Edit tour

Windows Analysis Report
Arc.exe

Overview

General Information

Sample name:	Arc.exe
Analysis ID:	1546106
MD5:	9efbd1e945b18f274d9c5a620d5fe7d5
SHA1:	7eceb65d872d41fe856e0b0857ce26555a208966
SHA256:	f4a276a1a1ac31ef87549648b5c71f2a637bd354efe265fdd60b505d7888424f

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Program does not show much activity (idle)

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

Arc.exe (PID: 7952 cmdline: "C:\Users\user\Desktop\Arc.exe" MD5: 9EFBD1E945B18F274D9C5A620D5FE7D5)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T14:10:39.091987+0100	2022930	1	A Network Trojan was detected	52.149.20.212	443	192.168.2.10	49767	TCP
2024-10-31T14:11:17.276962+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.10	49910	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Arc.exe

Static PE information: certificate valid

Source: Arc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:

Binary string: Arc.exe.pdb source: Arc.exe

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1AF940 FindNextFileW,GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW,

6_2_00007FF7DF1AF940

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.10:49767
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.10:49910

Source: Arc.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Arc.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Arc.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Arc.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Arc.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0#
Source: Arc.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Arc.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Arc.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Arc.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: Arc.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Arc.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Arc.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Arc.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Arc.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Arc.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: Arc.exe	String found in binary or memory: https://www.globalsign.com/repository/0

Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF26508C	6_2_00007FF7DF26508C
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2490BC	6_2_00007FF7DF2490BC
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1AC0D0	6_2_00007FF7DF1AC0D0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1F40A0	6_2_00007FF7DF1F40A0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF294110	6_2_00007FF7DF294110
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF205100	6_2_00007FF7DF205100
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF24BF30	6_2_00007FF7DF24BF30
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1A0F80	6_2_00007FF7DF1A0F80
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF23FF78	6_2_00007FF7DF23FF78
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B5F90	6_2_00007FF7DF1B5F90
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF265F78	6_2_00007FF7DF265F78
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF256F84	6_2_00007FF7DF256F84
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF240F70	6_2_00007FF7DF240F70
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF229F60	6_2_00007FF7DF229F60
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF191000	6_2_00007FF7DF191000
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1F1010	6_2_00007FF7DF1F1010
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B4E40	6_2_00007FF7DF1B4E40
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF202E20	6_2_00007FF7DF202E20
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF25EE30	6_2_00007FF7DF25EE30
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF194EB0	6_2_00007FF7DF194EB0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF23EEF0	6_2_00007FF7DF23EEF0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B6EF0	6_2_00007FF7DF1B6EF0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1F1EF0	6_2_00007FF7DF1F1EF0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF245D90	6_2_00007FF7DF245D90
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF240D6C	6_2_00007FF7DF240D6C
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF242D74	6_2_00007FF7DF242D74
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF20ADA0	6_2_00007FF7DF20ADA0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1A6E00	6_2_00007FF7DF1A6E00
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF201DE0	6_2_00007FF7DF201DE0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF21EC40	6_2_00007FF7DF21EC40
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF19DC20	6_2_00007FF7DF19DC20
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1FAC20	6_2_00007FF7DF1FAC20
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF20FC30	6_2_00007FF7DF20FC30
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1AAC30	6_2_00007FF7DF1AAC30
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1A9C30	6_2_00007FF7DF1A9C30
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF229C20	6_2_00007FF7DF229C20
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF244CC4	6_2_00007FF7DF244CC4
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF22ACA0	6_2_00007FF7DF22ACA0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF21CCF6	6_2_00007FF7DF21CCF6
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C2B50	6_2_00007FF7DF1C2B50
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF20DB40	6_2_00007FF7DF20DB40
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF22CB60	6_2_00007FF7DF22CB60
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C3BD0	6_2_00007FF7DF1C3BD0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1BEBB0	6_2_00007FF7DF1BEBB0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF228A50	6_2_00007FF7DF228A50
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF25EA38	6_2_00007FF7DF25EA38
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF205A20	6_2_00007FF7DF205A20
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1F2A20	6_2_00007FF7DF1F2A20
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF191A90	6_2_00007FF7DF191A90
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1BDA90	6_2_00007FF7DF1BDA90
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C7A90	6_2_00007FF7DF1C7A90
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF195A60	6_2_00007FF7DF195A60
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF24DACC	6_2_00007FF7DF24DACC
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF293AD0	6_2_00007FF7DF293AD0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF244AB8	6_2_00007FF7DF244AB8
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1BCB10	6_2_00007FF7DF1BCB10
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF217940	6_2_00007FF7DF217940
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF23E940	6_2_00007FF7DF23E940
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF20E960	6_2_00007FF7DF20E960
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C59B0	6_2_00007FF7DF1C59B0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1EB9B0	6_2_00007FF7DF1EB9B0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2159F0	6_2_00007FF7DF2159F0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF23F9E0	6_2_00007FF7DF23F9E0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1E9890	6_2_00007FF7DF1E9890
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2638CC	6_2_00007FF7DF2638CC
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2448AC	6_2_00007FF7DF2448AC
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF296750	6_2_00007FF7DF296750
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF25E750	6_2_00007FF7DF25E750
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B7750	6_2_00007FF7DF1B7750
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B9730	6_2_00007FF7DF1B9730
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF21B720	6_2_00007FF7DF21B720
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF214780	6_2_00007FF7DF214780
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF241780	6_2_00007FF7DF241780
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1FD7A0	6_2_00007FF7DF1FD7A0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2467B0	6_2_00007FF7DF2467B0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF19A7E0	6_2_00007FF7DF19A7E0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF19D7F0	6_2_00007FF7DF19D7F0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2197E0	6_2_00007FF7DF2197E0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF19E640	6_2_00007FF7DF19E640
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1BB640	6_2_00007FF7DF1BB640
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF216650	6_2_00007FF7DF216650
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF202620	6_2_00007FF7DF202620
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF20962E	6_2_00007FF7DF20962E
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1A1670	6_2_00007FF7DF1A1670
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B2670	6_2_00007FF7DF1B2670
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF294590	6_2_00007FF7DF294590
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C6590	6_2_00007FF7DF1C6590
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF24157C	6_2_00007FF7DF24157C
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF204560	6_2_00007FF7DF204560
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1A95C0	6_2_00007FF7DF1A95C0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B35C0	6_2_00007FF7DF1B35C0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2035C0	6_2_00007FF7DF2035C0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1955B0	6_2_00007FF7DF1955B0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C5440	6_2_00007FF7DF1C5440
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C2490	6_2_00007FF7DF1C2490
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1F5490	6_2_00007FF7DF1F5490
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF19F460	6_2_00007FF7DF19F460
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1C4460	6_2_00007FF7DF1C4460
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1AF510	6_2_00007FF7DF1AF510
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B4340	6_2_00007FF7DF1B4340
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF22D350	6_2_00007FF7DF22D350
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF22E330	6_2_00007FF7DF22E330
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF241378	6_2_00007FF7DF241378
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1B93C0	6_2_00007FF7DF1B93C0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1E3400	6_2_00007FF7DF1E3400
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF24724E	6_2_00007FF7DF24724E
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF194250	6_2_00007FF7DF194250
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF213230	6_2_00007FF7DF213230
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1E8230	6_2_00007FF7DF1E8230
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF19B290	6_2_00007FF7DF19B290
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF217270	6_2_00007FF7DF217270
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1972B7	6_2_00007FF7DF1972B7
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1E72B0	6_2_00007FF7DF1E72B0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2002B0	6_2_00007FF7DF2002B0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF2462A4	6_2_00007FF7DF2462A4
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1BA300	6_2_00007FF7DF1BA300
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF241174	6_2_00007FF7DF241174
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF26A160	6_2_00007FF7DF26A160
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1EC1C0	6_2_00007FF7DF1EC1C0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1A61E0	6_2_00007FF7DF1A61E0
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF1BD1E0	6_2_00007FF7DF1BD1E0

Source: C:\Users\user\Desktop\Arc.exe

Code function: String function: 00007FF7DF1AECE0 appears 31 times

Source: Arc.exe	Binary string: \Device\DeviceApi
Source: Arc.exe	Binary string: PathSystemDriveSystemRootTEMPTMPLOCALAPPDATACHROME_CRASHPAD_PIPE_NAMEprocessIdtaglockdownLeveljobLeveldesiredIntegrityLeveldesiredMitigationsplatformMitigationscomponentFiltersappContainerSidappContainerCapabilitiesappContainerInitialCapabilitieslowboxSidpolicyRulesdisabledenableddisconnectCsrsszeroAppShimhandlesToCloseLockdownLimitedInteractiveRestricted Same AccessRestricted Non AdminUnknownLimited UserUnprotectedS-1-16-16384 SystemS-1-16-12288 HighS-1-16-8192 MediumS-1-16-6144 Medium LowS-1-16-4096 LowS-1-16-2048 Below LowS-1-16-0 UntrustedDefault%016llx%016llx%016llx%08lx -> !(p[%d] == %xp[%d] == %pp[%d] & %x(p[%d], '%ls') \|\| && exactprefixscanendserroraskusererdenyalarmfakeSuccessfakeDeniedUnusedPing1Ping2NtOpenFileNtSetInfoRenameGdiDllInitializeGetStockObjectRegisterClassWCreateThread*\windows_shell_global_counters\Device\DeviceApi\Device\KsecDDALPC Port;
Source: Arc.exe	Binary string: \Device\KsecDD

Source: classification engine

Classification label: clean3.winEXE@1/0@0/0

Source: Arc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Arc.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Arc.exe

Section loaded: chrome_elf.dll

Jump to behavior

Source: Arc.exe

Static PE information: certificate valid

Source: Arc.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Arc.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Arc.exe

Static file information: File size 1424728 > 1048576

Source: Arc.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x110e00

Source: Arc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: Arc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: Arc.exe.pdb source: Arc.exe

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1F3A20 LoadLibraryW,GetProcAddress,

6_2_00007FF7DF1F3A20

Source: Arc.exe	Static PE information: section name: .gxfg
Source: Arc.exe	Static PE information: section name: .retplne
Source: Arc.exe	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1FD7A0 rdtsc

6_2_00007FF7DF1FD7A0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1AF940 FindNextFileW,GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW,

6_2_00007FF7DF1AF940

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1FD7A0 rdtsc

6_2_00007FF7DF1FD7A0

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF19CC90 GetCurrentThread,IsDebuggerPresent,GetModuleHandleW,GetProcAddress,GetCurrentThreadId,RaiseException,

6_2_00007FF7DF19CC90

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1F3A20 LoadLibraryW,GetProcAddress,

6_2_00007FF7DF1F3A20

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF29A690 GetProcessHeaps,GetProcessHeaps,GetProcessHeaps,

6_2_00007FF7DF29A690

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF23AF28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		6_2_00007FF7DF23AF28
Source: C:\Users\user\Desktop\Arc.exe	Code function: 6_2_00007FF7DF24F278 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_00007FF7DF24F278

Source: C:\Users\user\Desktop\Arc.exe	Code function: EnumSystemLocalesW,	6_2_00007FF7DF261FBC
Source: C:\Users\user\Desktop\Arc.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	6_2_00007FF7DF261CBC
Source: C:\Users\user\Desktop\Arc.exe	Code function: GetLocaleInfoW,	6_2_00007FF7DF25CCC4
Source: C:\Users\user\Desktop\Arc.exe	Code function: GetCurrentProcess,EnumSystemLocalesEx,HeapDestroy,	6_2_00007FF7DF296B50
Source: C:\Users\user\Desktop\Arc.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_00007FF7DF262568
Source: C:\Users\user\Desktop\Arc.exe	Code function: EnumSystemLocalesW,	6_2_00007FF7DF25D4F8
Source: C:\Users\user\Desktop\Arc.exe	Code function: EnumSystemLocalesW,	6_2_00007FF7DF2622D8

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF1B0D10 GetModuleHandleW,GetProcAddress,GetSystemTimeAsFileTime,

6_2_00007FF7DF1B0D10

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF264234 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

6_2_00007FF7DF264234

Source: C:\Users\user\Desktop\Arc.exe

Code function: 6_2_00007FF7DF231970 GetVersionExW,GetProductInfo,GetNativeSystemInfo,

6_2_00007FF7DF231970

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	3 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Arc.exe	0%	ReversingLabs

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546106
Start date and time:	2024-10-31 14:09:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Arc.exe
Detection:	CLEAN
Classification:	clean3.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 181
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Arc.exe, PID 7952 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: Arc.exe

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.465733659796907
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Arc.exe
File size:	1'424'728 bytes
MD5:	9efbd1e945b18f274d9c5a620d5fe7d5
SHA1:	7eceb65d872d41fe856e0b0857ce26555a208966
SHA256:	f4a276a1a1ac31ef87549648b5c71f2a637bd354efe265fdd60b505d7888424f
SHA512:	93fb0e5b46c87995ec3074dbd08d598f52918bd5b9e7792e16b0a4f46b063bbc97b38f3359bce5ebd0cd36959bc2c6cc99e555d4ffc814ebcdd645dbc1f611aa
SSDEEP:	24576:FwPZwgn53r2fCYJlTyWxaAOvKop/bqYmgN/u1xZbre89f:FqN5jYmWkAEKKbiGuBXf
TLSH:	92658C07F2D900D8D06AC175CB568636EAB2BC420734AAEF06A0B6592F77EE45F3D711
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......g.........."..........z......0..........@..........................................`........................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1400ac230
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x670FB806 [Wed Oct 16 12:56:38 2024 UTC]
TLS Callbacks:	0x40019280, 0x1, 0x400abae0, 0x1, 0x4003bf70, 0x1, 0x400ab1d0, 0x1, 0x40053e20, 0x1, 0x40062ff0, 0x1
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	99d45b9f942bc9db0baf9c1a6678f7e4

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	02/06/2023 14:12:28 02/06/2026 14:12:28
Subject Chain	E=hello@thebrowser.company, CN=THE BROWSER COMPANY OF NEW YORK INC., O=THE BROWSER COMPANY OF NEW YORK INC., STREET=295 LAFAYETTE STREET, L=New York, S=New York, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=7571542, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	F603633817F431ACDC90E8F5724C4A9C
Thumbprint SHA-1:	308A6E7467D2FCC6CAFA5D5F21348C2E9900635D
Thumbprint SHA-256:	98826F51C6D1A6D6B1AAACF11FABC2FDD07339796829CE55D402D9273E5FA071
Serial:	4B50A5F9C411FB81406E3AC2

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F4B30AFB320h
dec eax
add esp, 28h
jmp 00007F4B30AFB18Fh
int3
int3
dec eax
mov dword ptr [esp+18h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 30h
dec eax
mov eax, dword ptr [00092DE8h]
dec eax
mov ebx, 2DDFA232h
cdq
sub eax, dword ptr [eax]
add byte ptr [eax+3Bh], cl
ret
jne 00007F4B30AFB386h
dec eax
and dword ptr [ebp+10h], 00000000h
dec eax
lea ecx, dword ptr [ebp+10h]
call dword ptr [000888FAh]
dec eax
mov eax, dword ptr [ebp+10h]
dec eax
mov dword ptr [ebp-10h], eax
call dword ptr [000887DCh]
mov eax, eax
dec eax
xor dword ptr [ebp-10h], eax
call dword ptr [000887B8h]
mov eax, eax
dec eax
lea ecx, dword ptr [ebp+18h]
dec eax
xor dword ptr [ebp-10h], eax
call dword ptr [00088A00h]
mov eax, dword ptr [ebp+18h]
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
shl eax, 20h
dec eax
xor eax, dword ptr [ebp+18h]
dec eax
xor eax, dword ptr [ebp-10h]
dec eax
xor eax, ecx
dec eax
mov ecx, FFFFFFFFh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1341e7	0x69	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x134250	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x158000	0x7bcc	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x158e00	0x2f58	.pdata
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x166000	0x1628	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x132a2c	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x132900	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1120f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1348b8	0x618	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x1338a8	0x120	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x110c86	0x110e00	7952528d9824b1ec357965967ed821b5	False	0.5083636337608796	data	6.554091949322757	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x112000	0x2c874	0x2ca00	473414c046e18a3d4c47b9bc40d54af7	False	0.39854144782913165	data	5.335833860965855	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x13f000	0x18564	0xea00	215a5ca9c05822c44aee234fc711e414	False	0.029430422008547008	data	1.2725824236951675	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x158000	0x7bcc	0x7c00	98e551c5682a964236833e7533493bba	False	0.5199092741935484	data	5.954097064208307	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gxfg	0x160000	0x2c70	0x2e00	dcc619476a65cd21c1e950f3fec77e7a	False	0.40837296195652173	data	5.117168021903965	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.retplne	0x163000	0x8c	0x200	8c950f651287cbc1296bcb4e8cd7e990	False	0.126953125	data	1.050583247971927
.tls	0x164000	0x1c1	0x200	b002408e53c6103e2aba29120595f88c	False	0.068359375	data	0.2951446603346658	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA	0x165000	0x1f4	0x200	178f984fc751ccb0eab5bc7650201995	False	0.51953125	data	4.187722159546528	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x166000	0x1628	0x1800	700a2bd027859aefdf7440f9c86af5da	False	0.4098307291666667	data	5.302132720948706	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
chrome_elf.dll	IsExtensionPointDisableSet
KERNEL32.dll	AcquireSRWLockExclusive, AssignProcessToJobObject, CloseHandle, CompareStringW, ContinueDebugEvent, CreateDirectoryW, CreateEventW, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexW, CreateProcessW, CreateRemoteThread, CreateThread, DebugActiveProcess, DebugBreak, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesEx, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FlushInstructionCache, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessMitigationPolicy, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetVersionExW, GetWindowsDirectoryW, GlobalMemoryStatusEx, HeapDestroy, HeapSetInformation, InitOnceExecuteOnce, InitializeCriticalSectionAndSpinCount, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, MapViewOfFile, MultiByteToWideChar, OpenThread, OutputDebugStringA, PostQueuedCompletionStatus, PrefetchVirtualMemory, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, RemoveDirectoryW, RemoveVectoredExceptionHandler, ResetEvent, RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetDefaultDllDirectories, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetProcessMitigationPolicy, SetProcessShutdownParameters, SetStdHandle, SetThreadAffinityMask, SetThreadContext, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SwitchToThread, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, WaitForDebugEvent, WaitForSingleObject, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, WriteProcessMemory
ntdll.dll	RtlInitUnicodeString, RtlNtStatusToDosError

Exports

Name	Ordinal	Address
GetHandleVerifier	1	0x140039180
IsSandboxedProcess	2	0x1400583d0

Target ID:	6
Start time:	09:10:20
Start date:	31/10/2024
Path:	C:\Users\user\Desktop\Arc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Arc.exe"
Imagebase:	0x7ff7df190000
File size:	1'424'728 bytes
MD5 hash:	9EFBD1E945B18F274D9C5A620D5FE7D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 00007FF7DF20962E Relevance: 71.3, APIs: 32, Strings: 8, Instructions: 1322synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DF20969E
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF209726
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF209742
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF209A9B
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF209AB7
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF209B94

Part of subcall function 00007FF7DF20ADA0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20AE8B

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF209DB7

Strings

enable-background-thread-pool, xrefs: 00007FF7DF20A37B
I, xrefs: 00007FF7DF20ACD7
WorkerThread dead, xrefs: 00007FF7DF20ACB1
TimedWait, xrefs: 00007FF7DF209E24
WaitableEvent::Wait Complete, xrefs: 00007FF7DF20AAD3
..\..\base\synchronization\waitable_event.cc, xrefs: 00007FF7DF209E2B
ScopedBlockingCallWithBaseSyncPrimitives, xrefs: 00007FF7DF20AA9A
WorkerThread active, xrefs: 00007FF7DF20A970, 00007FF7DF20A9F3, 00007FF7DF20AC6B

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$CounterPerformanceQueryRelease$ObjectSingleWait
String ID: ..\..\base\synchronization\waitable_event.cc$I$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait$WaitableEvent::Wait Complete$WorkerThread active$WorkerThread dead$enable-background-thread-pool
API String ID: 2913739204-4229254980
Opcode ID: 4eb425b01b413708a2a871a5ade669827587f11a6df38756b458dff6ca311214
Instruction ID: 14ff77c62d2385b474a40a399bcdfa009e2d456e626ea10ba5a38dcacad81c38
Opcode Fuzzy Hash: 4eb425b01b413708a2a871a5ade669827587f11a6df38756b458dff6ca311214
Instruction Fuzzy Hash: E8D27C22A09AC681EA61AB15E4543FDB3A1FB85B94FC40237DA9E17B95DF3CF045C720

Function 00007FF7DF1FD7A0 Relevance: 45.4, APIs: 11, Strings: 14, Instructions: 1657threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF7DF1FDCC7
QueryThreadCycleTime.KERNEL32 ref: 00007FF7DF1FDCD8

Strings

`, xrefs: 00007FF7DF1FDD82
..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc, xrefs: 00007FF7DF1FF1F3
PERFETTO_CHECK(writer_), xrefs: 00007FF7DF1FF351
Z, xrefs: 00007FF7DF1FDB24
PERFETTO_CHECK(false), xrefs: 00007FF7DF1FF267
..\..\third_party\perfetto\src\protozero\scattered_heap_buffer.cc, xrefs: 00007FF7DF1FF33C
Static buffer too small (errno: %d, %s), xrefs: 00007FF7DF1FF30B
..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h, xrefs: 00007FF7DF1FF252
%s (errno: %d, %s), xrefs: 00007FF7DF1FF214, 00007FF7DF1FF273, 00007FF7DF1FF2C5, 00007FF7DF1FF35D, 00007FF7DF1FF51D
..\..\third_party\perfetto\src\base\time.cc, xrefs: 00007FF7DF1FF2A4, 00007FF7DF1FF4FC
PERFETTO_CHECK(tsc_now >= tsc_initial), xrefs: 00007FF7DF1FF511
PERFETTO_CHECK(perf_counter_now >= perf_counter_initial), xrefs: 00007FF7DF1FF2B9
PERFETTO_CHECK(cur_packet_->is_finalized()), xrefs: 00007FF7DF1FF208
..\..\third_party\perfetto\src\protozero\static_buffer.cc, xrefs: 00007FF7DF1FF2F6

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Thread$CurrentCycleQueryTime
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h$..\..\third_party\perfetto\src\base\time.cc$..\..\third_party\perfetto\src\protozero\scattered_heap_buffer.cc$..\..\third_party\perfetto\src\protozero\static_buffer.cc$..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc$PERFETTO_CHECK(cur_packet_->is_finalized())$PERFETTO_CHECK(false)$PERFETTO_CHECK(perf_counter_now >= perf_counter_initial)$PERFETTO_CHECK(tsc_now >= tsc_initial)$PERFETTO_CHECK(writer_)$Static buffer too small (errno: %d, %s)$Z$`
API String ID: 2290024384-3214777499
Opcode ID: 8350adb64366d58f63085ce0798bd3cf6f21981fcf84e699890d70299e82d600
Instruction ID: a946caac594f732b5d6881068527b3edb1864aa98b89c576d35c12340352f4ae
Opcode Fuzzy Hash: 8350adb64366d58f63085ce0798bd3cf6f21981fcf84e699890d70299e82d600
Instruction Fuzzy Hash: CE037872A08BC585EB20AB15E4443EEB7A8FB85B84FD58136DB8D03795DF3AE454C720

Function 00007FF7DF1F40A0 Relevance: 37.3, APIs: 16, Strings: 5, Instructions: 535synchronizationCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F417E
WaitForSingleObject.KERNEL32 ref: 00007FF7DF1F41DF
WaitForSingleObject.KERNEL32 ref: 00007FF7DF1F4345
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F437E
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F43E6
GetLastError.KERNEL32 ref: 00007FF7DF1F4474
SetLastError.KERNEL32 ref: 00007FF7DF1F447E
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F44AC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F450F
SetLastError.KERNEL32 ref: 00007FF7DF1F4517
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F45BD
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,000F4240,?,?,7FFFFFFFFFFFFFEF), ref: 00007FF7DF1F46AC

Strings

TimedWait, xrefs: 00007FF7DF1F426F
<, xrefs: 00007FF7DF1F47D7
WaitableEvent::Wait Complete, xrefs: 00007FF7DF1F492A
..\..\base\synchronization\waitable_event.cc, xrefs: 00007FF7DF1F4276
ScopedBlockingCallWithBaseSyncPrimitives, xrefs: 00007FF7DF1F48F4

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CounterPerformanceQuery$ErrorLastObjectSingleWait$ExclusiveLock$AcquireRelease
String ID: ..\..\base\synchronization\waitable_event.cc$<$ScopedBlockingCallWithBaseSyncPrimitives$TimedWait$WaitableEvent::Wait Complete
API String ID: 1657068186-1564932974
Opcode ID: 8d6ff3f7cc79ae4cd4b4b981c7b277efa9f4aa57e247fe15d64d394d63e61481
Instruction ID: 89d434d335afd2afdb9d11e90257072ee99d889f854b21dad9840c084f82c9c6
Opcode Fuzzy Hash: 8d6ff3f7cc79ae4cd4b4b981c7b277efa9f4aa57e247fe15d64d394d63e61481
Instruction Fuzzy Hash: 10329F22A08AD681EB60AB15F4103FDE3A5FF85B94FC44237DA5E176A4DF7DE2458320

Function 00007FF7DF20ADA0 Relevance: 37.3, APIs: 24, Instructions: 1254COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20AE8B
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF20B352
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20BA95
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF20BABB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: a6a9b8b3b02c4572a87f3cc30567742616ddf411d8940a711bee78a67565db5f
Instruction ID: 5639083a04a3605ab54573efcc90eda5720b41ddabf76f4ecccaba5454edf788
Opcode Fuzzy Hash: a6a9b8b3b02c4572a87f3cc30567742616ddf411d8940a711bee78a67565db5f
Instruction Fuzzy Hash: DFD26B32A08AC186EA75AB19D4543FEA3A0FB94B84FC44132DA8D577A4DF3DF586C710

Function 00007FF7DF1AC0D0 Relevance: 35.7, APIs: 17, Strings: 3, Instructions: 687threadprocesssynchronizationCOMMON

Download Yara Rule

APIs

UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1AC419
SetHandleInformation.KERNEL32 ref: 00007FF7DF1AC479
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1AC4CA
CreateProcessW.KERNEL32 ref: 00007FF7DF1AC64C
DeleteProcThreadAttributeList.KERNEL32 ref: 00007FF7DF1AC71A
AssignProcessToJobObject.KERNEL32 ref: 00007FF7DF1ACB91
GetCurrentProcess.KERNEL32 ref: 00007FF7DF1ACC00
WaitForSingleObject.KERNEL32 ref: 00007FF7DF1ACC7C

Strings

LaunchProcess, xrefs: 00007FF7DF1AC309, 00007FF7DF1AC7FE, 00007FF7DF1ACB02, 00007FF7DF1ACC3D
, xrefs: 00007FF7DF1AC3DF
..\..\base\process\launch_win.cc, xrefs: 00007FF7DF1AC310, 00007FF7DF1AC805, 00007FF7DF1ACC44

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AttributeProcProcessThread$ObjectUpdate$AssignCreateCurrentDeleteHandleInformationListSingleWait
String ID: $..\..\base\process\launch_win.cc$LaunchProcess
API String ID: 2858375981-1289901061
Opcode ID: 2e6126ab35f9c1603f36d44ea061936b09068e6d502f18b143597dc471139ade
Instruction ID: 0ce52500be02cdfdf2494ec60e2d6e3631e6ac8cddd8c402b02aad68703c4720
Opcode Fuzzy Hash: 2e6126ab35f9c1603f36d44ea061936b09068e6d502f18b143597dc471139ade
Instruction Fuzzy Hash: C3628F22A096C281EB25AB25F5003FEB7A4FF84784FC44136DA8D47B95DF7DE1968720

Function 00007FF7DF1A6E00 Relevance: 34.3, APIs: 11, Strings: 8, Instructions: 1080injectionmemoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF7DF1A6F86
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1A6FBE
VirtualAllocEx.KERNEL32 ref: 00007FF7DF1A70A4
VirtualAllocEx.KERNEL32 ref: 00007FF7DF1A7196
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1A71C4
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1A76FB
VirtualProtectEx.KERNEL32 ref: 00007FF7DF1A774B
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1A77AD
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1A781F

Strings

l, xrefs: 00007FF7DF1A7B13
ntdll.dll, xrefs: 00007FF7DF1A6E74, 00007FF7DF1A6FF6, 00007FF7DF1A71BD, 00007FF7DF1A79B0, 00007FF7DF1A7A72, 00007FF7DF1A7AC7, 00007FF7DF1A80BE
, xrefs: 00007FF7DF1A7713
NtMapViewOfSection, xrefs: 00007FF7DF1A6FFD
@, xrefs: 00007FF7DF1A717D
NtUnmapViewOfSection, xrefs: 00007FF7DF1A702E
@, xrefs: 00007FF7DF1A7433
(, xrefs: 00007FF7DF1A7E0A

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: MemoryProcessVirtualWrite$Alloc$HandleModuleProtect
String ID: $($@$@$NtMapViewOfSection$NtUnmapViewOfSection$l$ntdll.dll
API String ID: 593833447-3096928229
Opcode ID: d7f59e1f7850bf35e44d976b7bef87d40a2d581000fcb985418b52c1b7846156
Instruction ID: d6dc94148a478cf9ed75ff81a28c8cdefcddb09087b85844ba847f107f6fac9a
Opcode Fuzzy Hash: d7f59e1f7850bf35e44d976b7bef87d40a2d581000fcb985418b52c1b7846156
Instruction Fuzzy Hash: D1B29372A096C581EA61AB11F1443FEB7A9FB44B98FC44236CA8D07795DF3EE246C710

Function 00007FF7DF296750 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 288threadCOMMON

Download Yara Rule

APIs

GetCurrentProcessorNumber.KERNEL32 ref: 00007FF7DF2967C8
GetCurrentThread.KERNEL32 ref: 00007FF7DF2967DB
SetThreadAffinityMask.KERNEL32 ref: 00007FF7DF2967E7
GetCurrentThread.KERNEL32 ref: 00007FF7DF29681C
SetThreadAffinityMask.KERNEL32 ref: 00007FF7DF29682A
CloseHandle.KERNEL32 ref: 00007FF7DF296849
GetCurrentThread.KERNEL32 ref: 00007FF7DF2968C8
SetThreadAffinityMask.KERNEL32 ref: 00007FF7DF2968D4
GetCurrentProcess.KERNEL32 ref: 00007FF7DF2968EA
GetCurrentProcess.KERNEL32 ref: 00007FF7DF2968F7
DuplicateHandle.KERNEL32 ref: 00007FF7DF296919
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF2969FF
GetProcessHandleCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF296A0B
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF296A67
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF296ABC

Strings

l, xrefs: 00007FF7DF296FCF
F, xrefs: 00007FF7DF296FBA
i, xrefs: 00007FF7DF296FC4
e, xrefs: 00007FF7DF296FDA

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Current$Thread$Process$AffinityHandleMask$CloseCountDuplicateErrorLastNumberProcessor
String ID: F$e$i$l
API String ID: 1549886130-2866947123
Opcode ID: 41ca213b600f8cecaa106ca0f16dca308f0d55a8cb48e990d277608e650ace16
Instruction ID: 74e4874ee3f83fa55423329b8f5702a85046cd22723a89a25015b0adfbf5ba20
Opcode Fuzzy Hash: 41ca213b600f8cecaa106ca0f16dca308f0d55a8cb48e990d277608e650ace16
Instruction Fuzzy Hash: 78B1A232A486C246EA14AF15A9102FFEBE0BF85B94FD44036DE9E17794DE7CF4458720

Function 00007FF7DF194EB0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 255threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF194F02
GetCurrentThread.KERNEL32 ref: 00007FF7DF194F08
GetCurrentProcess.KERNEL32 ref: 00007FF7DF194F11
DuplicateHandle.KERNEL32 ref: 00007FF7DF194F32
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF194F67
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF194F77
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF194FB4
GetLastError.KERNEL32 ref: 00007FF7DF194FD0
SetLastError.KERNEL32 ref: 00007FF7DF194FEB
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF195002
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF195068
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF1950A1
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1950B2
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1950E0
GetCurrentThread.KERNEL32 ref: 00007FF7DF1950E6
GetThreadPriority.KERNEL32 ref: 00007FF7DF1950EF

Strings

GetHandleVerifier, xrefs: 00007FF7DF195241

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Current$Thread$ExclusiveLock$AcquireErrorLastProcessRelease$DuplicateHandlePriority
String ID: GetHandleVerifier
API String ID: 2570710408-1090674830
Opcode ID: e3e3eac60e5ac30ca659f8e5c16b939dceee68dff181109415a99faaaa25d647
Instruction ID: da4ea67cb6fe727045120b521db1c39c3de3d479b6d29c5b1651cf3647207386
Opcode Fuzzy Hash: e3e3eac60e5ac30ca659f8e5c16b939dceee68dff181109415a99faaaa25d647
Instruction Fuzzy Hash: BBC14B31E1C6C281EA40FB91B8502FDA7A6AF85B40FD40137D86E136A5DF7EB546C3A0

Function 00007FF7DF1F5490 Relevance: 32.2, APIs: 15, Strings: 3, Instructions: 693COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F554C
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F5583
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5804
SetEvent.KERNEL32 ref: 00007FF7DF1F5973
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5AD1
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5BF8
WakeAllConditionVariable.KERNEL32 ref: 00007FF7DF1F5C07
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5C0D
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5C17
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5C4C
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5CF1
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5D11
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F5D2D

Strings

WaitableEvent::Signal, xrefs: 00007FF7DF1F5E76
WorkerThread::WakeUp, xrefs: 00007FF7DF1F5E2F
..\..\base\synchronization\waitable_event.cc, xrefs: 00007FF7DF1F549B

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release$ConditionCounterEventPerformanceQueryVariableWake
String ID: ..\..\base\synchronization\waitable_event.cc$WaitableEvent::Signal$WorkerThread::WakeUp
API String ID: 3237177724-41828814
Opcode ID: 2847e612607693c452237f7a6cbc25de3c14342f17c9b373ce2b17c85e4b875f
Instruction ID: ab864f96c6a1e824457aded1d0e213633d3468e30c23d1ff30b823f2dd45d365
Opcode Fuzzy Hash: 2847e612607693c452237f7a6cbc25de3c14342f17c9b373ce2b17c85e4b875f
Instruction Fuzzy Hash: 22625C22A0DAC682EB54AB15E4543FDA365FF84BA0FD44233DB5E077A5DF2EE4418320

Function 00007FF7DF1B2670 Relevance: 30.3, APIs: 4, Strings: 13, Instructions: 572libraryloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF1B291C
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1B2962
GetProcAddress.KERNEL32 ref: 00007FF7DF1B2972

Strings

Unsupported version: , xrefs: 00007FF7DF1B2DFE
DisplayVersion, xrefs: 00007FF7DF1B27C4
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF7DF1B2720
ReleaseId, xrefs: 00007FF7DF1B2C44
kernel32.dll, xrefs: 00007FF7DF1B295B
MajorMinorBuildToVersion, xrefs: 00007FF7DF1B303C
UBR, xrefs: 00007FF7DF1B278C
%s (errno: %d, %s), xrefs: 00007FF7DF1B2670
WindowsVersion-minor, xrefs: 00007FF7DF1B311C
WindowsVersion-build, xrefs: 00007FF7DF1B315E
WindowsVersion-major, xrefs: 00007FF7DF1B30DA
IsWow64Process2, xrefs: 00007FF7DF1B2968
..\..\base\win\windows_version.cc, xrefs: 00007FF7DF1B2DD6, 00007FF7DF1B3043

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: %s (errno: %d, %s)$..\..\base\win\windows_version.cc$DisplayVersion$IsWow64Process2$MajorMinorBuildToVersion$ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR$Unsupported version: $WindowsVersion-build$WindowsVersion-major$WindowsVersion-minor$kernel32.dll
API String ID: 4190356694-3261067513
Opcode ID: 8c4ec4f875da3240f9258922bec54ae6f77874def78f0546402384fbb354de22
Instruction ID: 55f0c5b761655d4001d604d83c64b6f07664cf6b5e8a79965d0e3beca8124919
Opcode Fuzzy Hash: 8c4ec4f875da3240f9258922bec54ae6f77874def78f0546402384fbb354de22
Instruction Fuzzy Hash: 21525A32A08AC286EB25AB11E4503FEB7A8FB85744FD04137DA9E47695DF3DE548C720

Function 00007FF7DF2035C0 Relevance: 28.6, APIs: 4, Strings: 12, Instructions: 606COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20362B
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF203856
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF20387B

Part of subcall function 00007FF7DF230D70: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF230DA8

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF203963

Strings

33333333, xrefs: 00007FF7DF203D49
33333333, xrefs: 00007FF7DF203668
33333333, xrefs: 00007FF7DF203CBF
33333333, xrefs: 00007FF7DF203DC1
UUUUUUUU, xrefs: 00007FF7DF203D2F
Histogram.TooManyBuckets.1000, xrefs: 00007FF7DF2035CB
33333333, xrefs: 00007FF7DF203C26
33333333, xrefs: 00007FF7DF203A56
33333333, xrefs: 00007FF7DF203793
UUUUUUUU, xrefs: 00007FF7DF2038B4
33333333, xrefs: 00007FF7DF203E02
UUUUUUUU, xrefs: 00007FF7DF20365E

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
String ID: 33333333$33333333$33333333$33333333$33333333$33333333$33333333$33333333$Histogram.TooManyBuckets.1000$UUUUUUUU$UUUUUUUU$UUUUUUUU
API String ID: 1190089479-3776885806
Opcode ID: bebd20424c5c2bc80b0763c612c2b8a47418a29eabb7b10cebfb8488d813b6f4
Instruction ID: 5a14861e5ea6483be240107f2475f98a2314b7936775de85781429a41dfd2fb6
Opcode Fuzzy Hash: bebd20424c5c2bc80b0763c612c2b8a47418a29eabb7b10cebfb8488d813b6f4
Instruction Fuzzy Hash: 3132C063B19A8A81EE24EB5694113BCA391BF44BD4FC88533DD4E57794DE3DFA808321

Function 00007FF7DF1C6590 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 405synchronizationlibraryloaderCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32 ref: 00007FF7DF1C663B
GetLastError.KERNEL32 ref: 00007FF7DF1C6649
SetLastError.KERNEL32 ref: 00007FF7DF1C6665
WaitForSingleObject.KERNEL32 ref: 00007FF7DF1C6673
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C66C9
GetProcAddress.KERNEL32 ref: 00007FF7DF1C66D9
ReleaseMutex.KERNEL32 ref: 00007FF7DF1C687C
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C6940
GetProcAddress.KERNEL32 ref: 00007FF7DF1C6950

Strings

Temp, xrefs: 00007FF7DF1C6C5F
kernelbase.dll, xrefs: 00007FF7DF1C66C2
_app_container_profile_lock_0278d671-c445-4dfa-a8b4-d5ccf66d4cc3, xrefs: 00007FF7DF1C662E
AppContainerRegisterSid, xrefs: 00007FF7DF1C66CF
GetHandleVerifier, xrefs: 00007FF7DF1C6946

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressErrorHandleLastModuleMutexProc$CreateObjectReleaseSingleWait
String ID: AppContainerRegisterSid$GetHandleVerifier$Temp$_app_container_profile_lock_0278d671-c445-4dfa-a8b4-d5ccf66d4cc3$kernelbase.dll
API String ID: 4288612787-3178936539
Opcode ID: 18955145e5797569cc9935ef4eb1477653fd76db7cd62686660ce526dee26d80
Instruction ID: 750e65daecd4eb2376425c2669490f1fdca5854c7acea6e120bdeda4ef777699
Opcode Fuzzy Hash: 18955145e5797569cc9935ef4eb1477653fd76db7cd62686660ce526dee26d80
Instruction Fuzzy Hash: 8C127F21A0CAC285EA21AF15B4543FEE7A8AF85794FC44236DE8D077A5DF3EE545C320

Function 00007FF7DF1BCB10 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 537COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000001,-5555555555555556,00000000,?,?,?,?,?,00007FF7DF1B664A), ref: 00007FF7DF1BCB70
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1BCC80
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000001,-5555555555555556,00000000,?,?,?,?,?,00007FF7DF1B664A), ref: 00007FF7DF1BCD34
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1BCDF7
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1BCE67
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000001,-5555555555555556,00000000,?,?,?,?,?,00007FF7DF1B664A), ref: 00007FF7DF1BD08B

Strings

33333333, xrefs: 00007FF7DF1BCB8C
..\..\base\files\file_util_win.cc, xrefs: 00007FF7DF1C8563
ScopedBlockingCall, xrefs: 00007FF7DF1C8692
UUUUUUUU, xrefs: 00007FF7DF1BCB82
GetCurrentDirectoryW, xrefs: 00007FF7DF1C855C

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ..\..\base\files\file_util_win.cc$33333333$GetCurrentDirectoryW$ScopedBlockingCall$UUUUUUUU
API String ID: 17069307-2148740040
Opcode ID: 7668a2c67840a3b5a99dea366f8db002a4de1db6e9557b34900352b1dcbba3a8
Instruction ID: 3de2a3c2dfa1c5f5fb032aebf17d742127dd1acaf5bc26913f94981f6af874db
Opcode Fuzzy Hash: 7668a2c67840a3b5a99dea366f8db002a4de1db6e9557b34900352b1dcbba3a8
Instruction Fuzzy Hash: E022AE62B086C6C2EA14AB15E4442FEAB65BB56B80FC44037DE8D07B95CF3EF485C760

Function 00007FF7DF19F460 Relevance: 21.6, APIs: 7, Strings: 5, Instructions: 559threadCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7DF19F678

Part of subcall function 00007FF7DF23A0B0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF23A0C0

GetCurrentThreadId.KERNEL32 ref: 00007FF7DF19F952
GetCurrentThread.KERNEL32 ref: 00007FF7DF19F9E4
SetThreadInformation.KERNEL32 ref: 00007FF7DF19F9FB
GetLastError.KERNEL32 ref: 00007FF7DF19FD02

Part of subcall function 00007FF7DF19FE20: GetLastError.KERNEL32 ref: 00007FF7DF19FE4B
Part of subcall function 00007FF7DF19FE20: SetLastError.KERNEL32 ref: 00007FF7DF19FE6F

Part of subcall function 00007FF7DF1A2DE0: GetModuleHandleW.KERNEL32 ref: 00007FF7DF1A2E2D
Part of subcall function 00007FF7DF1A2DE0: GetProcAddress.KERNEL32 ref: 00007FF7DF1A2E3D

PostQueuedCompletionStatus.KERNEL32 ref: 00007FF7DF19FBC3
SetInformationJobObject.KERNEL32 ref: 00007FF7DF19FBF2

Part of subcall function 00007FF7DF1A08A0: QueryInformationJobObject.KERNEL32 ref: 00007FF7DF1A0914
Part of subcall function 00007FF7DF1A08A0: SetInformationJobObject.KERNEL32 ref: 00007FF7DF1A093F

Strings

PERFETTO_CHECK(chunk.size() == page_chunk_size), xrefs: 00007FF7DF19F5AB
..\..\third_party\perfetto\src\tracing\core\shared_memory_abi.cc, xrefs: 00007FF7DF19F596, 00007FF7DF19F5E4
%s (errno: %d, %s), xrefs: 00007FF7DF19F5B7, 00007FF7DF19F605
MZx, xrefs: 00007FF7DF19F686
PERFETTO_CHECK(chunk_state == expected_chunk_state), xrefs: 00007FF7DF19F5F9

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Information$ErrorLastObjectThread$CurrentHandleModule$AcquireAddressCompletionExclusiveLockPostProcQueryQueuedStatus
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_abi.cc$MZx$PERFETTO_CHECK(chunk.size() == page_chunk_size)$PERFETTO_CHECK(chunk_state == expected_chunk_state)
API String ID: 157280735-2639432050
Opcode ID: 5ab2fb6260915b76d5b7a20aae59d90e4aa8c84f65e270a4dd7994b9c1d588b7
Instruction ID: 4ed6d04032240b0b69e60a70e3eeaa5ad1a4169f8a5e727a55af3bbe3d655722
Opcode Fuzzy Hash: 5ab2fb6260915b76d5b7a20aae59d90e4aa8c84f65e270a4dd7994b9c1d588b7
Instruction Fuzzy Hash: B8429D62A087C291E760AB11E4447FEB3AAFB85B84FD04137DA9D07696DF3DE445C3A0

Function 00007FF7DF191A90 Relevance: 20.2, APIs: 13, Instructions: 733COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,?), ref: 00007FF7DF1F039D
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F03E7

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 193385972b040ced0deaf355a4724cead6fa0c61e0de9dfdb05074265b7d471f
Instruction ID: 6f942a0ef489a0ec11f02c19d0b7e0f488826505ec7c73f0f3d02939130ed5ec
Opcode Fuzzy Hash: 193385972b040ced0deaf355a4724cead6fa0c61e0de9dfdb05074265b7d471f
Instruction Fuzzy Hash: 3C62BE72A08A8286EB14AB15E4543ADB7A4FF48BA0FC54632DF6E037A4DF7DE445C310

Function 00007FF7DF22ACA0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 261COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00007FF7DF22AFC4
GetLastError.KERNEL32 ref: 00007FF7DF22B56F

Part of subcall function 00007FF7DF1B3480: GetLastError.KERNEL32 ref: 00007FF7DF1B34C2
Part of subcall function 00007FF7DF1B3480: SetLastError.KERNEL32 ref: 00007FF7DF1B34EA
Part of subcall function 00007FF7DF1B3480: GetLastError.KERNEL32 ref: 00007FF7DF1B34FA
Part of subcall function 00007FF7DF1B3480: SetLastError.KERNEL32 ref: 00007FF7DF1B3524

FreeEnvironmentStringsW.KERNEL32 ref: 00007FF7DF22B066
GetLastError.KERNEL32 ref: 00007FF7DF22B539
TerminateProcess.KERNEL32 ref: 00007FF7DF22B553

Part of subcall function 00007FF7DF1A3800: GetLastError.KERNEL32 ref: 00007FF7DF1A3853
Part of subcall function 00007FF7DF1A3800: SetLastError.KERNEL32 ref: 00007FF7DF1A3868
Part of subcall function 00007FF7DF1A3800: GetLastError.KERNEL32 ref: 00007FF7DF1A3888
Part of subcall function 00007FF7DF1A3800: SetLastError.KERNEL32 ref: 00007FF7DF1A389A

Strings

MZx, xrefs: 00007FF7DF22AEA9

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$EnvironmentStrings$FreeProcessTerminate
String ID: MZx
API String ID: 807419680-2575928145
Opcode ID: f520c56e62bb2cbb161550abd6b75047227802b63ffcda244b052b77f4308653
Instruction ID: 2072345fcbd8a985eb9c0ce8630504824733e6a4301839e403778a42ec509154
Opcode Fuzzy Hash: f520c56e62bb2cbb161550abd6b75047227802b63ffcda244b052b77f4308653
Instruction Fuzzy Hash: 22C14A36A08BC285E620AF25A8443EEF3A5FB84790FC44136DA8D47A95DF3DE185CB50

Function 00007FF7DF1C59B0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C5A18
GetProcAddress.KERNEL32 ref: 00007FF7DF1C5A28

Part of subcall function 00007FF7DF2399F0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF239A00
Part of subcall function 00007FF7DF2399F0: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF239A40

GetLastError.KERNEL32 ref: 00007FF7DF1C5B6A
SetLastError.KERNEL32 ref: 00007FF7DF1C5B83

Part of subcall function 00007FF7DF23A0B0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF23A0C0

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C5C38
GetProcAddress.KERNEL32 ref: 00007FF7DF1C5C48
SetLastError.KERNEL32 ref: 00007FF7DF1C5D77

Strings

kernelbase.dll, xrefs: 00007FF7DF1C5A11
CreateAppContainerToken, xrefs: 00007FF7DF1C5A1E
%s (errno: %d, %s), xrefs: 00007FF7DF1C59B0
GetHandleVerifier, xrefs: 00007FF7DF1C5C3E

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorExclusiveLastLock$AcquireAddressHandleModuleProc$Release
String ID: %s (errno: %d, %s)$CreateAppContainerToken$GetHandleVerifier$kernelbase.dll
API String ID: 2454137977-3771102489
Opcode ID: 9c67cf85386482ee7072588959eb5c46ceb620781b3bd51fc2dc84eef310e89e
Instruction ID: e11e91e4cd8e1b23868f82c54dd17410b878ba55d861104efe346aadaba88edf
Opcode Fuzzy Hash: 9c67cf85386482ee7072588959eb5c46ceb620781b3bd51fc2dc84eef310e89e
Instruction Fuzzy Hash: 31A18E72A09AC286EA54AF55B8503BDE7A5BB84BA0FD04237DA5E43794DF7DF040C320

Function 00007FF7DF19D7F0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 213filelibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

CreateFileW.KERNEL32 ref: 00007FF7DF19D983
GetLastError.KERNEL32 ref: 00007FF7DF19D991
SetLastError.KERNEL32 ref: 00007FF7DF19D9BF
GetLastError.KERNEL32 ref: 00007FF7DF19DA2A
GetLastError.KERNEL32 ref: 00007FF7DF19DA3C
GetModuleHandleW.KERNEL32 ref: 00007FF7DF19DAA5
GetProcAddress.KERNEL32 ref: 00007FF7DF19DAB5

Strings

DoInitialize, xrefs: 00007FF7DF19D83B
ScopedBlockingCall, xrefs: 00007FF7DF19DAF5
..\..\base\files\file_win.cc, xrefs: 00007FF7DF19D842
GetHandleVerifier, xrefs: 00007FF7DF19DAAB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$ExclusiveLock$AcquireAddressCounterCreateFileHandleModulePerformanceProcQueryRelease
String ID: ..\..\base\files\file_win.cc$DoInitialize$GetHandleVerifier$ScopedBlockingCall
API String ID: 3329152108-3902238273
Opcode ID: 41d4edc3124d309488214354ec27f562eb19a1af8d458b43a50b433996b74205
Instruction ID: 3aec507754b0257b4165cc9442636958a3e586b18a31221fab6cf1d6c463aa28
Opcode Fuzzy Hash: 41d4edc3124d309488214354ec27f562eb19a1af8d458b43a50b433996b74205
Instruction Fuzzy Hash: 6681BE22B1C68682FB24AB15B4557FDB796AF85740FC04036CA9E03A95CF3EF555C3A0

Function 00007FF7DF21B720 Relevance: 18.4, APIs: 4, Strings: 6, Instructions: 857COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF21B92E
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF21BA2A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF21BC54

Strings

Blink.UseCounter, xrefs: 00007FF7DF21C3CF
Histogram.TooManyBuckets.1000, xrefs: 00007FF7DF21C3C3
Histogram.BadConstructionArguments, xrefs: 00007FF7DF21C4A9
Histogram.MismatchedConstructionArguments, xrefs: 00007FF7DF21C1E9
33333333, xrefs: 00007FF7DF21B986
UUUUUUUU, xrefs: 00007FF7DF21B973

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID: 33333333$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$UUUUUUUU
API String ID: 1021914862-270050585
Opcode ID: 852c754739db5959bcaa4a3ded9dee9fe64d39d46bdd4f0c1467f9def7d085dd
Instruction ID: ca8d3d6de74820c5d585704727a10ce97b580b1b2289adb41d41dd0b26c66093
Opcode Fuzzy Hash: 852c754739db5959bcaa4a3ded9dee9fe64d39d46bdd4f0c1467f9def7d085dd
Instruction Fuzzy Hash: 2A82C222A0CAC681EA20EB15D8403FDE3A1EB89794FD48237DA5D47B95DF3DF1818724

Function 00007FF7DF217940 Relevance: 18.3, APIs: 4, Strings: 6, Instructions: 831COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF217B29
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF217C25
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF217D76

Strings

Blink.UseCounter, xrefs: 00007FF7DF218589
UUUUUUUU, xrefs: 00007FF7DF217B6E
Histogram.TooManyBuckets.1000, xrefs: 00007FF7DF21857D
Histogram.BadConstructionArguments, xrefs: 00007FF7DF218650
33333333, xrefs: 00007FF7DF217B81
Histogram.MismatchedConstructionArguments, xrefs: 00007FF7DF2183AE

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID: 33333333$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$UUUUUUUU
API String ID: 1021914862-270050585
Opcode ID: 1d4856c3df65942bba93bd4aa22cccf46b9ef97a9f9a65854fc72746ef8e0c4b
Instruction ID: 9938e0d9019289635fe652e9e04e2f983d845670fb08b7f74011c2f7df660145
Opcode Fuzzy Hash: 1d4856c3df65942bba93bd4aa22cccf46b9ef97a9f9a65854fc72746ef8e0c4b
Instruction Fuzzy Hash: EA72C122A0CAC681EB20EB15D8803FDE3A1EB99794FD48237DA4D47795DF2DF1858724

Function 00007FF7DF19DC20 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 203fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

CreateFileMappingW.KERNEL32 ref: 00007FF7DF19DCF6
GetLastError.KERNEL32 ref: 00007FF7DF19DD05
SetLastError.KERNEL32 ref: 00007FF7DF19DD35
MapViewOfFile.KERNEL32 ref: 00007FF7DF19DD85

Strings

ScopedBlockingCall, xrefs: 00007FF7DF19E071, 00007FF7DF19E0C6
..\..\base\files\memory_mapped_file_win.cc, xrefs: 00007FF7DF19DC78
MapFileRegionToMemory, xrefs: 00007FF7DF19DC71
GetHandleVerifier, xrefs: 00007FF7DF19E029

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
String ID: ..\..\base\files\memory_mapped_file_win.cc$GetHandleVerifier$MapFileRegionToMemory$ScopedBlockingCall
API String ID: 749074358-664693454
Opcode ID: a191055e58f2f7d3c3ee26bb167de487ffea3ddae758c448acb411a1d6d08517
Instruction ID: e0b752b2808d4ee3cf83a95fc9f3af704642e6021d767b13af5d283fbd9eeb03
Opcode Fuzzy Hash: a191055e58f2f7d3c3ee26bb167de487ffea3ddae758c448acb411a1d6d08517
Instruction Fuzzy Hash: BB81AF21A19AC682EA20AF25F4513FEA3A6FF44780FC05433CA9E12794DF3EF1458360

Function 00007FF7DF1BDA90 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 177libraryloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF1BDACA
DuplicateHandle.KERNEL32 ref: 00007FF7DF1BDAF2
GetLastError.KERNEL32 ref: 00007FF7DF1BDB0E
SetLastError.KERNEL32 ref: 00007FF7DF1BDB27
GetCurrentProcess.KERNEL32 ref: 00007FF7DF1BDC2E
DuplicateHandle.KERNEL32 ref: 00007FF7DF1BDC54
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1BDD10
GetProcAddress.KERNEL32 ref: 00007FF7DF1BDD20

Strings

, xrefs: 00007FF7DF1BDAE1
GetHandleVerifier, xrefs: 00007FF7DF1BDD16

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Handle$CurrentDuplicateErrorLastProcess$AddressModuleProc
String ID: $GetHandleVerifier
API String ID: 85637011-579813758
Opcode ID: 36520599f40152aae8a55782ad5b4f79766c81eaf4e5d20a67a257d956b08ac5
Instruction ID: 23c4bb38346def7d8e9270aebd16088d401b102cc5a77e5411798aff8411ac40
Opcode Fuzzy Hash: 36520599f40152aae8a55782ad5b4f79766c81eaf4e5d20a67a257d956b08ac5
Instruction Fuzzy Hash: 4D718C32A0CA8682E664AF25B4553FEFBA4BB85B94FC40136DA8D43794CF7DE445C720

Function 00007FF7DF1B35C0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 151libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B3618
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B362D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B364E
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B3660
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B36C2
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B36DB
GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B3779
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B3789
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF1A20B8), ref: 00007FF7DF1B37B8

Strings

GetHandleVerifier, xrefs: 00007FF7DF1B377F

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: 85f883b59df1cf75a5f327ddae1a0083515d1c127a67461959d52bca269815c4
Instruction ID: 579f8fbc338e6fd6a0b452ed315ad2864f82275690b94a9a9d96ff499ad3e35b
Opcode Fuzzy Hash: 85f883b59df1cf75a5f327ddae1a0083515d1c127a67461959d52bca269815c4
Instruction Fuzzy Hash: B251C131A0CAC281FA54BF65B8442FDEA95AF45760FD40237DA5E027D1DF3EF5958220

Function 00007FF7DF1C2490 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 126filelibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

GetFileAttributesW.KERNEL32 ref: 00007FF7DF1C252B
CreateFileW.KERNEL32 ref: 00007FF7DF1C2571
GetLastError.KERNEL32 ref: 00007FF7DF1C257F
SetLastError.KERNEL32 ref: 00007FF7DF1C2597
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C260E
GetProcAddress.KERNEL32 ref: 00007FF7DF1C261E

Strings

..\..\base\files\file_util_win.cc, xrefs: 00007FF7DF1C24DE
ScopedBlockingCall, xrefs: 00007FF7DF1C2665
PathHasAccess, xrefs: 00007FF7DF1C24D7
GetHandleVerifier, xrefs: 00007FF7DF1C2614

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorExclusiveFileLastLock$AcquireAddressAttributesCounterCreateHandleModulePerformanceProcQueryRelease
String ID: ..\..\base\files\file_util_win.cc$GetHandleVerifier$PathHasAccess$ScopedBlockingCall
API String ID: 2667162048-2304908607
Opcode ID: 3aaf21242b47a1abc41aaf3da5f4787ed3890b560c582270ecb4aa0382e9cfe2
Instruction ID: f62250e5d4488f5651d0f402d074ebe3718af3f29047abf6d4ca8239d15f4058
Opcode Fuzzy Hash: 3aaf21242b47a1abc41aaf3da5f4787ed3890b560c582270ecb4aa0382e9cfe2
Instruction Fuzzy Hash: 90519F21A0CAC292FA24AF24B4547FEE365AF84B54FC80133DD8E076A4DF3DE5468720

Function 00007FF7DF2159F0 Relevance: 15.7, APIs: 10, Instructions: 652COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF21603E
WakeAllConditionVariable.KERNEL32 ref: 00007FF7DF216050
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF216059
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF216062
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF216095
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF2161F6
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF2162BB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
String ID:
API String ID: 2824607059-0
Opcode ID: 3af7a522c48e83991a7a7975b0afac699b2f4a283239ada0ed2345564bf98520
Instruction ID: 08d91b33d02ad6a52d76775086ea9ac4d6c2d106a2d511ba1538066180b8e6ea
Opcode Fuzzy Hash: 3af7a522c48e83991a7a7975b0afac699b2f4a283239ada0ed2345564bf98520
Instruction Fuzzy Hash: 7242F122B08EC682EA14AB25D8052BEA761FB95B94FC54632CE6D077D1DF3CF581C324

Function 00007FF7DF1BEBB0 Relevance: 15.6, Strings: 12, Instructions: 635COMMON

Download Yara Rule

Strings

INTERNETCLIENTSERVER, xrefs: 00007FF7DF1BEFF3
MUSICLIBRARY, xrefs: 00007FF7DF1BF1CB
APPOINTMENTS, xrefs: 00007FF7DF1BF409
PRIVATENETWORKCLIENTSERVER, xrefs: 00007FF7DF1BF072
ENTERPRISEAUTHENTICATION, xrefs: 00007FF7DF1BF2AC
DOCUMENTSLIBRARY, xrefs: 00007FF7DF1BF23F
INTERNETCLIENT, xrefs: 00007FF7DF1BEF82
REMOVABLESTORAGE, xrefs: 00007FF7DF1BF39C
VIDEOSLIBRARY, xrefs: 00007FF7DF1BF15E
CONTACTS, xrefs: 00007FF7DF1BF464
SHAREDUSERCERTIFICATES, xrefs: 00007FF7DF1BF324
PICTURESLIBRARY, xrefs: 00007FF7DF1BF0F1

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Once$ExecuteInit$Concurrency::cancel_current_task
String ID: APPOINTMENTS$CONTACTS$DOCUMENTSLIBRARY$ENTERPRISEAUTHENTICATION$INTERNETCLIENT$INTERNETCLIENTSERVER$MUSICLIBRARY$PICTURESLIBRARY$PRIVATENETWORKCLIENTSERVER$REMOVABLESTORAGE$SHAREDUSERCERTIFICATES$VIDEOSLIBRARY
API String ID: 2875519256-1425110014
Opcode ID: a9f11461b139c7b270d981a33978129456eaab1f719794b0ddc1a057540ae75b
Instruction ID: c04cb2a89f6cfb97cfb745532411f97344242b564f904ed658211819ba63f551
Opcode Fuzzy Hash: a9f11461b139c7b270d981a33978129456eaab1f719794b0ddc1a057540ae75b
Instruction Fuzzy Hash: 9C62B02290CBC281FB21AB15E5103EDBBA4FB95754FC49236DA8C03A99DF7DE584C710

Function 00007FF7DF1AF940 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 400fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

FindNextFileW.KERNEL32 ref: 00007FF7DF1AFA59
GetLastError.KERNEL32 ref: 00007FF7DF1AFA64
FindClose.KERNEL32 ref: 00007FF7DF1AFBE0
FindFirstFileExW.KERNEL32 ref: 00007FF7DF1AFE86

Strings

..\..\base\files\file_enumerator_win.cc, xrefs: 00007FF7DF1AF99E
ScopedBlockingCall, xrefs: 00007FF7DF1B0064
Next, xrefs: 00007FF7DF1AF997

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Find$ExclusiveFileLock$AcquireCloseCounterErrorFirstLastNextPerformanceQueryRelease
String ID: ..\..\base\files\file_enumerator_win.cc$Next$ScopedBlockingCall
API String ID: 577597780-2661606236
Opcode ID: cc1e396759e9ecb15f1042486450f03b821df9adbb18ce76d9ee1acdf832199d
Instruction ID: 32b56220a13a5f5d6dcb44824028e4fcbd6a444d82da405fc3ac22b2352ed371
Opcode Fuzzy Hash: cc1e396759e9ecb15f1042486450f03b821df9adbb18ce76d9ee1acdf832199d
Instruction Fuzzy Hash: BF126B32A0DBC285EA64AB21E5443EEB7A4FB85784FC04136DA9D43799DF3EE0918710

Function 00007FF7DF19CC90 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 96threadlibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF229350: GetCurrentThreadId.KERNEL32 ref: 00007FF7DF229366
Part of subcall function 00007FF7DF229350: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF7DF19CCBC), ref: 00007FF7DF229373

GetCurrentThread.KERNEL32 ref: 00007FF7DF19CD21
IsDebuggerPresent.KERNEL32 ref: 00007FF7DF19CD45
GetModuleHandleW.KERNEL32 ref: 00007FF7DF19CD7C
GetProcAddress.KERNEL32 ref: 00007FF7DF19CD8C
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF19CDE4
RaiseException.KERNEL32 ref: 00007FF7DF19CE18

Strings

Kernel32.dll, xrefs: 00007FF7DF19CD75
SetThreadDescription, xrefs: 00007FF7DF19CD82

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CurrentThread$AcquireAddressDebuggerExceptionExclusiveHandleLockModulePresentProcRaise
String ID: Kernel32.dll$SetThreadDescription
API String ID: 1876178700-1724334159
Opcode ID: eb61c0401c3904cf8c88031af58ec774b1fb683863433f5758d22ed39f1428b9
Instruction ID: 4fe7a30e78098d17b1bf8ce1529aa5527ac288ee795119dbad16a2c958f29cb5
Opcode Fuzzy Hash: eb61c0401c3904cf8c88031af58ec774b1fb683863433f5758d22ed39f1428b9
Instruction Fuzzy Hash: 7E414A71E08AC285FA50EF21E8503FCB7A6AF44B84FD84037C99E07694DF2DB54683A0

Function 00007FF7DF202E20 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 482COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF202E60
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF202FF2
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF203210

Strings

33333333, xrefs: 00007FF7DF20342D
UUUUUUUU, xrefs: 00007FF7DF20341A
33333333, xrefs: 00007FF7DF202EE5
UUUUUUUU, xrefs: 00007FF7DF202ED2

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: 33333333$33333333$UUUUUUUU$UUUUUUUU
API String ID: 1678258262-1344069251
Opcode ID: b5753e3049fd9217c30fd4274717b353d03ad0963f296341cd68686f0f81d32a
Instruction ID: aa40fec9b870d81bbcf648dba9a9821f08861aa4dd7661d6f862cbad6156ab74
Opcode Fuzzy Hash: b5753e3049fd9217c30fd4274717b353d03ad0963f296341cd68686f0f81d32a
Instruction Fuzzy Hash: B812F562B1D68682EE64AB52D4443FDA391BF48BD0FC88537D94E677D1DE3CF9808220

Function 00007FF7DF1A0F80 Relevance: 12.2, APIs: 8, Instructions: 179threadCOMMON

Download Yara Rule

APIs

UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A103D
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A1083
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A10D5
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A111F
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A118A
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A11E2
GetLastError.KERNEL32 ref: 00007FF7DF1A11F0
UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7DF1A1269

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AttributeProcThreadUpdate$ErrorLast
String ID:
API String ID: 3892629152-0
Opcode ID: c621967c139fe577e353c71c8dd1fd1d94509a7bd254a6f790da302e2cdd1dd8
Instruction ID: 7fef8f05dcbbf160a48a8755571e6fecc3dda219a551266225026edb942a0073
Opcode Fuzzy Hash: c621967c139fe577e353c71c8dd1fd1d94509a7bd254a6f790da302e2cdd1dd8
Instruction Fuzzy Hash: A771EF22A19AC242E7759F35B2803BEB396FB94744FD48237C69E52580DF7EE1C58710

Function 00007FF7DF1C3BD0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 316threadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF7DF1C3C9D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF1C3DA1
LocalFree.KERNEL32 ref: 00007FF7DF1C3E63

Strings

sbox_alternate_desktop_, xrefs: 00007FF7DF1C3C39
local_winstation_, xrefs: 00007FF7DF1C413B

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Current$FreeLocalProcessThread
String ID: local_winstation_$sbox_alternate_desktop_
API String ID: 3144071100-58166206
Opcode ID: 5f6048c7617e1ce0171a0335cf098602778b3a23f15ede5e0d8f757bf706151e
Instruction ID: 5be27469957495da65fb95e34d9cd432ccb75200b01466870c9a13394c52af98
Opcode Fuzzy Hash: 5f6048c7617e1ce0171a0335cf098602778b3a23f15ede5e0d8f757bf706151e
Instruction Fuzzy Hash: 60E18A32A0CAC281EA75AF24B4153FEE7A4EF95744FC44136DA8D02A95DF7EE185C720

Function 00007FF7DF1F1EF0 Relevance: 10.8, APIs: 7, Instructions: 289memoryCOMMON

Download Yara Rule

APIs

ReleaseSRWLockExclusive.KERNEL32(?), ref: 00007FF7DF1F1F21
VirtualAlloc.KERNEL32 ref: 00007FF7DF1F219B
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F2236

Part of subcall function 00007FF7DF1953B0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1953D3

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F229C
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F22BD
VirtualAlloc.KERNEL32 ref: 00007FF7DF1F22D5
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00007FF7DF1F2336

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$AllocVirtual
String ID:
API String ID: 2092370432-0
Opcode ID: 283ede165645a5ec129ab14cff8fd335fd1d8df13390702bf6ce778e69bf5777
Instruction ID: 9d395a423e4cf932b7242f585ac2d6fe96fd5085239ac13efa25669967657c6c
Opcode Fuzzy Hash: 283ede165645a5ec129ab14cff8fd335fd1d8df13390702bf6ce778e69bf5777
Instruction Fuzzy Hash: BDC1BF63A08AC686EB20AB24A8113FEA7A4FF55784FC44236DF5E06795DF3DE241C350

Function 00007FF7DF204560 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 274COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00000070,00000000,?,00000138,?), ref: 00007FF7DF204662
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00000070,00000000,?,00000138,?), ref: 00007FF7DF204754

Strings

33333333, xrefs: 00007FF7DF2046BA
UUUUUUUU, xrefs: 00007FF7DF2046A7
Histogram.TooManyBuckets.1000, xrefs: 00007FF7DF204566

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: 33333333$Histogram.TooManyBuckets.1000$UUUUUUUU
API String ID: 17069307-2370641061
Opcode ID: 1180567eede97876c10b112f813bb9c0ad465083d988ce118fb9664cebf2200e
Instruction ID: 830282e73c0dfe1f1d5080612367b651bd8b6fb0b4e0a19c4cc362a441d8eb05
Opcode Fuzzy Hash: 1180567eede97876c10b112f813bb9c0ad465083d988ce118fb9664cebf2200e
Instruction Fuzzy Hash: 6BB1F122E0C6C681EA20EB55D4403FDE391AB89BA4FD88133D99D577E5DE6CF2818321

Function 00007FF7DF19E640 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 237COMMON

Download Yara Rule

APIs

ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF19E7C5
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF19E822

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF19E92D
Shared memory buffer max stall count exceeded; possible deadlock (errno: %d, %s), xrefs: 00007FF7DF19E96F
..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc, xrefs: 00007FF7DF19E90C, 00007FF7DF19E95A
PERFETTO_CHECK(was_always_bound_), xrefs: 00007FF7DF19E921

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLockRelease
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$PERFETTO_CHECK(was_always_bound_)$Shared memory buffer max stall count exceeded; possible deadlock (errno: %d, %s)
API String ID: 1766480654-3492137015
Opcode ID: d070b3ad4e476c8509f8c89124447ce89e3aaa2462720ed91fe45bd1d4c74093
Instruction ID: 398fe61489f8a57860ca40c204faeab5cb568b5a3620134aea267c79cf5d9d56
Opcode Fuzzy Hash: d070b3ad4e476c8509f8c89124447ce89e3aaa2462720ed91fe45bd1d4c74093
Instruction Fuzzy Hash: 95A1A032A08A8686EB64EF15E4403ADB3A5FB44780FD04136DB9D43BA4DF7DE694C760

Function 00007FF7DF1B5F90 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 209COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32 ref: 00007FF7DF1B6103
_fread_nolock.LIBCMT ref: 00007FF7DF1B6167

Part of subcall function 00007FF7DF20F710: GetLastError.KERNEL32 ref: 00007FF7DF20F76F
Part of subcall function 00007FF7DF20F710: SetLastError.KERNEL32 ref: 00007FF7DF20F779
Part of subcall function 00007FF7DF20F710: SetLastError.KERNEL32 ref: 00007FF7DF20F78D

_fread_nolock.LIBCMT ref: 00007FF7DF1B6287

Strings

..\..\base\files\file_util.cc, xrefs: 00007FF7DF1B6092
ScopedBlockingCall, xrefs: 00007FF7DF1B62AB
ReadStreamToSpanWithMaxSize, xrefs: 00007FF7DF1B608B

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$_fread_nolock$FileHandleInformation
String ID: ..\..\base\files\file_util.cc$ReadStreamToSpanWithMaxSize$ScopedBlockingCall
API String ID: 3595945942-1691348150
Opcode ID: cb82d7de78af8b73f432cc68e4f2afc16c0223cd749790e68be409f2171ac3ab
Instruction ID: e8c88e36e65fdc283ad8fab8eace7adfdc618c6f1bac2af31009f6f913872561
Opcode Fuzzy Hash: cb82d7de78af8b73f432cc68e4f2afc16c0223cd749790e68be409f2171ac3ab
Instruction Fuzzy Hash: 9C81B112A0C6C282FA21AB29B5057FEBBA0BF95784FC04076DE8D06B56DF3DE1458720

Function 00007FF7DF261CBC Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF25C244: GetLastError.KERNEL32 ref: 00007FF7DF25C253
Part of subcall function 00007FF7DF25C244: FlsGetValue.KERNEL32 ref: 00007FF7DF25C268
Part of subcall function 00007FF7DF25C244: SetLastError.KERNEL32 ref: 00007FF7DF25C2F3

Part of subcall function 00007FF7DF25C244: FlsSetValue.KERNEL32 ref: 00007FF7DF25C289

GetUserDefaultLCID.KERNEL32 ref: 00007FF7DF261E2C

Part of subcall function 00007FF7DF25C244: FlsSetValue.KERNEL32 ref: 00007FF7DF25C2B6
Part of subcall function 00007FF7DF25C244: FlsSetValue.KERNEL32 ref: 00007FF7DF25C2C7
Part of subcall function 00007FF7DF25C244: FlsSetValue.KERNEL32 ref: 00007FF7DF25C2D8

EnumSystemLocalesW.KERNEL32 ref: 00007FF7DF261E13
ProcessCodePage.LIBCMT ref: 00007FF7DF261E56
IsValidCodePage.KERNEL32 ref: 00007FF7DF261E68
IsValidLocale.KERNEL32 ref: 00007FF7DF261E7E
GetLocaleInfoW.KERNEL32 ref: 00007FF7DF261EDA
GetLocaleInfoW.KERNEL32 ref: 00007FF7DF261EF6

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 1be52ee16243fe80903d49cbbf9376fb4b075a9ceacbc9e4ac3bc570532e2881
Instruction ID: 01ba4b19a786f88f9ce162b6b4e509ac37d3cd266730b6586d75730dcdeeb59f
Opcode Fuzzy Hash: 1be52ee16243fe80903d49cbbf9376fb4b075a9ceacbc9e4ac3bc570532e2881
Instruction Fuzzy Hash: BA715732B18692AAEB14AB60D8526FDA3B0AF48B48FC44137DA1D57695EF3CF545C320

Function 00007FF7DF21EC40 Relevance: 9.6, Strings: 7, Instructions: 804COMMON

Download Yara Rule

Strings

33333333, xrefs: 00007FF7DF21FA1D
..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h, xrefs: 00007FF7DF21F8D9
UUUUUUUU, xrefs: 00007FF7DF21EF1B
%s (errno: %d, %s), xrefs: 00007FF7DF21F8FA
33333333, xrefs: 00007FF7DF21EF2E
PERFETTO_CHECK(false), xrefs: 00007FF7DF21F8EE
UUUUUUUU, xrefs: 00007FF7DF21FA0A

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h$33333333$33333333$PERFETTO_CHECK(false)$UUUUUUUU$UUUUUUUU
API String ID: 0-1816856866
Opcode ID: c57c92c570d213f5e008e2554fb2a123c96be1ba6b0d45a1dd744b51fae89a88
Instruction ID: 6f2d85033c90c39646ff324361f213ac3359348fbbb8a796e6f35dbd43a757ab
Opcode Fuzzy Hash: c57c92c570d213f5e008e2554fb2a123c96be1ba6b0d45a1dd744b51fae89a88
Instruction Fuzzy Hash: 8B828E72609EC591EA299B15D8843EEB3A1FB48B94FD88132DA9D07794DF7CF490C324

Function 00007FF7DF229F60 Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229FF1
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF22A01F
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF22A063
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF22A17C
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF22A1AA
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF22A1EA

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Once$ExecuteInit
String ID:
API String ID: 689400697-0
Opcode ID: 0d91ed8ef8495bbd1743f1830ad7b815a1421c5bf9af3a92670b5779b9993a5d
Instruction ID: 66d83b07604424277b614ace6e20cedfe158d60ff9330733d42812a0e58b4bd1
Opcode Fuzzy Hash: 0d91ed8ef8495bbd1743f1830ad7b815a1421c5bf9af3a92670b5779b9993a5d
Instruction Fuzzy Hash: 7F919C72A0828796E614BF25A9186FDBBA4FB09744FC44533C90E4BAA1DF3DF545CB20

Function 00007FF7DF229C20 Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229CAC
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229CD9
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229D21
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229E0C
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229E39
InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF229E7A

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Once$ExecuteInit
String ID:
API String ID: 689400697-0
Opcode ID: d65a662e856ef64e72e876a413ba92a40d57dfe32518ee2ccc36e72da8591fbf
Instruction ID: a2c39f68ebfcd3eea5e411d127f9abb124fc0f7971aaec29e1debb7fb1421107
Opcode Fuzzy Hash: d65a662e856ef64e72e876a413ba92a40d57dfe32518ee2ccc36e72da8591fbf
Instruction Fuzzy Hash: 1A819971E086C382FA20BB15B9546FCB664BF59B88FC44437C95D076A5EE3DB209E320

Function 00007FF7DF1B9730 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 419libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF1B99D2
SetLastError.KERNEL32 ref: 00007FF7DF1B99EB
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1B9ADF
GetProcAddress.KERNEL32 ref: 00007FF7DF1B9AEF

Strings

GetHandleVerifier, xrefs: 00007FF7DF1B9AE5

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: fb59f3f297ec2eae0b6c9af0e9a73593ffdd591253063f45329b393239661387
Instruction ID: 93c798d10440e8d163132f7d0dd96bf6f92904cfcfa14dff17640b781776ffd4
Opcode Fuzzy Hash: fb59f3f297ec2eae0b6c9af0e9a73593ffdd591253063f45329b393239661387
Instruction Fuzzy Hash: E1029362B09BC5C2EA60AB26F4513BEABA4FB85794FD04536DA9D437D4CF3DE4428310

Function 00007FF7DF1E9890 Relevance: 7.8, APIs: 5, Instructions: 305memoryCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000001,00000000,?,?,?), ref: 00007FF7DF1E98C0
TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00007FF7DF1E9BE0
TlsAlloc.KERNEL32 ref: 00007FF7DF1E9C05
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1E9C3C
ReleaseSRWLockExclusive.KERNEL32(00000001), ref: 00007FF7DF1E9C5D

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$Alloc
String ID:
API String ID: 3005806778-0
Opcode ID: 88f94538ec3eca9fb7641d73a30aad34d1e447a76cb592bfaec6ba2ce8d2cfed
Instruction ID: d3f7e2a4424d036d653da9c28a01039ec5f4505588f7067a70f011b3721fe09b
Opcode Fuzzy Hash: 88f94538ec3eca9fb7641d73a30aad34d1e447a76cb592bfaec6ba2ce8d2cfed
Instruction Fuzzy Hash: FAE1AD32A086C192F725AB20A5413EEB7A4FF41798FD48636DA9D03691DF7EE196C310

Function 00007FF7DF2467B0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 448COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF246AE7
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF246D4A

Strings

%llu, xrefs: 00007FF7DF2467B6
MZx, xrefs: 00007FF7DF2467E3, 00007FF7DF246D59, 00007FF7DF246E16

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: %llu$MZx
API String ID: 3215553584-2671665022
Opcode ID: 43acb9f45ec43996c0dc79fd2046bdead2dd999906516de98ab0a16e117d9d04
Instruction ID: 8bd5e92fec0e99e030c45df689b8c55dbb5885aa6e43cd109d861e8f6953e430
Opcode Fuzzy Hash: 43acb9f45ec43996c0dc79fd2046bdead2dd999906516de98ab0a16e117d9d04
Instruction Fuzzy Hash: 6312C572B141C14BE779AF25D4907FEBA95FB54788FC05136EA0A67B44DB78BA00CB10

Function 00007FF7DF1EB9B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32 ref: 00007FF7DF1EBDB6
GetLastError.KERNEL32 ref: 00007FF7DF1EBDC0
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1EB9D7

Part of subcall function 00007FF7DF1953B0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1953D3

Strings

bitset reset argument out of range, xrefs: 00007FF7DF1EC8EF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AcquireExclusiveLock$ErrorFreeLastVirtual
String ID: bitset reset argument out of range
API String ID: 1301085418-1934458321
Opcode ID: fc7ead9155029e9c1e840cd8fcdceb874ba0089ea7240e63fcb2fbf9a68c5d8c
Instruction ID: d054b478ab4daf78c3e1dbe9f0c93c34b4ced3159a21adad0ffd1c5a8fc0b887
Opcode Fuzzy Hash: fc7ead9155029e9c1e840cd8fcdceb874ba0089ea7240e63fcb2fbf9a68c5d8c
Instruction Fuzzy Hash: 80B1D122B14A8182EA18DB26E8547BDB3A5FB44B94F954236EF6E477D4CF3DE442C310

Function 00007FF7DF1F3A20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 00007FF7DF1F3A3F
GetProcAddress.KERNEL32 ref: 00007FF7DF1F3A54

Strings

ProcessPrng, xrefs: 00007FF7DF1F3A4A
bcryptprimitives.dll, xrefs: 00007FF7DF1F3A38

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: ProcessPrng$bcryptprimitives.dll
API String ID: 2574300362-2667675608
Opcode ID: 546edd874a05606d9a143dd9b564cfe5b3622b5e659129205659f42560c002c9
Instruction ID: 682cab206f7afab6cf9b836609b057fdfc32f24f21fe2eec8992f3b821e6acda
Opcode Fuzzy Hash: 546edd874a05606d9a143dd9b564cfe5b3622b5e659129205659f42560c002c9
Instruction Fuzzy Hash: 75F09660F0D68650FE05AF16B9401BCA2A55F58B81FD44876CD0D477A0FF2CB9819330

Function 00007FF7DF1B0D10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1B0D1B
GetProcAddress.KERNEL32 ref: 00007FF7DF1B0D2B

Strings

GetSystemTimePreciseAsFileTime, xrefs: 00007FF7DF1B0D21
kernel32.dll, xrefs: 00007FF7DF1B0D14

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 1646373207-706389432
Opcode ID: 60703e6e9ef9defc3791c69ccda3ff79b4c26b962ce8386667fcc73bb2084df6
Instruction ID: 6bf0e43566ac2ece30ded28b3521b14dd9f6541912b9fbe8e555744e7432a4fe
Opcode Fuzzy Hash: 60703e6e9ef9defc3791c69ccda3ff79b4c26b962ce8386667fcc73bb2084df6
Instruction Fuzzy Hash: 25E0E234E0AB83D1EA08BF11B8A12ACA3A0BF09B41BD40037C84D06360EE2CB6468364

Function 00007FF7DF1B4E40 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 349COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF7DF1B537A
SetLastError.KERNEL32 ref: 00007FF7DF1B5399
SetLastError.KERNEL32 ref: 00007FF7DF1B545A

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF1B4E40

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast
String ID: %s (errno: %d, %s)
API String ID: 1452528299-297793326
Opcode ID: d83d8380cd60fb25e75b4f9e43b40925c2b8f95cb62bbc4e8d57276cba2bd29d
Instruction ID: 88a117cad2e00a15079074ff880039d762ef120224c661b7abbb48fba40eb685
Opcode Fuzzy Hash: d83d8380cd60fb25e75b4f9e43b40925c2b8f95cb62bbc4e8d57276cba2bd29d
Instruction Fuzzy Hash: BEF18F2260D7C2C5EA71AB25B4543EEEBA4EB66780FC48036DACD07B59DF6DE044C721

Function 00007FF7DF26508C Relevance: 5.5, APIs: 3, Instructions: 1005COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF2654C2
_get_daylight.LIBCMT ref: 00007FF7DF26555D
_get_daylight.LIBCMT ref: 00007FF7DF265576

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID:
API String ID: 1286766494-0
Opcode ID: 6368c0919250c52593fef51ed8e29ad3cb2da31c931cef8671138b4a2069c1d1
Instruction ID: d4199ca6e22226b562ad95257253bc70a3b5634859e8f8ed349f5e04fd6f2583
Opcode Fuzzy Hash: 6368c0919250c52593fef51ed8e29ad3cb2da31c931cef8671138b4a2069c1d1
Instruction Fuzzy Hash: C992CF32A186C286E764AF24D5521BDB7A1FB55788FD48136EA8D07B98DF3CF910C720

Function 00007FF7DF296B50 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236memoryCOMMON

Download Yara Rule

APIs

EnumSystemLocalesEx.KERNEL32(?,?,?,?,?,?,?,?,?,00135266,?,?,?,00000000), ref: 00007FF7DF296EA5
HeapDestroy.KERNEL32(?,?,?,?,?,?,?,?,?,00135266,?,?,?,00000000), ref: 00007FF7DF296EC4

Strings

\windows_shell_global_counters, xrefs: 00007FF7DF296F0A

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: DestroyEnumHeapLocalesSystem
String ID: \windows_shell_global_counters
API String ID: 4113021481-966492924
Opcode ID: fdf6885ef0b49bdd95376958a833cda80e086c356e89da836768d1d36aaca05d
Instruction ID: 1f0225a3845afe26160f464cea99a93c3ba74ba7db2ff8ae8604138e2e933c78
Opcode Fuzzy Hash: fdf6885ef0b49bdd95376958a833cda80e086c356e89da836768d1d36aaca05d
Instruction Fuzzy Hash: F3B13C12D4D6C281EF64AB1480581BEAEF1EB54B58FD4C037D64C035E0EBBEF9D682A5

Function 00007FF7DF195A60 Relevance: 5.5, Strings: 4, Instructions: 467COMMON

Download Yara Rule

Strings

UUUUUUUU, xrefs: 00007FF7DF195A8E
33333333, xrefs: 00007FF7DF195AA1
UUUUUUUU, xrefs: 00007FF7DF195E60
33333333, xrefs: 00007FF7DF195E73

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: 33333333$33333333$UUUUUUUU$UUUUUUUU
API String ID: 0-1344069251
Opcode ID: a2284ed9a77ddea31ed056f5a18ef07f2e3873a5c2180fa5082c2d5e17c067e2
Instruction ID: 7d1529b7159d9bb57a25ef1ab530aa154e23e17f0d57b1615475511ad8273369
Opcode Fuzzy Hash: a2284ed9a77ddea31ed056f5a18ef07f2e3873a5c2180fa5082c2d5e17c067e2
Instruction Fuzzy Hash: B9F10C72B1968541EE14EB16A4503BDA2DBBF54BD4FC88533DE2E27380DF3EE4648260

Function 00007FF7DF1F2A20 Relevance: 4.9, APIs: 3, Instructions: 365COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F2A46

Part of subcall function 00007FF7DF1953B0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1953D3

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID:
API String ID: 4021432409-0
Opcode ID: 9708c6be7369d9a766239fec68d1403ae1d656bfb5eba8c1a4eedfbb11ec6e81
Instruction ID: 0422317e83e9e71a15082d1beb708fe0848bdab03f7722d320382fcfe88c1727
Opcode Fuzzy Hash: 9708c6be7369d9a766239fec68d1403ae1d656bfb5eba8c1a4eedfbb11ec6e81
Instruction Fuzzy Hash: 90E19F63A19AC582EB14AB29E4442BDA7A5FF44BA4FC54236DF1E07790DF3DE491C320

Function 00007FF7DF245D90 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF7DF245DF6
memcpy_s.LIBCPMT ref: 00007FF7DF245E21

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: f1211de9340225dc865007ab20c931b4492b1fdae3f2975db748a120fd63f9b0
Instruction ID: 9b2185cd20d7e0bee31560804260c45c81d4e8ee335a599682da40bc557c83dd
Opcode Fuzzy Hash: f1211de9340225dc865007ab20c931b4492b1fdae3f2975db748a120fd63f9b0
Instruction Fuzzy Hash: C8C1D172B186C687E724EF19A0446AEFB91F7A4B84FC59136DB4A43784DA7DF801CB40

Function 00007FF7DF216650 Relevance: 4.8, APIs: 3, Instructions: 316COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF216890
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF2168A9
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF216ACC

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID:
API String ID: 1678258262-0
Opcode ID: 7df19b5f3393d1b46438cdbe5cce959e6ec66c41d70ce4c2d6bf21b23996a17f
Instruction ID: ca80d61e64c17bab645d0fe7bf4fb7da5229416dd03ae73ae201c9c2458a0f5d
Opcode Fuzzy Hash: 7df19b5f3393d1b46438cdbe5cce959e6ec66c41d70ce4c2d6bf21b23996a17f
Instruction Fuzzy Hash: 1AE1A1B6A09F8581EF199F19D4502AD7BA1FB54FC4FA88436CA4D07350CF7AE896C360

Function 00007FF7DF231970 Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32 ref: 00007FF7DF231A14
GetProductInfo.KERNEL32 ref: 00007FF7DF231A36

Part of subcall function 00007FF7DF23A0B0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF23A0C0

GetNativeSystemInfo.KERNEL32 ref: 00007FF7DF231ACF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Info$AcquireExclusiveLockNativeProductSystemVersion
String ID:
API String ID: 2776475993-0
Opcode ID: d5bb6529833dfb35d7848f30b083562de34a55ed5b54aa6055bc6837887cd713
Instruction ID: 8ad6289731f6fd9348df169046263e2f27774be3a6974f8029fcc376cb74ed63
Opcode Fuzzy Hash: d5bb6529833dfb35d7848f30b083562de34a55ed5b54aa6055bc6837887cd713
Instruction Fuzzy Hash: A4415B75E18AC282E650EB10E8A13FDB3A0BB85754FD4413BD90E076A4CE3CF586C720

Function 00007FF7DF29A690 Relevance: 4.6, APIs: 3, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

GetProcessHeaps.KERNEL32(?,?,00000000,00007FF7DF296EB8,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF29A69B
GetProcessHeaps.KERNEL32(?,?,00000000,00007FF7DF296EB8,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF29A6BD
GetProcessHeaps.KERNEL32(?,?,00000000,00007FF7DF296EB8,?,?,?,?,?,?,?,?,?,00135266,?,?), ref: 00007FF7DF29A6D8

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: HeapsProcess
String ID:
API String ID: 1420622215-0
Opcode ID: 831e89fd0fdcc15f5b1c48c7305d0e348f4b6deb1cbf88581023b5004f284565
Instruction ID: 00199dcf38fff67d37ea1c355757605c327d075440164a7409620b55456236d7
Opcode Fuzzy Hash: 831e89fd0fdcc15f5b1c48c7305d0e348f4b6deb1cbf88581023b5004f284565
Instruction Fuzzy Hash: 1511B625F8938246FFA87E3164612FD91A25F45FD4FD9843ACA1D4F684DD2CF8528B20

Function 00007FF7DF201DE0 Relevance: 4.3, Strings: 3, Instructions: 511COMMON

Download Yara Rule

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF2025E1
..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc, xrefs: 00007FF7DF2025C0
PERFETTO_CHECK(cur_packet_->is_finalized()), xrefs: 00007FF7DF2025D5

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\trace_writer_impl.cc$PERFETTO_CHECK(cur_packet_->is_finalized())
API String ID: 0-1305856970
Opcode ID: 3801a9c918f4997b11ad20db1360d6f85a28dbb0a0ca21f3c4d6e6420b64427d
Instruction ID: 6e12583c1a4b486f4301360dc81af13a7a50f6888b6572c477e16843dc5685da
Opcode Fuzzy Hash: 3801a9c918f4997b11ad20db1360d6f85a28dbb0a0ca21f3c4d6e6420b64427d
Instruction Fuzzy Hash: BC328763A08AC282EB10EB15D4487ADB7A5FB94B84FC68137DE4D17795CF78E484C360

Function 00007FF7DF228A50 Relevance: 4.2, Strings: 3, Instructions: 488COMMON

Download Yara Rule

Strings

\u%04X, xrefs: 00007FF7DF229114
\u2029, xrefs: 00007FF7DF2290D8
\u2028, xrefs: 00007FF7DF2290CC

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: \u%04X$\u2028$\u2029
API String ID: 0-2740272883
Opcode ID: 30972cd435cf0a2d6da56df930c97ec11f3d974fa8e404715e6e6e1d374d9e63
Instruction ID: 723a86743eb56d3bfb6ed9e79afa5fc2109920d6ad6c9fcfa15b2bb029e3d675
Opcode Fuzzy Hash: 30972cd435cf0a2d6da56df930c97ec11f3d974fa8e404715e6e6e1d374d9e63
Instruction Fuzzy Hash: 4D020422B096D186EB14AA168C102FDAB91BB15BD8FC48637DE1E07BD5DE7DF504D320

Function 00007FF7DF19A7E0 Relevance: 4.1, Strings: 3, Instructions: 356COMMON

Download Yara Rule

Strings

Remove, xrefs: 00007FF7DF19ACBC
it != set_.end(), xrefs: 00007FF7DF19ACDD
..\..\base\task\thread_pool\worker_thread_set.cc, xrefs: 00007FF7DF19ACC3

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: ..\..\base\task\thread_pool\worker_thread_set.cc$Remove$it != set_.end()
API String ID: 0-698253003
Opcode ID: 5f11425a21d7c7d9d6ef787884eb88754b9bdb33c236715f8de84e8e224c894d
Instruction ID: 7ac55a2aa56779226a353c4fb52ec57d241d2017e407e1285747b4614acf8e56
Opcode Fuzzy Hash: 5f11425a21d7c7d9d6ef787884eb88754b9bdb33c236715f8de84e8e224c894d
Instruction Fuzzy Hash: F4F1B472A09B8181EE19DB19E0502BC77A6FB54F84FA48437CE6D4B750CF7AD49AC390

Function 00007FF7DF25EA38 Relevance: 3.9, Strings: 3, Instructions: 195COMMON

Download Yara Rule

Strings

e+000, xrefs: 00007FF7DF25EB45
-, xrefs: 00007FF7DF25EC7B
gfff, xrefs: 00007FF7DF25EBC2

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: -$e+000$gfff
API String ID: 0-2620144452
Opcode ID: 280aecf09a7232d964912b832d7864f13c03ec7680062c7da2be8daada400efd
Instruction ID: a88893eca61acfee528cabe87e4188726689b08dbab74934edf637efd7ba2ce3
Opcode Fuzzy Hash: 280aecf09a7232d964912b832d7864f13c03ec7680062c7da2be8daada400efd
Instruction Fuzzy Hash: 41710772B18BC586E720DF25A84079DB791F744BA4F988232DBA84BB85CF7DE4458B10

Function 00007FF7DF25CCC4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 00007FF7DF25CD38

Strings

GetLocaleInfoEx, xrefs: 00007FF7DF25CCE0, 00007FF7DF25CCF1

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: f5bbcc3a8aff319d532e0059b880880eec9d868ec4f465d6e70a0fc9a3f4968f
Instruction ID: e1d087034a3dd67156635125c77482a98abe8a061490098024f0973fbc6265f0
Opcode Fuzzy Hash: f5bbcc3a8aff319d532e0059b880880eec9d868ec4f465d6e70a0fc9a3f4968f
Instruction Fuzzy Hash: 96018F20B08AC185EB44AB66B4400EEFA61EB88BD0FD84037DE4D83BA9CE3CE5458350

Function 00007FF7DF1C5440 Relevance: 3.3, APIs: 2, Instructions: 257COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF1C55D7
SetLastError.KERNEL32 ref: 00007FF7DF1C5887

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CurrentErrorLastProcess
String ID:
API String ID: 335030130-0
Opcode ID: c76510ec887e0a12253bb0274d716c0248bd13084101abe2259d197ae8b7f669
Instruction ID: 060fd599e8458f3d419483f0e3eb6f7118264da0b8db9daac916725513c95a5a
Opcode Fuzzy Hash: c76510ec887e0a12253bb0274d716c0248bd13084101abe2259d197ae8b7f669
Instruction Fuzzy Hash: 4AB19D21A0C6C185EB31AF16B4053FEE7A9AF91784FC44136DA8D07A95DF7EE485CB20

Function 00007FF7DF1A95C0 Relevance: 2.9, Strings: 2, Instructions: 422COMMON

Download Yara Rule

Strings

0, xrefs: 00007FF7DF1A9A83
0, xrefs: 00007FF7DF1A98E3

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: 0$0
API String ID: 0-203156872
Opcode ID: c5ce408633127c4445b33fc52fba28fb5029276b186ecbbb3121f1d4927373f3
Instruction ID: 4fa73b79b4c3d238d76ce52cc3510ec0333e93b016a1ed64e9037e3c2df0359d
Opcode Fuzzy Hash: c5ce408633127c4445b33fc52fba28fb5029276b186ecbbb3121f1d4927373f3
Instruction Fuzzy Hash: 95128D7260978586DB209F28E1903BEF7A4FB94748FD04626DB8E07B50DF7EE1468750

Function 00007FF7DF1FAC20 Relevance: 2.9, Strings: 1, Instructions: 1609COMMON

Download Yara Rule

Strings

b, xrefs: 00007FF7DF1FBBD6

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: a039dac09121eb3fa58b17ba6b8e21932e1ffd966f21b6b564822d280805a528
Instruction ID: 07dc7a8ed1af5f9c6ee30bf810d87afcdbce9375bdc8dae92085ecdeed7363e7
Opcode Fuzzy Hash: a039dac09121eb3fa58b17ba6b8e21932e1ffd966f21b6b564822d280805a528
Instruction Fuzzy Hash: A2F28C63A09AC282EB24EB15E0503EDA7A4FB95B94FD44236CB9D07795CF3EE454C360

Function 00007FF7DF265F78 Relevance: 2.9, Strings: 2, Instructions: 358COMMON

Download Yara Rule

Strings

am/pm, xrefs: 00007FF7DF266227
a/p, xrefs: 00007FF7DF266292

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: a/p$am/pm
API String ID: 0-3206640213
Opcode ID: ac5e4f394503b84ba1ab2c1b2950bed349975aa6f9282061c993c067528ff3f3
Instruction ID: 6e96138f62fee872a84ccbadd59a4f384fdaa4a19bbca389c7c7b0b3c5488100
Opcode Fuzzy Hash: ac5e4f394503b84ba1ab2c1b2950bed349975aa6f9282061c993c067528ff3f3
Instruction Fuzzy Hash: E3E1AD22E082C286E774AF2595546FEAAA5FF11788FD44137EA0D0BB94DF3CF9548321

Function 00007FF7DF242D74 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF7DF243124
, xrefs: 00007FF7DF242EE2

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: e5d52f0ce60dfc66900b74b622cef9ee4dc2976e87253f36ca6bc4251747f42b
Instruction ID: 2befdae20e142a9b3b3eab2bfb772988c69fabe4654130af43b49e863f1dce7f
Opcode Fuzzy Hash: e5d52f0ce60dfc66900b74b622cef9ee4dc2976e87253f36ca6bc4251747f42b
Instruction Fuzzy Hash: B7E1C232A0868681EB68BA6680501BDA3B0FF65B48FD45237DE0E076D4CF69F981D760

Function 00007FF7DF20E960 Relevance: 2.8, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

UUUUUUUU, xrefs: 00007FF7DF20EADC
33333333, xrefs: 00007FF7DF20EAEF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: 33333333$UUUUUUUU
API String ID: 0-3483174168
Opcode ID: 1b35af89f7809ff63af56c3b9c40c9bdc684a336d1fdbdfb259f7c2564ac1e6d
Instruction ID: b3d29c19f4b537513ca01cf6175837199a4423d89c3234d8c4b25a7ca7c72cfe
Opcode Fuzzy Hash: 1b35af89f7809ff63af56c3b9c40c9bdc684a336d1fdbdfb259f7c2564ac1e6d
Instruction Fuzzy Hash: 3FC1AF63B0AAC681EE64BB5194142BEA795BF44BE4FC84437DE4E67791DE3DF4808320

Function 00007FF7DF1F1010 Relevance: 2.7, Strings: 2, Instructions: 236COMMON

Download Yara Rule

Strings

spansize, xrefs: 00007FF7DF1F1BCB
slotsize, xrefs: 00007FF7DF1F1BAB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: slotsize$spansize
API String ID: 0-1054177511
Opcode ID: 95f13ea1c04b54eef9fd33e8f0346696ee447eda77214bcd92d1faebc9e5e286
Instruction ID: dc83ca3a4e003f228867b044bef1c97f6666c7df64144a5083615c70c1aca152
Opcode Fuzzy Hash: 95f13ea1c04b54eef9fd33e8f0346696ee447eda77214bcd92d1faebc9e5e286
Instruction Fuzzy Hash: FB910542B04EC40AE3475A38A805769E25BEBF97D4F44C733ED8A62A69DF3C98578600

Function 00007FF7DF1955B0 Relevance: 2.7, Strings: 2, Instructions: 198COMMON

Download Yara Rule

Strings

UUUUUUUU, xrefs: 00007FF7DF1955CF
33333333, xrefs: 00007FF7DF1955E2

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: 33333333$UUUUUUUU
API String ID: 0-3483174168
Opcode ID: d550c567f289cd99eabd5f01d8877ec56ed242b4b70461d77812bc31634b9f49
Instruction ID: fcc25de7e014fd2e16eb1d768aeb79602c337fe3f809c7318215c4c8c1581f70
Opcode Fuzzy Hash: d550c567f289cd99eabd5f01d8877ec56ed242b4b70461d77812bc31634b9f49
Instruction Fuzzy Hash: 4261D761F0969681FE68AA16A4046BDD2CB6B50FD0FC8C433CD3D27754DF3EB98142A1

Function 00007FF7DF1B7750 Relevance: 2.5, APIs: 1, Instructions: 1288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: c32621e18cebc36be81757c7b2793df11117735b8d1bed7be940b795f8a5c809
Instruction ID: 8f704abcf02e44dd47b8d20b5bd83211020349848b4be694ef30835aca83e8b2
Opcode Fuzzy Hash: c32621e18cebc36be81757c7b2793df11117735b8d1bed7be940b795f8a5c809
Instruction Fuzzy Hash: 95C28162A09BC2C1EA20AB15F0443FDEB94EB86B94FD48136DA8D07B95DF7DE085C710

Function 00007FF7DF205100 Relevance: 2.1, APIs: 1, Instructions: 579COMMON

Download Yara Rule

APIs

InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF205265

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Once$ExecuteInit
String ID:
API String ID: 689400697-0
Opcode ID: 286e8b00813023c30ab46dd21b908d4d256a42a9c363960e871a3b7e32f38145
Instruction ID: e4addd894801a59ea1fd4392bd43cbba7cd3d9ff2f154722ac9f4fef6a759c02
Opcode Fuzzy Hash: 286e8b00813023c30ab46dd21b908d4d256a42a9c363960e871a3b7e32f38145
Instruction Fuzzy Hash: 202214B27282964BE7218F5AD850BAEBB61F75DBC9F416134DF0A17B45C63EE601CB00

Function 00007FF7DF2638CC Relevance: 2.0, APIs: 1, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 66a706a975af9e005d9be4e1d951e6759375d0384a916e4ff3e44f90a6f391bb
Instruction ID: 68fda93ef71e59f155384b8496e6a23c69c16050e05f9c93e6ec895607ff6a60
Opcode Fuzzy Hash: 66a706a975af9e005d9be4e1d951e6759375d0384a916e4ff3e44f90a6f391bb
Instruction Fuzzy Hash: EA029E21B196C241FA54BB21A8112FDE694AF41BA0FC8463BED6D463D1DE3EFD819370

Function 00007FF7DF21CCF6 Relevance: 1.7, Strings: 1, Instructions: 476COMMON

Download Yara Rule

Strings

0123456789abcdefABCDEFxX+-pPiInN, xrefs: 00007FF7DF21CE9C

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: 0123456789abcdefABCDEFxX+-pPiInN
API String ID: 0-2175827864
Opcode ID: 08f03248c53f4781e3d657af3a385bbf2fb874ef602a27144ca50c9e3faf2a17
Instruction ID: 8747136cb79605d6c9fd07648d1a0f4f47175378012c00365a93648389fdd38b
Opcode Fuzzy Hash: 08f03248c53f4781e3d657af3a385bbf2fb874ef602a27144ca50c9e3faf2a17
Instruction Fuzzy Hash: 5B229D66A08AD689EB31AF2588503FDA7A1EB05B98FD44133CA1D1BB95CF28F545C334

Function 00007FF7DF1A1670 Relevance: 1.7, Strings: 1, Instructions: 434COMMON

Download Yara Rule

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF1A1670

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast
String ID: %s (errno: %d, %s)
API String ID: 1452528299-297793326
Opcode ID: 297cfc79bf9e54081fce4f5edf4175d172213f87fe7a7df3b3b2e72eafe188e0
Instruction ID: da432a2232fd9813ea88fe82b1af14c3106e24447d09c6b04fd838b05aaa5d4b
Opcode Fuzzy Hash: 297cfc79bf9e54081fce4f5edf4175d172213f87fe7a7df3b3b2e72eafe188e0
Instruction Fuzzy Hash: 4022D122D0D7C192E661AB11E2103FDBBA4FB95744FC59226DA8C13792DF7EE186CB10

Function 00007FF7DF261FBC Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF25C244: GetLastError.KERNEL32 ref: 00007FF7DF25C253
Part of subcall function 00007FF7DF25C244: FlsGetValue.KERNEL32 ref: 00007FF7DF25C268
Part of subcall function 00007FF7DF25C244: SetLastError.KERNEL32 ref: 00007FF7DF25C2F3

EnumSystemLocalesW.KERNEL32 ref: 00007FF7DF26205A

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 9a5c91ebdd689ddf36006e50241dfe6712109b5377bea158b1563623945c4316
Instruction ID: 25c2090fef048e8df041921776bbe21664f8973fb7aa5792f074d06046abd226
Opcode Fuzzy Hash: 9a5c91ebdd689ddf36006e50241dfe6712109b5377bea158b1563623945c4316
Instruction Fuzzy Hash: 9F11D577A086858AEB149F15D0406ECB7B0EB50FA0FC48136CA59433D0DA78E5D1C750

Function 00007FF7DF22CB60 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF22CB60

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: %s (errno: %d, %s)
API String ID: 0-297793326
Opcode ID: 6e5cefeb808ffc8e21e302e45711d4c488604d801946f362f836cab88acbc696
Instruction ID: f0415a69c32c22131ef4b57c46fdeef238f49749142ffa9f2802a9447f9bb7c7
Opcode Fuzzy Hash: 6e5cefeb808ffc8e21e302e45711d4c488604d801946f362f836cab88acbc696
Instruction Fuzzy Hash: 27B1FA17F25FC141F613963894027BDE2249F667E4E80C337FDD572AA2EF59A242C210

Function 00007FF7DF25EE30 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF7DF25F172

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 7d2b8f638ced545a9d91ee35a15015ed8847724846c5787d43bb341d45bf1d18
Instruction ID: 34979e5d0d9ece55ef7532697054d78401358f287e7002264b5cc013f70ad64e
Opcode Fuzzy Hash: 7d2b8f638ced545a9d91ee35a15015ed8847724846c5787d43bb341d45bf1d18
Instruction Fuzzy Hash: F8A17663A087C686EB21DB25E4407EEBB91EB54B94FC48032DE8D47B85DE3DE805C310

Function 00007FF7DF1BB640 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

OPENSSL_ia32cap, xrefs: 00007FF7DF1BB7DF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID: OPENSSL_ia32cap
API String ID: 0-399759565
Opcode ID: 5c51b507cecdd4d6588155ec3f2e91dcb53dc7862e0fbf0c10af065f229642c6
Instruction ID: 8927beb4afa4d6cf58408504ad8ca92ec93abe8945d93a8f03498d171c3293eb
Opcode Fuzzy Hash: 5c51b507cecdd4d6588155ec3f2e91dcb53dc7862e0fbf0c10af065f229642c6
Instruction Fuzzy Hash: 9F418E73B1A4A642FA1AEA25B852BFE8C426B51790FD4423ADD1F4BBD0DD3CD9424350

Function 00007FF7DF20DB40 Relevance: .6, Instructions: 558COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13538c2d88672bd8275f5afc75fe3961efd91a83826cc6ec83ca03cd0fc1a30
Instruction ID: eb6b0c5d1f39470a7a8640bfa3388353c0ee79a115f708bec0ab68b4f8d20321
Opcode Fuzzy Hash: c13538c2d88672bd8275f5afc75fe3961efd91a83826cc6ec83ca03cd0fc1a30
Instruction Fuzzy Hash: 0E42B16360ABC186EB10AB25D0543BDA7A1EB54BA4FD58236DB6D17BD5DF3CE480C320

Function 00007FF7DF1C2B50 Relevance: .5, Instructions: 491COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b86e425df04654524d0b99ec753dfa1cedf34d846d0b2cfd284c86ee1f7204
Instruction ID: 04ee7958f38a18496a361f6c2e912861ca4ce7fe4c91fb741f0b6074d6727244
Opcode Fuzzy Hash: 48b86e425df04654524d0b99ec753dfa1cedf34d846d0b2cfd284c86ee1f7204
Instruction Fuzzy Hash: 7212D422B09BC582EA10AF16E5442ADE7A9FB54BD4FC94236EE5D03B95DF3DE091C310

Function 00007FF7DF1A9C30 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc8c7935689ab8488d3d9639f2c50f22993de86dab995c766376acbde1c1f6f3
Instruction ID: 9e74368088e3c7861a81661aced7317e75868c81fb0ad0867e3fabd99b33e719
Opcode Fuzzy Hash: bc8c7935689ab8488d3d9639f2c50f22993de86dab995c766376acbde1c1f6f3
Instruction Fuzzy Hash: 0922806260D6C6C5E660AA25E2403FEF755FB84784FD08137DA8D4BB89DF3ED0468B60

Function 00007FF7DF1B6EF0 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9da083457fa64f07de89176443bcca6b7940e433cc9adb547806b124d6d3a61
Instruction ID: a91e2d7afa9454095db5793f245bde55dae2045729f4399c4879741b2bb6ea26
Opcode Fuzzy Hash: a9da083457fa64f07de89176443bcca6b7940e433cc9adb547806b124d6d3a61
Instruction Fuzzy Hash: D802D322A1C18286E621AB15B4013FEAB94EB55744FC50237EA5E8BBD1CF7EF445C760

Function 00007FF7DF191000 Relevance: .4, Instructions: 444COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73ab98b697a5d9b29c98eb3221845dba082ec106b32b51f5e62a942c84b896b2
Instruction ID: 4ce344777577bc970d917621429fd2562b85b11dd2187e2c582f6d2633f63a6f
Opcode Fuzzy Hash: 73ab98b697a5d9b29c98eb3221845dba082ec106b32b51f5e62a942c84b896b2
Instruction Fuzzy Hash: A4028332B08AC592EA64AB25E4403FDA7A6FB48B94FC44537DA6E533D0DF2DE485C350

Function 00007FF7DF20FC30 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c27d6d14fb6c70022e0a511d69b205510e48c85ea446faeadeedb33f1b10f8
Instruction ID: 5be3e33b28588d900e46f1f82a1636063139011ec4b77e4cb805c728045dfeb5
Opcode Fuzzy Hash: b1c27d6d14fb6c70022e0a511d69b205510e48c85ea446faeadeedb33f1b10f8
Instruction Fuzzy Hash: C0E13363B09AD682FA21EA15D4446FDA6A1EB01BE4FD44233CE5E277D1DE2CF542C320

Function 00007FF7DF293AD0 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702a23f387bf6e64aea58d9765802501d34f64a63b3265d29dd9b7313a877912
Instruction ID: 9f0267225ccc033ac8402570beee61dec414e3b13da47aca8eac3c017f44b61a
Opcode Fuzzy Hash: 702a23f387bf6e64aea58d9765802501d34f64a63b3265d29dd9b7313a877912
Instruction Fuzzy Hash: 96E17673615AC686EB14CB7CD1A17BCBBA4E795B80F85A227CB4A83390DB3CD655C300

Function 00007FF7DF2197E0 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55ae1f349393fd282068dddee5438120cf17c52e13ea0338e17e474281511a0e
Instruction ID: 0161ccd411802bcd9d196bf918d50452f27384908554ce783669ff462058a4f8
Opcode Fuzzy Hash: 55ae1f349393fd282068dddee5438120cf17c52e13ea0338e17e474281511a0e
Instruction Fuzzy Hash: 44C1C462B099D642FA24AE159900BFDBAA1AB55B88FC45133CE4E07AD1CE3DF591C334

Function 00007FF7DF23EEF0 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0a9bb683b32e2bd0bfcb33c91f98d3b4d5abd481e6e7dc33db1cee793adb85
Instruction ID: d2719748c1dafdab9524ff35ecc46648a1487d98f38c7b9ef2961d78cfa18277
Opcode Fuzzy Hash: 4f0a9bb683b32e2bd0bfcb33c91f98d3b4d5abd481e6e7dc33db1cee793adb85
Instruction Fuzzy Hash: 16E1C2B2A086C285E768AA28E5943FCA7D1EB45B54FD4423BCE4D066D9CF3DF845C360

Function 00007FF7DF24BF30 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: 6b0b625a66a0145ce4170531f7d6e0c2b490126c43a4fbbca02de331018f1a41
Instruction ID: 0961f5dc0cd382561454eacf8204b7ad5676b5c36a92588a3754a63de5ef7557
Opcode Fuzzy Hash: 6b0b625a66a0145ce4170531f7d6e0c2b490126c43a4fbbca02de331018f1a41
Instruction Fuzzy Hash: 0ED1C366A086C245EB60FB6998107FEA7A0FBA4B88FC04132DE8D57785DFBCF5418710

Function 00007FF7DF23FF78 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 788b27303d364b84e6d734ccfc78772de976cdf6cc2082d6f0cacf60251dac1e
Instruction ID: 412a9511e6fd902254edc1bf483a0c9da7d50928d2c91ad8e460762bcc20e199
Opcode Fuzzy Hash: 788b27303d364b84e6d734ccfc78772de976cdf6cc2082d6f0cacf60251dac1e
Instruction Fuzzy Hash: AFD1EA22A086C285EB68FA25C4406BDA7A0EB65B48FD81237CE0D076D5DFBDF885C750

Function 00007FF7DF202620 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0535c2faecbc70efb6cf9a08d76abbdd4621dee06653e6be9fb2b2fc3d3cf823
Instruction ID: bcb72e561aca58538b2e2bd87ec238ea8b3518e1cb3c9b517fb928ff4edc1a15
Opcode Fuzzy Hash: 0535c2faecbc70efb6cf9a08d76abbdd4621dee06653e6be9fb2b2fc3d3cf823
Instruction Fuzzy Hash: F8D1BC63A096C182EB24AB25D4543BDABA0EB55B54FD48237CF9D17BD5DF28F480C360

Function 00007FF7DF294110 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f55943f334acb01655bfed3d862d25add9de06216f205bca7052097278bb90c4
Instruction ID: 884e7d4b37b91a928abd9ce3762696069409de751dffa556f2ebcbdea1e73ed7
Opcode Fuzzy Hash: f55943f334acb01655bfed3d862d25add9de06216f205bca7052097278bb90c4
Instruction Fuzzy Hash: 9CB16DB772169486DB348FACF081E98EF5697A4784F85F333C64917B95CA3E910AC740

Function 00007FF7DF1C7A90 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a496f085187d287fa8c598a1d6e78f9acedbfc88ceb45c0d491a88d0318cf5c8
Instruction ID: f0532d1e2a0193e29dc5670908f133c0f8b5c49cce6f20c751354cea7e450553
Opcode Fuzzy Hash: a496f085187d287fa8c598a1d6e78f9acedbfc88ceb45c0d491a88d0318cf5c8
Instruction Fuzzy Hash: 83A1E71BF25FD541F6039638A0036B9F2289FB67D4F80C327FDC4B2AA2DF6561829214

Function 00007FF7DF214780 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc9e077437530c625d04abbde0aa53cc192c04807c83ecff73bed968b0d089f7
Instruction ID: 2892341d833ee29a0940bb8bfe5813eca80f74816f28864c5067ed55f4f8d59d
Opcode Fuzzy Hash: bc9e077437530c625d04abbde0aa53cc192c04807c83ecff73bed968b0d089f7
Instruction Fuzzy Hash: 5EA1E662B08AC581EA14AF2599143BDE791FB46B94FD44232DAAD07BC5DE3CF151C324

Function 00007FF7DF23E940 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee08129b7fe8721c5d552812b8fe2ed88909b6f6c13b11c510a0e347e6e1dd02
Instruction ID: f2aea45acdb9c76e4c752e94a1eb99e0affdbb0b534d3e2d3dd48dc634e8f025
Opcode Fuzzy Hash: ee08129b7fe8721c5d552812b8fe2ed88909b6f6c13b11c510a0e347e6e1dd02
Instruction Fuzzy Hash: 1BB1C0B2608AC585E765AF29C0512BDBBE0FB45B68FD8013ADA4E47395CF39F448C721

Function 00007FF7DF23F9E0 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 352e87127f945f8ab0d3cce776c3ece96e3730eca874bfb7fd09a695d26b2e9f
Instruction ID: 9e64a758022c2462d0663a6ae6299f0164b2e3e7a1d9f8cbeafb37a5991f154d
Opcode Fuzzy Hash: 352e87127f945f8ab0d3cce776c3ece96e3730eca874bfb7fd09a695d26b2e9f
Instruction Fuzzy Hash: D9B16EB29097C585E768DF29E0A41ACBBE0EB49B48FE4413ACE4D47395CF39E841C761

Function 00007FF7DF256F84 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8845c9628fa17baab1fb8b34f944429a2f366b6383740adc2d3e90e35a044181
Instruction ID: b5a9aca5de5a3bf6c78a3c96cbe2efdef5d2cc230f110ab4622e44fd841e7982
Opcode Fuzzy Hash: 8845c9628fa17baab1fb8b34f944429a2f366b6383740adc2d3e90e35a044181
Instruction Fuzzy Hash: A281A732608A9582EB54EF25E4817BDA3A1FB44BD4FD48637EE2E87785CF38E4418310

Function 00007FF7DF25E750 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5c023ba228d2c671d91bc9ebe5f6d027fa73eeb57c51f62fbd7bbe75a12e72
Instruction ID: 5fa22d315168291c906af3fb18c38c9afacf7571b4cbf407fe266eb3d4e148bd
Opcode Fuzzy Hash: 9e5c023ba228d2c671d91bc9ebe5f6d027fa73eeb57c51f62fbd7bbe75a12e72
Instruction Fuzzy Hash: B181D472A08BC146E774EB2994843BEEA91FB857A4FD44236DA8D47B95CE3CF4408B10

Function 00007FF7DF1AAC30 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58c24b3865d14983e70eea749027cd8a5413756e7f2794e67c15db57be48ad70
Instruction ID: 7e940f816e419ef1ab5eb14cac11928a335e26e690c0df9fd2618d2b748d0da7
Opcode Fuzzy Hash: 58c24b3865d14983e70eea749027cd8a5413756e7f2794e67c15db57be48ad70
Instruction Fuzzy Hash: D7515572B1A19283FB686D15B2017FDF54A9F60785FC09036DEAB4F6C5DB2FB44A8210

Function 00007FF7DF244CC4 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a52f95c176a4031ab8107b3ddad20168a03a6c2c7709f86b7393ad2e09e9537f
Instruction ID: 6a7ff34ffc10f75e8cb54d72da77cec7d2cc1e3e46cb976bbd662c174ab6b67f
Opcode Fuzzy Hash: a52f95c176a4031ab8107b3ddad20168a03a6c2c7709f86b7393ad2e09e9537f
Instruction Fuzzy Hash: F1516336A18691C6E724AB29C0402ACB7A0FB65F58FE44132CE8D57794CBBAF952C750

Function 00007FF7DF244AB8 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b48a7bc032e1e234c39c9f475d97552dc779da3a3f066e96f5d0a8a2c0350e2
Instruction ID: c1ae121da536130e8e139c9bef2e75d04f272d50ddc8102e23238c01c8b353a8
Opcode Fuzzy Hash: 6b48a7bc032e1e234c39c9f475d97552dc779da3a3f066e96f5d0a8a2c0350e2
Instruction Fuzzy Hash: E9516572A1569186E734EB29C0503AC67A0EB64B68FE44133CE8D17B94DBBAF943C750

Function 00007FF7DF2448AC Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27223f62e2372922971e4e063379299477f0346bca57247504f333cec45942b9
Instruction ID: 7d24d0405854eac752d1ac412d7ebc60c2a2e51a55d60f332d350d350700e9dd
Opcode Fuzzy Hash: 27223f62e2372922971e4e063379299477f0346bca57247504f333cec45942b9
Instruction Fuzzy Hash: D351A736A18A9186E724AF29C05026CB3A0EB64F58FE44132CECD4B794CB7AF943D750

Function 00007FF7DF240F70 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8694c5ac9e73361caf4692105fb1b2de3ace59f93d4f03e276d97dea8f8b467f
Instruction ID: 356b91b91fd6d8683675480f699ce157ebc72834581fcf658fc998126f7f9950
Opcode Fuzzy Hash: 8694c5ac9e73361caf4692105fb1b2de3ace59f93d4f03e276d97dea8f8b467f
Instruction Fuzzy Hash: CE51D936A186D181E725AB29C0413BC77A0EB64F58FE85132CE4C57794CF7AF882CB90

Function 00007FF7DF240D6C Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3e3a7e52821e1d4d2f4ebf580a1f999e02f5f8697a7cad4c4c64446df75c16
Instruction ID: 60ad151f3f3618262c2de1ff6cd0d9de1f0f71de584378f4b4bab866768d3caf
Opcode Fuzzy Hash: ec3e3a7e52821e1d4d2f4ebf580a1f999e02f5f8697a7cad4c4c64446df75c16
Instruction Fuzzy Hash: 65519872A1869185E724EB28C0502BC77A0EB65F58FE84132DE4D17795CF7AF893C790

Function 00007FF7DF241780 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb5d9ba864a71f1c12b0dc63be4514f51a284dc8a213a1b7dac9150dd5accf7
Instruction ID: 8034704663b3a5e459c0f659365c04213c9d33f4dd54618e6d71d4e1e25fa2b4
Opcode Fuzzy Hash: cdb5d9ba864a71f1c12b0dc63be4514f51a284dc8a213a1b7dac9150dd5accf7
Instruction Fuzzy Hash: 0851E336B186D192E726AB29C0412BCB7A0EB64F58FE44132CE4D57795CFBAF842C750

Function 00007FF7DF24157C Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04703003e8dbca398dc26bb115b5069ed21a993862bb9f69aa12d1c921a36c2c
Instruction ID: 96dc608d09233743b1039d55e42cef6b831be581f70bdc16966d5df462b17394
Opcode Fuzzy Hash: 04703003e8dbca398dc26bb115b5069ed21a993862bb9f69aa12d1c921a36c2c
Instruction Fuzzy Hash: 66519936A146D196E726AB29C0412BC77A0EB64F58FE84132CE4E477A5CF7AF843C750

Function 00007FF7DF294590 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f15a75036758d3e416f67325810f00b368d44838b459c94f15b2bcefaf3e33b
Instruction ID: a0d98903558cda14978fb7f58f68ae11058bb244a2c3e2fd25d59befbb59191f
Opcode Fuzzy Hash: 5f15a75036758d3e416f67325810f00b368d44838b459c94f15b2bcefaf3e33b
Instruction Fuzzy Hash: 10412722B995D143EA289E2494501FCA251BBA4B90FC59136DE6E13BC4CE3CFE46C710

Function 00007FF7DF24DACC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5f91fa43a39da52c416bcaf6a6b4be7dd10d4dbdad72b594d13f4b57feae549
Instruction ID: 5bb9526f7da772219d1255772fae05b2c72e51f5855f41a2d04a490675279c39
Opcode Fuzzy Hash: b5f91fa43a39da52c416bcaf6a6b4be7dd10d4dbdad72b594d13f4b57feae549
Instruction Fuzzy Hash: CC41A172714A9582EF04DF2AD9641ADB7A1BB48FD0BC99037DE0D97B58DE7CD0428310

Function 00007FF7DF205A20 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ea1df4bc60c073ff8e605af1f2f5f97a246fb1743b902e058e99f86da90568c
Instruction ID: c5432ba477473b9c1eb1f2370654a4f45400510f6508e2c033c50feff2e62915
Opcode Fuzzy Hash: 5ea1df4bc60c073ff8e605af1f2f5f97a246fb1743b902e058e99f86da90568c
Instruction Fuzzy Hash: F841C6DBC28FC902EA03173D94832A6B310AFF76A8E60E713FDF4356A5EB556154A210

Function 00007FF7DF2490BC Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f872824676dc175e1c92aa5085edc5dafc5ba610c863b9d594a52ea5f7c3fbd
Instruction ID: b566ff85dc499a44638427daa597338f202a8d475484969727ec319fcbcb5a20
Opcode Fuzzy Hash: 7f872824676dc175e1c92aa5085edc5dafc5ba610c863b9d594a52ea5f7c3fbd
Instruction Fuzzy Hash: 8E316E32E5C1C285FAB57A29855D6FDB252AFB2348FE48433C50E01A99CCEEB541DE21

Function 00007FF7DF1A4900 Relevance: 57.9, APIs: 1, Strings: 32, Instructions: 149COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1A4948

Strings

NtQueryFullAttributesFile, xrefs: 00007FF7DF1A4A53
NtSignalAndWaitForSingleObject, xrefs: 00007FF7DF1A4AD7
RtlNtStatusToDosError, xrefs: 00007FF7DF1A4B9D
strlen, xrefs: 00007FF7DF1A4BC9
NtMapViewOfSection, xrefs: 00007FF7DF1A49E5
RtlAllocateHeap, xrefs: 00007FF7DF1A4B19
NtQueryObject, xrefs: 00007FF7DF1A4A7F
RtlCompareUnicodeString, xrefs: 00007FF7DF1A4B45
NtProtectVirtualMemory, xrefs: 00007FF7DF1A4A27
NtClose, xrefs: 00007FF7DF1A49A3
NtFreeVirtualMemory, xrefs: 00007FF7DF1A49CF
RtlAnsiStringToUnicodeString, xrefs: 00007FF7DF1A4B2F
NtDuplicateObject, xrefs: 00007FF7DF1A49B9
NtOpenProcessTokenEx, xrefs: 00007FF7DF1A4A11
_strnicmp, xrefs: 00007FF7DF1A4BB3
memcpy, xrefs: 00007FF7DF1A4BF5
NtCreateFile, xrefs: 00007FF7DF1A4977
RtlFreeHeap, xrefs: 00007FF7DF1A4B87
NtQueryVirtualMemory, xrefs: 00007FF7DF1A4AAB
NtOpenThread, xrefs: 00007FF7DF1A49FB
NtSetInformationFile, xrefs: 00007FF7DF1A4AC1
NtCreateSection, xrefs: 00007FF7DF1A498D
NtQueryInformationProcess, xrefs: 00007FF7DF1A4A69
ntdll.dll, xrefs: 00007FF7DF1A4941
NtUnmapViewOfSection, xrefs: 00007FF7DF1A4AED
NtWaitForSingleObject, xrefs: 00007FF7DF1A4B03
NtQuerySection, xrefs: 00007FF7DF1A4A95
NtQueryAttributesFile, xrefs: 00007FF7DF1A4A3D
RtlDestroyHeap, xrefs: 00007FF7DF1A4B71
RtlCreateHeap, xrefs: 00007FF7DF1A4B5B
NtAllocateVirtualMemory, xrefs: 00007FF7DF1A4961
wcslen, xrefs: 00007FF7DF1A4BDF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: HandleModule
String ID: NtAllocateVirtualMemory$NtClose$NtCreateFile$NtCreateSection$NtDuplicateObject$NtFreeVirtualMemory$NtMapViewOfSection$NtOpenProcessTokenEx$NtOpenThread$NtProtectVirtualMemory$NtQueryAttributesFile$NtQueryFullAttributesFile$NtQueryInformationProcess$NtQueryObject$NtQuerySection$NtQueryVirtualMemory$NtSetInformationFile$NtSignalAndWaitForSingleObject$NtUnmapViewOfSection$NtWaitForSingleObject$RtlAllocateHeap$RtlAnsiStringToUnicodeString$RtlCompareUnicodeString$RtlCreateHeap$RtlDestroyHeap$RtlFreeHeap$RtlNtStatusToDosError$_strnicmp$memcpy$ntdll.dll$strlen$wcslen
API String ID: 4139908857-3460877470
Opcode ID: 54ae086d03248d745830024b1b88b16ca7b4391bee19c86bbef577fb504fa09b
Instruction ID: 438453e4b63b37d8f27ce7303d8f5423473899f1ba125a82ad3c814a25a0c799
Opcode Fuzzy Hash: 54ae086d03248d745830024b1b88b16ca7b4391bee19c86bbef577fb504fa09b
Instruction Fuzzy Hash: C5812C64A0EAD2A1F604BB15F8A11FDBBA4BF08780FD05137D84D06769DF2CB246C3A1

Function 00007FF7DF207F50 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF207FAE
SetLastError.KERNEL32 ref: 00007FF7DF207FB8
SetLastError.KERNEL32 ref: 00007FF7DF207FCC
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20809B
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF2080FE
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF20812F
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF2081AA
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF2082FB
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF20831D
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF208332

Strings

<, xrefs: 00007FF7DF2082EA

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$ErrorLast$Release$CounterPerformanceQuery
String ID: <
API String ID: 1917929841-4251816714
Opcode ID: bfb6b281848824faba1264e8bd660b376085a6fb6bc9bc036fff400a8038434b
Instruction ID: 8da9df6e89191e7b5c3a31b60d4a000b459147b3d69b563d50af1bbab428f68c
Opcode Fuzzy Hash: bfb6b281848824faba1264e8bd660b376085a6fb6bc9bc036fff400a8038434b
Instruction Fuzzy Hash: 83C1A422A08AC281EB55AF11A5543FEE7A1EF84B94FD58533DA4E27691DF7CF081C320

Function 00007FF7DF20F710 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF20F76F
SetLastError.KERNEL32 ref: 00007FF7DF20F779
SetLastError.KERNEL32 ref: 00007FF7DF20F78D
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20F85C
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF20F8BF
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF20F8F0
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20F96B
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20FABC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF20FADE
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF20FAF3

Strings

<, xrefs: 00007FF7DF20FAAB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$ErrorLast$Release$CounterPerformanceQuery
String ID: <
API String ID: 1917929841-4251816714
Opcode ID: db7eda5c50997a64218c4ab41ddbc45cf6a7944ce9013fd35a151bbe895f4847
Instruction ID: 99186e2ba1ed8b0919a00b0b74639572aabc5d86dc78c087a43ce067887d6bed
Opcode Fuzzy Hash: db7eda5c50997a64218c4ab41ddbc45cf6a7944ce9013fd35a151bbe895f4847
Instruction Fuzzy Hash: F0C1B423A48AC681EA25AF11A5903FDE3A1FF85B94FD54133DA4E27695DF7CF0818321

Function 00007FF7DF1A3B00 Relevance: 18.1, APIs: 12, Instructions: 118COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF1A3B41
GetCurrentProcess.KERNEL32 ref: 00007FF7DF1A3B47
DuplicateHandle.KERNEL32 ref: 00007FF7DF1A3B68
GetLastError.KERNEL32 ref: 00007FF7DF1A3B80
SetLastError.KERNEL32 ref: 00007FF7DF1A3BAC
GetCurrentProcess.KERNEL32 ref: 00007FF7DF1A3BD2
GetCurrentProcess.KERNEL32 ref: 00007FF7DF1A3BD8
DuplicateHandle.KERNEL32 ref: 00007FF7DF1A3BF9
GetLastError.KERNEL32 ref: 00007FF7DF1A3C12
SetLastError.KERNEL32 ref: 00007FF7DF1A3C3C
GetLastError.KERNEL32 ref: 00007FF7DF1A3CA6
SetLastError.KERNEL32 ref: 00007FF7DF1A3CAE

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$CurrentProcess$DuplicateHandle
String ID:
API String ID: 4190883320-0
Opcode ID: 40ca003100907ea593624c1e80171bf9d9f0389fe80d321b30dfe4ac9f8a65e5
Instruction ID: d5a009cd204587f6fdcd3bd9204b9ee70272cdc27147a6d054f7f5fe5c029b29
Opcode Fuzzy Hash: 40ca003100907ea593624c1e80171bf9d9f0389fe80d321b30dfe4ac9f8a65e5
Instruction Fuzzy Hash: 50417032A0968282E764EF11F9453AEB7A4FF44B80FC04436EA8E47755DF3EE5818720

Function 00007FF7DF231B90 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 394COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF231CB9
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF231D19
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF231D69
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF231F7A

Part of subcall function 00007FF7DF23A0B0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF23A0C0

ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF23211A

Strings

enable-background-thread-pool, xrefs: 00007FF7DF231FAA
..\..\base\threading\scoped_blocking_call_internal.cc, xrefs: 00007FF7DF2321AC
ScopedBlockingCall, xrefs: 00007FF7DF232236
MonitorNextJankWindowIfNecessary, xrefs: 00007FF7DF2321A5

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release$CounterPerformanceQuery
String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$ScopedBlockingCall$enable-background-thread-pool
API String ID: 3251666302-2521901312
Opcode ID: e8fb673f05b44b0ca599249faf334a21ba1cc6e3e062fe15fe521cfd274882f3
Instruction ID: 63e1a7675dc3631bd2a096799afbfca79f4b41dd2b12b90382abb0f1761c80fb
Opcode Fuzzy Hash: e8fb673f05b44b0ca599249faf334a21ba1cc6e3e062fe15fe521cfd274882f3
Instruction Fuzzy Hash: 970289A1A09AC296EA50EB15E8453FDB7A4AF46B54FD0013BDA5E432E1DF3CF585C320

Function 00007FF7DF1AEE30 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 201fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

GetFileAttributesW.KERNEL32 ref: 00007FF7DF1AEF6E
GetLastError.KERNEL32 ref: 00007FF7DF1AEF79
DeleteFileW.KERNEL32 ref: 00007FF7DF1AEFDA
SetLastError.KERNEL32 ref: 00007FF7DF1AF03C
RemoveDirectoryW.KERNEL32 ref: 00007FF7DF1AF055
SetFileAttributesW.KERNEL32 ref: 00007FF7DF1AF11F

Strings

DoDeleteFile, xrefs: 00007FF7DF1AEE6A
..\..\base\files\file_util_win.cc, xrefs: 00007FF7DF1AEE71
ScopedBlockingCall, xrefs: 00007FF7DF1AF0EA

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: File$AttributesErrorExclusiveLastLock$AcquireCounterDeleteDirectoryPerformanceQueryReleaseRemove
String ID: ..\..\base\files\file_util_win.cc$DoDeleteFile$ScopedBlockingCall
API String ID: 4126504113-1263771705
Opcode ID: 489cac3c58a313b935f5b10426ade1f0ed08704a943bb2aa28b34347401de8d2
Instruction ID: 4f70051b3724abb9ae29ef3305d34e6dc238096e524ff356424b0d240884b665
Opcode Fuzzy Hash: 489cac3c58a313b935f5b10426ade1f0ed08704a943bb2aa28b34347401de8d2
Instruction Fuzzy Hash: 3F81A121A0D6C241FA25AB21B6103FEB356AF81B94FC44133DA9D476D5DF2EF5468321

Function 00007FF7DF1B9E40 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF1B9E82
GetCurrentProcess.KERNEL32 ref: 00007FF7DF1B9E88
DuplicateHandle.KERNEL32 ref: 00007FF7DF1B9EA5
GetLastError.KERNEL32 ref: 00007FF7DF1B9EBD
SetLastError.KERNEL32 ref: 00007FF7DF1B9ED2
GetLastError.KERNEL32 ref: 00007FF7DF1B9EF2
SetLastError.KERNEL32 ref: 00007FF7DF1B9F04
GetLastError.KERNEL32 ref: 00007FF7DF1B9F46

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF1B9E40

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$CurrentProcess$DuplicateHandle
String ID: %s (errno: %d, %s)
API String ID: 4190883320-297793326
Opcode ID: 4ec368bc0a7f9113ed8b926db29e92f21d7901ec778b23f225d954fe730ca1cd
Instruction ID: c3daf7959282a775e6a928fc2a4512a6b9f9bda4efb18aac3ed369e736aad9ec
Opcode Fuzzy Hash: 4ec368bc0a7f9113ed8b926db29e92f21d7901ec778b23f225d954fe730ca1cd
Instruction Fuzzy Hash: FE31D532A0C68281E654BF65B8542FEAAD46F49775FD9023ADEAD037D0DF3DE442C220

Function 00007FF7DF226770 Relevance: 15.2, APIs: 10, Instructions: 194COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00007FF7DF2267BC
WakeAllConditionVariable.KERNEL32 ref: 00007FF7DF2267CE
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF2267D7
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF2267E0
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF22680E
TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00007FF7DF226858
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF22687D
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF22688B
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF22689C
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF22695F

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
String ID:
API String ID: 2824607059-0
Opcode ID: ccc8988f959bad8c3576f4cafd32a0349328a429fb5ceac7d68a7989a32d3cdf
Instruction ID: 461b0709a134c9cd47b19790793261cac198c9c05f13baf40f5ff2b8f6f8f3ae
Opcode Fuzzy Hash: ccc8988f959bad8c3576f4cafd32a0349328a429fb5ceac7d68a7989a32d3cdf
Instruction Fuzzy Hash: 9A61A123A096C286EA65FF159C142BEAB60EF44B55FD94A33CD5E06290CE3DF585C221

Function 00007FF7DF24374C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF24378C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF243B54
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF243DF3

Strings

p, xrefs: 00007FF7DF243896
f, xrefs: 00007FF7DF2439D9
f, xrefs: 00007FF7DF24388E
p, xrefs: 00007FF7DF243831
f, xrefs: 00007FF7DF243824

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: b87c4510c2aaafd60d048e324442802e880326c22e8dc51e250454007a41a63a
Instruction ID: 99f594d213323fcab8d29f6890a286cc2c4907ee57d80fe7234a6926d652a7bf
Opcode Fuzzy Hash: b87c4510c2aaafd60d048e324442802e880326c22e8dc51e250454007a41a63a
Instruction Fuzzy Hash: 4412A161A0C1CA86FB24BA5590556FEF692FB60754FC44037D6C946AC4DBBCFEC0AB20

Function 00007FF7DF1F4D90 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 381COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F516A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F52F7

Strings

enable-background-thread-pool, xrefs: 00007FF7DF1F519A
..\..\base\threading\scoped_blocking_call_internal.cc, xrefs: 00007FF7DF1F537D
MonitorNextJankWindowIfNecessary, xrefs: 00007FF7DF1F5376

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$CounterPerformanceQuery
String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary$enable-background-thread-pool
API String ID: 1190089479-3676744455
Opcode ID: a3c5512026adb0c2231a992de52dbac29110dd1b95a85ad6ec39d958658af81b
Instruction ID: 284f76a8f303ea443f3c70f50e2d41b798f9ead4735e1cb1baa03ca66330da54
Opcode Fuzzy Hash: a3c5512026adb0c2231a992de52dbac29110dd1b95a85ad6ec39d958658af81b
Instruction Fuzzy Hash: 01027A22A0DAD286EB50EB19F8443FDB7A8AF44764FD40137DA5E466A1DF3DF5818320

Function 00007FF7DF19EB70 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 320COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF19EC71

Strings

..\..\third_party\perfetto\src\tracing\core\shared_memory_abi.cc, xrefs: 00007FF7DF19EBAD, 00007FF7DF19EBFB
PERFETTO_CHECK(size > 0), xrefs: 00007FF7DF19EC10
%s (errno: %d, %s), xrefs: 00007FF7DF19EBCE, 00007FF7DF19EC1C, 00007FF7DF19F1E6
PERFETTO_CHECK(ptr <= chunk.end() - SharedMemoryABI::kPacketHeaderSize), xrefs: 00007FF7DF19F1DA
PERFETTO_CHECK(reinterpret_cast<uintptr_t>(begin) % kChunkAlignment == 0), xrefs: 00007FF7DF19EBC2
..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc, xrefs: 00007FF7DF19F1C5

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\src\tracing\core\shared_memory_abi.cc$..\..\third_party\perfetto\src\tracing\core\shared_memory_arbiter_impl.cc$PERFETTO_CHECK(ptr <= chunk.end() - SharedMemoryABI::kPacketHeaderSize)$PERFETTO_CHECK(reinterpret_cast<uintptr_t>(begin) % kChunkAlignment == 0)$PERFETTO_CHECK(size > 0)
API String ID: 4021432409-1138992487
Opcode ID: aa23f76577e4a0ce9fb0642ce10acd222f47f1e948a6802c6cd47e4b356162f0
Instruction ID: 86d7529b5caf6f87afaf7c7797fd6a9a8d2d64910fe4d932a461d3a2f5793032
Opcode Fuzzy Hash: aa23f76577e4a0ce9fb0642ce10acd222f47f1e948a6802c6cd47e4b356162f0
Instruction Fuzzy Hash: 06D1D032A086C596EB54EF15E0003ADBBA9FB84B54F848136EB5D47B94CF3EE551CB20

Function 00007FF7DF19A580 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 150COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32 ref: 00007FF7DF19A5B5
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF19A5E4
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF19A5F9
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF19A732

Strings

CleanupLockRequired, xrefs: 00007FF7DF19A6D9
..\..\base\task\thread_pool\thread_group_impl.cc, xrefs: 00007FF7DF19A6E0
worker_iter != outer_->workers_.end(), xrefs: 00007FF7DF19A6FA
WaitableEvent::Signal, xrefs: 00007FF7DF19A7AD

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$EventRelease
String ID: ..\..\base\task\thread_pool\thread_group_impl.cc$CleanupLockRequired$WaitableEvent::Signal$worker_iter != outer_->workers_.end()
API String ID: 3262666637-81195173
Opcode ID: bdcd427c3bc5d946152d7cd36ab2749d7d348b5667fb7341a082cc76634e53dd
Instruction ID: f165c845f7c32b6a37d463fa8e1dce177d9649b2410e663fa883cbcfcf7b08c4
Opcode Fuzzy Hash: bdcd427c3bc5d946152d7cd36ab2749d7d348b5667fb7341a082cc76634e53dd
Instruction Fuzzy Hash: 70517122A09AC281EA15AF15E5442FDA766EB44FD4FC54033CA6D0BB94DF3EE5898360

Function 00007FF7DF208CD0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 132libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,?,00007FF7DF208CA9,00007FF7DF1B763C), ref: 00007FF7DF208DE8
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF7DF208CA9,00007FF7DF1B763C), ref: 00007FF7DF208DF8

Strings

..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 00007FF7DF208ECB
wakeup.flow,toplevel.flow, xrefs: 00007FF7DF208D9F
PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 00007FF7DF208EE0
%s (errno: %d, %s), xrefs: 00007FF7DF208EEC
~WaitableEvent while Signaled, xrefs: 00007FF7DF208E8C
GetHandleVerifier, xrefs: 00007FF7DF208DEE

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
API String ID: 1646373207-2914896919
Opcode ID: 310ab8b4bca7660e70a292a34e6df0d68532fb85d5202b061c2eee15e35cbbfd
Instruction ID: 1a704032598ddcb03483b244c7d3948ed36aadb704d6c3e8a7f388fa99c20275
Opcode Fuzzy Hash: 310ab8b4bca7660e70a292a34e6df0d68532fb85d5202b061c2eee15e35cbbfd
Instruction Fuzzy Hash: D3514A32A08AC681EA54BB64E8503FEB7A1AF54784FD44137D94E176A5DF3CF54AC320

Function 00007FF7DF2127E0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 132libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF2128F7
GetProcAddress.KERNEL32 ref: 00007FF7DF212907

Strings

..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 00007FF7DF2129DA
wakeup.flow,toplevel.flow, xrefs: 00007FF7DF2128AE
PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 00007FF7DF2129EF
%s (errno: %d, %s), xrefs: 00007FF7DF2129FB
~WaitableEvent while Signaled, xrefs: 00007FF7DF21299B
GetHandleVerifier, xrefs: 00007FF7DF2128FD

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")$wakeup.flow,toplevel.flow$~WaitableEvent while Signaled
API String ID: 1646373207-2914896919
Opcode ID: 6072f8bd016fa657d5e97f0377f6840642ef5680a9661398bdaf0154679ae3e0
Instruction ID: 39096557aa86c993865095a78a580eeb044b72573fec033e03a05b3d1b0318d4
Opcode Fuzzy Hash: 6072f8bd016fa657d5e97f0377f6840642ef5680a9661398bdaf0154679ae3e0
Instruction Fuzzy Hash: BA514421E08AC682EA55BB64E8503FDA7B1AF84B84FD54037E94E076E5CE2CB546C330

Function 00007FF7DF1A5D3D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 118injectionCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF1A5DCD
DuplicateHandle.KERNEL32 ref: 00007FF7DF1A5DF1
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1A5E28
CloseHandle.KERNEL32 ref: 00007FF7DF1A5E67

Strings

9, xrefs: 00007FF7DF1A6033
:, xrefs: 00007FF7DF1A602B

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: HandleProcess$CloseCurrentDuplicateMemoryWrite
String ID: 9$:
API String ID: 3748914412-3810475801
Opcode ID: c04022e6f55d10f9023aa34a206403057f9b8b1c7e9e3b552ab1ba94e059ab64
Instruction ID: 4922a0a62a87fd4fd4b836da9ee254e563c437abc362694f33cf70d2d2e9d6aa
Opcode Fuzzy Hash: c04022e6f55d10f9023aa34a206403057f9b8b1c7e9e3b552ab1ba94e059ab64
Instruction Fuzzy Hash: DE514E3260E68286E760AF15B6503AEF764FB44B94FC44036DF8E47A81DF3DE5469720

Function 00007FF7DF2895C0 Relevance: 13.6, APIs: 9, Instructions: 67synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DF2895E9
TerminateProcess.KERNEL32 ref: 00007FF7DF2895F4
GetCurrentProcess.KERNEL32 ref: 00007FF7DF289610
WaitForSingleObject.KERNEL32 ref: 00007FF7DF28961E
GetLastError.KERNEL32 ref: 00007FF7DF289645
GetCurrentProcess.KERNEL32 ref: 00007FF7DF289651
WaitForSingleObject.KERNEL32 ref: 00007FF7DF289664
GetCurrentProcess.KERNEL32 ref: 00007FF7DF289685
GetExitCodeProcess.KERNEL32 ref: 00007FF7DF289693

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
String ID:
API String ID: 2432511979-0
Opcode ID: b4e0580b9ed7212a378c539abd6092ee9fab0c3f8c835e984cc8babc43dba88b
Instruction ID: cdaf5fb1a188b3a055de2a9d6385f0efa4b68f0dfaac64f5b440293ee482b7e6
Opcode Fuzzy Hash: b4e0580b9ed7212a378c539abd6092ee9fab0c3f8c835e984cc8babc43dba88b
Instruction Fuzzy Hash: 96215131E0C5D281F725BF15E8542BEFAA0AF84B48FD94036C98E87754DE6CF5849620

Function 00007FF7DF191F90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 378fileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,-5555555555555552,?,?,-555555555555553E,?,?,00000000,-555555555555553E,00007FF7DF1C8BB8), ref: 00007FF7DF191FB8
SetLastError.KERNEL32(?,?,?,?,?,?,?,-5555555555555552,?,?,-555555555555553E,?,?,00000000,-555555555555553E,00007FF7DF1C8BB8), ref: 00007FF7DF191FC2
WriteFile.KERNEL32 ref: 00007FF7DF192359
SetLastError.KERNEL32 ref: 00007FF7DF192383

Part of subcall function 00007FF7DF2398E4: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DF239914

Strings

LOG_FATAL, xrefs: 00007FF7DF1925D5
[, xrefs: 00007FF7DF1922DC
LogMessage, xrefs: 00007FF7DF192598

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$Concurrency::cancel_current_taskFileWrite
String ID: LOG_FATAL$LogMessage$[
API String ID: 2787696522-2358913676
Opcode ID: 3b86f2cc1cbdb167b4d4af913a8a78f3ae5be1fb3059de490fd655eb2f1a7361
Instruction ID: c8c3df732a3fb026f27a77c7494f3b01a778b166bb2025b9be2abf38fbbceabc
Opcode Fuzzy Hash: 3b86f2cc1cbdb167b4d4af913a8a78f3ae5be1fb3059de490fd655eb2f1a7361
Instruction Fuzzy Hash: AA028A22A09AC286EA10EB15E4402FDA7A6FB44B90FC40036DEAD47795DF3EF455C7A0

Function 00007FF7DF195830 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF195855
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF195959
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF195A50

Strings

RemoveName, xrefs: 00007FF7DF1959B1, 00007FF7DF1959FF
handle_to_name_iter != thread_handle_to_interned_name_.end(), xrefs: 00007FF7DF1959D2
..\..\base\threading\thread_id_name_manager.cc, xrefs: 00007FF7DF1959B8, 00007FF7DF195A06
id_to_handle_iter != thread_id_to_handle_.end(), xrefs: 00007FF7DF195A20

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: ..\..\base\threading\thread_id_name_manager.cc$RemoveName$handle_to_name_iter != thread_handle_to_interned_name_.end()$id_to_handle_iter != thread_id_to_handle_.end()
API String ID: 1678258262-1713423127
Opcode ID: 848a1a867974a38a23be97d00cf5126d73182b45286f2ce4f7416f069e5fdbb0
Instruction ID: 7985b7421b813a64d0a1a2db4d63a7ef909a95f2fba95f27e5a8b2ea21128559
Opcode Fuzzy Hash: 848a1a867974a38a23be97d00cf5126d73182b45286f2ce4f7416f069e5fdbb0
Instruction Fuzzy Hash: 90517C21A0AA8681FE24EB12E4605FDA7A5BF48B94BC44437DE5E17B94DF3EF1418360

Function 00007FF7DF1A0B70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

CreateJobObjectW.KERNEL32 ref: 00007FF7DF1A0BB0
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555516,-55555555555554AE,?,%s (errno: %d, %s),00007FF7DF1A0A35), ref: 00007FF7DF1A0BC1
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555516,-55555555555554AE,?,%s (errno: %d, %s),00007FF7DF1A0A35), ref: 00007FF7DF1A0BEF
SetInformationJobObject.KERNEL32 ref: 00007FF7DF1A0C6E
SetInformationJobObject.KERNEL32 ref: 00007FF7DF1A0C97
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555516,-55555555555554AE,?,%s (errno: %d, %s),00007FF7DF1A0A35), ref: 00007FF7DF1A0CFD

Strings

%s (errno: %d, %s), xrefs: 00007FF7DF1A0B70

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLastObject$Information$Create
String ID: %s (errno: %d, %s)
API String ID: 2051042135-297793326
Opcode ID: cc2ea8e4b593b5920fa69db82bab679fbc9139097f7fe3d619fdad716bb6b50e
Instruction ID: 61b43928403160fc679191801ebc54c23c79efb0e813d1846bb2f5872595134e
Opcode Fuzzy Hash: cc2ea8e4b593b5920fa69db82bab679fbc9139097f7fe3d619fdad716bb6b50e
Instruction Fuzzy Hash: 45419172A0A68381F764BF21F5143BEA295AF84750FC44437CA4E07785DF3EE4868720

Function 00007FF7DF19DE21 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

CreateFileMappingW.KERNEL32 ref: 00007FF7DF19DEBE
GetLastError.KERNEL32 ref: 00007FF7DF19DED0
SetLastError.KERNEL32 ref: 00007FF7DF19DEFE
MapViewOfFile.KERNEL32 ref: 00007FF7DF19DF2D

Strings

MapImageToMemory, xrefs: 00007FF7DF19DE38
ScopedBlockingCall, xrefs: 00007FF7DF19E0C6
..\..\base\files\memory_mapped_file_win.cc, xrefs: 00007FF7DF19DE3F

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorExclusiveFileLastLock$AcquireCounterCreateMappingPerformanceQueryReleaseView
String ID: ..\..\base\files\memory_mapped_file_win.cc$MapImageToMemory$ScopedBlockingCall
API String ID: 749074358-923734411
Opcode ID: 47e4a5f471efad22db54f151e602def4a6264cb7ff84473ac33ec1c0cfdd4347
Instruction ID: 0ed76df3252896f1ac0f0b7c85b91ec927414f2ce1d2c25d80e41b1a5f0b7924
Opcode Fuzzy Hash: 47e4a5f471efad22db54f151e602def4a6264cb7ff84473ac33ec1c0cfdd4347
Instruction Fuzzy Hash: 38413F32A09AC282EA20AF24F0553FEA366FF80744FC41537DA9E12A95DF3DE1458360

Function 00007FF7DF268BCC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7DF268AF3,?,?,?,00007FF7DF258516,?,?,?,00007FF7DF2584D1), ref: 00007FF7DF268C51
GetLastError.KERNEL32(?,?,00000000,00007FF7DF268AF3,?,?,?,00007FF7DF258516,?,?,?,00007FF7DF2584D1), ref: 00007FF7DF268C5F
LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7DF268AF3,?,?,?,00007FF7DF258516,?,?,?,00007FF7DF2584D1), ref: 00007FF7DF268C89
FreeLibrary.KERNEL32(?,?,00000000,00007FF7DF268AF3,?,?,?,00007FF7DF258516,?,?,?,00007FF7DF2584D1), ref: 00007FF7DF268CF7
GetProcAddress.KERNEL32(?,?,00000000,00007FF7DF268AF3,?,?,?,00007FF7DF258516,?,?,?,00007FF7DF2584D1), ref: 00007FF7DF268D03

Strings

api-ms-, xrefs: 00007FF7DF268C71
MZx, xrefs: 00007FF7DF268BEA, 00007FF7DF268C9A, 00007FF7DF268CE0

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: MZx$api-ms-
API String ID: 2559590344-259127448
Opcode ID: 406812329447b407887a03e27c0f9b4da6abd2d98f29218d24983740d104d21b
Instruction ID: 0831feb4d01c950ff18d2757e785b6ee4651f14d814d92966c10fd0d2bf8ba0c
Opcode Fuzzy Hash: 406812329447b407887a03e27c0f9b4da6abd2d98f29218d24983740d104d21b
Instruction Fuzzy Hash: 1D318131A1BAC281EE59EF16A4405FDA3A4BF44BA0FC94536DE2D4A790EF3CF5448320

Function 00007FF7DF2525C0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF252603
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF2529F0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF252C8C

Strings

p, xrefs: 00007FF7DF2526B5
f, xrefs: 00007FF7DF252725
p, xrefs: 00007FF7DF25272D

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: b59f12469ddcab30ff971e89310c14a71880c826f646c2315dff9c4cbf5c686d
Instruction ID: 029d534ff8b6787e410a4ba15eb31c5530aad16018b177604e89ab202a754407
Opcode Fuzzy Hash: b59f12469ddcab30ff971e89310c14a71880c826f646c2315dff9c4cbf5c686d
Instruction Fuzzy Hash: 35126D62A0D2C386FB24BA1591542FDF6B1FB90B54FD84537EA9A467C4DB3CF4809B20

Function 00007FF7DF24FA40 Relevance: 10.8, APIs: 7, Instructions: 290COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF24FE6D

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a45fa68c14d07d3764e6386be698311ad9e6a3fdf483386900b99f9c26239c6
Instruction ID: 5bae1d0db3a4b5131dca91d751fd75084ef0103f012c7fd9d03aff424873a81e
Opcode Fuzzy Hash: 5a45fa68c14d07d3764e6386be698311ad9e6a3fdf483386900b99f9c26239c6
Instruction Fuzzy Hash: FCC1A022A08AC681F760BB5494802FEB791FBE1B90FD50137DA4E07792DEBCF8458760

Function 00007FF7DF1BB880 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 281COMMON

Download Yara Rule

APIs

GetQueuedCompletionStatus.KERNEL32 ref: 00007FF7DF1BB9C6

Part of subcall function 00007FF7DF19CC90: GetCurrentThread.KERNEL32 ref: 00007FF7DF19CD21
Part of subcall function 00007FF7DF19CC90: IsDebuggerPresent.KERNEL32 ref: 00007FF7DF19CD45

GetQueuedCompletionStatus.KERNEL32 ref: 00007FF7DF1BB940

Strings

BrokerEv, xrefs: 00007FF7DF1BB8DA
BrokerEvent, xrefs: 00007FF7DF1BB8BA
vent, xrefs: 00007FF7DF1BB8EC

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CompletionQueuedStatus$CurrentDebuggerPresentThread
String ID: usererEv$usererEvent$vent
API String ID: 927938304-2683065476
Opcode ID: bda5e48ee295613331ab682cda83f1cc1d51a5e9ad3b707bbc5b268320f979e7
Instruction ID: 24285df57bdd13658d8cc8493c470c9ab68251bdcb1d390ee516f57376ebccc6
Opcode Fuzzy Hash: bda5e48ee295613331ab682cda83f1cc1d51a5e9ad3b707bbc5b268320f979e7
Instruction Fuzzy Hash: 0EC16B32609B86C1EA54EB15E5543AEBBA8FB85B80FC44436DA9D43BA4DF7DE444C320

Function 00007FF7DF1A8E50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 133libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF7DF1A8EB4
LocalFree.KERNEL32 ref: 00007FF7DF1A8F9A
GetModuleHandleA.KERNEL32 ref: 00007FF7DF1A8FFB
GetProcAddress.KERNEL32 ref: 00007FF7DF1A900B

Strings

Kernel32.dll, xrefs: 00007FF7DF1A8FF4
GetThreadDescription, xrefs: 00007FF7DF1A9001

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressCurrentFreeHandleLocalModuleProcThread
String ID: GetThreadDescription$Kernel32.dll
API String ID: 4205643583-415897907
Opcode ID: 3f523cbd60b9433f7c2c5f7b3d6a054a8d32e291a014e9d3de3561474809c478
Instruction ID: 69907de73511b1ab859a2fee1ad1b697ae6c6afc614a6b769fa75a7588c3f765
Opcode Fuzzy Hash: 3f523cbd60b9433f7c2c5f7b3d6a054a8d32e291a014e9d3de3561474809c478
Instruction Fuzzy Hash: CC41A332A09A8281EA10FB11EA542FDF7A5AF44BA4FD44133DA5D477A4DF3EF4428320

Function 00007FF7DF1BE680 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1BE6A6
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1BE7A7
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1BE80A

Strings

UnregisterThread, xrefs: 00007FF7DF1BE814
..\..\base\threading\hang_watcher.cc, xrefs: 00007FF7DF1BE81B
it != watch_states_.end(), xrefs: 00007FF7DF1BE835

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: ..\..\base\threading\hang_watcher.cc$UnregisterThread$it != watch_states_.end()
API String ID: 1678258262-1505799933
Opcode ID: 7494098e0d067e5c9077dee82f548bbda04448b453c81a1c8c51f393a649cae0
Instruction ID: 6fa43ac3b28966d9b26485e379c2031bcfd39625918e56f5e26f80dc433ad49e
Opcode Fuzzy Hash: 7494098e0d067e5c9077dee82f548bbda04448b453c81a1c8c51f393a649cae0
Instruction Fuzzy Hash: 0C515E26A09A82C1EE50EF16E4546BDABA4BB45B94FC44433DE5E07790DF3EF441C362

Function 00007FF7DF1996E9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF23A0B0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF23A0C0

LoadLibraryW.KERNEL32 ref: 00007FF7DF21B3FB
GetProcAddress.KERNEL32 ref: 00007FF7DF21B410
LoadLibraryW.KERNEL32 ref: 00007FF7DF21B43A
GetProcAddress.KERNEL32 ref: 00007FF7DF21B44F

Strings

ProcessPrng, xrefs: 00007FF7DF21B406, 00007FF7DF21B445
bcryptprimitives.dll, xrefs: 00007FF7DF21B3F4, 00007FF7DF21B433

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressLibraryLoadProc$AcquireExclusiveLock
String ID: ProcessPrng$bcryptprimitives.dll
API String ID: 4229284988-2667675608
Opcode ID: 007d9bf380b3ceea20f317351fe5e071fc2de9a04342679df245ba95898fd14a
Instruction ID: 4309d46be9237f8e3fdb9695fdf670e61ea9701a6b06e6857f2cef3052136020
Opcode Fuzzy Hash: 007d9bf380b3ceea20f317351fe5e071fc2de9a04342679df245ba95898fd14a
Instruction Fuzzy Hash: CF411C30A0DA8681EA50EF15ECA02BDB3B0AF98744FE84537C94E467A4DE2CF556C720

Function 00007FF7DF20F530 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF20F651
GetProcAddress.KERNEL32 ref: 00007FF7DF20F661

Strings

ScopedBlockingCall, xrefs: 00007FF7DF20F69E
..\..\base\files\file_win.cc, xrefs: 00007FF7DF20F5A2
Close, xrefs: 00007FF7DF20F59B
GetHandleVerifier, xrefs: 00007FF7DF20F657

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
API String ID: 1646373207-3663164917
Opcode ID: ff6e06adaa9779238ec8330959ee88805188cebfdc2d2a05772e2e0b2eedda96
Instruction ID: 3759906b47eeb741654c17d10a4fca41906349ccf4e09dba86da11bf1932fc2f
Opcode Fuzzy Hash: ff6e06adaa9779238ec8330959ee88805188cebfdc2d2a05772e2e0b2eedda96
Instruction Fuzzy Hash: 54412A32A08AC691EA24AF25F4953FDA3A5EF84744FC44033D98E176A5DE3DF1468720

Function 00007FF7DF1AB560 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32 ref: 00007FF7DF1AB5C9
VirtualProtectEx.KERNEL32 ref: 00007FF7DF1AB61E
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1AB647
VirtualProtectEx.KERNEL32 ref: 00007FF7DF1AB669
WriteProcessMemory.KERNEL32 ref: 00007FF7DF1AB6BD

Strings

, xrefs: 00007FF7DF1AB5DC

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: MemoryProcessWrite$ProtectVirtual
String ID:
API String ID: 2340208871-3916222277
Opcode ID: 93b92c717b55b16c089327443ae3c3b2f4345c6120193e742c8c4416b994dd4b
Instruction ID: deec342ee146831db1265c16d17d83084627f94b1319adb047e8a480a8aeb080
Opcode Fuzzy Hash: 93b92c717b55b16c089327443ae3c3b2f4345c6120193e742c8c4416b994dd4b
Instruction Fuzzy Hash: 7E317A326186C082EB20DF12F9546AEB7E4FB98B94F855136EE8D47B48DF7DD1828710

Function 00007FF7DF22D040 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80libraryloaderCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 00007FF7DF22D068
GetLastError.KERNEL32 ref: 00007FF7DF22D081
SetLastError.KERNEL32 ref: 00007FF7DF22D0A9
GetModuleHandleW.KERNEL32 ref: 00007FF7DF22D103
GetProcAddress.KERNEL32 ref: 00007FF7DF22D113

Strings

GetHandleVerifier, xrefs: 00007FF7DF22D109

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$AddressCreateEventHandleModuleProc
String ID: GetHandleVerifier
API String ID: 687412823-1090674830
Opcode ID: a62047fa1e38523cb218acbd4d818f462013a9bf1814fc25798fcb3a646e9314
Instruction ID: f586b15c5225e2cda812d71d6ad5dfbce8cd9155c2659a4ea600a16ad4359d00
Opcode Fuzzy Hash: a62047fa1e38523cb218acbd4d818f462013a9bf1814fc25798fcb3a646e9314
Instruction Fuzzy Hash: 5F314F31B1A78781FB28BF25A8557BDA261AF45B40FD48436CA8E47B90DE3DB5858320

Function 00007FF7DF1C17E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78filelibraryloaderCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF7DF1C181E
GetLastError.KERNEL32 ref: 00007FF7DF1C182C
SetLastError.KERNEL32 ref: 00007FF7DF1C1844
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C18A1
GetProcAddress.KERNEL32 ref: 00007FF7DF1C18B1

Strings

GetHandleVerifier, xrefs: 00007FF7DF1C18A7

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$AddressCreateFileHandleModuleProc
String ID: GetHandleVerifier
API String ID: 2959055312-1090674830
Opcode ID: a4258916873082ba8dbc0a1e55b7a379049d4357b4e818e71e9d418fcb811e52
Instruction ID: 91abb2e3b57ebc0676cd9702dac3ecd363c115262b564a39aebaab866923fe14
Opcode Fuzzy Hash: a4258916873082ba8dbc0a1e55b7a379049d4357b4e818e71e9d418fcb811e52
Instruction Fuzzy Hash: 7C316B21E4C682A1FA24BF66B8543BEE666AF45B90FC84136C91E167D0CF3EF545C360

Function 00007FF7DF290070 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00007FF7DF1E90A0), ref: 00007FF7DF29008D
AcquireSRWLockExclusive.KERNEL32(00007FF7DF1C03D3), ref: 00007FF7DF2900C3
TryAcquireSRWLockExclusive.KERNEL32(00007FF7DF1E90A0), ref: 00007FF7DF290106
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF290113
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF290137

Strings

Histogram.TooManyBuckets.1000, xrefs: 00007FF7DF290074, 00007FF7DF2900D4

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: Histogram.TooManyBuckets.1000
API String ID: 1678258262-786474106
Opcode ID: 5494d50db2ca9dab405088f72940fa36666f583638c58f454e8fce192274b8eb
Instruction ID: 640df3d105a81fc3a06625a88e4802dde4487fc7da9d5739358b398c247ab2b1
Opcode Fuzzy Hash: 5494d50db2ca9dab405088f72940fa36666f583638c58f454e8fce192274b8eb
Instruction Fuzzy Hash: D9219826B45A9581EA18EF27A8405BDA361EF89FE1FC58432CD4D07750CE3DE586C310

Function 00007FF7DF196790 Relevance: 10.6, APIs: 7, Instructions: 59threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF7DF1967A7
SetThreadPriority.KERNEL32(?,?,00007FF7DF196754), ref: 00007FF7DF1967C0
SetThreadInformation.KERNEL32(?,?,00007FF7DF196754), ref: 00007FF7DF1967DD

Part of subcall function 00007FF7DF26E780: GetCurrentThread.KERNEL32 ref: 00007FF7DF26E784
Part of subcall function 00007FF7DF26E780: GetThreadPriority.KERNEL32 ref: 00007FF7DF26E78D

SetThreadPriority.KERNEL32(?,?,00007FF7DF196754), ref: 00007FF7DF1967F4
GetCurrentThread.KERNEL32 ref: 00007FF7DF196813
SetThreadInformation.KERNEL32(?,?,00007FF7DF196754), ref: 00007FF7DF19682A
SetThreadPriority.KERNEL32(?,?,00007FF7DF196754), ref: 00007FF7DF196853

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Thread$Priority$Current$Information
String ID:
API String ID: 2516384554-0
Opcode ID: b194b9c432f8364c7ad7ad884172b27154573e625baaab9c9fb85c08e8271fbf
Instruction ID: 01eee1845bf55b095c31e3f3b765d77df5dd8b92d5931d9b5c506c835a8b3242
Opcode Fuzzy Hash: b194b9c432f8364c7ad7ad884172b27154573e625baaab9c9fb85c08e8271fbf
Instruction Fuzzy Hash: 2A216F31E08A8282E754BF61F9542EEA2E1AF88B90FD14136DD5E47B94DE3CF5468720

Function 00007FF7DF296F4C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetHandleInformation.KERNEL32(00007FF7DF1C0364), ref: 00007FF7DF296F79
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00135266,?,?,?,00000000), ref: 00007FF7DF296F8A

Strings

l, xrefs: 00007FF7DF296FCF
F, xrefs: 00007FF7DF296FBA
i, xrefs: 00007FF7DF296FC4
e, xrefs: 00007FF7DF296FDA

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Handle$CloseInformation
String ID: F$e$i$l
API String ID: 2405653160-2866947123
Opcode ID: 1f6b803e5016ed834c1e821647b44f033d0aead601104376118f22bb699b9108
Instruction ID: 55eb7df8d53cd52ceec41f2b16902ef67ee34562affe339b084e917914b811c3
Opcode Fuzzy Hash: 1f6b803e5016ed834c1e821647b44f033d0aead601104376118f22bb699b9108
Instruction Fuzzy Hash: 53114C12E4D9C241FF51BF2194182BEDAE0DF81B94FC88037EA4D47599DE6CF9828235

Function 00007FF7DF26B75C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,00000000,00007FF7DF2668BE), ref: 00007FF7DF26B78D
GetLastError.KERNEL32(?,00000000,00007FF7DF2668BE), ref: 00007FF7DF26B799
CloseHandle.KERNEL32(?,00000000,00007FF7DF2668BE), ref: 00007FF7DF26B7B1
CreateFileW.KERNEL32 ref: 00007FF7DF26B7DC
WriteConsoleW.KERNEL32 ref: 00007FF7DF26B7FB

Strings

CONOUT$, xrefs: 00007FF7DF26B7BD

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 2f57b4bcc73cf9ab36bfe1e58ed88dea9bdd6e2017ea1fa266b5dcbbff261358
Instruction ID: 862165fe517f74cda36eba19ddcc2b398bdd0d0a0e7ede0f30a7d9b54dbdba1e
Opcode Fuzzy Hash: 2f57b4bcc73cf9ab36bfe1e58ed88dea9bdd6e2017ea1fa266b5dcbbff261358
Instruction Fuzzy Hash: D9118431B18AC186E7509F52E84436DA2A0FB58BE4FC40235DE5D87794CF7CE6448750

Function 00007FF7DF1C4BE0 Relevance: 9.2, APIs: 6, Instructions: 163threadCOMMON

Download Yara Rule

APIs

CreateIoCompletionPort.KERNEL32(?,?,?,?,?,00007FF7DF1C4BC4), ref: 00007FF7DF1C4C25
GetLastError.KERNEL32(?,?,?,?,?,00007FF7DF1C4BC4), ref: 00007FF7DF1C4C37
SetLastError.KERNEL32(?,?,?,?,?,00007FF7DF1C4BC4), ref: 00007FF7DF1C4C67
CreateThread.KERNEL32 ref: 00007FF7DF1C4D18
GetLastError.KERNEL32(?,?,?,?,?,00007FF7DF1C4BC4), ref: 00007FF7DF1C4D27
SetLastError.KERNEL32(?,?,?,?,?,00007FF7DF1C4BC4), ref: 00007FF7DF1C4D53

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$Create$CompletionPortThread
String ID:
API String ID: 1241333222-0
Opcode ID: f200de87b39961b3f725280f4f1fefddc3be643a96797f6e397b33b868933f7f
Instruction ID: 7ef0519cd74b67f095f0d921046089ac0567cc96d5d7bd704cf43896ae15829d
Opcode Fuzzy Hash: f200de87b39961b3f725280f4f1fefddc3be643a96797f6e397b33b868933f7f
Instruction Fuzzy Hash: C8616A22A08B9682EB14BF16F5013BCE3A5FB44B94FC44836CA5E07791DF3DE6918260

Function 00007FF7DF2539A4 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,00000000,?,-00000128,00007FF7DF25374C), ref: 00007FF7DF253A23
WriteFile.KERNEL32(?,?,?,?,?,?,?,00000000,?,-00000128,00007FF7DF25374C), ref: 00007FF7DF253CEB
WriteFile.KERNEL32(?,?,?,?,?,?,?,00000000,?,-00000128,00007FF7DF25374C), ref: 00007FF7DF253D31
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,-00000128,00007FF7DF25374C), ref: 00007FF7DF253DE7

Strings

MZx, xrefs: 00007FF7DF2539FA, 00007FF7DF253A7B, 00007FF7DF253B30

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID: MZx
API String ID: 2718003287-2575928145
Opcode ID: 16f6bea9f400ece203d3e88ac06640cde90789453a91dcf86e3b74048a3e9a50
Instruction ID: 7d4e276c2fa4cd00c5a60a8950d5e0f17facbc08e21d4294fa30c147699c5c78
Opcode Fuzzy Hash: 16f6bea9f400ece203d3e88ac06640cde90789453a91dcf86e3b74048a3e9a50
Instruction Fuzzy Hash: 02D10532B09AC189E710DFB5D4402ECBBB2FB44798B845636CE5D97B99DE38E546C320

Function 00007FF7DF1B5CC0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 103COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

GetLongPathNameW.KERNEL32 ref: 00007FF7DF1B5D5D
GetLongPathNameW.KERNEL32 ref: 00007FF7DF1B5D9C

Strings

MakeLongFilePath, xrefs: 00007FF7DF1B5D04
..\..\base\files\file_util_win.cc, xrefs: 00007FF7DF1B5D0B
ScopedBlockingCall, xrefs: 00007FF7DF1B5E43

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLockLongNamePath$AcquireCounterPerformanceQueryRelease
String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
API String ID: 839722070-2989128051
Opcode ID: 29080a9f99ec05de66e53de6d7cfae48278f2a89e0f6540e837cbad09b036caa
Instruction ID: f71553bd9bdf9f0ad9bc9ebf57ea3f0100db2d7f403adc3ce770aad4c4d9a905
Opcode Fuzzy Hash: 29080a9f99ec05de66e53de6d7cfae48278f2a89e0f6540e837cbad09b036caa
Instruction Fuzzy Hash: 9041CE22A18AC281FA21AF25F4107EEB761EF95B44FC44133DA8D07A59EF3DE1958710

Function 00007FF7DF1A0070 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1A012A
GetProcAddress.KERNEL32 ref: 00007FF7DF1A013A
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1A0172
GetProcAddress.KERNEL32 ref: 00007FF7DF1A0182

Strings

GetHandleVerifier, xrefs: 00007FF7DF1A0130, 00007FF7DF1A0178

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 3bd6aa0b2e2d3ed719a1c6930b738698a0ef9bd4d355ded0b1f2d922014f0cd2
Instruction ID: 776df7f3b2f82381f2ecbdd54bc6f3b0ea0444c1e181d2c750c9540b4397f11b
Opcode Fuzzy Hash: 3bd6aa0b2e2d3ed719a1c6930b738698a0ef9bd4d355ded0b1f2d922014f0cd2
Instruction Fuzzy Hash: 40411921A0AA8781EA15BB25F6553FEB265AF40B80FD84437C54F42390CF2EF5869320

Function 00007FF7DF1BBFD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93libraryloadersynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DF1BBFEB
TerminateProcess.KERNEL32 ref: 00007FF7DF1BBFF9
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1BC0CA
GetProcAddress.KERNEL32 ref: 00007FF7DF1BC0DA

Strings

GetHandleVerifier, xrefs: 00007FF7DF1BC0D0

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleObjectProcProcessSingleTerminateWait
String ID: GetHandleVerifier
API String ID: 2756416720-1090674830
Opcode ID: 03301805efc91e73481be22f9fd33d5ae3cca5529ded50a1929da7b776045bc6
Instruction ID: 672ec55834db2cd3f5d75b3e5c88e15e33d987002bd1dd8ab345ffe14ad031f2
Opcode Fuzzy Hash: 03301805efc91e73481be22f9fd33d5ae3cca5529ded50a1929da7b776045bc6
Instruction Fuzzy Hash: FE417F25A09682C2FA24BB66F5503FEE765AF45B90FD44137CA4E02B91DF2EF485C360

Function 00007FF7DF192F10 Relevance: 7.8, APIs: 5, Instructions: 332COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF19316A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF19323C
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF193275
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF193340
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF19343B

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID:
API String ID: 1021914862-0
Opcode ID: bd9abdaefe8d9735125a70dbe9966eeb9f10e7cd1ecf71465e21aeadf1122567
Instruction ID: 2748ad441f2f060111dbc5d3fdd9dc3d8eac939800669c4e5f19a4ff25af2747
Opcode Fuzzy Hash: bd9abdaefe8d9735125a70dbe9966eeb9f10e7cd1ecf71465e21aeadf1122567
Instruction Fuzzy Hash: 89E1B132A08A8586EB14DB15E4443ADB7A9FB48BA0FC54232DE6E437A4DF3EE545C350

Function 00007FF7DF22BA40 Relevance: 7.8, APIs: 5, Instructions: 297COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000004,?,00000000,?,?,?,00000000), ref: 00007FF7DF22BC6A
TlsSetValue.KERNEL32(?,?,00000000), ref: 00007FF7DF22BCA7
TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000), ref: 00007FF7DF22BD10
ReleaseSRWLockExclusive.KERNEL32(?,?,00000000), ref: 00007FF7DF22BD2E
TlsSetValue.KERNEL32(?,?,00000000), ref: 00007FF7DF22BDFF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Value$ExclusiveLock$AcquireRelease
String ID:
API String ID: 2618446062-0
Opcode ID: c25bb7d2483a70d53a659e3c66d9c709ec4e95fcddfb090cdd6f4633383defd7
Instruction ID: 0d283c63e2a0b720d19969385fa7874341049abdbf099ef2620cf350e55de858
Opcode Fuzzy Hash: c25bb7d2483a70d53a659e3c66d9c709ec4e95fcddfb090cdd6f4633383defd7
Instruction Fuzzy Hash: BDB1CF32B0968689EA14AF15D8503FDB361FB98B84FD48632DA5D07BA8DE3CF445C760

Function 00007FF7DF1FC800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 228COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000138,?,00007FF7DF26EEFE), ref: 00007FF7DF1FC85D
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000138,?,00007FF7DF26EEFE), ref: 00007FF7DF1FC86D

Strings

X, xrefs: 00007FF7DF1FC9EC
@, xrefs: 00007FF7DF1FC83C

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: PerformanceQuery$CounterFrequency
String ID: @$X
API String ID: 774501991-461597874
Opcode ID: 3062e0906028eecbb6be20ded5d7b5eb5e2d3052a5f94bf0ba8c3d54a261bace
Instruction ID: 600eb6554e891d7549761eb867d35076267347a62736ca658fd27ecd43c5da4f
Opcode Fuzzy Hash: 3062e0906028eecbb6be20ded5d7b5eb5e2d3052a5f94bf0ba8c3d54a261bace
Instruction Fuzzy Hash: 6DA13632A18B8686EB10EB16E5542AEB7A5FB85BC0FC44132DB8D43B54DF3DE185D720

Function 00007FF7DF22B7B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF23A0B0: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF23A0C0

LoadLibraryW.KERNEL32 ref: 00007FF7DF22B818
GetProcAddress.KERNEL32 ref: 00007FF7DF22B82D

Strings

ProcessPrng, xrefs: 00007FF7DF22B823
bcryptprimitives.dll, xrefs: 00007FF7DF22B811

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AcquireAddressExclusiveLibraryLoadLockProc
String ID: ProcessPrng$bcryptprimitives.dll
API String ID: 1410756787-2667675608
Opcode ID: 21aacf8bd73b59ce0bcc149f93f8da88d416364c9dca8461d88394da81172eb7
Instruction ID: 0d0595a8bd4ab184595e75f2b5d8092e92a67471568b2479feaf991db4471a55
Opcode Fuzzy Hash: 21aacf8bd73b59ce0bcc149f93f8da88d416364c9dca8461d88394da81172eb7
Instruction Fuzzy Hash: A2618B22A09A8695EA14EB15ED947BCB3A5FB48B94FC84537CA1D077A0DF3CF491C320

Function 00007FF7DF293560 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF293736
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF293758
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF29376A

Strings

<, xrefs: 00007FF7DF293725

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: <
API String ID: 1678258262-4251816714
Opcode ID: 952741c02621bfd04b3051df76c8491fe684197ad319b82ffb0a71c0d2443153
Instruction ID: 2396d1a6dcd1135dcf7a4813efa01a69396dc7ece3e475bd553224bacc06ab11
Opcode Fuzzy Hash: 952741c02621bfd04b3051df76c8491fe684197ad319b82ffb0a71c0d2443153
Instruction Fuzzy Hash: 1951F762A089C645FA12BF2595002FDE395AF49BD4FD44333ED1E27694DF3CF5928221

Function 00007FF7DF2896A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DF289891

Strings

runas, xrefs: 00007FF7DF2897AD
LaunchElevatedProcess, xrefs: 00007FF7DF289855, 00007FF7DF28994F
..\..\base\process\launch_win.cc, xrefs: 00007FF7DF28985C

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ObjectSingleWait
String ID: ..\..\base\process\launch_win.cc$LaunchElevatedProcess$runas
API String ID: 24740636-1466567255
Opcode ID: cc02b1aabc9b3c1ff404aeb31eea544263762ac44964f341def559c04a37ed2d
Instruction ID: 0df08db1256366f6fae9c5dd8ff55053b583d2de09a299c0acda5c204eccda11
Opcode Fuzzy Hash: cc02b1aabc9b3c1ff404aeb31eea544263762ac44964f341def559c04a37ed2d
Instruction Fuzzy Hash: 29715E32A0CAC291E621AB15F4453EEB7A4FB88788FC05133DA8C47A59DF3DE195C710

Function 00007FF7DF19BF20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00007FF7DF19BFBA
CloseHandle.KERNEL32 ref: 00007FF7DF19C001
GetLastError.KERNEL32 ref: 00007FF7DF19C009

Strings

create_thread_last_error, xrefs: 00007FF7DF19C0EB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CloseCreateErrorHandleLastThread
String ID: create_thread_last_error
API String ID: 747004058-3219933969
Opcode ID: a7544f85aba4b2f7568fc785378880a0e8208537c818b1ec004e96b916c5dccd
Instruction ID: 5dfb01681c3d4e87aa9448775efa9faf65a1538f9313c45cbc685f5132bf785e
Opcode Fuzzy Hash: a7544f85aba4b2f7568fc785378880a0e8208537c818b1ec004e96b916c5dccd
Instruction Fuzzy Hash: 9551BD26A0C6C682EA14FB11B8512FDF296BF84B94FC80137D9AE42795DF3EF4418660

Function 00007FF7DF1F3CF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF1F3DC4
GetModuleHandleW.KERNEL32 ref: 00007FF7DF1F3E3A
GetProcAddress.KERNEL32 ref: 00007FF7DF1F3E4A

Strings

GetHandleVerifier, xrefs: 00007FF7DF1F3E40

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: GetHandleVerifier
API String ID: 4275029093-1090674830
Opcode ID: a1b68247d3e88d73ff7b010e8888158fa04755a6c1ad67f1004b255f80535556
Instruction ID: 0d1ea5b9129eb644f9d8505a59cd0e67461db33e2be97baa802bbf25dc2499f0
Opcode Fuzzy Hash: a1b68247d3e88d73ff7b010e8888158fa04755a6c1ad67f1004b255f80535556
Instruction Fuzzy Hash: 1341F223B0968681FB14BF56B4542FCA695AF40B90FC48436CE0E077C1DF3EB4869320

Function 00007FF7DF1EC630 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1EC63D
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1EC726

Part of subcall function 00007FF7DF1953B0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1953D3

Strings

bitset test argument out of range, xrefs: 00007FF7DF1EC737
bitset set argument out of range, xrefs: 00007FF7DF1EC743

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: bitset set argument out of range$bitset test argument out of range
API String ID: 1678258262-1976194836
Opcode ID: efbbf39134255fc9c49f99a9afbef658eef2db5500868e25937da743ddd55a63
Instruction ID: e01afbbf58ddcd20149f438fbb9a29a93ec542464b401fc1025255b508d22b6f
Opcode Fuzzy Hash: efbbf39134255fc9c49f99a9afbef658eef2db5500868e25937da743ddd55a63
Instruction Fuzzy Hash: 1D21C161A096C243ED69AA11BA103FE935AAB587C0FC05433CB4E13B80EFADF085C324

Function 00007FF7DF1EC750 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1EC762
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1EC7FE

Part of subcall function 00007FF7DF1953B0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1953D3

Strings

bitset test argument out of range, xrefs: 00007FF7DF1EC810
bitset set argument out of range, xrefs: 00007FF7DF1EC81C

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: bitset set argument out of range$bitset test argument out of range
API String ID: 1678258262-1976194836
Opcode ID: a9a5c178082fb9db1fb49e8fb83e2f6a1b7d647d14cbec52ec01cbce9d666bd3
Instruction ID: f0bef61d3f57c308f9aac6cd51135c5b603a2566bc183e2173a5071eba84f7a7
Opcode Fuzzy Hash: a9a5c178082fb9db1fb49e8fb83e2f6a1b7d647d14cbec52ec01cbce9d666bd3
Instruction Fuzzy Hash: B111BE51F095C642FD08AA06FE883FDA61AAB407D0FD49432CE4E07685DF2DB4D6C324

Function 00007FF7DF19E100 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DF1F4D90: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DF1F4EC6
Part of subcall function 00007FF7DF1F4D90: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F26
Part of subcall function 00007FF7DF1F4D90: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1F4F76

GetFileSizeEx.KERNEL32 ref: 00007FF7DF19E1A9

Strings

GetLength, xrefs: 00007FF7DF19E13A
ScopedBlockingCall, xrefs: 00007FF7DF19E202
..\..\base\files\file_win.cc, xrefs: 00007FF7DF19E141

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireCounterFilePerformanceQueryReleaseSize
String ID: ..\..\base\files\file_win.cc$GetLength$ScopedBlockingCall
API String ID: 870130176-1252741873
Opcode ID: 366e4c7a71ec619b0bc387b19a886139fadf742df2a78a6459a3f407ed150b0f
Instruction ID: c270f06a2b3e32a86e160a7f7fa37b56d4eb0ec0c753123c9df29fbc292bed13
Opcode Fuzzy Hash: 366e4c7a71ec619b0bc387b19a886139fadf742df2a78a6459a3f407ed150b0f
Instruction Fuzzy Hash: A3317132A08AC590EA20AF25F4503EDB3A0FF84B44FC44032DA8D17A19DF3DE25AC761

Function 00007FF7DF196880 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57filelibraryloaderCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32 ref: 00007FF7DF196898
GetModuleHandleW.KERNEL32 ref: 00007FF7DF196900
GetProcAddress.KERNEL32 ref: 00007FF7DF196910

Strings

GetHandleVerifier, xrefs: 00007FF7DF196906

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressFileHandleModuleProcUnmapView
String ID: GetHandleVerifier
API String ID: 3224599007-1090674830
Opcode ID: 8bb09f3796ca6893a90be662683f262fb956e5d17d2484b909885acca8ebbfca
Instruction ID: 695dd609dc4b48e41c52895a54c06555805476b00065948d08da2a0144c740d2
Opcode Fuzzy Hash: 8bb09f3796ca6893a90be662683f262fb956e5d17d2484b909885acca8ebbfca
Instruction Fuzzy Hash: C7213E21E18A8681EA24BF26F5593FDA366AF44B84FD45537C91E023A0DF3EB585C260

Function 00007FF7DF1A2EF0 Relevance: 6.3, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF1A2F54
SetLastError.KERNEL32 ref: 00007FF7DF1A2F6D
GetLastError.KERNEL32 ref: 00007FF7DF1A2F8D
SetLastError.KERNEL32 ref: 00007FF7DF1A2F9F
GetLastError.KERNEL32 ref: 00007FF7DF1A2FD7

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: fc9fc606244c3acbaa7130772d13d2dc5cc58ce504f590ac2604ee94eb2de180
Instruction ID: fd875eef2969be6c6dc79fc939e5536ec92b1802c238636ce1fba084487cf1e7
Opcode Fuzzy Hash: fc9fc606244c3acbaa7130772d13d2dc5cc58ce504f590ac2604ee94eb2de180
Instruction Fuzzy Hash: 3921B132A09AC282E7647F30B8542FEB6D9AF44794FD84136DE9E07694DF3DE4428230

Function 00007FF7DF1B9640 Relevance: 6.3, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF1B96A1
SetLastError.KERNEL32 ref: 00007FF7DF1B96BA
GetLastError.KERNEL32 ref: 00007FF7DF1B96DA
SetLastError.KERNEL32 ref: 00007FF7DF1B96EC
GetLastError.KERNEL32 ref: 00007FF7DF1B9724

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: c2b787986f01d09d2bd18d50a2c25c8a2b3e839c6bca70377eba6d1e614f8b6c
Instruction ID: ea7a70d43d0d6985567a49fcb1a198abc3073031ebf8a9d51e54648297442314
Opcode Fuzzy Hash: c2b787986f01d09d2bd18d50a2c25c8a2b3e839c6bca70377eba6d1e614f8b6c
Instruction Fuzzy Hash: 52219132A08AC286EB507F24F8543FEA6D5AF45798FD84136DA8E07790DF3DE4418A30

Function 00007FF7DF1A3800 Relevance: 6.3, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF1A3853
SetLastError.KERNEL32 ref: 00007FF7DF1A3868
GetLastError.KERNEL32 ref: 00007FF7DF1A3888
SetLastError.KERNEL32 ref: 00007FF7DF1A389A
GetLastError.KERNEL32 ref: 00007FF7DF1A38D6

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 7470f44ef48e3eb0f2df52de3484e6dd0c8b582e0057dfd03eb24fa5fb5194c4
Instruction ID: 1e41162c9c9a5938b25137583acc0847e7ff25e5560202cf90e88767e5b04c6c
Opcode Fuzzy Hash: 7470f44ef48e3eb0f2df52de3484e6dd0c8b582e0057dfd03eb24fa5fb5194c4
Instruction Fuzzy Hash: 5E21A132A0D98246E6547F65B9543FDB2D49F44760FD90376DA6E022D0DF2EA4868230

Function 00007FF7DF25357C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 00007FF7DF253698
GetLastError.KERNEL32 ref: 00007FF7DF253723

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 3de7a05e6a60e4dc31bf5faaf78293d241f5ff65f10698646f81eb653ff4d0a6
Instruction ID: 412045d80f1fbc85dd4014fbe34cfa0fd2b8a4841656615c5402afe494956bc6
Opcode Fuzzy Hash: 3de7a05e6a60e4dc31bf5faaf78293d241f5ff65f10698646f81eb653ff4d0a6
Instruction Fuzzy Hash: 8B91D272E0869285F754AF6584402FDABA2BB04B98FD4653BDE0E57784CF38F985C321

Function 00007FF7DF1B0A90 Relevance: 6.1, APIs: 4, Instructions: 149threadCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1B0AAE
GetCurrentThreadId.KERNEL32 ref: 00007FF7DF1B0B38

Part of subcall function 00007FF7DF2398E4: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DF239914

ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1B0C92
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1B0CBC

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Concurrency::cancel_current_taskCurrentReleaseThread
String ID:
API String ID: 2289101447-0
Opcode ID: 7cc4d4e5894f4ef12ba8515de1a3094133f2e8e3ec8d9de6d6f67202c89d1ea5
Instruction ID: c1104a0f3986918b4f653e48cd3f6749605ff27b5dab0d69eab37d242644e518
Opcode Fuzzy Hash: 7cc4d4e5894f4ef12ba8515de1a3094133f2e8e3ec8d9de6d6f67202c89d1ea5
Instruction Fuzzy Hash: 70515D62A15B8281EB10EF11E8542BCBBA8EB89BA0FD54637DE6D43790DF3DE544C350

Function 00007FF7DF1A66D0 Relevance: 6.1, APIs: 4, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegisterWaitForSingleObject.KERNEL32 ref: 00007FF7DF1A672A
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DF1A6595), ref: 00007FF7DF1A675E
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DF1A6595), ref: 00007FF7DF1A67A7
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DF1A6595), ref: 00007FF7DF1A67F5

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$ObjectRegisterReleaseSingleWait
String ID:
API String ID: 1151305831-0
Opcode ID: 627f958415da0c6e5741fb3d670481071a37447f2129b5ff7270be251e2a3330
Instruction ID: f18a45dbd73c3289da71336c5f1962c10eea4cdf6d510b0a189c57431fa43c67
Opcode Fuzzy Hash: 627f958415da0c6e5741fb3d670481071a37447f2129b5ff7270be251e2a3330
Instruction Fuzzy Hash: 8231C122A19A8282F610FF51B921ABDB358BF40B94FD54033EE5E07B95CF3DE4428320

Function 00007FF7DF1CBF70 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

InitOnceExecuteOnce.KERNEL32 ref: 00007FF7DF1CBFDA
TlsGetValue.KERNEL32 ref: 00007FF7DF1CBFF7
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1CC00F
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1CC03B

Part of subcall function 00007FF7DF2504A0: IsProcessorFeaturePresent.KERNEL32(00007FF7DF23E786), ref: 00007FF7DF2504C6

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLockOnce$AcquireExecuteFeatureInitPresentProcessorReleaseValue
String ID:
API String ID: 3678319540-0
Opcode ID: c6c98a9cc8d0d6fdb51964c068d0211ab01fb77b3caa60d0607a473e41f7cf87
Instruction ID: bbf4e76db610a84e3976d1c3c4529a7b50e55b4d359fff6b5080f665ce7dac58
Opcode Fuzzy Hash: c6c98a9cc8d0d6fdb51964c068d0211ab01fb77b3caa60d0607a473e41f7cf87
Instruction Fuzzy Hash: 37312A25A08AC691EA64BF16B9502FEE3A4BF84B90FD84433DD5D02764CF3DF9858220

Function 00007FF7DF1C0FA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1C0FC9
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1C1004
AcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DF1C1020
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DF1C1030

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 7097ca6ab8acde858373411f9284eb0e8982ca532e557e3c3549178575937ce6
Instruction ID: 09ba8e000e9782c0412eb8972beb370521d1c26d79b9fa051905a96cbe026bf8
Opcode Fuzzy Hash: 7097ca6ab8acde858373411f9284eb0e8982ca532e557e3c3549178575937ce6
Instruction Fuzzy Hash: 1B21FF32A09AC691EA51AF15BD501BDA3A4BB05BB4FC54233DDAD062E0DF3DA186C350

Function 00007FF7DF25C484 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

FlsSetValue.KERNEL32 ref: 00007FF7DF25C4C2
FlsSetValue.KERNEL32 ref: 00007FF7DF25C4EA
FlsSetValue.KERNEL32 ref: 00007FF7DF25C4FB
FlsSetValue.KERNEL32 ref: 00007FF7DF25C50C

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 507328858d1db9b13459e56b250314d00052514d76b09567a1a82858c1551a4c
Instruction ID: 36028f0ed3324490f4e274791bfaf1b07ccde3e84e325068789fb89ae314a653
Opcode Fuzzy Hash: 507328858d1db9b13459e56b250314d00052514d76b09567a1a82858c1551a4c
Instruction Fuzzy Hash: 63113A20E482D242FA58BB7965516FDA2925F443F4FD44336E93E567DAFE2CF4418220

Function 00007FF7DF24FE90 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?,?), ref: 00007FF7DF24FF5E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?,?), ref: 00007FF7DF250105

Strings

MZx, xrefs: 00007FF7DF24FEA9, 00007FF7DF24FF6F, 00007FF7DF24FFC4, 00007FF7DF24FFD5, 00007FF7DF250119

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: MZx
API String ID: 1948546556-2575928145
Opcode ID: f20a3358e8dcbc9ad251d7ae5660c242c5eab828e7bb14eef0779e1cc55eb73b
Instruction ID: a6cc8049aafa1907b682c00853d71387c317c9d6114288f195fa15929979332d
Opcode Fuzzy Hash: f20a3358e8dcbc9ad251d7ae5660c242c5eab828e7bb14eef0779e1cc55eb73b
Instruction Fuzzy Hash: 46910612B1C6C686EB21BA2498803FCAB81FB52B94FD94637D65E073D9CA7CF445C721

Function 00007FF7DF1CBD50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON

Download Yara Rule

APIs

SetHandleInformation.KERNEL32 ref: 00007FF7DF1CBD8F

Strings

..\..\sandbox\win\src\sandbox_policy_base.cc, xrefs: 00007FF7DF1CBEB2
AddHandleToShare, xrefs: 00007FF7DF1CBEAB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: HandleInformation
String ID: ..\..\sandbox\win\src\sandbox_policy_base.cc$AddHandleToShare
API String ID: 1064748128-854877313
Opcode ID: 68102a8d921e6f80f1efa051da7819059a092a695371b5adfbe86a77e97cf660
Instruction ID: 8f3f611a9375167038ba6ebc3d74c01c76cdaa4e2b0e6a1b213d2779dee9508b
Opcode Fuzzy Hash: 68102a8d921e6f80f1efa051da7819059a092a695371b5adfbe86a77e97cf660
Instruction Fuzzy Hash: 5D41AF62B04AC641EA24EF61B4001EDE759AF44BA0FD84633DE6D47AD5DF7DE0158320

Function 00007FF7DF25403C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,00000000,?,00007FF7DF2537A6), ref: 00007FF7DF254153
GetLastError.KERNEL32(?,?,?,00000000,?,00007FF7DF2537A6), ref: 00007FF7DF254175

Strings

U, xrefs: 00007FF7DF2540FF

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: bcfeb4667ca908de3d63501ceaac33d13c0650f5b1af8e40d9220f4c346b1a06
Instruction ID: 24b15f2d65a7b9796562fae345f21ca93d21c97d66438f94b87c70f629e3a786
Opcode Fuzzy Hash: bcfeb4667ca908de3d63501ceaac33d13c0650f5b1af8e40d9220f4c346b1a06
Instruction Fuzzy Hash: 7041B332A18A8182DB20AF25E8543EEE7A0FB94794FD04036EE8D87798DF3CE541C750

Function 00007FF7DF1C90D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1C9190
GetProcAddress.KERNEL32 ref: 00007FF7DF1C91A0

Strings

GetHandleVerifier, xrefs: 00007FF7DF1C9196

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 848f1527da37e11cc3f689138f055818a724da4bf4c34a40d76afe79db9c452c
Instruction ID: dacefae1d0f3461437134ef12b2519248a2d4cdb9e8c0298a731161aab5217ac
Opcode Fuzzy Hash: 848f1527da37e11cc3f689138f055818a724da4bf4c34a40d76afe79db9c452c
Instruction Fuzzy Hash: D021C121F096C281EE14EF65A45A2BDEAA5AF40FA4FC40137C91E027C4DF3DB546C320

Function 00007FF7DF1B7610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1B76F5
GetProcAddress.KERNEL32 ref: 00007FF7DF1B7705

Strings

GetHandleVerifier, xrefs: 00007FF7DF1B76FB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: e5eba273f52f7a34abbcf694b5f915ff805a9127fad02bed4dc452b8a6850935
Instruction ID: 2144dc6abd1b0ca6b0706e28152753425a5d41224fc246b0f9ee98b953613e78
Opcode Fuzzy Hash: e5eba273f52f7a34abbcf694b5f915ff805a9127fad02bed4dc452b8a6850935
Instruction Fuzzy Hash: BD313A31A09A86C1FE15BB2AF8543FDA764EF45B44FD44137CA0E067A1DF2EF4469260

Function 00007FF7DF1A39D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32 ref: 00007FF7DF1A3A6B
ReadProcessMemory.KERNEL32 ref: 00007FF7DF1A3A9E

Strings

(, xrefs: 00007FF7DF1A3A75

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: MemoryProcessRead
String ID: (
API String ID: 1726664587-3887548279
Opcode ID: 531baab30eeed02b6d1f2f506117fa78fd10a84729120a3dda8947cc871f4f5a
Instruction ID: 7f5d2c213d34e1121ee6ea4c2454a98255fc690d653af571218717e0fc93e255
Opcode Fuzzy Hash: 531baab30eeed02b6d1f2f506117fa78fd10a84729120a3dda8947cc871f4f5a
Instruction Fuzzy Hash: 1E31A222608AD181E6209F66B5153FBF7A4EF89B94F894122EE8C43B54DF3DD146C710

Function 00007FF7DF263548 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF7DF263588
GetCurrentDirectoryW.KERNEL32 ref: 00007FF7DF2635DA

Strings

:, xrefs: 00007FF7DF26359E

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 6adf8b0f6788cc027a1e2594f21990d4a23457130bd86c4aaaeb406bc332cf26
Instruction ID: b61ae629c13ac02c6299c61aa7bb035e7caa163541634d7376e7779a884fb8fe
Opcode Fuzzy Hash: 6adf8b0f6788cc027a1e2594f21990d4a23457130bd86c4aaaeb406bc332cf26
Instruction Fuzzy Hash: D0218F62A086C182FB24AB15D4552AEA3A1FB88B44FC5403AD68D47784DF7CEA85CB64

Function 00007FF7DF1E85A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7DF1E85F5
RaiseException.KERNEL32 ref: 00007FF7DF1E862A

Strings

@, xrefs: 00007FF7DF1E85E8

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ExceptionGlobalMemoryRaiseStatus
String ID: @
API String ID: 367200128-2766056989
Opcode ID: 057bf03a4f30d001adfa67d08adc58afdc050bfd9c2932dc5aec61f55122e9a4
Instruction ID: 7a8653264e1db1ea6acc0c3cfe13cdd9272f1cb9c4e5a63e22d135df5ed3e72c
Opcode Fuzzy Hash: 057bf03a4f30d001adfa67d08adc58afdc050bfd9c2932dc5aec61f55122e9a4
Instruction Fuzzy Hash: 93015222D28BC182E210AB64A4813BEE724FBD9350FA09336F6C941D95DFACD6858B10

Function 00007FF7DF1A2DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF1A2E2D
GetProcAddress.KERNEL32 ref: 00007FF7DF1A2E3D

Strings

GetHandleVerifier, xrefs: 00007FF7DF1A2E33

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: ba1bd3f4365878339932c8a3a84951aeb43458da00e9ce4c1b0eebcd8b1d7715
Instruction ID: 5f87074dacba5507b7e940ec0e10743e7870b09963b2b611a2f4f64dd52a8699
Opcode Fuzzy Hash: ba1bd3f4365878339932c8a3a84951aeb43458da00e9ce4c1b0eebcd8b1d7715
Instruction Fuzzy Hash: F6015B31E0AAC680EE14BF25B6553FCA265AF45B80FC4443BC90E02390DF3EB586E320

Function 00007FF7DF2708D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7DF270919

Strings

bad_variant_access.cc, xrefs: 00007FF7DF2708D4
Bad variant access, xrefs: 00007FF7DF2708DB

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: __std_exception_destroy
String ID: Bad variant access$bad_variant_access.cc
API String ID: 2453523683-4004146108
Opcode ID: 7a0fb0e85af7cfea9e132b1db674c38f63ae633640f175e373c3f148ac3f552a
Instruction ID: 09f60ce1a565c917aa2538521e408cadc8e4f362e417457cab00d7a07b2f23df
Opcode Fuzzy Hash: 7a0fb0e85af7cfea9e132b1db674c38f63ae633640f175e373c3f148ac3f552a
Instruction Fuzzy Hash: 3BE09B15F09AD791FA05F75AA4511ECA2554FC8BA0FD84436DD1C07755EE2CB54B4320

Function 00007FF7DF2666A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DF2666D8
GetDriveTypeW.KERNEL32 ref: 00007FF7DF266718

Strings

:, xrefs: 00007FF7DF266701

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 252c18f42db61fd52c2792dcdd58c5d6fcffa9f098845786b0a67dba0647b2b3
Instruction ID: 08ff47a57bd70d8d9a52b5e3ec02e9f8b9a97f21040eb96448dd0955fffad308
Opcode Fuzzy Hash: 252c18f42db61fd52c2792dcdd58c5d6fcffa9f098845786b0a67dba0647b2b3
Instruction Fuzzy Hash: B9014F6191C69286F720BF61A4612FEA7A0EF84704FC0143BD54D8A695EF3CF5458F24

Function 00007FF7DF22EB90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7DF22EBC3
GetProcAddress.KERNEL32 ref: 00007FF7DF22EBD3

Strings

GetHandleVerifier, xrefs: 00007FF7DF22EBC9

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 774e060a0b1140a97a08e9f8b6801c36755cc8036ca665750c99f12d7c9a3aff
Instruction ID: 4f27099841b73b12cc80a9be516225e052a1574d061f31f23c769671865f7b58
Opcode Fuzzy Hash: 774e060a0b1140a97a08e9f8b6801c36755cc8036ca665750c99f12d7c9a3aff
Instruction Fuzzy Hash: 6B011D24E0DA9681FA18BF66A8652FDA660BF44B50FD44437C80F42394DE6DB586E321

Function 00007FF7DF1B3480 Relevance: 5.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7DF1B34C2
SetLastError.KERNEL32 ref: 00007FF7DF1B34EA
GetLastError.KERNEL32 ref: 00007FF7DF1B34FA
SetLastError.KERNEL32 ref: 00007FF7DF1B3524

Part of subcall function 00007FF7DF22EB90: GetModuleHandleW.KERNEL32 ref: 00007FF7DF22EBC3
Part of subcall function 00007FF7DF22EB90: GetProcAddress.KERNEL32 ref: 00007FF7DF22EBD3

Memory Dump Source

Source File: 00000006.00000002.2526537199.00007FF7DF191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DF190000, based on PE: true

Associated: 00000006.00000002.2526479813.00007FF7DF190000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526755202.00007FF7DF2A2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526810183.00007FF7DF2C4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526851671.00007FF7DF2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526901984.00007FF7DF2CF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526946353.00007FF7DF2D0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2526997919.00007FF7DF2DD000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527051711.00007FF7DF2E8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000006.00000002.2527092956.00007FF7DF2F5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff7df190000_Arc.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID:
API String ID: 1762409328-0
Opcode ID: 58986a47bb8700f0e37abd17a24c4bbb8225d757606f830e24aa780c3def73b6
Instruction ID: 9485bc2933660e3159d201b02a5c52018ccbb87982a81e15d6c415bcc4a4da29
Opcode Fuzzy Hash: 58986a47bb8700f0e37abd17a24c4bbb8225d757606f830e24aa780c3def73b6
Instruction Fuzzy Hash: 35314D32A08682C6EB24BF15F5443ADA7A9EB05750FC04436D78E86691DF7DF8D58720

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Arc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: Arc.exePID: 7952, Parent PID: 3968

General

Chronological Activities

Disassembly

Analysis Process: Arc.exePID: 7952, Parent PID: 3968COMMON

Non-executed Functions

Function 00007FF7DF20962E Relevance: 71.3, APIs: 32, Strings: 8, Instructions: 1322synchronizationCOMMON

Function 00007FF7DF1FD7A0 Relevance: 45.4, APIs: 11, Strings: 14, Instructions: 1657threadtimeCOMMON

Function 00007FF7DF1F40A0 Relevance: 37.3, APIs: 16, Strings: 5, Instructions: 535synchronizationCOMMON

Function 00007FF7DF20ADA0 Relevance: 37.3, APIs: 24, Instructions: 1254COMMON

Function 00007FF7DF1AC0D0 Relevance: 35.7, APIs: 17, Strings: 3, Instructions: 687threadprocesssynchronizationCOMMON

Function 00007FF7DF1A6E00 Relevance: 34.3, APIs: 11, Strings: 8, Instructions: 1080injectionmemoryCOMMON

Function 00007FF7DF296750 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 288threadCOMMON

Windows Analysis Report
Arc.exe