Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
HxTsr.exe

Overview

General Information

Sample Name:HxTsr.exe
Analysis ID:718584
MD5:906dec48fc20750a0a57db32121e1fe2
SHA1:febd6f8ecb35d61fefd0e5985241c3c27e11fde0
SHA256:417ae8819a51a2066f655d4f7212f2bb1549d65272c7dcfcb8535c6c64af1abd

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Tries to load missing DLLs
Program does not show much activity (idle)
PE file contains sections with non-standard names
Detected potential crypto function

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • HxTsr.exe (PID: 5468 cmdline: C:\Users\user\Desktop\HxTsr.exe MD5: 906DEC48FC20750A0A57DB32121E1FE2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Software Vulnerabilities
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: HxTsr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb source: HxTsr.exe
Source: Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: HxTsr.exe
Source: C:\Users\user\Desktop\HxTsr.exeCode function: 4x nop then push rbx0_2_00007FF763824318
Source: HxTsr.exeBinary or memory string: OriginalFilename vs HxTsr.exe
Source: C:\Users\user\Desktop\HxTsr.exeSection loaded: microsoft.applications.telemetry.windows.dllJump to behavior
Source: C:\Users\user\Desktop\HxTsr.exeSection loaded: hxoutlookbackground.dllJump to behavior
Source: C:\Users\user\Desktop\HxTsr.exeSection loaded: vcruntime140_1_app.dllJump to behavior
Source: C:\Users\user\Desktop\HxTsr.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Users\user\Desktop\HxTsr.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Users\user\Desktop\HxTsr.exeCode function: 0_2_00007FF76382DA1C0_2_00007FF76382DA1C
Source: C:\Users\user\Desktop\HxTsr.exeCode function: 0_2_00007FF76382CE240_2_00007FF76382CE24
Source: HxTsr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\HxTsr.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: clean3.winEXE@1/0@0/0
Source: HxTsr.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: HxTsr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE
Source: HxTsr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb source: HxTsr.exe
Source: Binary string: d:\dbs\el\jul\target\x64\ship\hxcomm\x-none\HxTsr.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: HxTsr.exe
Source: HxTsr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: HxTsr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: HxTsr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: HxTsr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: HxTsr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: HxTsr.exeStatic PE information: real checksum: 0x18a92 should be: 0x25462
Source: HxTsr.exeStatic PE information: section name: .didat
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\HxTsr.exeCode function: 0_2_00007FF7638210A4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7638210A4

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information		LSASS Memory2
System Information Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 718584 Sample: HxTsr.exe Startdate: 07/10/2022 Architecture: WINDOWS Score: 3 4 HxTsr.exe 2->4         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
HxTsr.exe4%ReversingLabs
HxTsr.exe0%MetadefenderBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:718584
Start date and time:2022-10-07 22:37:51 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 8s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:HxTsr.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:12
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean3.winEXE@1/0@0/0
EGA Information:Failed
HDC Information:
  • Successful, ratio: 99.5% (good quality ratio 58.2%)
  • Quality average: 44.7%
  • Quality standard deviation: 43.3%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 35
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com
  • Execution Graph export aborted for target HxTsr.exe, PID 5468 because there are no executed function
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: HxTsr.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.062711585353908
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:HxTsr.exe
File size:92672
MD5:906dec48fc20750a0a57db32121e1fe2
SHA1:febd6f8ecb35d61fefd0e5985241c3c27e11fde0
SHA256:417ae8819a51a2066f655d4f7212f2bb1549d65272c7dcfcb8535c6c64af1abd
SHA512:740ff26f004463d9971b25e5ba738bcc3eaa4786c2788ccd1852d07f6b290f05c5f2205ba4467319ada41369537c4418a1f4cd8e52d615c211cd5e4152753085
SSDEEP:1536:SOHO8lU/mI2MR92CX9OJt8xBa5fjIEVE71T47wIGgTje0MFAMMIGnyv/G:e8lU/mI2MRQqOJaxuf0EVPTj1MGiGnym
TLSH:AF934A5E232601F6E156D2BCC5A7627AE372FC435852970F4FB0D2860F772609E3AB91
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jUP..4>[.4>[.4>[.F8Z/4>[B@?Z(4>[B@;Z34>[B@:Z$4>[B@=Z-4>[.@?Z,4>['L.[.4>[.E?Z-4>[.4?[!5>[.F:Z-4>[.@;Z*4>[.@7Z.4>[.@.[/4>[.@<Z/4>

File Icon

Icon Hash:00828e8e8686b000

Static PE Info

General

Entrypoint:0x140001090
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, APPCONTAINER, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x627DD5CE [Fri May 13 03:51:42 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:10
OS Version Minor:0
File Version Major:10
File Version Minor:0
Subsystem Version Major:10
Subsystem Version Minor:0
Import Hash:a936f9337ff7d2caddd1f140cf786be8
Instruction
dec eax
sub esp, 28h
call 00007F3248B33AF0h
dec eax
add esp, 28h
jmp 00007F3248B35EDFh
int3
nop
dec eax
mov dword ptr [esp+20h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 20h
dec eax
mov eax, dword ptr [00014F58h]
dec eax
mov ebx, 2DDFA232h
cdq
sub eax, dword ptr [eax]
add byte ptr [eax+3Bh], cl
ret
jne 00007F3248B33B56h
dec eax
and dword ptr [ebp+18h], 00000000h
dec eax
lea ecx, dword ptr [ebp+18h]
call dword ptr [0000E3E2h]
dec eax
mov eax, dword ptr [ebp+18h]
dec eax
mov dword ptr [ebp+10h], eax
call dword ptr [0000E084h]
mov eax, eax
dec eax
xor dword ptr [ebp+10h], eax
call dword ptr [0000E080h]
mov eax, eax
dec eax
lea ecx, dword ptr [ebp+20h]
dec eax
xor dword ptr [ebp+10h], eax
call dword ptr [0000E3A8h]
mov eax, dword ptr [ebp+20h]
dec eax
lea ecx, dword ptr [ebp+10h]
dec eax
shl eax, 20h
dec eax
xor eax, dword ptr [ebp+20h]
dec eax
xor eax, dword ptr [ebp+10h]
dec eax
xor eax, ecx
dec eax
mov ecx, FFFFFFFFh
Programming Language:
  • [IMP] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x116600x26c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x190000x470.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x170000xe7c.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a0000x2f8.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x13d980x38.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x103600x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xff000x138.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0xf0000x530.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x113640x80.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000xd9090xda00False0.49691800458715596data6.222952095031539IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0xf0000x6a0d0x6c00False0.33351417824074076data5.051676118978535IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x160000x6680x400False0.2109375data2.366450057637999IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x170000xe7c0x1000False0.449951171875PEX Binary Archive4.5321877075071395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat0x180000x800x200False0.1171875data0.8157106698145418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x190000x4700x600False0.3014322916666667data3.997952678162754IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x1a0000x2f80x400False0.5322265625data4.589842225081001IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
RT_VERSION0x190580x418dataEnglishUnited States
DLLImport
Microsoft.Applications.Telemetry.Windows.dll?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z, ?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z, ?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z, ?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z, ?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z, ?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ, ??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ, ?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z, ??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z, ?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z, ??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z, ?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z, ??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ, ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z, ?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z, ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z, ??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ, ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z, ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
api-ms-win-core-errorhandling-l1-1-0.dllRaiseException
api-ms-win-core-realtime-l1-1-0.dllQueryUnbiasedInterruptTime
api-ms-win-core-synch-l1-2-0.dllWakeAllConditionVariable, SleepConditionVariableSRW, InitOnceExecuteOnce
api-ms-win-core-com-l1-1-0.dllCoTaskMemFree, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler
api-ms-win-core-processthreads-l1-1-0.dllGetCurrentProcess, TerminateProcess, GetCurrentThreadId, GetCurrentProcessId
api-ms-win-core-processthreads-l1-1-3.dllSetProcessInformation
api-ms-win-core-util-l1-1-0.dllDecodePointer
api-ms-win-core-synch-l1-1-0.dllInitializeSRWLock, AcquireSRWLockExclusive, ReleaseSRWLockExclusive
api-ms-win-core-com-l1-1-1.dllRoGetAgileReference
api-ms-win-eventing-provider-l1-1-0.dllEventWriteTransfer
HxOutlookBackground.dll?HxOutlookBackgroundInitialize@HxOutlook@@YAXAEAUConfig@Telemetry@Hx@@_N@Z, ?UseHxOutlookBackgroundAccess@HxOutlook@@YAAEAUIHxOutlookBackgroundAccess@1@XZ, ?HxOutlookBackgroundEnsureInitialized@HxOutlook@@YAXXZ
VCRUNTIME140_1_APP.dll__CxxFrameHandler4
VCRUNTIME140_APP.dll__current_exception, _purecall, __current_exception_context, __std_exception_destroy, __std_terminate, __C_specific_handler, __std_exception_copy, memset, _CxxThrowException, memcmp, memcpy, memmove
MSVCP140_APP.dll?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?_Xinvalid_argument@std@@YAXPEBD@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?_Xbad_alloc@std@@YAXXZ, ?_Xlength_error@std@@YAXPEBD@Z, _Mtx_init_in_situ, _Mtx_destroy_in_situ, ?_Xout_of_range@std@@YAXPEBD@Z, ?_Throw_C_error@std@@YAXH@Z, _Mtx_lock, _Mtx_unlock, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?uncaught_exception@std@@YA_NXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
api-ms-win-crt-runtime-l1-1-0.dll_crt_atexit, _invalid_parameter_noinfo_noreturn, _invalid_parameter_noinfo, terminate, _register_onexit_function, _initialize_onexit_table, _errno, _register_thread_local_exe_atexit_callback, _c_exit, _cexit, _set_app_type, _exit, exit, _initterm_e, _initterm, _get_narrow_winmain_command_line, _initialize_narrow_environment, _configure_narrow_argv, _seh_filter_exe
api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, free, malloc
api-ms-win-crt-string-l1-1-0.dll_wcsicmp
api-ms-win-crt-stdio-l1-1-0.dll__p__commode, _set_fmode
api-ms-win-crt-convert-l1-1-0.dllwcstoull
api-ms-win-crt-math-l1-1-0.dll__setusermatherr, pow
api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
api-ms-win-core-profile-l1-1-0.dllQueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dllGetSystemTimeAsFileTime, GetSystemDirectoryW
api-ms-win-core-interlocked-l1-1-0.dllInitializeSListHead
api-ms-win-core-delayload-l1-1-1.dllResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dllDelayLoadFailureHook
api-ms-win-core-string-l1-1-0.dllCompareStringOrdinal
api-ms-win-core-path-l1-1-0.dllPathCchAppend
api-ms-win-core-file-l1-1-0.dllGetFileAttributesW

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

050100s020406080100

Click to jump to process

Memory Usage

050100s0.000.5011.52MB

Click to jump to process

System Behavior

General

Target ID:0
Start time:22:38:48
Start date:07/10/2022
Path:C:\Users\user\Desktop\HxTsr.exe
Wow64 process (32bit):false
Commandline:C:\Users\user\Desktop\HxTsr.exe
Imagebase:0x7ff763820000
File size:92672 bytes
MD5 hash:906DEC48FC20750A0A57DB32121E1FE2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Non-executed Functions

C-Code - Quality: 100%
			E00007FF77FF7638210A4(long long __rbx, long long _a32) {

				_a32 = __rbx;
			}



0x7ff7638210a4

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 2933794660-0
  • Opcode ID: 6494b3011ed12ee8fbd9efba338e6d045498913f71c9c479f9979a6da21c163a
  • Instruction ID: 7f07f61392c39c3d4541d6a932de0230032085bbba2dea9be9c32b0354607db3
  • Opcode Fuzzy Hash: 6494b3011ed12ee8fbd9efba338e6d045498913f71c9c479f9979a6da21c163a
  • Instruction Fuzzy Hash: 22118222A04F02CAEB50DF65E8956E433A4FB1D758F841A31EA5D43794DF3DD1A4C3A0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 93%
			E00007FF77FF76382CE24(void* __edx, long long __rbx, signed int* __rcx, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, intOrPtr _a40) {
				void* _v24;
				signed long long _v40;
				signed char _t45;
				unsigned short _t79;
				signed char _t98;
				void* _t105;
				intOrPtr _t106;
				void* _t122;
				void* _t129;
				signed long long _t134;
				signed long long _t135;
				intOrPtr* _t136;
				long long _t138;
				signed int* _t152;
				void* _t156;
				void* _t164;

				_t138 = __rbx;
				_a8 = __rbx;
				_a16 = __rbp;
				_t134 =  *0x63836010; // 0x6361b5e8cd9a
				_t135 = _t134 ^ _t156 - 0x000000f0;
				_v40 = _t135;
				_t164 = __r9;
				if (__rcx == 0) goto 0x6382d122;
				_t106 = _a40;
				if (__edx == 0) goto 0x6382d0bb;
				r9d = 0xfc00;
				r10d = 0xdc00;
				if (0 - _t106 < 0) goto 0x6382ce85;
				if (_t106 != 0) goto 0x6382d0bf;
				if (( *__rcx & 0x0000ffff) - 0x7f > 0) goto 0x6382cea3;
				if (_t106 == 0) goto 0x6382d04a;
				 *((char*)(__rcx + __r9)) =  *__rcx;
				goto 0x6382d04a;
				if (0 - 0x7ff > 0) goto 0x6382ced2;
				_t6 = _t138 + 2; // 0x2
				if (_t106 == 0) goto 0x6382d04e;
				if (_t6 - _t106 > 0) goto 0x6382d0bb;
				 *((char*)(_t135 + __r9)) = 0xbadbed;
				goto 0x6382d03c;
				if ((0xdbed & r9w) != 0xd800) goto 0x6382d00d;
				if (__edx - 2 < 0) goto 0x6382ceff;
				goto 0x6382cf04;
				if (1 != 0) goto 0x6382d00d;
				r8d = 8;
				if (__edx - 2 < 0) goto 0x6382d05f;
				if ((__rcx[0] & 0x0000ffff & r9w) == r10w) goto 0x6382cf91;
				_t136 =  *[gs:0x58];
				_t122 =  *0x638363c8 -  *((intOrPtr*)(__r8 +  *_t136)); // 0x0
				if (_t122 <= 0) goto 0x6382cf6d;
				E00007FF77FF7638236B0();
				if ( *0x638363c8 != 0xffffffff) goto 0x6382cf6d;
				asm("xorps xmm0, xmm0");
				asm("movdqu [0x9468], xmm0");
				E00007FF77FF763823644();
				E00007FF77FF763825904(0x71b099, "Assert");
				r9d = 0xfc00;
				r10d = 0xdc00;
				_t13 = _t138 + 4; // 0x4
				if (_t106 == 0) goto 0x6382d002;
				if (_t13 - _t106 > 0) goto 0x6382d0bb;
				_t98 = (( *__rcx & 0x0000ffff) >> 0x00000006 & 0x0000000f) + 1;
				 *(_t136 + _t164) = _t98 >> 0x00000002 | 0x000000f0;
				 *(__rbx + _t164) =  *__rcx >> 0x00000002 & 0x0000000f | (_t98 & 0x00000003 | 0x000000f8) << 0x00000004;
				_t45 = (__rcx[0] & 0x0000ffff) >> 0x00000006 & 0x0000000f;
				 *(__rbx + _t164) = ( *__rcx & 0x00000003 | 0x000000f8) << 0x00000004 | _t45;
				_t79 = __rcx[0] & 0x0000003f | 0x00000080;
				 *(__rbx + _t164) = _t79;
				goto 0x6382d004;
				_t152 =  &(__rcx[1]);
				goto 0x6382d056;
				_t20 = _t138 + 3; // 0x3
				if (_t106 == 0) goto 0x6382d04e;
				if (_t20 - _t106 > 0) goto 0x6382d0bb;
				 *(_t136 + _t164) = _t79 >> 0x0000000c | 0x000000e0;
				 *(__rbx + _t164) = ( *_t152 & 0x0000ffff) >> 0x00000006 & 0x0000003f | 0x00000080;
				 *(__rbx + _t164) =  *_t152 & 0x0000003f | 0x00000080;
				goto 0x6382d050;
				_t105 = __edx + 0xfffffffe - 1;
				if (_t105 == 0) goto 0x6382d0bb;
				goto 0x6382ce79;
				_t129 =  *0x638363c8 -  *((intOrPtr*)(0x638363d0 +  *((intOrPtr*)( *[gs:0x58])))); // 0x0
				if (_t129 <= 0) goto 0x6382d0a3;
				E00007FF77FF7638236B0();
				if ( *0x638363c8 != 0xffffffff) goto 0x6382d0a3;
				asm("xorps xmm0, xmm0");
				asm("movdqu [0x9332], xmm0");
				E00007FF77FF763823644();
				E00007FF77FF763825904(0x71b097, "Assert");
				if (_t106 == 0) goto 0x6382d0c3;
				if (_t105 != 0) goto 0x6382d0ed;
				E00007FF77FF763823620();
				return _t45;
			}



















0x7ff76382ce24
0x7ff76382ce24
0x7ff76382ce29
0x7ff76382ce39
0x7ff76382ce40
0x7ff76382ce43
0x7ff76382ce4d
0x7ff76382ce58
0x7ff76382ce5e
0x7ff76382ce67
0x7ff76382ce6d
0x7ff76382ce73
0x7ff76382ce7b
0x7ff76382ce7f
0x7ff76382ce8c
0x7ff76382ce90
0x7ff76382ce9a
0x7ff76382ce9e
0x7ff76382ceab
0x7ff76382cead
0x7ff76382ceb2
0x7ff76382ceba
0x7ff76382cec9
0x7ff76382cecd
0x7ff76382cee1
0x7ff76382ceea
0x7ff76382cefd
0x7ff76382cf06
0x7ff76382cf0c
0x7ff76382cf15
0x7ff76382cf27
0x7ff76382cf29
0x7ff76382cf39
0x7ff76382cf3f
0x7ff76382cf48
0x7ff76382cf54
0x7ff76382cf56
0x7ff76382cf60
0x7ff76382cf68
0x7ff76382cf80
0x7ff76382cf85
0x7ff76382cf8b
0x7ff76382cf91
0x7ff76382cf96
0x7ff76382cf9a
0x7ff76382cfad
0x7ff76382cfc0
0x7ff76382cfce
0x7ff76382cfe7
0x7ff76382cfeb
0x7ff76382cff7
0x7ff76382cffa
0x7ff76382d000
0x7ff76382d004
0x7ff76382d00b
0x7ff76382d00d
0x7ff76382d012
0x7ff76382d016
0x7ff76382d027
0x7ff76382d038
0x7ff76382d046
0x7ff76382d04c
0x7ff76382d054
0x7ff76382d058
0x7ff76382d05a
0x7ff76382d06f
0x7ff76382d075
0x7ff76382d07e
0x7ff76382d08a
0x7ff76382d08c
0x7ff76382d096
0x7ff76382d09e
0x7ff76382d0b6
0x7ff76382d0bd
0x7ff76382d0c1
0x7ff76382d0d0
0x7ff76382d0ec

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: ExceptionThrow
  • String ID: Assert$tag
  • API String ID: 432778473-967684852
  • Opcode ID: e9de12596ec6dced5d72a937c011b2cc95a0020e577558283f47cf8f54465457
  • Instruction ID: bdffaf84f0245ad4177455773eb0358ddcef4e1ddf31742832db390b88b79a31
  • Opcode Fuzzy Hash: e9de12596ec6dced5d72a937c011b2cc95a0020e577558283f47cf8f54465457
  • Instruction Fuzzy Hash: 8D910712A08643C2F790BB19D4916FAAB91EF50750FD04231D66D237E6DE2ED57AC3B0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 46%
			E00007FF77FF763824318(long long __rbx, long long* __rcx, void* __rdx, long long __rsi, signed int __r8) {
				void* _t18;
				long long _t28;
				signed long long _t36;
				unsigned long long _t42;
				int _t45;
				long long _t55;
				unsigned long long _t56;
				void* _t58;
				void* _t63;
				long long _t64;
				void* _t66;

				 *((long long*)(_t58 + 8)) = __rbx;
				 *((long long*)(_t58 + 0x10)) = _t55;
				 *((long long*)(_t58 + 0x18)) = __rsi;
				_t56 =  *((intOrPtr*)(__rcx + 0x18));
				if (__r8 - _t56 > 0) goto 0x63824360;
				if (_t56 - 0x10 < 0) goto 0x6382434e;
				 *((long long*)(__rcx + 0x10)) = __r8;
				memmove(_t66, _t63, _t45);
				 *((char*)( *((intOrPtr*)(__rcx)) + __r8)) = 0;
				goto 0x638243da;
				if (__r8 - 0xffffffff > 0) goto 0x638243f6;
				_t36 = __r8 | 0x0000000f;
				if (_t36 - 0xffffffff > 0) goto 0x6382439e;
				_t42 = _t56 >> 1;
				if (_t56 - 0xffffffff - _t42 > 0) goto 0x6382439e;
				_t28 = _t42 + _t56;
				_t8 = ( <  ? _t28 : _t36) + 1; // 0x8000000000000000
				E00007FF77FF7638245A0(_t8);
				 *((long long*)(__rcx + 0x10)) = __r8;
				 *((long long*)(__rcx + 0x18)) =  <  ? _t28 : _t36;
				_t64 = _t28;
				_t18 = memcpy(??, ??, ??);
				 *((char*)(_t64 + __r8)) = 0;
				if (_t56 - 0x10 < 0) goto 0x638243d7;
				E00007FF77FF763824428();
				 *__rcx = _t64;
				return _t18;
			}














0x7ff763824318
0x7ff76382431d
0x7ff763824322
0x7ff763824330
0x7ff763824340
0x7ff763824349
0x7ff76382434e
0x7ff763824355
0x7ff76382435a
0x7ff76382435e
0x7ff76382436d
0x7ff763824376
0x7ff76382437d
0x7ff763824385
0x7ff76382438e
0x7ff763824390
0x7ff76382439e
0x7ff7638243a2
0x7ff7638243aa
0x7ff7638243b1
0x7ff7638243b8
0x7ff7638243bb
0x7ff7638243c0
0x7ff7638243c9
0x7ff7638243d2
0x7ff7638243d7
0x7ff7638243f5

APIs
  • memmove.VCRUNTIME140_APP(?,?,00000001,00007FF763821387), ref: 00007FF763824355
  • memcpy.VCRUNTIME140_APP(?,?,00000001,00007FF763821387), ref: 00007FF7638243BB
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF763821387), ref: 00007FF763824418
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: freememcpymemmove
  • String ID:
  • API String ID: 985528739-0
  • Opcode ID: 294e259b5502931f5007faf7b35efc3ecb219579e34c461f4a31954f86fd5d2e
  • Instruction ID: 2820f7a3ae435e220dc07a89375a11ce3ee7edc831878456b131c27f7273669e
  • Opcode Fuzzy Hash: 294e259b5502931f5007faf7b35efc3ecb219579e34c461f4a31954f86fd5d2e
  • Instruction Fuzzy Hash: 7E21E521A08B56C5EA54AF16E5049B9E361EB84FD0FD84131DE2C17BD5DE7EE0A1C3B0
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID:
  • String ID: abcdefghijklmnopqrstuvwxyz0123456789****************************
  • API String ID: 0-2760645366
  • Opcode ID: 08842dc724a2cf00d5bd0d27bed7743377ded0ba0b39dae68c9fd5f9e71d4b24
  • Instruction ID: 99b0567a76aa2ea2b10c601b77d329a002dc5d550e00ee9337adc5bc4d8f5c53
  • Opcode Fuzzy Hash: 08842dc724a2cf00d5bd0d27bed7743377ded0ba0b39dae68c9fd5f9e71d4b24
  • Instruction Fuzzy Hash: D131595361C3C689E3419F7954406E9FF60EB65B80F8D8236DA9A97303CD2CD46AC370
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826A0D
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826A40
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826A47
  • ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826AB1
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826AF5
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826B28
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826B2F
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826B70
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826BA3
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826BAA
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826C73
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826CA6
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826CAD
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826D7E
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826DB2
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826DB9
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826E80
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826EB3
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF763826EBA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@Events@Microsoft@@$Category@234@@D@std@@DataEventKind@234@Properties@Property@U?$char_traits@V?$allocator@V?$basic_string@_invalid_parameter_noinfo_noreturnfree$D@2@@std@@_$D@2@@std@@D@@@D_t@D_t@234@
  • String ID: EventInfo.PrivTags$actorId$hxFlags$nstance$stTag
  • API String ID: 4008472446-2047053501
  • Opcode ID: acffc125b2d5b946e6d68db662419c69adf0d0f684998cf19ea7de309ce0c46c
  • Instruction ID: b17fba2f277eaabcb913c790c1f7b451c84c401fe024d849409b0fdf05ff3bcd
  • Opcode Fuzzy Hash: acffc125b2d5b946e6d68db662419c69adf0d0f684998cf19ea7de309ce0c46c
  • Instruction Fuzzy Hash: EBF17D72A05782CAEB409F64D484BAC77B9FB08B48F910639CE4D37B58CF799564D3A0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 23%
			E00007FF77FF763827A18(void* __edx, long long __rbx, void* __rdx, long long __rdi, long long __rsi, void* __r8) {
				void* __rbp;
				void* _t98;
				void* _t106;
				void* _t131;
				void* _t136;
				void* _t150;
				signed long long _t151;
				signed long long _t152;
				long long _t153;
				intOrPtr _t155;
				intOrPtr* _t156;
				intOrPtr* _t157;
				intOrPtr _t159;
				intOrPtr* _t160;
				long long _t162;
				intOrPtr* _t165;
				intOrPtr _t167;
				intOrPtr _t170;
				intOrPtr _t178;
				intOrPtr _t184;
				intOrPtr _t190;
				intOrPtr* _t195;
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr* _t207;
				intOrPtr _t224;
				intOrPtr* _t236;
				intOrPtr* _t264;
				long long _t265;
				void* _t267;
				void* _t268;
				void* _t270;
				signed long long _t271;
				intOrPtr _t276;
				void* _t282;
				long long _t283;
				void* _t285;
				void* _t288;
				intOrPtr* _t290;
				void* _t295;

				_t150 = _t270;
				 *((long long*)(_t150 + 8)) = __rbx;
				 *((long long*)(_t150 + 0x18)) = __rsi;
				 *((long long*)(_t150 + 0x20)) = __rdi;
				_t268 = _t150 - 0x5f;
				_t271 = _t270 - 0x100;
				_t151 =  *0x63836010; // 0x6361b5e8cd9a
				_t152 = _t151 ^ _t271;
				 *(_t268 + 0x27) = _t152;
				_t98 = E00007FF77FF763827F5C(__rdx);
				 *(_t271 + 0x48) = _t152;
				__imp___Mtx_lock(_t267);
				r12d = 0;
				if (_t98 == 0) goto 0x63827a72;
				__imp__?_Throw_C_error@std@@YAXH@Z();
				E00007FF77FF7638276B0(__rdx);
				_t200 =  *0x63836408; // 0x0
				if (_t200 != 0) goto 0x63827d8c;
				if (__rdx == _t152) goto 0x63827bad;
				__imp__??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ();
				_t184 =  *((intOrPtr*)( *_t152));
				goto 0x63827b2b;
				_t264 = _t184 + 0x20;
				_t153 = _t268 - 0x79;
				 *((long long*)(_t271 + 0x40)) = _t153;
				E00007FF77FF763825EF0(__rdx - _t152, _t184, _t268 - 0x79, _t264 + 0x20, __r8);
				_t283 = _t153;
				if ( *((long long*)(_t264 + 0x18)) - 0x10 < 0) goto 0x63827ace;
				_t265 =  *_t264;
				__imp__??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z();
				E00007FF77FF763825C0C(_t184, _t153, _t283);
				r12d = 0;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x10)) + 0x19)) == r12b) goto 0x63827b10;
				_t155 =  *((intOrPtr*)(_t184 + 8));
				goto 0x63827b05;
				if (_t184 !=  *((intOrPtr*)(_t155 + 0x10))) goto 0x63827b0b;
				_t156 =  *((intOrPtr*)(_t155 + 8));
				if ( *((intOrPtr*)(_t156 + 0x19)) == r12b) goto 0x63827af8;
				goto 0x63827b2b;
				_t236 =  *_t156;
				if ( *((intOrPtr*)(_t236 + 0x19)) != r12b) goto 0x63827b2b;
				_t157 =  *_t236;
				if ( *((intOrPtr*)(_t157 + 0x19)) == r12b) goto 0x63827b1c;
				if ( *((intOrPtr*)(_t236 + 0x19)) == r12b) goto 0x63827aa7;
				__imp__?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ();
				_t190 =  *((intOrPtr*)( *_t157));
				goto 0x63827ba7;
				if ( *((long long*)(_t190 + 0x38)) - 0x10 < 0) goto 0x63827b57;
				__imp__?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t190 + 0x10)) + 0x19)) == r12b) goto 0x63827b8c;
				_t159 =  *((intOrPtr*)(_t190 + 8));
				goto 0x63827b81;
				if (_t190 !=  *((intOrPtr*)(_t159 + 0x10))) goto 0x63827b87;
				_t160 =  *((intOrPtr*)(_t159 + 8));
				if ( *((intOrPtr*)(_t160 + 0x19)) == r12b) goto 0x63827b74;
				goto 0x63827ba7;
				_t207 =  *_t160;
				if ( *((intOrPtr*)(_t207 + 0x19)) != r12b) goto 0x63827ba7;
				if ( *((intOrPtr*)( *_t207 + 0x19)) == r12b) goto 0x63827b98;
				if ( *((intOrPtr*)(_t207 + 0x19)) == r12b) goto 0x63827b46;
				_t131 =  *0x638360b0 - _t283; // 0x0
				if (_t131 == 0) goto 0x63827c4a;
				_t162 = _t268 + 7;
				 *((long long*)(_t271 + 0x40)) = _t162;
				E00007FF77FF763825B74(_t207, _t268 + 7, 0x638360a0, _t265);
				_t195 = _t162;
				 *((long long*)(_t271 + 0x38)) = _t162;
				__imp__??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z();
				 *((intOrPtr*)(_t162 + 0x58)) = 4;
				_t38 = _t162 + 0x10; // 0x10
				_t290 = _t38;
				if (_t290 == _t195) goto 0x63827c1c;
				if ( *((long long*)(_t195 + 0x18)) - 0x10 < 0) goto 0x63827c10;
				_t276 =  *((intOrPtr*)(_t195 + 0x10));
				E00007FF77FF763824318(_t195, _t290,  *_t195, _t265, _t276);
				if ( *((long long*)(_t290 + 0x18)) - 0x10 < 0) goto 0x63827c26;
				 *((long long*)(_t162 + 8)) =  *_t290;
				if ( *((intOrPtr*)(_t195 + 0x18)) - 0x10 < 0) goto 0x63827c3f;
				E00007FF77FF763824428();
				 *((long long*)(_t195 + 0x10)) = _t283;
				 *((long long*)(_t195 + 0x18)) = _t265;
				 *_t195 = r12b;
				 *((intOrPtr*)(_t271 + 0x30)) = r12d;
				__imp__?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z();
				 *0x63836408 = _t162;
				r8d = 8;
				_t136 =  *0x63836530 -  *((intOrPtr*)(_t276 +  *((intOrPtr*)( *[gs:0x58])))); // 0x0
				if (_t136 > 0) goto 0x63827ece;
				goto 0x63827c99;
				 *0x63830048();
				_t165 =  *0x63836408; // 0x0
				_t197 =  *((intOrPtr*)( *_t165 + 0xd8));
				 *((long long*)(_t268 + 0x17)) = _t283;
				 *((long long*)(_t268 + 0x1f)) = _t265;
				 *((intOrPtr*)(_t268 + 7)) = r12b;
				 *((long long*)(_t268 - 9)) = _t283;
				 *((long long*)(_t268 - 1)) = _t265;
				 *((intOrPtr*)(_t268 - 0x19)) = r12b;
				__imp__??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z();
				 *0x63830048();
				_t167 =  *((intOrPtr*)(_t268 - 1));
				if (_t167 - 0x10 < 0) goto 0x63827d40;
				if (_t167 + 1 - _t197 < 0) goto 0x63827d3a;
				if ( *((intOrPtr*)(_t268 - 0x19)) -  *((intOrPtr*)( *((intOrPtr*)(_t268 - 0x19)) - 8)) - 8 - 0x1f <= 0) goto 0x63827d3a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				free(_t295);
				 *((long long*)(_t268 - 9)) = _t283;
				 *((long long*)(_t268 - 1)) = _t265;
				 *((intOrPtr*)(_t268 - 0x19)) = r12b;
				_t170 =  *((intOrPtr*)(_t268 + 0x1f));
				if (_t170 - 0x10 < 0) goto 0x63827e59;
				if (_t170 + 1 - _t197 < 0) goto 0x63827d81;
				if ( *((intOrPtr*)(_t268 + 7)) -  *((intOrPtr*)( *((intOrPtr*)(_t268 + 7)) - 8)) - 8 - 0x1f <= 0) goto 0x63827d81;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				free(_t288);
				goto 0x63827e59;
				 *((long long*)(_t268 + 0x17)) = _t283;
				 *((long long*)(_t268 + 0x1f)) = _t265;
				 *((intOrPtr*)(_t268 + 7)) = r12b;
				 *((long long*)(_t268 - 9)) = _t283;
				 *((long long*)(_t268 - 1)) = _t265;
				 *((intOrPtr*)(_t268 - 0x19)) = r12b;
				_t106 =  *0x63830048();
				_t224 =  *((intOrPtr*)(_t268 - 1));
				if (_t224 - 0x10 < 0) goto 0x63827e0a;
				if (_t224 + 1 - _t197 < 0) goto 0x63827e01;
				if ( *((intOrPtr*)(_t268 - 0x19)) -  *((intOrPtr*)( *((intOrPtr*)(_t268 - 0x19)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x63827e01;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				free(_t285);
				 *((long long*)(_t268 - 9)) = _t283;
				 *((long long*)(_t268 - 1)) = _t265;
				 *((intOrPtr*)(_t268 - 0x19)) = r12b;
				_t178 =  *((intOrPtr*)(_t268 + 0x1f));
				if (_t178 - 0x10 < 0) goto 0x63827e4d;
				if (_t178 + 1 - _t197 < 0) goto 0x63827e47;
				if ( *((intOrPtr*)(_t268 + 7)) -  *((intOrPtr*)( *((intOrPtr*)(_t268 + 7)) - 8)) - 8 - 0x1f <= 0) goto 0x63827e47;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				free(_t282);
				 *((long long*)(_t268 + 0x17)) = _t283;
				 *((long long*)(_t268 + 0x1f)) = _t265;
				 *((intOrPtr*)(_t268 + 7)) = r12b;
				__imp___Mtx_unlock();
				E00007FF77FF763823620();
				return _t106;
			}











































0x7ff763827a18
0x7ff763827a1b
0x7ff763827a1f
0x7ff763827a23
0x7ff763827a30
0x7ff763827a34
0x7ff763827a3b
0x7ff763827a42
0x7ff763827a45
0x7ff763827a4c
0x7ff763827a54
0x7ff763827a5c
0x7ff763827a62
0x7ff763827a67
0x7ff763827a6b
0x7ff763827a72
0x7ff763827a7a
0x7ff763827a84
0x7ff763827a8d
0x7ff763827a96
0x7ff763827a9f
0x7ff763827aa2
0x7ff763827aa7
0x7ff763827aab
0x7ff763827aaf
0x7ff763827abc
0x7ff763827ac1
0x7ff763827ac9
0x7ff763827acb
0x7ff763827ad4
0x7ff763827ae0
0x7ff763827ae9
0x7ff763827af0
0x7ff763827af2
0x7ff763827af6
0x7ff763827afc
0x7ff763827b01
0x7ff763827b09
0x7ff763827b0e
0x7ff763827b13
0x7ff763827b1a
0x7ff763827b1f
0x7ff763827b29
0x7ff763827b2f
0x7ff763827b38
0x7ff763827b41
0x7ff763827b44
0x7ff763827b52
0x7ff763827b5e
0x7ff763827b6c
0x7ff763827b6e
0x7ff763827b72
0x7ff763827b78
0x7ff763827b7d
0x7ff763827b85
0x7ff763827b8a
0x7ff763827b8f
0x7ff763827b96
0x7ff763827ba5
0x7ff763827bab
0x7ff763827bb2
0x7ff763827bb9
0x7ff763827bbf
0x7ff763827bc3
0x7ff763827bd3
0x7ff763827bd8
0x7ff763827bdb
0x7ff763827bea
0x7ff763827bf3
0x7ff763827bfa
0x7ff763827bfa
0x7ff763827c01
0x7ff763827c0b
0x7ff763827c10
0x7ff763827c17
0x7ff763827c21
0x7ff763827c26
0x7ff763827c32
0x7ff763827c3a
0x7ff763827c3f
0x7ff763827c43
0x7ff763827c47
0x7ff763827c4a
0x7ff763827c57
0x7ff763827c5d
0x7ff763827c6e
0x7ff763827c84
0x7ff763827c8a
0x7ff763827c90
0x7ff763827ca6
0x7ff763827cac
0x7ff763827cb6
0x7ff763827cbd
0x7ff763827cc1
0x7ff763827cc5
0x7ff763827cc9
0x7ff763827ccd
0x7ff763827cd1
0x7ff763827cdf
0x7ff763827cfb
0x7ff763827d09
0x7ff763827d11
0x7ff763827d20
0x7ff763827d31
0x7ff763827d33
0x7ff763827d39
0x7ff763827d3a
0x7ff763827d40
0x7ff763827d44
0x7ff763827d48
0x7ff763827d4c
0x7ff763827d54
0x7ff763827d67
0x7ff763827d78
0x7ff763827d7a
0x7ff763827d80
0x7ff763827d81
0x7ff763827d87
0x7ff763827d8f
0x7ff763827d98
0x7ff763827d9c
0x7ff763827da0
0x7ff763827da4
0x7ff763827da8
0x7ff763827dc2
0x7ff763827dd0
0x7ff763827dd8
0x7ff763827de7
0x7ff763827df8
0x7ff763827dfa
0x7ff763827e00
0x7ff763827e04
0x7ff763827e0a
0x7ff763827e0e
0x7ff763827e12
0x7ff763827e16
0x7ff763827e1e
0x7ff763827e2d
0x7ff763827e3e
0x7ff763827e40
0x7ff763827e46
0x7ff763827e47
0x7ff763827e4d
0x7ff763827e51
0x7ff763827e55
0x7ff763827e5c
0x7ff763827e6c
0x7ff763827e91

APIs
  • _Mtx_lock.MSVCP140_APP ref: 00007FF763827A5C
  • ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF763827A6B
    • Part of subcall function 00007FF763825EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF763825F64
    • Part of subcall function 00007FF763825EF0: ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF763825F6F
  • ??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827A96
  • ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827AD4
  • ?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827B38
  • ?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827B5E
  • ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827BEA
  • ?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827C57
  • ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827CDF
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763827D33
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763827D3A
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763827D7A
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763827D81
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763827DFA
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763827E04
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763827E40
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763827E47
  • _Mtx_unlock.MSVCP140_APP ref: 00007FF763827E5C
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763827F08
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP ref: 00007FF763827F13
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763827F45
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP ref: 00007FF763827F54
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@Events@$Microsoft@@V?$allocator@$Configuration@D@std@@U?$char_traits@V?$basic_string@$D@2@@std@@Module@_invalid_parameter_noinfo_noreturnfree$V?$shared_ptr@Variant@123@Xbad_alloc@std@@malloc$D@2@@std@@@2@U?$less@U?$pair@$$V?$map@Variant@$C_error@std@@Configuration@234@Get@ManagerManager@234@Microsoft@@@2@Microsoft@@@2@@std@@@2@@std@@Microsoft@@@std@@@Microsoft@@@std@@@2@@std@@Modules@Mtx_lockMtx_unlockProvider@Throw_W4status_t@234@@
  • String ID: primaryToken
  • API String ID: 1220052155-1782620652
  • Opcode ID: 42b182a54ff9e88db8ced20fd0c3bd3dc7d51d5eea9e92be707fa7ebd7efaa7c
  • Instruction ID: f6d90c91cc6b0d706f8b6deb86d4f35ac877328b6c0c46d660fbcc74ac0dc842
  • Opcode Fuzzy Hash: 42b182a54ff9e88db8ced20fd0c3bd3dc7d51d5eea9e92be707fa7ebd7efaa7c
  • Instruction Fuzzy Hash: EEF18F22A09B43C5FB80AB26E8849ECB3A5FB44F88B844435DA4D27755DF3ED564C3B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638261B9
    • Part of subcall function 00007FF7638276B0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7638261AF), ref: 00007FF76382773E
    • Part of subcall function 00007FF7638276B0: ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF7638261AF), ref: 00007FF763827749
    • Part of subcall function 00007FF7638276B0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7638261AF), ref: 00007FF76382777D
    • Part of subcall function 00007FF7638276B0: ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF7638261AF), ref: 00007FF76382778C
    • Part of subcall function 00007FF7638276B0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF7638261AF), ref: 00007FF7638277F3
  • ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638261DA
  • _Mtx_lock.MSVCP140_APP ref: 00007FF7638261F6
  • ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF763826202
  • _Mtx_unlock.MSVCP140_APP ref: 00007FF76382623C
  • ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763826270
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638262F0
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7638262F7
  • ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763826314
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763826381
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763826388
  • ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638263A5
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF76382641C
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763826423
  • _Mtx_lock.MSVCP140_APP ref: 00007FF763826476
  • ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF763826482
  • _Mtx_unlock.MSVCP140_APP ref: 00007FF7638264B8
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638264EA
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7638264F1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@Events@Microsoft@@free$_invalid_parameter_noinfo_noreturn$D@@@D_t@$C_error@std@@Configuration@Mtx_lockMtx_unlockThrow_Variant@123@Xbad_alloc@std@@malloc
  • String ID: Version$hostMode$sdkmode$sionId
  • API String ID: 1417228798-3186143502
  • Opcode ID: e83a30f1d6a97a412fa5a17c20c87335687ea136a9f60447a3243b79a164cdeb
  • Instruction ID: cb894cf8393cbd4e54dc54b0a4a0867442cc56004eefcd43a5c98a9d5a40fd22
  • Opcode Fuzzy Hash: e83a30f1d6a97a412fa5a17c20c87335687ea136a9f60447a3243b79a164cdeb
  • Instruction Fuzzy Hash: C1A18361A0CB83C2FA80AB65F454AA9F361FB85B80F900435EA8E67764DF7ED454C770
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: AppendAttributesCompareDirectoryFileOrdinalPathStringSystemXinvalid_argument@std@@Xout_of_range@std@@_errno_invalid_parameter_noinfo_noreturnfreememmovewcstoull
  • String ID: Microsoft.Windows.Hub.LoginPolicy.dll$Windows.Core$Windows.Team$invalid stoull argument$stoull argument out of range$tag
  • API String ID: 59334309-1814647449
  • Opcode ID: b58eab0a424a0df94b3d3d761079eb9c9fc4cc2ef3471da4ece22f463d0d7ac1
  • Instruction ID: d5fd4e753dd188728a776d91f2c216cb0de59a6ba9cbb28c4bf54d1283b4eccd
  • Opcode Fuzzy Hash: b58eab0a424a0df94b3d3d761079eb9c9fc4cc2ef3471da4ece22f463d0d7ac1
  • Instruction Fuzzy Hash: 1BD18D22A18B47C5FB80AB55E8805F9A761FF84B84F900131DA4D637A4DF3EE569C7B0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 25%
			E00007FF77FF76382C750(void* __eflags, signed short* __rcx, long long __rdx, void* _a16, char _a24, long long _a32) {
				void* _t100;
				intOrPtr _t107;
				short _t108;
				signed short _t142;
				signed short _t151;
				char* _t153;
				unsigned long long _t154;
				signed short _t158;
				signed short _t163;
				signed short _t168;
				signed short _t173;
				void* _t179;
				unsigned long long _t184;
				intOrPtr _t188;
				unsigned long long _t191;
				unsigned long long _t198;
				void* _t213;
				signed short _t219;
				void* _t238;
				signed long long _t240;
				void* _t241;
				signed long long _t242;
				void* _t243;
				signed short _t245;
				int _t248;
				signed short _t249;
				signed long long _t250;
				signed short _t252;
				void* _t260;
				signed long long _t261;
				int _t263;
				void* _t265;
				signed long long _t266;
				signed short _t267;
				signed long long _t268;
				void* _t269;
				void* _t271;
				signed long long _t272;
				signed long long _t273;
				signed long long _t274;

				_t142 = _t252;
				 *((intOrPtr*)(_t142 + 0x18)) = r8b;
				 *((long long*)(_t142 + 0x10)) = __rdx;
				 *((long long*)(_t142 + 8)) = __rcx;
				r12d = 0;
				 *((intOrPtr*)(_t142 - 0x58)) = r12d;
				__rcx[8] = _t260;
				__rcx[0xc] = 7;
				 *__rcx = r12w;
				 *((intOrPtr*)(_t142 - 0x58)) = 1;
				E00007FF77FF7638245A0(__rcx);
				__rcx[8] = __rcx;
				__rcx[0xc] = __rcx;
				 *_t142 =  *__rcx & 0x0000ffff;
				 *__rcx = _t142;
				__rcx[8] = _t260;
				_a24 = r12d;
				_a32 = 0x63830d40;
				_t15 = _t260 + 0x2d; // 0x2d
				r13d = _t15;
				if ( *0x63830d40 != r13b) goto 0x6382c8f2;
				_t240 = __rcx[8];
				_t266 = __rcx[0xc];
				if (_t240 - _t266 >= 0) goto 0x6382c826;
				__rcx[8] = _t240 + 1;
				if (_t266 - 8 < 0) goto 0x6382c81a;
				 *( *__rcx + _t240 * 2) = 0x2d;
				goto 0x6382cb50;
				if (0xfffffffe - _t240 - 1 < 0) goto 0x6382cba6;
				_t272 = _t240 + 1;
				if ((_t272 | 0x00000007) - 0xfffffffe <= 0) goto 0x6382c84b;
				goto 0x6382c867;
				_t184 = _t266 >> 1;
				if (_t266 - 0xfffffffe - _t184 > 0) goto 0x6382c846;
				_t151 = _t184 + _t266;
				_t24 = ( <  ? _t151 : 0xfffffffe) + 1; // 0x7fffffffffffffff
				if (_t24 - 0xffffffff > 0) goto 0x6382cba0;
				E00007FF77FF7638245A0(_t24 + _t24);
				_t249 = _t151;
				__rcx[8] = _t272;
				__rcx[0xc] =  <  ? _t151 : 0xfffffffe;
				_t241 = _t240 + _t240;
				if (_t266 - 8 < 0) goto 0x6382c8e1;
				_t219 =  *__rcx;
				memcpy(_t271, _t265, _t263);
				 *(_t241 + _t249) = 0x2d;
				if (2 + _t266 * 2 - 0x1000 < 0) goto 0x6382c8d0;
				_t188 =  *((intOrPtr*)(_t219 - 8));
				_t31 = _t219 - _t188 - 8; // 0x7ffffffffffffff6
				_t153 = _t31;
				if (_t153 - 0x1f > 0) goto 0x6382cb85;
				free(_t260);
				 *__rcx = _t249;
				goto 0x6382cb49;
				memcpy(_t213, _t238, _t248);
				 *(_t241 + _t249) = 0x2d;
				goto 0x6382c8d9;
				_t154 =  *_t153;
				r13d =  *(_t154 + _t188) & 0x000000ff;
				r12d =  *((char*)((_t154 >> 4) + _t241));
				_t242 = __rcx[8];
				_t273 = __rcx[0xc];
				if (_t242 - _t273 >= 0) goto 0x6382c93b;
				__rcx[8] = _t242 + 1;
				if (_t273 - 8 < 0) goto 0x6382c928;
				_t158 =  *__rcx;
				 *(_t158 + _t242 * 2) = r12w;
				r12d = 0;
				 *(_t158 + 2 + _t242 * 2) = r12w;
				goto 0x6382ca2b;
				if (__rcx - _t242 - 1 < 0) goto 0x6382cba6;
				_t250 = _t242 + 1;
				if ((_t250 | 0x00000007) - __rcx <= 0) goto 0x6382c960;
				goto 0x6382c97c;
				_t191 = _t273 >> 1;
				if (_t273 - __rcx - _t191 > 0) goto 0x6382c95b;
				_t163 = _t273 + _t191;
				_t46 = ( <  ? _t163 : __rcx) + 1; // 0x7fffffffffffffff
				if (_t46 - _t241 > 0) goto 0x6382cba0;
				E00007FF77FF7638245A0(_t46 + _t46);
				_t267 = _t163;
				__rcx[8] = _t250;
				__rcx[0xc] =  <  ? _t163 : __rcx;
				_t243 = _t242 + _t242;
				if (_t273 - 8 < 0) goto 0x6382c9f7;
				memcpy(??, ??, ??);
				 *(_t267 + _t243) = r12w;
				r12d = 0;
				 *(_t267 + _t243 + 2) = r12w;
				if (2 + _t273 * 2 - 0x1000 < 0) goto 0x6382c9ec;
				_t55 =  *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8; // 0x7ffffffffffffff6
				if (_t55 - 0x1f > 0) goto 0x6382cb85;
				free(_t179);
				goto 0x6382ca0d;
				memcpy(??, ??, ??);
				 *(_t267 + _t243) = r12w;
				r12d = 0;
				 *(_t267 + _t243 + 2) = r12w;
				 *__rcx = _t267;
				r13d = r13d & 0x0000000f;
				_t108 =  *((char*)("0123456789ABCDEF" + _t263));
				_t268 = __rcx[8];
				_t274 = __rcx[0xc];
				if (_t268 - _t274 >= 0) goto 0x6382ca72;
				__rcx[8] = _t268 + 1;
				if (_t274 - 8 < 0) goto 0x6382ca5c;
				_t168 =  *__rcx;
				 *((short*)(_t168 + _t268 * 2)) = _t108;
				 *(_t168 + 2 + _t268 * 2) = r12w;
				r13d = 0x2d;
				goto 0x6382cb57;
				if (0xfffffffe - _t268 - 1 < 0) goto 0x6382cba6;
				_t261 = _t268 + 1;
				if ((_t261 | 0x00000007) - 0xfffffffe <= 0) goto 0x6382ca97;
				goto 0x6382cab3;
				_t198 = _t274 >> 1;
				if (_t274 - 0xfffffffe - _t198 > 0) goto 0x6382ca92;
				_t173 = _t274 + _t198;
				_t72 = ( <  ? _t173 : 0xfffffffe) + 1; // 0x7fffffffffffffff
				if (_t72 - 0xffffffff > 0) goto 0x6382cba0;
				E00007FF77FF7638245A0(_t72 + _t72);
				_t245 = _t173;
				__rcx[8] = _t261;
				__rcx[0xc] =  <  ? _t173 : 0xfffffffe;
				_t269 = _t268 + _t268;
				if (_t274 - 8 < 0) goto 0x6382cb2a;
				memcpy(??, ??, ??);
				 *((short*)(_t245 + _t269)) = _t108;
				r12d = 0;
				 *(_t269 + _t245 + 2) = r12w;
				if (2 + _t274 * 2 - 0x1000 < 0) goto 0x6382cb1f;
				_t81 =  *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8; // 0x7ffffffffffffff6
				if (_t81 - 0x1f > 0) goto 0x6382cb85;
				free(??);
				goto 0x6382cb40;
				_t100 = memcpy(??, ??, ??);
				 *((short*)(_t245 + _t269)) = _t108;
				r12d = 0;
				 *(_t269 + _t245 + 2) = r12w;
				r13d = 0x2d;
				 *__rcx = _t245;
				_t107 = _a24 + 1;
				_a24 = _t107;
				_a32 = _a32 + 1;
				if (_t107 - 0x14 >= 0) goto 0x6382cb8c;
				goto 0x6382c7dc;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return _t100;
			}











































0x7ff76382c750
0x7ff76382c753
0x7ff76382c757
0x7ff76382c75b
0x7ff76382c775
0x7ff76382c778
0x7ff76382c77c
0x7ff76382c780
0x7ff76382c788
0x7ff76382c78c
0x7ff76382c798
0x7ff76382c7a2
0x7ff76382c7a6
0x7ff76382c7ad
0x7ff76382c7b0
0x7ff76382c7b3
0x7ff76382c7ba
0x7ff76382c7c8
0x7ff76382c7d0
0x7ff76382c7d0
0x7ff76382c7f3
0x7ff76382c7f9
0x7ff76382c7fd
0x7ff76382c804
0x7ff76382c80a
0x7ff76382c815
0x7ff76382c81a
0x7ff76382c821
0x7ff76382c830
0x7ff76382c836
0x7ff76382c844
0x7ff76382c849
0x7ff76382c84e
0x7ff76382c85a
0x7ff76382c85c
0x7ff76382c867
0x7ff76382c86e
0x7ff76382c877
0x7ff76382c87c
0x7ff76382c87f
0x7ff76382c883
0x7ff76382c887
0x7ff76382c894
0x7ff76382c896
0x7ff76382c89c
0x7ff76382c8a1
0x7ff76382c8b6
0x7ff76382c8b8
0x7ff76382c8bf
0x7ff76382c8bf
0x7ff76382c8c7
0x7ff76382c8d3
0x7ff76382c8d9
0x7ff76382c8dc
0x7ff76382c8e4
0x7ff76382c8e9
0x7ff76382c8f0
0x7ff76382c8f2
0x7ff76382c8f6
0x7ff76382c902
0x7ff76382c907
0x7ff76382c90b
0x7ff76382c912
0x7ff76382c918
0x7ff76382c923
0x7ff76382c925
0x7ff76382c928
0x7ff76382c92d
0x7ff76382c930
0x7ff76382c936
0x7ff76382c945
0x7ff76382c94b
0x7ff76382c959
0x7ff76382c95e
0x7ff76382c963
0x7ff76382c96f
0x7ff76382c971
0x7ff76382c97c
0x7ff76382c983
0x7ff76382c98c
0x7ff76382c991
0x7ff76382c994
0x7ff76382c998
0x7ff76382c99c
0x7ff76382c9a9
0x7ff76382c9b1
0x7ff76382c9b6
0x7ff76382c9bb
0x7ff76382c9be
0x7ff76382c9d2
0x7ff76382c9db
0x7ff76382c9e3
0x7ff76382c9ef
0x7ff76382c9f5
0x7ff76382c9fa
0x7ff76382c9ff
0x7ff76382ca04
0x7ff76382ca07
0x7ff76382ca28
0x7ff76382ca2b
0x7ff76382ca36
0x7ff76382ca3b
0x7ff76382ca3f
0x7ff76382ca46
0x7ff76382ca4c
0x7ff76382ca57
0x7ff76382ca59
0x7ff76382ca5c
0x7ff76382ca61
0x7ff76382ca67
0x7ff76382ca6d
0x7ff76382ca7c
0x7ff76382ca82
0x7ff76382ca90
0x7ff76382ca95
0x7ff76382ca9a
0x7ff76382caa6
0x7ff76382caa8
0x7ff76382cab3
0x7ff76382caba
0x7ff76382cac3
0x7ff76382cac8
0x7ff76382cacb
0x7ff76382cacf
0x7ff76382cad3
0x7ff76382cae0
0x7ff76382cae8
0x7ff76382caed
0x7ff76382caf2
0x7ff76382caf5
0x7ff76382cb09
0x7ff76382cb12
0x7ff76382cb1a
0x7ff76382cb22
0x7ff76382cb28
0x7ff76382cb2d
0x7ff76382cb32
0x7ff76382cb37
0x7ff76382cb3a
0x7ff76382cb40
0x7ff76382cb46
0x7ff76382cb57
0x7ff76382cb59
0x7ff76382cb6b
0x7ff76382cb76
0x7ff76382cb80
0x7ff76382cb85
0x7ff76382cb8b
0x7ff76382cb9f

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: memcpy$free$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
  • String ID: 0123456789ABCDEF
  • API String ID: 353111918-2554083253
  • Opcode ID: 38752e0108511b74dd97f2f7b16cce1a7a833a33c39ba1c7e2433c64bcd34233
  • Instruction ID: 2fc9a090055b5cffc4c656b9534c5b81f2f569dbd7b7dbd71b1fc4bac3161406
  • Opcode Fuzzy Hash: 38752e0108511b74dd97f2f7b16cce1a7a833a33c39ba1c7e2433c64bcd34233
  • Instruction Fuzzy Hash: 91C1E222B18782C1EB54AF21E5186BDA366FB04FD4F904631CA5E13B95DF7EE065C3A0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001000,00007FF763827188), ref: 00007FF763827267
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638272BA
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638272CB
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638272DC
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638272EE
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638272FF
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF76382735F
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638273C2
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7638273C9
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF7638273E7
  • ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827406
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827412
  • ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827450
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@Events@Microsoft@@$EventProperty@$U0123@$D@2@@std@@@D@std@@U0123@_U?$char_traits@V?$allocator@V?$basic_string@$D@@@D_t@D_t@123@@_invalid_parameter_noinfo_noreturnfree
  • String ID:
  • API String ID: 3942560593-0
  • Opcode ID: 960f0509c9023aa9ea016847a47e6432d91cc78f79ba9d7c9a84d76468cf1b0b
  • Instruction ID: cded1ab40e9f9a7c37e35a8566ac4a84f49f8bae3affc1a2fda2dc6005140a17
  • Opcode Fuzzy Hash: 960f0509c9023aa9ea016847a47e6432d91cc78f79ba9d7c9a84d76468cf1b0b
  • Instruction Fuzzy Hash: 7061B422E08613C5F684AB66D858AFCA771FB45794FC04131EA4E26B95CF2EA564C2B0
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Process$CurrentOnce$BackgroundConfig@ExecuteHx@@_InformationInitInitialize@InterruptOutlookOutlook@@QueryTelemetry@TerminateTimeUnbiased_invalid_parameter_noinfo_noreturnfree
  • String ID: Crash
  • API String ID: 3505764528-371843035
  • Opcode ID: f3ed5057f3d9886f0ae2c6791daee42a788f8160ff17d94c43644412faafab33
  • Instruction ID: 45427da0224086d14f9b5d5d49d6ef1a4b9df3fe2a5267b0b012815f73d3494d
  • Opcode Fuzzy Hash: f3ed5057f3d9886f0ae2c6791daee42a788f8160ff17d94c43644412faafab33
  • Instruction Fuzzy Hash: 04716D22E08683C9F781EFA4E8906F8B761EB54748FD04136D94D63765DF2EA1A5C370
Uniqueness

Uniqueness Score: -1.00%

APIs
  • memcpy.VCRUNTIME140_APP(?,00000000,?,00007FF76382C0CB,?,?,?,00007FF76382C434,?,?,?,00007FF76382C292), ref: 00007FF76382C1C8
  • memcpy.VCRUNTIME140_APP(?,00000000,?,00007FF76382C0CB,?,?,?,00007FF76382C434,?,?,?,00007FF76382C292), ref: 00007FF76382C1E2
  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76382C206
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C2F0
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C2F7
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C341
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C348
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo_noreturnfreememcpy$Concurrency::cancel_current_task
  • String ID:
  • API String ID: 3034246535-0
  • Opcode ID: 182cd21c12bbfa9b1df39c48964d619f88686d9def3c22fa55ba9a8a6b6bef0d
  • Instruction ID: 9176e5d47cb90f2c046e42154f7ecd2b0f14770ed303412f2c093e3a94505068
  • Opcode Fuzzy Hash: 182cd21c12bbfa9b1df39c48964d619f88686d9def3c22fa55ba9a8a6b6bef0d
  • Instruction Fuzzy Hash: 7E51A222F14B42C5EB40AB65E8486ECB375FB44B94F944631DE5C27BA6DF39D0A1C3A0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 60%
			E00007FF77FF763827020(long long __rbx, void* __rcx, void* __rdx, signed int __r8) {
				void* __rsi;
				void* __rbp;
				void* _t49;
				signed long long _t69;
				intOrPtr _t71;
				intOrPtr _t74;
				intOrPtr _t78;
				intOrPtr* _t82;
				void* _t114;
				void* _t117;
				intOrPtr _t118;
				void* _t120;
				void* _t121;
				void* _t123;
				signed long long _t124;
				signed long long _t128;
				signed long long _t131;
				long long _t135;
				void* _t137;
				void* _t139;
				void* _t142;

				 *((long long*)(_t123 + 8)) = __rbx;
				_t121 = _t123 - 0x27;
				_t124 = _t123 - 0x90;
				_t69 =  *0x63836010; // 0x6361b5e8cd9a
				 *(_t121 + 0x17) = _t69 ^ _t124;
				_t82 =  *__r8;
				_t118 =  *((intOrPtr*)(__r8 + 8));
				if (_t82 == _t118) goto 0x63827201;
				r12d = 0;
				r13d = 0x1000;
				if ( *((char*)(_t82 + 0x18)) != 1) goto 0x63827174;
				if ( *((intOrPtr*)(_t82 + 0x19)) == r12b) goto 0x63827174;
				if ( *((intOrPtr*)(__rcx + 2)) == r12b) goto 0x638271f4;
				_t102 =  !=  ?  *((void*)(_t82 + 8)) : 0x63830ab1;
				 *((long long*)(_t121 - 0x21)) = _t135;
				 *((long long*)(_t121 - 0x19)) = 0xf;
				 *((intOrPtr*)(_t121 - 0x31)) = r12b;
				_t128 = (__r8 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(0x63830ab1 + _t128)) != r12b) goto 0x638270ab;
				_t14 = _t121 - 0x31; // 0xfcf
				E00007FF77FF763824318(_t82, _t14,  !=  ?  *((void*)(_t82 + 8)) : 0x63830ab1, _t118, _t128);
				 *((long long*)(_t121 - 1)) = _t135;
				 *((long long*)(_t121 + 7)) = 0xf;
				 *((intOrPtr*)(_t121 - 0x11)) = r12b;
				if ( *((intOrPtr*)( *_t82 + (_t128 | 0xffffffff) + 1)) != r12b) goto 0x638270d4;
				_t19 = _t121 - 0x11; // 0xfef
				E00007FF77FF763824318(_t82, _t19,  *_t82, _t118, (_t128 | 0xffffffff) + 1);
				 *((intOrPtr*)(_t124 + 0x20)) = r12d;
				r9d = 0xa;
				_t21 = _t121 - 0x31; // 0xfcf
				_t131 = _t21;
				__imp__?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z(_t135, _t114, _t117, _t120);
				_t71 =  *((intOrPtr*)(_t121 + 7));
				if (_t71 - 0x10 < 0) goto 0x63827137;
				if (_t71 + 1 - _t137 < 0) goto 0x63827130;
				if ( *((intOrPtr*)(_t121 - 0x11)) -  *((intOrPtr*)( *((intOrPtr*)(_t121 - 0x11)) - 8)) - 8 - 0x1f > 0) goto 0x63827228;
				free(_t142);
				_t74 =  *((intOrPtr*)(_t121 - 0x19));
				if (_t74 - 0x10 < 0) goto 0x638271f4;
				if (_t74 + 1 - _t137 < 0) goto 0x638271ee;
				if ( *((intOrPtr*)(_t121 - 0x31)) -  *((intOrPtr*)( *((intOrPtr*)(_t121 - 0x31)) - 8)) - 8 - 0x1f <= 0) goto 0x638271ee;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t31 = _t121 - 0x11; // 0xfef
				 *((long long*)(_t121 - 0x39)) = _t31;
				_t33 = _t121 - 0x11; // 0xfef
				E00007FF77FF763827238(_t82, _t33, _t82, _t131, _t139);
				 *((long long*)(_t121 - 0x21)) = _t135;
				 *((long long*)(_t121 - 0x19)) = 0xf;
				 *((intOrPtr*)(_t121 - 0x31)) = r12b;
				if ( *((intOrPtr*)( *_t82 + (_t131 | 0xffffffff) + 1)) != r12b) goto 0x638271a2;
				_t38 = _t121 - 0x31; // 0xfcf
				_t49 = E00007FF77FF763824318(_t82, _t38,  *_t82, _t118, (_t131 | 0xffffffff) + 1);
				__imp__?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z();
				_t78 =  *((intOrPtr*)(_t121 - 0x19));
				if (_t78 - 0x10 < 0) goto 0x638271f4;
				if (_t78 + 1 - _t137 < 0) goto 0x638271ee;
				if ( *((intOrPtr*)(_t121 - 0x31)) -  *((intOrPtr*)( *((intOrPtr*)(_t121 - 0x31)) - 8)) - 8 - 0x1f > 0) goto 0x6382722f;
				free(_t137);
				if (_t82 + 0x20 != _t118) goto 0x63827069;
				E00007FF77FF763823620();
				return _t49;
			}
























0x7ff763827020
0x7ff763827030
0x7ff763827035
0x7ff76382703c
0x7ff763827046
0x7ff763827050
0x7ff763827053
0x7ff76382705a
0x7ff763827060
0x7ff763827063
0x7ff76382706d
0x7ff763827077
0x7ff763827081
0x7ff763827092
0x7ff763827097
0x7ff76382709b
0x7ff7638270a3
0x7ff7638270ab
0x7ff7638270b2
0x7ff7638270b4
0x7ff7638270b8
0x7ff7638270c0
0x7ff7638270c4
0x7ff7638270cc
0x7ff7638270db
0x7ff7638270dd
0x7ff7638270e1
0x7ff7638270e6
0x7ff7638270eb
0x7ff7638270f1
0x7ff7638270f1
0x7ff7638270fc
0x7ff763827102
0x7ff76382710a
0x7ff763827119
0x7ff76382712a
0x7ff763827130
0x7ff763827137
0x7ff76382713f
0x7ff763827152
0x7ff763827167
0x7ff76382716d
0x7ff763827173
0x7ff763827174
0x7ff763827178
0x7ff76382717f
0x7ff763827183
0x7ff76382718e
0x7ff763827192
0x7ff76382719a
0x7ff7638271a9
0x7ff7638271ab
0x7ff7638271af
0x7ff7638271be
0x7ff7638271c4
0x7ff7638271cc
0x7ff7638271db
0x7ff7638271ec
0x7ff7638271ee
0x7ff7638271fb
0x7ff763827208
0x7ff763827227

APIs
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF7638270FC
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF763827130
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF76382716D
  • ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF7638271BE
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF7638271EE
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF763827228
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?), ref: 00007FF76382722F
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Event_invalid_parameter_noinfo_noreturn$Applications@D@std@@Events@Microsoft@@Properties@Property@U?$char_traits@V?$allocator@V?$basic_string@free$Category@234@@D@2@@std@@D@2@@std@@0DataKind@234@Property@234@@
  • String ID:
  • API String ID: 2157271762-0
  • Opcode ID: 81788447d38690d03aa5fa6fae68a02753b042c07d2d50d4ddfd0c4037c56433
  • Instruction ID: a631d1e2efed9d7b5401a8d4d7fcbb982f34425c00f17e547c48bb6bde83723b
  • Opcode Fuzzy Hash: 81788447d38690d03aa5fa6fae68a02753b042c07d2d50d4ddfd0c4037c56433
  • Instruction Fuzzy Hash: 3151C462B08A42D9FB40EB76D454AECA371EB45B98FC00631DE2D277D5CE39D469C3A0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: ExclusiveLock$Release$Acquire$malloc
  • String ID:
  • API String ID: 1095099974-0
  • Opcode ID: c973d06fc1a06cddf6cb8a683b99e85ca3c0ba3119766efd78a5d60eaaa4742d
  • Instruction ID: 99a655433665789625449ee15be685d895fdff406710793b3dc426d94076ac59
  • Opcode Fuzzy Hash: c973d06fc1a06cddf6cb8a683b99e85ca3c0ba3119766efd78a5d60eaaa4742d
  • Instruction Fuzzy Hash: 22516E66608B07C6EB95AF56D8507B8A3A0FB59F84FA54431CE0E27360CF3ED465C3A0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF763823003), ref: 00007FF7638250F3
  • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF763825109
    • Part of subcall function 00007FF763823C58: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF763825154), ref: 00007FF763823C76
  • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF76382517A
  • AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7638251EC
  • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF763825229
  • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF76382524E
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: ExclusiveLock$Release$Acquire$malloc
  • String ID:
  • API String ID: 1095099974-0
  • Opcode ID: 007a11594e550cff8f3074c31522107c64956b9b2d49f4f1bfe18f6a2622c10d
  • Instruction ID: b13e5246d5cb019995131acaf1fe8473f36b79f7fb4ee09dcb79cdec791a5c66
  • Opcode Fuzzy Hash: 007a11594e550cff8f3074c31522107c64956b9b2d49f4f1bfe18f6a2622c10d
  • Instruction Fuzzy Hash: 21517C22B49B47C6EA95EF66D4408B9E360FB45F80B954431CE0D27394DF2EE855C3B0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 68%
			_entry_(long long __rbx, long long _a32) {

				L1();
				goto 0x6382349c;
				asm("int3");
				_a32 = __rbx;
			}



0x7ff763821094
0x7ff76382109d
0x7ff7638210a2
0x7ff7638210a4

APIs
    • Part of subcall function 00007FF7638210A4: GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00007FF7638210D0
    • Part of subcall function 00007FF7638210A4: GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7638210DE
    • Part of subcall function 00007FF7638210A4: GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7638210EA
    • Part of subcall function 00007FF7638210A4: QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0 ref: 00007FF7638210FA
  • __scrt_initialize_crt.LIBCMT ref: 00007FF7638234AB
  • __scrt_release_startup_lock.LIBCMT ref: 00007FF76382352E
  • _register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF76382357C
  • _get_narrow_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763823589
  • _cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638235B2
  • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF76382360B
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_narrow_winmain_command_line_register_thread_local_exe_atexit_callback
  • String ID:
  • API String ID: 4225398245-0
  • Opcode ID: 1fbb49ee7c389e7ebb79cb7960bea0ea33ca1fd20df29107d1165f233adcc06b
  • Instruction ID: 71ed1d539acf34d3902dd6f024b0d8c2d35837617a459c119253f12e87330120
  • Opcode Fuzzy Hash: 1fbb49ee7c389e7ebb79cb7960bea0ea33ca1fd20df29107d1165f233adcc06b
  • Instruction Fuzzy Hash: D3316B60E0C203CAFAD5BB249962AF9E6919F51344FD00035D91D373D3DEAFA869C6B4
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140_APP ref: 00007FF76382A6D5
  • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140_APP ref: 00007FF76382A6FC
  • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140_APP ref: 00007FF76382A734
  • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140_APP ref: 00007FF76382A763
  • ?uncaught_exception@std@@YA_NXZ.MSVCP140_APP ref: 00007FF76382A769
  • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140_APP ref: 00007FF76382A778
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
  • String ID:
  • API String ID: 3901553425-0
  • Opcode ID: a5aa93bee1748aa60f2e01f3a9ce893c1acbb35ffaa732086a427c44ec57b534
  • Instruction ID: 023e8f59240a7bc7b98e5b570a7f17460146a2d77371b2154d65ae114d53613a
  • Opcode Fuzzy Hash: a5aa93bee1748aa60f2e01f3a9ce893c1acbb35ffaa732086a427c44ec57b534
  • Instruction Fuzzy Hash: 31415B62A08E42C5EB609B15D480A79E7A1FF84F91F558132CE4D63768CF3ED896C7A0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: AllocCreateFreeMarshalerTaskThreaded_errno_invalid_parameter_noinfomallocmemcpymemset
  • String ID:
  • API String ID: 1102017398-0
  • Opcode ID: 26da227945d19f0f0fa7ef6f7cf72aed3d4c32104eefaa3609d3c29f90144937
  • Instruction ID: 0e3ac8c2178c72bc53133a6e6cb06d505920ef1cd2a9a25c6bfebc5a02db8da5
  • Opcode Fuzzy Hash: 26da227945d19f0f0fa7ef6f7cf72aed3d4c32104eefaa3609d3c29f90144937
  • Instruction Fuzzy Hash: 1D414D36605B47C6EB84AF22E850AA9B7A4FB44F94F854035CE0D27364DF3EE465C3A0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS(?,?,00000000,00007FF7638268EA), ref: 00007FF76382653E
  • _Mtx_lock.MSVCP140_APP(?,?,00000000,00007FF7638268EA), ref: 00007FF76382655A
  • ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP(?,?,00000000,00007FF7638268EA), ref: 00007FF763826566
  • _Mtx_unlock.MSVCP140_APP(?,?,00000000,00007FF7638268EA), ref: 00007FF7638265A0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@C_error@std@@Configuration@Events@Microsoft@@Mtx_lockMtx_unlockThrow_Variant@123@
  • String ID: hostMode
  • API String ID: 233330023-2357876354
  • Opcode ID: 257a5d02b991e0e6f34119e55f6f5328f45713c9423fbad51a6875185a224774
  • Instruction ID: 3fc33d1a509ea48dec721a8e45bd2e8a66e30477d7e6fbaf3eaec83e86952dc5
  • Opcode Fuzzy Hash: 257a5d02b991e0e6f34119e55f6f5328f45713c9423fbad51a6875185a224774
  • Instruction Fuzzy Hash: 95011650E09643C6FEC4BB65D498AF4A3909F85F51F944035D90E67365DF2DD4A4C370
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00007FF77FF7638276B0(void* __rdx) {
				void* _t4;
				intOrPtr _t7;

				_t7 =  *((intOrPtr*)( *[gs:0x58]));
				_t4 =  *0x638364a8 -  *((intOrPtr*)(__rdx + _t7)); // 0x0
				if (_t4 > 0) goto 0x63827714;
				return  *((intOrPtr*)(__rdx + _t7));
			}





0x7ff7638276c4
0x7ff7638276d1
0x7ff7638276d7
0x7ff7638276e1

APIs
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7638261AF), ref: 00007FF76382773E
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF7638261AF), ref: 00007FF763827749
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7638261AF), ref: 00007FF76382777D
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00007FF7638261AF), ref: 00007FF76382778C
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF7638261AF), ref: 00007FF7638277F3
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Xbad_alloc@std@@malloc$free
  • String ID:
  • API String ID: 3279272377-0
  • Opcode ID: d00a70aeef4b9791567f5e838494c793b3222b4bd2b51222220f1c755c2230d2
  • Instruction ID: 66b09411f53c32b4725b10d0d04358ef960c9f0a26c8e0736a95339e409c8d32
  • Opcode Fuzzy Hash: d00a70aeef4b9791567f5e838494c793b3222b4bd2b51222220f1c755c2230d2
  • Instruction Fuzzy Hash: 53416A22A19E43C5FB80AB55E8807A9B3A0FB54B58F944234C65D237A5CF7EE564C3B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _Mtx_lock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF763826845), ref: 00007FF763827551
  • ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF763826845), ref: 00007FF76382755F
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638275D6
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7638275DD
  • _Mtx_unlock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF763826845), ref: 00007FF7638275E7
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: C_error@std@@Mtx_lockMtx_unlockThrow__invalid_parameter_noinfo_noreturnfree
  • String ID:
  • API String ID: 4004452888-0
  • Opcode ID: eccfde8d185437d2fe95423f817bd9944db6fd48e3658161173552c1420d63ac
  • Instruction ID: e1f499bd719f0bb84e5cd7558d3176320140c644d18b0e410fd9ac53eb8168ea
  • Opcode Fuzzy Hash: eccfde8d185437d2fe95423f817bd9944db6fd48e3658161173552c1420d63ac
  • Instruction Fuzzy Hash: 27216531608B47C5EA80AB56E958AA9E3A0FB89FD0FC00432E94E63765CF3DD495C770
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00007FF77FF76382ACAC(void* __eax, void* __ecx) {
				signed long long _v24;
				signed long long _t8;
				void* _t10;

				if (__ecx >= 0) goto 0x6382ace3;
				_t8 =  *0x63836010; // 0x6361b5e8cd9a
				_v24 = _t8 ^ _t10 - 0x000000a8;
				if (__ecx == 0x80004001) goto 0x6382ad3d;
				if (__ecx == 0x80004002) goto 0x6382ad21;
				if (__ecx == 0x8007000e) goto 0x6382ad05;
				goto 0x6382ace4;
				return __eax;
			}






0x7ff76382acae
0x7ff76382acb7
0x7ff76382acc1
0x7ff76382accf
0x7ff76382acd7
0x7ff76382acdf
0x7ff76382ace1
0x7ff76382ace3

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: ExceptionThrow$std::bad_exception::bad_exception
  • String ID:
  • API String ID: 387331647-0
  • Opcode ID: 9a1c917b8a5e80f0089599c090369ac78629b78a85147853e3893e5ae8b9e20a
  • Instruction ID: f5cdf9fe4579d372cfda9f1e5b1ab1276294f875227d1e2709b7a6c3cc28df1c
  • Opcode Fuzzy Hash: 9a1c917b8a5e80f0089599c090369ac78629b78a85147853e3893e5ae8b9e20a
  • Instruction Fuzzy Hash: 5911A322A1C547C1FAA4F724D4956F9D3A0BF84304FC01536E58E62BB5DE2EE628C770
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: C_error@std@@Concurrency::cancel_current_taskMtx_lockMtx_unlockThrow_malloc
  • String ID:
  • API String ID: 3007590470-0
  • Opcode ID: 20569c17af950825d567f6c3baca4002e80302bceb60c37f92593e9b0259be97
  • Instruction ID: 7a21e434e3928e1ae5f42dc23df73577b0c603da8daf36a3a1bc89be5874a076
  • Opcode Fuzzy Hash: 20569c17af950825d567f6c3baca4002e80302bceb60c37f92593e9b0259be97
  • Instruction Fuzzy Hash: A2011E65F09B43C2FEC4AB55E8949B5A2A0AF84F80F840435D90E27764DF2ED874C370
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF763825023
  • TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF76382502E
    • Part of subcall function 00007FF7638236B0: AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF763821463), ref: 00007FF7638236C0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Process$AcquireCurrentExclusiveLockTerminate
  • String ID: Crash$Windows.ApplicationModel.Core.CoreApplication
  • API String ID: 2246984814-1435419972
  • Opcode ID: a0d192f833ff1cc13f836155b787f1f4c3547dd23fe1bd87b116ff744c27af9c
  • Instruction ID: 3874b06ebe6376107714d51317c9718cb3b0d7242785b99837c689686a469f17
  • Opcode Fuzzy Hash: a0d192f833ff1cc13f836155b787f1f4c3547dd23fe1bd87b116ff744c27af9c
  • Instruction Fuzzy Hash: 83512C21A18B47C2FA90AB55E8906F9A360FF88B44FD00132D94D67764DF3EE569C7B0
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: __current_exception__current_exception_contextterminate
  • String ID: csm
  • API String ID: 2542180945-1018135373
  • Opcode ID: ceef7e9a641663984bc4114f213290486d3c183bb69c83ce7608c2b192109172
  • Instruction ID: 62e4f3ffa8aae6dfa954cf0131da2b79d56a19c2488c5b7f7c8a4448df41e593
  • Opcode Fuzzy Hash: ceef7e9a641663984bc4114f213290486d3c183bb69c83ce7608c2b192109172
  • Instruction Fuzzy Hash: 02F04437605B46CAC350AF21E8908AC7764FB88B88B896130FA8D47719CF38D8A0C364
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 70%
			E00007FF77FF763825EF0(void* __eflags, long long __rbx, long long __rcx, void* __rdx, void* __r8) {
				void* __rsi;
				void* __rbp;
				intOrPtr _t60;
				signed long long _t76;
				signed long long _t85;
				signed long long* _t89;
				signed long long _t91;
				signed long long _t92;
				signed long long _t93;
				long long _t99;
				long long _t101;
				long long* _t111;
				long long* _t112;
				void* _t114;
				signed long long* _t115;
				signed long long _t117;
				intOrPtr _t118;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;
				intOrPtr* _t129;
				void* _t131;
				long long _t132;
				int _t134;
				intOrPtr _t135;

				 *((long long*)(_t124 + 0x18)) = __rbx;
				 *((long long*)(_t124 + 8)) = __rcx;
				_t125 = _t124 - 0x40;
				_t122 = __rdx;
				_t132 = __rcx;
				 *((long long*)(__rcx)) = 0x63830540;
				 *(__rcx + 8) =  *((intOrPtr*)(__rdx + 8));
				 *(__rcx + 8) =  *((intOrPtr*)(__rdx + 8));
				 *(__rcx + 8) =  *((intOrPtr*)(__rdx + 8));
				 *(__rcx + 8) =  *((intOrPtr*)(__rdx + 8));
				_t76 =  *((intOrPtr*)(__rdx + 8));
				 *(__rcx + 8) = _t76;
				E00007FF77FF763825B74(__rbx, __rcx + 0x10, __rdx + 0x10, _t117);
				_t89 = _t132 + 0x30;
				 *_t89 = _t117;
				_t89[1] = _t117;
				 *(_t125 + 0x20) = _t89;
				 *(_t125 + 0x28) = _t89;
				malloc(_t134);
				if (_t76 != 0) goto 0x63825f76;
				__imp__?_Xbad_alloc@std@@YAXXZ(_t114, _t117, _t121);
				asm("int3");
				 *_t76 = _t76;
				 *(_t76 + 8) = _t76;
				 *(_t76 + 0x10) = _t76;
				 *((short*)(_t76 + 0x18)) = 0x101;
				 *_t89 = _t76;
				r9b =  *((intOrPtr*)(_t125 + 0x70));
				E00007FF77FF763828664(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x30)) + 8)), _t122, _t76, _t131);
				 *( *_t89 + 8) = _t76;
				_t89[1] =  *((intOrPtr*)(_t122 + 0x38));
				_t111 =  *_t89;
				_t129 =  *((intOrPtr*)(_t111 + 8));
				if ( *((intOrPtr*)(_t129 + 0x19)) != sil) goto 0x63825ff9;
				_t99 =  *_t129;
				if ( *((intOrPtr*)(_t99 + 0x19)) != sil) goto 0x63825fd6;
				if ( *((intOrPtr*)( *_t99 + 0x19)) == sil) goto 0x63825fc7;
				 *_t111 = _t99;
				_t112 =  *_t89;
				_t101 =  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + 0x10));
				goto 0x63825fed;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t101 + 0x10)) + 0x19)) == sil) goto 0x63825fe6;
				 *((long long*)(_t112 + 0x10)) = _t101;
				goto 0x63826003;
				 *_t112 = _t112;
				 *((long long*)( *_t89 + 0x10)) =  *_t89;
				_t115 = _t132 + 0x40;
				 *_t115 = _t117;
				_t115[1] = _t117;
				_t115[2] = _t117;
				_t118 =  *((intOrPtr*)(_t122 + 0x40));
				_t135 =  *((intOrPtr*)(_t122 + 0x48));
				if (_t118 == _t135) goto 0x6382609c;
				_t85 = (_t135 - _t118 >> 5) * 0xaaaaaaab;
				if (_t85 - 0xaaaaaaaa > 0) goto 0x638260ba;
				_t91 = _t85 + _t85 * 2 << 5;
				E00007FF77FF7638245A0(_t91);
				 *_t115 = _t85;
				_t115[1] = _t85;
				_t115[2] = _t85 + _t91;
				 *(_t125 + 0x78) = _t115;
				_t92 =  *_t115;
				 *(_t125 + 0x20) = _t92;
				 *(_t125 + 0x28) = _t92;
				 *(_t125 + 0x30) = _t115;
				E00007FF77FF763825EF0(_t85 - 0xaaaaaaaa, _t92, _t92, _t118, _t99);
				_t93 = _t92 + 0x60;
				 *(_t125 + 0x28) = _t93;
				if (_t118 + 0x60 != _t135) goto 0x6382607b;
				_t115[1] = _t93;
				_t60 =  *((intOrPtr*)(_t122 + 0x58));
				 *((intOrPtr*)(_t132 + 0x58)) = _t60;
				return _t60;
			}





























0x7ff763825ef0
0x7ff763825ef5
0x7ff763825f01
0x7ff763825f05
0x7ff763825f08
0x7ff763825f12
0x7ff763825f19
0x7ff763825f21
0x7ff763825f29
0x7ff763825f30
0x7ff763825f33
0x7ff763825f37
0x7ff763825f43
0x7ff763825f48
0x7ff763825f4e
0x7ff763825f51
0x7ff763825f55
0x7ff763825f5a
0x7ff763825f64
0x7ff763825f6d
0x7ff763825f6f
0x7ff763825f75
0x7ff763825f76
0x7ff763825f79
0x7ff763825f7d
0x7ff763825f81
0x7ff763825f87
0x7ff763825f8e
0x7ff763825f9d
0x7ff763825fa5
0x7ff763825fad
0x7ff763825fb1
0x7ff763825fb4
0x7ff763825fbc
0x7ff763825fbe
0x7ff763825fc5
0x7ff763825fd4
0x7ff763825fd6
0x7ff763825fd9
0x7ff763825fe0
0x7ff763825fe4
0x7ff763825ff1
0x7ff763825ff3
0x7ff763825ff7
0x7ff763825ff9
0x7ff763825fff
0x7ff763826003
0x7ff763826007
0x7ff76382600a
0x7ff76382600e
0x7ff763826012
0x7ff763826016
0x7ff76382601d
0x7ff763826033
0x7ff763826044
0x7ff76382604a
0x7ff763826051
0x7ff763826056
0x7ff763826059
0x7ff763826060
0x7ff763826064
0x7ff763826069
0x7ff76382606c
0x7ff763826071
0x7ff763826076
0x7ff763826081
0x7ff763826086
0x7ff76382608a
0x7ff763826096
0x7ff763826098
0x7ff76382609c
0x7ff76382609f
0x7ff7638260b9

APIs
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF763825F64
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,00000000,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF763825F6F
  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7638260BA
    • Part of subcall function 00007FF763823FD8: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF763823FE1
    • Part of subcall function 00007FF763826108: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7638260E4,?,?,?,?,?,?,?,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF763826140
    • Part of subcall function 00007FF763826108: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7638260E4,?,?,?,?,?,?,?,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF76382614F
    • Part of subcall function 00007FF763826108: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF7638261AF), ref: 00007FF7638277F3
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00000000,00000000,?,?,00007FF763827AC1), ref: 00007FF7638260F1
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: free$Concurrency::cancel_current_taskXbad_alloc@std@@mallocstd::bad_alloc::bad_alloc
  • String ID:
  • API String ID: 2711775500-0
  • Opcode ID: 0b143a9a51a29c11d4b27d12c1f513737fabd702938445f3c55dc468c6cfaf0e
  • Instruction ID: aa9479b97d2a75d20668e0bec35c0342a1699f6fbeeb71dbcb45968556fc6188
  • Opcode Fuzzy Hash: 0b143a9a51a29c11d4b27d12c1f513737fabd702938445f3c55dc468c6cfaf0e
  • Instruction Fuzzy Hash: D3515B72609B86C6DB849F15E4805A8B7E4FB48FC4BA88035DB8D53B59DF39D4B2C360
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C2F0
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C2F7
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C341
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF763829196), ref: 00007FF76382C348
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo_noreturnfree
  • String ID:
  • API String ID: 2293887081-0
  • Opcode ID: bca754a37fd3aaebfdc60eca50492e38eedb8177995e85d9776ba9deb1b1227f
  • Instruction ID: 545bbfc8b989d86bf17b764ab31d8641a52b8d63b5323d867011c3007b41b523
  • Opcode Fuzzy Hash: bca754a37fd3aaebfdc60eca50492e38eedb8177995e85d9776ba9deb1b1227f
  • Instruction Fuzzy Hash: 0B415D22F14B52C5FB409BA4E8886EC7375FB44B98F800621DE5D23BA5CF39D5A5C360
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: ExclusiveLock$AcquireRelease
  • String ID:
  • API String ID: 17069307-0
  • Opcode ID: dc75aedbcf0d2eb7ac59fef97bbee6eda8b71451bf3ed9ded0d0df17c2a718eb
  • Instruction ID: 16526fe818f1b1b4cba9591738a7644ddc4c8680ab859a411bbc7521a37ded77
  • Opcode Fuzzy Hash: dc75aedbcf0d2eb7ac59fef97bbee6eda8b71451bf3ed9ded0d0df17c2a718eb
  • Instruction Fuzzy Hash: 1D411B25A08A07C5FA95AB46E8907B8B360FB94F84F940031CE4E27764CF7EE465C3B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF763825CBF), ref: 00007FF763828546
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF763825CBF), ref: 00007FF763828551
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF763825CBF), ref: 00007FF7638285B5
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00007FF763825CBF), ref: 00007FF7638285C0
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Xbad_alloc@std@@malloc
  • String ID:
  • API String ID: 2310037053-0
  • Opcode ID: 3e592f6a13795cac45d98011512f0723a76c8ab5e375b09cd25b3251593f7ef8
  • Instruction ID: 45c324eacac18799401548b502519eef1f4e8a172505ebdb6c581e8658dc1750
  • Opcode Fuzzy Hash: 3e592f6a13795cac45d98011512f0723a76c8ab5e375b09cd25b3251593f7ef8
  • Instruction Fuzzy Hash: 81314333604F89C2E7049F15E4843A9B7A4FB58B58F658528CB8807B98DF7DD4A5C3A0
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00007FF763827520: _Mtx_lock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF763826845), ref: 00007FF763827551
    • Part of subcall function 00007FF763827520: ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF763826845), ref: 00007FF76382755F
    • Part of subcall function 00007FF763827520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638275D6
    • Part of subcall function 00007FF763827520: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7638275DD
    • Part of subcall function 00007FF763827520: _Mtx_unlock.MSVCP140_APP(?,?,?,?,?,?,?,?,?,?,00000000,00007FF763826845), ref: 00007FF7638275E7
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF763826876
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF763826880
  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7638268D8
  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7638268DF
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo_noreturnfree$C_error@std@@Mtx_lockMtx_unlockThrow_
  • String ID:
  • API String ID: 162835524-0
  • Opcode ID: 6ca3feafc6e4763e8b9e1f4c8fb939e494f8706fb5e1a49dea5fe893d1ffcbbc
  • Instruction ID: 1e8b4a4a7b54f77be53050653b18474fc22376c2cb3d8fc8b4d092c83d75b2e9
  • Opcode Fuzzy Hash: 6ca3feafc6e4763e8b9e1f4c8fb939e494f8706fb5e1a49dea5fe893d1ffcbbc
  • Instruction Fuzzy Hash: 66218221F14616C9FB40AB65E8587FCA361AB04B98F800631DE5D2ABD9CF6DD060C3B0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@C_error@std@@D_t@Events@Microsoft@@Mtx_lockMtx_unlockThrow_U0123@@
  • String ID:
  • API String ID: 2588676055-0
  • Opcode ID: 30aca8e27518303b323894f1025fb0f0033d2ce5c21b6e7c3a056b3be5c88866
  • Instruction ID: 41cde3c449018ac8bb0954015c1a9650880a73ffc5025c745538adcd55571259
  • Opcode Fuzzy Hash: 30aca8e27518303b323894f1025fb0f0033d2ce5c21b6e7c3a056b3be5c88866
  • Instruction Fuzzy Hash: CD018E21A09B43C5EA90AB57F8489A9A7A0AB88FD0F850131ED1E67351DF3DD455C3B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _Mtx_lock.MSVCP140_APP ref: 00007FF7638274B2
  • ?_Throw_C_error@std@@YAXH@Z.MSVCP140_APP ref: 00007FF7638274BE
  • ?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z.MICROSOFT.APPLICATIONS.TELEMETRY.WINDOWS ref: 00007FF763827500
  • _Mtx_unlock.MSVCP140_APP ref: 00007FF763827511
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: Applications@C_error@std@@Configuration@234@@Events@ManagerMicrosoft@@Mtx_lockMtx_unlockProvider@Release@Throw_W4status_t@234@
  • String ID:
  • API String ID: 2144121544-0
  • Opcode ID: 3389f479d45c3cc00bf504d45d6b550ce6eb723e1ae148aac8634e93169eda7f
  • Instruction ID: cdc29178b20a349eab7d64193e22bb3746fd24e2d6b94893818ca8d5542c744a
  • Opcode Fuzzy Hash: 3389f479d45c3cc00bf504d45d6b550ce6eb723e1ae148aac8634e93169eda7f
  • Instruction Fuzzy Hash: 1C012150E09A07C1FE94BB66E899BF8A3905F85F81F944435D90E27361DE2EE4A4C3B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF7638243A7,?,?,00000001,00007FF763821387), ref: 00007FF7638245B9
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF7638243A7,?,?,00000001,00007FF763821387), ref: 00007FF7638245DA
  • ?_Xbad_alloc@std@@YAXXZ.MSVCP140_APP(?,?,?,?,00007FF7638243A7,?,?,00000001,00007FF763821387), ref: 00007FF7638245E5
  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7638245F3
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: malloc$Concurrency::cancel_current_taskXbad_alloc@std@@
  • String ID:
  • API String ID: 3446396709-0
  • Opcode ID: 0e4c5a664b53c58f59b68af491e9f35f4ea30d0100ef7c26b2d96387ef29bbed
  • Instruction ID: 6611505ce4b59b442e8cc9c37ff4346b779e0a2572cd26370c4049c04efa932e
  • Opcode Fuzzy Hash: 0e4c5a664b53c58f59b68af491e9f35f4ea30d0100ef7c26b2d96387ef29bbed
  • Instruction Fuzzy Hash: BDF0BE15F1A607C5FD98B7608645BB891E05F94B20FD00B30C56E223D0EE6E64B1C2B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • memcpy.VCRUNTIME140_APP(?,00000000,00000000,00007FF76382C742), ref: 00007FF76382C66D
  • memset.VCRUNTIME140_APP(?,00000000,00000000,00007FF76382C742), ref: 00007FF76382C67A
  • memcpy.VCRUNTIME140_APP(?,00000000,00000000,00007FF76382C742), ref: 00007FF76382C695
  • memset.VCRUNTIME140_APP(?,00000000,00000000,00007FF76382C742), ref: 00007FF76382C6A2
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: memcpymemset
  • String ID:
  • API String ID: 1297977491-0
  • Opcode ID: 776cf9c1a1e0e731a1571a40a834136fed7e32dd1084ae1d233d3b413a4b00a3
  • Instruction ID: 415c2b63f020af8c38eeff02b3fc16009d2ee4a4d3098674ae0027a9c063cf8f
  • Opcode Fuzzy Hash: 776cf9c1a1e0e731a1571a40a834136fed7e32dd1084ae1d233d3b413a4b00a3
  • Instruction Fuzzy Hash: 7B31D062A18B82C5EA44EF1A94004A9B365FB45FC0FA84532DF6C17396DE7AD161C3A0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 60%
			E00007FF77FF763821EB0(void* __rax, long long __rbx, void* __rcx, long long __rdx, long long __rsi) {
				long long* _t52;
				signed long long _t54;
				void* _t57;
				long long _t63;
				void* _t68;
				signed long long _t69;
				intOrPtr* _t70;
				long long _t75;
				void* _t77;
				int _t84;
				int _t87;
				void* _t88;

				 *((long long*)(_t77 + 8)) = __rbx;
				 *((long long*)(_t77 + 0x10)) = _t75;
				 *((long long*)(_t77 + 0x18)) = __rsi;
				_t57 = __rcx;
				_t8 = _t75 - 9; // -1
				_t88 = _t8;
				_t50 =  <  ? _t88 : __rax;
				_t51 = ( <  ? _t88 : __rax) + _t75;
				_t52 =  <  ? _t88 : ( <  ? _t88 : __rax) + _t75;
				malloc(_t87);
				if (_t52 == 0) goto 0x63821f1e;
				 *_t52 = __rdx;
				_t9 = _t52 + 8; // 0x8
				_t69 = _t9;
				 *((long long*)(_t77 - 0x30 + 0x20)) = E00007FF77FF763824240;
				E00007FF77FF763823864(__rcx, _t69, __rdx, __rdx, __rdx, 0x63821fc0);
				goto 0x63821f20;
				 *(_t57 + 0x10) = _t69;
				_t54 =  <  ? _t88 : _t75;
				malloc(_t84);
				 *(_t57 + 0x20) = _t54;
				_t63 =  *(_t57 + 0x10);
				if (_t63 == 0) goto 0x63821f7b;
				if (_t54 == 0) goto 0x63821f51;
				 *((long long*)(_t57 + 0x18)) = _t63;
				goto 0x63821f98;
				if (_t63 == 0) goto 0x63821f7b;
				_t19 = _t63 - 8; // -8
				_t70 = _t19;
				E00007FF77FF76382DDE4(_t63, _t75,  *_t70, E00007FF77FF763824240, _t68);
				if (_t70 == 0) goto 0x63821f77;
				free(??);
				if ( *(_t57 + 0x20) == 0) goto 0x63821f89;
				free(??);
				 *(_t57 + 0x10) =  *(_t57 + 0x10) & 0x00000000;
				 *(_t57 + 0x20) =  *(_t57 + 0x20) & 0x00000000;
				return 0x8007000e;
			}















0x7ff763821eb0
0x7ff763821eb5
0x7ff763821eba
0x7ff763821ecb
0x7ff763821ed8
0x7ff763821ed8
0x7ff763821edc
0x7ff763821ee0
0x7ff763821ee3
0x7ff763821eea
0x7ff763821efa
0x7ff763821efc
0x7ff763821eff
0x7ff763821eff
0x7ff763821f03
0x7ff763821f17
0x7ff763821f1c
0x7ff763821f20
0x7ff763821f2a
0x7ff763821f31
0x7ff763821f37
0x7ff763821f3b
0x7ff763821f42
0x7ff763821f47
0x7ff763821f49
0x7ff763821f4f
0x7ff763821f54
0x7ff763821f56
0x7ff763821f56
0x7ff763821f63
0x7ff763821f6b
0x7ff763821f70
0x7ff763821f7e
0x7ff763821f83
0x7ff763821f89
0x7ff763821f8e
0x7ff763821fb0

APIs
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF763821D76), ref: 00007FF763821EEA
  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF763821D76), ref: 00007FF763821F31
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF763821D76), ref: 00007FF763821F70
  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF763821D76), ref: 00007FF763821F83
Memory Dump Source
  • Source File: 00000000.00000002.509629861.00007FF763821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF763820000, based on PE: true
  • Associated: 00000000.00000002.509625671.00007FF763820000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509658492.00007FF76382F000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509666143.00007FF763830000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509681735.00007FF763836000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.509690307.00007FF763837000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff763820000_HxTsr.jbxd
Similarity
  • API ID: freemalloc
  • String ID:
  • API String ID: 3061335427-0
  • Opcode ID: c565662d6cc64b80a43d1fcd1095cba92fa8f1fb93b39f909385087bcc619404
  • Instruction ID: 1652b1012a83b1af0293a724049fc49009fd920abeccd1b682af742f99aca8df
  • Opcode Fuzzy Hash: c565662d6cc64b80a43d1fcd1095cba92fa8f1fb93b39f909385087bcc619404
  • Instruction Fuzzy Hash: 9C218222B09B42C2EB949F12A5006B9A3A0BB48F84F944535DD5C27759CF7EE526C3A0
Uniqueness

Uniqueness Score: -1.00%