Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
XDelta3.exe

Overview

General Information

Sample Name:XDelta3.exe
Analysis ID:1304926
MD5:1a2bbe17070a0281f5dbc643e740acb8
SHA1:00e4374c1a39434643b53b8d0418e20bd98eeb47
SHA256:8cd3e6814795cd611e61eca644b6a072758c6880655a24e4a36390635137789b
Infos:

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Found evaded block containing many API calls
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • XDelta3.exe (PID: 6724 cmdline: C:\Users\user\Desktop\XDelta3.exe MD5: 1A2BBE17070A0281F5DBC643E740ACB8)
    • conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Spreading
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: XDelta3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: g:\jmacd\svn\xdelta3\release\xdelta3.pdb source: XDelta3.exe
Source: Binary string: g:\jmacd\svn\xdelta3\release\xdelta3.pdb`a source: XDelta3.exe
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004138BF __getdrive,FindFirstFileA,__fullpath,__fullpath,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,0_2_004138BF
Source: XDelta3.exe, 00000000.00000002.366714434.000000000061A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>memstr_9322b205-b
Source: XDelta3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004177770_2_00417777
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004028000_2_00402800
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0040D0C00_2_0040D0C0
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004148DE0_2_004148DE
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004090F00_2_004090F0
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00410CA00_2_00410CA0
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0040C1600_2_0040C160
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004161600_2_00416160
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00421D190_2_00421D19
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0042291F0_2_0042291F
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00423DFE0_2_00423DFE
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00406E400_2_00406E40
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0040F6500_2_0040F650
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0042225B0_2_0042225B
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004096000_2_00409600
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004087000_2_00408700
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00415B390_2_00415B39
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004217D70_2_004217D7
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00408BE00_2_00408BE0
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004237F40_2_004237F4
Source: C:\Users\user\Desktop\XDelta3.exeCode function: String function: 00412A78 appears 218 times
Source: C:\Users\user\Desktop\XDelta3.exeCode function: String function: 0040A610 appears 33 times
Source: C:\Users\user\Desktop\XDelta3.exeCode function: String function: 004160FC appears 38 times
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0040A3A0 ReadFile,GetLastError,_memset,FormatMessageA,_fprintf,_fprintf,0_2_0040A3A0
Source: XDelta3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\XDelta3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\XDelta3.exe C:\Users\user\Desktop\XDelta3.exe
Source: C:\Users\user\Desktop\XDelta3.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_01
Source: classification engineClassification label: clean6.winEXE@2/1@0/0
Source: XDelta3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: g:\jmacd\svn\xdelta3\release\xdelta3.pdb source: XDelta3.exe
Source: Binary string: g:\jmacd\svn\xdelta3\release\xdelta3.pdb`a source: XDelta3.exe
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00416141 push ecx; ret 0_2_00416154
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00419FA5 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00419FA5
Source: C:\Users\user\Desktop\XDelta3.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-17683
Source: C:\Users\user\Desktop\XDelta3.exeEvaded block: after key decisiongraph_0-18878
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_004138BF __getdrive,FindFirstFileA,__fullpath,__fullpath,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,0_2_004138BF
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0041241C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041241C
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00419FA5 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00419FA5
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00413C72 GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,0_2_00413C72
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0041241C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041241C
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0041242B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041242B
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00415280 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00415280
Source: C:\Users\user\Desktop\XDelta3.exeCode function: GetLocaleInfoA,0_2_0041DE07
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0041DAF9 cpuid 0_2_0041DAF9
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0041CFBC __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,0_2_0041CFBC
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_00413C72 GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,0_2_00413C72
Source: C:\Users\user\Desktop\XDelta3.exeCode function: 0_2_0040C160 _memset,_memset,GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_fprintf,_strtol,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,_fprintf,0_2_0040C160

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts3
Native API		Path Interception1
Process Injection		1
Process Injection		1
Input Capture		2
System Time Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS23
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1304926 Sample: XDelta3.exe Startdate: 07/09/2023 Architecture: WINDOWS Score: 6 5 XDelta3.exe 1 2->5         started        process3 7 conhost.exe 5->7         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
XDelta3.exe3%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1304926
Start date and time:2023-09-07 08:10:13 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 2m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample file name:XDelta3.exe
Detection:CLEAN
Classification:clean6.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:Failed
HCA Information:
  • Successful, ratio: 95%
  • Number of executed functions: 6
  • Number of non-executed functions: 53
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: XDelta3.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\XDelta3.exe
File Type:ASCII text, with CRLF, CR line terminators
Category:dropped
Size (bytes):64
Entropy (8bit):4.210882914624721
Encrypted:false
SSDEEP:3:cfFKuRvE5EP550MPEJvn:K7Rv3PEh
MD5:AA348CCB0A6F27A5296517FF22252150
SHA1:9FF33B37C7B75E83B684A90676F5DFB3AE5501E9
SHA-256:9B00910FC21C3C6E58CDD8A4FD3498129C73BEFA73129565A82DC10AC3348A1F
SHA-512:879DFAD8C53348D715D97BCD40B0BBA6D8DCBB97005ED1EBB9D29CFD4B0F646738EEC08054600E821401C613AB6C2A8990604A7734F22C64CD76C4D990AA5FED
Malicious:false
Reputation:low
Preview:xdelta3: input read failed: (stdin): The handle is invalid......

Static File Info

General

File type:PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):6.452646876036035
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:XDelta3.exe
File size:184'320 bytes
MD5:1a2bbe17070a0281f5dbc643e740acb8
SHA1:00e4374c1a39434643b53b8d0418e20bd98eeb47
SHA256:8cd3e6814795cd611e61eca644b6a072758c6880655a24e4a36390635137789b
SHA512:c7f15aae73f01134e5bb40c8368ae74d8ce2d99d31ee9f7652cdfe3f547ecb2fc65a0450343f3d24a3b2ac2d2748f59690a01a18e0e456224970fe7a243bfa90
SSDEEP:3072:PlYiMhYr5bseAeM60UXC164Wqe3v+tHzJO6LMJtcxHpDwi7Nrmg8MPpkEG+trRSK:Pl1j/M60UXQBe3v+tHzJO6LMJtcxRwit
TLSH:FC048C31B5C0D0F1C8A6107265A5CB3A9B36A116533A85E7F7B92FD5AB306F0D33A21D
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."f..f...f...f.......d...A...@...A...F...A...........e...f.......A...g...A...g...A...g...Richf...........PE..L...,..F...........

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x413e28
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows cui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:0x4607032C [Sun Mar 25 23:18:04 2007 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:41043cd6713b2fce95740de7d275bb9d
Instruction
call 00007F19D4A1FA10h
jmp 00007F19D4A19F45h
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [0042B7F8h], eax
mov dword ptr [0042B7F4h], ecx
mov dword ptr [0042B7F0h], edx
mov dword ptr [0042B7ECh], ebx
mov dword ptr [0042B7E8h], esi
mov dword ptr [0042B7E4h], edi
mov word ptr [0042B810h], ss
mov word ptr [0042B804h], cs
mov word ptr [0042B7E0h], ds
mov word ptr [0042B7DCh], es
mov word ptr [0042B7D8h], fs
mov word ptr [0042B7D4h], gs
pushfd
pop dword ptr [0042B808h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0042B7FCh], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [0042B800h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0042B80Ch], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [0042B748h], 00010001h
mov eax, dword ptr [0042B800h]
mov dword ptr [0042B6FCh], eax
mov dword ptr [0042B6F0h], C0000409h
mov dword ptr [0042B6F4h], 00000001h
mov eax, dword ptr [0042A404h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [0042A408h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [0042406Ch]
Programming Language:
  • [C++] VS2005 build 50727
  • [ASM] VS2005 build 50727
  • [ C ] VS2005 build 50727
  • [RES] VS2005 build 50727
  • [LNK] VS2005 build 50727
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x2977c0x28.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000xf8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x241b00x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x292000x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x240000x174.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x22fca0x23000False0.5693010602678571data6.672409060094496IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x240000x5fc40x6000False0.4010009765625data5.815877013653106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x2a0000xd4c40x2000False0.2623291015625data2.74589023396663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x380000xf80x1000False0.04638671875data0.44638350821621453IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x380600x92XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishUnited States0.9041095890410958
DLLImport
KERNEL32.dllCreateFileA, SystemTimeToFileTime, SetFilePointerEx, FormatMessageA, WriteFile, ReadFile, GetFileSizeEx, GetStartupInfoA, GetLastError, GetLocalTime, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, GetCommandLineA, GetVersionExA, GetProcessHeap, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, GetProcAddress, GetModuleHandleA, ExitProcess, GetStdHandle, GetModuleFileNameA, HeapDestroy, HeapCreate, VirtualFree, DeleteCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, SetHandleCount, GetFileType, Sleep, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetFileAttributesA, GetFullPathNameA, GetCurrentDirectoryA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LoadLibraryA, InitializeCriticalSection, SetFilePointer, RtlUnwind, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetTimeZoneInformation, HeapSize, DeleteFileA, RaiseException

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

0246s020406080100

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:08:11:06
Start date:07/09/2023
Path:C:\Users\user\Desktop\XDelta3.exe
Wow64 process (32bit):true
Commandline:C:\Users\user\Desktop\XDelta3.exe
Imagebase:0x400000
File size:184'320 bytes
MD5 hash:1A2BBE17070A0281F5DBC643E740ACB8
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:1
Start time:08:11:07
Start date:07/09/2023
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff766460000
File size:625'664 bytes
MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:2.6%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:20%
Total number of Nodes:2000
Total number of Limit Nodes:68
Show Legend
Hide Nodes/Edges
execution_graph 18137 413c72 18179 4160fc 18137->18179 18139 413c7e GetProcessHeap HeapAlloc 18140 413c9b 18139->18140 18141 413cad GetVersionExA 18139->18141 18387 413c0d 18140->18387 18142 413cc8 GetProcessHeap HeapFree 18141->18142 18143 413cbd GetProcessHeap HeapFree 18141->18143 18145 413cf4 18142->18145 18147 413ca2 __ioinit 18143->18147 18180 4153fb HeapCreate 18145->18180 18148 413d33 18149 413d3f 18148->18149 18150 413c0d _fast_error_exit 68 API calls 18148->18150 18190 417066 GetModuleHandleA 18149->18190 18150->18149 18152 413d45 18153 413d50 __RTC_Initialize 18152->18153 18154 413c0d _fast_error_exit 68 API calls 18152->18154 18223 417375 18153->18223 18154->18153 18156 413d5f 18157 413d6b GetCommandLineA 18156->18157 18158 413f36 __amsg_exit 68 API calls 18156->18158 18240 4195bb 18157->18240 18160 413d6a 18158->18160 18160->18157 18164 413d90 18280 41928f 18164->18280 18165 413f36 __amsg_exit 68 API calls 18165->18164 18168 413da1 18295 41408e 18168->18295 18169 413f36 __amsg_exit 68 API calls 18169->18168 18171 413da9 18172 413db4 18171->18172 18174 413f36 __amsg_exit 68 API calls 18171->18174 18301 40d0c0 GetStartupInfoA 18172->18301 18174->18172 18179->18139 18181 41541b 18180->18181 18182 41541e 18180->18182 18181->18148 18398 4153a0 18182->18398 18185 415451 18185->18148 18186 41542d 18407 4155fc HeapAlloc 18186->18407 18189 41543c HeapDestroy 18189->18181 18191 417081 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 18190->18191 18192 417078 18190->18192 18194 4170cb TlsAlloc 18191->18194 18409 416db9 18192->18409 18197 4171e5 18194->18197 18198 417119 TlsSetValue 18194->18198 18197->18152 18198->18197 18199 41712a 18198->18199 18415 41422e 18199->18415 18202 416cb7 __encode_pointer 5 API calls 18203 41713a 18202->18203 18204 416cb7 __encode_pointer 5 API calls 18203->18204 18205 41714a 18204->18205 18206 416cb7 __encode_pointer 5 API calls 18205->18206 18207 41715a 18206->18207 18208 416cb7 __encode_pointer 5 API calls 18207->18208 18209 41716a 18208->18209 18422 415455 18209->18422 18212 4171e0 18213 416db9 __mtterm 6 API calls 18212->18213 18213->18197 18214 416d23 __decode_pointer 5 API calls 18215 41718b 18214->18215 18215->18212 18216 4175f5 __calloc_crt 68 API calls 18215->18216 18217 4171a4 18216->18217 18217->18212 18218 416d23 __decode_pointer 5 API calls 18217->18218 18219 4171be 18218->18219 18219->18212 18220 4171c5 18219->18220 18221 416df6 __initptd 68 API calls 18220->18221 18222 4171cd GetCurrentThreadId 18221->18222 18222->18197 18429 4160fc 18223->18429 18225 417381 GetStartupInfoA 18226 4175f5 __calloc_crt 68 API calls 18225->18226 18232 4173a2 18226->18232 18227 4175ac __ioinit 18227->18156 18228 417529 GetStdHandle 18235 4174f3 18228->18235 18229 4175f5 __calloc_crt 68 API calls 18229->18232 18230 41758e SetHandleCount 18230->18227 18231 41753b GetFileType 18231->18235 18232->18227 18232->18229 18233 417476 18232->18233 18232->18235 18233->18235 18237 41749f GetFileType 18233->18237 18239 4174aa 18233->18239 18234 417552 18234->18227 18234->18235 18236 419a76 ___crtInitCritSecAndSpinCount 68 API calls 18234->18236 18235->18228 18235->18230 18235->18231 18235->18234 18236->18234 18237->18233 18237->18239 18238 419a76 ___crtInitCritSecAndSpinCount 68 API calls 18238->18239 18239->18227 18239->18233 18239->18238 18241 4195f6 18240->18241 18242 4195d7 GetEnvironmentStringsW 18240->18242 18244 4195df 18241->18244 18245 419691 18241->18245 18243 4195eb GetLastError 18242->18243 18242->18244 18243->18241 18247 419611 GetEnvironmentStringsW 18244->18247 18248 419620 WideCharToMultiByte 18244->18248 18246 419699 GetEnvironmentStrings 18245->18246 18249 413d7b 18245->18249 18246->18249 18250 4196a9 18246->18250 18247->18248 18247->18249 18253 419654 18248->18253 18254 419686 FreeEnvironmentStringsW 18248->18254 18267 419502 18249->18267 18255 4175b5 __malloc_crt 68 API calls 18250->18255 18256 4175b5 __malloc_crt 68 API calls 18253->18256 18254->18249 18257 4196c2 18255->18257 18258 41965a 18256->18258 18259 4196d5 18257->18259 18260 4196c9 FreeEnvironmentStringsA 18257->18260 18258->18254 18261 419663 WideCharToMultiByte 18258->18261 18430 419c40 18259->18430 18260->18249 18263 41967d 18261->18263 18264 419674 18261->18264 18263->18254 18266 412599 ___convertcp 68 API calls 18264->18266 18266->18263 18268 419515 18267->18268 18269 41951a GetModuleFileNameA 18267->18269 18440 416993 18268->18440 18271 419541 18269->18271 18434 41936a 18271->18434 18274 413d85 18274->18164 18274->18165 18275 41957d 18276 4175b5 __malloc_crt 68 API calls 18275->18276 18277 419583 18276->18277 18277->18274 18278 41936a _parse_cmdline 78 API calls 18277->18278 18279 41959d 18278->18279 18279->18274 18281 41929c 18280->18281 18284 4192a1 _strlen 18280->18284 18282 416993 ___initmbctable 111 API calls 18281->18282 18282->18284 18283 4175f5 __calloc_crt 68 API calls 18290 4192d4 _strlen 18283->18290 18284->18283 18287 413d96 18284->18287 18285 41932f 18286 412599 ___convertcp 68 API calls 18285->18286 18286->18287 18287->18168 18287->18169 18288 4175f5 __calloc_crt 68 API calls 18288->18290 18289 419354 18291 412599 ___convertcp 68 API calls 18289->18291 18290->18285 18290->18287 18290->18288 18290->18289 18292 4188a0 _strcpy_s 68 API calls 18290->18292 18293 419319 18290->18293 18291->18287 18292->18290 18293->18290 18294 415280 __invoke_watson 10 API calls 18293->18294 18294->18293 18297 414097 __except_handler4 18295->18297 18635 4198fe 18297->18635 18298 4140b6 __initterm_e 18300 4140d7 __except_handler4 18298->18300 18639 4198ec 18298->18639 18300->18171 18302 40d0e5 __stbuf 18301->18302 18738 4133b4 18302->18738 18304 40d0ee _memset 18755 40cf80 18304->18755 18306 40d59f 18307 40d5e0 18306->18307 18310 40d547 __stbuf 18306->18310 18308 40d614 CreateFileA 18307->18308 18322 40d565 __stbuf 18307->18322 18328 40d716 __stbuf 18307->18328 18311 40d639 GetLastError 18308->18311 18312 40d6f8 18308->18312 18309 40d75f 18314 40d78a 18309->18314 18315 40d7be 18309->18315 18316 4134b2 _fprintf 106 API calls 18310->18316 18313 40d645 _memset 18311->18313 18312->18328 18329 40d70f 18312->18329 18313->18312 18331 40d6ad FormatMessageA 18313->18331 18336 40d65d __stbuf 18313->18336 18318 40d7b0 18314->18318 18319 40d791 18314->18319 18320 40d7b7 18314->18320 19143 40dad0 18315->19143 18330 40d55b 18316->18330 18317 40d582 __stbuf 18335 4134b2 _fprintf 106 API calls 18317->18335 18858 410ca0 18318->18858 18780 40c160 18319->18780 19097 409b10 18320->19097 18327 4134b2 _fprintf 106 API calls 18322->18327 18325 40d160 __mbschr_l __stbuf 18325->18306 18325->18310 18325->18315 18325->18317 18325->18322 18325->18330 18332 40a100 120 API calls 18325->18332 18340 4134b2 _fprintf 106 API calls 18325->18340 18327->18330 18328->18309 18333 4134b2 _fprintf 106 API calls 18328->18333 18329->18330 19223 40a1a0 18329->19223 18330->18329 18341 40d7d5 __stbuf 18330->18341 18331->18336 18332->18325 18333->18309 18335->18330 18336->18318 18336->18319 18336->18320 18339 4134b2 _fprintf 106 API calls 18336->18339 18337 40d7fa 18342 412599 ___convertcp 68 API calls 18337->18342 18338 40d834 18344 40d841 18338->18344 18355 40d84d __stbuf 18338->18355 18339->18312 18340->18325 18341->18337 18345 40d803 __stbuf 18341->18345 18349 4134b2 _fprintf 106 API calls 18341->18349 18342->18345 18343 40d82b 18346 412599 ___convertcp 68 API calls 18343->18346 18347 40a1a0 110 API calls 18344->18347 18345->18338 18345->18343 18354 4134b2 _fprintf 106 API calls 18345->18354 18346->18338 18347->18355 18348 40d8bf 18353 40d8d0 18348->18353 18362 40d8d9 __stbuf 18348->18362 18349->18337 18350 40d879 18351 412599 ___convertcp 68 API calls 18350->18351 18356 40d882 __stbuf 18351->18356 18352 40d8b6 18357 412599 ___convertcp 68 API calls 18352->18357 18358 40a1a0 110 API calls 18353->18358 18354->18343 18355->18350 18355->18356 18360 4134b2 _fprintf 106 API calls 18355->18360 18356->18348 18356->18352 18361 4134b2 _fprintf 106 API calls 18356->18361 18357->18348 18358->18362 18359 40d905 18363 412599 ___convertcp 68 API calls 18359->18363 18360->18350 18361->18352 18362->18359 18365 40d90e __stbuf 18362->18365 18369 4134b2 _fprintf 106 API calls 18362->18369 18363->18365 18364 40d93f 18366 412599 ___convertcp 68 API calls 18364->18366 18365->18364 18370 40d948 __stbuf 18365->18370 18374 4134b2 _fprintf 106 API calls 18365->18374 18366->18370 18367 40d974 18371 412599 ___convertcp 68 API calls 18367->18371 18368 40d9ae 18763 40ce50 18368->18763 18369->18359 18370->18367 18375 40d97d __stbuf 18370->18375 18378 4134b2 _fprintf 106 API calls 18370->18378 18371->18375 18372 40d9a5 18376 412599 ___convertcp 68 API calls 18372->18376 18374->18364 18375->18368 18375->18372 18379 4134b2 _fprintf 106 API calls 18375->18379 18376->18368 18377 40d9b6 __stbuf 19234 412e4c 18377->19234 18378->18367 18379->18372 18381 40d9c4 __stbuf 18382 412e4c 108 API calls 18381->18382 18383 40d9d5 18382->18383 18388 413c16 18387->18388 18389 413c1b 18387->18389 18390 4146a4 __FF_MSGBANNER 68 API calls 18388->18390 18391 414504 __NMSG_WRITE 68 API calls 18389->18391 18390->18389 18392 413c24 18391->18392 18393 413f80 _malloc 3 API calls 18392->18393 18394 413c2e 18393->18394 18394->18147 18399 413fdf ___crtInitCritSecAndSpinCount 68 API calls 18398->18399 18400 4153b7 18399->18400 18401 4153c6 18400->18401 18402 415280 __invoke_watson 10 API calls 18400->18402 18403 414052 ___crtMessageBoxA 68 API calls 18401->18403 18402->18401 18404 4153d2 18403->18404 18405 4153e1 18404->18405 18406 415280 __invoke_watson 10 API calls 18404->18406 18405->18185 18405->18186 18406->18405 18408 415437 18407->18408 18408->18185 18408->18189 18410 416dc3 18409->18410 18414 416dcf 18409->18414 18413 416d23 __decode_pointer 5 API calls 18410->18413 18411 416df1 18411->18411 18412 416de3 TlsFree 18412->18411 18413->18414 18414->18411 18414->18412 18416 416d1a _raise 5 API calls 18415->18416 18417 414234 __init_pointers 18416->18417 18426 419a37 18417->18426 18420 416cb7 __encode_pointer 5 API calls 18421 414270 18420->18421 18421->18202 18423 41545e 18422->18423 18424 419a76 ___crtInitCritSecAndSpinCount 68 API calls 18423->18424 18425 41548c 18423->18425 18424->18423 18425->18212 18425->18214 18427 416cb7 __encode_pointer 5 API calls 18426->18427 18428 414266 18427->18428 18428->18420 18429->18225 18431 419c58 18430->18431 18432 4196dd FreeEnvironmentStringsA 18431->18432 18433 419c7f __VEC_memcpy 18431->18433 18432->18249 18433->18432 18436 419387 18434->18436 18438 4193f4 18436->18438 18444 41d972 18436->18444 18437 4194f2 18437->18274 18437->18275 18438->18437 18439 41d972 78 API calls _parse_cmdline 18438->18439 18439->18438 18441 41699c 18440->18441 18442 4169a3 18440->18442 18450 4167f9 18441->18450 18442->18269 18447 41d921 18444->18447 18448 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 18447->18448 18449 41d932 18448->18449 18449->18436 18451 416805 __ioinit 18450->18451 18452 416f2d __write_nolock 68 API calls 18451->18452 18453 41680e 18452->18453 18454 416530 _LocaleUpdate::_LocaleUpdate 70 API calls 18453->18454 18455 416818 18454->18455 18482 4165d4 18455->18482 18458 4175b5 __malloc_crt 68 API calls 18459 416839 18458->18459 18460 416986 __ioinit 18459->18460 18489 41664e 18459->18489 18460->18442 18463 416965 18463->18460 18468 412599 ___convertcp 68 API calls 18463->18468 18473 416978 18463->18473 18464 416869 InterlockedDecrement 18465 416879 18464->18465 18466 41688a InterlockedIncrement 18464->18466 18465->18466 18470 412599 ___convertcp 68 API calls 18465->18470 18466->18460 18467 4168a0 18466->18467 18467->18460 18472 4155cb __lock 68 API calls 18467->18472 18468->18473 18469 412ff2 __dosmaperr 68 API calls 18474 416958 18469->18474 18471 416889 18470->18471 18471->18466 18476 4168b4 InterlockedDecrement 18472->18476 18473->18469 18474->18460 18477 416930 18476->18477 18478 416943 InterlockedIncrement 18476->18478 18477->18478 18480 412599 ___convertcp 68 API calls 18477->18480 18498 41695a 18478->18498 18481 416942 18480->18481 18481->18478 18483 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 18482->18483 18484 4165e6 18483->18484 18485 4165f1 GetOEMCP 18484->18485 18486 41660f 18484->18486 18488 416601 18485->18488 18487 416614 GetACP 18486->18487 18486->18488 18487->18488 18488->18458 18488->18460 18490 4165d4 getSystemCP 80 API calls 18489->18490 18491 41666c 18490->18491 18492 416677 setSBCS 18491->18492 18493 41669f GetCPInfo 18491->18493 18494 4166b2 _memset __setmbcp_nolock 18491->18494 18495 41241c ___convertcp 5 API calls 18492->18495 18493->18492 18493->18494 18501 4163a6 GetCPInfo 18494->18501 18496 4167f7 18495->18496 18496->18463 18496->18464 18634 4154f3 LeaveCriticalSection 18498->18634 18500 416961 18500->18474 18502 416486 18501->18502 18504 4163dd _memset 18501->18504 18507 41241c ___convertcp 5 API calls 18502->18507 18511 41b133 18504->18511 18509 416528 18507->18509 18509->18494 18510 41af38 ___crtLCMapStringA 103 API calls 18510->18502 18512 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 18511->18512 18513 41b144 18512->18513 18521 41af7b 18513->18521 18516 41af38 18517 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 18516->18517 18518 41af49 18517->18518 18587 41ab96 18518->18587 18522 41afc5 18521->18522 18523 41af9a GetStringTypeW 18521->18523 18524 41b0ac 18522->18524 18525 41afb2 18522->18525 18523->18525 18526 41afba GetLastError 18523->18526 18549 41de07 GetLocaleInfoA 18524->18549 18527 41affe MultiByteToWideChar 18525->18527 18537 41b0a6 18525->18537 18526->18522 18530 41b02b 18527->18530 18527->18537 18529 41241c ___convertcp 5 API calls 18531 416441 18529->18531 18538 412676 _malloc 68 API calls 18530->18538 18544 41b040 _memset ___convertcp 18530->18544 18531->18516 18532 41b0fd GetStringTypeA 18536 41b118 18532->18536 18532->18537 18535 41b079 MultiByteToWideChar 18540 41b0a0 18535->18540 18541 41b08f GetStringTypeW 18535->18541 18542 412599 ___convertcp 68 API calls 18536->18542 18537->18529 18538->18544 18545 41ab7b 18540->18545 18541->18540 18542->18537 18544->18535 18544->18537 18546 41ab83 18545->18546 18547 41ab94 18545->18547 18546->18547 18548 412599 ___convertcp 68 API calls 18546->18548 18547->18537 18548->18547 18550 41de33 18549->18550 18551 41de38 18549->18551 18553 41241c ___convertcp 5 API calls 18550->18553 18580 41e134 18551->18580 18554 41b0d0 18553->18554 18554->18532 18554->18537 18555 41de4e 18554->18555 18556 41de8c GetCPInfo 18555->18556 18560 41df16 18555->18560 18557 41df01 MultiByteToWideChar 18556->18557 18558 41dea3 18556->18558 18557->18560 18564 41debc _strlen 18557->18564 18558->18557 18561 41dea9 GetCPInfo 18558->18561 18559 41241c ___convertcp 5 API calls 18562 41b0f1 18559->18562 18560->18559 18561->18557 18563 41deb6 18561->18563 18562->18532 18562->18537 18563->18557 18563->18564 18565 412676 _malloc 68 API calls 18564->18565 18567 41deee _memset ___convertcp 18564->18567 18565->18567 18566 41df4b MultiByteToWideChar 18568 41df63 18566->18568 18569 41df82 18566->18569 18567->18560 18567->18566 18571 41df87 18568->18571 18572 41df6a WideCharToMultiByte 18568->18572 18570 41ab7b __freea 68 API calls 18569->18570 18570->18560 18573 41df92 WideCharToMultiByte 18571->18573 18574 41dfa6 18571->18574 18572->18569 18573->18569 18573->18574 18575 4175f5 __calloc_crt 68 API calls 18574->18575 18576 41dfae 18575->18576 18576->18569 18577 41dfb7 WideCharToMultiByte 18576->18577 18577->18569 18578 41dfc9 18577->18578 18579 412599 ___convertcp 68 API calls 18578->18579 18579->18569 18583 413261 18580->18583 18584 413278 18583->18584 18585 413036 strtoxl 92 API calls 18584->18585 18586 413285 18585->18586 18586->18550 18588 41abb5 LCMapStringW 18587->18588 18592 41abd0 18587->18592 18589 41abd8 GetLastError 18588->18589 18588->18592 18589->18592 18590 41adcd 18594 41de07 ___ansicp 92 API calls 18590->18594 18591 41ac2a 18593 41ac43 MultiByteToWideChar 18591->18593 18616 41adc4 18591->18616 18592->18590 18592->18591 18601 41ac70 18593->18601 18593->18616 18596 41adf5 18594->18596 18595 41241c ___convertcp 5 API calls 18597 416461 18595->18597 18598 41aee9 LCMapStringA 18596->18598 18599 41ae0e 18596->18599 18596->18616 18597->18510 18602 41ae45 18598->18602 18603 41de4e ___convertcp 75 API calls 18599->18603 18600 41acc1 MultiByteToWideChar 18605 41acda LCMapStringW 18600->18605 18606 41adbb 18600->18606 18608 412676 _malloc 68 API calls 18601->18608 18613 41ac89 ___convertcp 18601->18613 18607 41af10 18602->18607 18612 412599 ___convertcp 68 API calls 18602->18612 18604 41ae20 18603->18604 18609 41ae2a LCMapStringA 18604->18609 18604->18616 18605->18606 18611 41acfb 18605->18611 18610 41ab7b __freea 68 API calls 18606->18610 18615 412599 ___convertcp 68 API calls 18607->18615 18607->18616 18608->18613 18609->18602 18618 41ae4c 18609->18618 18610->18616 18614 41ad03 18611->18614 18620 41ad2c 18611->18620 18612->18607 18613->18600 18613->18616 18614->18606 18617 41ad15 LCMapStringW 18614->18617 18615->18616 18616->18595 18617->18606 18622 41ae5d _memset ___convertcp 18618->18622 18624 412676 _malloc 68 API calls 18618->18624 18619 41ad7b LCMapStringW 18625 41ad93 WideCharToMultiByte 18619->18625 18626 41adb5 18619->18626 18621 41ad47 ___convertcp 18620->18621 18623 412676 _malloc 68 API calls 18620->18623 18621->18606 18621->18619 18622->18602 18628 41ae9b LCMapStringA 18622->18628 18623->18621 18624->18622 18625->18626 18627 41ab7b __freea 68 API calls 18626->18627 18627->18606 18629 41aeb7 18628->18629 18630 41aebb 18628->18630 18633 41ab7b __freea 68 API calls 18629->18633 18632 41de4e ___convertcp 75 API calls 18630->18632 18632->18629 18633->18602 18634->18500 18636 419902 18635->18636 18637 416cb7 __encode_pointer 5 API calls 18636->18637 18638 41991a 18636->18638 18637->18636 18638->18298 18642 4198b0 18639->18642 18641 4198f5 18641->18300 18643 4198bc __ioinit 18642->18643 18650 413f95 18643->18650 18649 4198dd __ioinit 18649->18641 18651 4155cb __lock 68 API calls 18650->18651 18652 413f9c 18651->18652 18653 4197d4 18652->18653 18654 416d23 __decode_pointer 5 API calls 18653->18654 18655 4197e4 18654->18655 18656 416d23 __decode_pointer 5 API calls 18655->18656 18657 4197f5 18656->18657 18661 41986f 18657->18661 18671 41d985 18657->18671 18659 41985a 18660 416cb7 __encode_pointer 5 API calls 18659->18660 18660->18661 18668 4198e6 18661->18668 18662 419831 18662->18661 18665 41763d __realloc_crt 75 API calls 18662->18665 18666 419848 18662->18666 18663 41980f 18663->18659 18663->18662 18684 41763d 18663->18684 18665->18666 18666->18661 18667 416cb7 __encode_pointer 5 API calls 18666->18667 18667->18659 18734 413f9e 18668->18734 18672 41d991 __ioinit 18671->18672 18673 41d9a1 18672->18673 18674 41d9be 18672->18674 18675 412ff2 __dosmaperr 68 API calls 18673->18675 18676 41d9ff HeapSize 18674->18676 18678 4155cb __lock 68 API calls 18674->18678 18677 41d9a6 18675->18677 18680 41d9b6 __ioinit 18676->18680 18679 41537c __stat64i32 5 API calls 18677->18679 18681 41d9ce ___sbh_find_block 18678->18681 18679->18680 18680->18663 18689 41da1f 18681->18689 18685 417641 18684->18685 18687 417683 18685->18687 18688 417664 Sleep 18685->18688 18693 41b520 18685->18693 18687->18662 18688->18685 18692 4154f3 LeaveCriticalSection 18689->18692 18691 41d9fa 18691->18676 18691->18680 18692->18691 18694 41b52c __ioinit 18693->18694 18695 41b541 18694->18695 18696 41b533 18694->18696 18698 41b554 18695->18698 18699 41b548 18695->18699 18697 412676 _malloc 68 API calls 18696->18697 18715 41b53b __dosmaperr __ioinit 18697->18715 18705 41b6c6 18698->18705 18728 41b561 ___sbh_resize_block ___sbh_find_block 18698->18728 18700 412599 ___convertcp 68 API calls 18699->18700 18700->18715 18701 41b6f9 18703 416300 _realloc 5 API calls 18701->18703 18702 41b6cb HeapReAlloc 18702->18705 18702->18715 18706 41b6ff 18703->18706 18704 4155cb __lock 68 API calls 18704->18728 18705->18701 18705->18702 18707 41b71d 18705->18707 18709 416300 _realloc 5 API calls 18705->18709 18711 41b713 18705->18711 18708 412ff2 __dosmaperr 68 API calls 18706->18708 18710 412ff2 __dosmaperr 68 API calls 18707->18710 18707->18715 18708->18715 18709->18705 18712 41b726 GetLastError 18710->18712 18714 412ff2 __dosmaperr 68 API calls 18711->18714 18712->18715 18717 41b694 18714->18717 18715->18685 18716 41b5ec HeapAlloc 18716->18728 18717->18715 18718 41b699 GetLastError 18717->18718 18718->18715 18719 41b641 HeapReAlloc 18719->18728 18720 415e18 ___sbh_alloc_block 5 API calls 18720->18728 18721 41b6ac 18721->18715 18724 412ff2 __dosmaperr 68 API calls 18721->18724 18722 419c40 __VEC_memcpy _realloc 18722->18728 18723 416300 _realloc 5 API calls 18723->18728 18725 41b6b9 18724->18725 18725->18712 18725->18715 18726 41b68f 18727 412ff2 __dosmaperr 68 API calls 18726->18727 18727->18717 18728->18701 18728->18704 18728->18715 18728->18716 18728->18719 18728->18720 18728->18721 18728->18722 18728->18723 18728->18726 18729 41566f VirtualFree VirtualFree HeapFree ___sbh_free_block 18728->18729 18730 41b664 18728->18730 18729->18728 18733 4154f3 LeaveCriticalSection 18730->18733 18732 41b66b 18732->18728 18733->18732 18737 4154f3 LeaveCriticalSection 18734->18737 18736 413fa5 18736->18649 18737->18736 18740 4133c0 __ioinit 18738->18740 18739 4133d3 18741 412ff2 __dosmaperr 68 API calls 18739->18741 18740->18739 18744 41341c 18740->18744 18742 4133d8 18741->18742 18743 41537c __stat64i32 5 API calls 18742->18743 18748 4133e8 __ioinit 18743->18748 18745 412b4f _setvbuf 69 API calls 18744->18745 18746 41342b 18745->18746 18747 412cce __flush 102 API calls 18746->18747 18749 413435 18747->18749 18748->18304 19245 418587 18749->19245 18752 4175b5 __malloc_crt 68 API calls 18753 41344d 18752->18753 19249 4134a8 18753->19249 19252 4136de 18755->19252 18757 40cf97 18757->18325 18758 40cf8e 18758->18757 19265 409e00 18758->19265 18760 40cfd4 18761 409e00 107 API calls 18760->18761 18762 40d01c 18761->18762 18762->18325 18766 40ce8e __stbuf 18763->18766 18768 40ce5e __stbuf 18763->18768 18764 40cf28 __stbuf 18773 40cf55 18764->18773 18775 4134b2 _fprintf 106 API calls 18764->18775 18778 40cf4c 18764->18778 18765 412599 ___convertcp 68 API calls 18765->18766 18771 4134b2 _fprintf 106 API calls 18766->18771 18774 40cebf 18766->18774 18776 40cec8 __stbuf 18766->18776 18767 412599 ___convertcp 68 API calls 18767->18776 18768->18766 18769 4134b2 _fprintf 106 API calls 18768->18769 18772 40ce85 18768->18772 18769->18772 18770 412599 ___convertcp 68 API calls 18770->18773 18771->18774 18772->18765 18773->18377 18774->18767 18775->18778 18776->18764 18777 412599 ___convertcp 68 API calls 18776->18777 18779 4134b2 _fprintf 106 API calls 18776->18779 18777->18776 18778->18770 18779->18776 18781 40c1b7 _memset 18780->18781 18782 40c1ca GetLocalTime SystemTimeToFileTime 18781->18782 18783 40c24d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18782->18783 18784 40cdee __stbuf 18783->18784 18787 40c264 18783->18787 18785 4134b2 _fprintf 106 API calls 18784->18785 18840 40c313 18785->18840 18786 40c2e6 18795 40c40f __stbuf 18786->18795 18802 40c34f 18786->18802 18787->18786 18791 40c2ff __stbuf 18787->18791 18800 40c270 18787->18800 18790 409e00 107 API calls 18799 40c4b3 18790->18799 18796 4134b2 _fprintf 106 API calls 18791->18796 18792 41241c ___convertcp 5 API calls 18794 40ce18 18792->18794 18793 413261 _strtol 92 API calls 18793->18802 18794->18329 18798 4134b2 _fprintf 106 API calls 18795->18798 18795->18800 18796->18840 18797 40c3f2 __stbuf 18803 4134b2 _fprintf 106 API calls 18797->18803 18798->18800 18805 40c4e2 18799->18805 18799->18840 19496 40bb10 18799->19496 19491 40bda0 GetFileSizeEx 18800->19491 18802->18793 18802->18797 18802->18800 18803->18840 18804 40c582 19523 409f80 GetLocalTime SystemTimeToFileTime 18804->19523 18805->18804 18805->18840 19519 409ef0 18805->19519 18808 40c58b 19525 40a3a0 ReadFile 18808->19525 18810 40c60d 18813 40cb07 18810->18813 18810->18840 18856 40c650 __stbuf __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z strtoxq 18810->18856 18811 40c5cc 18811->18810 18811->18840 19536 40b6e0 18811->19536 18814 40a1a0 110 API calls 18813->18814 18815 40cb12 18814->18815 18816 40a1a0 110 API calls 18815->18816 18818 40cb19 18816->18818 18817 40cdb8 18820 409ef0 FormatMessageA 18817->18820 18819 40cb7f 18818->18819 18821 40cb76 18818->18821 18827 40cb32 __stbuf 18818->18827 18819->18817 18828 40cb97 __stbuf 18819->18828 18819->18840 18825 40cdcf __stbuf 18820->18825 18823 40a1a0 110 API calls 18821->18823 18823->18819 18824 40c8d2 GetLocalTime SystemTimeToFileTime 18824->18856 18829 4134b2 _fprintf 106 API calls 18825->18829 18826 40bb10 113 API calls 18826->18856 18831 4134b2 _fprintf 106 API calls 18827->18831 18829->18840 18830 40cb56 __stbuf 18835 4134b2 _fprintf 106 API calls 18830->18835 18831->18840 18832 40a090 104 API calls 18832->18856 18835->18840 18836 4134b2 106 API calls _fprintf 18836->18856 18840->18792 18848 40a020 104 API calls 18848->18856 18850 409fd0 104 API calls 18850->18856 18856->18817 18856->18824 18856->18826 18856->18830 18856->18832 18856->18836 18856->18840 18856->18848 18856->18850 19546 40b950 18856->19546 18859 410cc7 _memset __stbuf 18858->18859 18860 4134b2 _fprintf 106 API calls 18859->18860 18862 410ce9 18860->18862 18861 410d40 _memset 18865 410d9a FormatMessageA 18861->18865 18870 410d4b __stbuf 18861->18870 18862->18861 19666 40de40 18862->19666 18865->18870 18866 410d25 __stbuf 18869 4134b2 _fprintf 106 API calls 18866->18869 18867 410fca __stbuf 18872 4134b2 _fprintf 106 API calls 18867->18872 18868 410e8c __stbuf 18868->18867 18873 4134b2 _fprintf 106 API calls 18868->18873 18876 410d38 _memset __stbuf 18869->18876 18870->18867 18870->18868 18871 4134b2 _fprintf 106 API calls 18870->18871 18871->18876 18878 410fb7 _memset __stbuf 18872->18878 18880 410e79 _memset __stbuf 18873->18880 18874 41230f 19815 40df10 18874->19815 18876->18874 18882 4134b2 _fprintf 106 API calls 18876->18882 18878->18874 18884 4134b2 _fprintf 106 API calls 18878->18884 18879 40df10 167 API calls 18881 41236a 18879->18881 18880->18874 18886 4134b2 _fprintf 106 API calls 18880->18886 18883 40df10 167 API calls 18881->18883 18890 410e26 18882->18890 18885 412374 18883->18885 18893 4110a5 18884->18893 18887 40df10 167 API calls 18885->18887 18895 410f67 18886->18895 18888 41237e 18887->18888 18891 40df10 167 API calls 18888->18891 18889 410e81 _memset 18889->18868 18904 410edb FormatMessageA 18889->18904 18890->18889 19671 40df80 18890->19671 18894 412388 18891->18894 18907 4110ef _memset 18893->18907 19675 40e070 18893->19675 18900 40df10 167 API calls 18894->18900 18896 410fbf _memset 18895->18896 18897 40df80 6 API calls 18895->18897 18896->18867 18908 411019 FormatMessageA 18896->18908 18901 410f9b 18897->18901 18899 410e5d 18899->18889 18902 410e66 __stbuf 18899->18902 18901->18896 18906 410fa4 __stbuf 18901->18906 18914 4134b2 _fprintf 106 API calls 18902->18914 18904->18868 18916 4134b2 _fprintf 106 API calls 18906->18916 18913 41110a FormatMessageA 18907->18913 18918 41112b __stbuf 18907->18918 18908->18867 18909 4110d7 __stbuf 18917 4134b2 _fprintf 106 API calls 18909->18917 18913->18918 18914->18880 18916->18878 18920 4110ea _memset __stbuf 18917->18920 18919 4134b2 _fprintf 106 API calls 18918->18919 18919->18920 18920->18874 18921 4134b2 _fprintf 106 API calls 18920->18921 18922 411196 18921->18922 18925 4111e0 _memset 18922->18925 19682 40e340 18922->19682 18924 4111c2 18924->18925 18926 4111c8 __stbuf 18924->18926 18927 4111fb FormatMessageA 18925->18927 18929 41121c __stbuf 18925->18929 18928 4134b2 _fprintf 106 API calls 18926->18928 18927->18929 18931 4111db _memset __stbuf 18928->18931 18930 4134b2 _fprintf 106 API calls 18929->18930 18930->18931 18931->18874 18932 4134b2 _fprintf 106 API calls 18931->18932 18933 411287 18932->18933 18934 4112a5 __stbuf 18933->18934 18935 4112bd 18933->18935 18938 4134b2 _fprintf 106 API calls 18934->18938 18936 409ef0 FormatMessageA 18935->18936 18937 4112d4 __stbuf 18936->18937 18939 4134b2 _fprintf 106 API calls 18937->18939 18940 4112b8 _memset __stbuf 18938->18940 18939->18940 18941 4134b2 _fprintf 106 API calls 18940->18941 18943 411327 18941->18943 19098 409b1a __stbuf 19097->19098 19099 4134b2 _fprintf 106 API calls 19098->19099 19100 409b23 __stbuf 19099->19100 19101 4134b2 _fprintf 106 API calls 19100->19101 19102 409b3b __stbuf 19101->19102 19103 4134b2 _fprintf 106 API calls 19102->19103 19104 409b53 __stbuf 19103->19104 19105 4134b2 _fprintf 106 API calls 19104->19105 19106 409b6b __stbuf 19105->19106 19107 4134b2 _fprintf 106 API calls 19106->19107 19108 409b83 __stbuf 19107->19108 19109 4134b2 _fprintf 106 API calls 19108->19109 19110 409b9b __stbuf 19109->19110 19111 4134b2 _fprintf 106 API calls 19110->19111 19112 409bb3 __stbuf 19111->19112 19113 4134b2 _fprintf 106 API calls 19112->19113 19114 409bcb __stbuf 19113->19114 19115 4134b2 _fprintf 106 API calls 19114->19115 19116 409be6 __stbuf 19115->19116 19117 4134b2 _fprintf 106 API calls 19116->19117 19118 409bfe __stbuf 19117->19118 19119 4134b2 _fprintf 106 API calls 19118->19119 19120 409c16 __stbuf 19119->19120 19121 4134b2 _fprintf 106 API calls 19120->19121 19122 409c2e __stbuf 19121->19122 19123 4134b2 _fprintf 106 API calls 19122->19123 19124 409c46 __stbuf 19123->19124 19144 40dada __stbuf 19143->19144 19145 4134b2 _fprintf 106 API calls 19144->19145 19146 40dae3 __stbuf 19145->19146 19147 4134b2 _fprintf 106 API calls 19146->19147 19148 40daf9 __stbuf 19147->19148 19149 4134b2 _fprintf 106 API calls 19148->19149 19150 40db0f __stbuf 19149->19150 19151 4134b2 _fprintf 106 API calls 19150->19151 19152 40db25 __stbuf 19151->19152 19153 4134b2 _fprintf 106 API calls 19152->19153 19154 40db3b __stbuf 19153->19154 19155 4134b2 _fprintf 106 API calls 19154->19155 19156 40db56 __stbuf 19155->19156 19157 4134b2 _fprintf 106 API calls 19156->19157 19158 40db6c __stbuf 19157->19158 19159 4134b2 _fprintf 106 API calls 19158->19159 19160 40db82 __stbuf 19159->19160 19161 4134b2 _fprintf 106 API calls 19160->19161 19162 40db98 __stbuf 19161->19162 19163 4134b2 _fprintf 106 API calls 19162->19163 19164 40dbae __stbuf 19163->19164 19165 4134b2 _fprintf 106 API calls 19164->19165 19166 40dbc4 __stbuf 19165->19166 19167 4134b2 _fprintf 106 API calls 19166->19167 19168 40dbda __stbuf 19167->19168 19169 4134b2 _fprintf 106 API calls 19168->19169 19170 40dbf0 __stbuf 19169->19170 19171 4134b2 _fprintf 106 API calls 19170->19171 19172 40dc06 __stbuf 19171->19172 19173 4134b2 _fprintf 106 API calls 19172->19173 19174 40dc1c __stbuf 19173->19174 19175 4134b2 _fprintf 106 API calls 19174->19175 19224 40a1aa 19223->19224 19225 40a1ae CloseHandle 19223->19225 19224->18341 19226 40a1c0 GetLastError 19225->19226 19227 40a1c6 19225->19227 19226->19227 19228 40a1e8 GetLastError 19227->19228 19233 40a21a 19227->19233 19229 40a1ee 19228->19229 19230 409ef0 FormatMessageA 19229->19230 19231 40a1fc __stbuf 19230->19231 19232 4134b2 _fprintf 106 API calls 19231->19232 19232->19233 19233->18341 19235 412e58 __ioinit 19234->19235 19236 412e68 19235->19236 19237 412e5f 19235->19237 19239 412b4f _setvbuf 69 API calls 19236->19239 20460 412d72 19237->20460 19240 412e70 19239->19240 20470 412d30 19240->20470 19242 412e65 __ioinit 19242->18381 19243 412e7c 20482 412e95 19243->20482 19246 41343b 19245->19246 19247 418593 19245->19247 19246->18752 19246->18753 19247->19246 19248 412599 ___convertcp 68 API calls 19247->19248 19248->19246 19250 412ba1 _setvbuf 2 API calls 19249->19250 19251 4134b0 19250->19251 19251->18748 19255 4136ea __ioinit _strnlen 19252->19255 19253 4136f8 19254 412ff2 __dosmaperr 68 API calls 19253->19254 19256 4136fd 19254->19256 19255->19253 19258 41372c 19255->19258 19257 41537c __stat64i32 5 API calls 19256->19257 19263 41370d __ioinit 19257->19263 19259 4155cb __lock 68 API calls 19258->19259 19260 413733 19259->19260 19276 41365d 19260->19276 19262 41373f 19283 413758 19262->19283 19263->18758 19266 412676 _malloc 68 API calls 19265->19266 19267 409e07 19266->19267 19268 409e10 _memset 19267->19268 19269 409e6f __stbuf 19267->19269 19270 409e54 __stbuf 19268->19270 19273 409e2e FormatMessageA 19268->19273 19271 4134b2 _fprintf 106 API calls 19269->19271 19272 409e8d 19269->19272 19274 4134b2 _fprintf 106 API calls 19270->19274 19271->19272 19272->18760 19273->19270 19275 409e68 19274->19275 19275->18760 19277 413671 19276->19277 19278 41366d 19276->19278 19279 4136d0 19277->19279 19281 413684 _strlen 19277->19281 19286 41880b 19277->19286 19278->19262 19279->19262 19281->19279 19296 418764 19281->19296 19490 4154f3 LeaveCriticalSection 19283->19490 19285 41375f 19285->19263 19287 418824 19286->19287 19288 418889 19286->19288 19287->19288 19289 41882a WideCharToMultiByte 19287->19289 19290 4175f5 __calloc_crt 68 API calls 19287->19290 19291 41884d WideCharToMultiByte 19287->19291 19295 412599 ___convertcp 68 API calls 19287->19295 19299 41c993 19287->19299 19288->19281 19289->19287 19289->19288 19290->19287 19291->19287 19292 418895 19291->19292 19293 412599 ___convertcp 68 API calls 19292->19293 19293->19288 19295->19287 19391 418678 19296->19391 19300 41c9c4 19299->19300 19301 41c9a7 19299->19301 19302 41ca21 19300->19302 19345 41be31 19300->19345 19303 412ff2 __dosmaperr 68 API calls 19301->19303 19304 412ff2 __dosmaperr 68 API calls 19302->19304 19306 41c9ac 19303->19306 19333 41c9bc 19304->19333 19307 41537c __stat64i32 5 API calls 19306->19307 19307->19333 19309 41ca02 19311 41ca5f 19309->19311 19312 41ca34 19309->19312 19314 41ca18 19309->19314 19311->19333 19357 41c8e9 19311->19357 19316 4175b5 __malloc_crt 68 API calls 19312->19316 19312->19333 19317 41880b ___wtomb_environ 121 API calls 19314->19317 19320 41ca44 19316->19320 19318 41ca1d 19317->19318 19318->19302 19318->19311 19319 41cadf 19321 41cbc5 19319->19321 19326 41cae8 19319->19326 19320->19311 19325 4175b5 __malloc_crt 68 API calls 19320->19325 19320->19333 19323 412599 ___convertcp 68 API calls 19321->19323 19322 41ca91 19324 412599 ___convertcp 68 API calls 19322->19324 19323->19333 19329 41ca9b 19324->19329 19325->19311 19327 417688 __recalloc_crt 75 API calls 19326->19327 19326->19333 19330 41caa1 _strlen 19327->19330 19328 41cbae 19332 412599 ___convertcp 68 API calls 19328->19332 19328->19333 19329->19330 19361 417688 19329->19361 19330->19328 19330->19333 19334 4175f5 __calloc_crt 68 API calls 19330->19334 19332->19333 19333->19287 19335 41cb4b _strlen 19334->19335 19335->19328 19336 4188a0 _strcpy_s 68 API calls 19335->19336 19337 41cb64 19336->19337 19338 41cb78 SetEnvironmentVariableA 19337->19338 19339 415280 __invoke_watson 10 API calls 19337->19339 19340 41cb99 19338->19340 19341 41cba2 19338->19341 19342 41cb75 19339->19342 19343 412ff2 __dosmaperr 68 API calls 19340->19343 19344 412599 ___convertcp 68 API calls 19341->19344 19342->19338 19343->19341 19344->19328 19366 41bd77 19345->19366 19347 41be40 19347->19302 19347->19309 19348 41c936 19347->19348 19349 41c942 19348->19349 19350 41c944 19348->19350 19349->19309 19351 4175f5 __calloc_crt 68 API calls 19350->19351 19352 41c95c 19351->19352 19353 413f36 __amsg_exit 68 API calls 19352->19353 19356 41c96e 19352->19356 19353->19356 19354 41c98a 19354->19309 19356->19354 19373 41e61e 19356->19373 19360 41c8f2 19357->19360 19358 41c91a 19358->19319 19358->19322 19359 418764 ___crtsetenv 112 API calls 19359->19360 19360->19358 19360->19359 19364 41768c 19361->19364 19363 4176d3 19363->19330 19364->19363 19365 4176b4 Sleep 19364->19365 19381 41b73b 19364->19381 19365->19364 19367 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 19366->19367 19368 41bd89 19367->19368 19369 412ff2 __dosmaperr 68 API calls 19368->19369 19372 41bda7 __mbschr_l 19368->19372 19370 41bd97 19369->19370 19371 41537c __stat64i32 5 API calls 19370->19371 19371->19372 19372->19347 19374 41e62e _strlen 19373->19374 19380 41e62a 19373->19380 19375 412676 _malloc 68 API calls 19374->19375 19376 41e63f 19375->19376 19377 4188a0 _strcpy_s 68 API calls 19376->19377 19376->19380 19378 41e64f 19377->19378 19379 415280 __invoke_watson 10 API calls 19378->19379 19378->19380 19379->19380 19380->19356 19382 41b746 19381->19382 19383 41b76f 19381->19383 19382->19383 19385 41b753 19382->19385 19384 41b520 _realloc 74 API calls 19383->19384 19386 41b77e 19384->19386 19387 412ff2 __dosmaperr 68 API calls 19385->19387 19386->19364 19388 41b758 19387->19388 19389 41537c __stat64i32 5 API calls 19388->19389 19390 41b768 19389->19390 19390->19364 19392 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 19391->19392 19393 41868a 19392->19393 19394 4186ab 19393->19394 19395 4186de 19393->19395 19408 418693 19393->19408 19396 412ff2 __dosmaperr 68 API calls 19394->19396 19397 418702 19395->19397 19398 4186e8 19395->19398 19399 4186b0 19396->19399 19401 41870a 19397->19401 19402 41871e 19397->19402 19400 412ff2 __dosmaperr 68 API calls 19398->19400 19403 41537c __stat64i32 5 API calls 19399->19403 19404 4186ed 19400->19404 19409 41c7f1 19401->19409 19429 41c7b1 19402->19429 19403->19408 19407 41537c __stat64i32 5 API calls 19404->19407 19407->19408 19408->19281 19410 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 19409->19410 19411 41c803 19410->19411 19412 41c824 19411->19412 19413 41c857 19411->19413 19425 41c80c 19411->19425 19414 412ff2 __dosmaperr 68 API calls 19412->19414 19415 41c861 19413->19415 19416 41c87b 19413->19416 19417 41c829 19414->19417 19418 412ff2 __dosmaperr 68 API calls 19415->19418 19419 41c885 19416->19419 19420 41c89a 19416->19420 19421 41537c __stat64i32 5 API calls 19417->19421 19422 41c866 19418->19422 19434 41e145 19419->19434 19424 41c7b1 ___crtCompareStringA 101 API calls 19420->19424 19421->19425 19426 41537c __stat64i32 5 API calls 19422->19426 19427 41c8b4 19424->19427 19425->19408 19426->19425 19427->19425 19428 412ff2 __dosmaperr 68 API calls 19427->19428 19428->19425 19430 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 19429->19430 19431 41c7c2 19430->19431 19450 41c428 19431->19450 19435 41e159 19434->19435 19445 41e17e ___ascii_strnicmp 19434->19445 19436 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 19435->19436 19437 41e164 19436->19437 19438 41e169 19437->19438 19439 41e19e 19437->19439 19440 412ff2 __dosmaperr 68 API calls 19438->19440 19442 41e1a8 19439->19442 19449 41e1d0 19439->19449 19441 41e16e 19440->19441 19443 41537c __stat64i32 5 API calls 19441->19443 19444 412ff2 __dosmaperr 68 API calls 19442->19444 19443->19445 19447 41e1ad 19444->19447 19445->19425 19446 41e69b 103 API calls __tolower_l 19446->19449 19448 41537c __stat64i32 5 API calls 19447->19448 19448->19445 19449->19445 19449->19446 19451 41c452 CompareStringW 19450->19451 19456 41c469 19450->19456 19452 41c475 GetLastError 19451->19452 19451->19456 19452->19456 19453 41241c ___convertcp 5 API calls 19455 41c7af 19453->19455 19454 41c6ea 19457 41de07 ___ansicp 92 API calls 19454->19457 19455->19408 19456->19454 19458 41c4f9 19456->19458 19469 41c4d6 19456->19469 19459 41c710 19457->19459 19460 41c5b7 MultiByteToWideChar 19458->19460 19464 41c53b GetCPInfo 19458->19464 19458->19469 19461 41c771 CompareStringA 19459->19461 19462 41de4e ___convertcp 75 API calls 19459->19462 19459->19469 19460->19469 19470 41c5d7 19460->19470 19463 41c78f 19461->19463 19461->19469 19466 41c735 19462->19466 19467 412599 ___convertcp 68 API calls 19463->19467 19465 41c54c 19464->19465 19464->19469 19465->19460 19465->19469 19466->19469 19474 41de4e ___convertcp 75 API calls 19466->19474 19471 41c795 19467->19471 19468 41c62e MultiByteToWideChar 19472 41c647 MultiByteToWideChar 19468->19472 19473 41c6d8 19468->19473 19469->19453 19475 412676 _malloc 68 API calls 19470->19475 19481 41c5f4 ___convertcp 19470->19481 19476 412599 ___convertcp 68 API calls 19471->19476 19472->19473 19484 41c65e 19472->19484 19478 41ab7b __freea 68 API calls 19473->19478 19477 41c756 19474->19477 19475->19481 19476->19469 19479 41c76b 19477->19479 19480 41c75f 19477->19480 19478->19469 19479->19461 19482 412599 ___convertcp 68 API calls 19480->19482 19481->19468 19481->19469 19482->19469 19483 41c6a8 MultiByteToWideChar 19485 41c6d2 19483->19485 19486 41c6bb CompareStringW 19483->19486 19487 41c674 ___convertcp 19484->19487 19488 412676 _malloc 68 API calls 19484->19488 19489 41ab7b __freea 68 API calls 19485->19489 19486->19485 19487->19473 19487->19483 19488->19487 19489->19473 19490->19285 19492 40bdb4 GetLastError 19491->19492 19494 40bdc1 __stbuf 19491->19494 19492->19494 19493 40be0e 19493->18790 19494->19493 19495 4134b2 _fprintf 106 API calls 19494->19495 19495->19493 19497 40bb3f 19496->19497 19503 40bb26 19496->19503 19565 40a2b0 19497->19565 19499 40bb4c 19500 40bb57 GetFileSizeEx 19499->19500 19501 40bd87 19499->19501 19502 40bb6b GetLastError 19500->19502 19500->19503 19501->18805 19502->19503 19503->19501 19508 40bc52 __stbuf 19503->19508 19578 409fd0 19503->19578 19504 40bc75 19507 409e00 107 API calls 19504->19507 19506 40bc37 __stbuf 19511 4134b2 _fprintf 106 API calls 19506->19511 19512 40bc8c 19507->19512 19508->19504 19509 4134b2 _fprintf 106 API calls 19508->19509 19509->19504 19510 40bc95 19510->18805 19511->19508 19512->19510 19513 409e00 107 API calls 19512->19513 19514 40bcfa _memset 19512->19514 19513->19512 19514->19501 19515 40bd33 FormatMessageA 19514->19515 19516 40bd1e __stbuf 19514->19516 19515->19516 19517 4134b2 _fprintf 106 API calls 19516->19517 19518 40bd7b 19517->19518 19518->18805 19521 409ef7 _memset 19519->19521 19520 409f32 19520->18805 19521->19520 19522 409f0b FormatMessageA 19521->19522 19522->19520 19524 409fb2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19523->19524 19524->18808 19526 40a3b9 GetLastError 19525->19526 19529 40a435 __stbuf 19525->19529 19527 40a3c5 19526->19527 19528 40a3ce _memset 19526->19528 19527->19528 19527->19529 19530 40a410 __stbuf 19528->19530 19533 40a3e9 FormatMessageA 19528->19533 19531 4134b2 _fprintf 106 API calls 19529->19531 19532 40a45e 19529->19532 19534 4134b2 _fprintf 106 API calls 19530->19534 19531->19532 19532->18811 19533->19530 19535 40a42d 19534->19535 19535->18811 19537 40b70b 19536->19537 19541 40b6f3 19536->19541 19537->18810 19538 409e00 107 API calls 19539 40b7c5 19538->19539 19540 40b7cf 19539->19540 19542 40b7e9 19539->19542 19543 40b7fb 19539->19543 19540->18810 19541->19537 19541->19538 19541->19541 19544 41251e 104 API calls 19542->19544 19545 41251e 104 API calls 19543->19545 19544->19537 19545->19537 19547 40b965 __mbschr_l 19546->19547 19550 40b96e 19546->19550 19547->19550 19654 40b850 19547->19654 19550->18856 19551 40b850 107 API calls 19551->19550 19566 40a2e7 CreateFileA 19565->19566 19567 40a2c9 __stbuf 19565->19567 19569 40a329 GetLastError 19566->19569 19570 40a37e 19566->19570 19571 4134b2 _fprintf 106 API calls 19567->19571 19573 40a333 19569->19573 19570->19499 19572 40a2dc 19571->19572 19572->19499 19573->19570 19574 409ef0 FormatMessageA 19573->19574 19575 40a358 __stbuf 19574->19575 19576 4134b2 _fprintf 106 API calls 19575->19576 19577 40a373 19576->19577 19577->19499 19579 409fe0 19578->19579 19580 409fff 19579->19580 19583 41251e 19579->19583 19580->19506 19584 412549 19583->19584 19585 41252c 19583->19585 19584->19585 19587 412550 19584->19587 19586 412ff2 __dosmaperr 68 API calls 19585->19586 19588 412531 19586->19588 19589 4148de __output_l 104 API calls 19587->19589 19590 41537c __stat64i32 5 API calls 19588->19590 19591 412576 19589->19591 19592 40a017 19590->19592 19591->19592 19594 4146dd 19591->19594 19592->19506 19595 417e19 __flush 68 API calls 19594->19595 19596 4146eb 19595->19596 19597 4146f6 19596->19597 19598 41470d 19596->19598 19600 412ff2 __dosmaperr 68 API calls 19597->19600 19599 414711 19598->19599 19609 41471e __stbuf 19598->19609 19601 412ff2 __dosmaperr 68 API calls 19599->19601 19608 4146fb 19600->19608 19601->19608 19602 41480c 19604 417d3d __locking 102 API calls 19602->19604 19603 41478c 19605 4147a3 19603->19605 19610 4147c0 19603->19610 19604->19608 19607 41a48d __write_nolock 68 API calls 19611 414773 19607->19611 19608->19592 19609->19607 19609->19608 19609->19611 19614 41477e 19609->19614 19610->19608 19611->19614 19615 41a449 19611->19615 19614->19602 19614->19603 19616 4175b5 __malloc_crt 68 API calls 19615->19616 19658 40b85f _strrchr 19654->19658 19659 40b929 19654->19659 19655 40b946 19655->19550 19655->19551 19657 4134b2 _fprintf 106 API calls 19657->19659 19658->19658 19658->19659 19660 409e00 107 API calls 19658->19660 19661 40b8c9 __stbuf _strncpy 19658->19661 19659->19655 19662 40b620 19659->19662 19660->19661 19661->19657 19661->19659 19664 40b628 __stbuf 19662->19664 19669 40de50 19666->19669 19670 40deaf 19669->19670 19826 41360e 19669->19826 19829 41e940 19669->19829 19670->18861 19670->18866 19672 40df94 19671->19672 19886 404760 19672->19886 19674 40dfa6 19674->18899 19679 40e090 __stbuf 19675->19679 19676 4134b2 106 API calls _fprintf 19676->19679 19677 41241c ___convertcp 5 API calls 19680 40e32e 19677->19680 19678 40e266 19678->19677 19679->19676 19679->19678 19679->19679 19681 4044d0 __VEC_memcpy 19679->19681 19680->18907 19680->18909 19681->19679 19684 40e354 __stbuf 19682->19684 19683 404760 6 API calls 19683->19684 19684->19683 19685 4134b2 106 API calls _fprintf 19684->19685 19686 40e3e4 19684->19686 19685->19684 19686->18924 19816 40df1a 19815->19816 20124 41e872 19816->20124 19818 40df66 19819 41241c ___convertcp 5 API calls 19818->19819 19821 40df74 19819->19821 19820 412ff2 __dosmaperr 68 API calls 19822 40df2e 19820->19822 19821->18879 19822->19818 19822->19820 19823 41251e 104 API calls 19822->19823 19825 41e872 70 API calls 19822->19825 20131 412ea8 19822->20131 19823->19822 19825->19822 19827 416f2d __write_nolock 68 API calls 19826->19827 19828 413613 19827->19828 19828->19669 19830 41e949 19829->19830 19832 41e97b 19829->19832 19831 41e976 19830->19831 19830->19832 19846 41f81e 19831->19846 19837 41e998 19832->19837 19834 41e98b 19834->19669 19836 41f816 19836->19669 19838 41e99f 19837->19838 19839 41ea00 19838->19839 19840 41e9bf 19838->19840 19842 41feee 19839->19842 19851 41fff7 19839->19851 19840->19842 19844 41fff7 69 API calls 19840->19844 19842->19834 19845 41ff1e 19844->19845 19845->19834 19850 41f823 19846->19850 19849 41f8b0 19849->19836 19850->19849 19877 4204f9 19850->19877 19852 420000 19851->19852 19855 4216db 19852->19855 19856 42170a __handle_exc 19855->19856 19858 421721 __87except __ctrlfp 19856->19858 19863 423ace 19856->19863 19860 4217c1 19858->19860 19866 423cd0 19858->19866 19861 41241c ___convertcp 5 API calls 19860->19861 19862 41ea4e 19861->19862 19862->19834 19873 4237f4 19863->19873 19867 423cd9 19866->19867 19868 423cec 19866->19868 19869 423cf1 19867->19869 19871 412ff2 __dosmaperr 68 API calls 19867->19871 19870 412ff2 __dosmaperr 68 API calls 19868->19870 19869->19860 19870->19869 19872 423ce5 19871->19872 19872->19860 19874 423819 __raise_exc_ex 19873->19874 19875 423a0c RaiseException 19874->19875 19876 423a25 19875->19876 19876->19858 19878 42052d 19877->19878 19881 420538 19877->19881 19879 416d23 __decode_pointer 5 API calls 19878->19879 19879->19881 19880 42060f 19882 41fa37 19880->19882 19884 412ff2 __dosmaperr 68 API calls 19880->19884 19881->19880 19881->19882 19883 420589 19881->19883 19882->19836 19883->19882 19885 412ff2 __dosmaperr 68 API calls 19883->19885 19884->19882 19885->19882 19887 404781 19886->19887 19887->19887 19892 4044d0 19887->19892 19890 41241c ___convertcp 5 API calls 19891 4047c3 19890->19891 19891->19674 19893 4044e0 19892->19893 19894 419c40 _realloc __VEC_memcpy 19893->19894 19895 404531 19893->19895 19894->19893 19895->19890 20125 41e848 DeleteFileA 20124->20125 20126 41e856 GetLastError 20125->20126 20127 41e85e 20125->20127 20126->20127 20128 41e86f 20127->20128 20129 413018 __dosmaperr 68 API calls 20127->20129 20128->19822 20130 41e86a 20129->20130 20130->19822 20159 413761 20131->20159 20160 41376d __ioinit 20159->20160 20161 4155cb __lock 68 API calls 20160->20161 20162 413774 20161->20162 20163 413788 20162->20163 20166 4137be 20162->20166 20164 412ff2 __dosmaperr 68 API calls 20163->20164 20165 41378d 20164->20165 20168 41537c __stat64i32 5 API calls 20165->20168 20167 41365d _getenv 122 API calls 20166->20167 20170 4137c6 _strlen 20167->20170 20182 41379c 20168->20182 20170->20182 20305 418a23 20170->20305 20312 41383e 20182->20312 20306 418905 __calloc_impl 68 API calls 20305->20306 20307 418a3b 20306->20307 20308 412ff2 __dosmaperr 68 API calls 20307->20308 20311 4137df 20307->20311 20315 4154f3 LeaveCriticalSection 20312->20315 20314 413845 20315->20314 20461 412d7e __ioinit 20460->20461 20462 4155cb __lock 68 API calls 20461->20462 20469 412d8d 20462->20469 20463 412e25 20493 412e43 20463->20493 20466 412e31 __ioinit 20466->19242 20468 412d30 106 API calls _flsall 20468->20469 20469->20463 20469->20468 20485 412b7e 20469->20485 20490 412e14 20469->20490 20471 412d42 20470->20471 20472 412d39 20470->20472 20474 412cce __flush 102 API calls 20471->20474 20473 412d72 _flsall 106 API calls 20472->20473 20475 412d3f 20473->20475 20476 412d48 20474->20476 20475->19243 20477 412d4d 20476->20477 20478 417e19 __flush 68 API calls 20476->20478 20477->19243 20479 412d60 20478->20479 20503 417e46 20479->20503 20483 412ba1 _setvbuf 2 API calls 20482->20483 20484 412e9d 20483->20484 20484->19242 20486 412b92 EnterCriticalSection 20485->20486 20487 412b87 20485->20487 20486->20469 20488 4155cb __lock 68 API calls 20487->20488 20489 412b90 20488->20489 20489->20469 20496 412bd0 20490->20496 20492 412e22 20492->20469 20502 4154f3 LeaveCriticalSection 20493->20502 20495 412e4a 20495->20466 20497 412be4 LeaveCriticalSection 20496->20497 20498 412bd9 20496->20498 20497->20492 20501 4154f3 LeaveCriticalSection 20498->20501 20500 412be2 20500->20492 20501->20500 20502->20495 20504 417e52 __ioinit 20503->20504 20505 417e5a 20504->20505 20506 417e6d 20504->20506 20508 412ff2 __dosmaperr 68 API calls 20505->20508 20507 417e7b 20506->20507 20512 417eb5 20506->20512 20509 412ff2 __dosmaperr 68 API calls 20507->20509 20510 417e5f __ioinit 20508->20510 20514 41bb4f ___lock_fhandle 69 API calls 20512->20514 17260 40a3a0 ReadFile 17261 40a3b9 GetLastError 17260->17261 17264 40a435 __stbuf 17260->17264 17262 40a3c5 17261->17262 17263 40a3ce _memset 17261->17263 17262->17263 17262->17264 17265 40a410 __stbuf 17263->17265 17268 40a3e9 FormatMessageA 17263->17268 17266 4134b2 _fprintf 106 API calls 17264->17266 17267 40a45e 17264->17267 17271 4134b2 17265->17271 17266->17267 17268->17265 17270 40a42d 17272 4134be __ioinit 17271->17272 17273 4134d1 17272->17273 17275 4134fd 17272->17275 17308 412ff2 17273->17308 17314 412b4f 17275->17314 17278 413506 17302 4135b3 17278->17302 17320 417e19 17278->17320 17282 41351a 17287 417e19 __flush 68 API calls 17282->17287 17304 413542 17282->17304 17285 4134e6 __ioinit 17285->17270 17289 413526 17287->17289 17295 417e19 __flush 68 API calls 17289->17295 17289->17304 17291 412ff2 __dosmaperr 68 API calls 17296 4135a3 17291->17296 17292 417e19 __flush 68 API calls 17293 41355f 17292->17293 17297 413587 17293->17297 17300 417e19 __flush 68 API calls 17293->17300 17294 4135df 17375 4135f7 17294->17375 17298 413532 17295->17298 17299 41537c __stat64i32 5 API calls 17296->17299 17297->17291 17297->17302 17301 417e19 __flush 68 API calls 17298->17301 17299->17302 17303 41356b 17300->17303 17301->17304 17302->17294 17327 4185b3 17302->17327 17303->17297 17305 417e19 __flush 68 API calls 17303->17305 17304->17292 17304->17297 17306 413577 17305->17306 17307 417e19 __flush 68 API calls 17306->17307 17307->17297 17378 416eaa GetLastError 17308->17378 17310 412ff7 17311 41537c 17310->17311 17312 416d23 __decode_pointer 5 API calls 17311->17312 17313 41538a __invoke_watson 17312->17313 17315 412b73 EnterCriticalSection 17314->17315 17316 412b5c 17314->17316 17315->17278 17316->17315 17317 412b63 17316->17317 17318 4155cb __lock 68 API calls 17317->17318 17319 412b71 17318->17319 17319->17278 17321 417e41 17320->17321 17322 417e24 17320->17322 17321->17282 17323 412ff2 __dosmaperr 68 API calls 17322->17323 17324 417e29 17323->17324 17325 41537c __stat64i32 5 API calls 17324->17325 17326 417e39 17325->17326 17326->17282 17328 417e19 __flush 68 API calls 17327->17328 17329 4185be 17328->17329 17754 41a48d 17329->17754 17331 4135c5 17334 4148de 17331->17334 17332 4185c4 __stbuf 17332->17331 17333 4175b5 __malloc_crt 68 API calls 17332->17333 17333->17331 17764 412739 17334->17764 17337 41493e 17339 412ff2 __dosmaperr 68 API calls 17337->17339 17338 4149ff 17338->17337 17367 414a24 __output_l __aulldvrm _strlen 17338->17367 17341 414943 17339->17341 17340 417e19 __flush 68 API calls 17342 41497e 17340->17342 17344 41537c __stat64i32 5 API calls 17341->17344 17343 4149ac 17342->17343 17345 417e19 __flush 68 API calls 17342->17345 17343->17337 17349 417e19 __flush 68 API calls 17343->17349 17346 414953 17344->17346 17348 41498c 17345->17348 17347 41241c ___convertcp 5 API calls 17346->17347 17350 4135d5 17347->17350 17348->17343 17352 417e19 __flush 68 API calls 17348->17352 17351 4149d1 17349->17351 17371 418649 17350->17371 17351->17338 17356 417e19 __flush 68 API calls 17351->17356 17353 41499a 17352->17353 17355 417e19 __flush 68 API calls 17353->17355 17355->17343 17357 4149df 17356->17357 17357->17338 17359 417e19 __flush 68 API calls 17357->17359 17358 41483d 102 API calls _write_multi_char 17358->17367 17361 4149ed 17359->17361 17360 415214 17364 412ff2 __dosmaperr 68 API calls 17360->17364 17363 417e19 __flush 68 API calls 17361->17363 17362 412599 ___convertcp 68 API calls 17362->17367 17363->17338 17364->17341 17365 416d23 5 API calls __decode_pointer 17365->17367 17366 414870 102 API calls _write_multi_char 17366->17367 17367->17346 17367->17358 17367->17360 17367->17362 17367->17365 17367->17366 17368 4175b5 __malloc_crt 68 API calls 17367->17368 17369 41a660 80 API calls _wctomb_s 17367->17369 17370 414894 102 API calls _write_string 17367->17370 17772 41a67b 17367->17772 17368->17367 17369->17367 17370->17367 17372 418663 17371->17372 17373 418650 17371->17373 17372->17294 17373->17372 17983 412cce 17373->17983 18130 412ba1 17375->18130 17377 4135ff 17377->17285 17393 416d8f TlsGetValue 17378->17393 17381 416ecd 17382 416f21 SetLastError 17381->17382 17398 4175f5 17381->17398 17382->17310 17387 416f00 17413 416df6 17387->17413 17388 416f18 17424 412599 17388->17424 17391 416f08 GetCurrentThreadId 17391->17382 17392 416f1e 17392->17382 17394 416db8 TlsGetValue 17393->17394 17395 416d9f 17393->17395 17394->17381 17396 416d23 __decode_pointer 5 API calls 17395->17396 17397 416daa TlsSetValue 17396->17397 17397->17394 17400 4175f9 17398->17400 17401 416edf 17400->17401 17402 417619 Sleep 17400->17402 17437 418905 17400->17437 17401->17382 17404 416d23 TlsGetValue 17401->17404 17403 41762e 17402->17403 17403->17400 17403->17401 17405 416d57 GetModuleHandleA 17404->17405 17406 416d36 17404->17406 17408 416d80 17405->17408 17409 416d66 GetProcAddress 17405->17409 17406->17405 17407 416d40 TlsGetValue 17406->17407 17410 416d4b 17407->17410 17408->17387 17408->17388 17412 416d4f 17409->17412 17410->17405 17410->17412 17411 416d76 RtlDecodePointer 17411->17408 17412->17408 17412->17411 17727 4160fc 17413->17727 17415 416e02 GetModuleHandleA 17416 416e24 GetProcAddress GetProcAddress 17415->17416 17417 416e48 InterlockedIncrement 17415->17417 17416->17417 17418 4155cb __lock 64 API calls 17417->17418 17419 416e6f 17418->17419 17728 416af1 InterlockedIncrement 17419->17728 17421 416e8e 17740 416ea1 17421->17740 17423 416e9b __ioinit 17423->17391 17426 4125a5 __ioinit 17424->17426 17425 41261e __dosmaperr __ioinit 17425->17392 17426->17425 17428 4155cb __lock 66 API calls 17426->17428 17436 4125e4 17426->17436 17427 4125f9 RtlFreeHeap 17427->17425 17429 41260b 17427->17429 17433 4125bc ___sbh_find_block 17428->17433 17430 412ff2 __dosmaperr 66 API calls 17429->17430 17431 412610 GetLastError 17430->17431 17431->17425 17432 4125d6 17750 4125ef 17432->17750 17433->17432 17744 41566f 17433->17744 17436->17425 17436->17427 17438 418911 __ioinit 17437->17438 17439 418929 17438->17439 17449 418948 _memset 17438->17449 17440 412ff2 __dosmaperr 67 API calls 17439->17440 17441 41892e 17440->17441 17442 41537c __stat64i32 5 API calls 17441->17442 17444 41893e __ioinit 17442->17444 17443 4189ba RtlAllocateHeap 17443->17449 17444->17400 17449->17443 17449->17444 17450 4155cb 17449->17450 17457 415e18 17449->17457 17463 418a01 17449->17463 17466 416300 17449->17466 17451 4155f1 EnterCriticalSection 17450->17451 17452 4155de 17450->17452 17451->17449 17469 415508 17452->17469 17454 4155e4 17454->17451 17495 413f36 17454->17495 17458 415e44 17457->17458 17460 415ee6 17458->17460 17462 415edd 17458->17462 17715 415983 17458->17715 17460->17449 17462->17460 17722 415a33 17462->17722 17726 4154f3 LeaveCriticalSection 17463->17726 17465 418a08 17465->17449 17467 416d23 __decode_pointer 5 API calls 17466->17467 17468 41630b 17467->17468 17468->17449 17470 415514 __ioinit 17469->17470 17484 41553a 17470->17484 17502 4146a4 17470->17502 17476 41554a __ioinit 17476->17454 17477 415530 17545 413f80 17477->17545 17478 41556b 17480 4155cb __lock 68 API calls 17478->17480 17479 41555c 17482 412ff2 __dosmaperr 68 API calls 17479->17482 17483 415572 17480->17483 17482->17476 17485 4155a6 17483->17485 17486 41557a 17483->17486 17484->17476 17548 4175b5 17484->17548 17488 412599 ___convertcp 68 API calls 17485->17488 17553 419a76 17486->17553 17490 415597 17488->17490 17489 415585 17489->17490 17492 412599 ___convertcp 68 API calls 17489->17492 17566 4155c2 17490->17566 17493 415591 17492->17493 17494 412ff2 __dosmaperr 68 API calls 17493->17494 17494->17490 17496 4146a4 __FF_MSGBANNER 68 API calls 17495->17496 17497 413f3b 17496->17497 17498 414504 __NMSG_WRITE 68 API calls 17497->17498 17499 413f44 17498->17499 17500 416d23 __decode_pointer 5 API calls 17499->17500 17501 413f4f 17500->17501 17501->17451 17569 41a267 17502->17569 17504 4146ab 17505 41a267 __FF_MSGBANNER 68 API calls 17504->17505 17507 4146b8 17504->17507 17505->17507 17506 414504 __NMSG_WRITE 68 API calls 17508 4146d0 17506->17508 17507->17506 17509 4146da 17507->17509 17510 414504 __NMSG_WRITE 68 API calls 17508->17510 17511 414504 17509->17511 17510->17509 17512 414510 17511->17512 17513 41a267 __FF_MSGBANNER 65 API calls 17512->17513 17544 414666 17512->17544 17514 414530 17513->17514 17515 41466b GetStdHandle 17514->17515 17517 41a267 __FF_MSGBANNER 65 API calls 17514->17517 17516 414679 _strlen 17515->17516 17515->17544 17520 414693 WriteFile 17516->17520 17516->17544 17518 414541 17517->17518 17518->17515 17519 414553 17518->17519 17519->17544 17576 4188a0 17519->17576 17520->17544 17523 414589 GetModuleFileNameA 17525 4145a7 17523->17525 17530 4145ca _strlen 17523->17530 17527 4188a0 _strcpy_s 65 API calls 17525->17527 17528 4145b7 17527->17528 17528->17530 17531 415280 __invoke_watson 10 API calls 17528->17531 17529 41460d 17601 41a143 17529->17601 17530->17529 17592 41a1b4 17530->17592 17531->17530 17536 414631 17538 41a143 _strcat_s 65 API calls 17536->17538 17537 415280 __invoke_watson 10 API calls 17537->17536 17540 414642 17538->17540 17539 415280 __invoke_watson 10 API calls 17539->17529 17541 414653 17540->17541 17542 415280 __invoke_watson 10 API calls 17540->17542 17610 419fa5 17541->17610 17542->17541 17544->17477 17683 413f5a GetModuleHandleA 17545->17683 17551 4175b9 17548->17551 17550 415555 17550->17478 17550->17479 17551->17550 17552 4175d1 Sleep 17551->17552 17687 412676 17551->17687 17552->17551 17554 419a82 __ioinit 17553->17554 17555 416d23 __decode_pointer 5 API calls 17554->17555 17556 419a92 17555->17556 17557 413fdf ___crtInitCritSecAndSpinCount 66 API calls 17556->17557 17565 419ae6 __ioinit 17556->17565 17559 419aa2 17557->17559 17558 419ab1 17561 419adb 17558->17561 17562 419aba GetModuleHandleA 17558->17562 17559->17558 17560 415280 __invoke_watson 10 API calls 17559->17560 17560->17558 17564 416cb7 __encode_pointer 5 API calls 17561->17564 17562->17561 17563 419ac9 GetProcAddress 17562->17563 17563->17561 17564->17565 17565->17489 17714 4154f3 LeaveCriticalSection 17566->17714 17568 4155c9 17568->17476 17570 41a272 17569->17570 17571 41a27c 17570->17571 17572 412ff2 __dosmaperr 68 API calls 17570->17572 17571->17504 17573 41a295 17572->17573 17574 41537c __stat64i32 5 API calls 17573->17574 17575 41a2a5 17574->17575 17575->17504 17577 4188ad 17576->17577 17580 4188b5 17576->17580 17577->17580 17583 4188dc 17577->17583 17578 412ff2 __dosmaperr 68 API calls 17579 4188ba 17578->17579 17581 41537c __stat64i32 5 API calls 17579->17581 17580->17578 17582 414575 17581->17582 17582->17523 17585 415280 17582->17585 17583->17582 17584 412ff2 __dosmaperr 68 API calls 17583->17584 17584->17579 17647 414280 17585->17647 17587 415311 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17588 415354 GetCurrentProcess TerminateProcess 17587->17588 17589 415348 __invoke_watson 17587->17589 17649 41241c 17588->17649 17589->17588 17591 414586 17591->17523 17597 41a1c4 17592->17597 17593 41a1c8 17594 412ff2 __dosmaperr 68 API calls 17593->17594 17595 4145fa 17593->17595 17596 41a1e4 17594->17596 17595->17529 17595->17539 17598 41537c __stat64i32 5 API calls 17596->17598 17597->17593 17597->17595 17599 41a20e 17597->17599 17598->17595 17599->17595 17600 412ff2 __dosmaperr 68 API calls 17599->17600 17600->17596 17602 41a150 17601->17602 17603 41a158 17601->17603 17602->17603 17607 41a18d 17602->17607 17604 412ff2 __dosmaperr 68 API calls 17603->17604 17609 41a15d 17604->17609 17605 41537c __stat64i32 5 API calls 17606 414620 17605->17606 17606->17536 17606->17537 17607->17606 17608 412ff2 __dosmaperr 68 API calls 17607->17608 17608->17609 17609->17605 17657 416d1a 17610->17657 17613 41a074 17617 41a0f3 17613->17617 17622 416d23 __decode_pointer 5 API calls 17613->17622 17614 419fcd LoadLibraryA 17615 419fe5 GetProcAddress 17614->17615 17616 419fde 17614->17616 17615->17616 17618 419ff7 17615->17618 17616->17544 17619 416d23 __decode_pointer 5 API calls 17617->17619 17642 41a0d8 17617->17642 17660 416cb7 TlsGetValue 17618->17660 17630 41a102 17619->17630 17621 416d23 __decode_pointer 5 API calls 17621->17616 17623 41a094 17622->17623 17627 41a0c0 17623->17627 17629 416d23 __decode_pointer 5 API calls 17623->17629 17625 416cb7 __encode_pointer 5 API calls 17626 41a012 GetProcAddress 17625->17626 17628 416cb7 __encode_pointer 5 API calls 17626->17628 17676 414052 17627->17676 17632 41a027 17628->17632 17634 41a0b3 17629->17634 17635 416d23 __decode_pointer 5 API calls 17630->17635 17630->17642 17669 413fdf 17632->17669 17634->17617 17634->17627 17635->17642 17636 41a0c9 17639 415280 __invoke_watson 10 API calls 17636->17639 17636->17642 17637 41a035 17638 41a045 17637->17638 17640 415280 __invoke_watson 10 API calls 17637->17640 17638->17613 17641 41a04e GetProcAddress 17638->17641 17639->17642 17640->17638 17643 416cb7 __encode_pointer 5 API calls 17641->17643 17642->17621 17644 41a05c 17643->17644 17644->17613 17645 41a066 GetProcAddress 17644->17645 17646 416cb7 __encode_pointer 5 API calls 17645->17646 17646->17613 17648 41428c __VEC_memzero 17647->17648 17648->17587 17650 412424 17649->17650 17651 412426 IsDebuggerPresent 17649->17651 17650->17591 17653 4197cc __invoke_watson 17651->17653 17654 413efd SetUnhandledExceptionFilter UnhandledExceptionFilter 17653->17654 17655 413f22 GetCurrentProcess TerminateProcess 17654->17655 17656 413f1a __invoke_watson 17654->17656 17655->17591 17656->17655 17658 416cb7 __encode_pointer 5 API calls 17657->17658 17659 416d21 17658->17659 17659->17613 17659->17614 17661 416ceb GetModuleHandleA 17660->17661 17662 416cca 17660->17662 17664 416d14 GetProcAddress 17661->17664 17665 416cfa GetProcAddress 17661->17665 17662->17661 17663 416cd4 TlsGetValue 17662->17663 17667 416cdf 17663->17667 17664->17625 17666 416ce3 17665->17666 17666->17664 17668 416d0a RtlEncodePointer 17666->17668 17667->17661 17667->17666 17668->17664 17670 413fea 17669->17670 17671 412ff2 __dosmaperr 68 API calls 17670->17671 17672 414010 17670->17672 17673 413fef 17671->17673 17672->17637 17674 41537c __stat64i32 5 API calls 17673->17674 17675 413fff 17674->17675 17675->17637 17677 41405d 17676->17677 17678 412ff2 __dosmaperr 68 API calls 17677->17678 17679 414082 17677->17679 17680 414062 17678->17680 17679->17636 17681 41537c __stat64i32 5 API calls 17680->17681 17682 414072 17681->17682 17682->17636 17684 413f69 GetProcAddress 17683->17684 17685 413f7f ExitProcess 17683->17685 17684->17685 17686 413f79 17684->17686 17686->17685 17688 412723 17687->17688 17692 412684 17687->17692 17689 416300 _realloc 5 API calls 17688->17689 17691 412729 17689->17691 17690 412699 17690->17692 17693 4146a4 __FF_MSGBANNER 67 API calls 17690->17693 17697 414504 __NMSG_WRITE 67 API calls 17690->17697 17699 413f80 _malloc 3 API calls 17690->17699 17694 412ff2 __dosmaperr 67 API calls 17691->17694 17692->17690 17698 4126e7 RtlAllocateHeap 17692->17698 17700 41271a 17692->17700 17701 41270e 17692->17701 17702 416300 _realloc 5 API calls 17692->17702 17704 41270c 17692->17704 17706 412627 17692->17706 17693->17690 17695 41272f 17694->17695 17695->17551 17697->17690 17698->17692 17699->17690 17700->17551 17703 412ff2 __dosmaperr 67 API calls 17701->17703 17702->17692 17703->17704 17705 412ff2 __dosmaperr 67 API calls 17704->17705 17705->17700 17707 412633 __ioinit 17706->17707 17708 4155cb __lock 68 API calls 17707->17708 17709 412664 __ioinit 17707->17709 17710 412649 17708->17710 17709->17692 17711 415e18 ___sbh_alloc_block 5 API calls 17710->17711 17712 412654 17711->17712 17713 41266d _malloc LeaveCriticalSection 17712->17713 17713->17709 17714->17568 17716 415996 HeapReAlloc 17715->17716 17717 4159ca HeapAlloc 17715->17717 17718 4159b4 17716->17718 17719 4159b8 17716->17719 17717->17718 17720 4159ed VirtualAlloc 17717->17720 17718->17462 17719->17717 17720->17718 17721 415a07 HeapFree 17720->17721 17721->17718 17723 415a48 VirtualAlloc 17722->17723 17725 415a8f 17723->17725 17725->17460 17726->17465 17727->17415 17729 416b0c InterlockedIncrement 17728->17729 17730 416b0f 17728->17730 17729->17730 17731 416b19 InterlockedIncrement 17730->17731 17732 416b1c 17730->17732 17731->17732 17733 416b26 InterlockedIncrement 17732->17733 17734 416b29 17732->17734 17733->17734 17735 416b33 InterlockedIncrement 17734->17735 17737 416b36 17734->17737 17735->17737 17736 416b4b InterlockedIncrement 17736->17737 17737->17736 17738 416b5b InterlockedIncrement 17737->17738 17739 416b64 InterlockedIncrement 17737->17739 17738->17737 17739->17421 17743 4154f3 LeaveCriticalSection 17740->17743 17742 416ea8 17742->17423 17743->17742 17745 4156ac 17744->17745 17749 41594e __cftoe2_l 17744->17749 17746 415898 VirtualFree 17745->17746 17745->17749 17747 4158fc 17746->17747 17748 41590b VirtualFree HeapFree 17747->17748 17747->17749 17748->17749 17749->17432 17753 4154f3 LeaveCriticalSection 17750->17753 17752 4125f6 17752->17436 17753->17752 17755 41a496 17754->17755 17757 41a4a4 17754->17757 17756 412ff2 __dosmaperr 68 API calls 17755->17756 17758 41a49b 17756->17758 17759 41a4cf 17757->17759 17760 412ff2 __dosmaperr 68 API calls 17757->17760 17758->17332 17759->17332 17761 41a4b8 17760->17761 17762 41537c __stat64i32 5 API calls 17761->17762 17763 41a4c8 17762->17763 17763->17332 17765 412748 17764->17765 17771 412795 17764->17771 17775 416f2d 17765->17775 17768 412775 17768->17771 17795 416530 17768->17795 17771->17337 17771->17338 17771->17340 17773 412739 _LocaleUpdate::_LocaleUpdate 78 API calls 17772->17773 17774 41a68c 17773->17774 17774->17367 17776 416eaa __getptd_noexit 68 API calls 17775->17776 17777 416f33 17776->17777 17778 41274d 17777->17778 17779 413f36 __amsg_exit 68 API calls 17777->17779 17778->17768 17780 416c41 17778->17780 17779->17778 17781 416c4d __ioinit 17780->17781 17782 416f2d __write_nolock 68 API calls 17781->17782 17783 416c52 17782->17783 17784 416c80 17783->17784 17786 416c64 17783->17786 17785 4155cb __lock 68 API calls 17784->17785 17787 416c87 17785->17787 17788 416f2d __write_nolock 68 API calls 17786->17788 17811 416c03 17787->17811 17790 416c69 17788->17790 17793 416c77 __ioinit 17790->17793 17794 413f36 __amsg_exit 68 API calls 17790->17794 17793->17768 17794->17793 17796 41653c __ioinit 17795->17796 17797 416f2d __write_nolock 68 API calls 17796->17797 17798 416541 17797->17798 17799 4155cb __lock 68 API calls 17798->17799 17800 416553 17798->17800 17801 416571 17799->17801 17804 413f36 __amsg_exit 68 API calls 17800->17804 17807 416561 __ioinit 17800->17807 17802 4165ba 17801->17802 17805 4165a2 InterlockedIncrement 17801->17805 17806 416588 InterlockedDecrement 17801->17806 17979 4165cb 17802->17979 17804->17807 17805->17802 17806->17805 17808 416593 17806->17808 17807->17771 17808->17805 17809 412599 ___convertcp 68 API calls 17808->17809 17810 4165a1 17809->17810 17810->17805 17812 416c07 17811->17812 17813 416c39 17811->17813 17812->17813 17814 416af1 ___addlocaleref 8 API calls 17812->17814 17819 416cab 17813->17819 17815 416c1a 17814->17815 17815->17813 17822 416b77 17815->17822 17978 4154f3 LeaveCriticalSection 17819->17978 17821 416cb2 17821->17790 17823 416b80 InterlockedDecrement 17822->17823 17824 416bff 17822->17824 17825 416b96 InterlockedDecrement 17823->17825 17826 416b99 17823->17826 17824->17813 17836 4169b1 17824->17836 17825->17826 17827 416ba3 InterlockedDecrement 17826->17827 17828 416ba6 17826->17828 17827->17828 17829 416bb0 InterlockedDecrement 17828->17829 17830 416bb3 17828->17830 17829->17830 17831 416bbd InterlockedDecrement 17830->17831 17833 416bc0 17830->17833 17831->17833 17832 416bd5 InterlockedDecrement 17832->17833 17833->17832 17834 416be5 InterlockedDecrement 17833->17834 17835 416bee InterlockedDecrement 17833->17835 17834->17833 17835->17824 17837 416a32 17836->17837 17839 4169c5 17836->17839 17838 416a7f 17837->17838 17840 412599 ___convertcp 68 API calls 17837->17840 17851 416aa6 17838->17851 17890 41b173 17838->17890 17839->17837 17841 4169f9 17839->17841 17849 412599 ___convertcp 68 API calls 17839->17849 17843 416a53 17840->17843 17845 416a1a 17841->17845 17856 412599 ___convertcp 68 API calls 17841->17856 17846 412599 ___convertcp 68 API calls 17843->17846 17847 412599 ___convertcp 68 API calls 17845->17847 17852 416a66 17846->17852 17853 416a27 17847->17853 17848 416ae5 17854 412599 ___convertcp 68 API calls 17848->17854 17855 4169ee 17849->17855 17850 412599 ___convertcp 68 API calls 17850->17851 17851->17848 17857 412599 68 API calls ___convertcp 17851->17857 17858 412599 ___convertcp 68 API calls 17852->17858 17859 412599 ___convertcp 68 API calls 17853->17859 17860 416aeb 17854->17860 17866 41b343 17855->17866 17862 416a0f 17856->17862 17857->17851 17863 416a74 17858->17863 17859->17837 17860->17813 17882 41b303 17862->17882 17865 412599 ___convertcp 68 API calls 17863->17865 17865->17838 17867 41b34c 17866->17867 17881 41b3c9 17866->17881 17868 412599 ___convertcp 68 API calls 17867->17868 17870 41b35d 17867->17870 17868->17870 17869 41b36f 17872 41b381 17869->17872 17873 412599 ___convertcp 68 API calls 17869->17873 17870->17869 17871 412599 ___convertcp 68 API calls 17870->17871 17871->17869 17874 41b393 17872->17874 17875 412599 ___convertcp 68 API calls 17872->17875 17873->17872 17876 41b3a5 17874->17876 17877 412599 ___convertcp 68 API calls 17874->17877 17875->17874 17878 41b3b7 17876->17878 17879 412599 ___convertcp 68 API calls 17876->17879 17877->17876 17880 412599 ___convertcp 68 API calls 17878->17880 17878->17881 17879->17878 17880->17881 17881->17841 17883 41b30c 17882->17883 17889 41b340 17882->17889 17884 41b31c 17883->17884 17885 412599 ___convertcp 68 API calls 17883->17885 17886 412599 ___convertcp 68 API calls 17884->17886 17887 41b32e 17884->17887 17885->17884 17886->17887 17888 412599 ___convertcp 68 API calls 17887->17888 17887->17889 17888->17889 17889->17845 17891 416a9f 17890->17891 17892 41b180 17890->17892 17891->17850 17893 412599 ___convertcp 68 API calls 17892->17893 17894 41b188 17893->17894 17895 412599 ___convertcp 68 API calls 17894->17895 17896 41b190 17895->17896 17897 412599 ___convertcp 68 API calls 17896->17897 17898 41b198 17897->17898 17899 412599 ___convertcp 68 API calls 17898->17899 17900 41b1a0 17899->17900 17901 412599 ___convertcp 68 API calls 17900->17901 17902 41b1a8 17901->17902 17903 412599 ___convertcp 68 API calls 17902->17903 17904 41b1b0 17903->17904 17905 412599 ___convertcp 68 API calls 17904->17905 17906 41b1b7 17905->17906 17907 412599 ___convertcp 68 API calls 17906->17907 17908 41b1bf 17907->17908 17909 412599 ___convertcp 68 API calls 17908->17909 17910 41b1c7 17909->17910 17911 412599 ___convertcp 68 API calls 17910->17911 17912 41b1cf 17911->17912 17913 412599 ___convertcp 68 API calls 17912->17913 17914 41b1d7 17913->17914 17915 412599 ___convertcp 68 API calls 17914->17915 17916 41b1df 17915->17916 17917 412599 ___convertcp 68 API calls 17916->17917 17918 41b1e7 17917->17918 17919 412599 ___convertcp 68 API calls 17918->17919 17920 41b1ef 17919->17920 17921 412599 ___convertcp 68 API calls 17920->17921 17922 41b1f7 17921->17922 17923 412599 ___convertcp 68 API calls 17922->17923 17924 41b1ff 17923->17924 17925 412599 ___convertcp 68 API calls 17924->17925 17926 41b20a 17925->17926 17927 412599 ___convertcp 68 API calls 17926->17927 17928 41b212 17927->17928 17929 412599 ___convertcp 68 API calls 17928->17929 17930 41b21a 17929->17930 17931 412599 ___convertcp 68 API calls 17930->17931 17932 41b222 17931->17932 17933 412599 ___convertcp 68 API calls 17932->17933 17934 41b22a 17933->17934 17935 412599 ___convertcp 68 API calls 17934->17935 17936 41b232 17935->17936 17937 412599 ___convertcp 68 API calls 17936->17937 17938 41b23a 17937->17938 17939 412599 ___convertcp 68 API calls 17938->17939 17940 41b242 17939->17940 17941 412599 ___convertcp 68 API calls 17940->17941 17942 41b24a 17941->17942 17943 412599 ___convertcp 68 API calls 17942->17943 17944 41b252 17943->17944 17945 412599 ___convertcp 68 API calls 17944->17945 17946 41b25a 17945->17946 17947 412599 ___convertcp 68 API calls 17946->17947 17948 41b262 17947->17948 17949 412599 ___convertcp 68 API calls 17948->17949 17950 41b26a 17949->17950 17951 412599 ___convertcp 68 API calls 17950->17951 17952 41b272 17951->17952 17953 412599 ___convertcp 68 API calls 17952->17953 17954 41b27a 17953->17954 17978->17821 17982 4154f3 LeaveCriticalSection 17979->17982 17981 4165d2 17981->17800 17982->17981 17984 412ce3 17983->17984 17985 412d04 17983->17985 17984->17985 17986 417e19 __flush 68 API calls 17984->17986 17985->17372 17987 412cfd 17986->17987 17989 417d3d 17987->17989 17990 417d49 __ioinit 17989->17990 17991 417d51 17990->17991 17992 417d6c 17990->17992 18087 413005 17991->18087 17994 417d7a 17992->17994 17998 417dbb 17992->17998 17996 413005 __dosmaperr 68 API calls 17994->17996 17997 417d7f 17996->17997 18000 412ff2 __dosmaperr 68 API calls 17997->18000 18014 41bb4f 17998->18014 17999 412ff2 __dosmaperr 68 API calls 18007 417d5e __ioinit 17999->18007 18002 417d86 18000->18002 18004 41537c __stat64i32 5 API calls 18002->18004 18003 417dc1 18005 417de4 18003->18005 18006 417dce 18003->18006 18004->18007 18009 412ff2 __dosmaperr 68 API calls 18005->18009 18024 417777 18006->18024 18007->17985 18011 417de9 18009->18011 18010 417ddc 18090 417e0f 18010->18090 18012 413005 __dosmaperr 68 API calls 18011->18012 18012->18010 18015 41bb5b __ioinit 18014->18015 18016 41bbb6 18015->18016 18019 4155cb __lock 68 API calls 18015->18019 18017 41bbd8 __ioinit 18016->18017 18018 41bbbb EnterCriticalSection 18016->18018 18017->18003 18018->18017 18020 41bb87 18019->18020 18022 419a76 ___crtInitCritSecAndSpinCount 68 API calls 18020->18022 18023 41bb9e 18020->18023 18022->18023 18093 41bbe6 18023->18093 18025 4177b3 18024->18025 18059 4177ac 18024->18059 18026 4177b7 18025->18026 18027 4177de 18025->18027 18028 413005 __dosmaperr 68 API calls 18026->18028 18031 417848 18027->18031 18032 417822 18027->18032 18033 4177bc 18028->18033 18029 41241c ___convertcp 5 API calls 18030 417d35 18029->18030 18030->18010 18035 41785d 18031->18035 18036 41784e 18031->18036 18034 413005 __dosmaperr 68 API calls 18032->18034 18037 412ff2 __dosmaperr 68 API calls 18033->18037 18040 417827 18034->18040 18039 41a48d __write_nolock 68 API calls 18035->18039 18097 41a2ad 18036->18097 18038 4177c3 18037->18038 18043 41537c __stat64i32 5 API calls 18038->18043 18044 417863 18039->18044 18045 412ff2 __dosmaperr 68 API calls 18040->18045 18043->18059 18046 417a62 18044->18046 18054 416f2d __write_nolock 68 API calls 18044->18054 18047 417830 18045->18047 18048 417a70 18046->18048 18049 417c95 WriteFile 18046->18049 18050 41537c __stat64i32 5 API calls 18047->18050 18051 417b13 18048->18051 18060 417a82 18048->18060 18052 417bb5 18049->18052 18053 417cbc GetLastError 18049->18053 18050->18059 18065 417b1d 18051->18065 18068 417bba 18051->18068 18056 417a5d 18052->18056 18053->18056 18057 41787e GetConsoleMode 18054->18057 18055 417cf6 18055->18059 18062 412ff2 __dosmaperr 68 API calls 18055->18062 18056->18055 18056->18059 18069 417cd6 18056->18069 18057->18046 18058 4178a2 18057->18058 18058->18046 18063 4178b0 GetConsoleCP 18058->18063 18059->18029 18060->18055 18060->18056 18061 417acd WriteFile 18060->18061 18061->18053 18061->18060 18066 417ce3 18062->18066 18063->18056 18082 4178d0 18063->18082 18064 417b70 WriteFile 18064->18053 18070 417b95 18064->18070 18065->18055 18065->18064 18075 413005 __dosmaperr 68 API calls 18066->18075 18067 417c10 WideCharToMultiByte 18067->18053 18073 417c43 WriteFile 18067->18073 18068->18055 18068->18067 18071 417ceb 18069->18071 18072 417cde 18069->18072 18070->18052 18070->18056 18070->18065 18110 413018 18071->18110 18076 412ff2 __dosmaperr 68 API calls 18072->18076 18077 417c71 GetLastError 18073->18077 18079 417c68 18073->18079 18075->18059 18076->18066 18077->18079 18079->18052 18079->18056 18079->18068 18079->18073 18080 41ba46 80 API calls __write_nolock 18080->18082 18081 417948 WideCharToMultiByte 18081->18056 18084 417976 WriteFile 18081->18084 18082->18056 18082->18080 18082->18081 18083 417997 18082->18083 18107 41a6b1 18082->18107 18083->18053 18083->18056 18083->18082 18085 41b871 11 API calls __putwch_nolock 18083->18085 18086 4179af WriteFile 18083->18086 18084->18053 18084->18083 18085->18083 18086->18053 18086->18083 18088 416eaa __getptd_noexit 68 API calls 18087->18088 18089 41300a 18088->18089 18089->17999 18129 41bbef LeaveCriticalSection 18090->18129 18092 417e17 18092->18007 18096 4154f3 LeaveCriticalSection 18093->18096 18095 41bbed 18095->18016 18096->18095 18115 41bade 18097->18115 18099 41a2c9 18100 41a2d1 18099->18100 18101 41a2e2 SetFilePointer 18099->18101 18102 412ff2 __dosmaperr 68 API calls 18100->18102 18103 41a2fa GetLastError 18101->18103 18105 41785a 18101->18105 18102->18105 18104 41a304 18103->18104 18103->18105 18106 413018 __dosmaperr 68 API calls 18104->18106 18105->18035 18106->18105 18108 41a67b __isleadbyte_l 78 API calls 18107->18108 18109 41a6bc 18108->18109 18109->18082 18111 413005 __dosmaperr 68 API calls 18110->18111 18112 41301e __dosmaperr 18111->18112 18113 412ff2 __dosmaperr 68 API calls 18112->18113 18114 413032 18113->18114 18114->18059 18116 41bae7 18115->18116 18117 41bafe 18115->18117 18118 413005 __dosmaperr 68 API calls 18116->18118 18120 413005 __dosmaperr 68 API calls 18117->18120 18122 41bb4b 18117->18122 18119 41baec 18118->18119 18121 412ff2 __dosmaperr 68 API calls 18119->18121 18123 41bb2c 18120->18123 18124 41baf4 18121->18124 18122->18099 18125 412ff2 __dosmaperr 68 API calls 18123->18125 18124->18099 18126 41bb33 18125->18126 18127 41537c __stat64i32 5 API calls 18126->18127 18128 41bb43 18127->18128 18128->18099 18129->18092 18131 412bc5 LeaveCriticalSection 18130->18131 18132 412bae 18130->18132 18131->17377 18132->18131 18133 412bb5 18132->18133 18136 4154f3 LeaveCriticalSection 18133->18136 18135 412bc3 18135->17377 18136->18135 20529 417d3d 20530 417d49 __ioinit 20529->20530 20531 417d51 20530->20531 20532 417d6c 20530->20532 20533 413005 __dosmaperr 68 API calls 20531->20533 20534 417d7a 20532->20534 20538 417dbb 20532->20538 20535 417d56 20533->20535 20536 413005 __dosmaperr 68 API calls 20534->20536 20539 412ff2 __dosmaperr 68 API calls 20535->20539 20537 417d7f 20536->20537 20540 412ff2 __dosmaperr 68 API calls 20537->20540 20541 41bb4f ___lock_fhandle 69 API calls 20538->20541 20547 417d5e __ioinit 20539->20547 20542 417d86 20540->20542 20543 417dc1 20541->20543 20544 41537c __stat64i32 5 API calls 20542->20544 20545 417de4 20543->20545 20546 417dce 20543->20546 20544->20547 20549 412ff2 __dosmaperr 68 API calls 20545->20549 20548 417777 __write_nolock 100 API calls 20546->20548 20550 417ddc 20548->20550 20551 417de9 20549->20551 20553 417e0f __locking LeaveCriticalSection 20550->20553 20552 413005 __dosmaperr 68 API calls 20551->20552 20552->20550 20553->20547

Executed Functions

Control-flow Graph

APIs
  • ReadFile.KERNELBASE(0040C061,?,?,0040C061,00000000,?,?,0040C061,source read failed), ref: 0040A3AF
  • GetLastError.KERNEL32 ref: 0040A3B9
  • _memset.LIBCMT ref: 0040A3E4
  • FormatMessageA.KERNELBASE(00001200,00000000,00000000,00000400,00430D78,00000100,00000000), ref: 0040A405
  • _fprintf.LIBCMT ref: 0040A428
  • _fprintf.LIBCMT ref: 0040A459
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$ErrorFileFormatLastMessageRead_memset
  • String ID: xC$xdelta3: %s: %s: %s$xdelta3: main read: %s: %u
  • API String ID: 609771618-2075157648
  • Opcode ID: 22f79e62f8fa25b1a7185863011ea93ea98cda7cead50f793c7607148936a652
  • Instruction ID: 07601248f1faade19142c2662c608b01915fc1c3fe82050ed259198f2a1e788a
  • Opcode Fuzzy Hash: 22f79e62f8fa25b1a7185863011ea93ea98cda7cead50f793c7607148936a652
  • Instruction Fuzzy Hash: 6311AFB63403006BE720DB69DC06F6732A8DBC8B45F24452EFA45D7280E6B8E851872E
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 22 40ce50-40ce5c 23 40ce97-40cea0 22->23 24 40ce5e-40ce64 22->24 25 40cea2-40cea9 23->25 26 40cecb-40cedc 23->26 24->23 27 40ce66-40ce6f 24->27 30 40cec2-40cec3 call 412599 25->30 31 40ceab-40cebf call 412a78 call 4134b2 25->31 28 40cf2c-40cf2d 26->28 29 40cede 26->29 32 40ce71-40ce85 call 412a78 call 4134b2 27->32 33 40ce88-40ce91 call 412599 27->33 34 40cf58-40cf73 28->34 35 40cf2f-40cf36 28->35 36 40cee0-40cee6 29->36 48 40cec8 30->48 31->30 32->33 33->23 42 40cf38-40cf4c call 412a78 call 4134b2 35->42 43 40cf4f-40cf55 call 412599 35->43 44 40cf28-40cf2a 36->44 45 40cee8-40ceed 36->45 42->43 43->34 44->28 51 40cf1e-40cf26 45->51 52 40ceef-40cef6 45->52 48->26 51->36 51->44 57 40cf15-40cf1b call 412599 52->57 58 40cef8-40cf12 call 412a78 call 4134b2 52->58 57->51 58->57
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf
  • String ID: xdelta3: free: %p
  • API String ID: 1654120334-3252779765
  • Opcode ID: 2830d352bbe9c68415eddea1e4e968cb3e03cc0414bedf0d70f2d78678a40967
  • Instruction ID: 363d756a8ae9428617fa898f45c2fa13a1a239c4b3e5d345ab1b78d4025ec451
  • Opcode Fuzzy Hash: 2830d352bbe9c68415eddea1e4e968cb3e03cc0414bedf0d70f2d78678a40967
  • Instruction Fuzzy Hash: 9A21E4F3800212BBCB20AF55BCC295B3664A751348346917FF804F6392E77D999886AE
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • __lock.LIBCMT ref: 004125B7
    • Part of subcall function 004155CB: __mtinitlocknum.LIBCMT ref: 004155DF
    • Part of subcall function 004155CB: __amsg_exit.LIBCMT ref: 004155EB
    • Part of subcall function 004155CB: EnterCriticalSection.KERNEL32(?,?,?,00418986,00000004,00429560,0000000C,00417608,00000001,00000001,00000000,00000000,00000000,00416EDF,00000001,00000214), ref: 004155F3
  • ___sbh_find_block.LIBCMT ref: 004125C2
  • ___sbh_free_block.LIBCMT ref: 004125D1
  • RtlFreeHeap.NTDLL(00000000,?,004292B0,0000000C,004155AC,00000000,00429418,0000000C,004155E4,?,?,?,00418986,00000004,00429560,0000000C), ref: 00412601
  • GetLastError.KERNEL32(?,?,00000000), ref: 00412612
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
  • String ID:
  • API String ID: 2714421763-0
  • Opcode ID: ab9024c0a646b11bb89ea521476762969ea0db697559758a2a4994644a8c8cab
  • Instruction ID: 34a5572fd1abc60fa39364c5b11391a86c4c6ae36a0879bb52a82be2a7117a85
  • Opcode Fuzzy Hash: ab9024c0a646b11bb89ea521476762969ea0db697559758a2a4994644a8c8cab
  • Instruction Fuzzy Hash: 0F018431A44211FADB206BA19D06BDA7BA4AF10725F50405FF504D61C2CF7C85D19A9C
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 95 4153fb-415419 HeapCreate 96 41541b-41541d 95->96 97 41541e-41542b call 4153a0 95->97 100 415451-415454 97->100 101 41542d-41543a call 4155fc 97->101 101->100 104 41543c-41544f HeapDestroy 101->104 104->96
APIs
  • HeapCreate.KERNELBASE(00000000,00001000,00000000,00413D33,00000001), ref: 0041540C
  • HeapDestroy.KERNEL32 ref: 00415442
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: Heap$CreateDestroy
  • String ID:
  • API String ID: 3296620671-0
  • Opcode ID: 78bd7b0291c2b86d86b9cf3739766faba4436dba5711dba4f431435e91b3ba3f
  • Instruction ID: 57b2affc799a1d3d62396e6c664e136c910e3fd8211eaf82589f85daf65fc3a1
  • Opcode Fuzzy Hash: 78bd7b0291c2b86d86b9cf3739766faba4436dba5711dba4f431435e91b3ba3f
  • Instruction Fuzzy Hash: 1BE06D317B4701EBDB20AB309D857E63794DBC0357F50443AF540C51A0E77994C3AA0C
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 105 413f80-413f8e call 413f5a ExitProcess
APIs
  • ___crtCorExitProcess.LIBCMT ref: 00413F84
    • Part of subcall function 00413F5A: GetModuleHandleA.KERNEL32(mscoree.dll,00413F89,00000000,004126AF,000000FF,0000001E,00000001,00000000,00000000,?,004175C2,?,00000001,?,00415555,00000018), ref: 00413F5F
    • Part of subcall function 00413F5A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00413F6F
  • ExitProcess.KERNEL32 ref: 00413F8E
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ExitProcess$AddressHandleModuleProc___crt
  • String ID:
  • API String ID: 2427264223-0
  • Opcode ID: ebf75169ba4ff0f5e2d98f789d755d748665d71b46724bcc4c540a91451b0875
  • Instruction ID: f28b959128ea96e11e4e344f01fec86e664dbaefd814035faa10defacd19f4fc
  • Opcode Fuzzy Hash: ebf75169ba4ff0f5e2d98f789d755d748665d71b46724bcc4c540a91451b0875
  • Instruction Fuzzy Hash: 4FB00231508201EFEA162F21ED0B45D7B71FF80716F51446DF14D440719B755DE9BA0E
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 108 4141ee-4141f6 call 414120 110 4141fb-4141fe 108->110
APIs
  • _doexit.LIBCMT ref: 004141F6
    • Part of subcall function 00414120: __lock.LIBCMT ref: 0041412E
    • Part of subcall function 00414120: __decode_pointer.LIBCMT ref: 0041415D
    • Part of subcall function 00414120: __decode_pointer.LIBCMT ref: 0041416A
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: __decode_pointer$__lock_doexit
  • String ID:
  • API String ID: 3276244213-0
  • Opcode ID: 44ea3af290a5c0fced421c48bee69f607f8ea4075bd654cc3defe53151bfea1d
  • Instruction ID: c176d1bc320d54ae4f48426124398f7e964cf9b541010b6323291d60d4e150b4
  • Opcode Fuzzy Hash: 44ea3af290a5c0fced421c48bee69f607f8ea4075bd654cc3defe53151bfea1d
  • Instruction Fuzzy Hash: F5A0247454030035D51111007C03F04370317D0F04FF041147704140D151751154400F
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$_memset$FormatMessage$__ftbuf__output_l__stbuf_rand
  • String ID: ...$ $ (XD3_ADLER32)$ (XD3_SEC_DJW)$ (XD3_SEC_FGK)$ failed: %s: %s$ success$%.3f$XD3_GETSRCBLK$XD3_GOTHEADER$XD3_INPUT$XD3_INTERNAL$XD3_OUTPUT$XD3_TOOFARBACK$XD3_WINFINISH$XD3_WINSTART$check failure: p_off == compress_size$check failure: p_off == input_size$end-of-input in read_integer$overflow in read_intger$test %u: decode: %s$test %u: encode: %s$xC$xC$xC$xC$xC$xC$xdelta3: testing address_cache%s...$xdelta3: testing choose_instruction%s...$xdelta3: testing compressed_stream_overflow%s...$xdelta3: testing decode_integer_end_of_input%s...$xdelta3: testing decode_integer_overflow%s...$xdelta3: testing decompress_single_bit_error%s...$xdelta3: testing encode_decode_uint32_t%s...$xdelta3: testing encode_decode_uint64_t%s...$xdelta3: testing identical_behavior%s...$xdelta3: testing in_memory%s...$xdelta3: testing iopt_flush_instructions%s...$xdelta3: testing random_numbers%s...$xdelta3: testing secondary_fgk%s...$xdelta3: testing secondary_huff%s...$xdelta3: testing source_cksum_offset%s...$xdelta3: testing string_matching%s...$xdelta3: testing usize_t_overflow%s...$aB$aB
  • API String ID: 2296705132-1227281115
  • Opcode ID: 7feffe88ac4ab1269971850949d7939e722e5d89e47124f1444d19cff2962ec8
  • Instruction ID: aa047577db10a34dda27f5ca5d2aa336608f292115637411b214aa15039d92eb
  • Opcode Fuzzy Hash: 7feffe88ac4ab1269971850949d7939e722e5d89e47124f1444d19cff2962ec8
  • Instruction Fuzzy Hash: 15C248F2A043405BD720ABA1DC42BDF72989F90748F54482FF549E7242EABDE9D4835E
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • djw, xrefs: 0040C2ED
  • xdelta3: internal error, xrefs: 0040CDEE
  • xdelta3: unrecognized secondary compressor type: %s, xrefs: 0040C300
  • xdelta3: compression level: %d, xrefs: 0040C41E
  • xdelta3: %I64u: in %s: out %s: total in %s: out %s: %s, xrefs: 0040CAB5
  • xdelta3: warning: output window %I64u does not copy source, xrefs: 0040C6E4
  • xdelta3: scanner configuration: %s, xrefs: 0040CBA8
  • xdelta3: %I64u: in %s (%s): out %s (%s): total in %s: out %s: %s, xrefs: 0040CA15
  • xdelta3: finished in %s; input %I64u output %I64u bytes (%0.2f%%), xrefs: 0040CD9E
  • xdelta3: %s: %s, xrefs: 0040C552, 0040CDD1
  • xdelta3: input requires a source file, use -s, xrefs: 0040CB56
  • xdelta3: target copies: %I64u (%I64u bytes), xrefs: 0040CC63
  • xdelta3: nothing to output: %s, xrefs: 0040CB36
  • xdelta3: target hash table size: %u, xrefs: 0040CBC6
  • xdelta3: adds: %I64u (%I64u bytes), xrefs: 0040CC99
  • xdelta3: runs: %I64u (%I64u bytes), xrefs: 0040CCCF
  • , xrefs: 0040C31B
  • xdelta3: source hash table size: %u, xrefs: 0040CBEA
  • xdelta3: warning: input position %I64u overflowed instruction buffer, needed %u (vs. %u), consider raising -I, xrefs: 0040C8AF
  • xdelta3: source copies: %I64u (%I64u bytes), xrefs: 0040CC2D
  • input read failed, xrefs: 0040C5BC
  • fgk, xrefs: 0040C2D4
  • xdelta3: invalid string match specifier (-C) %d: %s, xrefs: 0040C3F4
  • xdelta3: warning: input window %I64u..%I64u has no source copies, xrefs: 0040C852
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: Time_fprintf$_memset$FileLocalSystemUnothrow_t@std@@@__ehfuncinfo$??2@_strtol
  • String ID: $djw$fgk$input read failed$xdelta3: %I64u: in %s (%s): out %s (%s): total in %s: out %s: %s$xdelta3: %I64u: in %s: out %s: total in %s: out %s: %s$xdelta3: %s: %s$xdelta3: adds: %I64u (%I64u bytes)$xdelta3: compression level: %d$xdelta3: finished in %s; input %I64u output %I64u bytes (%0.2f%%)$xdelta3: input requires a source file, use -s$xdelta3: internal error$xdelta3: invalid string match specifier (-C) %d: %s$xdelta3: nothing to output: %s$xdelta3: runs: %I64u (%I64u bytes)$xdelta3: scanner configuration: %s$xdelta3: source copies: %I64u (%I64u bytes)$xdelta3: source hash table size: %u$xdelta3: target copies: %I64u (%I64u bytes)$xdelta3: target hash table size: %u$xdelta3: unrecognized secondary compressor type: %s$xdelta3: warning: input position %I64u overflowed instruction buffer, needed %u (vs. %u), consider raising -I$xdelta3: warning: input window %I64u..%I64u has no source copies$xdelta3: warning: output window %I64u does not copy source
  • API String ID: 2132240471-2679980791
  • Opcode ID: c34595216da85bd0731b743fbcc7a04f21f3492e5ca10f62491940867d340d7e
  • Instruction ID: bed8a38ed4c89740abb10915bf89e26e3e2f10b6be73277c6cadcda6ba39037b
  • Opcode Fuzzy Hash: c34595216da85bd0731b743fbcc7a04f21f3492e5ca10f62491940867d340d7e
  • Instruction Fuzzy Hash: DE6281B1908340DBD730DF15DC81BABB7E4AB84304F544A3EF989A3381D779A9448B9E
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetStartupInfoA.KERNEL32(00431678), ref: 0040D0D4
  • _setvbuf.LIBCMT ref: 0040D0E9
  • _memset.LIBCMT ref: 0040D0F6
  • _memset.LIBCMT ref: 0040D110
  • _memset.LIBCMT ref: 0040D127
    • Part of subcall function 0040CF80: _getenv.LIBCMT ref: 0040CF89
  • _fprintf.LIBCMT ref: 0040D50D
  • _fprintf.LIBCMT ref: 0040D556
  • _fprintf.LIBCMT ref: 0040D573
  • _fprintf.LIBCMT ref: 0040D826
  • _fprintf.LIBCMT ref: 0040D874
  • _fprintf.LIBCMT ref: 0040D8B1
  • _fprintf.LIBCMT ref: 0040D900
  • _fprintf.LIBCMT ref: 0040D93A
  • _fprintf.LIBCMT ref: 0040D96F
  • _fprintf.LIBCMT ref: 0040D7F5
    • Part of subcall function 004134B2: __stbuf.LIBCMT ref: 004135C0
    • Part of subcall function 004134B2: __output_l.LIBCMT ref: 004135D0
    • Part of subcall function 004134B2: __ftbuf.LIBCMT ref: 004135DA
    • Part of subcall function 00412599: __lock.LIBCMT ref: 004125B7
    • Part of subcall function 00412599: ___sbh_find_block.LIBCMT ref: 004125C2
    • Part of subcall function 00412599: ___sbh_free_block.LIBCMT ref: 004125D1
    • Part of subcall function 00412599: RtlFreeHeap.NTDLL(00000000,?,004292B0,0000000C,004155AC,00000000,00429418,0000000C,004155E4,?,?,?,00418986,00000004,00429560,0000000C), ref: 00412601
    • Part of subcall function 00412599: GetLastError.KERNEL32(?,?,00000000), ref: 00412612
  • _fprintf.LIBCMT ref: 0040D9A0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$_memset$ErrorFreeHeapInfoLastStartup___sbh_find_block___sbh_free_block__ftbuf__lock__output_l__stbuf_getenv_setvbuf
  • String ID: 0123456789cdefhnqvDJNORTVs:B:C:E:F:I:L:O:M:P:W:A::S::$VERSION=3.0q$XD3_GETSRCBLK$XD3_GOTHEADER$XD3_INPUT$XD3_INTERNAL$XD3_OUTPUT$XD3_TOOFARBACK$XD3_WINFINISH$XD3_WINSTART$config$decode$encode$open$printdelta$printhdr$printhdrs$read$test$xC$xdelta3: -%c: requires an argument$xdelta3: file %s failed: %s: %s: %s$xdelta3: free: %p$xdelta3: invalid file name: empty string$xdelta3: specify only one source file$xdelta3: too many filenames: %s ...$xdelta3: warning: -D option ignored, external compression support was not compiled$xdelta3: warning: -R option ignored, external compression support was not compiled$xdelta3: warning: -c option overrides output filename: %s
  • API String ID: 3198944415-2602256574
  • Opcode ID: 15dac77270cb26487c8acf43366a6c72126822a17b6564c9e56e0dbc96678566
  • Instruction ID: 9b8da2179774ce916dea7b08226e857232292324e63dad5920dd3750710d5aaa
  • Opcode Fuzzy Hash: 15dac77270cb26487c8acf43366a6c72126822a17b6564c9e56e0dbc96678566
  • Instruction Fuzzy Hash: 4B32F0B1E04301ABD720AF919C41B2B76A4AB94354F14893FF845AB3C1E77CD8498B9F
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$_abort
  • String ID: ...$%.3f$check failure: p_off == compress_size$check failure: p_off == input_size$test %u: decode: %s$test %u: encode: %s$aB
  • API String ID: 2929311799-2853849506
  • Opcode ID: f67aa9b3102c5c4c77704ba18d6ba0626aae958bc2488314c44c6cff712498b4
  • Instruction ID: 30ae7d70c24b089ae1e698078d04e21be63510297335e842cd9dbd3ecbbc1ae5
  • Opcode Fuzzy Hash: f67aa9b3102c5c4c77704ba18d6ba0626aae958bc2488314c44c6cff712498b4
  • Instruction Fuzzy Hash: 72F19DB16043019FC720DFA9C881A6BB7E5AF88704F04883EF94597741E7BDE919CB5A
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset
  • String ID: ``B
  • API String ID: 2102423945-1253660969
  • Opcode ID: e8294ca56f66d56ce4af6ec6d7dc5dc324d7e4496f592a8e64d831dc367cc040
  • Instruction ID: fed0a18117d76c8e2a95ef93aa4c4143a770f095fe4f1af2b1fbe99ef2a6eeb7
  • Opcode Fuzzy Hash: e8294ca56f66d56ce4af6ec6d7dc5dc324d7e4496f592a8e64d831dc367cc040
  • Instruction Fuzzy Hash: 2B62D2716083418BC724CF18C98466BB7E6BFC8344F15893EE885A73C1E7B9E945CB96
Uniqueness

Uniqueness Score: -1.00%

APIs
  • IsDebuggerPresent.KERNEL32 ref: 00413EEB
  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413F00
  • UnhandledExceptionFilter.KERNEL32(004241F4), ref: 00413F0B
  • GetCurrentProcess.KERNEL32(C0000409), ref: 00413F27
  • TerminateProcess.KERNEL32(00000000), ref: 00413F2E
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
  • String ID:
  • API String ID: 2579439406-0
  • Opcode ID: 59a1e3e0951bc8bcf3843257b7dcd402e16eaa24fd269c424051526cb17fc53d
  • Instruction ID: 4f9943922c853b68310e82beda2b5c690eb4637ebacd9f8e714b31cc37a3870d
  • Opcode Fuzzy Hash: 59a1e3e0951bc8bcf3843257b7dcd402e16eaa24fd269c424051526cb17fc53d
  • Instruction Fuzzy Hash: 5521CBB4A00309DFC720EF25ED49A447BB8FB98345FD0543AE90992261E7B49982CF9D
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0bc4f2c4c4e6231821aec3b75f3737bc73dd696c8cbd2f42607c0bea2930934a
  • Instruction ID: bfdaaa5c31c23b6754037eea33c79803bdeb4834f692d7d50883a8bc3ee7517b
  • Opcode Fuzzy Hash: 0bc4f2c4c4e6231821aec3b75f3737bc73dd696c8cbd2f42607c0bea2930934a
  • Instruction Fuzzy Hash: 01E1D2716087029BD324CF29C99076BB7E2AF94304F58893EE49A97392E738EC45CB55
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0dc8013dbd2d401ca9cb039c4059a1c513abc430571fb3202a8b79744ffbb104
  • Instruction ID: a1f953bb43880397322eb09e5953858c29a0541c5a7afcd85b3779cf948898f1
  • Opcode Fuzzy Hash: 0dc8013dbd2d401ca9cb039c4059a1c513abc430571fb3202a8b79744ffbb104
  • Instruction Fuzzy Hash: DDE1D0716087428BD724CF29C59076BBBE2BB84304F18893EE49697392E338FC45CB65
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 961138e3767220d1b093e4fa02852f3e1b0ac7d7c7f6ae0b1212de131fc08b91
  • Instruction ID: 32be89c6fab72f131f177511c6d36bb04c05cb98b25b81c36999fe9874a63f47
  • Opcode Fuzzy Hash: 961138e3767220d1b093e4fa02852f3e1b0ac7d7c7f6ae0b1212de131fc08b91
  • Instruction Fuzzy Hash: 97E1D4716087028BD324CF25C59076BBBE2AF94304F58893EE4D697392E739F845CB69
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: cf41ed2f0fddf3f18781c486da26122dc6c4860bd12ada61e77046e2654a54e3
  • Instruction ID: 710d81177ad4225b1c4037e74cb12741c78b931ea92ec05f2fa9f3fc774b7906
  • Opcode Fuzzy Hash: cf41ed2f0fddf3f18781c486da26122dc6c4860bd12ada61e77046e2654a54e3
  • Instruction Fuzzy Hash: EBD1A1716083018FD714DF35D980A67B7E5AFD8308F04497EE99AA7392E738E904CB5A
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b6cf1c6951002f8d65e851a8f3f209dabe1673a35b4df0a485be6bec68292255
  • Instruction ID: 333f3691e9a1fe821844efa08ff69a787720e9aed00482db8f31ef2f4c4c4020
  • Opcode Fuzzy Hash: b6cf1c6951002f8d65e851a8f3f209dabe1673a35b4df0a485be6bec68292255
  • Instruction Fuzzy Hash: 7AE15F756047018BD324DF28C681B6BB7E1AF94304F54893EE4DA97781EB38F845CB5A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • -q be quiet, xrefs: 0040DC66
  • -c use stdout, xrefs: 0040DBF3
  • -cf target-x.z.tar.gz.vcdiff target-x.y/, xrefs: 0040DE1E
  • printhdrs print information about all windows, xrefs: 0040DBB1
  • -0 .. -9 compression level, xrefs: 0040DBDD
  • XDELTA="-s source-x.y.tar.gz" \, xrefs: 0040DDF2
  • printdelta print information about the entire delta, xrefs: 0040DB85
  • -P size compression duplicates window, xrefs: 0040DCEA
  • -d decompress, xrefs: 0040DC09
  • -f force overwrite, xrefs: 0040DC3A
  • VERSION=3.0q, xrefs: 0040DAD0
  • usage: xdelta3 [command/options] [input [output]], xrefs: 0040DAE6
  • -S [djw|fgk] enable/disable secondary compression, xrefs: 0040DD42
  • -C soft config (encode, undocumented), xrefs: 0040DDB0
  • memory options:, xrefs: 0040DCA8
  • the XDELTA environment variable may contain extra args:, xrefs: 0040DDDC
  • special command names:, xrefs: 0040DAFC
  • -V show version, xrefs: 0040DC92
  • -n disable checksum (encode/decode), xrefs: 0040DD9A
  • tar --use-compress-program=xdelta3 \, xrefs: 0040DE08
  • compression options:, xrefs: 0040DD16
  • standard options:, xrefs: 0040DBC7
  • -D disable external decompression (encode/decode), xrefs: 0040DD6E
  • -N disable small string-matching compression, xrefs: 0040DD58
  • decode decompress the input, xrefs: 0040DB28
  • -W bytes input window size, xrefs: 0040DCD4
  • special commands for VCDIFF inputs:, xrefs: 0040DB6F
  • config prints xdelta3 configuration, xrefs: 0040DB12
  • -h show help, xrefs: 0040DC50
  • printhdr print information about the first window, xrefs: 0040DB9B
  • -v be verbose (max 2), xrefs: 0040DC7C
  • test run the builtin tests, xrefs: 0040DB59
  • -I size instruction buffer size (0 = unlimited), xrefs: 0040DD00
  • encode compress the input%s, xrefs: 0040DB43
  • -B bytes source window size, xrefs: 0040DCBE
  • -A [apphead] disable/provide application header (encode), xrefs: 0040DDC6
  • -s source source file to copy from (if any), xrefs: 0040DD2C
  • -R disable external recompression (decode), xrefs: 0040DD84
  • -e compress%s, xrefs: 0040DC24
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$__ftbuf__output_l__stbuf
  • String ID: -cf target-x.z.tar.gz.vcdiff target-x.y/$ config prints xdelta3 configuration$ decode decompress the input$ encode compress the input%s$ printdelta print information about the entire delta$ printhdr print information about the first window$ printhdrs print information about all windows$ test run the builtin tests$ -0 .. -9 compression level$ -A [apphead] disable/provide application header (encode)$ -B bytes source window size$ -C soft config (encode, undocumented)$ -D disable external decompression (encode/decode)$ -I size instruction buffer size (0 = unlimited)$ -N disable small string-matching compression$ -P size compression duplicates window$ -R disable external recompression (decode)$ -S [djw|fgk] enable/disable secondary compression$ -V show version$ -W bytes input window size$ -c use stdout$ -d decompress$ -e compress%s$ -f force overwrite$ -h show help$ -n disable checksum (encode/decode)$ -q be quiet$ -s source source file to copy from (if any)$ -v be verbose (max 2)$ XDELTA="-s source-x.y.tar.gz" \$ tar --use-compress-program=xdelta3 \$VERSION=3.0q$compression options:$memory options:$special command names:$special commands for VCDIFF inputs:$standard options:$the XDELTA environment variable may contain extra args:$usage: xdelta3 [command/options] [input [output]]
  • API String ID: 1591213610-542097067
  • Opcode ID: b7ef986e1867e74a2d021af0f4a78638e50226b7936b3be3bbee628ffbdc4d11
  • Instruction ID: eed095e66bbbc1bcbf26937e2f74c8bf0e7c684b5e6b6da8a864d8977e78a2a5
  • Opcode Fuzzy Hash: b7ef986e1867e74a2d021af0f4a78638e50226b7936b3be3bbee628ffbdc4d11
  • Instruction Fuzzy Hash: 7C51EEF3E943513AEE113AB36D07B9E14180D3178B758449BF805E5286F89EE7E8127E
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$__ftbuf__output_l__stbuf
  • String ID: EXTERNAL_COMPRESSION=%d$GENERIC_ENCODE_TABLES=%d$GENERIC_ENCODE_TABLES_COMPUTE=%d$REGRESSION_TEST=%d$SECONDARY_DJW=%d$SECONDARY_FGK=%d$VCDIFF_TOOLS=%d$VERSION=3.0q$XD3_ALLOCSIZE=%d$XD3_DEBUG=%d$XD3_DEFAULT_IOPT_SIZE=%d$XD3_DEFAULT_LEVEL=%d$XD3_DEFAULT_SPREVSZ=%d$XD3_DEFAULT_SRCWINSZ=%d$XD3_DEFAULT_WINSIZE=%d$XD3_ENCODER=%d$XD3_HARDMAXWINSIZE=%d$XD3_NODECOMPRESSSIZE=%d$XD3_POSIX=%d$XD3_STDIO=%d$XD3_USE_LARGEFILE64=%d$XD3_WIN32=%d
  • API String ID: 1591213610-571660088
  • Opcode ID: b74708afb919403dcec2504ea26f5835ce94261bc4b94367ce114dd28a8180c6
  • Instruction ID: 68f90707eba5049fbe9e1363bd20fbd2962929a01969d34e3ca3df8ad4c3ac7e
  • Opcode Fuzzy Hash: b74708afb919403dcec2504ea26f5835ce94261bc4b94367ce114dd28a8180c6
  • Instruction Fuzzy Hash: 06411BF3E9035136EA213AB32D07F9A10180F31B89F59445AB505F92C6F8DED6E8126E
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,00413D45), ref: 0041706C
  • __mtterm.LIBCMT ref: 00417078
    • Part of subcall function 00416DB9: __decode_pointer.LIBCMT ref: 00416DCA
    • Part of subcall function 00416DB9: TlsFree.KERNEL32(00000001,004171E5), ref: 00416DE4
  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0041708E
  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0041709B
  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004170A8
  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004170B5
  • TlsAlloc.KERNEL32 ref: 00417105
  • TlsSetValue.KERNEL32(00000000), ref: 00417120
  • __init_pointers.LIBCMT ref: 0041712A
  • __encode_pointer.LIBCMT ref: 00417135
  • __encode_pointer.LIBCMT ref: 00417145
  • __encode_pointer.LIBCMT ref: 00417155
  • __encode_pointer.LIBCMT ref: 00417165
  • __decode_pointer.LIBCMT ref: 00417186
  • __calloc_crt.LIBCMT ref: 0041719F
  • __decode_pointer.LIBCMT ref: 004171B9
  • __initptd.LIBCMT ref: 004171C8
  • GetCurrentThreadId.KERNEL32 ref: 004171CF
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
  • API String ID: 2657569430-3819984048
  • Opcode ID: a6499e4239d3f86b4a436f8fe9234ad7bee9ee56388b2d303b213bd0607ba977
  • Instruction ID: d3cbb86fa9ba5a1638ae6ae1e859364bae43ba85bd9bbd26be9c30b05aafa1cc
  • Opcode Fuzzy Hash: a6499e4239d3f86b4a436f8fe9234ad7bee9ee56388b2d303b213bd0607ba977
  • Instruction Fuzzy Hash: 42314D71B153509BC7316B75BE096967BA5EB44364B96053FE910D22A0EF38C4C28F9C
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 0040BB61
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,00800000,00000000), ref: 0040BB6B
  • _fprintf.LIBCMT ref: 0040BC4D
  • _fprintf.LIBCMT ref: 0040BC70
  • _fprintf.LIBCMT ref: 0040BD76
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$ErrorFileLastSize
  • String ID: PC$pC$xC$xdelta3: %s: %s$xdelta3: source %s winsize %s size %I64u$xdelta3: source block size: %u$bC
  • API String ID: 3480055526-3390289391
  • Opcode ID: f1858e074ad664bcc69a86c58e3516a8032f762f2571ef27597372ead9b08948
  • Instruction ID: f5a9081865a84b86171c4559b17a3d3018df6f68e8dbb6ea095c9f1123952d70
  • Opcode Fuzzy Hash: f1858e074ad664bcc69a86c58e3516a8032f762f2571ef27597372ead9b08948
  • Instruction Fuzzy Hash: 8771B2B1A00302ABD710DF29DC41A26B7A1FB84714B55867FE805DB395D738E845CBDD
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _fprintf.LIBCMT ref: 0040EAD8
  • _abort.LIBCMT ref: 0040EAE0
  • _fprintf.LIBCMT ref: 0040EB3E
  • _abort.LIBCMT ref: 0040EB46
    • Part of subcall function 0041242B: __NMSG_WRITE.LIBCMT ref: 00412452
    • Part of subcall function 0041242B: _raise.LIBCMT ref: 00412463
    • Part of subcall function 0041242B: _memset.LIBCMT ref: 004124E6
    • Part of subcall function 0041242B: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?), ref: 00412506
    • Part of subcall function 0041242B: UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 00412510
  • _fprintf.LIBCMT ref: 0040EB62
  • _abort.LIBCMT ref: 0040EB6A
  • _memset.LIBCMT ref: 0040ED6C
Strings
  • check failure: take > 0, xrefs: 0040EACA
  • header test, xrefs: 0040EBD0
  • check failure: ret == XD3_OUTPUT, xrefs: 0040EB30
  • this is a storyabouttttttttttt- his is a stor- about nothing all. boutique -his story is a -about what happens all the time what -am I ttttttt the person said, so what, per son - gory story is - about nothing -tttttt to test -his sto nothing, xrefs: 0040ECB8
  • check failure: pos == enc_size, xrefs: 0040EB54
  • dB, xrefs: 0040EBAD
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _abort_fprintf$ExceptionFilterUnhandled_memset$_raise
  • String ID: dB$check failure: pos == enc_size$check failure: ret == XD3_OUTPUT$check failure: take > 0$header test$this is a storyabouttttttttttt- his is a stor- about nothing all. boutique -his story is a -about what happens all the time what -am I ttttttt the person said, so what, per son - gory story is - about nothing -tttttt to test -his sto nothing
  • API String ID: 3481615875-3406696395
  • Opcode ID: b93b68a40fb8c06d0e07f12cfb270602f1f5b460640202d6e5c67905fc017c9b
  • Instruction ID: 2842cd822838c953873fd1ee06b06a48f7cab80fb48fe35a5ecb74503b11c957
  • Opcode Fuzzy Hash: b93b68a40fb8c06d0e07f12cfb270602f1f5b460640202d6e5c67905fc017c9b
  • Instruction Fuzzy Hash: B58159B2A042518BEB219E3BC85076B37A0FF91304F59493BEC85B73C5E63EDD54825A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • source read failed, xrefs: 0040C051
  • xdelta3: source file size change: %s, xrefs: 0040C07A
  • bC, xrefs: 0040BF60
  • xdelta3: source block %I64u read (lru_hits=%u, lru_misses=%u, lru_filled=%u), xrefs: 0040C11D
  • pC, xrefs: 0040BFD2
  • xdelta3: source block %I64u ejects %I64u (lru_hits=%u, lru_misses=%u, lru_filled=%u), xrefs: 0040C0F0
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: __aullrem_fprintf
  • String ID: pC$source read failed$xdelta3: source block %I64u ejects %I64u (lru_hits=%u, lru_misses=%u, lru_filled=%u)$xdelta3: source block %I64u read (lru_hits=%u, lru_misses=%u, lru_filled=%u)$xdelta3: source file size change: %s$bC
  • API String ID: 348705442-2405392611
  • Opcode ID: 96754e89944680e5fcdea3328afa7df629fc6168268c4cecc5b328b0d5cd47ab
  • Instruction ID: 61811503db1ae96327bcfe30c6fae124393eb87fe9b4ef0bf171478ce39df81d
  • Opcode Fuzzy Hash: 96754e89944680e5fcdea3328afa7df629fc6168268c4cecc5b328b0d5cd47ab
  • Instruction Fuzzy Hash: D0B149B5604302DFC314CF29D88096BB7E5FB88324B158A6EE859D73A1E734E845CB99
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 0040A610: __vsnprintf.LIBCMT ref: 0040A620
  • _fprintf.LIBCMT ref: 0040A8B5
    • Part of subcall function 0040A470: WriteFile.KERNEL32(?,00000000,00000000,0040AE9D,00000000,?,00000000,0040AE9D,print), ref: 0040A47F
    • Part of subcall function 0040A470: GetLastError.KERNEL32(?,00000000,00000000,0040AE9D,00000000,?,00000000,0040AE9D,print), ref: 0040A48D
    • Part of subcall function 0040A470: _memset.LIBCMT ref: 0040A4BC
    • Part of subcall function 0040A470: FormatMessageA.KERNEL32(00001200,00000000,FFFFBAD2,00000400,00430D78,00000100,00000000,?,?,?,0040AE9D,print), ref: 0040A4DD
    • Part of subcall function 0040A470: _fprintf.LIBCMT ref: 0040A500
  • _fprintf.LIBCMT ref: 0040A894
    • Part of subcall function 0040A470: _fprintf.LIBCMT ref: 0040A521
    • Part of subcall function 0040A470: _fprintf.LIBCMT ref: 0040A54F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$ErrorFileFormatLastMessageWrite__vsnprintf_memset
  • String ID: $ %06I64u %03u %s %3u$ %s %3u$ Offset Code Type1 Size1 @Addr1 + Type2 Size2 @Addr2$ @%-6u$print$xdelta3: address section inconsistency$xdelta3: internal print buffer overflow: %d bytes$xdelta3: target window position inconsistency$xdelta3: target window size inconsistency
  • API String ID: 2046023046-582609334
  • Opcode ID: 2f64314286f85b7f326c4702b7453ee353c4bf2d0f1a7acf504b8516265d8a60
  • Instruction ID: 3e315dbcb74ad613d1d8d5cf319dce78a37ca7def70011002547cea25818a874
  • Opcode Fuzzy Hash: 2f64314286f85b7f326c4702b7453ee353c4bf2d0f1a7acf504b8516265d8a60
  • Instruction Fuzzy Hash: 6F5115B2B0070067D710B6729D49B777395EB91308F58843FE689A72C1E67DE872835E
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _fprintf.LIBCMT ref: 0040C6F2
  • _fprintf.LIBCMT ref: 0040C860
  • _fprintf.LIBCMT ref: 0040C8BD
  • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8D7
  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8E7
  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0040C8FE
  • _fprintf.LIBCMT ref: 0040CDDF
Strings
  • xdelta3: warning: output window %I64u does not copy source, xrefs: 0040C6E4
  • xdelta3: warning: input position %I64u overflowed instruction buffer, needed %u (vs. %u), consider raising -I, xrefs: 0040C8AF
  • xdelta3: %I64u: in %s (%s): out %s (%s): total in %s: out %s: %s, xrefs: 0040CA15
  • xdelta3: warning: input window %I64u..%I64u has no source copies, xrefs: 0040C852
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$Time$FileLocalSystemUnothrow_t@std@@@__ehfuncinfo$??2@
  • String ID: xdelta3: %I64u: in %s (%s): out %s (%s): total in %s: out %s: %s$xdelta3: warning: input position %I64u overflowed instruction buffer, needed %u (vs. %u), consider raising -I$xdelta3: warning: input window %I64u..%I64u has no source copies$xdelta3: warning: output window %I64u does not copy source
  • API String ID: 2464776517-3835980559
  • Opcode ID: 1a4e7a9fbf6c4a9322328c64f662f25f634dd92ea978a7b9f07782cc89b0e150
  • Instruction ID: a1f74b80040b3f6b1011bd599ed9c576db9eb27da69c4c714494482050790261
  • Opcode Fuzzy Hash: 1a4e7a9fbf6c4a9322328c64f662f25f634dd92ea978a7b9f07782cc89b0e150
  • Instruction Fuzzy Hash: A27165B1508341EFD730DB25CC85EAB73A8EBC4304F05492EF949A3281D679AD558B6A
Uniqueness

Uniqueness Score: -1.00%

APIs
  • WriteFile.KERNEL32(?,00000000,00000000,0040AE9D,00000000,?,00000000,0040AE9D,print), ref: 0040A47F
  • GetLastError.KERNEL32(?,00000000,00000000,0040AE9D,00000000,?,00000000,0040AE9D,print), ref: 0040A48D
  • _memset.LIBCMT ref: 0040A4BC
  • FormatMessageA.KERNEL32(00001200,00000000,FFFFBAD2,00000400,00430D78,00000100,00000000,?,?,?,0040AE9D,print), ref: 0040A4DD
  • _fprintf.LIBCMT ref: 0040A500
  • _fprintf.LIBCMT ref: 0040A521
  • _fprintf.LIBCMT ref: 0040A54F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$ErrorFileFormatLastMessageWrite_memset
  • String ID: xC$xdelta3: %s: %s: %s$xdelta3: Incorrect write count$xdelta3: main write: %s: %u
  • API String ID: 2330806397-3951970701
  • Opcode ID: 3f14ff43247324f056c0bdfbf4089415513c307e0fbb91d3d66556406e5b590b
  • Instruction ID: c1be8b47a8a5abcdd86612c2091bb16fa2cffef80765a0e0063fd82ef8c4bf86
  • Opcode Fuzzy Hash: 3f14ff43247324f056c0bdfbf4089415513c307e0fbb91d3d66556406e5b590b
  • Instruction Fuzzy Hash: A32105F27403117BE610AAA59C06FA76258EF54789F50412AF904E62C1E27CECA087AE
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset$_rand
  • String ID: aB
  • API String ID: 3289902143-388806
  • Opcode ID: dec201a12626bdeef4042b6b1ff51a5ce86ae10e3b70a0f9cab0266deea58ac8
  • Instruction ID: 4731bdf024d357f82b7f5245e91a0100860ac7d99e2e91b2d1fd7a7edc031c04
  • Opcode Fuzzy Hash: dec201a12626bdeef4042b6b1ff51a5ce86ae10e3b70a0f9cab0266deea58ac8
  • Instruction Fuzzy Hash: 14A10371B007029BC314DF69DC84BAAB7E4BF84304F44892AE958A7381D77DE975CB89
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$_abort_memset
  • String ID: %I64d$%d/%d$check failure: 0$test %u: expected %s: got %s$VB
  • API String ID: 1893654454-740388804
  • Opcode ID: 70b02f1614e78850452f411be9deecc84f743fc769a13263540e82e95f47361f
  • Instruction ID: f7ad14c891882672a3e1eb092f9679f32c81cdf115aa4b8fa67e5539f9aa2761
  • Opcode Fuzzy Hash: 70b02f1614e78850452f411be9deecc84f743fc769a13263540e82e95f47361f
  • Instruction Fuzzy Hash: D571F5B16043459FD720CF38C841BABB7E5AF85304F44895EE588C7342E7B9E989CB96
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _fprintf.LIBCMT ref: 0040A2D7
  • CreateFileA.KERNEL32(00800000,-80000000,00000001,00000000,-00000001,00000080,00000000,?,00000000,0040BB4C,00427498), ref: 0040A31C
  • GetLastError.KERNEL32 ref: 0040A329
  • _fprintf.LIBCMT ref: 0040A36E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$CreateErrorFileLast
  • String ID: open$read$write$xdelta3: file %s failed: %s: %s: %s$xdelta3: invalid file name: empty string
  • API String ID: 4200196036-2393832087
  • Opcode ID: 489d000d7102938283df6ed7996188f1939ffb5598820ca124b679e2706050b2
  • Instruction ID: 5e37b91a7c6b0deb62da34543a5da5f0696cfeec8a1746d1c0bfee4ac32e8869
  • Opcode Fuzzy Hash: 489d000d7102938283df6ed7996188f1939ffb5598820ca124b679e2706050b2
  • Instruction Fuzzy Hash: 7121DEB17403026BE7105B29EC01B2B7798AB81314F54813BF909E66C0E77DE8A0875D
Uniqueness

Uniqueness Score: -1.00%

APIs
  • CloseHandle.KERNEL32(?,source,?,0040A23E,source,00000000,0040AE58), ref: 0040A1B0
  • GetLastError.KERNEL32 ref: 0040A1C0
  • GetLastError.KERNEL32 ref: 0040A1E8
  • _fprintf.LIBCMT ref: 0040A215
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ErrorLast$CloseHandle_fprintf
  • String ID: close$read$source$write$xdelta3: file %s failed: %s: %s: %s
  • API String ID: 1381260728-1124401914
  • Opcode ID: 894bd204f79af348e6930b99a8e836384a63827529e1bc2471af1953783cf3af
  • Instruction ID: 95d813044c59065c7a50d27da48df0ab0308e3b88b6fdf6f05ed2db50c538fa6
  • Opcode Fuzzy Hash: 894bd204f79af348e6930b99a8e836384a63827529e1bc2471af1953783cf3af
  • Instruction Fuzzy Hash: 4E01263270031157CB20A67EBC00B27328C9B96370B4542B3F824EB3D5EA79CC52836E
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _malloc.LIBCMT ref: 00409E02
    • Part of subcall function 00412676: __FF_MSGBANNER.LIBCMT ref: 00412699
    • Part of subcall function 00412676: __NMSG_WRITE.LIBCMT ref: 004126A0
    • Part of subcall function 00412676: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004175C2,?,00000001,?,00415555,00000018,00429418,0000000C,004155E4,?), ref: 004126EE
  • _memset.LIBCMT ref: 00409E29
  • FormatMessageA.KERNEL32(00001200,00000000,0000000C,00000400,00430D78,00000100,00000000,?,?,?,0040B8C9,?,00000000,?,?,0040AE07), ref: 00409E49
  • _fprintf.LIBCMT ref: 00409E63
  • _fprintf.LIBCMT ref: 00409E88
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$AllocateFormatHeapMessage_malloc_memset
  • String ID: xC$xdelta3: malloc: %s$xdelta3: malloc: %u: %p
  • API String ID: 1165338136-4250961212
  • Opcode ID: 35e116d460288beae08329f4072b9e276feb4a32543610c1986d0170cc202697
  • Instruction ID: 35067cfaf4b5591becb749631058de9e09c11805fa83595a52ae57b9a4cbe866
  • Opcode Fuzzy Hash: 35e116d460288beae08329f4072b9e276feb4a32543610c1986d0170cc202697
  • Instruction Fuzzy Hash: 8FF049B1B8022176F62136A66C07FE729488B55FD9F01427AFA04E92C2E5AC9CD442ED
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • check failure: memcmp(target, recon, recon_size) == 0, xrefs: 0041089D
  • check failure: tpos == recon_size, xrefs: 004107F2
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset$_abort_fprintf
  • String ID: check failure: memcmp(target, recon, recon_size) == 0$check failure: tpos == recon_size
  • API String ID: 3563680212-3537244434
  • Opcode ID: 3a36a88b653e83c53a0a8c9cbf0c948b988b0bfcc6aa79a40ffd48590d54dbe3
  • Instruction ID: bb2cd12cc23465aa88ea312cfd2402e5235c83b1fb47797e3c60c9afec886896
  • Opcode Fuzzy Hash: 3a36a88b653e83c53a0a8c9cbf0c948b988b0bfcc6aa79a40ffd48590d54dbe3
  • Instruction Fuzzy Hash: A351FCB29083414BE321B6359C117DB7794BB91308F45452EE9C4D6382E9B9D9C887DA
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$__stat64i32
  • String ID: (stdout)$xdelta3: output file: %s$xdelta3: to overwrite output file specify -f: %s$xdelta3: using standard output: %s
  • API String ID: 4057777869-1964124342
  • Opcode ID: bf9f3f658c6531fb946d0e7de0f1857a4d7c3b0e68eec4f1080d6104eb8238f7
  • Instruction ID: 8c64a9c82c28a6ccd0098ae7d9b6ea767ce57b6390761f254b2370e083966063
  • Opcode Fuzzy Hash: bf9f3f658c6531fb946d0e7de0f1857a4d7c3b0e68eec4f1080d6104eb8238f7
  • Instruction Fuzzy Hash: 5001C4B1B103029BD720AB62DC07B6733A49F60308F44447EE815D2391F37DE9988B8E
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,?,0040C03D,?,?,?,00000000,?), ref: 0040A586
  • GetLastError.KERNEL32 ref: 0040A590
  • _memset.LIBCMT ref: 0040A5BB
  • FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,00430D78,00000100,00000000), ref: 0040A5DC
  • _fprintf.LIBCMT ref: 0040A5FA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ErrorFileFormatLastMessagePointer_fprintf_memset
  • String ID: xC$xdelta3: seek failed: %s: %s
  • API String ID: 1566271167-1147637659
  • Opcode ID: 7808042b860abd396951378a70f90b19e17f96bd04fb16e35e67ead96a535a45
  • Instruction ID: d8e1584209d0638e8a134e7695ca1f64ee70e0138ecf95c9a72fd9eaadd5986b
  • Opcode Fuzzy Hash: 7808042b860abd396951378a70f90b19e17f96bd04fb16e35e67ead96a535a45
  • Instruction Fuzzy Hash: 2D0120B17403213BE22156609C16FAB665CDF88F45F004116FE40F72C0E678EC90479D
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _abort_fprintf_memset
  • String ID: %I64d$%d/%d$check failure: 0
  • API String ID: 787416719-3688481091
  • Opcode ID: 1c93071c35640179b1fd8f74d63fc1a05f52a720d7c63df9e3c6964a274c1206
  • Instruction ID: 8833ecf355402944232ae7289c12939bfcf26791303b629f3be53812b1715e06
  • Opcode Fuzzy Hash: 1c93071c35640179b1fd8f74d63fc1a05f52a720d7c63df9e3c6964a274c1206
  • Instruction Fuzzy Hash: 4751E3716043459FD720CF28C9917EBB7E2AF85304F08895EE488D7301E7B9E989CB96
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _strtol.LIBCMT ref: 0040A111
    • Part of subcall function 00412A4F: strtoxq.LIBCMT ref: 00412A6E
  • _fprintf.LIBCMT ref: 0040A14B
Strings
  • xdelta3: -%c: negative integer: %s, xrefs: 0040A128
  • xdelta3: -%c: minimum value: %u, xrefs: 0040A16D
  • xdelta3: -%c: maximum value: %u, xrefs: 0040A18C
  • xdelta3: -%c: invalid integer: %s, xrefs: 0040A13D
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf_strtolstrtoxq
  • String ID: xdelta3: -%c: invalid integer: %s$xdelta3: -%c: maximum value: %u$xdelta3: -%c: minimum value: %u$xdelta3: -%c: negative integer: %s
  • API String ID: 2729484075-3312379364
  • Opcode ID: 8b6af85d00c7980ad98fb7145df286e3118b2baf890ffda0bf5776eeb59a3fd8
  • Instruction ID: 2b0f36ee782d36656b34a5a35f5b4a0821a02018dd85a99d9680b7cce00c9975
  • Opcode Fuzzy Hash: 8b6af85d00c7980ad98fb7145df286e3118b2baf890ffda0bf5776eeb59a3fd8
  • Instruction Fuzzy Hash: D81148B174431029E61899259C41F7F626ECBC2755F28853FB412ED1C0E67ECC75821F
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 0040A610: __vsnprintf.LIBCMT ref: 0040A620
  • _fprintf.LIBCMT ref: 0040A93E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: __vsnprintf_fprintf
  • String ID: XDELTA ext comp (%s): %s$XDELTA filename (%s): %s$output$print$xdelta3: internal print buffer overflow: %d bytes
  • API String ID: 1864331155-1463258687
  • Opcode ID: 738a20da18a640150b410c2cab8a0aca482c7e5107fe78c14562bd0af6afde48
  • Instruction ID: 2cd89be100ebc818142a06773c3df70ea006c865a3640dcad95b8a09adab4076
  • Opcode Fuzzy Hash: 738a20da18a640150b410c2cab8a0aca482c7e5107fe78c14562bd0af6afde48
  • Instruction Fuzzy Hash: 5101C6F67003002BE700A576AC45B2B3398EB95758F59043BF604E7681F67DE830826E
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • check failure: delpos + stream->avail_out <= IDB_DELSZ, xrefs: 00410178
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _abort_fprintf_rand
  • String ID: check failure: delpos + stream->avail_out <= IDB_DELSZ
  • API String ID: 399396772-3754903434
  • Opcode ID: 9fbeadd75e334f2fba38904b22af708c35d77207a82858c5a66dc9c86c521c2d
  • Instruction ID: d3f413e3596d5784bf9692fff4575afde38a4c6a2ad83cfaa3b47e81f6e0bb3c
  • Opcode Fuzzy Hash: 9fbeadd75e334f2fba38904b22af708c35d77207a82858c5a66dc9c86c521c2d
  • Instruction Fuzzy Hash: 859104B19043404BC760DF29C8852AFBBE0EFC5314F84496FE89997381E7B9D9C48B5A
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _memset.LIBCMT ref: 0040E951
    • Part of subcall function 004050E0: _memset.LIBCMT ref: 0040510B
    • Part of subcall function 004050E0: _memset.LIBCMT ref: 0040511B
  • _memset.LIBCMT ref: 0040EA56
Strings
  • this is a storyabouttttttttttt- his is a stor- about nothing all. boutique -his story is a -about what happens all the time what -am I ttttttt the person said, so what, per son - gory story is - about nothing -tttttt to test -his sto nothing, xrefs: 0040E9C9
  • test, xrefs: 0040E994
  • ,^B, xrefs: 0040E9DB
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset
  • String ID: ,^B$test$this is a storyabouttttttttttt- his is a stor- about nothing all. boutique -his story is a -about what happens all the time what -am I ttttttt the person said, so what, per son - gory story is - about nothing -tttttt to test -his sto nothing
  • API String ID: 2102423945-2234346011
  • Opcode ID: 65d5f63856f11980ed1dd4bc103fb32f9b495586bcdd724b0cc940fce3eaa243
  • Instruction ID: 52b90f919f53f529172a403a0bd6be58ce32f71b533421eb45458726bf6c7668
  • Opcode Fuzzy Hash: 65d5f63856f11980ed1dd4bc103fb32f9b495586bcdd724b0cc940fce3eaa243
  • Instruction Fuzzy Hash: BB3170B17047009BE3309F29984175BB6E4FBC9740F64482FF698E7281D7BCA8058B9A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf_strncpy_strrchr
  • String ID: 0qB$xdelta3: using default %s filename: %s
  • API String ID: 3938189075-463031970
  • Opcode ID: 3cfcb68b382c0baa1c9bfd0d47ab753c2c2c6a908a111c31492d13b6b0ad05d7
  • Instruction ID: 51885b14070c0ce271349f48fc9fc53db4b690e5283f9c3581250465f4dd212c
  • Opcode Fuzzy Hash: 3cfcb68b382c0baa1c9bfd0d47ab753c2c2c6a908a111c31492d13b6b0ad05d7
  • Instruction Fuzzy Hash: 00318DB59002019FDB10DF15D885B63B7E5EF84314F1884AAEC489B396D338EC84CBE8
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _strrchr
  • String ID: /dev/stderr$/dev/stdin$/dev/stdout$0qB
  • API String ID: 3213747228-159927350
  • Opcode ID: 3d8ea82f62fed55d97e8da8296d0d3425574a30ce64219921aee43c55a0470e6
  • Instruction ID: e57488c4e842a6f0f184ee794c2a5ad386fdc57304002c85b290bd24e0b05846
  • Opcode Fuzzy Hash: 3d8ea82f62fed55d97e8da8296d0d3425574a30ce64219921aee43c55a0470e6
  • Instruction Fuzzy Hash: A3F08253B1416512EB30141E7C517B78689DFD0336F8D897BB408EB395EB2D8C8211DC
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset
  • String ID: 0[B$|cB
  • API String ID: 2102423945-3586930868
  • Opcode ID: 9854e5f49c2be3260de64f89b1fc39139249da65e6dfcd2c1fefd3528073da72
  • Instruction ID: 522864efe6ac2c5966ae0aff7d518a20c7ecc99cb99218814e602c5a661ed220
  • Opcode Fuzzy Hash: 9854e5f49c2be3260de64f89b1fc39139249da65e6dfcd2c1fefd3528073da72
  • Instruction Fuzzy Hash: D1913B75A006048BDB54DF29E88079A77E0FB44350F8480BBED08DB786E779D849DF98
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset
  • String ID: 8^B
  • API String ID: 2102423945-1775451484
  • Opcode ID: a7b4b07d176aa50da384c34afb3a7dc2bb4a12846affb1a3c99342bcac51db52
  • Instruction ID: 7604ae2796702f703e5b9a440c34d86fe37d37757565e1aabc00fea581f1fc6d
  • Opcode Fuzzy Hash: a7b4b07d176aa50da384c34afb3a7dc2bb4a12846affb1a3c99342bcac51db52
  • Instruction Fuzzy Hash: 12414DB19083449BD3609B15D88179FB7E4EB84754F50483FF684A7380EBB8A589CB9B
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _memset
  • String ID: aB
  • API String ID: 2102423945-388806
  • Opcode ID: 283602042321818998c0e9b078767b34f7b76793c9b2d779875a7254e57d7f5e
  • Instruction ID: f7697014712e27378084d2317c5a44a78c7162e95c41682c6955d5bd37747870
  • Opcode Fuzzy Hash: 283602042321818998c0e9b078767b34f7b76793c9b2d779875a7254e57d7f5e
  • Instruction Fuzzy Hash: 1B3162B1A047009BE760CB69DC81B67B3E8AF94718F14482FE95A96781D7BCF844C716
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf
  • String ID: source$xdelta3: free: %p
  • API String ID: 1654120334-2575477617
  • Opcode ID: cedb24491e4d2dc51a270a358deeef36b8170788ed59a125daed88030c8e24fc
  • Instruction ID: d884ded36b80e3d757b5c84f4e8d51f51d6a8c06ff9932d11cfbd24420ed6b8a
  • Opcode Fuzzy Hash: cedb24491e4d2dc51a270a358deeef36b8170788ed59a125daed88030c8e24fc
  • Instruction Fuzzy Hash: 70F0F4F2C0132167CE207B625C4674772146F12714B0941BEE804BF386E77D88A486DF
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetFileSizeEx.KERNEL32(?,00000002,?,?,?,?,?,?,?,?,00000000), ref: 0040BDAA
  • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,?,?,00000000), ref: 0040BDB4
  • _fprintf.LIBCMT ref: 0040BE09
Strings
  • xdelta3: input window size: %u, xrefs: 0040BDFB
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ErrorFileLastSize_fprintf
  • String ID: xdelta3: input window size: %u
  • API String ID: 3186004188-1508254048
  • Opcode ID: 024b900dcb3b62ec2e3ba4011c27cfc4541b5d8ebdb3772edb506fbb3488e772
  • Instruction ID: c5e0ac6a9114703366e6a9d6db5c87d88132a852df33fa58559ba4f8cd5b9956
  • Opcode Fuzzy Hash: 024b900dcb3b62ec2e3ba4011c27cfc4541b5d8ebdb3772edb506fbb3488e772
  • Instruction Fuzzy Hash: FAF08CB0B00205ABD720BF34ED45A2BB3A4EF44340B51057AE901E6284E73C8856CACE
Uniqueness

Uniqueness Score: -1.00%

APIs
  • DeleteFileA.KERNEL32(`#A,0040DF2E,0042C550,00412360,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041E84C
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,000000FF), ref: 0041E856
  • __dosmaperr.LIBCMT ref: 0041E865
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: DeleteErrorFileLast__dosmaperr
  • String ID: `#A
  • API String ID: 1545401867-149165141
  • Opcode ID: b761b5ad6b573e1914a5c8c0e62fdfde509fa821f40362c7fa0dbb301b248da6
  • Instruction ID: 9f17402c037701772a6532323bf0a4db9223f76727d6e9b23667d4449c211768
  • Opcode Fuzzy Hash: b761b5ad6b573e1914a5c8c0e62fdfde509fa821f40362c7fa0dbb301b248da6
  • Instruction Fuzzy Hash: 59D0C734215501E59E603F339C0955776949F887117940D37B815C20D4EF2DCDC2F51D
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleA.KERNEL32(KERNEL32,0041E8E2), ref: 0041F7D0
  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0041F7E0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: IsProcessorFeaturePresent$KERNEL32
  • API String ID: 1646373207-3105848591
  • Opcode ID: 6de7a0a9fa753d665444ba25a4429878f8f6581086751924b1b864940627dfff
  • Instruction ID: d02513843afc6cf0f27fa2dcd871e7e94944032905e29290591ed709a60a720a
  • Opcode Fuzzy Hash: 6de7a0a9fa753d665444ba25a4429878f8f6581086751924b1b864940627dfff
  • Instruction Fuzzy Hash: AEC0123078121062EA201BB0BC4ABAA6018ABC0B42FA0007BA225D00C4CF68C087842E
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0041B963
  • __isleadbyte_l.LIBCMT ref: 0041B997
  • MultiByteToWideChar.KERNEL32(?,00000009,00000108,?,?,00000000,?,?,?), ref: 0041B9C8
  • MultiByteToWideChar.KERNEL32(?,00000009,00000108,00000001,?,00000000,?,?,?), ref: 0041BA36
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
  • String ID:
  • API String ID: 3058430110-0
  • Opcode ID: 8d5b98cbec2e8dfce033a9766fc67a5be3136d74ebb63ea3490a6ec876ca8688
  • Instruction ID: c70d6cfd035e9ede62d8c9414b718c2a4bd3818f93a34f9c7181de7de1635dff
  • Opcode Fuzzy Hash: 8d5b98cbec2e8dfce033a9766fc67a5be3136d74ebb63ea3490a6ec876ca8688
  • Instruction Fuzzy Hash: BE31E27161024AEFDF20DFA4C841AEE3BA4EF01311F04856BE5A58B291D3349D82DB95
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __cftof_l.LIBCMT ref: 0041F6E3
    • Part of subcall function 0041F50E: __fltout2.LIBCMT ref: 0041F538
  • __cftog_l.LIBCMT ref: 0041F709
  • __cftoe_l.LIBCMT ref: 0041F73B
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
  • String ID:
  • API String ID: 3016257755-0
  • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
  • Instruction ID: 1847f5ae4f15b612ad123e43592d6dae059e874de73c1ea79706daa35d036e03
  • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
  • Instruction Fuzzy Hash: 0F018332000149BBCF125E85DC41CEE3F62BB18344B18842AFE2854171C33AC9B6AB89
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00416F2D: __getptd_noexit.LIBCMT ref: 00416F2E
    • Part of subcall function 00416F2D: __amsg_exit.LIBCMT ref: 00416F3B
  • __amsg_exit.LIBCMT ref: 0041655C
  • __lock.LIBCMT ref: 0041656C
  • InterlockedDecrement.KERNEL32(?), ref: 00416589
  • InterlockedIncrement.KERNEL32(00591308), ref: 004165B4
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
  • String ID:
  • API String ID: 2880340415-0
  • Opcode ID: bb2087907a74886b176e40e1224e453eea662d2686115c418b5a37a6645a4bef
  • Instruction ID: 8091d23f1509363e627b4dff52befe54c28da104462b70f88f43b2c858cb2879
  • Opcode Fuzzy Hash: bb2087907a74886b176e40e1224e453eea662d2686115c418b5a37a6645a4bef
  • Instruction Fuzzy Hash: A9018E31B01A21BBCA20AB26B4067DA77A2AF04754F56401BE90067284CB2CDDD2CB9E
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 0040E930: _memset.LIBCMT ref: 0040E951
    • Part of subcall function 0040E930: _memset.LIBCMT ref: 0040EA56
    • Part of subcall function 0040EA80: _fprintf.LIBCMT ref: 0040EAD8
    • Part of subcall function 0040EA80: _abort.LIBCMT ref: 0040EAE0
  • _fprintf.LIBCMT ref: 0040EEE2
  • _fprintf.LIBCMT ref: 0040EF40
Strings
  • non-failures %u; expected %u, xrefs: 0040EED4
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf$_memset$_abort
  • String ID: non-failures %u; expected %u
  • API String ID: 3822703549-128235556
  • Opcode ID: 9a046ebf246961229425126d15db2fde79a995087ecdf541cd39e151e4120e3a
  • Instruction ID: c50ea1f71e5f3764863498dfd1ee152bc96fb80f0bb9a4a5a5c8355b6728f186
  • Opcode Fuzzy Hash: 9a046ebf246961229425126d15db2fde79a995087ecdf541cd39e151e4120e3a
  • Instruction Fuzzy Hash: 8F4101B26003015BD318DB29DC427ABB3D4FB88304F84483EFA45D2281F778E968869A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • check failure: r == test_ptr->output, xrefs: 00410ABD
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _abort_fprintf
  • String ID: check failure: r == test_ptr->output
  • API String ID: 742544005-77445981
  • Opcode ID: 8259589c425b3f17d96af9209eafbdf76ca90fc9c4fd9171d80ef9a65e70c9dc
  • Instruction ID: 2a8f779f883dd4f0ceace08e2df6d465dc79d244704e09f5acf51e1c0fb110ae
  • Opcode Fuzzy Hash: 8259589c425b3f17d96af9209eafbdf76ca90fc9c4fd9171d80ef9a65e70c9dc
  • Instruction Fuzzy Hash: 695179B09097819FD378CF2AD58079AFBE1BB88300F508A2EE59D97350E77494848F96
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _fprintf.LIBCMT ref: 0040FBFD
  • _abort.LIBCMT ref: 0040FC05
    • Part of subcall function 0041242B: __NMSG_WRITE.LIBCMT ref: 00412452
    • Part of subcall function 0041242B: _raise.LIBCMT ref: 00412463
    • Part of subcall function 0041242B: _memset.LIBCMT ref: 004124E6
    • Part of subcall function 0041242B: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?), ref: 00412506
    • Part of subcall function 0041242B: UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 00412510
Strings
  • check failure: d->type1 > 0, xrefs: 0040FBEF
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$_abort_fprintf_memset_raise
  • String ID: check failure: d->type1 > 0
  • API String ID: 1580787292-2088976014
  • Opcode ID: e46ca6311f207e6cb970682f46ec2f2e5627d47f6770b67943e078d4f15b4fc0
  • Instruction ID: cc93c8dd0abdc2be4ab1e798a0f6ff31a1d8845b666cdd50692b668e8f2e0fc2
  • Opcode Fuzzy Hash: e46ca6311f207e6cb970682f46ec2f2e5627d47f6770b67943e078d4f15b4fc0
  • Instruction Fuzzy Hash: 9241ABB080C3814ED760DF2984912AFBFE0AF85344F44487FE8D8D6B81E338854A9B5A
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _fprintf.LIBCMT ref: 0040FBFD
  • _abort.LIBCMT ref: 0040FC05
    • Part of subcall function 0041242B: __NMSG_WRITE.LIBCMT ref: 00412452
    • Part of subcall function 0041242B: _raise.LIBCMT ref: 00412463
    • Part of subcall function 0041242B: _memset.LIBCMT ref: 004124E6
    • Part of subcall function 0041242B: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?), ref: 00412506
    • Part of subcall function 0041242B: UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 00412510
Strings
  • check failure: d->type1 > 0, xrefs: 0040FBEF
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$_abort_fprintf_memset_raise
  • String ID: check failure: d->type1 > 0
  • API String ID: 1580787292-2088976014
  • Opcode ID: 2c2d88019861493f129f194ad55fc5dff6a6c90fcfd049471acca8d61f07ecdb
  • Instruction ID: f2c718ddd8cbb09335cb3cced02785ec371bfcc050f4de5c9758d17ba8cb4fff
  • Opcode Fuzzy Hash: 2c2d88019861493f129f194ad55fc5dff6a6c90fcfd049471acca8d61f07ecdb
  • Instruction Fuzzy Hash: 2B214AB080C3815FE760DF39845136ABBE1BB89304F44497FE9D8D3B81E339854A8B4A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: __aulldiv__aullrem
  • String ID: ,gB
  • API String ID: 3839614884-2088287050
  • Opcode ID: ceebf066499f8028388251e967d695089cf1a33f061dd34118c4381a68356eb9
  • Instruction ID: 0b6cc57d01a942a73c014fc8f7cfebe24c0825ef45b30aa3332e946557c0e635
  • Opcode Fuzzy Hash: ceebf066499f8028388251e967d695089cf1a33f061dd34118c4381a68356eb9
  • Instruction Fuzzy Hash: 1A016171300A055BD220DB39A9446B7B3E8EF88329F500A7FE94EC6641D736BC118B98
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetDriveTypeA.KERNEL32(?,?,0041CC26,?,00000000,00000007,00000007,?,0041CD6B,00000000,?,?,00429680,0000000C,00418B7D,?), ref: 0041CBFE
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: DriveType
  • String ID: :$\
  • API String ID: 338552980-1166558509
  • Opcode ID: 2bc3c8bef575c1dd0502c2fbeb5131ad50e7a7d3696e0b3d01c2de2a6861482c
  • Instruction ID: 964940f75fc57f7670360abd5f890c92da0b876e2fb729a32312822ce3c26448
  • Opcode Fuzzy Hash: 2bc3c8bef575c1dd0502c2fbeb5131ad50e7a7d3696e0b3d01c2de2a6861482c
  • Instruction Fuzzy Hash: 9EE0483034C2889DEF518BB8AC857DB3FCC9B11688F04C056E84CCE201E135D695C796
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • xdelta3: warning: external support not compiled: original input was compressed: %s, xrefs: 0040B648
  • xdelta3: warning: cannot recompress output: unrecognized external compression ID: %s, xrefs: 0040B635
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: _fprintf
  • String ID: xdelta3: warning: cannot recompress output: unrecognized external compression ID: %s$xdelta3: warning: external support not compiled: original input was compressed: %s
  • API String ID: 1654120334-1697500560
  • Opcode ID: f2680a563dd1b3ebe481298b165ee31b25116d07a14eb686f9d0245c690956de
  • Instruction ID: 078aa273e9d716f0c2bf821100412726252dede16ee3ef77ba1091a13fec9de4
  • Opcode Fuzzy Hash: f2680a563dd1b3ebe481298b165ee31b25116d07a14eb686f9d0245c690956de
  • Instruction Fuzzy Hash: 7AE08671A04302AADE2077756D06F132198CBA0754F0144BBF400E62D1F77E894545AF
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _memset.LIBCMT ref: 00409F06
  • FormatMessageA.KERNEL32(00001200,00000000,00000000,00000400,00430D78,00000100,00000000,?,0040A1FC), ref: 00409F27
Strings
Memory Dump Source
  • Source File: 00000000.00000002.366648507.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.366638362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366668238.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366674766.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.366679351.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_XDelta3.jbxd
Similarity
  • API ID: FormatMessage_memset
  • String ID: xC
  • API String ID: 2405959848-4292382365
  • Opcode ID: ebcb83b9dcf571aab5d68da72e87f7297b7977094f5f8b8041b38d946c9918c7
  • Instruction ID: 9feebdd9ec90b21b9daf853614203f7db33c6c1e11cef5687d46134b992bded9
  • Opcode Fuzzy Hash: ebcb83b9dcf571aab5d68da72e87f7297b7977094f5f8b8041b38d946c9918c7
  • Instruction Fuzzy Hash: 7ED0C9747C470137F16266A51C17FDA15888F58F8EFA09222BB40F81D2E5EC7881406D
Uniqueness

Uniqueness Score: -1.00%