e5cad021c11c591ed2d74e73c1eb2a74076afc8559b0f3
Instruction Fuzzy Hash: 6051177250EE8691EA60DB15F4503EAB7A0FBC9744F500035E68D87ABADF7DD444CB44

Function 00007FF6AB3ADB18 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_finnish.xml, xrefs: 00007FF6AB3ADB4D
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_finnish.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2112354135
Opcode ID: 2f67a8a2d3644db0d742c70bead6eb6da2530f236a05128898efa9c2fd149972
Instruction ID: 2b7347da1d5a1025f2516c16c164b0dac4ca833ca7310154e900c67983d0828d
Opcode Fuzzy Hash: 2f67a8a2d3644db0d742c70bead6eb6da2530f236a05128898efa9c2fd149972
Instruction Fuzzy Hash: 4951F87250EE8691EA60DB14F4903EEA7A0FB89744F504035E68D87ABADF7DD444CB44

Function 00007FF6AB3AD995 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_croatian.xml, xrefs: 00007FF6AB3AD9CA
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_croatian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-3621819824
Opcode ID: 5c6d3ca8a8f1d2cc52f17dadef3f7ae8bbeb68a2345f6ea5af2ab7704eda43d5
Instruction ID: 8ba27a1b02ee2927618382b444f1a4cd77a80b4c1767ce09bb077f7c6c8f7af3
Opcode Fuzzy Hash: 5c6d3ca8a8f1d2cc52f17dadef3f7ae8bbeb68a2345f6ea5af2ab7704eda43d5
Instruction Fuzzy Hash: D851387251EE8691EA20DB14F4903EEA7A0FBC9744F500039E68D87ABADF7DD444CB40

Function 00007FF6AB3ADA16 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_danish.xml, xrefs: 00007FF6AB3ADA4B
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_danish.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-479939006
Opcode ID: 74bcc371e442f2c5aa18aeacbf0312b340946d21d4292aefbc09159378f6a740
Instruction ID: 5bb07395a6b9d03ad44bc652b5def0ab8c510c18be7d4e453df3002440992b53
Opcode Fuzzy Hash: 74bcc371e442f2c5aa18aeacbf0312b340946d21d4292aefbc09159378f6a740
Instruction Fuzzy Hash: 5E51197250EE8691EA20DB14F4903EAB7A0FBC9744F504035E68D87ABADF7DD544CB44

Function 00007FF6AB3AD083 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_french.xml, xrefs: 00007FF6AB3AD0B8
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_french.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-3591989550
Opcode ID: dd6afe1b7e3460de3d1b2a6b11c2149a62d76daa9a847a732399aa03b457f05a
Instruction ID: b366f4337a294be76135864f14a681c5bcb7de7af73c917e77cce970f312479d
Opcode Fuzzy Hash: dd6afe1b7e3460de3d1b2a6b11c2149a62d76daa9a847a732399aa03b457f05a
Instruction Fuzzy Hash: 94512872A0EE8695EA60DB14F4503EAB7A0FBC9744F500035E68D87ABADF7DD444CB44

Function 00007FF6AB3AD104 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_german.xml, xrefs: 00007FF6AB3AD139
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_german.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-3298172612
Opcode ID: f4c257d4dd38dd4c31a8144f6c507a8fad86438e95b7264794a431393f75848e
Instruction ID: 4ff1075f695a121f542309236ccf499e86297945802b45e1c3e1c618b02fbd42
Opcode Fuzzy Hash: f4c257d4dd38dd4c31a8144f6c507a8fad86438e95b7264794a431393f75848e
Instruction Fuzzy Hash: 9A512872A0EE8695EA60DB14F4503EAB7A0FBC9744F504035E68D87ABADF7DD448CB40

Function 00007FF6AB3AD002 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_tc.xml, xrefs: 00007FF6AB3AD037
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_tc.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-80936130
Opcode ID: 3e903169fafa0e5f5e269924981c7de39bfea78d255037e6a879e403bdd86bc9
Instruction ID: 15fcc25aa0db1e1ce0b5e3192c3a97941cf01db89ee69f82a5395c7b438e8796
Opcode Fuzzy Hash: 3e903169fafa0e5f5e269924981c7de39bfea78d255037e6a879e403bdd86bc9
Instruction Fuzzy Hash: 1351087290EE8691EA60DB14F4503EAB7A0FBC9744F504035E68D87ABADFBDD448CB44

Function 00007FF6AB3ADE9F Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

MainWnd_udcc_slovenian.xml, xrefs: 00007FF6AB3ADED4
./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_slovenian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2063237225
Opcode ID: 133b4a07b4df2110be1cedc816e789e7888daf11799f29e8de8338cb25947c90
Instruction ID: aa17c648e4b8700e74672ed52874442e753d17a73e333341ae1bea642029ceb5
Opcode Fuzzy Hash: 133b4a07b4df2110be1cedc816e789e7888daf11799f29e8de8338cb25947c90
Instruction Fuzzy Hash: CC51297290EE8691EA60DB14F4503EAB7A0FBC9744F504035E68D87ABADF7DD544CB40

Function 00007FF6AB3ACF00 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_en.xml, xrefs: 00007FF6AB3ACF35
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_en.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2218518193
Opcode ID: 5fe1deceadb0418e495cd2fb6b4f034f9d33938dd616b61d9c947096928f67f6
Instruction ID: a791a6d058dae21aa717e39c3642d302c817b5420e42ccc42dacda1b1a529d74
Opcode Fuzzy Hash: 5fe1deceadb0418e495cd2fb6b4f034f9d33938dd616b61d9c947096928f67f6
Instruction Fuzzy Hash: B951197250EE8695EA60EB14F4503EAB7A0FBC9744F504035E68D87ABADF7DD448CB40

Function 00007FF6AB3ADF20 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_swedish.xml, xrefs: 00007FF6AB3ADF55
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_swedish.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2138701411
Opcode ID: 41eaf2f2c299eb9161e4f441b4cc3f77876593a923af315c314ac5f2fe17a042
Instruction ID: b69de655789bfb07c80e90ec2e6d4dc4b30db3cd892d143e81a3b2f97c70ce4c
Opcode Fuzzy Hash: 41eaf2f2c299eb9161e4f441b4cc3f77876593a923af315c314ac5f2fe17a042
Instruction Fuzzy Hash: FA51287250EE8691EA20EB14F4903EAA7A0FBC9384F504035E68D87ABADF7DD444CB44

Function 00007FF6AB3ADE1E Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_slovak.xml, xrefs: 00007FF6AB3ADE53
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_slovak.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2841116059
Opcode ID: 0b93a9baea49d4e086260401f799bfb0d861c887c845d3e3571e63b17f13c5f1
Instruction ID: b814bf9fd9b565b1be6d8593aca4990a4af6efc0ee0f43c0daca339d409731c3
Opcode Fuzzy Hash: 0b93a9baea49d4e086260401f799bfb0d861c887c845d3e3571e63b17f13c5f1
Instruction Fuzzy Hash: 8151187290EE8695EA60DB14F4943EAB7A0FBC9784F500035E68D87ABADF7DD444CB40

Function 00007FF6AB3AD48B Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
MainWnd_udcc_czech.xml, xrefs: 00007FF6AB3AD4C0
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_czech.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2974157260
Opcode ID: fad26069c8300865fc9b797a2166bc2977c72cb21d54f189e19d89cfc303a61e
Instruction ID: e375c591bf4961c5ee2bf7bbce6ff0397d988f20c178384b71550a98919630ab
Opcode Fuzzy Hash: fad26069c8300865fc9b797a2166bc2977c72cb21d54f189e19d89cfc303a61e
Instruction Fuzzy Hash: 6651FA7250EEC691EA60DB14F4503EEA760FB89784F504035E68E87ABADF7DD444CB44

Function 00007FF6AB3AD50C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_hungarian.xml, xrefs: 00007FF6AB3AD541
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_hungarian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2126207973
Opcode ID: 7a6ec10c60919995af5a9b602d34b9d9f9717347aa7e2c4b86dc0b397ddcdca1
Instruction ID: 23435e9e2a9df157181a8159103854ff96dbec70229678a09b97fe5379c024ef
Opcode Fuzzy Hash: 7a6ec10c60919995af5a9b602d34b9d9f9717347aa7e2c4b86dc0b397ddcdca1
Instruction Fuzzy Hash: 8351F87250EE8691EA60DB14F4903EEA7A0FB89744F504035E68E87ABADF7DD444CB44

Function 00007FF6AB3AD389 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_turkish.xml, xrefs: 00007FF6AB3AD3BE
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_turkish.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-4157182173
Opcode ID: cccfb73544da864f94863102c7d19a75ed158d74a519c6f5489e86c1da430834
Instruction ID: 7a6bee9f301043b4d837d7c41b774a3944e2a82c3196548dd2874276cd46f174
Opcode Fuzzy Hash: cccfb73544da864f94863102c7d19a75ed158d74a519c6f5489e86c1da430834
Instruction Fuzzy Hash: BA51087290EE8691EA60EB14F4503EEA7A0FBC9744F500035E68D87ABADF7DE544CB44

Function 00007FF6AB3AD40A Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_polish.xml, xrefs: 00007FF6AB3AD43F
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_polish.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-1802320717
Opcode ID: 63d7a0e5cf4947556ef0ed0a624dc7c725a7f0734524d33732f67def667c5767
Instruction ID: dc956d669bdb92210aeeb72c2e8d88de6bafd82e84ee55dbbaf6c507d78a25f1
Opcode Fuzzy Hash: 63d7a0e5cf4947556ef0ed0a624dc7c725a7f0734524d33732f67def667c5767
Instruction Fuzzy Hash: 5F51097250EE8691EA60DB14F4503EAB7A0FBC9744F504035E68D87ABADF7DE448CB44

Function 00007FF6AB3AD308 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_russian.xml, xrefs: 00007FF6AB3AD33D
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_russian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-1073918690
Opcode ID: 984d87d8f498248ab319d81232abf1ef2e4a6501820178f415f91541baac8b95
Instruction ID: f09e855ce5cbce8226c80ee0b17f5d47f6dcd3e42ff7dc977cb53305604ef207
Opcode Fuzzy Hash: 984d87d8f498248ab319d81232abf1ef2e4a6501820178f415f91541baac8b95
Instruction Fuzzy Hash: B951287250EE8691EA60EB14F4503EEA7A0FB89784F504035E68D87ABADF7DE444CB44

Function 00007FF6AB3AD185 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_italian.xml, xrefs: 00007FF6AB3AD1BA
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_italian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-1098919871
Opcode ID: b6098f23e0edae92304d6584d209592ec69984f011692ebacee66642e2d38caf
Instruction ID: ca262c3531cb0b3c0698b5b7924ad2105eba18970fb548424ca9222b25c02672
Opcode Fuzzy Hash: b6098f23e0edae92304d6584d209592ec69984f011692ebacee66642e2d38caf
Instruction Fuzzy Hash: 8C51F77290EE8691EA60DB14F4903EAB7A0FB89744F504035E68D87ABADF7DD444CB44

Function 00007FF6AB3AD893 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_brazilianPortuguese.xml, xrefs: 00007FF6AB3AD8C8
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_brazilianPortuguese.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2253213911
Opcode ID: 25ae1bcc6cc3cff09a3478648650060d372327995e4f59e198e16a5afcee6fc7
Instruction ID: 412c5ef9d7639e092ad8df925165d1f8af75141aa7b2385f80e723f24487772d
Opcode Fuzzy Hash: 25ae1bcc6cc3cff09a3478648650060d372327995e4f59e198e16a5afcee6fc7
Instruction Fuzzy Hash: 0851297290EE8691EA20DB14F4903EAB7A0FBC9744F500035E68D87ABADF7DE454CB44

Function 00007FF6AB3AD914 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_bulgarian.xml, xrefs: 00007FF6AB3AD949
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_bulgarian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-3314546616
Opcode ID: d2ebdf4f445d974162055c997903b01e704fb3d8555afed90505ed9ec678360a
Instruction ID: 0ab1f09af93e9e3ee15bff9677bc491d4de444243f7f0fe07359c7817033df7d
Opcode Fuzzy Hash: d2ebdf4f445d974162055c997903b01e704fb3d8555afed90505ed9ec678360a
Instruction Fuzzy Hash: FB51087250EE8695EA20DB14F4903EAA7A0FB89784F500039E68D87ABADF7DD454CB44

Function 00007FF6AB3AD791 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
MainWnd_udcc_arabic.xml, xrefs: 00007FF6AB3AD7C6
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_arabic.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-995828579
Opcode ID: ad50631ab1cfbf1c6d66b94604cd0b7df13f779d359cc5a132e95813dbd02142
Instruction ID: 32da3a1cf5392f5a3d8358cdaec484d18ea9d602988de5d3f7c13963a5d22741
Opcode Fuzzy Hash: ad50631ab1cfbf1c6d66b94604cd0b7df13f779d359cc5a132e95813dbd02142
Instruction Fuzzy Hash: 8251087290EE8691EA60DB14F4503EAA7A0FBC9744F504035E68D87ABADFBDE444CB44

Function 00007FF6AB3AD812 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_bahasaIndonesian.xml, xrefs: 00007FF6AB3AD847
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_bahasaIndonesian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-3767025390
Opcode ID: 165c3e13d00dc76f012c7bf774aed24c0bde645a6ce25b186511f5cb5805e807
Instruction ID: 8b55d1c6ccec7418465545cc01e330f990ebbb5b131188667f933b7236a831a1
Opcode Fuzzy Hash: 165c3e13d00dc76f012c7bf774aed24c0bde645a6ce25b186511f5cb5805e807
Instruction Fuzzy Hash: 30510A7250EE8691EA20DB14F4903EAA760FB89744F504035E68D87ABADF7DE544CB40

Function 00007FF6AB3AD710 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
MainWnd_udcc_thai.xml, xrefs: 00007FF6AB3AD745
Settings, xrefs: 00007FF6AB3AE067
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_thai.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-4131042626
Opcode ID: ae31018340c381fc92ac99a3d0c228b37afb60570007cbcc64872f6961ac9c8b
Instruction ID: 07eddfc6f8c6736591f1ce077571b3e0c545ab39cf3a9ae07ddd29b53b31a61b
Opcode Fuzzy Hash: ae31018340c381fc92ac99a3d0c228b37afb60570007cbcc64872f6961ac9c8b
Instruction Fuzzy Hash: 8D51E97250EE8691EA60DB14F4903EAB7A0FBC9744F504035E68D87ABADFBDE444CB44

Function 00007FF6AB3AD58D Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_ukrainian.xml, xrefs: 00007FF6AB3AD5C2
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_ukrainian.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-160117866
Opcode ID: a1d5ced4330fc9bf1631bf5b47dd2b1a800981b21567a82beb066a61290a694d
Instruction ID: e589fc4829c589386edbd32b52ff847ac25b22e22144865d68a41f25d963c597
Opcode Fuzzy Hash: a1d5ced4330fc9bf1631bf5b47dd2b1a800981b21567a82beb066a61290a694d
Instruction Fuzzy Hash: 1F51087250EE8691EA60EB14F4503EAB7A0FBC9744F504035E68D87ABADF7DD444CB84

Function 00007FF6AB3AD60E Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE022
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3AE051
WritePrivateProfileStringW.KERNEL32 ref: 00007FF6AB3AE06E
?Create@CWindowWnd@UiLib@@QEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@@Z.UILIB_D_X64 ref: 00007FF6AB3AE0C7
?ShowModal@CWindowWnd@UiLib@@QEAAIH@Z.UILIB_D_X64 ref: 00007FF6AB3AE0D7
CoUninitialize.OLE32 ref: 00007FF6AB3AE140

Strings

./config.ini, xrefs: 00007FF6AB3AE056
times, xrefs: 00007FF6AB3AE060
Settings, xrefs: 00007FF6AB3AE067
MainWnd_udcc_japanese.xml, xrefs: 00007FF6AB3AD643
UDCCLauncher, xrefs: 00007FF6AB3AE0B9

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyLib@@Queue::StructuredWindowWnd@Work$Create@D__@@Modal@PrivateProfileShowStringU__@@@UninitializeWrite
String ID: ./config.ini$MainWnd_udcc_japanese.xml$Settings$UDCCLauncher$times
API String ID: 2809569842-2409612431
Opcode ID: 16f8138a7054257e698c044725df76a3943d346f0b63130b9b8e59fc8c2c5245
Instruction ID: 7941c9e2cde6ac8dec333df22039a46468336c621a82515cf1bfee01b7b9550d
Opcode Fuzzy Hash: 16f8138a7054257e698c044725df76a3943d346f0b63130b9b8e59fc8c2c5245
Instruction Fuzzy Hash: 5F51077250EE8691EA20DB14F4903EEA7A0FB89744F504035E68D87ABADFBDD448CB40

Function 00007FF6AB3C22DC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3C245C: GetCurrentThreadId.KERNEL32 ref: 00007FF6AB3C24AD
Part of subcall function 00007FF6AB3C245C: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3C230A,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C24CC

std::_Throw_Cpp_error.LIBCPMT ref: 00007FF6AB3C23BD
std::_Throw_Cpp_error.LIBCPMT ref: 00007FF6AB3C23C8
GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C23DD
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C23F0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C2407
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C241E

Strings

kernel32.dll, xrefs: 00007FF6AB3C23D6
GetCurrentPackageId, xrefs: 00007FF6AB3C23E6
GetSystemTimePreciseAsFileTime, xrefs: 00007FF6AB3C23F6
GetTempPath2W, xrefs: 00007FF6AB3C240D

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: AddressProc$Cpp_errorThrow_std::_$AcquireCurrentExclusiveHandleLockModuleThread
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 4117168336-1247241052
Opcode ID: 290356c4fade274d3ac05bf9f68072b3f15a6abdd908788afa63ad05f0699e85
Instruction ID: 40567eb9015ddef303b17660dd74b0130a237d32c67470e2cb2d0630864aa538
Opcode Fuzzy Hash: 290356c4fade274d3ac05bf9f68072b3f15a6abdd908788afa63ad05f0699e85
Instruction Fuzzy Hash: 33313D31A0AE5382EB189B51E8902B873A0FF5D744F548435DA1DC72B6DF7CE959C710

Function 00007FF6AB3C081C Relevance: 16.7, APIs: 11, Instructions: 157COMMON

Download Yara Rule

APIs

__std_fs_open_handle.LIBCPMT ref: 00007FF6AB3C085C

Part of subcall function 00007FF6AB3C07C4: CreateFileW.KERNEL32 ref: 00007FF6AB3C07F7
Part of subcall function 00007FF6AB3C07C4: GetLastError.KERNEL32 ref: 00007FF6AB3C0806

SetFileInformationByHandle.KERNEL32 ref: 00007FF6AB3C0886
__std_fs_open_handle.LIBCPMT ref: 00007FF6AB3C08BE
CloseHandle.KERNEL32 ref: 00007FF6AB3C08D8
GetLastError.KERNEL32 ref: 00007FF6AB3C090C
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF6AB3C0958
GetLastError.KERNEL32 ref: 00007FF6AB3C0966
CloseHandle.KERNEL32 ref: 00007FF6AB3C097C
SetFileInformationByHandle.KERNEL32 ref: 00007FF6AB3C09A8
SetFileInformationByHandle.KERNEL32 ref: 00007FF6AB3C09DC
GetLastError.KERNEL32 ref: 00007FF6AB3C09FE

Part of subcall function 00007FF6AB3CEA88: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6AB3C8B9E,?,?,?,00007FF6AB3C8E5A), ref: 00007FF6AB3CEAAE
Part of subcall function 00007FF6AB3CEA88: InitializeCriticalSectionEx.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB3C8B9E,?,?,?,00007FF6AB3C8E5A), ref: 00007FF6AB3CEAFF

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateCriticalFeatureInitializePresentProcessorSection
String ID:
API String ID: 2317472533-0
Opcode ID: 4c7081464ce52848efc80ed312f284def500704633403ee032cd51ee5b84eb9e
Instruction ID: 15bee7b94f3b5c4cb2648166619ff101b8d497b51c971b397761f16c49856193
Opcode Fuzzy Hash: 4c7081464ce52848efc80ed312f284def500704633403ee032cd51ee5b84eb9e
Instruction Fuzzy Hash: 4B51D735F09AA289F7648BF598102BD2BA0AF4E798F144235CD1ED7AF4CF28F4098740

Function 00007FF6AB3A51A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF6AB3A51E5

Part of subcall function 00007FF6AB3C02A4: AreFileApisANSI.KERNEL32 ref: 00007FF6AB3C02B6

Part of subcall function 00007FF6AB3B04E0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF6AB3B051D

Part of subcall function 00007FF6AB3B5500: List.LIBCMTD ref: 00007FF6AB3B554F
Part of subcall function 00007FF6AB3B5500: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3B55F0

type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3A537F
type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3A53AA
type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3A53C0
type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3A53FF
type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3A5415
Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF6AB3A5425

Strings

: ", xrefs: 00007FF6AB3A538B
", ", xrefs: 00007FF6AB3A53E0

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: type_info::_name_internal_method$ApisConcurrency::details::Concurrency::task_continuation_context::task_continuation_contextEmptyFac_nodeFac_node::_FileListQueue::StructuredWork__std_fs_code_pagestd::_
String ID: ", "$: "
API String ID: 576797101-747220369
Opcode ID: f3cfb5a2bf2835653744bf2a5d6393e54f560511d199c45fd83be80ea3d01ac5
Instruction ID: e777bbee880a67d007565b8da1ea3ebb70d64b2871d103b72400d63a34a76783
Opcode Fuzzy Hash: f3cfb5a2bf2835653744bf2a5d6393e54f560511d199c45fd83be80ea3d01ac5
Instruction Fuzzy Hash: 2B710C3261EEC591DA30DB11E4913EEA360FBD8784F804536E68E87AAADE7CD545CB40

Function 00007FF6AB3A2A20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3A2A3F
_Yarn.LIBCPMTD ref: 00007FF6AB3A2A51
_Yarn.LIBCPMTD ref: 00007FF6AB3A2A63
_Yarn.LIBCPMTD ref: 00007FF6AB3A2A75
_Yarn.LIBCPMTD ref: 00007FF6AB3A2A87
_Yarn.LIBCPMTD ref: 00007FF6AB3A2A99
_Yarn.LIBCPMTD ref: 00007FF6AB3A2AAB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6AB3A2AC3

Part of subcall function 00007FF6AB3BF830: _Yarn.LIBCPMT ref: 00007FF6AB3BF85E

Strings

bad locale name, xrefs: 00007FF6AB3A2ACB

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3904239083-1405518554
Opcode ID: 3077774a66315a121e3bdaa4f17f5f0d1097cc469971f94bd3bfff91d2030fd5
Instruction ID: 98ed1cd2da27541c51109b90849140596d81ca8d12a96e26c1190fdbdd5322f3
Opcode Fuzzy Hash: 3077774a66315a121e3bdaa4f17f5f0d1097cc469971f94bd3bfff91d2030fd5
Instruction Fuzzy Hash: 6C114C22E0EF4682DE04E76AE48126E6360FF8B784F509435EA8C9777BCE3DD4118B04

Function 00007FF6AB3A6E80 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3B1160: char_traits.LIBCPMTD ref: 00007FF6AB3B118D

Part of subcall function 00007FF6AB3A6BE0: _CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6C5B
Part of subcall function 00007FF6AB3A6BE0: CreatePipe.KERNEL32 ref: 00007FF6AB3A6C8E

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6F24

Part of subcall function 00007FF6AB3A6BE0: GetStartupInfoW.KERNEL32 ref: 00007FF6AB3A6CD2
Part of subcall function 00007FF6AB3A6BE0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A6D1C
Part of subcall function 00007FF6AB3A6BE0: CreateProcessW.KERNEL32 ref: 00007FF6AB3A6D68

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6F83
_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6FAF

Part of subcall function 00007FF6AB3B5800: char_traits.LIBCPMTD ref: 00007FF6AB3B5833

Part of subcall function 00007FF6AB3B5BD0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3B5BF2

Strings

LDCC UWP Version: , xrefs: 00007FF6AB3A6EF3
Remove LDCC UWP APP, xrefs: 00007FF6AB3A6F5F
powershell -Command "Get-AppxPackage -AllUsers *lenovodisplaycontrolcenter* | Remove-AppxPackage", xrefs: 00007FF6AB3A6F2A
powershell.exe -Command "Get-AppxPackage -AllUsers *lenovodisplaycontrolcenter*", xrefs: 00007FF6AB3A6EA9
LDCC UWP is not installed., xrefs: 00007FF6AB3A6F8B

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CallFunction0Member$Concurrency::details::CreateEmptyQueue::StructuredWorkchar_traits$InfoPipeProcessStartup
String ID: LDCC UWP Version: $LDCC UWP is not installed.$Remove LDCC UWP APP$powershell -Command "Get-AppxPackage -AllUsers *lenovodisplaycontrolcenter* | Remove-AppxPackage"$powershell.exe -Command "Get-AppxPackage -AllUsers *lenovodisplaycontrolcenter*"
API String ID: 2639459593-4175179203
Opcode ID: 2f08a912a2757e5ba57677ee074e2b2a143fb78d9fba2571e2f5d37b4d16309a
Instruction ID: a3f8d5f51086e37293b1c0076c76a50ada4b02e4b9f16ddf9c14f34544d8798a
Opcode Fuzzy Hash: 2f08a912a2757e5ba57677ee074e2b2a143fb78d9fba2571e2f5d37b4d16309a
Instruction Fuzzy Hash: 17315322A1FE4691EA10EB64E4511FA7361FFD9380F905432E14EC66BFDE6CE549CB00

Function 00007FF6AB3C5DE8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6AB3C5E45

Part of subcall function 00007FF6AB3C81A8: __GetUnwindTryBlock.LIBCMT ref: 00007FF6AB3C81EB
Part of subcall function 00007FF6AB3C81A8: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6AB3C8210

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6AB3C5F1D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6AB3C616B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6AB3C6278

Strings

csm, xrefs: 00007FF6AB3C5EC6
csm, xrefs: 00007FF6AB3C5E5F
csm, xrefs: 00007FF6AB3C5F40

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 8fb22ba76ce998ac4528e882a90a161bbd74b283f971349d1cb8bd7b92543dce
Instruction ID: 10aa84f1d134092c674019dc7010bb36bee90c831f0a1491172218ff9ed58003
Opcode Fuzzy Hash: 8fb22ba76ce998ac4528e882a90a161bbd74b283f971349d1cb8bd7b92543dce
Instruction Fuzzy Hash: B0D17132A0AB6186EB20DFA5D4453AD77A0FB9A788F100135EE8D97766CF38F159C700

Function 00007FF6AB3A6A50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3B1160: char_traits.LIBCPMTD ref: 00007FF6AB3B118D

Part of subcall function 00007FF6AB3A6BE0: _CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6C5B
Part of subcall function 00007FF6AB3A6BE0: CreatePipe.KERNEL32 ref: 00007FF6AB3A6C8E

Part of subcall function 00007FF6AB3B5800: char_traits.LIBCPMTD ref: 00007FF6AB3B5833

Part of subcall function 00007FF6AB3B5BD0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3B5BF2

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6AED

Part of subcall function 00007FF6AB3A6BE0: GetStartupInfoW.KERNEL32 ref: 00007FF6AB3A6CD2
Part of subcall function 00007FF6AB3A6BE0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A6D1C
Part of subcall function 00007FF6AB3A6BE0: CreateProcessW.KERNEL32 ref: 00007FF6AB3A6D68

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6B63

Part of subcall function 00007FF6AB3A6E80: _CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6F24
Part of subcall function 00007FF6AB3A6E80: _CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A6F83

Part of subcall function 00007FF6AB3A71E0: _CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A732F

Part of subcall function 00007FF6AB3A75B0: _CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A7638

SetEvent.KERNEL32 ref: 00007FF6AB3A6B97

Strings

powershell -Command "Get-ExecutionPolicy -List", xrefs: 00007FF6AB3A6AFD
powershell -Command "$PSVersionTable.PSVersion", xrefs: 00007FF6AB3A6A81
PSVersion: , xrefs: 00007FF6AB3A6AB9
Execution Policy List: , xrefs: 00007FF6AB3A6B32

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CallFunction0Member$Concurrency::details::CreateEmptyQueue::StructuredWorkchar_traits$EventInfoPipeProcessStartup
String ID: Execution Policy List: $PSVersion: $powershell -Command "$PSVersionTable.PSVersion"$powershell -Command "Get-ExecutionPolicy -List"
API String ID: 798813028-3602511341
Opcode ID: 3237b29417117c5639a9cbf13e929dd646cb20857c8e68c24050c74ccf58f22e
Instruction ID: 1229eb3ed71f2602b14589e020b5fe4ac0dd6f211191db51fa48e010f48e04ec
Opcode Fuzzy Hash: 3237b29417117c5639a9cbf13e929dd646cb20857c8e68c24050c74ccf58f22e
Instruction Fuzzy Hash: FF31122191FE8691EA10EB64E4512EA6761FFD9780F805432E54EC667FDE6CD548CB00

Function 00007FF6AB3CCB2C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CCB70
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CCF57
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CD20A

Strings

p, xrefs: 00007FF6AB3CCC9A
p, xrefs: 00007FF6AB3CCC22
f, xrefs: 00007FF6AB3CCC92

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: fb2a3990c46cd81fc7b89ff79206587a13ad3cbb6262805d28b465c851b5d5dd
Instruction ID: e3dc03d07c9bd10ad82893f042f3e4ba9b174a8066868a1d7cd88947b8866435
Opcode Fuzzy Hash: fb2a3990c46cd81fc7b89ff79206587a13ad3cbb6262805d28b465c851b5d5dd
Instruction Fuzzy Hash: 0D120771E0E96385FB60AA94E05427A76A1FB4A750FC44135F68AC76E4CF3CF9A8C740

Function 00007FF6AB3C9478 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 476COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3C94B8
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3C9873
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3C9B26

Strings

p, xrefs: 00007FF6AB3C95B6
f, xrefs: 00007FF6AB3C95AE
p, xrefs: 00007FF6AB3C953E

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: d2f7f06ce4c93b97ef8bb0054da655adfd81e664c986fff9f441b51942e7df2a
Instruction ID: 15c6ed90e87d3087262a98d1fef8d78df35bbc3f8ac6b353bfe6274853a9f683
Opcode Fuzzy Hash: d2f7f06ce4c93b97ef8bb0054da655adfd81e664c986fff9f441b51942e7df2a
Instruction Fuzzy Hash: 7B120A32E0EA6386FB265E95D0442797651FB4A750F864331E68F876E8DF3CF5888B04

Function 00007FF6AB3D97AC Relevance: 10.8, APIs: 7, Instructions: 293COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3D9BEB

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: fec08c59596e873c6b4a981920f2d092e54c3ba207771a1717d580a6e33624a7
Instruction ID: ad404e7f1daf9e8ee1169e4e7342fba2f171e2dc84c5ecfac5ed6f1a90a47524
Opcode Fuzzy Hash: fec08c59596e873c6b4a981920f2d092e54c3ba207771a1717d580a6e33624a7
Instruction Fuzzy Hash: C8C1E622A0EF8681E7519B55A4402BD3BD4FB89B80F564736DA4F833B5EE7DE849C300

Function 00007FF6AB3C16C8 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMTD ref: 00007FF6AB3C16E0
std::make_error_code.LIBCPMTD ref: 00007FF6AB3C175C
std::ios_base::failure::failure.LIBCPMTD ref: 00007FF6AB3C176C

Strings

ios_base::failbit set, xrefs: 00007FF6AB3C1740
ios_base::badbit set, xrefs: 00007FF6AB3C1735
ios_base::eofbit set, xrefs: 00007FF6AB3C1747

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Initstd::ios_base::_std::ios_base::failure::failurestd::make_error_code
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2771065935-1866435925
Opcode ID: dd2f8ca8864c826be9694ee155baf208927d5a94b9c1af65f66dc79823f1dc5f
Instruction ID: 53f4e5cb05429ef82faf535eb91fc7f02f317e28fb7fc57cd3026df287e84e9f
Opcode Fuzzy Hash: dd2f8ca8864c826be9694ee155baf208927d5a94b9c1af65f66dc79823f1dc5f
Instruction Fuzzy Hash: B0619F3660AF9699EB10CF65D4802ED33A0FB49B88F944032EB4D87765DF39E959E300

Function 00007FF6AB3C870C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6AB3C89BE,?,?,?,00007FF6AB3C86B0,?,?,?,00007FF6AB3C5299), ref: 00007FF6AB3C8791
GetLastError.KERNEL32(?,?,?,00007FF6AB3C89BE,?,?,?,00007FF6AB3C86B0,?,?,?,00007FF6AB3C5299), ref: 00007FF6AB3C879F
LoadLibraryExW.KERNEL32(?,?,?,00007FF6AB3C89BE,?,?,?,00007FF6AB3C86B0,?,?,?,00007FF6AB3C5299), ref: 00007FF6AB3C87C9
FreeLibrary.KERNEL32(?,?,?,00007FF6AB3C89BE,?,?,?,00007FF6AB3C86B0,?,?,?,00007FF6AB3C5299), ref: 00007FF6AB3C8837
GetProcAddress.KERNEL32(?,?,?,00007FF6AB3C89BE,?,?,?,00007FF6AB3C86B0,?,?,?,00007FF6AB3C5299), ref: 00007FF6AB3C8843

Strings

api-ms-, xrefs: 00007FF6AB3C87B1

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b0eb712953d9d5456ca077c4c1bbfd193a4519428187a4db43483e35eccf186c
Instruction ID: aa4d8a79a9b4a6b5db85b35c750d0a20f3c0838c107fb06bcaa9f97b186dece0
Opcode Fuzzy Hash: b0eb712953d9d5456ca077c4c1bbfd193a4519428187a4db43483e35eccf186c
Instruction Fuzzy Hash: F431E335A1BF5285EE91DB52A8001B927D4BF4EBA0F590535DD1D8B7A0EF7CF5488700

Function 00007FF6AB3E4114 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6AB3E4145
GetLastError.KERNEL32 ref: 00007FF6AB3E4151
CloseHandle.KERNEL32 ref: 00007FF6AB3E4169
CreateFileW.KERNEL32 ref: 00007FF6AB3E4194
WriteConsoleW.KERNEL32 ref: 00007FF6AB3E41B3

Strings

CONOUT$, xrefs: 00007FF6AB3E4175

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 7d388262bc301135bddfc6474869ac66f9305d08638ab800356fb5d55b430d38
Instruction ID: ddab0d2d20b0594b15cde4d374fce118daa5a37013e0c8c069424089d4c3bd94
Opcode Fuzzy Hash: 7d388262bc301135bddfc6474869ac66f9305d08638ab800356fb5d55b430d38
Instruction Fuzzy Hash: 62119022B19E8186E7508B62E84432D66E0FB8DBE4F044235FE5DCBBA4CF7CD8058740

Function 00007FF6AB3C2634 Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF6AB3C26A4
MultiByteToWideChar.KERNEL32 ref: 00007FF6AB3C2742
LCMapStringEx.KERNEL32 ref: 00007FF6AB3C27AB
LCMapStringEx.KERNEL32 ref: 00007FF6AB3C27FD
LCMapStringEx.KERNEL32 ref: 00007FF6AB3C28A2
WideCharToMultiByte.KERNEL32 ref: 00007FF6AB3C28FC

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: a040fa65b2947f44a4f8396509b0de38b1fb776eee9d0df412b10d9407b56586
Instruction ID: b0938ec1eb7c11b8522cddd3cc8813adcd03c921ef3ae6552b2e88c585406cb3
Opcode Fuzzy Hash: a040fa65b2947f44a4f8396509b0de38b1fb776eee9d0df412b10d9407b56586
Instruction Fuzzy Hash: F281A132A0AB5186EB208F65A84027973D5FF4A7A4F144231EA5D87BE9DF7CF5098700

Function 00007FF6AB3A4700 Relevance: 9.1, APIs: 6, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94fc2bc93f24a1f8851b2ea89239ced50de31330126d15c40ffb79fa4ec6e1da
Instruction ID: 2b5fb6df07b1c5778857f2e1d283d9583d18a6e06f66c63b60b0010e250f5c5d
Opcode Fuzzy Hash: 94fc2bc93f24a1f8851b2ea89239ced50de31330126d15c40ffb79fa4ec6e1da
Instruction Fuzzy Hash: BF512711B2BE9291EE948B1AF485139A354FBC8B45F54103AF98FCB7F5DE2EE4419700

Function 00007FF6AB3A4B70 Relevance: 9.1, APIs: 6, Instructions: 122COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3A4E90: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A4EA1
Part of subcall function 00007FF6AB3A4E90: std::_Is_slash_oper::operator.LIBCPMTD ref: 00007FF6AB3A4F0E

task.LIBCPMTD ref: 00007FF6AB3A4BA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A4BB7
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A4BEA
task.LIBCPMTD ref: 00007FF6AB3A4C73

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$task$Is_slash_oper::operatorstd::_
String ID:
API String ID: 486407804-0
Opcode ID: 9f3e8c8319317b361e525b2d242aa278115c0439fc4a1f9e2ad474fd86665c5c
Instruction ID: 7bb10e0ac4a1120be1bec737f2d876b28b4284239a5bb7d0884082fd4d1aacf9
Opcode Fuzzy Hash: 9f3e8c8319317b361e525b2d242aa278115c0439fc4a1f9e2ad474fd86665c5c
Instruction Fuzzy Hash: 2F51DF2261EF8595DE60DB16E49026EA3A0FBC9B84F504135EACEC7B7ADF3DD4448B00

Function 00007FF6AB3C245C Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6AB3C24AD
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3C230A,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C24CC
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3C230A,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C24EE
sys_get_time.LIBCPMT ref: 00007FF6AB3C2509
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3C230A,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C252F
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3C230A,?,?,?,00007FF6AB3BB6D4), ref: 00007FF6AB3C2547

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
String ID:
API String ID: 184115430-0
Opcode ID: ee2e72156268aa4516f81ef6fa58baf6c833b98d46d48779b7bd449e3586942f
Instruction ID: 59cef9ec20599a8225c98c1a33d5818d9838066df964b573420d9150c378f7bb
Opcode Fuzzy Hash: ee2e72156268aa4516f81ef6fa58baf6c833b98d46d48779b7bd449e3586942f
Instruction Fuzzy Hash: 4D415132D1AE52C6EB649F55D85023AB3A0FB4AB44F448431DA4DC26A8DF7DFC99C700

Function 00007FF6AB3C62B8 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6AB3C6456
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6AB3C677F

Strings

csm, xrefs: 00007FF6AB3C63FF
csm, xrefs: 00007FF6AB3C639D
csm, xrefs: 00007FF6AB3C647D

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 950fc5a15d553be7e5116368ae38b1179714a2a4cc450fdac48a2783781e7846
Instruction ID: b1ac353596d0687d86d548a9a23eb254bd969ccc47977a34bf6a190ebff26376
Opcode Fuzzy Hash: 950fc5a15d553be7e5116368ae38b1179714a2a4cc450fdac48a2783781e7846
Instruction Fuzzy Hash: 56E1B17290ABA28AE7209FB5D4413BD37A0FB4A748F150135EE8D97666DF38F589C700

Function 00007FF6AB3D389C Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6AB3D38AB
SetLastError.KERNEL32 ref: 00007FF6AB3D38CA
FlsSetValue.KERNEL32 ref: 00007FF6AB3D38F3
FlsSetValue.KERNEL32 ref: 00007FF6AB3D3904
FlsSetValue.KERNEL32 ref: 00007FF6AB3D3915

Part of subcall function 00007FF6AB3D3B70: HeapFree.KERNEL32(?,?,00000000,00007FF6AB3DE06E,?,?,?,00007FF6AB3DE3EB,?,?,00000000,00007FF6AB3DE965,?,?,?,00007FF6AB3DE897), ref: 00007FF6AB3D3B86
Part of subcall function 00007FF6AB3D3B70: GetLastError.KERNEL32(?,?,00000000,00007FF6AB3DE06E,?,?,?,00007FF6AB3DE3EB,?,?,00000000,00007FF6AB3DE965,?,?,?,00007FF6AB3DE897), ref: 00007FF6AB3D3B90

SetLastError.KERNEL32 ref: 00007FF6AB3D3938

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ErrorLast$Value$FreeHeap
String ID:
API String ID: 365477584-0
Opcode ID: 78d0f1047973a42fc2b2c55d10637fd240f46321e6e202527402109be063a6fa
Instruction ID: 79eac2f671106f186d56cc4ee0cf8e0ebfeda975180a4080892fb144afdea8e2
Opcode Fuzzy Hash: 78d0f1047973a42fc2b2c55d10637fd240f46321e6e202527402109be063a6fa
Instruction Fuzzy Hash: FF11EC25E0EE4241FA54A731745127D17D1BF8C790F044A75E96EC63E6DD3CB8018200

Function 00007FF6AB3A75B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3B1160: char_traits.LIBCPMTD ref: 00007FF6AB3B118D

_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A7638
_CallMemberFunction0.LIBCPMTD ref: 00007FF6AB3A768D

Part of subcall function 00007FF6AB3B5800: char_traits.LIBCPMTD ref: 00007FF6AB3B5833

Strings

Remove LDCC Cache files, xrefs: 00007FF6AB3A7614
C:\ProgramData\Lenovo\LenovoDisplayControlCenterService, xrefs: 00007FF6AB3A75CE
LDCC cache files do not exist., xrefs: 00007FF6AB3A7669

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CallFunction0Memberchar_traits
String ID: C:\ProgramData\Lenovo\LenovoDisplayControlCenterService$LDCC cache files do not exist.$Remove LDCC Cache files
API String ID: 3565595364-1089630483
Opcode ID: fa588c70cde84871c98a54286a334545bda50f01726ad4493bb794a2e6144d8f
Instruction ID: 2ab9b3cb9758d2705a258699c8614060107018b501d6b8e339f883b87b5288fa
Opcode Fuzzy Hash: fa588c70cde84871c98a54286a334545bda50f01726ad4493bb794a2e6144d8f
Instruction Fuzzy Hash: D4217622A1FD4691EA10EB24E4516BAA750FFD9380F905036E58DC667FDE2CE549CF00

Function 00007FF6AB3A3EC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00007FF6AB3A3F78
std::ios_base::failure::failure.LIBCPMTD ref: 00007FF6AB3A3F8A

Part of subcall function 00007FF6AB3C51C0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AB3C3CB3), ref: 00007FF6AB3C5210
Part of subcall function 00007FF6AB3C51C0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AB3C3CB3), ref: 00007FF6AB3C5251

Strings

ios_base::failbit set, xrefs: 00007FF6AB3A3F54
ios_base::badbit set, xrefs: 00007FF6AB3A3F3B
ios_base::eofbit set, xrefs: 00007FF6AB3A3F62

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ExceptionFileHeaderRaisestd::ios_base::failure::failurestd::make_error_code
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1846417002-1866435925
Opcode ID: b46c25a51dd4ff2db4ac33991512eed68698d62f888c9ff32201b3a928f10ef4
Instruction ID: 668f588a2814737d304263d375b4aef394703eede11a57ecb0ce08830c66a075
Opcode Fuzzy Hash: b46c25a51dd4ff2db4ac33991512eed68698d62f888c9ff32201b3a928f10ef4
Instruction Fuzzy Hash: E4213032A1EB819ADB64CB24E44126AB7A0FB8C740F544079E68DC7769DF2DD554CF00

Function 00007FF6AB3D0C84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6AB3D0CA9
GetProcAddress.KERNEL32 ref: 00007FF6AB3D0CBF
FreeLibrary.KERNEL32 ref: 00007FF6AB3D0CDB

Strings

mscoree.dll, xrefs: 00007FF6AB3D0CA0
CorExitProcess, xrefs: 00007FF6AB3D0CB8

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: ab6a566fc8640170458d40731176ba18b21c887684ba9082865627036fed4627
Instruction ID: 5de7c559a5a2e99fca86217337dd54af79fd4bc84e324d0104ee01fa51845705
Opcode Fuzzy Hash: ab6a566fc8640170458d40731176ba18b21c887684ba9082865627036fed4627
Instruction Fuzzy Hash: 08F09061A1AF0281EB108B24E45137D53A0AF8E760F94073ACA6E8A6F4CF7CD845C710

Function 00007FF6AB3C56B8 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF6AB3C57DB
__AdjustPointer.LIBCMT ref: 00007FF6AB3C5826

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8001efa162f44e23e063224b615faa9f9db51a720a9c16a123c1dc4c3188e51e
Instruction ID: e6b875cb68685e43a64c3b33e9e106828c07fe7d2bf736b521c669c37749c3c5
Opcode Fuzzy Hash: 8001efa162f44e23e063224b615faa9f9db51a720a9c16a123c1dc4c3188e51e
Instruction Fuzzy Hash: BEB1D532A0BF7281EA65DB9594822396390EF4EBC6F1A4436DE4D877A5DF3CF4498340

Function 00007FF6AB3AEE60 Relevance: 7.7, APIs: 5, Instructions: 172COMMON

Download Yara Rule

APIs

_Fgetc.LIBCPMTD ref: 00007FF6AB3AEF23

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Fgetc
String ID:
API String ID: 1720979605-0
Opcode ID: 1441335f3588a6324478d2d0405518b3f19c76ab6bb91d97f6d6cad6ea987c37
Instruction ID: 4c7e2201beffc60e81c3cab471cbcf90b4c1b2534773b56203c80c5165e21798
Opcode Fuzzy Hash: 1441335f3588a6324478d2d0405518b3f19c76ab6bb91d97f6d6cad6ea987c37
Instruction Fuzzy Hash: BA91CA22A0EED285DA70DB55E4913BFB7A4FB89740F504536E68DC6BAADF3CD4048B40

Function 00007FF6AB3C2AF0 Relevance: 7.6, APIs: 5, Instructions: 137COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AB3BD9F1), ref: 00007FF6AB3C2B77
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AB3BD9F1), ref: 00007FF6AB3C2BF9
#2.OLEAUT32(?,?,?,?,?,?,?,?,?,00007FF6AB3BD9F1), ref: 00007FF6AB3C2C06

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: f6e3948fbdf611f447493460584ae45858b444bd25ce391646ccb1f7e1b8c154
Instruction ID: 001905fea6193a38a07b4a2b5eb0a9dd7eb62735c6996d1cf6b76679bf84c1b2
Opcode Fuzzy Hash: f6e3948fbdf611f447493460584ae45858b444bd25ce391646ccb1f7e1b8c154
Instruction Fuzzy Hash: 4141E021A0AF5689EB149FA198003B92290EF4EBA4F148635EA2DC77F5DF3CF0458300

Function 00007FF6AB3C0A40 Relevance: 7.6, APIs: 5, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3C0A55
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3C0A7A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3C0AA4
std::_Facet_Register.LIBCPMT ref: 00007FF6AB3C0B1B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3C0B3C

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 70f0dd5d9fe7a1f02dbe14a1c4b460a5375c96fe40bfa02e3bf478d2782376c9
Instruction ID: e293229760a2f23881e949a6f79e73a58aa7edb64b489a934d1f14bbe217add3
Opcode Fuzzy Hash: 70f0dd5d9fe7a1f02dbe14a1c4b460a5375c96fe40bfa02e3bf478d2782376c9
Instruction Fuzzy Hash: BB31CF26A4AF9690EA05DB55D44017A6361EF6DBA4F180232DE1DC73BADE7CF4068300

Function 00007FF6AB3CE8E8 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3CE913
CreateThread.KERNEL32 ref: 00007FF6AB3CE958
GetLastError.KERNEL32 ref: 00007FF6AB3CE966
CloseHandle.KERNEL32 ref: 00007FF6AB3CE97C
FreeLibrary.KERNEL32 ref: 00007FF6AB3CE98B

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
String ID:
API String ID: 2067211477-0
Opcode ID: 579db4ba073689b5e9aec6663ab82ae248a9a0d3422aca451354421eb1dcdff9
Instruction ID: 96d2a9e5d20717ea3c7c196ee93c6af6824404773427eaf48e263994cb5821e0
Opcode Fuzzy Hash: 579db4ba073689b5e9aec6663ab82ae248a9a0d3422aca451354421eb1dcdff9
Instruction Fuzzy Hash: 92211D36A0AF6286EA95DFA6A410179B7A0BF8EB80F044535EE8D87765DE7CF4048700

Function 00007FF6AB3BE020 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

??0CWindowWnd@UiLib@@QEAA@XZ.UILIB_D_X64(?,?,?,?,00007FF6AB3A2698), ref: 00007FF6AB3BE02E

Part of subcall function 00007FF6AB3BDF00: ??0CStdStringPtrMap@UiLib@@QEAA@H@Z.UILIB_D_X64(?,?,?,?,?,?,00007FF6AB3BE045,?,?,?,?,00007FF6AB3A2698), ref: 00007FF6AB3BDF30

DNameNode::DNameNode.LIBCMTD ref: 00007FF6AB3BE052
DNameNode::DNameNode.LIBCMTD ref: 00007FF6AB3BE063
DNameNode::DNameNode.LIBCMTD ref: 00007FF6AB3BE074
??0CPaintManagerUI@UiLib@@QEAA@XZ.UILIB_D_X64(?,?,?,?,00007FF6AB3A2698), ref: 00007FF6AB3BE0D4

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Name$Lib@@NodeNode::$ManagerMap@PaintStringWindowWnd@
String ID:
API String ID: 4040969629-0
Opcode ID: 9a077f807c67eccd2464d413b57a53971954f49c6be2cc14f896c1f43dc3d438
Instruction ID: 10bfca91bc77763122906d544f5d90393b0adeeeff292955f732a5fcc245e30f
Opcode Fuzzy Hash: 9a077f807c67eccd2464d413b57a53971954f49c6be2cc14f896c1f43dc3d438
Instruction Fuzzy Hash: 2F11B971A2AF4682DE40DB56F49146A6760FF89B84B811036FA8E8B769DE3CD0258740

Function 00007FF6AB3D6FAC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3D728B

Part of subcall function 00007FF6AB3E1710: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E172D

Strings

UTF-8, xrefs: 00007FF6AB3D720A
ccs, xrefs: 00007FF6AB3D71C6
UTF-16LEUNICODE, xrefs: 00007FF6AB3D7229

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 4f57e9f7a6908184d10ee5c48a2c8438aa412295f37fabc9ae5e53a45c7ae29c
Instruction ID: efe083079bcf5d5fa75ab40ea7f0113685300b10143a3cee3a06634ffceb9bb8
Opcode Fuzzy Hash: 4f57e9f7a6908184d10ee5c48a2c8438aa412295f37fabc9ae5e53a45c7ae29c
Instruction Fuzzy Hash: C281BD72E0EA43C5FB758F25A1102B927E0AF19B88F958931DA09D72B6DF2DE9059301

Function 00007FF6AB3D6CE8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3D6F91

Part of subcall function 00007FF6AB3E18F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB3E1915

Strings

UTF-8, xrefs: 00007FF6AB3D6F14
ccs, xrefs: 00007FF6AB3D6EDD
UTF-16LEUNICODE, xrefs: 00007FF6AB3D6F35

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 641d53ec10bdcac3c59e2b408e5e882402896fde2ae3f49233ae99508bf9b710
Instruction ID: ce8949d41a8a28d61341269ace5a4fad4b808806802d1cfa31602e5ae2d0c0ef
Opcode Fuzzy Hash: 641d53ec10bdcac3c59e2b408e5e882402896fde2ae3f49233ae99508bf9b710
Instruction Fuzzy Hash: 6481C072D0EE4285FF654E2EE3502782BE09F1E748F556C39CA6EC62B5CE2DB8059341

Function 00007FF6AB3C6A2C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6AB3C6A9C
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6AB3C6AE7

Strings

RCC, xrefs: 00007FF6AB3C6AB8
MOC, xrefs: 00007FF6AB3C6AB0

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: d1c5be10261d2340b9e8933fe6e22cdb420d4eaf648d2c1e165d5e4e359a6207
Instruction ID: c129bcd2a84c369c8f8613b8ff513ea66269d3206e3808c753b034d97204fd0a
Opcode Fuzzy Hash: d1c5be10261d2340b9e8933fe6e22cdb420d4eaf648d2c1e165d5e4e359a6207
Instruction Fuzzy Hash: 0191A573A09BA58AE710CFA9D8402AD7BB0FB4A788F144139EE4D97765DF38E159C700

Function 00007FF6AB3C4D5C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6AB3C4D87
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6AB3C4E1E
RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3C3C56), ref: 00007FF6AB3C4E78

Strings

csm, xrefs: 00007FF6AB3C4E05

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: e8a8824f7941d9940fdfbadbfc489ea85c28a3d4334691de73acf537df2bc43c
Instruction ID: 08723b3cb28d18112710f5449ef07f1a97dd368f09fd5561c17359361e287c0b
Opcode Fuzzy Hash: e8a8824f7941d9940fdfbadbfc489ea85c28a3d4334691de73acf537df2bc43c
Instruction Fuzzy Hash: 5451E532B1AA129AEB14DF69E044A7C3791EB49B98F114030EA5E837A8DF7CF945C700

Function 00007FF6AB3C6FAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6AB3C6FD4
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6AB3C70BC

Strings

csm, xrefs: 00007FF6AB3C6FF6
csm, xrefs: 00007FF6AB3C710E

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 8bdd689762b640964f24aa938a01a9bf3b96cdc1f41a4caa769bba1b9f1f8a33
Instruction ID: e0493acc0e1029183a6ae56848bf776b5f4dcc88ca4c621ce68dca3a6962fc6d
Opcode Fuzzy Hash: 8bdd689762b640964f24aa938a01a9bf3b96cdc1f41a4caa769bba1b9f1f8a33
Instruction Fuzzy Hash: 0A519132909A62C6EB748F91944437877B0EB5AB84F145135DE9C87BA6CF3CF458CB01

Function 00007FF6AB3C67BC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6AB3C681B
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6AB3C6867

Strings

RCC, xrefs: 00007FF6AB3C6837
MOC, xrefs: 00007FF6AB3C682F

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: ad52fa3726eaa364518b9a5cf1a8fbedd9b437226acc90197b45e48322b858e0
Instruction ID: 62b65755b9f4118f4214242fd15b9b5057480ec721780d4f82c3a7a3acd8574f
Opcode Fuzzy Hash: ad52fa3726eaa364518b9a5cf1a8fbedd9b437226acc90197b45e48322b858e0
Instruction Fuzzy Hash: CA619272909FD581EB208B55E4407AEB7A0FB8A794F044225EB9D47B65CF7CF198CB00

Function 00007FF6AB3A1390 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6AB3BEE38: QueryPerformanceFrequency.KERNEL32(?,?,?,?,00007FF6AB3A13A1), ref: 00007FF6AB3BEE4D

Part of subcall function 00007FF6AB3BEE1C: QueryPerformanceCounter.KERNEL32(?,?,?,?,00007FF6AB3A13AB), ref: 00007FF6AB3BEE25

_Subatomic.LIBCONCRTD ref: 00007FF6AB3A13FE
_Subatomic.LIBCONCRTD ref: 00007FF6AB3A149A

Strings

d, xrefs: 00007FF6AB3A13CD

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: PerformanceQuerySubatomic$CounterFrequency
String ID: d
API String ID: 3831891851-2564639436
Opcode ID: 186dc90d4e703bbd526a7879f88c3e17cdeff143ea7ca2f7bb8f8d4ea3886313
Instruction ID: a23454bd703db3769504e28ad62fa005efac9303fe5f6fdd8e31c4ff8e942b5e
Opcode Fuzzy Hash: 186dc90d4e703bbd526a7879f88c3e17cdeff143ea7ca2f7bb8f8d4ea3886313
Instruction Fuzzy Hash: 1831172260EF8481DA64CB19F48136BB7A5F7C8784F109126E6CE87B6AEF3CD5108F00

Function 00007FF6AB3D7A60 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6AB3D7ADF
WriteFile.KERNEL32 ref: 00007FF6AB3D7DBC
WriteFile.KERNEL32 ref: 00007FF6AB3D7E02
GetLastError.KERNEL32 ref: 00007FF6AB3D7EC1

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 630bfd368104b04c966d200a28a114802453aed6c8fdbe0550e7f4704705a986
Instruction ID: 5dda3b1bc43b611fb09531e242773acbc6a2f01236949ca3d8c524468fe5bbc1
Opcode Fuzzy Hash: 630bfd368104b04c966d200a28a114802453aed6c8fdbe0550e7f4704705a986
Instruction Fuzzy Hash: 2ED1B232B1AE41C9E711CFA9E4401BC37B1F749B98B444626DE5DA7BAADE38D506C340

Function 00007FF6AB3D8444 Relevance: 6.2, APIs: 4, Instructions: 229COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB3D842F,?,?,?), ref: 00007FF6AB3D8562

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ConsoleMode
String ID:
API String ID: 4145635619-0
Opcode ID: d97584f15f782d5607a6b021fca085c2643cb1981ff63f56266adf68bee9edc5
Instruction ID: f270a754d72b17927b9a0b69fb57743565a661f468a82c024f6e87e595c5526c
Opcode Fuzzy Hash: d97584f15f782d5607a6b021fca085c2643cb1981ff63f56266adf68bee9edc5
Instruction Fuzzy Hash: 4C91C132E1AE5299FB509F65A8406BD2FE0BB4CB98F044536DE0EA76A5DE7CF445C300

Function 00007FF6AB3BA160 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3BA1A2
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF6AB3BA218

Part of subcall function 00007FF6AB3BB530: type_info::_name_internal_method.LIBCMTD ref: 00007FF6AB3BB548

char_traits.LIBCPMTD ref: 00007FF6AB3BA375

Part of subcall function 00007FF6AB3BE280: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3BE29D
Part of subcall function 00007FF6AB3BE280: _Max_value.LIBCPMTD ref: 00007FF6AB3BE2C2
Part of subcall function 00007FF6AB3BE280: _Min_value.LIBCPMTD ref: 00007FF6AB3BE2F0

char_traits.LIBCPMTD ref: 00007FF6AB3BA3C5

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWorkchar_traits$Affinity::operator!=HardwareMax_valueMin_valuetype_info::_name_internal_method
String ID:
API String ID: 1569735011-0
Opcode ID: dbd231b4ea386dfdbac49ebeb1d6c6506fafe1650f67ae28f5740aac5742d856
Instruction ID: c722896069111dcdff020eb0d2b7d1607d0e9340f5e95004694ebed8cfde505c
Opcode Fuzzy Hash: dbd231b4ea386dfdbac49ebeb1d6c6506fafe1650f67ae28f5740aac5742d856
Instruction Fuzzy Hash: 5961B92660AF8985DA60DB15E49036EB7A0FBCDB84F500536EACD87B6ADF3CD514CB40

Function 00007FF6AB3C29D0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BD662,?,?,?,?,00007FF6AB3BD6A1), ref: 00007FF6AB3C2A4D
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BD662,?,?,?,?,00007FF6AB3BD6A1), ref: 00007FF6AB3C2A89
GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BD662,?,?,?,?,00007FF6AB3BD6A1), ref: 00007FF6AB3C2AA6
GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF6AB3BD662,?,?,?,?,00007FF6AB3BD6A1), ref: 00007FF6AB3C2AC8

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 0a4443a06519d281a62536d96f6898593e8914d9034f00c453d0e81736b84440
Instruction ID: 0325db68d60e0e8ac8fb4d9e04dfeea4b06d5dfe9594d91290bb25267df83966
Opcode Fuzzy Hash: 0a4443a06519d281a62536d96f6898593e8914d9034f00c453d0e81736b84440
Instruction Fuzzy Hash: E821C531A09F9282E7109F61A80013E76D0FB4ABA0F048639EA8ED7BF4CF3CE4158710

Function 00007FF6AB3A4460 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

List.LIBCMTD ref: 00007FF6AB3A44A2
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF6AB3A4511
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6AB3A4544
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF6AB3A458F

Part of subcall function 00007FF6AB3A2070: std::make_error_code.LIBCPMTD ref: 00007FF6AB3A2086

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$Concurrency::details::EmptyListQueue::StructuredWorkstd::make_error_code
String ID:
API String ID: 108412505-0
Opcode ID: be7abe5b0cfc3cd30a37a4d36e3d9253fe911eded213e55e311c93b35b3c0e50
Instruction ID: a35dd998061bd6c5e55f99b5d6cc168e2bf334ec7394f223172bd1309286a1d4
Opcode Fuzzy Hash: be7abe5b0cfc3cd30a37a4d36e3d9253fe911eded213e55e311c93b35b3c0e50
Instruction Fuzzy Hash: 0541BB3261AE8185DA60DB15E4917ABB7A0FBC9780F505039E6CD87AAADF3DE4048F40

Function 00007FF6AB3B4FC0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3B4FDF

Part of subcall function 00007FF6AB3A2C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3A2C4A
Part of subcall function 00007FF6AB3A2C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3A2C7D

std::locale::_Getfacet.LIBCPMTD ref: 00007FF6AB3B500C
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3B50D4

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
String ID:
API String ID: 228209623-0
Opcode ID: 900a1b0f5af8460445ef18d092ec1dcad2e001d690bb81d38a9b1293dbaed54b
Instruction ID: 7d0b008874f1d9cbbd640793ec85c9a197b8854274002db57286cddc5b630ab4
Opcode Fuzzy Hash: 900a1b0f5af8460445ef18d092ec1dcad2e001d690bb81d38a9b1293dbaed54b
Instruction Fuzzy Hash: 88311D3651EE4591DA109B15E49126AB3A0FBD9794F501236EA8D83BBADE3DD540CB00

Function 00007FF6AB3B7D60 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3B7D7F

Part of subcall function 00007FF6AB3A2C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3A2C4A
Part of subcall function 00007FF6AB3A2C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3A2C7D

std::locale::_Getfacet.LIBCPMTD ref: 00007FF6AB3B7DAC
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3B7E74

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
String ID:
API String ID: 228209623-0
Opcode ID: 2f47ee55e736e4f4b2b0ec95150cbbbde96c0946e331a1b596ed8c7eed21006b
Instruction ID: 6da38c10303710fac7253dd26b32239a54a12b066d7ea2505d31924533c2f54a
Opcode Fuzzy Hash: 2f47ee55e736e4f4b2b0ec95150cbbbde96c0946e331a1b596ed8c7eed21006b
Instruction Fuzzy Hash: C1310F2661EE4582DA20DB15E48126EB7A0FBDD794F501236EA8D83BBEDF3DD544CB00

Function 00007FF6AB3B67E0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3B67FF

Part of subcall function 00007FF6AB3A2C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6AB3A2C4A
Part of subcall function 00007FF6AB3A2C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3A2C7D

std::locale::_Getfacet.LIBCPMTD ref: 00007FF6AB3B682C
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6AB3B68F4

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
String ID:
API String ID: 228209623-0
Opcode ID: 4c7c34ed3ef3d80a708a55e7ada9b73d3a7126fa795704c4ea355c7ba4da16f8
Instruction ID: e5652f9d97d142d4a98eb43488c2280d7d06b672ebe236170a503182fa59c130
Opcode Fuzzy Hash: 4c7c34ed3ef3d80a708a55e7ada9b73d3a7126fa795704c4ea355c7ba4da16f8
Instruction Fuzzy Hash: CF31EC26A1EE4591DA10EB15E49126EB3A0FBD9794F505236EA8D83BBEDF3CD540CB00

Function 00007FF6AB3C0314 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF6AB3C035D
GetLastError.KERNEL32 ref: 00007FF6AB3C036B
WideCharToMultiByte.KERNEL32 ref: 00007FF6AB3C03A0
GetLastError.KERNEL32 ref: 00007FF6AB3C03AE

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: a887946e6b1cb9798d018aa6cd5ff39b28168e1f026615f62acba953722a2e82
Instruction ID: bfd7ba4cdefebbd8c49eeb03c1cb47bd797d31fbf093902598dbb878f54352fe
Opcode Fuzzy Hash: a887946e6b1cb9798d018aa6cd5ff39b28168e1f026615f62acba953722a2e82
Instruction Fuzzy Hash: 8C213B76A19B9187E3108F15E44432EBAB4F78DB94F140139EB8997B65DF3CE8458B04

Function 00007FF6AB3B47F0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 00007FF6AB3B4803
_Func_class.LIBCONCRTD ref: 00007FF6AB3B485D

Part of subcall function 00007FF6AB3B1EE0: _Func_class.LIBCONCRTD ref: 00007FF6AB3B1EEE
Part of subcall function 00007FF6AB3B1EE0: _Func_class.LIBCONCRTD ref: 00007FF6AB3B1F4C

_Func_class.LIBCONCRTD ref: 00007FF6AB3B4881
_Func_class.LIBCONCRTD ref: 00007FF6AB3B488D

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: f99f61d9fa51e9b5806d12a472de137738623b6c0d8fa76c95976e6c4d514edd
Instruction ID: d21ce0e770bcc9206b11c5bcef9d3cb823de87075313efd5c4c844ee3a7e5242
Opcode Fuzzy Hash: f99f61d9fa51e9b5806d12a472de137738623b6c0d8fa76c95976e6c4d514edd
Instruction Fuzzy Hash: EC11A522A1EE4581DA50EB16E85117AA7A1FBCDBC0F204031EB8DC777EDE2DE8418B00

Function 00007FF6AB3C022C Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNEL32 ref: 00007FF6AB3C024C
GetLastError.KERNEL32 ref: 00007FF6AB3C0256
SetFileInformationByHandle.KERNEL32 ref: 00007FF6AB3C0289
GetLastError.KERNEL32 ref: 00007FF6AB3C0293

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ErrorFileHandleInformationLast
String ID:
API String ID: 275135790-0
Opcode ID: 097d7ab178c7991021d56dc67bea1fb9272c2e1257d77f4ca1b7d31816b141e0
Instruction ID: 92574b7df2872f94bed32728c495310ece69b8aea1797d40c86749156b0db46c
Opcode Fuzzy Hash: 097d7ab178c7991021d56dc67bea1fb9272c2e1257d77f4ca1b7d31816b141e0
Instruction Fuzzy Hash: 43F0A431E1998282FBA68FB5D4582B82BA0EF4F745F440135D74AC66B4DFACF98C8741

Function 00007FF6AB3C71E4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6AB3C720E

Strings

csm, xrefs: 00007FF6AB3C7233
csm, xrefs: 00007FF6AB3C73A2

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 39ffd8bc164b8a0b16d3cd4f2257c85ce69868945303a69ea8a93856330dab12
Instruction ID: 380ff4366095df56dfacac550816c1ab4692adf4aee136f6d8b47a8cf5871aee
Opcode Fuzzy Hash: 39ffd8bc164b8a0b16d3cd4f2257c85ce69868945303a69ea8a93856330dab12
Instruction Fuzzy Hash: 2D71D67260AAA1C6DB605FA5904077D7BB0FB4ABC5F148131EE8D87AA6CF3CE558C740

Function 00007FF6AB3AF420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6AB3AF56A

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c3cf33254d96a21a0be218e120594f3a5406b08dfcb02c4a7e36dd032904bc7c
Instruction ID: 990643cc52ccf46db5314c440564edc5f534ce7dbe4bbe53247dc70af766fd89
Opcode Fuzzy Hash: c3cf33254d96a21a0be218e120594f3a5406b08dfcb02c4a7e36dd032904bc7c
Instruction Fuzzy Hash: 3771EB2290EE8195EA609B55E4813AEB7A0FB89740F10413AE68DD7BBADF3DD444CF10

Function 00007FF6AB3C787C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6AB3C7926
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF6AB3C794F

Strings

csm, xrefs: 00007FF6AB3C7A4F

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 3e8da0310ca9b921ebb1de63dd19698e880293f76781bcaadd701b43dff503fd
Instruction ID: ed547fb6707a1e3d0de89cb812aace9d929ad5bcdeda1d4548efc461b8d40df4
Opcode Fuzzy Hash: 3e8da0310ca9b921ebb1de63dd19698e880293f76781bcaadd701b43dff503fd
Instruction Fuzzy Hash: 00514B3661AB5586E620AB65E04126E77B4FB8AB91F140134EF8D87B66CF38F464CB00

Function 00007FF6AB3D8118 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6AB3D8230
GetLastError.KERNEL32 ref: 00007FF6AB3D8255

Strings

U, xrefs: 00007FF6AB3D81DA

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4a6b99da95a2993aeb63317af3060804200180cb19d5318131eb1a64acd31227
Instruction ID: 0b91191f08673c0b261915b1c3b577abab921f3430edddb335a433cdfac1c8ea
Opcode Fuzzy Hash: 4a6b99da95a2993aeb63317af3060804200180cb19d5318131eb1a64acd31227
Instruction Fuzzy Hash: 8F41B462A2AE8186E7108F65E8047A9ABE0FB8C784F444531EE4DC77A8EF7CE405C740

Function 00007FF6AB3C51C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AB3C3CB3), ref: 00007FF6AB3C5210
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6AB3C3CB3), ref: 00007FF6AB3C5251

Strings

csm, xrefs: 00007FF6AB3C523E

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 6e16762783d0bc65364e0f460dd6446a1027947574864ad95021257b6417cbf0
Instruction ID: 33052fa6a1cf8bbb10fa0e14468577ef3767a294540f192a50a1306daa4d56a0
Opcode Fuzzy Hash: 6e16762783d0bc65364e0f460dd6446a1027947574864ad95021257b6417cbf0
Instruction Fuzzy Hash: AC115E3661AF4182EB208F15F84026977E0FB8DB94F194231DE8C47B69DF3CD9558700

Function 00007FF6AB3A77C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00007FF6AB3A77F9
RegCloseKey.ADVAPI32 ref: 00007FF6AB3A7808

Strings

SOFTWARE\Lenovo\Lenovo Go Central, xrefs: 00007FF6AB3A77EB

Memory Dump Source

Source File: 00000000.00000002.2919039449.00007FF6AB3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB3A0000, based on PE: true

Associated: 00000000.00000002.2919026955.00007FF6AB3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919066677.00007FF6AB3E8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919079467.00007FF6AB3E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919096767.00007FF6AB3FF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919109750.00007FF6AB400000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919121563.00007FF6AB403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB409000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2919134605.00007FF6AB430000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ab3a0000_UDCC Launcher.jbxd

Similarity

API ID: CloseOpen
String ID: SOFTWARE\Lenovo\Lenovo Go Central
API String ID: 47109696-936754287
Opcode ID: 1a51c6a1e74a4be0013794f29a44b20b7889988872f124f83b2fa8cdec568353
Instruction ID: cd4d4df25c7640b7e3be9fa7fbb7ee6d947567bf5215252b68b4f4a5621fa98b
Opcode Fuzzy Hash: 1a51c6a1e74a4be0013794f29a44b20b7889988872f124f83b2fa8cdec568353
Instruction Fuzzy Hash: 14F0BE31E2AF4181EE409B21F88122A73A4FF9DB80F806135E98E83779DF2CE105CB00

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as `sc query` , `tasklist /svc` , `systemctl --type=service` , and `net start` .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report UDCC Launcher.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: UDCC Launcher.exePID: 2108, Parent PID: 2580

General

File Activities

File Opened

File Attributes Queried

Volume Information Queried

Section Activities

Sections loaded by Windows

Registry Activities

Windows Analysis Report
UDCC Launcher.exe