Edit tour

Windows Analysis Report
file.dll

Overview

General Information

Sample name:	file.dll (renamed file extension from exe to dll)
Original sample name:	file.exe
Analysis ID:	1521607
MD5:	2fe5ff05cdaef7b6539ed20a44aabdeb
SHA1:	d575cf3063ac1f573a5a36587db26a7fb2418946
SHA256:	637c98d2e6251df15fc64ba436009706269bfa9d7b1316e43a79575f7891f622
Tags:	dllexex64user-jstrosch
Infos:

Detection

Score:	7
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

One or more processes crash

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 7496 cmdline: loaddll64.exe "C:\Users\user\Desktop\file.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)

conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7548 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

rundll32.exe (PID: 7572 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)

WerFault.exe (PID: 7692 cmdline: C:\Windows\system32\WerFault.exe -u -p 7572 -s 404 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

rundll32.exe (PID: 7556 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z MD5: EF3179D498793BF4234F708D3BE28633)

WerFault.exe (PID: 7676 cmdline: C:\Windows\system32\WerFault.exe -u -p 7556 -s 396 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

rundll32.exe (PID: 7844 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7932 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7956 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7964 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7980 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7996 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Update MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8008 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnlockDSP MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8020 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnloadPlugin MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8028 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetUserData MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8040 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetStreamBufferSize MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8060 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSpeakerPosition MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8088 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareFormat MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8104 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareChannels MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8128 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetReverbProperties MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8136 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetPluginPath MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8156 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutputByPlugin MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8164 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutput MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8172 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkTimeout MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7192 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkProxy MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7184 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetGeometrySettings MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7268 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetFileSystem MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7256 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDriver MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7244 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDSPBufferSize MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7296 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetCallback MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 6044 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetAdvancedSettings MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 2256 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DSettings MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 2260 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DRolloffCallback MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 736 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DNumListeners MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 4144 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DListenerAttributes MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 3604 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Release MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 4600 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_RegisterOutput MD5: EF3179D498793BF4234F708D3BE28633)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: file.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\platforms\win\vs2012\_builds\lowlevel_api\Release Dynamic\x64\fmod64.pdb source: loaddll64.exe, 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.1903303766.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1891244645.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000C.00000002.1902135714.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmp, file.dll

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFDFB7CC600 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime64_t,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,__loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,__loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,__loctotime64_t,FindClose,__wdtoxmode,_errno,GetLastError,_dosmaperr,FindClose,

0_2_00007FFDFB7CC600

Source: unknown

DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: Amcache.hve.8.dr

String found in binary or memory: http://upx.sf.net

Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CDB9B	0_2_00007FFDFB6CDB9B
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7C8C24	0_2_00007FFDFB7C8C24
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB701B80	0_2_00007FFDFB701B80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F6B80	0_2_00007FFDFB6F6B80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6BFC40	0_2_00007FFDFB6BFC40
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7C4B70	0_2_00007FFDFB7C4B70
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7DAB94	0_2_00007FFDFB7DAB94
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6D1C00	0_2_00007FFDFB6D1C00
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7A9BB0	0_2_00007FFDFB7A9BB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6FCBF0	0_2_00007FFDFB6FCBF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CCBF0	0_2_00007FFDFB6CCBF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7AAAF0	0_2_00007FFDFB7AAAF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7CAB48	0_2_00007FFDFB7CAB48
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7C4B40	0_2_00007FFDFB7C4B40
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB70CA80	0_2_00007FFDFB70CA80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7D1AA4	0_2_00007FFDFB7D1AA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7C7AB0	0_2_00007FFDFB7C7AB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB704AE0	0_2_00007FFDFB704AE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CB9A0	0_2_00007FFDFB6CB9A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE983	0_2_00007FFDFB6CE983
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB762960	0_2_00007FFDFB762960
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6B8A50	0_2_00007FFDFB6B8A50
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CF9D0	0_2_00007FFDFB6CF9D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6E38C0	0_2_00007FFDFB6E38C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6E4880	0_2_00007FFDFB6E4880
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB73C940	0_2_00007FFDFB73C940
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE944	0_2_00007FFDFB6CE944
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6D8930	0_2_00007FFDFB6D8930
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7D6888	0_2_00007FFDFB7D6888
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CDFD6	0_2_00007FFDFB6CDFD6
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB782F70	0_2_00007FFDFB782F70
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB761FA0	0_2_00007FFDFB761FA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CDEBF	0_2_00007FFDFB6CDEBF
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6E4EB0	0_2_00007FFDFB6E4EB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6FCEB0	0_2_00007FFDFB6FCEB0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6E9EA0	0_2_00007FFDFB6E9EA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7D6F44	0_2_00007FFDFB7D6F44
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F5E70	0_2_00007FFDFB6F5E70
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F0F10	0_2_00007FFDFB6F0F10
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6E0F00	0_2_00007FFDFB6E0F00
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6C1EF0	0_2_00007FFDFB6C1EF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6C2D80	0_2_00007FFDFB6C2D80
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CDD7F	0_2_00007FFDFB6CDD7F
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7DDD6C	0_2_00007FFDFB7DDD6C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CDE0A	0_2_00007FFDFB6CDE0A
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6B2E00	0_2_00007FFDFB6B2E00
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CDCB1	0_2_00007FFDFB6CDCB1
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6EACA0	0_2_00007FFDFB6EACA0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB700D50	0_2_00007FFDFB700D50
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB77CCD0	0_2_00007FFDFB77CCD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6D13D0	0_2_00007FFDFB6D13D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB743420	0_2_00007FFDFB743420
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE37D	0_2_00007FFDFB6CE37D
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB705360	0_2_00007FFDFB705360
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6D9430	0_2_00007FFDFB6D9430
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6FC420	0_2_00007FFDFB6FC420
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB75C3C0	0_2_00007FFDFB75C3C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE3F1	0_2_00007FFDFB6CE3F1
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6B42B0	0_2_00007FFDFB6B42B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6FE2A0	0_2_00007FFDFB6FE2A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE33D	0_2_00007FFDFB6CE33D
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F0340	0_2_00007FFDFB6F0340
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7D11F0	0_2_00007FFDFB7D11F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB763240	0_2_00007FFDFB763240
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6D2170	0_2_00007FFDFB6D2170
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6EC1F0	0_2_00007FFDFB6EC1F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7DE1D4	0_2_00007FFDFB7DE1D4
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE0D8	0_2_00007FFDFB6CE0D8
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7440F0	0_2_00007FFDFB7440F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F90C0	0_2_00007FFDFB6F90C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F80B0	0_2_00007FFDFB6F80B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7CA11C	0_2_00007FFDFB7CA11C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CE086	0_2_00007FFDFB6CE086
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7077D0	0_2_00007FFDFB7077D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CD7A0	0_2_00007FFDFB6CD7A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6DA790	0_2_00007FFDFB6DA790
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB704780	0_2_00007FFDFB704780
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB761840	0_2_00007FFDFB761840
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6CD83C	0_2_00007FFDFB6CD83C
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6C26A0	0_2_00007FFDFB6C26A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB763710	0_2_00007FFDFB763710
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6EA710	0_2_00007FFDFB6EA710
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6DC6F0	0_2_00007FFDFB6DC6F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6C7580	0_2_00007FFDFB6C7580
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F8640	0_2_00007FFDFB6F8640
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7625A0	0_2_00007FFDFB7625A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB7005F3	0_2_00007FFDFB7005F3
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6C8480	0_2_00007FFDFB6C8480
Source: C:\Windows\System32\loaddll64.exe	Code function: 0_2_00007FFDFB6F1460	0_2_00007FFDFB6F1460

Source: C:\Windows\System32\loaddll64.exe	Code function: String function: 00007FFDFB75FA20 appears 82 times
Source: C:\Windows\System32\loaddll64.exe	Code function: String function: 00007FFDFB760F10 appears 31 times

Source: C:\Windows\System32\rundll32.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7556 -s 396

Source: file.dll

Binary or memory string: OriginalFilenamefmod64.dll* vs file.dll

Source: classification engine

Classification label: clean7.winDLL@116/9@1/0

Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7572
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7556
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\3724ca42-35e6-43b0-b905-824d05bee4cd

Jump to behavior

Source: file.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\file.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7556 -s 396
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7572 -s 404
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Update
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnlockDSP
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnloadPlugin
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetUserData
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetStreamBufferSize
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSpeakerPosition
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareFormat
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareChannels
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetReverbProperties
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetPluginPath
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutputByPlugin
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutput
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkTimeout
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkProxy
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetGeometrySettings
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetFileSystem
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDriver
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDSPBufferSize
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetCallback
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetAdvancedSettings
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DSettings
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DRolloffCallback
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DNumListeners
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DListenerAttributes
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Release
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_RegisterOutput
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Update	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnlockDSP	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnloadPlugin	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetUserData	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetStreamBufferSize	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSpeakerPosition	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareFormat	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareChannels	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetReverbProperties	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetPluginPath	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutputByPlugin	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutput	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkTimeout	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkProxy	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetGeometrySettings	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetFileSystem	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDriver	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDSPBufferSize	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetCallback	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetAdvancedSettings	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DSettings	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DRolloffCallback	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DNumListeners	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DListenerAttributes	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Release	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_RegisterOutput	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7556 -s 396	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: winmmbase.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.dll

Static PE information: More than 1090 > 100 exports found

Source: file.dll

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: file.dll

Static file information: File size 1756672 > 1048576

Source: file.dll

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x12ec00

Source: file.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: file.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: file.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFDFB7D4BA4 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_00007FFDFB7D4BA4

Source: file.dll

Static PE information: section name: _RDATA

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\loaddll64.exe

API coverage: 3.3 %

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll64.exe

0_2_00007FFDFB7CC600

Source: Amcache.hve.8.dr	Binary or memory string: VMware
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Windows\System32\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

0_2_00007FFDFB7D4BA4

Source: C:\Windows\System32\loaddll64.exe

0_2_00007FFDFB7D4BA4

Source: C:\Windows\System32\loaddll64.exe

0_2_00007FFDFB7D4BA4

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFDFB7D19C8 GetProcessHeap,

0_2_00007FFDFB7D19C8

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFDFB7CA99C SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FFDFB7CA99C

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFDFB7D4040 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FFDFB7D4040

Source: C:\Windows\System32\loaddll64.exe

Code function: 0_2_00007FFDFB7DDD6C _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,_getenv_helper_nolock,free,_malloc_crt,_invoke_watson,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,

0_2_00007FFDFB7DDD6C

Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	11 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	51 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Rundll32	LSA Secrets	2 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://upx.sf.net	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
15.164.165.52.in-addr.arpa	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Amcache.hve.8.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521607
Start date and time:	2024-09-29 01:02:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.dll (renamed file extension from exe to dll)
Original Sample Name:	file.exe
Detection:	CLEAN
Classification:	clean7.winDLL@116/9@1/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 116

Warnings

Exclude process from analysis (whitelisted): WerFault.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
VT rate limit hit for: file.dll

Simulations

Behavior and APIs

Time	Type	Description
19:03:31	API Interceptor	2x Sleep call for process: WerFault.exe modified

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_ccc1499d82c3e9f50af50449f33cd95c7475ef4_d75f6fa5_4a6e13e4-4fef-4bbb-a02c-ad0174be252a\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7949748094606454
Encrypted:	false
SSDEEP:	192:ZvFi6y67SoH0sUSrEjlUuzuiFBZ24lO8p:zinmSxsUSojHzuiFBY4lO8p
MD5:	EBBA7DCA8FC55BC16DFE87F8C737EF84
SHA1:	722F57FD111D26DFB6A3FA3F34B34CAF9E3DD62C
SHA-256:	4CF20E085908C63A413EA26624CF64E3C85C8523C67937BD578AE91E968D63EE
SHA-512:	D734567754D437A28AE8391EEFB31832CF26BDE07F4ADB13B312B1FC8B6DF61CA8BFB1A16BCAF0926BE75ED631FEB42F88064B0558C05D030BD4D78DDC08A435
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.0.3.8.1.9.0.9.6.0.1.0.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.0.3.8.1.9.1.4.7.5.7.2.7.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.a.6.e.1.3.e.4.-.4.f.e.f.-.4.b.b.b.-.a.0.2.c.-.a.d.0.1.7.4.b.e.2.5.2.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.c.d.c.3.e.c.9.-.4.f.6.a.-.4.1.b.4.-.8.3.8.5.-.2.9.1.4.7.f.0.0.2.f.b.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.f.i.l.e...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.9.4.-.0.0.0.1.-.0.0.1.4.-.4.9.8.c.-.b.2.9.6.f.a.1.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.2.2.!.r.u.n.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_ccc1499d82c3e9f50af50449f33cd95c7475ef4_d75f6fa5_5050f8e1-bcce-43f1-99c7-0a844c8f0f94\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7951191400108398
Encrypted:	false
SSDEEP:	192:AhZFi5y6noH0sUSrEjlUuzuiFBZ24lO8p:CrisaxsUSojHzuiFBY4lO8p
MD5:	B35257C3B252943B65CBE6DFB6D76B77
SHA1:	E6A60FC53B4E5DA3320204D3044F4230736D2879
SHA-256:	D4B850CF5B41AA6707179824BB3C071D8A018718ACD67B76C1DCD75EBAB622C9
SHA-512:	5F2826921877D1921A637819CEF1940CBE417CFBEE4489DA40BA37B7D21D4A70997CA8EB0C4EDB3CB9BCB34DC2BC93953CAA22E9EB69530389344A1489D2C2DD
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.0.3.8.1.9.0.9.5.9.9.7.7.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.0.3.8.1.9.1.5.0.6.8.5.2.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.5.0.f.8.e.1.-.b.c.c.e.-.4.3.f.1.-.9.9.c.7.-.0.a.8.4.4.c.8.f.0.f.9.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.9.4.8.a.3.6.7.-.9.7.0.a.-.4.9.f.b.-.9.3.a.0.-.3.0.8.1.6.7.0.f.9.b.0.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.f.i.l.e...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.8.4.-.0.0.0.1.-.0.0.1.4.-.a.a.d.b.-.b.0.9.6.f.a.1.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.2.2.!.r.u.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF9E.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Sep 28 23:03:11 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	57424
Entropy (8bit):	1.6954756020482875
Encrypted:	false
SSDEEP:	192:GTLibtDrFzmXOMxnYd71w84ykSkEX3NDL3FemZ:VbdFzm+zd7lkSkEp3FV
MD5:	652FCF3F85DE1D04ED8906735EFBDCFC
SHA1:	F07E6EA27AF462D96EB7B9808C08CCB7FD304D75
SHA-256:	416C613B291F4C9C862A3E24A17A6CC8DC008AC99E464EA694040868AA0DC1E8
SHA-512:	9C2A7406D77E7B077E49A5AB128BF8D5EA007514BE2B5F9B46AC559CA5D7234EF3EC5888111BC0FE82C4383232CCC33AF328645B3597A30BFF9A586ACB6DEA68
Malicious:	false
Preview:	MDMP..a..... ......./..f........................h................+..........T.......8...........T.......................................................................................................................eJ..............Lw......................T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFAD.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Sep 28 23:03:11 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	55836
Entropy (8bit):	1.7439181172835743
Encrypted:	false
SSDEEP:	192:GzbbtDrY6OMxK9iyE////Xpvcw/Ohch1tO0QPfy/d:4bbdYFl9iv///5VOhcjtO1Xyl
MD5:	E10E04DAAE2F615DDBCD1C5B7573699D
SHA1:	EAF60A743B61459F4EDF91D5D213E6C8FEE09E97
SHA-256:	5F14DB42AC4012ECAA5D2ABB56D3E16C3D251032143B03142D8924BD43481D18
SHA-512:	28BD32FE82EA21B13E887F11A45224D8B2E5FA736CBF335AEAFB48652C2FCCCC25B4165F79E70940D568724AF28064FE5102E2C60F2C7ADB1CDF142ED5FA8ACB
Malicious:	false
Preview:	MDMP..a..... ......./..f........................h................+..........T.......8...........T.......................................................................................................................eJ..............Lw......................T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB06A.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8758
Entropy (8bit):	3.6994799528119047
Encrypted:	false
SSDEEP:	192:R6l7wVeJkc896Y9XWgmfiLiijeprt89b/uCfOwVm:R6lXJP+6YNWgmfGii9/7fO/
MD5:	D03A9344114C637308DC30EDAA56F034
SHA1:	498B1CB19540061F804B638BA30D97DDE80069E4
SHA-256:	6FD02881BC45F06541627E3DBF38A9A06790B1E0B43F802FAD4CA8245FC6EC3B
SHA-512:	55DE67387A5499BC239F8812B99C084484AB5AEBCD9EEADB1F77F7D2784FCBEB9C1330CF19BAC0A3BE711458DD74DCF74DDF0246F74631E28F1AA2F198D440F2
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.5.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB099.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8764
Entropy (8bit):	3.699227555910906
Encrypted:	false
SSDEEP:	192:R6l7wVeJiSG6Y9EC5gmfiLiijepr+89b/5CftVm:R6lXJXG6YOUgmfGiiw/cfe
MD5:	62674E498F6773D11C8CB08339E17369
SHA1:	8542ADB74F274E35D24698CF2A739FCD15B390EF
SHA-256:	B36DD18448642C4333FE591C14E6DC6CE857CDFE25940F570747F251A63DD3E5
SHA-512:	145950BEAC0D0014F0E17C1050A4286809F54E884017284512B4138C4CBA892C9199ACCD2B0B9EC260846F69FB079104B155D88469B1808AAC3E08FBAFA4A6BD
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.7.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0C9.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4742
Entropy (8bit):	4.466602579345646
Encrypted:	false
SSDEEP:	48:cvIwWl8zs4Jg771I98iXyWpW8VY7Ym8M4JCFCtFfFgyq85mwIvptSTSvd:uIjf+I7Hij7VXJzKJvpoOvd
MD5:	48A8A9238B71444B3C2100BB7CC1F2B2
SHA1:	DDFBCC4258BA89C607A78C96ABCAA48DE3356D48
SHA-256:	0B3049CFC53259F1D2F7BFE00AF5D5D150E107A0622B00C44DE4C48F720A1374
SHA-512:	73D7D7C17D9B17FC5A0F6325BBFD16AB35CCD09830218C6F64CAF2F02C1EF112CBC881F8D4AB0100E5AA911CE7EDF606B82810CB07BC2446C5CBA7B3C6E82CE2
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="520685" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0D8.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4742
Entropy (8bit):	4.468583848383712
Encrypted:	false
SSDEEP:	48:cvIwWl8zs4Jg771I98iXyWpW8VYZYm8M4JCFCtFfFeyq85mwIRYptSTSSd:uIjf+I7Hij7VNJz4JRYpoOSd
MD5:	BCE64B1C3FCCA72A4FF0BD992D779FB9
SHA1:	EEEDB5F160ED2E2DAA5031EAD40EDECAC691B836
SHA-256:	95DD137CE1BB924C592378D58E00802BF583BB719045B52541D349628B2D51B5
SHA-512:	8872A2DABC5BE8D820A321D07E7CDF25C27214AC8E922C8778C13C9E9B79A881D0A43834A43770D69235BF8B2031DE12D8E297240188D3A17501481AEB1C9276
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="520685" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.466412013393424
Encrypted:	false
SSDEEP:	6144:UIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNcdwBCswSb9:pXD94zWlLZMM6YFHa+9
MD5:	24A3F0BD019CFC91749F10A676254AC3
SHA1:	5A68D12506136AC35254F755B0025D6EB784923B
SHA-256:	6CBC339364DB82C51CEAE61F5CD193B997BB8F61728126E1C6340267F35F2B2C
SHA-512:	CE27B42B9AD87FC557DEF8E27B8659A04C4E4BE733A352814D5E7E7D4DF5CF50BC96627825EBE305D9DE0388764FEFB1C88AF24268680814DDE47BC63443E85C
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.<............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	6.650966647839274
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	file.dll
File size:	1'756'672 bytes
MD5:	2fe5ff05cdaef7b6539ed20a44aabdeb
SHA1:	d575cf3063ac1f573a5a36587db26a7fb2418946
SHA256:	637c98d2e6251df15fc64ba436009706269bfa9d7b1316e43a79575f7891f622
SHA512:	1a589df0216dd8edeef64e380974bcc8674fcfe3275abdbaccd271273e2c5c2ad55c62fd0aab41f0fbfcad1791c15a5957e2ea382952095d079f50737e723457
SSDEEP:	24576:qyJqfoL6dV1i3eBMz7XfRxQQx2HnxMPGqCQKwZU+seTLvxd9BiiL:qyMoL6k3eBoRx8LeUY/5B
TLSH:	83859F8271F480E8E527D13D625BB72BF67230540F206BDF0BE046A96FA3BD15A7A351
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.XN..6...6...6.......6..H..0.6..H....6..H..;.6.......6.......6.......6.......6...7...6.}`....6.}`..2.6.}`....6.}`....6.......6

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x180117950
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5CD41416 [Thu May 9 11:50:46 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	0f806537913df98304a9550a58864e5c

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007FE0B856E707h
call 00007FE0B857ADD4h
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007FE0B856E708h
int3
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+20h], ebx
dec esp
mov dword ptr [eax+18h], eax
mov dword ptr [eax+10h], edx
dec eax
mov dword ptr [eax+08h], ecx
push esi
push edi
inc ecx
push esi
dec eax
sub esp, 50h
dec ecx
mov esi, eax
mov ebx, edx
dec esp
mov esi, ecx
mov edx, 00000001h
mov dword ptr [eax-48h], edx
test ebx, ebx
jne 00007FE0B856E711h
cmp dword ptr [000C4854h], ebx
jne 00007FE0B856E709h
xor eax, eax
jmp 00007FE0B856E7D7h
lea eax, dword ptr [ebx-01h]
cmp eax, 01h
jnbe 00007FE0B856E73Ah
dec eax
mov eax, dword ptr [00046F3Ch]
dec eax
test eax, eax
je 00007FE0B856E70Ch
mov edx, ebx
call eax
mov edx, eax
mov dword ptr [esp+20h], eax
test edx, edx
je 00007FE0B856E719h
dec esp
mov eax, esi
mov edx, ebx
dec ecx
mov ecx, esi
call 00007FE0B856E4F9h
mov edx, eax
mov dword ptr [esp+20h], eax
test eax, eax
jne 00007FE0B856E709h
xor eax, eax
jmp 00007FE0B856E797h
dec esp
mov eax, esi
mov edx, ebx
dec ecx
mov ecx, esi
call 00007FE0B857ADD7h

Rich Headers

Programming Language:

[C++] VS2008 SP1 build 30729
[ C ] VS2010 SP1 build 40219
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[C++] VS2012 UPD4 build 61030
[ C ] VS2012 UPD4 build 61030
[EXP] VS2012 UPD4 build 61030
[RES] VS2012 UPD4 build 61030
[LNK] VS2012 UPD4 build 61030

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x17cd90	0xd21b	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x17bd80	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1f0000	0x548	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1df000	0xdadc	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1f1000	0x159c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1305b0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1659b0	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x130000	0x510	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x12ea2c	0x12ec00	e8f99b0e8686ad4f009b6a4e516404c6	False	0.4858394405450041	zlib compressed data	6.444263076867181	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x130000	0x59fab	0x5a000	03daf9d156761632a1ca3ed4e8584963	False	0.3670844184027778	data	6.567532782843111	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x18a000	0x542c0	0x10200	97313a6619e902104afc57f427386643	False	0.4328972868217054	data	5.488908258648024	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1df000	0xdadc	0xdc00	e52b9a6e49b3d989eb7067e0dd83ca01	False	0.48469460227272726	data	6.162163839127236	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x1ed000	0x2f30	0x3000	dac6390a1407d8780ca748c51021586d	False	0.330322265625	data	6.591707537409742	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1f0000	0x548	0x600	e5923031d46054a0d9e5dd1ee4f99b12	False	0.423828125	data	3.840519182614396	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1f1000	0x29b2	0x2a00	8ecae029fe1ef77a9e00161509cb3cc2	False	0.20972842261904762	data	3.6621760857561863	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1f00a0	0x328	data	English	United States	0.4752475247524752
RT_MANIFEST	0x1f03c8	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
WS2_32.dll	freeaddrinfo, getaddrinfo, WSAIoctl, WSAGetLastError, WSACleanup, WSAStartup, socket, shutdown, setsockopt, send, select, recv, listen, htons, htonl, getsockopt, ioctlsocket, connect, closesocket, bind, accept
WINMM.dll	waveInReset, waveInStart, waveInAddBuffer, waveInUnprepareHeader, waveInPrepareHeader, waveInClose, waveInOpen, waveInGetDevCapsW, waveInGetNumDevs, waveOutGetPosition, waveOutReset, waveOutWrite, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutClose, waveOutOpen, waveOutGetDevCapsW, timeGetTime, waveOutGetNumDevs
MSACM32.dll	acmStreamOpen, acmStreamSize, acmStreamUnprepareHeader, acmStreamPrepareHeader, acmStreamConvert, acmFormatSuggest
KERNEL32.dll	GetFullPathNameW, PeekNamedPipe, GetFileInformationByHandle, SetEnvironmentVariableA, SetFilePointerEx, OutputDebugStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetSystemTimeAsFileTime, GetCurrentProcessId, GetModuleFileNameA, HeapSize, GetStringTypeW, GetProcessHeap, GetConsoleMode, GetConsoleCP, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FileTimeToSystemTime, GetDriveTypeW, FindFirstFileExW, FindClose, FileTimeToLocalFileTime, AreFileApisANSI, ExitProcess, GetModuleHandleW, GetStartupInfoW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, TerminateProcess, InitializeCriticalSectionAndSpinCount, SetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, WaitForSingleObject, CloseHandle, CreateEventA, GetProcAddress, LoadLibraryA, FreeLibrary, GetCurrentThreadId, SetThreadPriority, GetLastError, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, ReleaseSemaphore, Sleep, GetFileSizeEx, WriteFile, ReadFile, FlushFileBuffers, SetFilePointer, CreateSemaphoreA, LoadLibraryW, CreateFileW, QueryPerformanceCounter, QueryPerformanceFrequency, MultiByteToWideChar, WideCharToMultiByte, GetSystemDirectoryA, RtlVirtualUnwind, RtlLookupFunctionEntry, GetCurrentDirectoryW, SetStdHandle, ReadConsoleW, GetCurrentProcess, RtlCaptureContext, SetEndOfFile, GetTimeZoneInformation, LCMapStringW, CompareStringW, IsDebuggerPresent, IsProcessorFeaturePresent, HeapFree, HeapAlloc, HeapReAlloc, EncodePointer, DecodePointer, CreateThread, ExitThread, LoadLibraryExW, RtlUnwindEx, GetCommandLineA, GetStdHandle, GetFileType, GetModuleFileNameW, GetModuleHandleExW, WriteConsoleW, RaiseException
USER32.dll	GetDesktopWindow
ADVAPI32.dll	RegEnumKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegCloseKey
ole32.dll	PropVariantClear, CoTaskMemFree, CLSIDFromString, CoUninitialize, CoTaskMemAlloc, CoCreateGuid, CoCreateInstance, CoInitializeEx

Exports

Name	Ordinal	Address
?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z	1	0x1800c3c30
?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z	2	0x180009770
?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z	3	0x1800098b0
?addGroup@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAV12@_NPEAPEAVDSPConnection@2@@Z	4	0x18009a400
?addInput@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAV12@PEAPEAVDSPConnection@2@W4FMOD_DSPCONNECTION_TYPE@@@Z	5	0x18009b120
?addPolygon@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@MM_NHPEBUFMOD_VECTOR@@PEAH@Z	6	0x18009dbd0
?addSyncPoint@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIPEBDPEAPEAUFMOD_SYNCPOINT@@@Z	7	0x18009fa00
?attachChannelGroupToPort@System@FMOD@@QEAA?AW4FMOD_RESULT@@I_KPEAVChannelGroup@2@_N@Z	8	0x1800a5010
?attachFileSystem@System@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEBDPEAIPEAPEAXPEAX@ZP6A?AW43@33@ZP6A?AW43@33I13@ZP6A?AW43@3I3@Z@Z	9	0x1800a51a0
?close@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	10	0x1800a5290
?createChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDPEAPEAVChannelGroup@2@@Z	11	0x1800a5360
?createClientProfile@SystemI@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	12	0x1800deef0
?createDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_DSP_DESCRIPTION@@PEAPEAVDSP@2@@Z	13	0x1800a54a0
?createDSPByPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@IPEAPEAVDSP@2@@Z	14	0x1800a55e0
?createDSPByType@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PEAPEAVDSP@2@@Z	15	0x1800a5710
?createDiskFile@SystemI@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVFile@2@PEA_N@Z	16	0x1800fa390
?createGeometry@System@FMOD@@QEAA?AW4FMOD_RESULT@@HHPEAPEAVGeometry@2@@Z	17	0x1800a5840
?createMemoryFile@SystemI@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVFile@2@@Z	18	0x1800fa820
?createReverb3D@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVReverb3D@2@@Z	19	0x1800a59c0
?createSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z	20	0x1800a5a90
?createSoundGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDPEAPEAVSoundGroup@2@@Z	21	0x1800a5b70
?createStream@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z	22	0x1800a5cb0
?deleteSyncPoint@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_SYNCPOINT@@@Z	23	0x18009fb60
?detachChannelGroupFromPort@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVChannelGroup@2@@Z	24	0x1800a5d90
?disconnectAll@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@_N0@Z	25	0x18009b280
?disconnectFrom@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAV12@PEAVDSPConnection@2@@Z	26	0x18009b3c0
?get3DAttributes@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@00@Z	27	0x1800099f0
?get3DAttributes@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@PEAM1@Z	28	0x18009edd0
?get3DConeOrientation@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@@Z	29	0x180009b80
?get3DConeSettings@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM00@Z	30	0x180009c60
?get3DConeSettings@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM00@Z	31	0x18009fc90
?get3DCustomRolloff@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAUFMOD_VECTOR@@PEAH@Z	32	0x180009df0
?get3DCustomRolloff@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAUFMOD_VECTOR@@PEAH@Z	33	0x18009fe70
?get3DDistanceFilter@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_NPEAM1@Z	34	0x180009f30
?get3DDopplerLevel@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	35	0x18000a0c0
?get3DLevel@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	36	0x18000a1a0
?get3DListenerAttributes@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAUFMOD_VECTOR@@000@Z	37	0x1800a5e60
?get3DMinMaxDistance@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM0@Z	38	0x18000a280
?get3DMinMaxDistance@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM0@Z	39	0x1800a0000
?get3DNumListeners@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	40	0x1800a5f70
?get3DOcclusion@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM0@Z	41	0x18000a3c0
?get3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM00@Z	42	0x1800a6040
?get3DSpread@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	43	0x18000a500
?getActive@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	44	0x18009b500
?getActive@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	45	0x18009dc50
?getActive@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	46	0x18009ef10
?getAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z	47	0x1800a61c0
?getAsyncThread@AsyncThread@FMOD@@SA?AW4FMOD_RESULT@@PEAVSystemI@2@HPEAPEAV12@@Z	48	0x1800c3d00
?getAudibility@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	49	0x18000a5e0
?getBypass@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	50	0x18009b5e0
?getCPUUsage@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI0@Z	51	0x18009b6c0
?getCPUUsage@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM0000@Z	52	0x1800a6290
?getChannel@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVChannel@2@@Z	53	0x18009a510
?getChannel@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVChannel@2@@Z	54	0x1800a6380
?getChannelFormat@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAIPEAHPEAW4FMOD_SPEAKERMODE@@@Z	55	0x18009b800
?getChannelGroup@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@2@@Z	56	0x180099630
?getChannelsPlaying@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z	57	0x1800a64b0
?getCurrentSound@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSound@2@@Z	58	0x180099710
?getDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVDSP@2@@Z	59	0x18000a6c0
?getDSPBufferSize@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAIPEAH@Z	60	0x1800a65b0
?getDSPClock@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_K0@Z	61	0x18000a800
?getDSPIndex@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@PEAH@Z	62	0x18000a930
?getDSPInfoByPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@IPEAPEBUFMOD_DSP_DESCRIPTION@@@Z	63	0x1800a66f0
?getDataParameterIndex@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAH@Z	64	0x18009b980
?getDefaultMixMatrix@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@0PEAMH@Z	65	0x1800a6820
?getDefaults@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAMPEAH@Z	66	0x1800a0190
?getDelay@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_K0PEA_N@Z	67	0x18000aa70
?getDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	68	0x1800a68f0
?getDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@PEAHPEAW4FMOD_SPEAKERMODE@@2@Z	69	0x1800a69c0
?getFadePoints@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAIPEA_KPEAM@Z	70	0x18000ac10
?getFileUsage@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_J00@Z	71	0x1800a6af0
?getFormat@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAW4FMOD_SOUND_TYPE@@PEAW4FMOD_SOUND_FORMAT@@PEAH2@Z	72	0x1800a02f0
?getFrequency@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	73	0x1800997f0
?getGeometryOcclusion@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@0PEAM1@Z	74	0x1800a6c30
?getGeometrySettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	75	0x1800a6d20
?getGlobals@FMOD@@YAXPEAPEAVGlobal@1@@Z	76	0x1800d1200
?getGroup@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAV12@@Z	77	0x18009a640
?getIdle@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	78	0x18009ba80
?getIndex@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	79	0x1800998d0
?getInfo@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEADPEAIPEAH22@Z	80	0x18009bb50
?getInput@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAV12@PEAPEAVDSPConnection@2@@Z	81	0x18009bc40
?getInput@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVDSP@2@@Z	82	0x180053f80
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z	83	0x1800a0430
?getLoopCount@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	84	0x1800999b0
?getLoopCount@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	85	0x1800a05c0
?getLoopPoints@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII0I@Z	86	0x180099a90
?getLoopPoints@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII0I@Z	87	0x1800a06e0
?getLowPassGain@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	88	0x18000adc0
?getMasterChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@2@@Z	89	0x1800a6df0
?getMasterSoundGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSoundGroup@2@@Z	90	0x1800a6eb0
?getMaxAudible@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	91	0x1800a3440
?getMaxAudibleBehavior@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAW4FMOD_SOUNDGROUP_BEHAVIOR@@@Z	92	0x1800a3510
?getMaxPolygons@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z	93	0x18009dc80
?getMeteringEnabled@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N0@Z	94	0x18009bdd0
?getMeteringInfo@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_DSP_METERING_INFO@@0@Z	95	0x18009bf10
?getMix@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	96	0x180054050
?getMixMatrix@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAMPEAH1H@Z	97	0x18000aea0
?getMixMatrix@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAMPEAH1H@Z	98	0x180054120
?getMode@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI@Z	99	0x18000afa0
?getMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI@Z	100	0x1800a0830
?getMusicChannelVolume@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAM@Z	101	0x1800a0950
?getMusicNumChannels@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	102	0x1800a0b20
?getMusicSpeed@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	103	0x1800a0c80
?getMute@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	104	0x18000b080
?getMuteFadeSpeed@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	105	0x1800a35e0
?getName@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEADH@Z	106	0x18009a770
?getName@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEADH@Z	107	0x1800a0de0
?getName@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEADH@Z	108	0x1800a36b0
?getNestedPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@IHPEAI@Z	109	0x1800a6f80
?getNetworkProxy@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEADH@Z	110	0x1800a7100
?getNetworkTimeout@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	111	0x1800a7240
?getNumChannels@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	112	0x18009a8b0
?getNumDSPs@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	113	0x18000b160
?getNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	114	0x1800a7310
?getNumGroups@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	115	0x18009a980
?getNumInputs@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	116	0x18009c050
?getNumNestedPlugins@System@FMOD@@QEAA?AW4FMOD_RESULT@@IPEAH@Z	117	0x1800a73e0
?getNumOutputs@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	118	0x18009c130
?getNumParameters@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	119	0x18009c210
?getNumPlaying@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	120	0x1800a37f0
?getNumPlugins@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_PLUGINTYPE@@PEAH@Z	121	0x1800a7510
?getNumPolygons@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	122	0x18009dcc0
?getNumSounds@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	123	0x1800a38c0
?getNumSubSounds@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	124	0x1800a0f70
?getNumSyncPoints@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	125	0x1800a1090
?getNumTags@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z	126	0x1800a11c0
?getOpenState@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAW4FMOD_OPENSTATE@@PEAIPEA_N2@Z	127	0x1800a1350
?getOutput@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAV12@PEAPEAVDSPConnection@2@@Z	128	0x18009c2d0
?getOutput@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVDSP@2@@Z	129	0x180054210
?getOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAW4FMOD_OUTPUTTYPE@@@Z	130	0x1800a7640
?getOutputByPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI@Z	131	0x1800a7710
?getOutputChannelFormat@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@IHW4FMOD_SPEAKERMODE@@PEAIPEAHPEAW44@@Z	132	0x18009c460
?getOutputHandle@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	133	0x1800a77e0
?getParameterBool@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEA_NPEADH@Z	134	0x18009c580
?getParameterData@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAXPEAIPEADH@Z	135	0x18009c660
?getParameterFloat@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAMPEADH@Z	136	0x18009c750
?getParameterInfo@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAUFMOD_DSP_PARAMETER_DESC@@@Z	137	0x18009c830
?getParameterInt@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAHPEADH@Z	138	0x18009c930
?getParentGroup@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAV12@@Z	139	0x18009aa50
?getPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	140	0x18000b240
?getPitch@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	141	0x18000b320
?getPluginHandle@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_PLUGINTYPE@@HPEAI@Z	142	0x1800a78b0
?getPluginInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@IPEAW4FMOD_PLUGINTYPE@@PEADHPEAI@Z	143	0x1800a7a30
?getPolygonAttributes@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAM0PEA_N@Z	144	0x18009dcf0
?getPolygonNumVertices@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAH@Z	145	0x18009dd50
?getPolygonVertex@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@HHPEAUFMOD_VECTOR@@@Z	146	0x18009dd90
?getPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z	147	0x180099b90
?getPosition@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@@Z	148	0x18009dde0
?getPriority@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	149	0x180099cd0
?getProperties@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_REVERB_PROPERTIES@@@Z	150	0x18009efd0
?getRecordDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@PEAHPEAW4FMOD_SPEAKERMODE@@2PEAI@Z	151	0x1800a7b40
?getRecordNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z	152	0x1800a7c90
?getRecordPosition@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAI@Z	153	0x1800a7dd0
?getReverbProperties@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAM@Z	154	0x18000b400
?getReverbProperties@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAUFMOD_REVERB_PROPERTIES@@@Z	155	0x1800a7f00
?getRotation@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@0@Z	156	0x18009de10
?getScale@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@@Z	157	0x18009de50
?getSoftwareChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z	158	0x1800a8030
?getSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAHPEAW4FMOD_SPEAKERMODE@@0@Z	159	0x1800a8100
?getSound@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVSound@2@@Z	160	0x1800a3990
?getSoundGroup@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSoundGroup@2@@Z	161	0x1800a1450
?getSoundRAM@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH00@Z	162	0x1800a82a0
?getSpeakerModeChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@PEAH@Z	163	0x1800a8420
?getSpeakerPosition@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_SPEAKER@@PEAM1PEA_N@Z	164	0x1800a84f0
?getStreamBufferSize@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI0@Z	165	0x1800a85e0
?getSubSound@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAV12@@Z	166	0x1800a1570
?getSubSoundParent@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAV12@@Z	167	0x1800a16c0
?getSyncPoint@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAUFMOD_SYNCPOINT@@@Z	168	0x1800a1700
?getSyncPointInfo@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_SYNCPOINT@@PEADHPEAII@Z	169	0x1800a1890
?getSystemObject@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSystem@2@@Z	170	0x18000b530
?getSystemObject@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSystem@2@@Z	171	0x18009ca10
?getSystemObject@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSystem@2@@Z	172	0x1800a19f0
?getSystemObject@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSystem@2@@Z	173	0x1800a3ac0
?getTag@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDHPEAUFMOD_TAG@@@Z	174	0x1800a1ab0
?getType@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAW4FMOD_DSP_TYPE@@@Z	175	0x18009cad0
?getType@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAW4FMOD_DSPCONNECTION_TYPE@@@Z	176	0x1800542e0
?getUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	177	0x18000b5f0
?getUserData@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	178	0x18009cba0
?getUserData@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	179	0x1800543b0
?getUserData@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	180	0x18009de80
?getUserData@GeometryI@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	181	0x1800cf2f0
?getUserData@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	182	0x18009f090
?getUserData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	183	0x1800a1c90
?getUserData@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	184	0x1800a3b90
?getUserData@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	185	0x1800a8720
?getUserDataInternal@SoundI@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z	186	0x1800dbe50
?getVersion@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI@Z	187	0x1800a87e0
?getVolume@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	188	0x18000b6c0
?getVolume@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM@Z	189	0x1800a3c60
?getVolumeRamp@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	190	0x18000b7a0
?getWetDryMix@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM00@Z	191	0x18009cc60
?init@System@FMOD@@QEAA?AW4FMOD_RESULT@@HIPEAX@Z	192	0x1800a88b0
?isPlaying@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	193	0x18000b880
?isRecording@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEA_N@Z	194	0x1800a89f0
?isVirtual@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z	195	0x180099db0
?loadGeometry@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBXHPEAPEAVGeometry@2@@Z	196	0x1800a8b20
?loadPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDPEAII@Z	197	0x1800a8ca0
?lock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIPEAPEAX0PEAI1@Z	198	0x1800a1d50
?lockDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	199	0x1800a8e20
?mixerResume@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	200	0x1800a8ec0
?mixerSuspend@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	201	0x1800a8f80
?playDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z	202	0x1800a9040
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSound@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z	203	0x1800a9140
?readData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAXIPEAI@Z	204	0x1800a1ed0
?recordStart@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVSound@2@_N@Z	205	0x1800a9240
?recordStop@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	206	0x1800a93c0
?registerCodec@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_CODEC_DESCRIPTION@@PEAII@Z	207	0x1800a9490
?registerDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_DSP_DESCRIPTION@@PEAI@Z	208	0x1800a9610
?registerOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_OUTPUT_DESCRIPTION@@PEAI@Z	209	0x1800a9750
?release@ChannelGroup@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	210	0x18009ab20
?release@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	211	0x18009cde0
?release@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	212	0x18009deb0
?release@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	213	0x18009f150
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	214	0x1800a20b0
?release@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	215	0x1800a3d30
?release@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	216	0x1800a9890
?removeCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z	217	0x1800c3ff0
?removeDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@@Z	218	0x18000b960
?removeFadePoints@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_K0@Z	219	0x18000ba40
?reset@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	220	0x18009cea0
?save@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAXPEAH@Z	221	0x18009dee0
?seekData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z	222	0x1800a2190
?set3DAttributes@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@00@Z	223	0x18000bb80
?set3DAttributes@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@MM@Z	224	0x18009f1f0
?set3DConeOrientation@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@@Z	225	0x18000bd10
?set3DConeSettings@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z	226	0x18000bdf0
?set3DConeSettings@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z	227	0x1800a22c0
?set3DCustomRolloff@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@H@Z	228	0x18000bf90
?set3DCustomRolloff@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@H@Z	229	0x1800a24e0
?set3DDistanceFilter@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_NMM@Z	230	0x18000c0d0
?set3DDopplerLevel@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	231	0x18000c260
?set3DLevel@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	232	0x18000c340
?set3DListenerAttributes@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_VECTOR@@000@Z	233	0x1800a9960
?set3DMinMaxDistance@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z	234	0x18000c420
?set3DMinMaxDistance@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z	235	0x1800a26a0
?set3DNumListeners@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	236	0x1800a9a70
?set3DOcclusion@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z	237	0x18000c570
?set3DRolloffCallback@System@FMOD@@QEAA?AW4FMOD_RESULT@@P6AMPEAUFMOD_CHANNELCONTROL@@M@Z@Z	238	0x1800a9b40
?set3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z	239	0x1800a9c10
?set3DSpread@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	240	0x18000c6c0
?setActive@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	241	0x18009cf60
?setActive@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	242	0x18009df20
?setActive@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	243	0x18009f2b0
?setAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z	244	0x1800a9db0
?setBypass@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	245	0x18009d040
?setCallback@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PEAX3@Z@Z	246	0x18000c7a0
?setCallback@System@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEAUFMOD_SYSTEM@@IPEAX11@ZI@Z	247	0x1800a9e80
?setChannelFormat@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@IHW4FMOD_SPEAKERMODE@@@Z	248	0x18009d120
?setChannelGroup@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVChannelGroup@2@@Z	249	0x180099e90
?setDSPBufferSize@System@FMOD@@QEAA?AW4FMOD_RESULT@@IH@Z	250	0x1800a9fc0
?setDSPIndex@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@H@Z	251	0x18000c880
?setDefaults@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MH@Z	252	0x1800a2850
?setDelay@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_K0_N@Z	253	0x18000c9c0
?setDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	254	0x1800aa0f0
?setFadePointRamp@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z	255	0x18000cb50
?setFileSystem@System@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEBDPEAIPEAPEAXPEAX@ZP6A?AW43@33@ZP6A?AW43@33I13@ZP6A?AW43@3I3@ZP6A?AW43@PEAUFMOD_ASYNCREADINFO@@3@Z9H@Z	256	0x1800aa1c0
?setFrequency@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	257	0x180099f60
?setGeometrySettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	258	0x1800aa300
?setLoopCount@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	259	0x18009a040
?setLoopCount@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	260	0x1800a2a00
?setLoopPoints@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@IIII@Z	261	0x18009a110
?setLoopPoints@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIII@Z	262	0x1800a2b30
?setLowPassGain@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	263	0x18000cc90
?setMaxAudible@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	264	0x1800a3df0
?setMaxAudibleBehavior@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_SOUNDGROUP_BEHAVIOR@@@Z	265	0x1800a3ec0
?setMeteringEnabled@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@_N0@Z	266	0x18009d2a0
?setMix@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	267	0x180054480
?setMixLevelsInput@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAMH@Z	268	0x18000cd70
?setMixLevelsOutput@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@MMMMMMMM@Z	269	0x18000ceb0
?setMixMatrix@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAMHHH@Z	270	0x18000d060
?setMixMatrix@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAMHHH@Z	271	0x180054570
?setMode@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z	272	0x18000d160
?setMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z	273	0x1800a2c80
?setMusicChannelVolume@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@HM@Z	274	0x1800a2db0
?setMusicSpeed@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	275	0x1800a2f80
?setMute@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	276	0x18000d240
?setMuteFadeSpeed@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	277	0x1800a3f90
?setNetworkProxy@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBD@Z	278	0x1800aa3e0
?setNetworkTimeout@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	279	0x1800aa4b0
?setOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z	280	0x1800aa580
?setOutputByPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z	281	0x1800aa650
?setPan@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	282	0x18000d320
?setParameterBool@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@H_N@Z	283	0x18009d3e0
?setParameterData@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAXI@Z	284	0x18009d4e0
?setParameterFloat@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HM@Z	285	0x18009d620
?setParameterInt@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HH@Z	286	0x18009d730
?setPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	287	0x18000d400
?setPitch@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	288	0x18000d4e0
?setPluginPath@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBD@Z	289	0x1800aa720
?setPolygonAttributes@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@HMM_N@Z	290	0x18009df50
?setPolygonVertex@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@HHPEBUFMOD_VECTOR@@@Z	291	0x18009dfb0
?setPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@II@Z	292	0x18009a200
?setPosition@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@@Z	293	0x18009e000
?setPriority@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	294	0x18009a330
?setProperties@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_REVERB_PROPERTIES@@@Z	295	0x18009f370
?setReverbProperties@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HM@Z	296	0x18000d5c0
?setReverbProperties@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_REVERB_PROPERTIES@@@Z	297	0x1800aa7f0
?setRotation@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@0@Z	298	0x18009e030
?setScale@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@@Z	299	0x18009e070
?setSoftwareChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z	300	0x1800aa920
?setSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@HW4FMOD_SPEAKERMODE@@H@Z	301	0x1800aa9f0
?setSoundGroup@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSoundGroup@2@@Z	302	0x1800a30e0
?setSpeakerPosition@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_SPEAKER@@MM_N@Z	303	0x1800aab70
?setStreamBufferSize@System@FMOD@@QEAA?AW4FMOD_RESULT@@II@Z	304	0x1800aac70
?setUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	305	0x18000d700
?setUserData@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	306	0x18009d830
?setUserData@DSPConnection@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	307	0x180054670
?setUserData@Geometry@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	308	0x18009e0a0
?setUserData@GeometryI@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	309	0x1800d0d70
?setUserData@Reverb3D@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	310	0x18009f430
?setUserData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	311	0x1800a3230
?setUserData@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	312	0x1800a4070
?setUserData@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	313	0x1800aada0
?setUserDataInternal@SoundI@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z	314	0x1800dd830
?setVolume@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	315	0x18000d7d0
?setVolume@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z	316	0x1800a4140
?setVolumeRamp@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z	317	0x18000d8b0
?setWetDryMix@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z	318	0x18009d8f0
?showConfigDialog@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX_N@Z	319	0x18009da90
?stop@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	320	0x18000d990
?stop@SoundGroup@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	321	0x1800a4220
?unloadPlugin@System@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z	322	0x1800aae60
?unlock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX0II@Z	323	0x1800a32f0
?unlockDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	324	0x1800aaf30
?update@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	325	0x1800aafd0
?validate@ChannelI@FMOD@@SA?AW4FMOD_RESULT@@PEAVChannel@2@PEAPEAV12@PEAVSystemLockScope@2@@Z	326	0x1800cd8b0
?validate@DSPI@FMOD@@SA?AW4FMOD_RESULT@@PEAVDSP@2@PEAPEAV12@PEAVSystemLockScope@2@@Z	327	0x1800960c0
?validate@SystemI@FMOD@@SA?AW4FMOD_RESULT@@PEAVSystem@2@PEAPEAV12@PEAVSystemLockScope@2@@Z	328	0x1800e4790
?wakeupThread@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@XZ	329	0x1800c4690
FMOD5_ChannelGroup_AddDSP	330	0x1800ee670
FMOD5_ChannelGroup_AddFadePoint	331	0x1800ee680
FMOD5_ChannelGroup_AddGroup	332	0x1800ee690
FMOD5_ChannelGroup_Get3DAttributes	333	0x1800ee6a0
FMOD5_ChannelGroup_Get3DConeOrientation	334	0x1800ee6b0
FMOD5_ChannelGroup_Get3DConeSettings	335	0x1800ee6c0
FMOD5_ChannelGroup_Get3DCustomRolloff	336	0x1800ee6d0
FMOD5_ChannelGroup_Get3DDistanceFilter	337	0x1800ee6e0
FMOD5_ChannelGroup_Get3DDopplerLevel	338	0x1800ee6f0
FMOD5_ChannelGroup_Get3DLevel	339	0x1800ee700
FMOD5_ChannelGroup_Get3DMinMaxDistance	340	0x1800ee710
FMOD5_ChannelGroup_Get3DOcclusion	341	0x1800ee720
FMOD5_ChannelGroup_Get3DSpread	342	0x1800ee730
FMOD5_ChannelGroup_GetAudibility	343	0x1800ee740
FMOD5_ChannelGroup_GetChannel	344	0x1800ee750
FMOD5_ChannelGroup_GetDSP	345	0x1800ee760
FMOD5_ChannelGroup_GetDSPClock	346	0x1800ee770
FMOD5_ChannelGroup_GetDSPIndex	347	0x1800ee780
FMOD5_ChannelGroup_GetDelay	348	0x1800ee790
FMOD5_ChannelGroup_GetFadePoints	349	0x1800ee7a0
FMOD5_ChannelGroup_GetGroup	350	0x1800ee7b0
FMOD5_ChannelGroup_GetLowPassGain	351	0x1800ee7c0
FMOD5_ChannelGroup_GetMixMatrix	352	0x1800ee7d0
FMOD5_ChannelGroup_GetMode	353	0x1800ee7e0
FMOD5_ChannelGroup_GetMute	354	0x1800ee7f0
FMOD5_ChannelGroup_GetName	355	0x1800ee800
FMOD5_ChannelGroup_GetNumChannels	356	0x1800ee810
FMOD5_ChannelGroup_GetNumDSPs	357	0x1800ee820
FMOD5_ChannelGroup_GetNumGroups	358	0x1800ee830
FMOD5_ChannelGroup_GetParentGroup	359	0x1800ee840
FMOD5_ChannelGroup_GetPaused	360	0x1800ee850
FMOD5_ChannelGroup_GetPitch	361	0x1800ee860
FMOD5_ChannelGroup_GetReverbProperties	362	0x1800ee870
FMOD5_ChannelGroup_GetSystemObject	363	0x1800ee880
FMOD5_ChannelGroup_GetUserData	364	0x1800ee890
FMOD5_ChannelGroup_GetVolume	365	0x1800ee8a0
FMOD5_ChannelGroup_GetVolumeRamp	366	0x1800ee8b0
FMOD5_ChannelGroup_IsPlaying	367	0x1800ee8c0
FMOD5_ChannelGroup_Release	368	0x1800ee8d0
FMOD5_ChannelGroup_RemoveDSP	369	0x1800ee8e0
FMOD5_ChannelGroup_RemoveFadePoints	370	0x1800ee8f0
FMOD5_ChannelGroup_Set3DAttributes	371	0x1800ee900
FMOD5_ChannelGroup_Set3DConeOrientation	372	0x1800ee910
FMOD5_ChannelGroup_Set3DConeSettings	373	0x1800ee920
FMOD5_ChannelGroup_Set3DCustomRolloff	374	0x1800ee930
FMOD5_ChannelGroup_Set3DDistanceFilter	375	0x1800ee940
FMOD5_ChannelGroup_Set3DDopplerLevel	376	0x1800ee950
FMOD5_ChannelGroup_Set3DLevel	377	0x1800ee960
FMOD5_ChannelGroup_Set3DMinMaxDistance	378	0x1800ee970
FMOD5_ChannelGroup_Set3DOcclusion	379	0x1800ee980
FMOD5_ChannelGroup_Set3DSpread	380	0x1800ee990
FMOD5_ChannelGroup_SetCallback	381	0x1800ee9a0
FMOD5_ChannelGroup_SetDSPIndex	382	0x1800ee9b0
FMOD5_ChannelGroup_SetDelay	383	0x1800ee9c0
FMOD5_ChannelGroup_SetFadePointRamp	384	0x1800ee9d0
FMOD5_ChannelGroup_SetLowPassGain	385	0x1800ee9e0
FMOD5_ChannelGroup_SetMixLevelsInput	386	0x1800ee9f0
FMOD5_ChannelGroup_SetMixLevelsOutput	387	0x1800eea00
FMOD5_ChannelGroup_SetMixMatrix	388	0x1800eea10
FMOD5_ChannelGroup_SetMode	389	0x1800eea20
FMOD5_ChannelGroup_SetMute	390	0x1800eea30
FMOD5_ChannelGroup_SetPan	391	0x1800eea40
FMOD5_ChannelGroup_SetPaused	392	0x1800eea50
FMOD5_ChannelGroup_SetPitch	393	0x1800eea60
FMOD5_ChannelGroup_SetReverbProperties	394	0x1800eea70
FMOD5_ChannelGroup_SetUserData	395	0x1800eea80
FMOD5_ChannelGroup_SetVolume	396	0x1800eea90
FMOD5_ChannelGroup_SetVolumeRamp	397	0x1800eeaa0
FMOD5_ChannelGroup_Stop	398	0x1800eeab0
FMOD5_Channel_AddDSP	399	0x1800eeac0
FMOD5_Channel_AddFadePoint	400	0x1800eead0
FMOD5_Channel_Get3DAttributes	401	0x1800eeae0
FMOD5_Channel_Get3DConeOrientation	402	0x1800eeaf0
FMOD5_Channel_Get3DConeSettings	403	0x1800eeb00
FMOD5_Channel_Get3DCustomRolloff	404	0x1800eeb10
FMOD5_Channel_Get3DDistanceFilter	405	0x1800eeb20
FMOD5_Channel_Get3DDopplerLevel	406	0x1800eeb30
FMOD5_Channel_Get3DLevel	407	0x1800eeb40
FMOD5_Channel_Get3DMinMaxDistance	408	0x1800eeb50
FMOD5_Channel_Get3DOcclusion	409	0x1800eeb60
FMOD5_Channel_Get3DSpread	410	0x1800eeb70
FMOD5_Channel_GetAudibility	411	0x1800eeb80
FMOD5_Channel_GetChannelGroup	412	0x1800eeb90
FMOD5_Channel_GetCurrentSound	413	0x1800eeba0
FMOD5_Channel_GetDSP	414	0x1800eebb0
FMOD5_Channel_GetDSPClock	415	0x1800eebc0
FMOD5_Channel_GetDSPIndex	416	0x1800eebd0
FMOD5_Channel_GetDelay	417	0x1800eebe0
FMOD5_Channel_GetFadePoints	418	0x1800eebf0
FMOD5_Channel_GetFrequency	419	0x1800eec00
FMOD5_Channel_GetIndex	420	0x1800eec10
FMOD5_Channel_GetLoopCount	421	0x1800eec20
FMOD5_Channel_GetLoopPoints	422	0x1800eec30
FMOD5_Channel_GetLowPassGain	423	0x1800eec40
FMOD5_Channel_GetMixMatrix	424	0x1800eec50
FMOD5_Channel_GetMode	425	0x1800eec60
FMOD5_Channel_GetMute	426	0x1800eec70
FMOD5_Channel_GetNumDSPs	427	0x1800eec80
FMOD5_Channel_GetPaused	428	0x1800eec90
FMOD5_Channel_GetPitch	429	0x1800eeca0
FMOD5_Channel_GetPosition	430	0x1800eecb0
FMOD5_Channel_GetPriority	431	0x1800eecc0
FMOD5_Channel_GetReverbProperties	432	0x1800eecd0
FMOD5_Channel_GetSystemObject	433	0x1800eece0
FMOD5_Channel_GetUserData	434	0x1800eecf0
FMOD5_Channel_GetVolume	435	0x1800eed00
FMOD5_Channel_GetVolumeRamp	436	0x1800eed10
FMOD5_Channel_IsPlaying	437	0x1800eed20
FMOD5_Channel_IsVirtual	438	0x1800eed30
FMOD5_Channel_RemoveDSP	439	0x1800eed40
FMOD5_Channel_RemoveFadePoints	440	0x1800eed50
FMOD5_Channel_Set3DAttributes	441	0x1800eed60
FMOD5_Channel_Set3DConeOrientation	442	0x1800eed70
FMOD5_Channel_Set3DConeSettings	443	0x1800eed80
FMOD5_Channel_Set3DCustomRolloff	444	0x1800eed90
FMOD5_Channel_Set3DDistanceFilter	445	0x1800eeda0
FMOD5_Channel_Set3DDopplerLevel	446	0x1800eedb0
FMOD5_Channel_Set3DLevel	447	0x1800eedc0
FMOD5_Channel_Set3DMinMaxDistance	448	0x1800eedd0
FMOD5_Channel_Set3DOcclusion	449	0x1800eede0
FMOD5_Channel_Set3DSpread	450	0x1800eedf0
FMOD5_Channel_SetCallback	451	0x1800eee00
FMOD5_Channel_SetChannelGroup	452	0x1800eee10
FMOD5_Channel_SetDSPIndex	453	0x1800eee20
FMOD5_Channel_SetDelay	454	0x1800eee30
FMOD5_Channel_SetFadePointRamp	455	0x1800eee40
FMOD5_Channel_SetFrequency	456	0x1800eee50
FMOD5_Channel_SetLoopCount	457	0x1800eee60
FMOD5_Channel_SetLoopPoints	458	0x1800eee70
FMOD5_Channel_SetLowPassGain	459	0x1800eee80
FMOD5_Channel_SetMixLevelsInput	460	0x1800eee90
FMOD5_Channel_SetMixLevelsOutput	461	0x1800eeea0
FMOD5_Channel_SetMixMatrix	462	0x1800eeeb0
FMOD5_Channel_SetMode	463	0x1800eeec0
FMOD5_Channel_SetMute	464	0x1800eeed0
FMOD5_Channel_SetPan	465	0x1800eeee0
FMOD5_Channel_SetPaused	466	0x1800eeef0
FMOD5_Channel_SetPitch	467	0x1800eef00
FMOD5_Channel_SetPosition	468	0x1800eef10
FMOD5_Channel_SetPriority	469	0x1800eef20
FMOD5_Channel_SetReverbProperties	470	0x1800eef30
FMOD5_Channel_SetUserData	471	0x1800eef40
FMOD5_Channel_SetVolume	472	0x1800eef50
FMOD5_Channel_SetVolumeRamp	473	0x1800eef60
FMOD5_Channel_Stop	474	0x1800eef70
FMOD5_DSPConnection_GetInput	475	0x1800eef80
FMOD5_DSPConnection_GetMix	476	0x1800eef90
FMOD5_DSPConnection_GetMixMatrix	477	0x1800eefa0
FMOD5_DSPConnection_GetOutput	478	0x1800eefb0
FMOD5_DSPConnection_GetType	479	0x1800eefc0
FMOD5_DSPConnection_GetUserData	480	0x1800eefd0
FMOD5_DSPConnection_SetMix	481	0x1800eefe0
FMOD5_DSPConnection_SetMixMatrix	482	0x1800eeff0
FMOD5_DSPConnection_SetUserData	483	0x1800ef000
FMOD5_DSP_AddInput	484	0x1800ef010
FMOD5_DSP_DisconnectAll	485	0x1800ef020
FMOD5_DSP_DisconnectFrom	486	0x1800ef030
FMOD5_DSP_GetActive	487	0x1800ef040
FMOD5_DSP_GetBypass	488	0x1800ef050
FMOD5_DSP_GetCPUUsage	489	0x1800ef060
FMOD5_DSP_GetChannelFormat	490	0x1800ef070
FMOD5_DSP_GetDataParameterIndex	491	0x1800ef080
FMOD5_DSP_GetIdle	492	0x1800ef090
FMOD5_DSP_GetInfo	493	0x1800ef0a0
FMOD5_DSP_GetInput	494	0x1800ef0b0
FMOD5_DSP_GetMeteringEnabled	495	0x1800ef0c0
FMOD5_DSP_GetMeteringInfo	496	0x1800ef0d0
FMOD5_DSP_GetNumInputs	497	0x1800ef0e0
FMOD5_DSP_GetNumOutputs	498	0x1800ef0f0
FMOD5_DSP_GetNumParameters	499	0x1800ef100
FMOD5_DSP_GetOutput	500	0x1800ef110
FMOD5_DSP_GetOutputChannelFormat	501	0x1800ef120
FMOD5_DSP_GetParameterBool	502	0x1800ef130
FMOD5_DSP_GetParameterData	503	0x1800ef140
FMOD5_DSP_GetParameterFloat	504	0x1800ef150
FMOD5_DSP_GetParameterInfo	505	0x1800ef160
FMOD5_DSP_GetParameterInt	506	0x1800ef170
FMOD5_DSP_GetSystemObject	507	0x1800ef180
FMOD5_DSP_GetType	508	0x1800ef190
FMOD5_DSP_GetUserData	509	0x1800ef1a0
FMOD5_DSP_GetWetDryMix	510	0x1800ef1b0
FMOD5_DSP_Release	511	0x1800ef1c0
FMOD5_DSP_Reset	512	0x1800ef1d0
FMOD5_DSP_SetActive	513	0x1800ef1e0
FMOD5_DSP_SetBypass	514	0x1800ef1f0
FMOD5_DSP_SetChannelFormat	515	0x1800ef200
FMOD5_DSP_SetMeteringEnabled	516	0x1800ef210
FMOD5_DSP_SetParameterBool	517	0x1800ef220
FMOD5_DSP_SetParameterData	518	0x1800ef230
FMOD5_DSP_SetParameterFloat	519	0x1800ef240
FMOD5_DSP_SetParameterInt	520	0x1800ef250
FMOD5_DSP_SetUserData	521	0x1800ef260
FMOD5_DSP_SetWetDryMix	522	0x1800ef270
FMOD5_DSP_ShowConfigDialog	523	0x1800ef280
FMOD5_Debug_Initialize	524	0x1800ef290
FMOD5_File_GetDiskBusy	525	0x1800ef2a0
FMOD5_File_SetDiskBusy	526	0x1800ef2b0
FMOD5_Geometry_AddPolygon	527	0x1800ef2c0
FMOD5_Geometry_GetActive	528	0x1800ef2d0
FMOD5_Geometry_GetMaxPolygons	529	0x1800ef2e0
FMOD5_Geometry_GetNumPolygons	530	0x1800ef2f0
FMOD5_Geometry_GetPolygonAttributes	531	0x1800ef300
FMOD5_Geometry_GetPolygonNumVertices	532	0x1800ef310
FMOD5_Geometry_GetPolygonVertex	533	0x1800ef320
FMOD5_Geometry_GetPosition	534	0x1800ef330
FMOD5_Geometry_GetRotation	535	0x1800ef340
FMOD5_Geometry_GetScale	536	0x1800ef350
FMOD5_Geometry_GetUserData	537	0x1800ef360
FMOD5_Geometry_Release	538	0x1800ef370
FMOD5_Geometry_Save	539	0x1800ef380
FMOD5_Geometry_SetActive	540	0x1800ef390
FMOD5_Geometry_SetPolygonAttributes	541	0x1800ef3a0
FMOD5_Geometry_SetPolygonVertex	542	0x1800ef3b0
FMOD5_Geometry_SetPosition	543	0x1800ef3c0
FMOD5_Geometry_SetRotation	544	0x1800ef3d0
FMOD5_Geometry_SetScale	545	0x1800ef3e0
FMOD5_Geometry_SetUserData	546	0x1800ef3f0
FMOD5_Memory_GetStats	547	0x1800ef400
FMOD5_Memory_Initialize	548	0x1800ef410
FMOD5_Reverb3D_Get3DAttributes	549	0x1800ef420
FMOD5_Reverb3D_GetActive	550	0x1800ef430
FMOD5_Reverb3D_GetProperties	551	0x1800ef440
FMOD5_Reverb3D_GetUserData	552	0x1800ef450
FMOD5_Reverb3D_Release	553	0x1800ef460
FMOD5_Reverb3D_Set3DAttributes	554	0x1800ef470
FMOD5_Reverb3D_SetActive	555	0x1800ef480
FMOD5_Reverb3D_SetProperties	556	0x1800ef490
FMOD5_Reverb3D_SetUserData	557	0x1800ef4a0
FMOD5_SoundGroup_GetMaxAudible	558	0x1800ef4b0
FMOD5_SoundGroup_GetMaxAudibleBehavior	559	0x1800ef4c0
FMOD5_SoundGroup_GetMuteFadeSpeed	560	0x1800ef4d0
FMOD5_SoundGroup_GetName	561	0x1800ef4e0
FMOD5_SoundGroup_GetNumPlaying	562	0x1800ef4f0
FMOD5_SoundGroup_GetNumSounds	563	0x1800ef500
FMOD5_SoundGroup_GetSound	564	0x1800ef510
FMOD5_SoundGroup_GetSystemObject	565	0x1800ef520
FMOD5_SoundGroup_GetUserData	566	0x1800ef530
FMOD5_SoundGroup_GetVolume	567	0x1800ef540
FMOD5_SoundGroup_Release	568	0x1800ef550
FMOD5_SoundGroup_SetMaxAudible	569	0x1800ef560
FMOD5_SoundGroup_SetMaxAudibleBehavior	570	0x1800ef570
FMOD5_SoundGroup_SetMuteFadeSpeed	571	0x1800ef580
FMOD5_SoundGroup_SetUserData	572	0x1800ef590
FMOD5_SoundGroup_SetVolume	573	0x1800ef5a0
FMOD5_SoundGroup_Stop	574	0x1800ef5b0
FMOD5_Sound_AddSyncPoint	575	0x1800ef5c0
FMOD5_Sound_DeleteSyncPoint	576	0x1800ef5d0
FMOD5_Sound_Get3DConeSettings	577	0x1800ef5e0
FMOD5_Sound_Get3DCustomRolloff	578	0x1800ef5f0
FMOD5_Sound_Get3DMinMaxDistance	579	0x1800ef600
FMOD5_Sound_GetDefaults	580	0x1800ef610
FMOD5_Sound_GetFormat	581	0x1800ef620
FMOD5_Sound_GetLength	582	0x1800ef630
FMOD5_Sound_GetLoopCount	583	0x1800ef640
FMOD5_Sound_GetLoopPoints	584	0x1800ef650
FMOD5_Sound_GetMode	585	0x1800ef660
FMOD5_Sound_GetMusicChannelVolume	586	0x1800ef670
FMOD5_Sound_GetMusicNumChannels	587	0x1800ef680
FMOD5_Sound_GetMusicSpeed	588	0x1800ef690
FMOD5_Sound_GetName	589	0x1800ef6a0
FMOD5_Sound_GetNumSubSounds	590	0x1800ef6b0
FMOD5_Sound_GetNumSyncPoints	591	0x1800ef6c0
FMOD5_Sound_GetNumTags	592	0x1800ef6d0
FMOD5_Sound_GetOpenState	593	0x1800ef6e0
FMOD5_Sound_GetSoundGroup	594	0x1800ef6f0
FMOD5_Sound_GetSubSound	595	0x1800ef700
FMOD5_Sound_GetSubSoundParent	596	0x1800ef710
FMOD5_Sound_GetSyncPoint	597	0x1800ef720
FMOD5_Sound_GetSyncPointInfo	598	0x1800ef730
FMOD5_Sound_GetSystemObject	599	0x1800ef740
FMOD5_Sound_GetTag	600	0x1800ef750
FMOD5_Sound_GetUserData	601	0x1800ef760
FMOD5_Sound_Lock	602	0x1800ef770
FMOD5_Sound_ReadData	603	0x1800ef780
FMOD5_Sound_Release	604	0x1800ef790
FMOD5_Sound_SeekData	605	0x1800ef7a0
FMOD5_Sound_Set3DConeSettings	606	0x1800ef7b0
FMOD5_Sound_Set3DCustomRolloff	607	0x1800ef7c0
FMOD5_Sound_Set3DMinMaxDistance	608	0x1800ef7d0
FMOD5_Sound_SetDefaults	609	0x1800ef7e0
FMOD5_Sound_SetLoopCount	610	0x1800ef7f0
FMOD5_Sound_SetLoopPoints	611	0x1800ef800
FMOD5_Sound_SetMode	612	0x1800ef810
FMOD5_Sound_SetMusicChannelVolume	613	0x1800ef820
FMOD5_Sound_SetMusicSpeed	614	0x1800ef830
FMOD5_Sound_SetSoundGroup	615	0x1800ef840
FMOD5_Sound_SetUserData	616	0x1800ef850
FMOD5_Sound_Unlock	617	0x1800ef860
FMOD5_System_AttachChannelGroupToPort	618	0x1800ef870
FMOD5_System_AttachFileSystem	619	0x1800ef880
FMOD5_System_Close	620	0x1800ef890
FMOD5_System_Create	621	0x1800ef8a0
FMOD5_System_CreateChannelGroup	622	0x1800ef8b0
FMOD5_System_CreateDSP	623	0x1800ef8c0
FMOD5_System_CreateDSPByPlugin	624	0x1800ef8d0
FMOD5_System_CreateDSPByType	625	0x1800ef8e0
FMOD5_System_CreateGeometry	626	0x1800ef8f0
FMOD5_System_CreateReverb3D	627	0x1800ef900
FMOD5_System_CreateSound	628	0x1800ef910
FMOD5_System_CreateSoundGroup	629	0x1800ef920
FMOD5_System_CreateStream	630	0x1800ef930
FMOD5_System_DetachChannelGroupFromPort	631	0x1800ef940
FMOD5_System_Get3DListenerAttributes	632	0x1800ef950
FMOD5_System_Get3DNumListeners	633	0x1800ef960
FMOD5_System_Get3DSettings	634	0x1800ef970
FMOD5_System_GetAdvancedSettings	635	0x1800ef980
FMOD5_System_GetCPUUsage	636	0x1800ef990
FMOD5_System_GetChannel	637	0x1800ef9a0
FMOD5_System_GetChannelsPlaying	638	0x1800ef9b0
FMOD5_System_GetDSPBufferSize	639	0x1800ef9c0
FMOD5_System_GetDSPInfoByPlugin	640	0x1800ef9d0
FMOD5_System_GetDefaultMixMatrix	641	0x1800ef9e0
FMOD5_System_GetDriver	642	0x1800ef9f0
FMOD5_System_GetDriverInfo	643	0x1800efa00
FMOD5_System_GetFileUsage	644	0x1800efa10
FMOD5_System_GetGeometryOcclusion	645	0x1800efa20
FMOD5_System_GetGeometrySettings	646	0x1800efa30
FMOD5_System_GetMasterChannelGroup	647	0x1800efa40
FMOD5_System_GetMasterSoundGroup	648	0x1800efa50
FMOD5_System_GetNestedPlugin	649	0x1800efa60
FMOD5_System_GetNetworkProxy	650	0x1800efa70
FMOD5_System_GetNetworkTimeout	651	0x1800efa80
FMOD5_System_GetNumDrivers	652	0x1800efa90
FMOD5_System_GetNumNestedPlugins	653	0x1800efaa0
FMOD5_System_GetNumPlugins	654	0x1800efab0
FMOD5_System_GetOutput	655	0x1800efac0
FMOD5_System_GetOutputByPlugin	656	0x1800efad0
FMOD5_System_GetOutputHandle	657	0x1800efae0
FMOD5_System_GetPluginHandle	658	0x1800efaf0
FMOD5_System_GetPluginInfo	659	0x1800efb00
FMOD5_System_GetRecordDriverInfo	660	0x1800efb10
FMOD5_System_GetRecordNumDrivers	661	0x1800efb20
FMOD5_System_GetRecordPosition	662	0x1800efb30
FMOD5_System_GetReverbProperties	663	0x1800efb40
FMOD5_System_GetSoftwareChannels	664	0x1800efb50
FMOD5_System_GetSoftwareFormat	665	0x1800efb60
FMOD5_System_GetSoundRAM	666	0x1800efb70
FMOD5_System_GetSpeakerModeChannels	667	0x1800efb80
FMOD5_System_GetSpeakerPosition	668	0x1800efb90
FMOD5_System_GetStreamBufferSize	669	0x1800efba0
FMOD5_System_GetUserData	670	0x1800efbb0
FMOD5_System_GetVersion	671	0x1800efbc0
FMOD5_System_Init	672	0x1800efbd0
FMOD5_System_IsRecording	673	0x1800efbe0
FMOD5_System_LoadGeometry	674	0x1800efbf0
FMOD5_System_LoadPlugin	675	0x1800efc00
FMOD5_System_LockDSP	676	0x1800efc10
FMOD5_System_MixerResume	677	0x1800efc20
FMOD5_System_MixerSuspend	678	0x1800efc30
FMOD5_System_PlayDSP	679	0x1800efc40
FMOD5_System_PlaySound	680	0x1800efc50
FMOD5_System_RecordStart	681	0x1800efc60
FMOD5_System_RecordStop	682	0x1800efc70
FMOD5_System_RegisterCodec	683	0x1800efc80
FMOD5_System_RegisterDSP	684	0x1800efc90
FMOD5_System_RegisterOutput	685	0x1800efca0
FMOD5_System_Release	686	0x1800efcb0
FMOD5_System_Set3DListenerAttributes	687	0x1800efcc0
FMOD5_System_Set3DNumListeners	688	0x1800efcd0
FMOD5_System_Set3DRolloffCallback	689	0x1800efce0
FMOD5_System_Set3DSettings	690	0x1800efcf0
FMOD5_System_SetAdvancedSettings	691	0x1800efd00
FMOD5_System_SetCallback	692	0x1800efd10
FMOD5_System_SetDSPBufferSize	693	0x1800efd20
FMOD5_System_SetDriver	694	0x1800efd30
FMOD5_System_SetFileSystem	695	0x1800efd40
FMOD5_System_SetGeometrySettings	696	0x1800efd50
FMOD5_System_SetNetworkProxy	697	0x1800efd60
FMOD5_System_SetNetworkTimeout	698	0x1800efd70
FMOD5_System_SetOutput	699	0x1800efd80
FMOD5_System_SetOutputByPlugin	700	0x1800efd90
FMOD5_System_SetPluginPath	701	0x1800efda0
FMOD5_System_SetReverbProperties	702	0x1800efdb0
FMOD5_System_SetSoftwareChannels	703	0x1800efdc0
FMOD5_System_SetSoftwareFormat	704	0x1800efdd0
FMOD5_System_SetSpeakerPosition	705	0x1800efde0
FMOD5_System_SetStreamBufferSize	706	0x1800efdf0
FMOD5_System_SetUserData	707	0x1800efe00
FMOD5_System_UnloadPlugin	708	0x1800efe10
FMOD5_System_UnlockDSP	709	0x1800efe20
FMOD5_System_Update	710	0x1800efe30
FMOD_ChannelGroup_AddDSP	711	0x1800c1a10
FMOD_ChannelGroup_AddFadePoint	712	0x1800c1a20
FMOD_ChannelGroup_AddGroup	713	0x1800c1a30
FMOD_ChannelGroup_Get3DAttributes	714	0x1800c1a50
FMOD_ChannelGroup_Get3DConeOrientation	715	0x1800c1a60
FMOD_ChannelGroup_Get3DConeSettings	716	0x1800c1a70
FMOD_ChannelGroup_Get3DCustomRolloff	717	0x1800c1a80
FMOD_ChannelGroup_Get3DDistanceFilter	718	0x1800c1a90
FMOD_ChannelGroup_Get3DDopplerLevel	719	0x1800c1ad0
FMOD_ChannelGroup_Get3DLevel	720	0x1800c1ae0
FMOD_ChannelGroup_Get3DMinMaxDistance	721	0x1800c1af0
FMOD_ChannelGroup_Get3DOcclusion	722	0x1800c1b00
FMOD_ChannelGroup_Get3DSpread	723	0x1800c1b10
FMOD_ChannelGroup_GetAudibility	724	0x1800c1b20
FMOD_ChannelGroup_GetChannel	725	0x1800c1b30
FMOD_ChannelGroup_GetDSP	726	0x1800c1b40
FMOD_ChannelGroup_GetDSPClock	727	0x1800c1b50
FMOD_ChannelGroup_GetDSPIndex	728	0x1800c1b60
FMOD_ChannelGroup_GetDelay	729	0x1800c1b70
FMOD_ChannelGroup_GetFadePoints	730	0x1800c1bb0
FMOD_ChannelGroup_GetGroup	731	0x1800c1bc0
FMOD_ChannelGroup_GetLowPassGain	732	0x1800c1bd0
FMOD_ChannelGroup_GetMixMatrix	733	0x1800c1be0
FMOD_ChannelGroup_GetMode	734	0x1800c1bf0
FMOD_ChannelGroup_GetMute	735	0x1800c1c00
FMOD_ChannelGroup_GetName	736	0x1800c1c40
FMOD_ChannelGroup_GetNumChannels	737	0x1800c1c50
FMOD_ChannelGroup_GetNumDSPs	738	0x1800c1c60
FMOD_ChannelGroup_GetNumGroups	739	0x1800c1c70
FMOD_ChannelGroup_GetParentGroup	740	0x1800c1c80
FMOD_ChannelGroup_GetPaused	741	0x1800c1c90
FMOD_ChannelGroup_GetPitch	742	0x1800c1cd0
FMOD_ChannelGroup_GetReverbProperties	743	0x1800c1ce0
FMOD_ChannelGroup_GetSystemObject	744	0x1800c1cf0
FMOD_ChannelGroup_GetUserData	745	0x1800c1d00
FMOD_ChannelGroup_GetVolume	746	0x1800c1d10
FMOD_ChannelGroup_GetVolumeRamp	747	0x1800c1d20
FMOD_ChannelGroup_IsPlaying	748	0x1800c1d60
FMOD_ChannelGroup_Release	749	0x1800c1da0
FMOD_ChannelGroup_RemoveDSP	750	0x1800c1db0
FMOD_ChannelGroup_RemoveFadePoints	751	0x1800c1dc0
FMOD_ChannelGroup_Set3DAttributes	752	0x1800c1dd0
FMOD_ChannelGroup_Set3DConeOrientation	753	0x1800c1de0
FMOD_ChannelGroup_Set3DConeSettings	754	0x1800c1df0
FMOD_ChannelGroup_Set3DCustomRolloff	755	0x1800c1e00
FMOD_ChannelGroup_Set3DDistanceFilter	756	0x1800c1e10
FMOD_ChannelGroup_Set3DDopplerLevel	757	0x1800c1e30
FMOD_ChannelGroup_Set3DLevel	758	0x1800c1e40
FMOD_ChannelGroup_Set3DMinMaxDistance	759	0x1800c1e50
FMOD_ChannelGroup_Set3DOcclusion	760	0x1800c1e60
FMOD_ChannelGroup_Set3DSpread	761	0x1800c1e70
FMOD_ChannelGroup_SetCallback	762	0x1800c1e80
FMOD_ChannelGroup_SetDSPIndex	763	0x1800c1e90
FMOD_ChannelGroup_SetDelay	764	0x1800c1ea0
FMOD_ChannelGroup_SetFadePointRamp	765	0x1800c1ec0
FMOD_ChannelGroup_SetLowPassGain	766	0x1800c1ed0
FMOD_ChannelGroup_SetMixLevelsInput	767	0x1800c1ee0
FMOD_ChannelGroup_SetMixLevelsOutput	768	0x1800c1ef0
FMOD_ChannelGroup_SetMixMatrix	769	0x1800c1f10
FMOD_ChannelGroup_SetMode	770	0x1800c1f20
FMOD_ChannelGroup_SetMute	771	0x1800c1f30
FMOD_ChannelGroup_SetPan	772	0x1800c1f50
FMOD_ChannelGroup_SetPaused	773	0x1800c1f60
FMOD_ChannelGroup_SetPitch	774	0x1800c1f80
FMOD_ChannelGroup_SetReverbProperties	775	0x1800c1f90
FMOD_ChannelGroup_SetUserData	776	0x1800c1fa0
FMOD_ChannelGroup_SetVolume	777	0x1800c1fb0
FMOD_ChannelGroup_SetVolumeRamp	778	0x1800c1fc0
FMOD_ChannelGroup_Stop	779	0x1800c1fe0
FMOD_Channel_AddDSP	780	0x1800c1ff0
FMOD_Channel_AddFadePoint	781	0x1800c2000
FMOD_Channel_Get3DAttributes	782	0x1800c2010
FMOD_Channel_Get3DConeOrientation	783	0x1800c2020
FMOD_Channel_Get3DConeSettings	784	0x1800c2030
FMOD_Channel_Get3DCustomRolloff	785	0x1800c2040
FMOD_Channel_Get3DDistanceFilter	786	0x1800c2050
FMOD_Channel_Get3DDopplerLevel	787	0x1800c2090
FMOD_Channel_Get3DLevel	788	0x1800c20a0
FMOD_Channel_Get3DMinMaxDistance	789	0x1800c20b0
FMOD_Channel_Get3DOcclusion	790	0x1800c20c0
FMOD_Channel_Get3DSpread	791	0x1800c20d0
FMOD_Channel_GetAudibility	792	0x1800c20e0
FMOD_Channel_GetChannelGroup	793	0x1800c20f0
FMOD_Channel_GetCurrentSound	794	0x1800c2100
FMOD_Channel_GetDSP	795	0x1800c2110
FMOD_Channel_GetDSPClock	796	0x1800c2120
FMOD_Channel_GetDSPIndex	797	0x1800c2130
FMOD_Channel_GetDelay	798	0x1800c2140
FMOD_Channel_GetFadePoints	799	0x1800c2180
FMOD_Channel_GetFrequency	800	0x1800c2190
FMOD_Channel_GetIndex	801	0x1800c21a0
FMOD_Channel_GetLoopCount	802	0x1800c21b0
FMOD_Channel_GetLoopPoints	803	0x1800c21c0
FMOD_Channel_GetLowPassGain	804	0x1800c21d0
FMOD_Channel_GetMixMatrix	805	0x1800c21e0
FMOD_Channel_GetMode	806	0x1800c21f0
FMOD_Channel_GetMute	807	0x1800c2200
FMOD_Channel_GetNumDSPs	808	0x1800c2240
FMOD_Channel_GetPaused	809	0x1800c2250
FMOD_Channel_GetPitch	810	0x1800c2290
FMOD_Channel_GetPosition	811	0x1800c22a0
FMOD_Channel_GetPriority	812	0x1800c22b0
FMOD_Channel_GetReverbProperties	813	0x1800c22c0
FMOD_Channel_GetSystemObject	814	0x1800c22d0
FMOD_Channel_GetUserData	815	0x1800c22e0
FMOD_Channel_GetVolume	816	0x1800c22f0
FMOD_Channel_GetVolumeRamp	817	0x1800c2300
FMOD_Channel_IsPlaying	818	0x1800c2340
FMOD_Channel_IsVirtual	819	0x1800c2380
FMOD_Channel_RemoveDSP	820	0x1800c23c0
FMOD_Channel_RemoveFadePoints	821	0x1800c23d0
FMOD_Channel_Set3DAttributes	822	0x1800c23e0
FMOD_Channel_Set3DConeOrientation	823	0x1800c23f0
FMOD_Channel_Set3DConeSettings	824	0x1800c2400
FMOD_Channel_Set3DCustomRolloff	825	0x1800c2410
FMOD_Channel_Set3DDistanceFilter	826	0x1800c2420
FMOD_Channel_Set3DDopplerLevel	827	0x1800c2440
FMOD_Channel_Set3DLevel	828	0x1800c2450
FMOD_Channel_Set3DMinMaxDistance	829	0x1800c2460
FMOD_Channel_Set3DOcclusion	830	0x1800c2470
FMOD_Channel_Set3DSpread	831	0x1800c2480
FMOD_Channel_SetCallback	832	0x1800c2490
FMOD_Channel_SetChannelGroup	833	0x1800c24a0
FMOD_Channel_SetDSPIndex	834	0x1800c24b0
FMOD_Channel_SetDelay	835	0x1800c24c0
FMOD_Channel_SetFadePointRamp	836	0x1800c24e0
FMOD_Channel_SetFrequency	837	0x1800c24f0
FMOD_Channel_SetLoopCount	838	0x1800c2500
FMOD_Channel_SetLoopPoints	839	0x1800c2510
FMOD_Channel_SetLowPassGain	840	0x1800c2520
FMOD_Channel_SetMixLevelsInput	841	0x1800c2530
FMOD_Channel_SetMixLevelsOutput	842	0x1800c2540
FMOD_Channel_SetMixMatrix	843	0x1800c2560
FMOD_Channel_SetMode	844	0x1800c2570
FMOD_Channel_SetMute	845	0x1800c2580
FMOD_Channel_SetPan	846	0x1800c25a0
FMOD_Channel_SetPaused	847	0x1800c25b0
FMOD_Channel_SetPitch	848	0x1800c25d0
FMOD_Channel_SetPosition	849	0x1800c25e0
FMOD_Channel_SetPriority	850	0x1800c25f0
FMOD_Channel_SetReverbProperties	851	0x1800c2600
FMOD_Channel_SetUserData	852	0x1800c2610
FMOD_Channel_SetVolume	853	0x1800c2620
FMOD_Channel_SetVolumeRamp	854	0x1800c2630
FMOD_Channel_Stop	855	0x1800c2650
FMOD_DSPConnection_GetInput	856	0x1800c2660
FMOD_DSPConnection_GetMix	857	0x1800c2670
FMOD_DSPConnection_GetMixMatrix	858	0x1800c2680
FMOD_DSPConnection_GetOutput	859	0x1800c2690
FMOD_DSPConnection_GetType	860	0x1800c26a0
FMOD_DSPConnection_GetUserData	861	0x1800c26b0
FMOD_DSPConnection_SetMix	862	0x1800c26c0
FMOD_DSPConnection_SetMixMatrix	863	0x1800c26d0
FMOD_DSPConnection_SetUserData	864	0x1800c26e0
FMOD_DSP_AddInput	865	0x1800c26f0
FMOD_DSP_DisconnectAll	866	0x1800c2700
FMOD_DSP_DisconnectFrom	867	0x1800c2720
FMOD_DSP_GetActive	868	0x1800c2730
FMOD_DSP_GetBypass	869	0x1800c2770
FMOD_DSP_GetCPUUsage	870	0x1800c27b0
FMOD_DSP_GetChannelFormat	871	0x1800c27c0
FMOD_DSP_GetDataParameterIndex	872	0x1800c27d0
FMOD_DSP_GetIdle	873	0x1800c27e0
FMOD_DSP_GetInfo	874	0x1800c2820
FMOD_DSP_GetInput	875	0x1800c2830
FMOD_DSP_GetMeteringEnabled	876	0x1800c2840
FMOD_DSP_GetMeteringInfo	877	0x1800c28b0
FMOD_DSP_GetNumInputs	878	0x1800c28c0
FMOD_DSP_GetNumOutputs	879	0x1800c28d0
FMOD_DSP_GetNumParameters	880	0x1800c28e0
FMOD_DSP_GetOutput	881	0x1800c28f0
FMOD_DSP_GetOutputChannelFormat	882	0x1800c2900
FMOD_DSP_GetParameterBool	883	0x1800c2910
FMOD_DSP_GetParameterData	884	0x1800c2960
FMOD_DSP_GetParameterFloat	885	0x1800c2970
FMOD_DSP_GetParameterInfo	886	0x1800c2980
FMOD_DSP_GetParameterInt	887	0x1800c2990
FMOD_DSP_GetSystemObject	888	0x1800c29a0
FMOD_DSP_GetType	889	0x1800c29b0
FMOD_DSP_GetUserData	890	0x1800c29c0
FMOD_DSP_GetWetDryMix	891	0x1800c29d0
FMOD_DSP_Release	892	0x1800c29e0
FMOD_DSP_Reset	893	0x1800c29f0
FMOD_DSP_SetActive	894	0x1800c2a00
FMOD_DSP_SetBypass	895	0x1800c2a20
FMOD_DSP_SetChannelFormat	896	0x1800c2a40
FMOD_DSP_SetMeteringEnabled	897	0x1800c2a50
FMOD_DSP_SetParameterBool	898	0x1800c2a70
FMOD_DSP_SetParameterData	899	0x1800c2a90
FMOD_DSP_SetParameterFloat	900	0x1800c2aa0
FMOD_DSP_SetParameterInt	901	0x1800c2ab0
FMOD_DSP_SetUserData	902	0x1800c2ac0
FMOD_DSP_SetWetDryMix	903	0x1800c2ad0
FMOD_DSP_ShowConfigDialog	904	0x1800c2ae0
FMOD_Debug_Initialize	905	0x1800ab110
FMOD_File_GetDiskBusy	906	0x1800ad100
FMOD_File_SetDiskBusy	907	0x1800ad120
FMOD_Geometry_AddPolygon	908	0x1800c2b00
FMOD_Geometry_GetActive	909	0x1800c2b20
FMOD_Geometry_GetMaxPolygons	910	0x1800c2b60
FMOD_Geometry_GetNumPolygons	911	0x1800c2b70
FMOD_Geometry_GetPolygonAttributes	912	0x1800c2b80
FMOD_Geometry_GetPolygonNumVertices	913	0x1800c2bc0
FMOD_Geometry_GetPolygonVertex	914	0x1800c2bd0
FMOD_Geometry_GetPosition	915	0x1800c2be0
FMOD_Geometry_GetRotation	916	0x1800c2bf0
FMOD_Geometry_GetScale	917	0x1800c2c00
FMOD_Geometry_GetUserData	918	0x1800c2c10
FMOD_Geometry_Release	919	0x1800c2c20
FMOD_Geometry_Save	920	0x1800c2c30
FMOD_Geometry_SetActive	921	0x1800c2c40
FMOD_Geometry_SetPolygonAttributes	922	0x1800c2c60
FMOD_Geometry_SetPolygonVertex	923	0x1800c2c80
FMOD_Geometry_SetPosition	924	0x1800c2c90
FMOD_Geometry_SetRotation	925	0x1800c2ca0
FMOD_Geometry_SetScale	926	0x1800c2cb0
FMOD_Geometry_SetUserData	927	0x1800c2cc0
FMOD_Memory_GetStats	928	0x1800c2cd0
FMOD_Memory_Initialize	929	0x1800c2dd0
FMOD_Reverb3D_Get3DAttributes	930	0x1800c2f60
FMOD_Reverb3D_GetActive	931	0x1800c2f70
FMOD_Reverb3D_GetProperties	932	0x1800c2fb0
FMOD_Reverb3D_GetUserData	933	0x1800c2fc0
FMOD_Reverb3D_Release	934	0x1800c2fd0
FMOD_Reverb3D_Set3DAttributes	935	0x1800c2fe0
FMOD_Reverb3D_SetActive	936	0x1800c2ff0
FMOD_Reverb3D_SetProperties	937	0x1800c3010
FMOD_Reverb3D_SetUserData	938	0x1800c3020
FMOD_SoundGroup_GetMaxAudible	939	0x1800c3030
FMOD_SoundGroup_GetMaxAudibleBehavior	940	0x1800c3040
FMOD_SoundGroup_GetMuteFadeSpeed	941	0x1800c3050
FMOD_SoundGroup_GetName	942	0x1800c3060
FMOD_SoundGroup_GetNumPlaying	943	0x1800c3070
FMOD_SoundGroup_GetNumSounds	944	0x1800c3080
FMOD_SoundGroup_GetSound	945	0x1800c3090
FMOD_SoundGroup_GetSystemObject	946	0x1800c30a0
FMOD_SoundGroup_GetUserData	947	0x1800c30b0
FMOD_SoundGroup_GetVolume	948	0x1800c30c0
FMOD_SoundGroup_Release	949	0x1800c30d0
FMOD_SoundGroup_SetMaxAudible	950	0x1800c30e0
FMOD_SoundGroup_SetMaxAudibleBehavior	951	0x1800c30f0
FMOD_SoundGroup_SetMuteFadeSpeed	952	0x1800c3100
FMOD_SoundGroup_SetUserData	953	0x1800c3110
FMOD_SoundGroup_SetVolume	954	0x1800c3120
FMOD_SoundGroup_Stop	955	0x1800c3130
FMOD_Sound_AddSyncPoint	956	0x1800c3140
FMOD_Sound_DeleteSyncPoint	957	0x1800c3150
FMOD_Sound_Get3DConeSettings	958	0x1800c3160
FMOD_Sound_Get3DCustomRolloff	959	0x1800c3170
FMOD_Sound_Get3DMinMaxDistance	960	0x1800c3180
FMOD_Sound_GetDefaults	961	0x1800c3190
FMOD_Sound_GetFormat	962	0x1800c31a0
FMOD_Sound_GetLength	963	0x1800c31b0
FMOD_Sound_GetLoopCount	964	0x1800c31c0
FMOD_Sound_GetLoopPoints	965	0x1800c31d0
FMOD_Sound_GetMode	966	0x1800c31e0
FMOD_Sound_GetMusicChannelVolume	967	0x1800c31f0
FMOD_Sound_GetMusicNumChannels	968	0x1800c3200
FMOD_Sound_GetMusicSpeed	969	0x1800c3210
FMOD_Sound_GetName	970	0x1800c3220
FMOD_Sound_GetNumSubSounds	971	0x1800c3230
FMOD_Sound_GetNumSyncPoints	972	0x1800c3240
FMOD_Sound_GetNumTags	973	0x1800c3250
FMOD_Sound_GetOpenState	974	0x1800c3260
FMOD_Sound_GetSoundGroup	975	0x1800c32c0
FMOD_Sound_GetSubSound	976	0x1800c32d0
FMOD_Sound_GetSubSoundParent	977	0x1800c32e0
FMOD_Sound_GetSyncPoint	978	0x1800c32f0
FMOD_Sound_GetSyncPointInfo	979	0x1800c3300
FMOD_Sound_GetSystemObject	980	0x1800c3310
FMOD_Sound_GetTag	981	0x1800c3320
FMOD_Sound_GetUserData	982	0x1800c3330
FMOD_Sound_Lock	983	0x1800c3340
FMOD_Sound_ReadData	984	0x1800c3350
FMOD_Sound_Release	985	0x1800c3360
FMOD_Sound_SeekData	986	0x1800c3370
FMOD_Sound_Set3DConeSettings	987	0x1800c3380
FMOD_Sound_Set3DCustomRolloff	988	0x1800c3390
FMOD_Sound_Set3DMinMaxDistance	989	0x1800c33a0
FMOD_Sound_SetDefaults	990	0x1800c33b0
FMOD_Sound_SetLoopCount	991	0x1800c33c0
FMOD_Sound_SetLoopPoints	992	0x1800c33d0
FMOD_Sound_SetMode	993	0x1800c33e0
FMOD_Sound_SetMusicChannelVolume	994	0x1800c33f0
FMOD_Sound_SetMusicSpeed	995	0x1800c3400
FMOD_Sound_SetSoundGroup	996	0x1800c3410
FMOD_Sound_SetUserData	997	0x1800c3420
FMOD_Sound_Unlock	998	0x1800c3430
FMOD_System_AttachChannelGroupToPort	999	0x1800c3440
FMOD_System_AttachFileSystem	1000	0x1800c3460
FMOD_System_Close	1001	0x1800c3470
FMOD_System_Create	1002	0x1800c3480
FMOD_System_CreateChannelGroup	1003	0x1800c3560
FMOD_System_CreateDSP	1004	0x1800c3570
FMOD_System_CreateDSPByPlugin	1005	0x1800c3580
FMOD_System_CreateDSPByType	1006	0x1800c3590
FMOD_System_CreateGeometry	1007	0x1800c35a0
FMOD_System_CreateReverb3D	1008	0x1800c35b0
FMOD_System_CreateSound	1009	0x1800c35c0
FMOD_System_CreateSoundGroup	1010	0x1800c35d0
FMOD_System_CreateStream	1011	0x1800c35e0
FMOD_System_DetachChannelGroupFromPort	1012	0x1800c35f0
FMOD_System_Get3DListenerAttributes	1013	0x1800c3600
FMOD_System_Get3DNumListeners	1014	0x1800c3610
FMOD_System_Get3DSettings	1015	0x1800c3620
FMOD_System_GetAdvancedSettings	1016	0x1800c3630
FMOD_System_GetCPUUsage	1017	0x1800c3640
FMOD_System_GetChannel	1018	0x1800c3650
FMOD_System_GetChannelsPlaying	1019	0x1800c3660
FMOD_System_GetDSPBufferSize	1020	0x1800c3670
FMOD_System_GetDSPInfoByPlugin	1021	0x1800c3680
FMOD_System_GetDefaultMixMatrix	1022	0x1800c3690
FMOD_System_GetDriver	1023	0x1800c36a0
FMOD_System_GetDriverInfo	1024	0x1800c36b0
FMOD_System_GetFileUsage	1025	0x1800c36c0
FMOD_System_GetGeometryOcclusion	1026	0x1800c36d0
FMOD_System_GetGeometrySettings	1027	0x1800c36e0
FMOD_System_GetMasterChannelGroup	1028	0x1800c36f0
FMOD_System_GetMasterSoundGroup	1029	0x1800c3700
FMOD_System_GetNestedPlugin	1030	0x1800c3710
FMOD_System_GetNetworkProxy	1031	0x1800c3720
FMOD_System_GetNetworkTimeout	1032	0x1800c3730
FMOD_System_GetNumDrivers	1033	0x1800c3740
FMOD_System_GetNumNestedPlugins	1034	0x1800c3750
FMOD_System_GetNumPlugins	1035	0x1800c3760
FMOD_System_GetOutput	1036	0x1800c3770
FMOD_System_GetOutputByPlugin	1037	0x1800c3780
FMOD_System_GetOutputHandle	1038	0x1800c3790
FMOD_System_GetPluginHandle	1039	0x1800c37a0
FMOD_System_GetPluginInfo	1040	0x1800c37b0
FMOD_System_GetRecordDriverInfo	1041	0x1800c37c0
FMOD_System_GetRecordNumDrivers	1042	0x1800c37d0
FMOD_System_GetRecordPosition	1043	0x1800c37e0
FMOD_System_GetReverbProperties	1044	0x1800c37f0
FMOD_System_GetSoftwareChannels	1045	0x1800c3800
FMOD_System_GetSoftwareFormat	1046	0x1800c3810
FMOD_System_GetSoundRAM	1047	0x1800c3820
FMOD_System_GetSpeakerModeChannels	1048	0x1800c3830
FMOD_System_GetSpeakerPosition	1049	0x1800c3840
FMOD_System_GetStreamBufferSize	1050	0x1800c3880
FMOD_System_GetUserData	1051	0x1800c3890
FMOD_System_GetVersion	1052	0x1800c38a0
FMOD_System_Init	1053	0x1800c38b0
FMOD_System_IsRecording	1054	0x1800c38c0
FMOD_System_LoadGeometry	1055	0x1800c3900
FMOD_System_LoadPlugin	1056	0x1800c3910
FMOD_System_LockDSP	1057	0x1800c3920
FMOD_System_MixerResume	1058	0x1800c3930
FMOD_System_MixerSuspend	1059	0x1800c3940
FMOD_System_PlayDSP	1060	0x1800c3950
FMOD_System_PlaySound	1061	0x1800c3970
FMOD_System_RecordStart	1062	0x1800c3990
FMOD_System_RecordStop	1063	0x1800c39b0
FMOD_System_RegisterCodec	1064	0x1800c39c0
FMOD_System_RegisterDSP	1065	0x1800c39d0
FMOD_System_RegisterOutput	1066	0x1800c39e0
FMOD_System_Release	1067	0x1800c39f0
FMOD_System_Set3DListenerAttributes	1068	0x1800c3a00
FMOD_System_Set3DNumListeners	1069	0x1800c3a10
FMOD_System_Set3DRolloffCallback	1070	0x1800c3a20
FMOD_System_Set3DSettings	1071	0x1800c3a30
FMOD_System_SetAdvancedSettings	1072	0x1800c3a40
FMOD_System_SetCallback	1073	0x1800c3a50
FMOD_System_SetDSPBufferSize	1074	0x1800c3a60
FMOD_System_SetDriver	1075	0x1800c3a70
FMOD_System_SetFileSystem	1076	0x1800c3a80
FMOD_System_SetGeometrySettings	1077	0x1800c3a90
FMOD_System_SetNetworkProxy	1078	0x1800c3aa0
FMOD_System_SetNetworkTimeout	1079	0x1800c3ab0
FMOD_System_SetOutput	1080	0x1800c3ac0
FMOD_System_SetOutputByPlugin	1081	0x1800c3ad0
FMOD_System_SetPluginPath	1082	0x1800c3ae0
FMOD_System_SetReverbProperties	1083	0x1800c3af0
FMOD_System_SetSoftwareChannels	1084	0x1800c3b00
FMOD_System_SetSoftwareFormat	1085	0x1800c3b10
FMOD_System_SetSpeakerPosition	1086	0x1800c3b20
FMOD_System_SetStreamBufferSize	1087	0x1800c3b40
FMOD_System_SetUserData	1088	0x1800c3b50
FMOD_System_UnloadPlugin	1089	0x1800c3b60
FMOD_System_UnlockDSP	1090	0x1800c3b70
FMOD_System_Update	1091	0x1800c3b80

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 01:03:41.981884003 CEST	53	63767	162.159.36.2	192.168.2.4
Sep 29, 2024 01:03:42.508903980 CEST	57870	53	192.168.2.4	1.1.1.1
Sep 29, 2024 01:03:42.526824951 CEST	53	57870	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 01:03:42.508903980 CEST	192.168.2.4	1.1.1.1	0xb306	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 01:03:42.526824951 CEST	1.1.1.1	192.168.2.4	0xb306	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

Target ID:	0
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\file.dll"
Imagebase:	0x7ff736220000
File size:	165'888 bytes
MD5 hash:	763455F9DCB24DFEECC2B9D9F8D46D52
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Imagebase:	0x7ff694980000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 7556 -s 396
Imagebase:	0x7ff6407c0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	19:03:10
Start date:	28/09/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 7572 -s 404
Imagebase:	0x7ff6407c0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	19:03:13
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	19:03:16
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\file.dll,?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",?addCallback@AsyncThread@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@H@Z@Z
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",?addFadePoint@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_KM@Z
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Update
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnlockDSP
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_UnloadPlugin
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetUserData
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetStreamBufferSize
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSpeakerPosition
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareFormat
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetSoftwareChannels
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetReverbProperties
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetPluginPath
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutputByPlugin
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetOutput
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkTimeout
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetNetworkProxy
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetGeometrySettings
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetFileSystem
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDriver
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetDSPBufferSize
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetCallback
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	19:03:19
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_SetAdvancedSettings
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	19:03:20
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DSettings
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	19:03:20
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DRolloffCallback
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	19:03:20
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DNumListeners
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	19:03:20
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Set3DListenerAttributes
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	19:03:20
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_Release
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	19:03:20
Start date:	28/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",FMOD_System_RegisterOutput
Imagebase:	0x7ff6cdc30000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2%
Total number of Nodes:	98
Total number of Limit Nodes:	3

Non-executed Functions

Function 00007FFDFB7D11F0 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__doserrno.LIBCMT ref: 00007FFDFB7D1246
_errno.LIBCMT ref: 00007FFDFB7D124D
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7D1258

Strings

U, xrefs: 00007FFDFB7D17BA

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: 60fb80a9f65fb98c3fc72a26895f1301df05b065da6d6a8a0ca4402a91eb8644
Instruction ID: bcf5f07c114e3bb491206b2344b488fc0b53776d64274da00e018ddec499ef11
Opcode Fuzzy Hash: 60fb80a9f65fb98c3fc72a26895f1301df05b065da6d6a8a0ca4402a91eb8644
Instruction Fuzzy Hash: 6412B122B1974386EB208F14D464B7A77A1FB88794F504136EA9E46AFCCF3DE549CB10

Function 00007FFDFB6E0F00 Relevance: 41.3, APIs: 27, Instructions: 801
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

powf.LIBCMT ref: 00007FFDFB6E1010
powf.LIBCMT ref: 00007FFDFB6E10BA
sinf.LIBCMT ref: 00007FFDFB6E117C
cosf.LIBCMT ref: 00007FFDFB6E119C
sinf.LIBCMT ref: 00007FFDFB6E11C0
cosf.LIBCMT ref: 00007FFDFB6E11E0
cosf.LIBCMT ref: 00007FFDFB6E1233
cosf.LIBCMT ref: 00007FFDFB6E1258
sinf.LIBCMT ref: 00007FFDFB6E1278
cosf.LIBCMT ref: 00007FFDFB6E1298
sinf.LIBCMT ref: 00007FFDFB6E12C3
cosf.LIBCMT ref: 00007FFDFB6E12E3
cosf.LIBCMT ref: 00007FFDFB6E1330
cosf.LIBCMT ref: 00007FFDFB6E1380
cosf.LIBCMT ref: 00007FFDFB6E13A6
cosf.LIBCMT ref: 00007FFDFB6E13BB
cosf.LIBCMT ref: 00007FFDFB6E13D0
cosf.LIBCMT ref: 00007FFDFB6E13E5
cosf.LIBCMT ref: 00007FFDFB6E13FA
cosf.LIBCMT ref: 00007FFDFB6E140F
cosf.LIBCMT ref: 00007FFDFB6E1424
cosf.LIBCMT ref: 00007FFDFB6E1439
sinf.LIBCMT ref: 00007FFDFB6E154C
cosf.LIBCMT ref: 00007FFDFB6E156C
powf.LIBCMT ref: 00007FFDFB6E1665
powf.LIBCMT ref: 00007FFDFB6E168D
powf.LIBCMT ref: 00007FFDFB6E169C

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosf$powfsinf
String ID:
API String ID: 846725008-0
Opcode ID: 51c938ad4cff7153dacdbadf22e87802635ea08a14a73a4f89531117666426d4
Instruction ID: e0498868942c4663c8547c507b3ee28ceabcf6e1823746558147d4b3ad9ba926
Opcode Fuzzy Hash: 51c938ad4cff7153dacdbadf22e87802635ea08a14a73a4f89531117666426d4
Instruction Fuzzy Hash: 5482D172F2978A86E3018F35D451BBCB7A0FF59784F159336E609636A5EB38A191CB00

Function 00007FFDFB7CAB48 Relevance: 35.7, APIs: 18, Strings: 2, Instructions: 687COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDFB7C4C8C: _getptd.LIBCMT ref: 00007FFDFB7C4CA2
Part of subcall function 00007FFDFB7C4C8C: __updatetlocinfo.LIBCMT ref: 00007FFDFB7C4CD7
Part of subcall function 00007FFDFB7C4C8C: __updatetmbcinfo.LIBCMT ref: 00007FFDFB7C4CFE

_errno.LIBCMT ref: 00007FFDFB7CABAE

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

_fileno.LIBCMT ref: 00007FFDFB7CABDB

Part of subcall function 00007FFDFB7D0460: _errno.LIBCMT ref: 00007FFDFB7D0469
Part of subcall function 00007FFDFB7D0460: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7D0474

write_multi_char.LIBCMT ref: 00007FFDFB7CB20B
write_string.LIBCMT ref: 00007FFDFB7CB228
write_multi_char.LIBCMT ref: 00007FFDFB7CB245
write_string.LIBCMT ref: 00007FFDFB7CB2A4
write_string.LIBCMT ref: 00007FFDFB7CB2DB
write_multi_char.LIBCMT ref: 00007FFDFB7CB2FD
free.LIBCMT ref: 00007FFDFB7CB311
_isleadbyte_l.LIBCMT ref: 00007FFDFB7CB3E2
write_char.LIBCMT ref: 00007FFDFB7CB3F8
write_char.LIBCMT ref: 00007FFDFB7CB419
_errno.LIBCMT ref: 00007FFDFB7CB513
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7CB51E

Strings

@, xrefs: 00007FFDFB7CABC7
, xrefs: 00007FFDFB7CB1DF

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _errnowrite_multi_charwrite_string$_invalid_parameter_noinfowrite_char$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3204631660-1077428164
Opcode ID: 3b75bddbcdc35393a756c72af49d7a983cb45f098c6837e9ac3f2a83a300b96d
Instruction ID: 72593bd4188ccbf4084ab4dc9de9def3ec4428d9c23749724c910a764b1d88cf
Opcode Fuzzy Hash: 3b75bddbcdc35393a756c72af49d7a983cb45f098c6837e9ac3f2a83a300b96d
Instruction Fuzzy Hash: 4A52E6A6B0E76B96FB648A159464B7E7BA0BF41740F141039EA6E067FCDF3CE9408700

Function 00007FFDFB7DAB94 Relevance: 30.5, APIs: 16, Strings: 1, Instructions: 711COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDFB7C4C8C: _getptd.LIBCMT ref: 00007FFDFB7C4CA2
Part of subcall function 00007FFDFB7C4C8C: __updatetlocinfo.LIBCMT ref: 00007FFDFB7C4CD7
Part of subcall function 00007FFDFB7C4C8C: __updatetmbcinfo.LIBCMT ref: 00007FFDFB7C4CFE

_errno.LIBCMT ref: 00007FFDFB7DAC03

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

_errno.LIBCMT ref: 00007FFDFB7DAC14
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7DAC1F
_isleadbyte_l.LIBCMT ref: 00007FFDFB7DAE28
_malloc_crt.LIBCMT ref: 00007FFDFB7DB191
DecodePointer.KERNEL32 ref: 00007FFDFB7DB1D1
DecodePointer.KERNEL32 ref: 00007FFDFB7DB212
DecodePointer.KERNEL32 ref: 00007FFDFB7DB237
write_multi_char.LIBCMT ref: 00007FFDFB7DB2C9
write_string.LIBCMT ref: 00007FFDFB7DB2E6
write_multi_char.LIBCMT ref: 00007FFDFB7DB30C
write_char.LIBCMT ref: 00007FFDFB7DB35B
write_string.LIBCMT ref: 00007FFDFB7DB3A0
write_multi_char.LIBCMT ref: 00007FFDFB7DB3C6
free.LIBCMT ref: 00007FFDFB7DB3E4
write_char.LIBCMT ref: 00007FFDFB7DB510

Strings

0 == dspsBlockSize % 2, xrefs: 00007FFDFB7DAB9C

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: DecodePointerwrite_multi_char$_errnowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_getptd_getptd_noexit_invalid_parameter_noinfo_isleadbyte_l_malloc_crtfree
String ID: 0 == dspsBlockSize % 2
API String ID: 448788376-1091591475
Opcode ID: 2fc14b178793c967eec4ccb432f9fe68790eab68cb30a1bdc126ac47dd94f9c9
Instruction ID: 6204e848af7c11adf2c57e64a0fa58338152e5c4e54b85b70ca55cfa45e7f930
Opcode Fuzzy Hash: 2fc14b178793c967eec4ccb432f9fe68790eab68cb30a1bdc126ac47dd94f9c9
Instruction Fuzzy Hash: A552C266B0E74386FB648B159460A7E7BA0FB887D4F140135DA6E577F8DE3DE8098B00

Function 00007FFDFB6C8480 Relevance: 29.7, APIs: 1, Strings: 17, Instructions: 2729COMMON

Download Yara Rule

Strings

IMPM, xrefs: 00007FFDFB6C85CA
PNAM, xrefs: 00007FFDFB6C8CE7
CNAM, xrefs: 00007FFDFB6C8DCD
Chorus, xrefs: 00007FFDFB6C966C
Echo, xrefs: 00007FFDFB6C908D
F, xrefs: 00007FFDFB6C8F98
FMOD IT Target Unit, xrefs: 00007FFDFB6CB1D0
X, xrefs: 00007FFDFB6C8FA3
IMPI, xrefs: 00007FFDFB6C9BFE
IMPS, xrefs: 00007FFDFB6CA3EE
X, xrefs: 00007FFDFB6C8FD6
c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_it.cpp, xrefs: 00007FFDFB6C9032, 00007FFDFB6C90C5, 00007FFDFB6C9243, 00007FFDFB6C93BB, 00007FFDFB6C9539, 00007FFDFB6C9651, 00007FFDFB6C96AA, 00007FFDFB6C9828, 00007FFDFB6C9954, 00007FFDFB6C99D2, 00007FFDFB6C9A7C, 00007FFDFB6C9AB7, 00007FFDFB6C9B53, 00007FFDFB6CA32B, 00007FFDFB6CA883, 00007FFDFB6CA8FE, 00007FFDFB6CA9AF, 00007FFDFB6CAA47, 00007FFDFB6CAEFE, 00007FFDFB6CAF25, 00007FFDFB6CB0C0, 00007FFDFB6CB3E8, 00007FFDFB6CB4AB, 00007FFDFB6CB51B
Sample name %d, xrefs: 00007FFDFB6CA4E3
Flanger, xrefs: 00007FFDFB6C937D
Song message, xrefs: 00007FFDFB6C9A4A
FMOD IT final mixdown unit, xrefs: 00007FFDFB6CB148
Number of channels, xrefs: 00007FFDFB6C9B1D

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: CNAM$Chorus$Echo$F$FMOD IT Target Unit$FMOD IT final mixdown unit$Flanger$IMPI$IMPM$IMPS$Number of channels$PNAM$Sample name %d$Song message$X$X$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_it.cpp
API String ID: 0-1247982828
Opcode ID: 9aff1eafe67e49b2f50abfdc015ece5010912ffe32cd7e3e9241402ba371755c
Instruction ID: c69acc1b4736eb8ae0ab84b4bc0e58af62e878aee2aa395e42c6fae8c83ece72
Opcode Fuzzy Hash: 9aff1eafe67e49b2f50abfdc015ece5010912ffe32cd7e3e9241402ba371755c
Instruction Fuzzy Hash: 01536C7670A68786EB54DF25D460BB977A0FB88B48F444035DB6D8B7A9EF38E411CB00

Function 00007FFDFB6CF9D0 Relevance: 21.7, APIs: 3, Strings: 9, Instructions: 669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wgetenv.LIBCMT ref: 00007FFDFB6CFC62
_stat32i64.LIBCMT ref: 00007FFDFB6CFCAC
_stat32i64.LIBCMT ref: 00007FFDFB6CFCF2

Strings

MTrk, xrefs: 00007FFDFB6D0023
windir, xrefs: 00007FFDFB6CFC5B
FMOD MIDI Target Unit, xrefs: 00007FFDFB6D0443
MThd, xrefs: 00007FFDFB6CFB0C
/system32/drivers/etc/gm.dls, xrefs: 00007FFDFB6CFCCE
Channel mask, xrefs: 00007FFDFB6D035D
c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_midi.cpp, xrefs: 00007FFDFB6CFD6B, 00007FFDFB6CFE1C, 00007FFDFB6CFE7F, 00007FFDFB6D0041, 00007FFDFB6D0184, 00007FFDFB6D03F8, 00007FFDFB6D04C3, 00007FFDFB6D052F, 00007FFDFB6D05F4
/system32/drivers/gm.dls, xrefs: 00007FFDFB6CFC88
Number of channels, xrefs: 00007FFDFB6D0328

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _stat32i64$_wgetenv
String ID: /system32/drivers/etc/gm.dls$/system32/drivers/gm.dls$Channel mask$FMOD MIDI Target Unit$MThd$MTrk$Number of channels$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_midi.cpp$windir
API String ID: 2592534748-1618955755
Opcode ID: 8b41c2a8d04c09f32e6f34f7f6e6d242bc4be9578bdce9eaae3c2629c184f93f
Instruction ID: 86e26762221ea3ec3f9dd7f6dde835b23d7b7f24d3cd3517dc01e18e88a3478e
Opcode Fuzzy Hash: 8b41c2a8d04c09f32e6f34f7f6e6d242bc4be9578bdce9eaae3c2629c184f93f
Instruction Fuzzy Hash: 2E728B72B06B868AEB11CF25D460BA937A4FB88B88F584135CE5C9B7ADDF38D545C700

Function 00007FFDFB6E4EB0 Relevance: 13.2, APIs: 1, Strings: 7, Instructions: 1150COMMON

Download Yara Rule

Strings

SCRM, xrefs: 00007FFDFB6E4FE6, 00007FFDFB6E5217
c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_s3m.cpp, xrefs: 00007FFDFB6E53B9, 00007FFDFB6E556C, 00007FFDFB6E5990, 00007FFDFB6E5A22, 00007FFDFB6E5C07, 00007FFDFB6E620A, 00007FFDFB6E627A
Sample name %d, xrefs: 00007FFDFB6E57CB
@, xrefs: 00007FFDFB6E5182
, xrefs: 00007FFDFB6E5370
FMOD S3M Target Unit, xrefs: 00007FFDFB6E616F
Number of channels, xrefs: 00007FFDFB6E537B

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: $@$FMOD S3M Target Unit$Number of channels$SCRM$Sample name %d$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_s3m.cpp
API String ID: 0-3027062726
Opcode ID: 34396bf3e71e6db16ef800dbe07c633deb27e43828bb614437cc9c954da12bf6
Instruction ID: 657dc76d3cfaea317b3dca92f491f493f23ab033a0b91987d506e0b01ea69e53
Opcode Fuzzy Hash: 34396bf3e71e6db16ef800dbe07c633deb27e43828bb614437cc9c954da12bf6
Instruction Fuzzy Hash: 03C2AE72B09B8386EB148F25D5A0AA977A0FB88B88F404131DF6D4B7E8DF78E515C744

Function 00007FFDFB6C26A0 Relevance: 11.7, Strings: 9, Instructions: 421COMMON

Download Yara Rule

Strings

FORM, xrefs: 00007FFDFB6C2778
SSND, xrefs: 00007FFDFB6C2BB9
sowt, xrefs: 00007FFDFB6C298C
NONE, xrefs: 00007FFDFB6C2946
MARK, xrefs: 00007FFDFB6C2C85
AIFF, xrefs: 00007FFDFB6C2963
INST, xrefs: 00007FFDFB6C2C42
AIFC, xrefs: 00007FFDFB6C27C9
COMM, xrefs: 00007FFDFB6C28FA

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: AIFC$AIFF$COMM$FORM$INST$MARK$NONE$SSND$sowt
API String ID: 0-2989557625
Opcode ID: 10ff42e44650b91494c15b9c0dba512ddd4579f179e11e0107f30aa56282d26d
Instruction ID: 2333bc87c655019a3bec7acd85f5843c24b2d3880489cd10ac138c6b142f4a1b
Opcode Fuzzy Hash: 10ff42e44650b91494c15b9c0dba512ddd4579f179e11e0107f30aa56282d26d
Instruction Fuzzy Hash: CD128EB2B0A64385E764AB25D460BBD37A0EB84B4DF144035DE5D8BBE9EF38D545C700

Function 00007FFDFB6EC1F0 Relevance: 11.7, APIs: 1, Strings: 6, Instructions: 1161COMMON

Download Yara Rule

Strings

Sample name %d, xrefs: 00007FFDFB6ECF58
Extended Module: , xrefs: 00007FFDFB6EC315
FMOD XM Target Unit, xrefs: 00007FFDFB6ED51E
c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_xm.cpp, xrefs: 00007FFDFB6EC5B9, 00007FFDFB6EC66F, 00007FFDFB6EC750, 00007FFDFB6EC947, 00007FFDFB6EC9A9, 00007FFDFB6ED127, 00007FFDFB6ED356, 00007FFDFB6ED3E2, 00007FFDFB6ED5BA, 00007FFDFB6ED62A
OggS, xrefs: 00007FFDFB6ED17E
Number of channels, xrefs: 00007FFDFB6EC57C

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: Extended Module: $FMOD XM Target Unit$Number of channels$OggS$Sample name %d$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_xm.cpp
API String ID: 0-549889872
Opcode ID: 791dedb79cca9ce3c3f1084102afe6b3db24978cbac3691ec7b095a64a8f1e32
Instruction ID: 9badf58d86e1386386b6bf7dd03776908969604fa70093303f41c1bb77f63a0f
Opcode Fuzzy Hash: 791dedb79cca9ce3c3f1084102afe6b3db24978cbac3691ec7b095a64a8f1e32
Instruction Fuzzy Hash: 1BC28F72B0978796EB148F25D560BA977A0FB88B88F004031DB6D4B7E9EF38E551C744

Function 00007FFDFB6E9EA0 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 526COMMON

Download Yara Rule

APIs

acmStreamSize.MSACM32 ref: 00007FFDFB6EA323
acmStreamSize.MSACM32 ref: 00007FFDFB6EA3B2

Strings

c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_wav.cpp, xrefs: 00007FFDFB6EA02F, 00007FFDFB6EA636
WAVE, xrefs: 00007FFDFB6E9FA6
RIFF, xrefs: 00007FFDFB6E9F64
, xrefs: 00007FFDFB6EA1C3

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: SizeStream
String ID: $RIFF$WAVE$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_wav.cpp
API String ID: 3824195153-2801951558
Opcode ID: cfbe1c24a65985b6b690f48bbea250900f3ed98fa3b4ed02a7888aa7474fc9a1
Instruction ID: 9e34348e48991802d59ae218eaf36714acd61bfccc2e251145544789b413daa5
Opcode Fuzzy Hash: cfbe1c24a65985b6b690f48bbea250900f3ed98fa3b4ed02a7888aa7474fc9a1
Instruction Fuzzy Hash: 3632A172B0A74786E7648F15D4A4AB877E0FB84B48F14803ADA6D4B7E8EF38D841C754

Function 00007FFDFB6BFC40 Relevance: 10.2, APIs: 4, Strings: 1, Instructions: 1405COMMON

Download Yara Rule

APIs

acosf.LIBCMT ref: 00007FFDFB6C037D
acosf.LIBCMT ref: 00007FFDFB6C07A7
cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: acosf$cosfsinf
String ID:
API String ID: 2496649812-3916222277
Opcode ID: 82819643dd11e0dfcde0ba7265ab3b32bdb5b5456af99f9d49237e5f2df25701
Instruction ID: cfb47eeb75ec3846ea09dd48dab2555d00d4969213f9c7da5d115bfda4ebc283
Opcode Fuzzy Hash: 82819643dd11e0dfcde0ba7265ab3b32bdb5b5456af99f9d49237e5f2df25701
Instruction Fuzzy Hash: 3DE21973F1A78A85E751DB368051AB87360FF5D785F189732DA2D2A6F9DB38B0818700

Function 00007FFDFB7AAAF0 Relevance: 8.3, Strings: 5, Instructions: 2040COMMON

Download Yara Rule

Strings

TT2, xrefs: 00007FFDFB7AC8BD
c:\jk\workspace\build__1.10__api_win\lowlevel_api\src\fmod_autocleanup.h, xrefs: 00007FFDFB7ACAE9, 00007FFDFB7ACB30
TIT2, xrefs: 00007FFDFB7AC89F
TITLE, xrefs: 00007FFDFB7AC8DB
c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_systemi_sound.cpp, xrefs: 00007FFDFB7AACC3, 00007FFDFB7AB279, 00007FFDFB7AB35C, 00007FFDFB7AB4B5, 00007FFDFB7AB8AF, 00007FFDFB7AB966, 00007FFDFB7AC0BB, 00007FFDFB7AC774

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: TIT2$TITLE$TT2$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_systemi_sound.cpp$c:\jk\workspace\build__1.10__api_win\lowlevel_api\src\fmod_autocleanup.h
API String ID: 0-539884770
Opcode ID: 30ceec38f9015aa733e978b281164e23b3481f028666eb24fcde0242d4c9d063
Instruction ID: 5ede8ab8b55f11104de9f0210c6434bd54140abbc30390e93db0e306c11c50b1
Opcode Fuzzy Hash: 30ceec38f9015aa733e978b281164e23b3481f028666eb24fcde0242d4c9d063
Instruction Fuzzy Hash: F6237036B0AB828AE794CF69D850AAD77A4FB48B88F144135DE5D5BBB8DF38D441C700

Function 00007FFDFB6E38C0 Relevance: 6.5, Strings: 5, Instructions: 288COMMON

Download Yara Rule

Strings

LENGTH, xrefs: 00007FFDFB6E3AE7
#EXTINF, xrefs: 00007FFDFB6E3A23
FILE, xrefs: 00007FFDFB6E3CCB
TITLE, xrefs: 00007FFDFB6E3BDF
#EXTM3U, xrefs: 00007FFDFB6E397B

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: #EXTINF$#EXTM3U$FILE$LENGTH$TITLE
API String ID: 0-570215855
Opcode ID: 320861443544efde86ddace0ed1cd088f1d04035bc9983f30853cb44e84bbad1
Instruction ID: 76cc4024a1b9c896bbb2db316de21311cb38cd9bc87a9924879b39b2b0c71589
Opcode Fuzzy Hash: 320861443544efde86ddace0ed1cd088f1d04035bc9983f30853cb44e84bbad1
Instruction Fuzzy Hash: 56C1C031B0E28744EB269B299064BFAA7A1EF85744F440131DBBD4B6FDDF6CE4428709

Function 00007FFDFB6CDB9B Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 461COMMON

Download Yara Rule

APIs

powf.LIBCMT ref: 00007FFDFB6CEF58

Strings

VUUU, xrefs: 00007FFDFB6CDBDE

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: powf
String ID: VUUU
API String ID: 3445610689-2040033107
Opcode ID: 2825d11ff34be5940086eef311fe2a08188b3986ca51961c634fbfdb2928f77c
Instruction ID: 3cfe88235a70a7633a4e207ff5e6d3b231a3b258e32685683d6e3aaa1f784d67
Opcode Fuzzy Hash: 2825d11ff34be5940086eef311fe2a08188b3986ca51961c634fbfdb2928f77c
Instruction Fuzzy Hash: D332F4B27096DA86E365DB35D054BB977A0FF59385F084235DBA817AE6CB38F064C700

Function 00007FFDFB6CCBF0 Relevance: 5.5, APIs: 3, Instructions: 1016COMMON

Download Yara Rule

APIs

logf.LIBCMT ref: 00007FFDFB6CD26E

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: logf
String ID:
API String ID: 2639405751-0
Opcode ID: beb92f6b535cacae8770d5347912aaa084f6efa4fbb70cd1776aeeee4b8b64f1
Instruction ID: 8894dd6a36ab1baada1fef0b1e3721549dbb6619f3768620274e17d52e9129d8
Opcode Fuzzy Hash: beb92f6b535cacae8770d5347912aaa084f6efa4fbb70cd1776aeeee4b8b64f1
Instruction Fuzzy Hash: 96B2F2B270D7D686E7658B29D060BB97BA0FB45785F084136DBA917AE5CB3CF064CB00

Function 00007FFDFB6EA710 Relevance: 4.9, APIs: 3, Instructions: 385COMMON

Download Yara Rule

APIs

acmStreamPrepareHeader.MSACM32 ref: 00007FFDFB6EA86B
acmStreamConvert.MSACM32 ref: 00007FFDFB6EA887
acmStreamUnprepareHeader.MSACM32 ref: 00007FFDFB6EA8F2

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: Stream$Header$ConvertPrepareUnprepare
String ID:
API String ID: 293062188-0
Opcode ID: fdc392af58687cda18d8cd413c16d3d35cf9dd5d7ab56809dec54a52d87774d3
Instruction ID: 168885e387e1f778bc0d1347a1309080179d18e3be739fced9ac9ee724756e28
Opcode Fuzzy Hash: fdc392af58687cda18d8cd413c16d3d35cf9dd5d7ab56809dec54a52d87774d3
Instruction Fuzzy Hash: 87E1A132B1A68786EB68CB29C160FB97391FB44754F448135DA6D4BBE8DF38E851CB04

Function 00007FFDFB704AE0 Relevance: 4.2, Strings: 3, Instructions: 439COMMON

Download Yara Rule

Strings

?, xrefs: 00007FFDFB704BAB
7, xrefs: 00007FFDFB704BA3
3, xrefs: 00007FFDFB704B9B

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: 3$7$?
API String ID: 0-1767453356
Opcode ID: e76724c2a447c271db411366409fe53f2e311d832648078c42f792e4db15865b
Instruction ID: 943bab2eb8d69fc5260658575817c99e2fdb6109376eade477857fd4174c9fee
Opcode Fuzzy Hash: e76724c2a447c271db411366409fe53f2e311d832648078c42f792e4db15865b
Instruction Fuzzy Hash: 35020432B1974686E721CB16E4A0679B260FF99784F184336DAAD56BF8DB3CE441CF00

Function 00007FFDFB6D8930 Relevance: 4.2, Strings: 3, Instructions: 404COMMON

Download Yara Rule

Strings

WAVE, xrefs: 00007FFDFB6D8AB7
RIFF, xrefs: 00007FFDFB6D8A6A
c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_mpeg.cpp, xrefs: 00007FFDFB6D8B65, 00007FFDFB6D8B95, 00007FFDFB6D9043

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: RIFF$WAVE$c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_codec_mpeg.cpp
API String ID: 0-212751826
Opcode ID: 22eefa120e6ac3812d7df324be3fa7ede0d4f61a1702b0637f71bfeb3a45f66c
Instruction ID: 4bf28f70e70c1f9306136f498341679a5d73ed73768de61551b53b653aa26c81
Opcode Fuzzy Hash: 22eefa120e6ac3812d7df324be3fa7ede0d4f61a1702b0637f71bfeb3a45f66c
Instruction Fuzzy Hash: 1D226C7271A7838AE7609F25E864AE933A4FB88B48F544135DE6D4B7E8DF38D505CB00

Function 00007FFDFB6D2170 Relevance: 3.7, APIs: 2, Instructions: 745COMMON

Download Yara Rule

APIs

powf.LIBCMT ref: 00007FFDFB6D2386

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: 603d62ab990437735766693c6872dc520f2df2760e8db12776a3dcee7f9f02aa
Instruction ID: b19a69295d7f2664e0fd164b8fb612bfaa814c4e4a89d8f48334bb807a14f0d9
Opcode Fuzzy Hash: 603d62ab990437735766693c6872dc520f2df2760e8db12776a3dcee7f9f02aa
Instruction Fuzzy Hash: CA62F762F2A28785E7169B21D064A79F7A0FF19B88F19C331DD546B2E8DF3DA4D0C610

Function 00007FFDFB6CDCB1 Relevance: 3.4, APIs: 2, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c2bc416de3332f65fa119509545a8d2a6f26969bc9b6a78c4fc8614aff0dc6e
Instruction ID: c4c196ccc73e7928f2df80de53be3fe4ee25ae9df7d618d0d7a372e85c587316
Opcode Fuzzy Hash: 0c2bc416de3332f65fa119509545a8d2a6f26969bc9b6a78c4fc8614aff0dc6e
Instruction Fuzzy Hash: AA22E5A2B096DA86E7659B359051BB977A0FF45385F084236DBA8176E6CF3CF064C700

Function 00007FFDFB6CDE0A Relevance: 3.4, APIs: 2, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82208018a9eb56528f63ea8002558d32b765005389a8d5140c6c311e32568397
Instruction ID: 95be0b92f8781a2928f623c85527eedfa26b7d1aa98564497179848d4b6048c5
Opcode Fuzzy Hash: 82208018a9eb56528f63ea8002558d32b765005389a8d5140c6c311e32568397
Instruction Fuzzy Hash: CB22F5A2B097D686E365DB35D051BB977A0FF59385F084236DBA817AE6CB38F064C700

Function 00007FFDFB6CE086 Relevance: 3.4, APIs: 2, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84bd7b23f321efafd22c65d8a6e57e47cdd5af560b18041bddfbbb2883dc800d
Instruction ID: 603e7d0768cf78811c284743045b112ea10687155979cb4961f245a464d53c95
Opcode Fuzzy Hash: 84bd7b23f321efafd22c65d8a6e57e47cdd5af560b18041bddfbbb2883dc800d
Instruction Fuzzy Hash: 0322F5A27096D686E365DB35D051BB977A0FF49385F084236DBA917AE6CB38F064C700

Function 00007FFDFB6CD7A0 Relevance: 3.4, APIs: 2, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c7c5b6750b0a946dd206f6e9a56139d076759615a2681e8b10382add957c258
Instruction ID: c860e0537be736fa2e577cea54475c3e61467e8552e9b40bba928498b526a23e
Opcode Fuzzy Hash: 9c7c5b6750b0a946dd206f6e9a56139d076759615a2681e8b10382add957c258
Instruction Fuzzy Hash: 2C22E5A2B097D686E765DB35D051BB977A0FF49385F084236DBA817AE6CB38F064C700

Function 00007FFDFB6CDD7F Relevance: 3.4, APIs: 2, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 742aa2a86e1fc8e1f6cf52df5dd477325c3d32edf911eae3f11e79a1ab62a4f6
Instruction ID: fecffb468b225da52db3c3f6f0ca959738b995e43f8cfbe87bc587e78bc230b0
Opcode Fuzzy Hash: 742aa2a86e1fc8e1f6cf52df5dd477325c3d32edf911eae3f11e79a1ab62a4f6
Instruction Fuzzy Hash: 7022E6A2B096D686E765DB35D061BB977A0FF49385F084235DBA817AE6CF38F064C700

Function 00007FFDFB6CDEBF Relevance: 3.4, APIs: 2, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3917960390b3c429497f5551053bc5c1a0c2e6ade36305ec3f4fade2a26165
Instruction ID: 5c6fe56c8b6f8978e8a2dd0cd574887edbabce4f32158d0d98981dd94bfc09e4
Opcode Fuzzy Hash: 6c3917960390b3c429497f5551053bc5c1a0c2e6ade36305ec3f4fade2a26165
Instruction Fuzzy Hash: C822E6A27096DA86E765DB35D061BB977A0FF49385F084235DBA817AE6CF38F064C700

Function 00007FFDFB6CE944 Relevance: 3.4, APIs: 2, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6300c78d533e74629876d859bd8bf90dfb7290e589f7b5e69232bda8f8d866
Instruction ID: 57feed202950e1992f548ee3c34e5d5db6018bb19eed5dd645fa9259735500cf
Opcode Fuzzy Hash: af6300c78d533e74629876d859bd8bf90dfb7290e589f7b5e69232bda8f8d866
Instruction Fuzzy Hash: 2B22F4A2B096D686E3659B35D051BB977A0FF49385F084236DBA917AE6CF3CF064C700

Function 00007FFDFB6CDFD6 Relevance: 3.4, APIs: 2, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c208fc805ee05bfdefce67e26f7e8cc49b79c9e105b51f6a93957282d7a39d
Instruction ID: d1ca021c32ac9582db6622311ef2abd27094930539af71adf8d719beee8705eb
Opcode Fuzzy Hash: 75c208fc805ee05bfdefce67e26f7e8cc49b79c9e105b51f6a93957282d7a39d
Instruction Fuzzy Hash: 0022F4A27097DA86E765DB35D060BB977A0FF49385F084235DBA917AE6CB38F064C700

Function 00007FFDFB6CD83C Relevance: 3.4, APIs: 2, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675bd5c7066a058e8b5010d1767f6d4f7e64006561e4a3251b836dd8be0fa413
Instruction ID: 2ee0a0489e45604ef6d7aef6be344223abfa3ef4d0560e5035f71b39d654031a
Opcode Fuzzy Hash: 675bd5c7066a058e8b5010d1767f6d4f7e64006561e4a3251b836dd8be0fa413
Instruction Fuzzy Hash: 8A22F6A27097DA86E765DB35D051BB977A0FF49385F084235DBA817AE6CB38F064C700

Function 00007FFDFB6CE0D8 Relevance: 3.4, APIs: 2, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fbf8ebf9c8c00007e5680ab9629560ac6fcd46b692e139c328dfdf50b9d8699
Instruction ID: c3dbe1b6dfe4768d4c14fd6158ce42d87a01c5af704748fe513a43398ddbf47b
Opcode Fuzzy Hash: 4fbf8ebf9c8c00007e5680ab9629560ac6fcd46b692e139c328dfdf50b9d8699
Instruction Fuzzy Hash: F622F5A27097DA86E365DB35D050BB977A0FF49385F084235DBA917AE6CB38F064CB00

Function 00007FFDFB6CE983 Relevance: 3.4, APIs: 2, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04d14819ed0188e81b383a02781408865f074094eacdf81b78b13c48f57e102
Instruction ID: fee30ac7277fa3144274df657f0c16fb1ab3db79b543f590afa50ee17b7816c7
Opcode Fuzzy Hash: d04d14819ed0188e81b383a02781408865f074094eacdf81b78b13c48f57e102
Instruction Fuzzy Hash: AF22E3A27096DA86E3659B35D051BB977A0FF49385F084235DBA917AE6CF38F064C700

Function 00007FFDFB6CE37D Relevance: 3.4, APIs: 2, Instructions: 411COMMON

Download Yara Rule

APIs

powf.LIBCMT ref: 00007FFDFB6CEF58

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: 06dddc037b30bd2783a2a696fe1c4a63d82cef08e3897184bde4a1266ecd4439
Instruction ID: e6b2583f0b10248fe825d36d62a0450bd3e49fc1a6be018894c097a31ad62448
Opcode Fuzzy Hash: 06dddc037b30bd2783a2a696fe1c4a63d82cef08e3897184bde4a1266ecd4439
Instruction Fuzzy Hash: FA22E3A27097DA86E765DB35D061BB977A0FF49385F084235DBA817AE6CB38F064C700

Function 00007FFDFB6CE33D Relevance: 3.4, APIs: 2, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96511e3df77955142db902f0a5e64e166403af174aa4dd3caceac293556c9233
Instruction ID: c70acfa06471d65c2171904752b90d60fbcb328606f61d1084201209b04f0690
Opcode Fuzzy Hash: 96511e3df77955142db902f0a5e64e166403af174aa4dd3caceac293556c9233
Instruction Fuzzy Hash: E622E4A27097DA86E766DB35D051BB977A0FF49385F084235DBA817AE6CB38F064C700

Function 00007FFDFB6CE3F1 Relevance: 3.4, APIs: 2, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0fda10f6b3404aa4f593de63f9cfd695ed00d4b45aae7c0af52891649a31c5
Instruction ID: 09474cadf67318a125e84eaf5ede823abd2b280910f209e1a1d107d619d0b6f3
Opcode Fuzzy Hash: 7c0fda10f6b3404aa4f593de63f9cfd695ed00d4b45aae7c0af52891649a31c5
Instruction Fuzzy Hash: 3F12F3A27097DA86E766DB35D051BB977A0FF49385F084235DBA817AE6CB38F064C700

Function 00007FFDFB6FCBF0 Relevance: 3.2, APIs: 2, Instructions: 195COMMON

Download Yara Rule

APIs

ldexp.LIBCMT ref: 00007FFDFB6FCC5E
ldexp.LIBCMT ref: 00007FFDFB6FCC95

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: ldexp
String ID:
API String ID: 3613099532-0
Opcode ID: 4abeb2b36b42efec222115914739e2d42a4951f3277572c4af600d57cd9fbc00
Instruction ID: bededda1f2b3adb09d9dcc2c6091d61df0372867e333ce5200ebebac985eb160
Opcode Fuzzy Hash: 4abeb2b36b42efec222115914739e2d42a4951f3277572c4af600d57cd9fbc00
Instruction Fuzzy Hash: 47715C32F1664686E7168B35A011A797A51FF99B84F14D331EA196ABF8EF3CF481C600

Function 00007FFDFB7440F0 Relevance: 2.2, Strings: 1, Instructions: 938COMMON

Download Yara Rule

Strings

DSPI::RunJob, xrefs: 00007FFDFB74472D

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: DSPI::RunJob
API String ID: 0-3985526273
Opcode ID: 876913066870ef64319db427a25033426fe5b110ac78b4893f4953d8bb2a6685
Instruction ID: aa169ae8f76abec0604d79d1eef318ed872f6f2626ba47ddcbe817c3e08ab86b
Opcode Fuzzy Hash: 876913066870ef64319db427a25033426fe5b110ac78b4893f4953d8bb2a6685
Instruction Fuzzy Hash: 08A26932B09782CAE7688F26D450BAA77A0FB48789F140135DB6D57BB8DF38E554DB00

Function 00007FFDFB7A9BB0 Relevance: 1.8, Strings: 1, Instructions: 516COMMON

Download Yara Rule

Strings

c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_systemi_sound.cpp, xrefs: 00007FFDFB7AA18F, 00007FFDFB7AA25C, 00007FFDFB7AA2FD

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\src\fmod_systemi_sound.cpp
API String ID: 0-1303962717
Opcode ID: 76073fb90c69e8553430b6b0a8f36706bd938cbcc5a74feb80557fcd8ce498fd
Instruction ID: 990108f3e1520e93a7817164dd140dab7892764c6835eb5be9077fb3fcbafa01
Opcode Fuzzy Hash: 76073fb90c69e8553430b6b0a8f36706bd938cbcc5a74feb80557fcd8ce498fd
Instruction Fuzzy Hash: 87325E36B1AB428AEB908F65D450AAD73A5FB88B48F044135EE5D8B7F8DE38D851C740

Function 00007FFDFB6DC6F0 Relevance: 1.0, Instructions: 992COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a6ea687430f7c7713686cd7dcecb979266e7cf2bb0bb6452a6392b50ba2276f
Instruction ID: c3c2fc3515f891b30c456cc154d7447161a856357ab7a06202cfb45ef97f6da4
Opcode Fuzzy Hash: 2a6ea687430f7c7713686cd7dcecb979266e7cf2bb0bb6452a6392b50ba2276f
Instruction Fuzzy Hash: 2592E272B15A468AE710CF69D454AAC37B1FB98748F114235CE2D9BBA8EF39E406C740

Function 00007FFDFB7C4B70 Relevance: .9, Instructions: 903COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c7b8e2df87d55b3ad733cd26bb4e6b739fe688364ca9c773bc3c24be45074a
Instruction ID: 16e96fc4126d5a06f748b884b623a394a6d659a7e69044c900dafe91c3215b0c
Opcode Fuzzy Hash: 76c7b8e2df87d55b3ad733cd26bb4e6b739fe688364ca9c773bc3c24be45074a
Instruction Fuzzy Hash: 7AA2A221E39F87C8E633077998316B9AB58AFBB6CAF45D327F95830874AB1971C75100

Function 00007FFDFB7C4B40 Relevance: .9, Instructions: 903COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4082454c0727affa3dd5e78c43b4a110d33d012808a493bd8ab5d960d3df409c
Instruction ID: 3377437e2d5941040e2c877906885091448550bd17eb44bd6586aa4bd1f5fe94
Opcode Fuzzy Hash: 4082454c0727affa3dd5e78c43b4a110d33d012808a493bd8ab5d960d3df409c
Instruction Fuzzy Hash: FDA2F121F3AFCB49E633073998216B5A758AFAB6C9F44D327E959308B5BF1971C34204

Function 00007FFDFB70CA80 Relevance: .9, Instructions: 866COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed00b5f4eef8bd3fe57fb98244986c3dc48656aa9e50693be0482e1762bc23e3
Instruction ID: 0cc9d4c061b26aef7905b43266f85e8dceda80669c1ee02a73eb558bfe656ffd
Opcode Fuzzy Hash: ed00b5f4eef8bd3fe57fb98244986c3dc48656aa9e50693be0482e1762bc23e3
Instruction Fuzzy Hash: E482F972F2E78586D712CF359050B78B760EF59381F198323EA59636F9EB2CA584DB00

Function 00007FFDFB6F6B80 Relevance: .7, Instructions: 656COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d344dcd6a13d04e6acab2d293fbb31a59b9801abdd09900aa9281460f07579bf
Instruction ID: a370246bc91f37a6f3b7daf2eb7796f763699bd86c446330efae966a711db8fa
Opcode Fuzzy Hash: d344dcd6a13d04e6acab2d293fbb31a59b9801abdd09900aa9281460f07579bf
Instruction Fuzzy Hash: 4452CF73715AC98ACB50CF3AC48466CB760FB48B88F588726CB1D577A4EB35E559CB00

Function 00007FFDFB6F1460 Relevance: .6, Instructions: 611COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfc7917bbbf1bee5a235a10183fb990b9d49ecdfbf07b39816ad50643338822c
Instruction ID: cc8af5179f37eb8bcdedd115a547d30f602d8e5488fecd9b9b2d2a64516b3d17
Opcode Fuzzy Hash: cfc7917bbbf1bee5a235a10183fb990b9d49ecdfbf07b39816ad50643338822c
Instruction Fuzzy Hash: 550281BBF7906013D36D8B29F862F566952B7E035CB49F02CAE0792F08E53DDA025B44

Function 00007FFDFB73C940 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98bca517ad8a63d13b74febd005165f87a1193c3a762197933f8bc731be367ed
Instruction ID: 59d522891f5bfb936d868448fa31e2110287d9ed546c13349dfb57c74ad3db5a
Opcode Fuzzy Hash: 98bca517ad8a63d13b74febd005165f87a1193c3a762197933f8bc731be367ed
Instruction Fuzzy Hash: CA32D662B0E79742EB649A219560FBA7655AF44B84F2D4031DE6D0BFFDDF2DE4809300

Function 00007FFDFB7625A0 Relevance: .6, Instructions: 588COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36f4090b224c4f866230c2df80f2bf206acdee6eea0dd1b1c3d3f085061bbd1d
Instruction ID: badd8859eb9ff516722972bd6258518ce12835b44a8794b0691526094021d62d
Opcode Fuzzy Hash: 36f4090b224c4f866230c2df80f2bf206acdee6eea0dd1b1c3d3f085061bbd1d
Instruction Fuzzy Hash: C832AD72B06B868ADB948F19D454A6873A6F744FE8F148235DA3D077E8DF38D595C300

Function 00007FFDFB705360 Relevance: .6, Instructions: 587COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14205471b3dba9883ebd83ff3ae2e90359fa3c404fb620072c92ad914644ba98
Instruction ID: 8913ed2d7ed265be3bee646720ef97d4f82f441b39afde0367572bb64292f166
Opcode Fuzzy Hash: 14205471b3dba9883ebd83ff3ae2e90359fa3c404fb620072c92ad914644ba98
Instruction Fuzzy Hash: DA42F972B057868BD7248F259094ABD77A5FB98788F084236EA9D537F8DF38E441CB00

Function 00007FFDFB6B2E00 Relevance: .5, Instructions: 489COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c33ba48b3c8f0146c9749c70c21a7586116c0540327425f5421e230e34aebd8
Instruction ID: 7756e446123f4d845aaedb68c5be2010011094a0121af6fb71f0f7ad91175a9b
Opcode Fuzzy Hash: 9c33ba48b3c8f0146c9749c70c21a7586116c0540327425f5421e230e34aebd8
Instruction Fuzzy Hash: E1123463715AA281E718CF29C4606BE37A6FB84F95F058235DA2E8B7E9DE3CD441C740

Function 00007FFDFB6FC420 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360bec3297c598c77761cb7a3df6d2a59792f3c71027902aac50d0ce9773b9c
Instruction ID: 9a89c88edebc100f3063a080c0f93584877b180feb320c4cae51677b937e77f0
Opcode Fuzzy Hash: 8360bec3297c598c77761cb7a3df6d2a59792f3c71027902aac50d0ce9773b9c
Instruction Fuzzy Hash: 7B02F772715A9286EB58CF29D460AB937E1FB84B84F109235DA6E87BD9EF38D540C340

Function 00007FFDFB6B8A50 Relevance: .5, Instructions: 453COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e77214501566145f63cb4bc1086d55029fc0c351e4a7450c32c69a86a91035
Instruction ID: fe8104e303ac010276f069b964a84db82c502ddd72001a6fd621534e9c79d511
Opcode Fuzzy Hash: a7e77214501566145f63cb4bc1086d55029fc0c351e4a7450c32c69a86a91035
Instruction Fuzzy Hash: 1E12D6727066D68ADB14CF25C450AAD7BB4FB44B98B058235EA2E4BBEDCB38D541CB00

Function 00007FFDFB7005F3 Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e34df38e05280a22c434c2cdb160b15bc6a71a9f66a0f4a1c3002e75b9a775
Instruction ID: 24b5b1ff2d4e7b2f8e4c2a80c93b0505df9d66b0d949b431081bec778684749c
Opcode Fuzzy Hash: 81e34df38e05280a22c434c2cdb160b15bc6a71a9f66a0f4a1c3002e75b9a775
Instruction Fuzzy Hash: 0C12D423D1DB8E82E263963740425B9B250AF7E395F1CE723FDA8354FADB2971D19600

Function 00007FFDFB761FA0 Relevance: .4, Instructions: 426COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60bf13f2ee62fcd3eaadc2694a29cfd57ef3985d581a9f4143079b99e2e36ac9
Instruction ID: f70f0d1f401d5681c351bc6a7a180fa516d741a07365ccd07cd2e9f552b0d33c
Opcode Fuzzy Hash: 60bf13f2ee62fcd3eaadc2694a29cfd57ef3985d581a9f4143079b99e2e36ac9
Instruction Fuzzy Hash: 95125E72B0AB428ADFA8DB01D474A7873A6FB54B90F158635CA6E476F8DF38D591C300

Function 00007FFDFB6C1EF0 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58d88e4252c362f637a31b63fde1bbaa2037665e6f16d1b2cdc8a8559beb5392
Instruction ID: 047cfc6d2da02912aaa1c902f79341d7aeee7c206b9d917c16b22b862ff058f6
Opcode Fuzzy Hash: 58d88e4252c362f637a31b63fde1bbaa2037665e6f16d1b2cdc8a8559beb5392
Instruction Fuzzy Hash: 90F1A772B0AA4346F765AF259410BB963A1FF84B4DF188135CE2D5BBECDE39A851C340

Function 00007FFDFB700D50 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2640140599f7363c4656523df08341b0d1a213ffd2810d9886f8f2855c406f7c
Instruction ID: d5558e4d4a0e46a050d8690a19f2a7b0a2d7c253e01e3a37b217d05586210392
Opcode Fuzzy Hash: 2640140599f7363c4656523df08341b0d1a213ffd2810d9886f8f2855c406f7c
Instruction Fuzzy Hash: 4802CC32A157CA85D316CF3794916B97360FFAD788F1D8736EE59366B8EB3470848A00

Function 00007FFDFB763240 Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92b84cf95e5bd186fe532102f04283fc178b8dfa6e7e3ee278990402a7b19b38
Instruction ID: 3a2d16e703320b8c328cf33c450691dac0607e4d270bde299f3d92f0d23fda3a
Opcode Fuzzy Hash: 92b84cf95e5bd186fe532102f04283fc178b8dfa6e7e3ee278990402a7b19b38
Instruction Fuzzy Hash: FFE1AD73B06B068AEF54CF19D464A7833A6FB54B90B168635CA6E477E8EF38D950C340

Function 00007FFDFB75C3C0 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50360452963b5de9da667b5e939b62d613b7168ec173bc331414ba1b8109aa8b
Instruction ID: 486f6432a8756a6531b50414de0e8ec8721dc8a6aa9f6b98b8bdef7041a9fda6
Opcode Fuzzy Hash: 50360452963b5de9da667b5e939b62d613b7168ec173bc331414ba1b8109aa8b
Instruction Fuzzy Hash: A0E1B033B0968287E7548E398465BF937E0F785B49F181036DE599BBE9CA3CD446CB10

Function 00007FFDFB7077D0 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0052bdc36b7e08618c6ed319b401b02119587354ca2002dd223555da54c194b
Instruction ID: c27a0653b6341d4446a30297713dcfebaa87564a4ef99ba185bd6f56f18d5215
Opcode Fuzzy Hash: c0052bdc36b7e08618c6ed319b401b02119587354ca2002dd223555da54c194b
Instruction Fuzzy Hash: 4CF16172B0A78281EB608B25E460BBA77A4FF94B88F445136DA9D47BB9DF3DD441C700

Function 00007FFDFB6CB9A0 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421b8e4a63e3c2985c1b15d53649d8a3f813eb4f77d1cde1ee87d6b559a65845
Instruction ID: 85bcb77943be4181e101dde310b67ca3ff357163bd0c510f43f6cd8d383767ab
Opcode Fuzzy Hash: 421b8e4a63e3c2985c1b15d53649d8a3f813eb4f77d1cde1ee87d6b559a65845
Instruction Fuzzy Hash: FFD11972B157E68AD750CB298458FBD7BE5E798705F4A8031DE5CCA2E9EA38E805C700

Function 00007FFDFB6F5E70 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff0fc19001ab3277522f4aaba5dd68e6e4c0c0bc1b9c7e68fa504abf9bdf2ee
Instruction ID: bccb1ce3778b5b5a8f78f16f858fd5246f138bd53df4c91d21b79a2671c9ac74
Opcode Fuzzy Hash: 8ff0fc19001ab3277522f4aaba5dd68e6e4c0c0bc1b9c7e68fa504abf9bdf2ee
Instruction Fuzzy Hash: 5BD1C372B0A7C785EB64CB15D420B796BA5FB84B84F554032DE6D4B7A8EF78E881C700

Function 00007FFDFB762960 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6c5e9e8247107a8f69741276f192ffefe4fd2059155018417f68992ac7d277a
Instruction ID: 8bb95165b102d3a1a07cba317a92ddd71641f0c90be0e1129f16ad4eba4119a5
Opcode Fuzzy Hash: a6c5e9e8247107a8f69741276f192ffefe4fd2059155018417f68992ac7d277a
Instruction Fuzzy Hash: 43C1A3B3B06B068ADFA4DF08D4A496833A6F754B90B14463ACA6D477F8EF38D595C340

Function 00007FFDFB6DA790 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5e7ed624cb2219dbf1d70f577e18315508d2c69917a5eb3606f2fc6b21c963
Instruction ID: a5ec0d0d981a736d6ba78009a7b59def067641fb4a15c761bebbc8f3f47a9b07
Opcode Fuzzy Hash: cd5e7ed624cb2219dbf1d70f577e18315508d2c69917a5eb3606f2fc6b21c963
Instruction Fuzzy Hash: B1D13CB2A0A6C686E7588F19D1616BC77E0F749B48F0D863ACB1D4B7A4CF39D491CB04

Function 00007FFDFB6F0340 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c3bde76acb3736ef0ff612c0d6adf406b4aed2f0b09db09e6a97cbf888dc6f
Instruction ID: a42f8e5871d55c05a45095894e9f770f520bb362329e54e5615faf5f8e507b61
Opcode Fuzzy Hash: 13c3bde76acb3736ef0ff612c0d6adf406b4aed2f0b09db09e6a97cbf888dc6f
Instruction Fuzzy Hash: 2B91E733B1959747E7288E29982097D7A42FBD1B90F198235DE2A5BBDCED3CEC018740

Function 00007FFDFB6C2D80 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681e3d5c03eb367c104cf872dcb0a6695357eabbff306f8f6661968261a30609
Instruction ID: fbe5b7bf2317b7c5eaa45005c37837e2976e4bccd7efa49bccfaf4c824125ce4
Opcode Fuzzy Hash: 681e3d5c03eb367c104cf872dcb0a6695357eabbff306f8f6661968261a30609
Instruction Fuzzy Hash: B2A12967F1958745F358AA35C820BB8BAD1EB9474AF08C035DA998BBDDDE3CD901D320

Function 00007FFDFB743420 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 399f277cd4337b2c602c5986fabedce5bea8ad0c8b8a5e30310703ebdd44c411
Instruction ID: 85de916324677505fe9837b87a70dd8cc88e1a3b00740060bbeaab8eb47206c8
Opcode Fuzzy Hash: 399f277cd4337b2c602c5986fabedce5bea8ad0c8b8a5e30310703ebdd44c411
Instruction Fuzzy Hash: C4A1C121B0A783C1E7619A25A161BBBB6A5EF84B85F090430DEAD47BFEDF3CE5414700

Function 00007FFDFB6D1C00 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d22166d5c86ea43263a5e0a65ab1ae8215da1bb67d7150aa50c074726821f379
Instruction ID: 3c5a29e229877977f76a49187fb2bbad2ee7ff07ac50112a823c480360a6f152
Opcode Fuzzy Hash: d22166d5c86ea43263a5e0a65ab1ae8215da1bb67d7150aa50c074726821f379
Instruction Fuzzy Hash: F4B18372B0968386E720DB15E460AB977A4FB88788F504135DE5D4BAE8DFB8E945CB00

Function 00007FFDFB782F70 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46daec79f54276f1b806b760ae7d016b40c142a218972c29daee7f2bbe8d2ebd
Instruction ID: cc74d5adf4ad8d5eb3c0a34ac043aa2ee2ffd706e3afef5ec2fb0d74808eae53
Opcode Fuzzy Hash: 46daec79f54276f1b806b760ae7d016b40c142a218972c29daee7f2bbe8d2ebd
Instruction Fuzzy Hash: D1A1A332B15F4287E768CB19D55152DB3E1F748B81B248139EB8E87BA8DF38E451C740

Function 00007FFDFB6FE2A0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4703363641bbe34021fc2e6e0ae25680562b19fc38599b204303858eb9551d1
Instruction ID: fee9f6451005a462ef1776596e5399c891a44a2fd2f7a3c5c3a5316dde84e1c0
Opcode Fuzzy Hash: e4703363641bbe34021fc2e6e0ae25680562b19fc38599b204303858eb9551d1
Instruction Fuzzy Hash: 6EB16062B0AA8381EB20DF25D4206A96B91FBC4B94F544635EA7D8B6FDFF38D544C700

Function 00007FFDFB77CCD0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 622a4bc1415c1ee73694e3ddd3a4366bb1608c10af576fc6c4d71e965b1686ab
Instruction ID: ef7bc1d63accb87fc6c5551e20877f794d859a41b771e2d61e7460daa57185b4
Opcode Fuzzy Hash: 622a4bc1415c1ee73694e3ddd3a4366bb1608c10af576fc6c4d71e965b1686ab
Instruction Fuzzy Hash: D9916D72706B8682EB649F35E460BA933A4EB88B98F184535CE6D47BF8DF78D451C340

Function 00007FFDFB761840 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56390383fd93d6b0430b4d99a4e429147a23f730a0669ba082a58bcb8b259100
Instruction ID: 4002f2b2198a0e7c9f6ab5bd8cd0c58cc4728e22796e509b05cf88b379548155
Opcode Fuzzy Hash: 56390383fd93d6b0430b4d99a4e429147a23f730a0669ba082a58bcb8b259100
Instruction Fuzzy Hash: A7919D73B05B8286DB58CF01E464BA833A5F794B94F50923ADA6E87BE8DF38C554C740

Function 00007FFDFB701B80 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f17500053de06a743ab9e8f6764b19d7bc9787b0aaf10cfa9132233d25ba30f
Instruction ID: 3bab28c37acbd148eca34afab2dc2dbae1227f314e464a1aeea49d08c3e8289c
Opcode Fuzzy Hash: 6f17500053de06a743ab9e8f6764b19d7bc9787b0aaf10cfa9132233d25ba30f
Instruction Fuzzy Hash: 39719632B0A78746E7648E259464B797791FB84B98F1C813AEDAD47BF8DF38D8418700

Function 00007FFDFB763710 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 699a0cf4435607929d0abca0ff247e8b446887c4d371393512bbeddc1d3e09c3
Instruction ID: 4d011819b602c43531eef0e4c661bd9e16bd1b369b23ebc9741778d5a4907b91
Opcode Fuzzy Hash: 699a0cf4435607929d0abca0ff247e8b446887c4d371393512bbeddc1d3e09c3
Instruction Fuzzy Hash: 25710273B0AB078AEF54CF08D464AA833A6F758B90B164636DA6E477E8DF38D445C340

Function 00007FFDFB6D13D0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0813264c870c48259489f205b955c66b84c0e5c4bc1c460f3117f9b8472cb16c
Instruction ID: 45da2b8e33aacfa7a5214105076d148361049b5f80c8dda04f53d98543c1e57c
Opcode Fuzzy Hash: 0813264c870c48259489f205b955c66b84c0e5c4bc1c460f3117f9b8472cb16c
Instruction Fuzzy Hash: 79812B73A1E6D785E7658F25C020B7D7BA1EB49748F184135CA9A0B2ECCFBDD5448B01

Function 00007FFDFB6C7580 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3938101d2e471721300ea90902f119128b40a81bb4622b7adcd202d6bb6134cb
Instruction ID: 17ba53d55e76769c0f574d0d562414a8731d09f292cf075c17ebde5054dde578
Opcode Fuzzy Hash: 3938101d2e471721300ea90902f119128b40a81bb4622b7adcd202d6bb6134cb
Instruction Fuzzy Hash: B781A272B1969382E725AB25D460BFE73A1FB88784F404031DF6D4B69ADF38E111CB40

Function 00007FFDFB6F80B0 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc4f31345ea56c621598d47ca2ae2aed23e26b7171144c763e984ada77b5e69d
Instruction ID: 11cdd7502ba253584283ad2a6b363f8330d10514fe2687acad5e56fc8edbc2e8
Opcode Fuzzy Hash: dc4f31345ea56c621598d47ca2ae2aed23e26b7171144c763e984ada77b5e69d
Instruction Fuzzy Hash: 41515732B0A99382E714CA6AD860A7E7B91FBC5744F158135CA2E877E8FE3CE001D740

Function 00007FFDFB6E4880 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd9d9fe31993f13fbfdefe720b18fb19482d7e8eae9b46b868103a58347ee4e
Instruction ID: 04055d82e52ffecc6e8bd2c662db53854f179fbf377f98b80e61db25865431ee
Opcode Fuzzy Hash: 7dd9d9fe31993f13fbfdefe720b18fb19482d7e8eae9b46b868103a58347ee4e
Instruction Fuzzy Hash: 5161B732B1E54742EB648B2A9060E3D6391FB84764F598134DAAD5FBEDDE2DEC01C708

Function 00007FFDFB6D9430 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc23818caec86845101dad39f819b7d741e9fcb9fb28c55d368db2b6fcabaaa1
Instruction ID: 39b880cfd494bbe1b0d892f19b003f0bed3c0fb7b1abd950e70b8898602316ed
Opcode Fuzzy Hash: fc23818caec86845101dad39f819b7d741e9fcb9fb28c55d368db2b6fcabaaa1
Instruction Fuzzy Hash: 9E614D32B1928747E7198A36D1A4E78B791AF9D780F148335DB295BAE9DF2CF4508700

Function 00007FFDFB6B42B0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eacf47beca012f95577d3473ae261e3e7ce24aa5fb7cea910b23cd669ddb356
Instruction ID: 414edc448c74119438fc61028a8fec4abc22a2fd8ce8a89bc8f2949bf4861cc1
Opcode Fuzzy Hash: 3eacf47beca012f95577d3473ae261e3e7ce24aa5fb7cea910b23cd669ddb356
Instruction Fuzzy Hash: 3351AF23B2965106F745C73ADC5176D76E1EF86BC0F08C336DA1AD3A99EF28E1528700

Function 00007FFDFB6F90C0 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bda8c3c3e9c00f9f01f8bff0b18808f5481ac799976d89bdb50ba71537f9758e
Instruction ID: 5b0e2fde47dddce01936b231e8d61f529f931fac3e18a84ca4d02b802a1b93e2
Opcode Fuzzy Hash: bda8c3c3e9c00f9f01f8bff0b18808f5481ac799976d89bdb50ba71537f9758e
Instruction Fuzzy Hash: DC61C17271A6C286EB248F18E055BA97B90FB84748F444039CB6D5BBDDEE3CE541CB00

Function 00007FFDFB6FCEB0 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a2de2f3f21e9c1449d2ac43d7bd91508e94e02089e4d821bd199b2e19e556d
Instruction ID: 011fa1c6623f49f6481dbbd097dd359191492cf4e162d6764dff5c9fefc6cb1f
Opcode Fuzzy Hash: e9a2de2f3f21e9c1449d2ac43d7bd91508e94e02089e4d821bd199b2e19e556d
Instruction Fuzzy Hash: F4510332B1B69786EB248B15A160F79BA90FF94784F408135CE2D4BFD8EE3CE8058740

Function 00007FFDFB6EACA0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51773e839a71dab05843d8841215fe45e2064fac29178e9a3c06ba784870b802
Instruction ID: ccc7abc797fc3f22a6f3007903d436db0b06b85c4cb22079e196f5029a3142f1
Opcode Fuzzy Hash: 51773e839a71dab05843d8841215fe45e2064fac29178e9a3c06ba784870b802
Instruction Fuzzy Hash: 8741C631B2B69347E77C8B259565F78A291FF88741F444039DA6D4BAE8DE3CF8108B04

Function 00007FFDFB6F8640 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 202bb7424f2df49b6b4c0687619ce9043a37f241d8535bb25af38cb02faf25fb
Instruction ID: ced310493efb78862cf2a8a50c2f838c281825c6f033b511bcd8873848859f60
Opcode Fuzzy Hash: 202bb7424f2df49b6b4c0687619ce9043a37f241d8535bb25af38cb02faf25fb
Instruction Fuzzy Hash: 82410E33B1999386E7148A299C60E7D2A96EBC5740F198134DE1ACB7EDFD3DE4018340

Function 00007FFDFB704780 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d7fb261c53d3a7cb0d401532d3962867f2dacb4e737c224af56f1f0579283d
Instruction ID: 0f9d5cc1d3f813b87ac87bc87ef6e8729f51be0d67f573ffddcee8fc0e12decf
Opcode Fuzzy Hash: d4d7fb261c53d3a7cb0d401532d3962867f2dacb4e737c224af56f1f0579283d
Instruction Fuzzy Hash: BA51CA22E2DB8E81D752C7375091474B370AFAE791F2DDB33E9A9325F5DB24B5814600

Function 00007FFDFB6F0F10 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57404d0860faa1f76f9747a1aa45542b5e8179c9ce902e3db3907c74869081b2
Instruction ID: 6fb1f386b0082396c14ebc54b079e48b75dcea659b2d903051deb9467151bb49
Opcode Fuzzy Hash: 57404d0860faa1f76f9747a1aa45542b5e8179c9ce902e3db3907c74869081b2
Instruction Fuzzy Hash: 2E0165723210624BFFA88B298C35A3C26D0E38A782F45653EDE49C6BD4DA2DA501CB50

Function 00007FFDFB7D63C4 Relevance: 36.2, APIs: 24, Instructions: 234
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_errno.LIBCMT ref: 00007FFDFB7D640F

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7D6408

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

__doserrno.LIBCMT ref: 00007FFDFB7D6432
_errno.LIBCMT ref: 00007FFDFB7D6439
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7D6744

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: 5805c1ae12828bbeea95a7e3c5a80e0c847252bbb5f2cc44d9862bf3745f349c
Instruction ID: 1ac916f5e327d55ed37220f8e56fa66f58c4eb563c15893c86506c24e03ba701
Opcode Fuzzy Hash: 5805c1ae12828bbeea95a7e3c5a80e0c847252bbb5f2cc44d9862bf3745f349c
Instruction Fuzzy Hash: 2AB15A72B0975396E7609F15E86193AB7A1FB88790F504139E6A943AFCDF3CE464CB00

Function 00007FFDFB7DE4A8 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 102
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_validdrive.LIBCMT ref: 00007FFDFB7DE4E1

Part of subcall function 00007FFDFB7DF058: __doserrno.LIBCMT ref: 00007FFDFB7DF072
Part of subcall function 00007FFDFB7DF058: _errno.LIBCMT ref: 00007FFDFB7DF07D
Part of subcall function 00007FFDFB7DF058: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7DF088

_errno.LIBCMT ref: 00007FFDFB7DE57E
_errno.LIBCMT ref: 00007FFDFB7DE4F5

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7DE4EA

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7DE500
_getdrive.LIBCMT ref: 00007FFDFB7DE50A
_errno.LIBCMT ref: 00007FFDFB7DE51A
GetFullPathNameW.KERNEL32 ref: 00007FFDFB7DE566

Strings

., xrefs: 00007FFDFB7DE54F
:, xrefs: 00007FFDFB7DE53A

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _errno$__doserrno_getptd_noexit_invalid_parameter_noinfo$FullNamePath_getdrive_validdrive
String ID: .$:
API String ID: 3206601966-4202072812
Opcode ID: dda4af5bde86a55b325c719ad0d14d5f3f2e85d21bb35f2d9409b6855bd26b4b
Instruction ID: b198ecb31f6cab6bdf26639e5731b347a388290f35fefdd7dbce0cdeadf89b2b
Opcode Fuzzy Hash: dda4af5bde86a55b325c719ad0d14d5f3f2e85d21bb35f2d9409b6855bd26b4b
Instruction Fuzzy Hash: 1F317FA2B1E74386FF625F609821A7D72906F4C7C4F444034E92E5A2FEEE3CE9058711

Function 00007FFDFB7CC09C Relevance: 18.1, APIs: 12, Instructions: 73
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DecodePointer.KERNEL32(?,?,00000000,00007FFDFB7C78AB,?,?,?,00007FFDFB7C7A6F), ref: 00007FFDFB7CC0AD
free.LIBCMT ref: 00007FFDFB7CC0CA

Part of subcall function 00007FFDFB7C55B8: HeapFree.KERNEL32(?,?,00000000,00007FFDFB7D02DE,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7C55CE
Part of subcall function 00007FFDFB7C55B8: _errno.LIBCMT ref: 00007FFDFB7C55D8
Part of subcall function 00007FFDFB7C55B8: GetLastError.KERNEL32(?,?,00000000,00007FFDFB7D02DE,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7C55E0

free.LIBCMT ref: 00007FFDFB7CC0DF
free.LIBCMT ref: 00007FFDFB7CC100
free.LIBCMT ref: 00007FFDFB7CC115
free.LIBCMT ref: 00007FFDFB7CC129
free.LIBCMT ref: 00007FFDFB7CC135
free.LIBCMT ref: 00007FFDFB7CC160
EncodePointer.KERNEL32(?,?,00000000,00007FFDFB7C78AB,?,?,?,00007FFDFB7C7A6F), ref: 00007FFDFB7CC168
free.LIBCMT ref: 00007FFDFB7CC181
free.LIBCMT ref: 00007FFDFB7CC19A
free.LIBCMT ref: 00007FFDFB7CC1CB

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
String ID:
API String ID: 4099253644-0
Opcode ID: cf4d798ab351e78df53d692251e05e5482dec89a3a212b31f4242bedf1750c22
Instruction ID: 48809c52745d8ce8a239ed6e5f6bcc2d65b0de9e6b0d954817908d64d14576fa
Opcode Fuzzy Hash: cf4d798ab351e78df53d692251e05e5482dec89a3a212b31f4242bedf1750c22
Instruction Fuzzy Hash: 87313DA1F1BB0392FB549B21F875B7832A1AF85B50F085139C93D06AFECE2CE4808340

Function 00007FFDFB6E99D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 141
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fseek.LIBCMT ref: 00007FFDFB6E9A47
fwrite.LIBCMT ref: 00007FFDFB6E9B33
fwrite.LIBCMT ref: 00007FFDFB6E9B4B
fwrite.LIBCMT ref: 00007FFDFB6E9B60

Strings

WAVE, xrefs: 00007FFDFB6E9B3D
RIFF, xrefs: 00007FFDFB6E9B29
fmt dataRIFF, xrefs: 00007FFDFB6E9B55

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: fwrite$fseek
String ID: RIFF$WAVE$fmt dataRIFF
API String ID: 3883414211-669727819
Opcode ID: 4a58db390e0c350147679b17a6877f850bd56ed26d1ad645e210a60729b5f62a
Instruction ID: ba7d3c1f87c1264b77391d9df7adf02129169b6084c17b2c194dea870fc07de5
Opcode Fuzzy Hash: 4a58db390e0c350147679b17a6877f850bd56ed26d1ad645e210a60729b5f62a
Instruction Fuzzy Hash: D2519172F156138AFB50DBA9C851BAD33A1BF48308F548035DE1C9BBE9DE389946CB04

Function 00007FFDFB7D0F98 Relevance: 15.1, APIs: 10, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_errno.LIBCMT ref: 00007FFDFB7D0FC3

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7D0FBB

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

__lock_fhandle.LIBCMT ref: 00007FFDFB7D1007
_lseek_nolock.LIBCMT ref: 00007FFDFB7D1020
_unlock_fhandle.LIBCMT ref: 00007FFDFB7D1041

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
String ID:
API String ID: 1078912150-0
Opcode ID: d9e3faa8781b963d127ee6cabffdf646e7a81645105aceffb584fd15a491f447
Instruction ID: c271ec470d6d29ea8726ef2f9b48cab0e53d58f7b361dd2423dc21dbb5aab205
Opcode Fuzzy Hash: d9e3faa8781b963d127ee6cabffdf646e7a81645105aceffb584fd15a491f447
Instruction Fuzzy Hash: 1D21CF62B1E78355E3016B159862B7D7650AF847E0F454538EA3D0A6FACF7CA8458310

Function 00007FFDFB7D5700 Relevance: 15.1, APIs: 10, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDFB7D572B

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7D5723

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

__lock_fhandle.LIBCMT ref: 00007FFDFB7D576F
_lseeki64_nolock.LIBCMT ref: 00007FFDFB7D5788
_unlock_fhandle.LIBCMT ref: 00007FFDFB7D57AB

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
String ID:
API String ID: 2644381645-0
Opcode ID: a0e9060e0624be55f51861cf2a2466c7cde2639377625ede96349cae0c3d369e
Instruction ID: c05799f1f3acb4e0cf52909680bae323c15885523ac77f0b40a436a1db25e9f7
Opcode Fuzzy Hash: a0e9060e0624be55f51861cf2a2466c7cde2639377625ede96349cae0c3d369e
Instruction Fuzzy Hash: 8021B062B1A74396E7016B259821B7D76506F94BF0F694238EE3D0A3FADF7CA4408710

Function 00007FFDFB6E8A40 Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 236COMMON

Download Yara Rule

Strings

ALBUM, xrefs: 00007FFDFB6E8BF1
ARTIST, xrefs: 00007FFDFB6E8B63
TRACK, xrefs: 00007FFDFB6E8D63
GENRE, xrefs: 00007FFDFB6E8DF4
YEAR, xrefs: 00007FFDFB6E8C7F
TITLE, xrefs: 00007FFDFB6E8AD5
COMMENT, xrefs: 00007FFDFB6E8D0D

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID:
String ID: ALBUM$ARTIST$COMMENT$GENRE$TITLE$TRACK$YEAR
API String ID: 0-884420406
Opcode ID: 8fec39663965d748d2b14ea4cc4789a4ebe5684eb335f0ad5483c9e7b51c1f9f
Instruction ID: 148ee33a60f78a34714cd8384e5b9e5b143922c70356e3f0a87436e302cab9d7
Opcode Fuzzy Hash: 8fec39663965d748d2b14ea4cc4789a4ebe5684eb335f0ad5483c9e7b51c1f9f
Instruction Fuzzy Hash: 07C12832B196528DEB50DBB0E8507ED3BB0BB48348F440136EA9DA7AADEF38D145C744

Function 00007FFDFB7D1110 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDFB7D113B

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7D1133

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

__lock_fhandle.LIBCMT ref: 00007FFDFB7D117F
_unlock_fhandle.LIBCMT ref: 00007FFDFB7D11B9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
String ID:
API String ID: 2464146582-0
Opcode ID: c0d60725373e9c41c0598c34f57118b5657bb6d9104077c137164366f3da7e52
Instruction ID: 093d89442ce3f13e75fb1df5597bcba009268a06e49ed93dcf1bc5b1c8def6df
Opcode Fuzzy Hash: c0d60725373e9c41c0598c34f57118b5657bb6d9104077c137164366f3da7e52
Instruction Fuzzy Hash: CE21FF72B1E74356E3016B259862B7D7651AF84BE0F094138EA3D0B6FACF7DA4448310

Function 00007FFDFB7D93DC Relevance: 13.6, APIs: 9, Instructions: 63COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDFB7D93F5

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__lock_fhandle.LIBCMT ref: 00007FFDFB7D943D
FlushFileBuffers.KERNEL32(00000001,00000003,00000000,00007FFDFB7D067E,?,?,00000060,00007FFDFB7D0740,?,?,00000003,00007FFDFB7C83EA), ref: 00007FFDFB7D9458
GetLastError.KERNEL32(?,?,00000060,00007FFDFB7D0740,?,?,00000003,00007FFDFB7C83EA), ref: 00007FFDFB7D9462
__doserrno.LIBCMT ref: 00007FFDFB7D9472
_errno.LIBCMT ref: 00007FFDFB7D9479
_unlock_fhandle.LIBCMT ref: 00007FFDFB7D9489

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
String ID:
API String ID: 2927645455-0
Opcode ID: 0155c1abd61115a5e5238ad0e6c3619ff1ce2ed7019004f7e96fe9224ab38616
Instruction ID: 51a01f565ce5e26f04ff7fb7030fa2821a5cfe6c8b8132070fa32b8aa9b927d0
Opcode Fuzzy Hash: 0155c1abd61115a5e5238ad0e6c3619ff1ce2ed7019004f7e96fe9224ab38616
Instruction Fuzzy Hash: BD218E62B1E74345E7116FA5D4B1A7E7650AF88790F594138DA3E0B2FBCF7CA8458304

Function 00007FFDFB7D0488 Relevance: 13.6, APIs: 9, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDFB7D04A9

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7D04A1

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

__lock_fhandle.LIBCMT ref: 00007FFDFB7D04ED
_close_nolock.LIBCMT ref: 00007FFDFB7D0500
_unlock_fhandle.LIBCMT ref: 00007FFDFB7D0519

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
String ID:
API String ID: 2140805544-0
Opcode ID: fbb99d3841884056ba07b063a9d788be12f9e794a8d4c1bcdcd76d4ac9059d04
Instruction ID: 919a113ca8f11fa3fa24f5b3b81dda5b7f95661c59c03b3124ded2c54df02b87
Opcode Fuzzy Hash: fbb99d3841884056ba07b063a9d788be12f9e794a8d4c1bcdcd76d4ac9059d04
Instruction Fuzzy Hash: 3211DE72B1E34356E3016B24A871E7C7650AF847A0F551138D93E4B2FACE7CE8448310

Function 00007FFDFB7BEBF0 Relevance: 12.2, APIs: 8, Instructions: 210COMMON

Download Yara Rule

APIs

logf.LIBCMT ref: 00007FFDFB7BEC70
log.LIBCMT ref: 00007FFDFB7BEC80
cosf.LIBCMT ref: 00007FFDFB7BED7F
sinf.LIBCMT ref: 00007FFDFB7BED8D
cosf.LIBCMT ref: 00007FFDFB7BEDA9
sinf.LIBCMT ref: 00007FFDFB7BEDB7
cosf.LIBCMT ref: 00007FFDFB7BEE2E
sinf.LIBCMT ref: 00007FFDFB7BEE3F

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf$logf
String ID:
API String ID: 3595282622-0
Opcode ID: 0306b9306831206599c90498e50d2235fd5329ee40022bd8796797b9796fe1f9
Instruction ID: 1f2f2b64674909a26dfb9201d2f71e1c1e21cfb259df3d3b58c2ecae218e1cec
Opcode Fuzzy Hash: 0306b9306831206599c90498e50d2235fd5329ee40022bd8796797b9796fe1f9
Instruction Fuzzy Hash: 4B810B22E15B8A55E3129B359401BFAB390BFAD344F19C731F959626B9EB38F581CB00

Function 00007FFDFB7CBC10 Relevance: 12.0, APIs: 8, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

_FF_MSGBANNER.LIBCMT ref: 00007FFDFB7CBC2D

Part of subcall function 00007FFDFB7D1A30: _set_error_mode.LIBCMT ref: 00007FFDFB7D1A39
Part of subcall function 00007FFDFB7D1A30: _set_error_mode.LIBCMT ref: 00007FFDFB7D1A48
Part of subcall function 00007FFDFB7D1A30: _NMSG_WRITE.LIBCMT ref: 00007FFDFB7D1A5F
Part of subcall function 00007FFDFB7D1A30: _NMSG_WRITE.LIBCMT ref: 00007FFDFB7D1A69

_NMSG_WRITE.LIBCMT ref: 00007FFDFB7CBC37

Part of subcall function 00007FFDFB7D1AA4: _set_error_mode.LIBCMT ref: 00007FFDFB7D1AE9
Part of subcall function 00007FFDFB7D1AA4: _set_error_mode.LIBCMT ref: 00007FFDFB7D1AFA
Part of subcall function 00007FFDFB7D1AA4: GetModuleFileNameW.KERNEL32 ref: 00007FFDFB7D1B5C
Part of subcall function 00007FFDFB7D1AA4: __crtMessageBoxW.LIBCMT ref: 00007FFDFB7D1C0D

Part of subcall function 00007FFDFB7CC084: __crtCorExitProcess.LIBCMT ref: 00007FFDFB7CC08C
Part of subcall function 00007FFDFB7CC084: ExitProcess.KERNEL32 ref: 00007FFDFB7CC093

_malloc_crt.LIBCMT ref: 00007FFDFB7CBC63

Part of subcall function 00007FFDFB7D22E8: malloc.LIBCMT ref: 00007FFDFB7D2313
Part of subcall function 00007FFDFB7D22E8: Sleep.KERNEL32(?,?,?,00007FFDFB7CBC68,?,?,?,00007FFDFB7CBB67,?,?,0000000D,00007FFDFB7D017F,?,?,00000000,00007FFDFB7D024A), ref: 00007FFDFB7D2326

_errno.LIBCMT ref: 00007FFDFB7CBC70
_lock.LIBCMT ref: 00007FFDFB7CBC84
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FFDFB7CBB67,?,?,0000000D,00007FFDFB7D017F,?,?,00000000,00007FFDFB7D024A,?,?,?,00007FFDFB7C7944), ref: 00007FFDFB7CBC99
free.LIBCMT ref: 00007FFDFB7CBCA5

Part of subcall function 00007FFDFB7C55B8: HeapFree.KERNEL32(?,?,00000000,00007FFDFB7D02DE,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7C55CE
Part of subcall function 00007FFDFB7C55B8: _errno.LIBCMT ref: 00007FFDFB7C55D8
Part of subcall function 00007FFDFB7C55B8: GetLastError.KERNEL32(?,?,00000000,00007FFDFB7D02DE,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7C55E0

LeaveCriticalSection.KERNEL32(?,?,?,00007FFDFB7CBB67,?,?,0000000D,00007FFDFB7D017F,?,?,00000000,00007FFDFB7D024A,?,?,?,00007FFDFB7C7944), ref: 00007FFDFB7CBCB2

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _set_error_mode$CriticalExitProcessSection__crt_errno$CountErrorFileFreeHeapInitializeLastLeaveMessageModuleNameSleepSpin_lock_malloc_crtfreemalloc
String ID:
API String ID: 3481093610-0
Opcode ID: c9b07db09193e9564490e07e0caf2788dd03c285885ab70628e9db66ff1ff910
Instruction ID: 60c9fe3aa3bec327544333fb7a44ead3b117281ba2ba22c9056e876a418d70c6
Opcode Fuzzy Hash: c9b07db09193e9564490e07e0caf2788dd03c285885ab70628e9db66ff1ff910
Instruction Fuzzy Hash: FD116AA0B2E74BA1F760AB60E565B7D3251EF84780F000038E96E46BFECE7CA4818310

Function 00007FFDFB7D8FE8 Relevance: 10.6, APIs: 7, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDFB7CBC10: _FF_MSGBANNER.LIBCMT ref: 00007FFDFB7CBC2D
Part of subcall function 00007FFDFB7CBC10: _NMSG_WRITE.LIBCMT ref: 00007FFDFB7CBC37

_lock.LIBCMT ref: 00007FFDFB7D9028
_lock.LIBCMT ref: 00007FFDFB7D9083
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000000,00000000,80000000,00007FFDFB7D7159), ref: 00007FFDFB7D9098
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,80000000,00007FFDFB7D7159), ref: 00007FFDFB7D90B4
LeaveCriticalSection.KERNEL32(?,?,00000000,00000000,80000000,00007FFDFB7D7159), ref: 00007FFDFB7D90C4
_calloc_crt.LIBCMT ref: 00007FFDFB7D913A
__lock_fhandle.LIBCMT ref: 00007FFDFB7D91A2

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: CriticalSection$_lock$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt
String ID:
API String ID: 3307090481-0
Opcode ID: f68123b31c7b6df351fe40185634101800ddb0325711a765ed80b5c1163be89d
Instruction ID: c4887acd499fb16ca384bf30098860d95392cd275c79b8ccbb3efa5a8634f71a
Opcode Fuzzy Hash: f68123b31c7b6df351fe40185634101800ddb0325711a765ed80b5c1163be89d
Instruction Fuzzy Hash: 0951CE32B1A74782EB209B11E864639B6A5FF88B94F154135DA6D473F8DF3DE849C700

Function 00007FFDFB6F24D0 Relevance: 10.1, APIs: 8, Instructions: 126COMMON

Download Yara Rule

APIs

calloc.LIBCMT ref: 00007FFDFB6F24DE

Part of subcall function 00007FFDFB7C5574: _calloc_impl.LIBCMT ref: 00007FFDFB7C5584
Part of subcall function 00007FFDFB7C5574: _errno.LIBCMT ref: 00007FFDFB7C5597
Part of subcall function 00007FFDFB7C5574: _errno.LIBCMT ref: 00007FFDFB7C55A1

calloc.LIBCMT ref: 00007FFDFB6F24FE
free.LIBCMT ref: 00007FFDFB6F2511

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _errnocalloc$_calloc_implfree
String ID:
API String ID: 3866454138-0
Opcode ID: d0a7d7fc86d4a434f4f961f875527448c970b76fe99bbb170c4fd03ab25f859f
Instruction ID: 91e1dd116e3c185750014d718d25ede640b0ebbd42e4ed55077945846617372d
Opcode Fuzzy Hash: d0a7d7fc86d4a434f4f961f875527448c970b76fe99bbb170c4fd03ab25f859f
Instruction Fuzzy Hash: A0511A33605B8282D750DF20E4517AE33E8FB45F48F584938DE980BBA9DF38D5A1A724

Function 00007FFDFB702E10 Relevance: 9.4, APIs: 6, Instructions: 438COMMON

Download Yara Rule

APIs

powf.LIBCMT ref: 00007FFDFB7035D3
expf.LIBCMT ref: 00007FFDFB70369B
expf.LIBCMT ref: 00007FFDFB7036F6

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: expf$powf
String ID:
API String ID: 1708648469-0
Opcode ID: fdc2551f88e3d402a1ad03bde36849fadebda3d65a3d91dfacf970641475a037
Instruction ID: 24f8dfc5a5c3acfbb625186046ef4454c730493078682501c6fe07e8e73ba340
Opcode Fuzzy Hash: fdc2551f88e3d402a1ad03bde36849fadebda3d65a3d91dfacf970641475a037
Instruction Fuzzy Hash: 0832A532A19BC696D752CF3794802A9B3A0FF5DB84F1C4732EE58265F9DB34A184DB10

Function 00007FFDFB7DE960 Relevance: 9.1, APIs: 6, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7DE986
_errno.LIBCMT ref: 00007FFDFB7DE97B

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

_errno.LIBCMT ref: 00007FFDFB7DEA16
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7DEA21

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
String ID:
API String ID: 1573762532-0
Opcode ID: cb544c575eda29c76cc76fb8de9a00df0e5431656775d818450adb669725862b
Instruction ID: ed4254aaec1d8b81fa74efc7629959fb22fe29739c59e7708ce3996ff066db64
Opcode Fuzzy Hash: cb544c575eda29c76cc76fb8de9a00df0e5431656775d818450adb669725862b
Instruction Fuzzy Hash: 7741E562F1E36381EF616B119160AB973A0EB98BE4F844035E6A8076FDDF2CD955C700

Function 00007FFDFB7CBE38 Relevance: 9.1, APIs: 6, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FFDFB7C4C8C: _getptd.LIBCMT ref: 00007FFDFB7C4CA2
Part of subcall function 00007FFDFB7C4C8C: __updatetlocinfo.LIBCMT ref: 00007FFDFB7C4CD7
Part of subcall function 00007FFDFB7C4C8C: __updatetmbcinfo.LIBCMT ref: 00007FFDFB7C4CFE

_errno.LIBCMT ref: 00007FFDFB7CBE87
_invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7CBE92

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: __updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
String ID:
API String ID: 2808835054-0
Opcode ID: 7e5352838a252dc88f05503d6b2b72c422c338484f1f7b3aad8f6a7926a4f3cf
Instruction ID: 134f1b7ee007aa1216ce70c51f28f59d12b993ec0c8f35c2c4e22719da27a544
Opcode Fuzzy Hash: 7e5352838a252dc88f05503d6b2b72c422c338484f1f7b3aad8f6a7926a4f3cf
Instruction Fuzzy Hash: F731AFB6B0975A9AE7209F119150A7DB6A4FB48BD0F144139FB68077F9CF78E8418B00

Function 00007FFDFB7CBD44 Relevance: 9.1, APIs: 6, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FFDFB7CBD90
_calloc_crt.LIBCMT ref: 00007FFDFB7CBDA9

Part of subcall function 00007FFDFB7D2268: _calloc_impl.LIBCMT ref: 00007FFDFB7D2296
Part of subcall function 00007FFDFB7D2268: Sleep.KERNEL32(?,?,?,00007FFDFB7D02A6,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7D22AD

WideCharToMultiByte.KERNEL32 ref: 00007FFDFB7CBDD7
__crtsetenv.LIBCMT ref: 00007FFDFB7CBDE8

Part of subcall function 00007FFDFB7D5B10: _errno.LIBCMT ref: 00007FFDFB7D5B39
Part of subcall function 00007FFDFB7D5B10: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7D5B44

free.LIBCMT ref: 00007FFDFB7CBDFB

Part of subcall function 00007FFDFB7C55B8: HeapFree.KERNEL32(?,?,00000000,00007FFDFB7D02DE,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7C55CE
Part of subcall function 00007FFDFB7C55B8: _errno.LIBCMT ref: 00007FFDFB7C55D8
Part of subcall function 00007FFDFB7C55B8: GetLastError.KERNEL32(?,?,00000000,00007FFDFB7D02DE,?,?,00000000,00007FFDFB7C5EF1,?,?,?,?,00007FFDFB7C5696,?,?,00000000), ref: 00007FFDFB7C55E0

free.LIBCMT ref: 00007FFDFB7CBE2D

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: ByteCharMultiWide_errnofree$ErrorFreeHeapLastSleep__crtsetenv_calloc_crt_calloc_impl_invalid_parameter_noinfo
String ID:
API String ID: 2386806420-0
Opcode ID: a24ff8d20406d98eb0b0fc6edf5af700fb4362a541eb14922819069ebac0320a
Instruction ID: 898ef7acf4092d8c3e8b04b5e4242a4dd1cb5317887fc0319f7393c96e37d010
Opcode Fuzzy Hash: a24ff8d20406d98eb0b0fc6edf5af700fb4362a541eb14922819069ebac0320a
Instruction Fuzzy Hash: 7F214162B1AB4686EB50CB51E46473AB391FF98B95F044638EA9D46BFDDF7CD0048700

Function 00007FFDFB7DDAC0 Relevance: 7.7, APIs: 5, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FFDFB7DDAE4

Part of subcall function 00007FFDFB7DD9C4: _errno.LIBCMT ref: 00007FFDFB7DD9CD
Part of subcall function 00007FFDFB7DD9C4: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7DD9D8

cvtdate.LIBCMT ref: 00007FFDFB7DDBC9
cvtdate.LIBCMT ref: 00007FFDFB7DDCCD
_invoke_watson.LIBCMT ref: 00007FFDFB7DDD63

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cvtdate$_errno_get_daylight_invalid_parameter_noinfo_invoke_watson
String ID:
API String ID: 1447642234-0
Opcode ID: 930788c0511e876fb9d1b6c3bae178df91865e2d3df05812356712d4aeda7236
Instruction ID: 248a4695ddaa9113e24f7419d2974279f671cdaa4efd2c2791446453fa6d7c49
Opcode Fuzzy Hash: 930788c0511e876fb9d1b6c3bae178df91865e2d3df05812356712d4aeda7236
Instruction Fuzzy Hash: 0881FC72B1D6538BE7648F15E450839FBA1FBD8780F14813AE69942ABCDBBCE5548F00

Function 00007FFDFB7CA9BC Relevance: 7.6, APIs: 5, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.LIBCMT ref: 00007FFDFB7CA9D9

Part of subcall function 00007FFDFB7D0460: _errno.LIBCMT ref: 00007FFDFB7D0469
Part of subcall function 00007FFDFB7D0460: _invalid_parameter_noinfo.LIBCMT ref: 00007FFDFB7D0474

_errno.LIBCMT ref: 00007FFDFB7CA9E9

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

_errno.LIBCMT ref: 00007FFDFB7CAA05
_isatty.LIBCMT ref: 00007FFDFB7CAA66
_getbuf.LIBCMT ref: 00007FFDFB7CAA72

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
String ID:
API String ID: 304646821-0
Opcode ID: 35ed1d0748665604b8cd426b0d2ad229d41b6410fdeee5ef6dc59a14ccd34ed1
Instruction ID: 21d0596cef2bedcac7c37e21cefe10f09b01cf1a9ce7871c3520a3c4fca39b51
Opcode Fuzzy Hash: 35ed1d0748665604b8cd426b0d2ad229d41b6410fdeee5ef6dc59a14ccd34ed1
Instruction Fuzzy Hash: 4441CEB2B1A74396E7149F28E462A7D36A0EB84B95F144239DA6D473FDDE2CE840C740

Function 00007FFDFB7D928C Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00007FFDFB7D929D

Part of subcall function 00007FFDFB7C5EE8: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5EEC

__doserrno.LIBCMT ref: 00007FFDFB7D9295

Part of subcall function 00007FFDFB7C5E78: _getptd_noexit.LIBCMT ref: 00007FFDFB7C5E7C

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: 8ec86cb927d3f0bf9b5d16bdc62024f4cab3035cb0610db295f80182dd7717eb
Instruction ID: 4359ab3947a01dd772598a022219810cbd787c2e12c87e92bf950c238c05dae1
Opcode Fuzzy Hash: 8ec86cb927d3f0bf9b5d16bdc62024f4cab3035cb0610db295f80182dd7717eb
Instruction Fuzzy Hash: 9401ADB2F2EB0749EB056B14C8A1BBC72516FA9BA1F948334C53D0A3FADF6D74448210

Function 00007FFDFB6F21D0 Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

free.LIBCMT ref: 00007FFDFB6F2231
free.LIBCMT ref: 00007FFDFB6F2271
free.LIBCMT ref: 00007FFDFB6F228F
fclose.LIBCMT ref: 00007FFDFB6F22E6

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: free$fclose
String ID:
API String ID: 2681820439-0
Opcode ID: 108c3f415a55e3eb707ca68f88f7b2022268621ac9a073d40ea675219922cb88
Instruction ID: 077f2a8d3402b810d35bd9a4186a1c714946d4729d29e25256fb51453602601e
Opcode Fuzzy Hash: 108c3f415a55e3eb707ca68f88f7b2022268621ac9a073d40ea675219922cb88
Instruction Fuzzy Hash: D651F932716B9581EB10DF2AD09066C77A4F788F98F184126EB9D4B7A8CF35D892C790

Function 00007FFDFB7DA2B8 Relevance: 6.1, APIs: 4, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

_isleadbyte_l.LIBCMT ref: 00007FFDFB7DA34A
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFDFB7DB342), ref: 00007FFDFB7DA389
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFDFB7DB342), ref: 00007FFDFB7DA3D7
_errno.LIBCMT ref: 00007FFDFB7DA3E1

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: ByteCharMultiWide$_errno_isleadbyte_l
String ID:
API String ID: 693119720-0
Opcode ID: 696913fabc95edca3358c3209232512cb088cb9f23729fb29a498da79662b34c
Instruction ID: 41b139aa60a3e0e49c93274e408bbe9120c9306d5e00525ca47697a660a1469f
Opcode Fuzzy Hash: 696913fabc95edca3358c3209232512cb088cb9f23729fb29a498da79662b34c
Instruction Fuzzy Hash: 4B41713271A78386E7608B15D190A3977A6FB88BC0F144135EBA957BF9DE38E9458700

Function 00007FFDFB6C08D5 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf
String ID:
API String ID: 3160392742-3916222277
Opcode ID: 4e99629933c89068668fbafdf8b84dc1db5688a563963e5d8d546c21ed3a777a
Instruction ID: 6ef8727859c879b579b4ca958e4009b8dede8c211cc2f4dc5e015f77a5d0d92e
Opcode Fuzzy Hash: 4e99629933c89068668fbafdf8b84dc1db5688a563963e5d8d546c21ed3a777a
Instruction Fuzzy Hash: FD0239B2F1A78A86E711DB3680517F8B350FF59789F149332DA2D266F9DB38A081C700

Function 00007FFDFB6C08CF Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf
String ID:
API String ID: 3160392742-3916222277
Opcode ID: 2f085247c3544add8112bb4764a9537a8a2b2b44b403aa52b5e4c1d0dbcc7ac3
Instruction ID: c1bebb1764ba90886ddcfa8194a462ba01c5b92b9b7f9acadb74c2c0d24e9790
Opcode Fuzzy Hash: 2f085247c3544add8112bb4764a9537a8a2b2b44b403aa52b5e4c1d0dbcc7ac3
Instruction Fuzzy Hash: F50229B2F1A78A86E7119B3680517F8B350FF59789F149332DA2D266F9DB38A485C700

Function 00007FFDFB6C08B0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf
String ID:
API String ID: 3160392742-3916222277
Opcode ID: 6b9e48bce4dd564b645f08cec95b38896f8c0935424526920958d0372f1359d0
Instruction ID: 904cae814b3206c4ce97527abf2c42de5df41623c1d9b9af27da40f166b9b9ec
Opcode Fuzzy Hash: 6b9e48bce4dd564b645f08cec95b38896f8c0935424526920958d0372f1359d0
Instruction Fuzzy Hash: F70239B2F1A78A86E711DB3680517F8B350FF59789F149332DA2D266F9DB38A081C700

Function 00007FFDFB6C08A6 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf
String ID:
API String ID: 3160392742-3916222277
Opcode ID: 6457c141fc328de7455f394615bfa569a0097b361a7db34244dc34ae07edb811
Instruction ID: 4cbc7fdcc4a9614f1f6815378cd895b5e38312cc6a5cfe688b7935e30af3c447
Opcode Fuzzy Hash: 6457c141fc328de7455f394615bfa569a0097b361a7db34244dc34ae07edb811
Instruction Fuzzy Hash: 340229B2F1A78A86E711DB3680517F8B350FF59789F149332DA2D266F9DB38A485C700

Function 00007FFDFB6C089C Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf
String ID:
API String ID: 3160392742-3916222277
Opcode ID: 6398b1d9df5bbab5bb5690c94f73c294d9bd5313bceb62614fd7a41f0cf4bf16
Instruction ID: 95bf427950a9237fa56f5d496194d604ca89b9b82b4863012f8c281ccd3cbb40
Opcode Fuzzy Hash: 6398b1d9df5bbab5bb5690c94f73c294d9bd5313bceb62614fd7a41f0cf4bf16
Instruction Fuzzy Hash: ED0239B2F1A78A86E711DB3680517F8B350FF59789F149332DA2D266F9DB38A081C700

Function 00007FFDFB6C0892 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

cosf.LIBCMT ref: 00007FFDFB6C090C
sinf.LIBCMT ref: 00007FFDFB6C0917

Strings

, xrefs: 00007FFDFB6C13F9

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: cosfsinf
String ID:
API String ID: 3160392742-3916222277
Opcode ID: 7256ee710f511ddc66509c85e73465f3895d0c79326bc58eeb99aa304a6f0ad1
Instruction ID: 98f7fbe22d79b57c461698aa1e777b3c860bf2fb86b6be412e9f34ebf603c59d
Opcode Fuzzy Hash: 7256ee710f511ddc66509c85e73465f3895d0c79326bc58eeb99aa304a6f0ad1
Instruction Fuzzy Hash: B10229B2F1A78A86E711DB3680517F8B350FF59789F149332DA2D266F9DB38A485C700

Function 00007FFDFB7C13F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

_wassert.LIBCMT ref: 00007FFDFB7C14B8

Strings

0 == dspsBlockSize % 2, xrefs: 00007FFDFB7C14AB
..\..\..\src\pl2_encode_subroutine.c, xrefs: 00007FFDFB7C14A4

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _wassert
String ID: ..\..\..\src\pl2_encode_subroutine.c$0 == dspsBlockSize % 2
API String ID: 3234217646-1000197177
Opcode ID: 4d36218ff8500c2bf89829a00a3edff875a89c2d608e168150e23077c162806d
Instruction ID: eafde79c5a4aedd8488cad8383fb84dd4490d1ea1e7fad7b44d9076f6f306efd
Opcode Fuzzy Hash: 4d36218ff8500c2bf89829a00a3edff875a89c2d608e168150e23077c162806d
Instruction Fuzzy Hash: 1651B822A24FCD84D3128B3A94425F5B3A0FF7E395F1DD712FE5422671EB25A592D700

Function 00007FFDFB7C1110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

_wassert.LIBCMT ref: 00007FFDFB7C11A7

Strings

..\..\..\src\pl2_encode_subroutine.c, xrefs: 00007FFDFB7C1193
0 == dspsBlockSize % 2, xrefs: 00007FFDFB7C119A

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _wassert
String ID: ..\..\..\src\pl2_encode_subroutine.c$0 == dspsBlockSize % 2
API String ID: 3234217646-1000197177
Opcode ID: 02d53ebe6611131c35216c4ff81e676e1c937283c651944499320661acdc989c
Instruction ID: 62677dc2d5ffcbc5838424dde52501781493acf3227cdcfec8724a1bb365fba9
Opcode Fuzzy Hash: 02d53ebe6611131c35216c4ff81e676e1c937283c651944499320661acdc989c
Instruction Fuzzy Hash: D641A322A24F8986D3128B3798416F9B360FF6D785F19D722EF58236B4DB35E582C700

Function 00007FFDFB7C1290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

APIs

_wassert.LIBCMT ref: 00007FFDFB7C131C

Strings

0 == dspsBlockSize % 2, xrefs: 00007FFDFB7C130F
..\..\..\src\pl2_encode_subroutine.c, xrefs: 00007FFDFB7C1308

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _wassert
String ID: ..\..\..\src\pl2_encode_subroutine.c$0 == dspsBlockSize % 2
API String ID: 3234217646-1000197177
Opcode ID: ba859c02d8599028b0daa70bec84deb333e79eb210a3e18e72580916a6e25cd8
Instruction ID: 69e98335ebcd8cf64e48859732228717283efb217583aea53d7cc9aae49f1d10
Opcode Fuzzy Hash: ba859c02d8599028b0daa70bec84deb333e79eb210a3e18e72580916a6e25cd8
Instruction Fuzzy Hash: F831A822B24F8995D3118B3794411FAB360FFAD795F19D322EE58237B4DB35E5528700

Function 00007FFDFB7CA38C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_handle_errorf.LIBCMT ref: 00007FFDFB7CA42C

Strings

!, xrefs: 00007FFDFB7CA3E4
cosf, xrefs: 00007FFDFB7CA38C

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _handle_errorf
String ID: !$cosf
API String ID: 2315412904-2208875612
Opcode ID: 63606d15fc3c2f1deeb4b1b6ca406c493bc4a7ca203522b4a1feb5f77963e258
Instruction ID: cd746cfdc11b99dd1ee803d2ecd0b5ed93f5a3dfc34209b318ce29f8094a1b5a
Opcode Fuzzy Hash: 63606d15fc3c2f1deeb4b1b6ca406c493bc4a7ca203522b4a1feb5f77963e258
Instruction Fuzzy Hash: EF11A372A2874287F3148B2AA46177AB650FBD4384F604328F79546AFDDB7CD1855F00

Function 00007FFDFB7CA43C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

_handle_errorf.LIBCMT ref: 00007FFDFB7CA42C

Strings

!, xrefs: 00007FFDFB7CA3E4
sinf, xrefs: 00007FFDFB7CA43C

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: _handle_errorf
String ID: !$sinf
API String ID: 2315412904-676365165
Opcode ID: d6c4bf276b7ffb7312a701024eddb8b761c0c97b1e16a54095582b3cc0a38f5d
Instruction ID: 482260a2374f5428ecd51d6e4880cfdec61cbd1210f16725de16eaa5faaad629
Opcode Fuzzy Hash: d6c4bf276b7ffb7312a701024eddb8b761c0c97b1e16a54095582b3cc0a38f5d
Instruction Fuzzy Hash: D001B572A2878283F310CB2AA45577AB650FBD5388F304329E785066FCCB7CD1815F00

Function 00007FFDFB76A180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FFDFB76A196
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FFDFB75B670,?,?,?,00007FFDFB6C1DB4), ref: 00007FFDFB76A19F

Strings

c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\platforms\win\src\fmod_os_misc.cpp, xrefs: 00007FFDFB76A1B1

Memory Dump Source

Source File: 00000000.00000002.2941168327.00007FFDFB6B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB6B0000, based on PE: true

Associated: 00000000.00000002.2941154875.00007FFDFB6B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941258987.00007FFDFB7E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941305409.00007FFDFB83A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941322949.00007FFDFB848000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941336451.00007FFDFB84A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941358941.00007FFDFB887000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941372388.00007FFDFB88C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2941385549.00007FFDFB88F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffdfb6b0000_loaddll64.jbxd

Similarity

API ID: CriticalCurrentDeleteSectionThread
String ID: c:\jk\workspace\Build__1.10__API_Win\lowlevel_api\platforms\win\src\fmod_os_misc.cpp
API String ID: 2940376874-1608996347
Opcode ID: 76344774ecde4ceb1c81590bfa67d70b62bd4f3ba7390e471a7c5522e55a4519
Instruction ID: d374f4f2927589b3af15e23434c29aa0ffe76a0bc5a535e99ad21daa72df0722
Opcode Fuzzy Hash: 76344774ecde4ceb1c81590bfa67d70b62bd4f3ba7390e471a7c5522e55a4519
Instruction Fuzzy Hash: 01F0A721B1A74784EB645B55F8658783361AF84B94F144131D97E072F8CE3CD4418300

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_ccc1499d82c3e9f50af50449f33cd95c7475ef4_d75f6fa5_4a6e13e4-4fef-4bbb-a02c-ad0174be252a\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_ccc1499d82c3e9f50af50449f33cd95c7475ef4_d75f6fa5_5050f8e1-bcce-43f1-99c7-0a844c8f0f94\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF9E.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFAD.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB06A.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB099.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0C9.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0D8.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Network Port Distribution

UDP Packets

Windows Analysis Report
file.dll