Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
68#U2591.exe

Overview

General Information

Sample name:68#U2591.exe
renamed because original name is a hash value
Original sample name: .exe
Analysis ID:1467849
MD5:22342e77c7b9c74bccf3eb48621e3e4b
SHA1:68577e7840691d8a0c8533f0c703f13432cad144
SHA256:3d686d48bf794ce3814f7001c4f5916733acf2eeab5140e373e0bd863f105a25
Tags:DCRATexe
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found evasive API chain (date check)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 68#U2591.exe (PID: 6576 cmdline: "C:\Users\user\Desktop\68#U2591.exe" MD5: 22342E77C7B9C74BCCF3EB48621E3E4B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 68#U2591.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 68#U2591.exe
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC0B190 SetDlgItemTextW,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,SetForegroundWindow,DialogBoxParamW,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7FEC0B190
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7FEBF40BC
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC1FCA0 FindFirstFileExA,0_2_00007FF7FEC1FCA0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC07D10 SetWindowLongPtrW,NtdllDefWindowProc_W,NtdllDefWindowProc_W,0_2_00007FF7FEC07D10
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBEC2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7FEBEC2F0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC0CE880_2_00007FF7FEC0CE88
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBE5E240_2_00007FF7FEBE5E24
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC107540_2_00007FF7FEC10754
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFA4AC0_2_00007FF7FEBFA4AC
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC0B1900_2_00007FF7FEC0B190
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC01F200_2_00007FF7FEC01F20
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFAF180_2_00007FF7FEBFAF18
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC220800_2_00007FF7FEC22080
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC08DF40_2_00007FF7FEC08DF4
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC107540_2_00007FF7FEC10754
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC02D580_2_00007FF7FEC02D58
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC04B980_2_00007FF7FEC04B98
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF5B600_2_00007FF7FEBF5B60
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFBB900_2_00007FF7FEBFBB90
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC18C1C0_2_00007FF7FEC18C1C
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC189A00_2_00007FF7FEC189A0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC039640_2_00007FF7FEC03964
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFC96C0_2_00007FF7FEBFC96C
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBEF9300_2_00007FF7FEBEF930
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF49280_2_00007FF7FEBF4928
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC25AF80_2_00007FF7FEC25AF8
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBE1AA40_2_00007FF7FEBE1AA4
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC02AB00_2_00007FF7FEC02AB0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC1FA940_2_00007FF7FEC1FA94
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF1A480_2_00007FF7FEBF1A48
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBE48400_2_00007FF7FEBE4840
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC1C8380_2_00007FF7FEC1C838
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFB5340_2_00007FF7FEBFB534
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC225500_2_00007FF7FEC22550
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBE76C00_2_00007FF7FEBE76C0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC053F00_2_00007FF7FEC053F0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC034840_2_00007FF7FEC03484
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC021D00_2_00007FF7FEC021D0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFF1800_2_00007FF7FEBFF180
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBEC2F00_2_00007FF7FEBEC2F0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBEA3100_2_00007FF7FEBEA310
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF126C0_2_00007FF7FEBF126C
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBE72880_2_00007FF7FEBE7288
Source: C:\Users\user\Desktop\68#U2591.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: clean4.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBEB6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF7FEBEB6D8
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC08624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF7FEC08624
Source: 68#U2591.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\68#U2591.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeFile read: C:\Users\user\Desktop\68#U2591.exeJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: ehstorshell.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeSection loaded: networkexplorer.dllJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: C:\Users\user\Desktop\68#U2591.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 68#U2591.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 68#U2591.exeStatic file information: File size 3200437 > 1048576
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 68#U2591.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: 68#U2591.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 68#U2591.exe
Source: 68#U2591.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 68#U2591.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 68#U2591.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 68#U2591.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 68#U2591.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: 68#U2591.exeStatic PE information: section name: .didat
Source: 68#U2591.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC25166 push rsi; retf 0_2_00007FF7FEC25167
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC25156 push rsi; retf 0_2_00007FF7FEC25157
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeMemory allocated: 1D80A200000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeMemory allocated: 1D80E880000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-26067
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC0B190 SetDlgItemTextW,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,SetForegroundWindow,DialogBoxParamW,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7FEC0B190
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7FEBF40BC
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC1FCA0 FindFirstFileExA,0_2_00007FF7FEC1FCA0
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC116A4 VirtualQuery,GetSystemInfo,0_2_00007FF7FEC116A4
Source: 68#U2591.exe, 00000000.00000003.2209584881.000001D80E46B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: 68#U2591.exe, 00000000.00000003.2073400394.000001D80E46F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: 68#U2591.exe, 00000000.00000003.3033217202.000001D80E467000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}2
Source: 68#U2591.exe, 00000000.00000003.2623368167.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 68#U2591.exe, 00000000.00000003.3175942372.000001D80E44C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar&Prod_VMware_SATA_CD00#4&
Source: 68#U2591.exe, 00000000.00000003.2073400394.000001D80E46F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\#
Source: 68#U2591.exe, 00000000.00000003.3033217202.000001D80E467000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:U
Source: 68#U2591.exe, 00000000.00000003.3031890332.000001D80E44C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
Source: 68#U2591.exe, 00000000.00000003.2623368167.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: 68#U2591.exe, 00000000.00000003.3031890332.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: 68#U2591.exe, 00000000.00000003.2622294439.000001D80E44C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_p
Source: 68#U2591.exe, 00000000.00000003.2622294439.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\2
Source: 68#U2591.exe, 00000000.00000002.3248490915.000001D80E44C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: 68#U2591.exe, 00000000.00000003.2209888802.000001D80E466000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
Source: 68#U2591.exe, 00000000.00000003.2623368167.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Local PicturesProd_VMware_SATA_CD00#4&
Source: 68#U2591.exe, 00000000.00000003.3033217202.000001D80E467000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}\W
Source: 68#U2591.exe, 00000000.00000003.3031890332.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\W
Source: 68#U2591.exe, 00000000.00000003.3175942372.000001D80E44C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
Source: 68#U2591.exe, 00000000.00000003.2623368167.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: 68#U2591.exe, 00000000.00000003.3176038912.000001D80E467000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 68#U2591.exe, 00000000.00000003.2073400394.000001D80E480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 07500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 68#U2591.exe, 00000000.00000003.3031890332.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 68#U2591.exe, 00000000.00000003.2209584881.000001D80E46B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: 68#U2591.exe, 00000000.00000003.2623368167.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\2
Source: 68#U2591.exe, 00000000.00000002.3247009335.000001D0080F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_p<
Source: 68#U2591.exe, 00000000.00000002.3248490915.000001D80E44C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
Source: 68#U2591.exe, 00000000.00000003.2622294439.000001D80E46E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\W
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC176D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FEC176D8
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC20D20 GetProcessHeap,0_2_00007FF7FEC20D20
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC176D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FEC176D8
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC13354 SetUnhandledExceptionFilter,0_2_00007FF7FEC13354
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC12510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7FEC12510
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC13170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FEC13170
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBFDC70 cpuid 0_2_00007FF7FEBFDC70
Source: C:\Users\user\Desktop\68#U2591.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF7FEC0A2CC
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEC10754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7FEC10754
Source: C:\Users\user\Desktop\68#U2591.exeCode function: 0_2_00007FF7FEBF4EB0 GetVersionExW,0_2_00007FF7FEBF4EB0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory21
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets34
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
68#U2591.exe5%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1467849
Start date and time:2024-07-04 22:02:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 8s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:68#U2591.exe
renamed because original name is a hash value
Original Sample Name: .exe
Detection:CLEAN
Classification:clean4.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 45
  • Number of non-executed functions: 104
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Report size getting too big, too many NtEnumerateKey calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: 68#U2591.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):7.931418959089458
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:68#U2591.exe
File size:3'200'437 bytes
MD5:22342e77c7b9c74bccf3eb48621e3e4b
SHA1:68577e7840691d8a0c8533f0c703f13432cad144
SHA256:3d686d48bf794ce3814f7001c4f5916733acf2eeab5140e373e0bd863f105a25
SHA512:3ad6747d0e26c85d6dded7d55a5e028f6132276c4a2dc85072468655decefe0706231cd3c4cf2b27a5be8f8209b4f64c513a1a7c70aff4a98749fcc0c4b37bc6
SSDEEP:98304:ZqwC4+8R/uFrEEgEmHmcHqonAkr/zB7Rd:ZqwwY/MQ59HqS1r/zB7Rd
TLSH:40E5231AE6E804F5D0A6D538CA674D43F3BA7C4E1330978F13A5656B2F272A0DE2E711
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

File Icon

Icon Hash:1515d4d4442f2d2d

Static PE Info

General

Entrypoint:0x140032ee0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:2
File Version Major:5
File Version Minor:2
Subsystem Version Major:5
Subsystem Version Minor:2
Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F44C4C3DB48h
dec eax
add esp, 28h
jmp 00007F44C4C3D4DFh
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+08h], ebx
dec eax
mov dword ptr [eax+10h], ebp
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
inc ecx
push esi
dec eax
sub esp, 20h
dec ebp
mov edx, dword ptr [ecx+38h]
dec eax
mov esi, edx
dec ebp
mov esi, eax
dec eax
mov ebp, ecx
dec ecx
mov edx, ecx
dec eax
mov ecx, esi
dec ecx
mov edi, ecx
inc ecx
mov ebx, dword ptr [edx]
dec eax
shl ebx, 04h
dec ecx
add ebx, edx
dec esp
lea eax, dword ptr [ebx+04h]
call 00007F44C4C3C963h
mov eax, dword ptr [ebp+04h]
and al, 66h
neg al
mov eax, 00000001h
sbb edx, edx
neg edx
add edx, eax
test dword ptr [ebx+04h], edx
je 00007F44C4C3D673h
dec esp
mov ecx, edi
dec ebp
mov eax, esi
dec eax
mov edx, esi
dec eax
mov ecx, ebp
call 00007F44C4C3F687h
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
mov edi, dword ptr [esp+48h]
dec eax
add esp, 20h
inc ecx
pop esi
ret
int3
int3
int3
dec eax
sub esp, 48h
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F44C4C2BEF3h
dec eax
lea edx, dword ptr [00025747h]
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F44C4C3E742h
int3
jmp 00007F44C4C44924h
int3
int3
int3
int3
int3
int3

Rich Headers

Programming Language:
  • [ C ] VS2008 SP1 build 30729
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000xe3bc.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x7f0000x970.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x700000xe3bc0xe4001b279dad3e3d77fcdfb269a130bf474bFalse0.6334121436403509data6.778407783727912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x7f0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
PNG0x706740xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
PNG0x711bc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
RT_ICON0x727680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
RT_ICON0x72cd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
RT_ICON0x735780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
RT_ICON0x744200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
RT_ICON0x748880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
RT_ICON0x759300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
RT_ICON0x77ed80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
RT_DIALOG0x7bc4c0x2badata0.5286532951289399
RT_DIALOG0x7bf080x13adata0.6560509554140127
RT_DIALOG0x7c0440xf2data0.71900826446281
RT_DIALOG0x7c1380x14adata0.6
RT_DIALOG0x7c2840x314data0.47588832487309646
RT_DIALOG0x7c5980x24adata0.6279863481228669
RT_STRING0x7c7e40x1fcdata0.421259842519685
RT_STRING0x7c9e00x246data0.41924398625429554
RT_STRING0x7cc280x1a6data0.514218009478673
RT_STRING0x7cdd00xdcdata0.65
RT_STRING0x7ceac0x470data0.3873239436619718
RT_STRING0x7d31c0x164data0.5056179775280899
RT_STRING0x7d4800x110data0.5772058823529411
RT_STRING0x7d5900x158data0.4563953488372093
RT_STRING0x7d6e80xe8data0.5948275862068966
RT_STRING0x7d7d00x1c6data0.5242290748898678
RT_STRING0x7d9980x268data0.4837662337662338
RT_GROUP_ICON0x7dc000x68data0.7019230769230769
RT_MANIFEST0x7dc680x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

Imports

DLLImport
KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:16:02:51
Start date:04/07/2024
Path:C:\Users\user\Desktop\68#U2591.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\68#U2591.exe"
Imagebase:0x7ff7febe0000
File size:3'200'437 bytes
MD5 hash:22342E77C7B9C74BCCF3EB48621E3E4B
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:7.5%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:31.1%
    Total number of Nodes:1729
    Total number of Limit Nodes:25
    execution_graph 25983 7ff7fec1d94c 25984 7ff7fec1d997 25983->25984 25989 7ff7fec1d95b abort 25983->25989 25993 7ff7fec1d69c 15 API calls _invalid_parameter_noinfo_noreturn 25984->25993 25986 7ff7fec1d97e RtlAllocateHeap 25987 7ff7fec1d995 25986->25987 25986->25989 25989->25984 25989->25986 25990 7ff7fec1bbc0 25989->25990 25994 7ff7fec1bc00 25990->25994 25993->25987 25999 7ff7fec1f398 EnterCriticalSection 25994->25999 25996 7ff7fec1bc0d 25997 7ff7fec1f3f8 abort LeaveCriticalSection 25996->25997 25998 7ff7fec1bbd2 25997->25998 25998->25989 26000 7ff7fec12d6c 26025 7ff7fec127fc 26000->26025 26003 7ff7fec12eb8 26119 7ff7fec13170 7 API calls 2 library calls 26003->26119 26004 7ff7fec12d88 __scrt_acquire_startup_lock 26006 7ff7fec12ec2 26004->26006 26008 7ff7fec12da6 26004->26008 26120 7ff7fec13170 7 API calls 2 library calls 26006->26120 26009 7ff7fec12dcb 26008->26009 26016 7ff7fec12de8 __scrt_release_startup_lock 26008->26016 26033 7ff7fec1cd90 26008->26033 26010 7ff7fec12ecd abort 26012 7ff7fec12e51 26037 7ff7fec132bc 26012->26037 26014 7ff7fec12e56 26040 7ff7fec1cd20 26014->26040 26016->26012 26116 7ff7fec1c050 35 API calls __GSHandlerCheck_EH 26016->26116 26022 7ff7fec12e79 26022->26010 26118 7ff7fec12990 7 API calls __scrt_initialize_crt 26022->26118 26024 7ff7fec12e90 26024->26009 26121 7ff7fec12fb0 26025->26121 26028 7ff7fec1282b 26123 7ff7fec1cc50 26028->26123 26029 7ff7fec12827 26029->26003 26029->26004 26034 7ff7fec1cdcc 26033->26034 26035 7ff7fec1cdeb 26033->26035 26034->26035 26140 7ff7febe1120 26034->26140 26035->26016 26194 7ff7fec13cf0 26037->26194 26039 7ff7fec132d3 GetStartupInfoW 26039->26014 26196 7ff7fec20730 26040->26196 26042 7ff7fec12e5e 26045 7ff7fec10754 26042->26045 26043 7ff7fec1cd2f 26043->26042 26200 7ff7fec20ac0 35 API calls _snwprintf 26043->26200 26202 7ff7febfdfd0 26045->26202 26049 7ff7fec1079a 26289 7ff7fec0946c 26049->26289 26051 7ff7fec107a4 __scrt_get_show_window_mode 26294 7ff7fec09a14 26051->26294 26053 7ff7fec10819 26055 7ff7fec1096e GetCommandLineW 26053->26055 26103 7ff7fec10ddc 26053->26103 26054 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26058 7ff7fec10de2 26054->26058 26056 7ff7fec10b42 26055->26056 26057 7ff7fec10980 26055->26057 26304 7ff7febf6454 26056->26304 26354 7ff7febe129c 26057->26354 26349 7ff7fec17904 26058->26349 26061 7ff7fec10b51 26066 7ff7febe1fa0 31 API calls 26061->26066 26070 7ff7fec10b68 BuildCatchObjectHelperInternal 26061->26070 26063 7ff7fec10de8 26069 7ff7fec11900 _com_raise_error 14 API calls 26063->26069 26065 7ff7fec109a5 26364 7ff7fec0cad0 102 API calls 3 library calls 26065->26364 26066->26070 26067 7ff7fec10b93 SetEnvironmentVariableW GetLocalTime 26321 7ff7febf3e28 26067->26321 26073 7ff7fec10e34 26069->26073 26316 7ff7febe1fa0 26070->26316 26072 7ff7fec109af 26072->26058 26075 7ff7fec109f9 OpenFileMappingW 26072->26075 26076 7ff7fec10adb 26072->26076 26078 7ff7fec10a19 MapViewOfFile 26075->26078 26079 7ff7fec10ad0 CloseHandle 26075->26079 26083 7ff7febe129c 33 API calls 26076->26083 26078->26079 26081 7ff7fec10a3f UnmapViewOfFile MapViewOfFile 26078->26081 26079->26056 26080 7ff7fec10c5f 26341 7ff7febf98ac 26080->26341 26081->26079 26084 7ff7fec10a71 26081->26084 26086 7ff7fec10b00 26083->26086 26365 7ff7fec0a190 33 API calls 2 library calls 26084->26365 26085 7ff7fec10c75 26346 7ff7fec067b4 26085->26346 26369 7ff7fec0fd0c 35 API calls 2 library calls 26086->26369 26090 7ff7fec10a81 26366 7ff7fec0fd0c 35 API calls 2 library calls 26090->26366 26092 7ff7fec10b0a 26092->26056 26098 7ff7fec10dd7 26092->26098 26094 7ff7fec067b4 33 API calls 26096 7ff7fec10c87 DialogBoxParamW 26094->26096 26095 7ff7fec10a90 26367 7ff7febfb9b4 102 API calls 26095->26367 26102 7ff7fec10cd3 26096->26102 26100 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26098->26100 26099 7ff7fec10aa5 26368 7ff7febfbb00 102 API calls 26099->26368 26100->26103 26105 7ff7fec10cec 26102->26105 26106 7ff7fec10ce6 Sleep 26102->26106 26103->26054 26104 7ff7fec10ab8 26107 7ff7fec10ac7 UnmapViewOfFile 26104->26107 26109 7ff7fec10cfa 26105->26109 26370 7ff7fec09f4c 49 API calls 2 library calls 26105->26370 26106->26105 26107->26079 26110 7ff7fec10d5b 26109->26110 26113 7ff7fec10d6d 26109->26113 26371 7ff7fec0fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 26110->26371 26112 7ff7fec10d60 CloseHandle 26112->26113 26372 7ff7fec12320 26113->26372 26116->26012 26117 7ff7fec13300 GetModuleHandleW 26117->26022 26118->26024 26119->26006 26120->26010 26122 7ff7fec1281e __scrt_dllmain_crt_thread_attach 26121->26122 26122->26028 26122->26029 26124 7ff7fec20d4c 26123->26124 26125 7ff7fec12830 26124->26125 26128 7ff7fec1ec00 26124->26128 26125->26029 26127 7ff7fec151a0 7 API calls 2 library calls 26125->26127 26127->26029 26139 7ff7fec1f398 EnterCriticalSection 26128->26139 26130 7ff7fec1ec10 26131 7ff7fec2124c 32 API calls 26130->26131 26133 7ff7fec1ec19 26131->26133 26132 7ff7fec1ec27 26135 7ff7fec1f3f8 abort LeaveCriticalSection 26132->26135 26133->26132 26134 7ff7fec1ea18 34 API calls 26133->26134 26136 7ff7fec1ec22 26134->26136 26137 7ff7fec1ec33 26135->26137 26138 7ff7fec1eb04 GetStdHandle GetFileType 26136->26138 26137->26124 26138->26132 26145 7ff7febe91c8 26140->26145 26144 7ff7fec12a01 26144->26034 26153 7ff7febf56a4 26145->26153 26147 7ff7febe91df 26156 7ff7febfb788 26147->26156 26151 7ff7febe1130 26152 7ff7fec129bc 34 API calls 26151->26152 26152->26144 26162 7ff7febf56e8 26153->26162 26171 7ff7febe13a4 26156->26171 26159 7ff7febe9a28 26160 7ff7febf56e8 2 API calls 26159->26160 26161 7ff7febe9a36 26160->26161 26161->26151 26163 7ff7febf56fe __scrt_get_show_window_mode 26162->26163 26166 7ff7febfeba4 26163->26166 26169 7ff7febfeb58 GetCurrentProcess GetProcessAffinityMask 26166->26169 26170 7ff7febf56de 26169->26170 26170->26147 26172 7ff7febe142d 26171->26172 26173 7ff7febe13ad 26171->26173 26172->26159 26174 7ff7febe13ce 26173->26174 26175 7ff7febe143d 26173->26175 26179 7ff7febe13db __scrt_get_show_window_mode 26174->26179 26181 7ff7fec121d0 26174->26181 26191 7ff7febe2018 33 API calls std::_Xinvalid_argument 26175->26191 26190 7ff7febe197c 31 API calls _invalid_parameter_noinfo_noreturn 26179->26190 26182 7ff7fec121db 26181->26182 26183 7ff7fec121f4 26182->26183 26184 7ff7fec1bbc0 abort 2 API calls 26182->26184 26185 7ff7fec121fa 26182->26185 26183->26179 26184->26182 26186 7ff7fec12205 26185->26186 26192 7ff7fec12f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 26185->26192 26193 7ff7febe1f80 33 API calls 3 library calls 26186->26193 26189 7ff7fec1220b 26190->26172 26192->26186 26193->26189 26195 7ff7fec13cd0 26194->26195 26195->26039 26195->26195 26197 7ff7fec2073d 26196->26197 26198 7ff7fec20749 26196->26198 26201 7ff7fec20570 48 API calls 4 library calls 26197->26201 26198->26043 26200->26043 26201->26198 26381 7ff7fec12450 26202->26381 26205 7ff7febfe026 GetProcAddress 26208 7ff7febfe053 GetProcAddress 26205->26208 26209 7ff7febfe03b 26205->26209 26206 7ff7febfe07b 26207 7ff7febfe503 26206->26207 26414 7ff7fec1b788 39 API calls 2 library calls 26206->26414 26211 7ff7febf6454 34 API calls 26207->26211 26208->26206 26212 7ff7febfe068 26208->26212 26209->26208 26214 7ff7febfe50c 26211->26214 26212->26206 26213 7ff7febfe3b0 26213->26207 26215 7ff7febfe3ba 26213->26215 26383 7ff7febf7df4 26214->26383 26217 7ff7febf6454 34 API calls 26215->26217 26218 7ff7febfe3c3 CreateFileW 26217->26218 26220 7ff7febfe403 SetFilePointer 26218->26220 26221 7ff7febfe4f0 CloseHandle 26218->26221 26220->26221 26222 7ff7febfe41c ReadFile 26220->26222 26223 7ff7febe1fa0 31 API calls 26221->26223 26222->26221 26224 7ff7febfe444 26222->26224 26223->26207 26225 7ff7febfe800 26224->26225 26226 7ff7febfe458 26224->26226 26429 7ff7fec12624 8 API calls 26225->26429 26231 7ff7febe129c 33 API calls 26226->26231 26228 7ff7febfe805 26229 7ff7febfe53e CompareStringW 26242 7ff7febfe51a 26229->26242 26230 7ff7febe129c 33 API calls 26230->26242 26235 7ff7febfe48f 26231->26235 26234 7ff7febe1fa0 31 API calls 26234->26242 26239 7ff7febfe4db 26235->26239 26415 7ff7febfd0a0 33 API calls 26235->26415 26236 7ff7febfe7c2 26241 7ff7febe1fa0 31 API calls 26236->26241 26237 7ff7febfe648 26416 7ff7febf7eb0 47 API calls 26237->26416 26243 7ff7febe1fa0 31 API calls 26239->26243 26245 7ff7febfe7cb 26241->26245 26242->26229 26242->26230 26242->26234 26252 7ff7febfe5cc 26242->26252 26391 7ff7febf51a4 26242->26391 26396 7ff7febf8090 26242->26396 26400 7ff7febf32bc 26242->26400 26246 7ff7febfe4e5 26243->26246 26244 7ff7febfe651 26247 7ff7febf51a4 9 API calls 26244->26247 26249 7ff7febe1fa0 31 API calls 26245->26249 26250 7ff7febe1fa0 31 API calls 26246->26250 26251 7ff7febfe656 26247->26251 26248 7ff7febe129c 33 API calls 26248->26252 26253 7ff7febfe7d5 26249->26253 26250->26221 26254 7ff7febfe706 26251->26254 26262 7ff7febfe661 26251->26262 26252->26248 26255 7ff7febf8090 47 API calls 26252->26255 26260 7ff7febe1fa0 31 API calls 26252->26260 26264 7ff7febf32bc 51 API calls 26252->26264 26269 7ff7febfe63a 26252->26269 26256 7ff7fec12320 _handle_error 8 API calls 26253->26256 26427 7ff7febfda98 48 API calls 26254->26427 26255->26252 26258 7ff7febfe7e4 26256->26258 26279 7ff7febf62dc GetCurrentDirectoryW 26258->26279 26259 7ff7febfe74b AllocConsole 26261 7ff7febfe755 GetCurrentProcessId AttachConsole 26259->26261 26265 7ff7febfe6fb 26259->26265 26260->26252 26263 7ff7febfe76c 26261->26263 26417 7ff7febfaae0 26262->26417 26272 7ff7febfe778 GetStdHandle WriteConsoleW Sleep FreeConsole 26263->26272 26264->26252 26428 7ff7febe19e0 31 API calls _invalid_parameter_noinfo_noreturn 26265->26428 26269->26236 26269->26237 26270 7ff7febfe7b9 ExitProcess 26272->26265 26273 7ff7febfe6c3 26274 7ff7febfaae0 48 API calls 26273->26274 26275 7ff7febfe6ce 26274->26275 26425 7ff7febfdc2c 33 API calls 26275->26425 26277 7ff7febfe6da 26426 7ff7febe19e0 31 API calls _invalid_parameter_noinfo_noreturn 26277->26426 26280 7ff7febf638d 26279->26280 26281 7ff7febf6300 26279->26281 26280->26049 26282 7ff7febe13a4 33 API calls 26281->26282 26283 7ff7febf631b GetCurrentDirectoryW 26282->26283 26284 7ff7febf6341 26283->26284 26568 7ff7febe20b0 26284->26568 26286 7ff7febf634f 26286->26280 26287 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26286->26287 26288 7ff7febf63a9 26287->26288 26290 7ff7febfdd88 26289->26290 26291 7ff7fec09481 OleInitialize 26290->26291 26292 7ff7fec094a7 26291->26292 26293 7ff7fec094cd SHGetMalloc 26292->26293 26293->26051 26295 7ff7fec09a49 26294->26295 26297 7ff7fec09a4e BuildCatchObjectHelperInternal 26294->26297 26296 7ff7febe1fa0 31 API calls 26295->26296 26296->26297 26298 7ff7febe1fa0 31 API calls 26297->26298 26299 7ff7fec09a7d BuildCatchObjectHelperInternal 26297->26299 26298->26299 26300 7ff7febe1fa0 31 API calls 26299->26300 26302 7ff7fec09aac BuildCatchObjectHelperInternal 26299->26302 26300->26302 26301 7ff7febe1fa0 31 API calls 26303 7ff7fec09adb BuildCatchObjectHelperInternal 26301->26303 26302->26301 26302->26303 26303->26053 26305 7ff7febe13a4 33 API calls 26304->26305 26306 7ff7febf6489 26305->26306 26307 7ff7febf648c GetModuleFileNameW 26306->26307 26310 7ff7febf64dc 26306->26310 26308 7ff7febf64de 26307->26308 26309 7ff7febf64a7 26307->26309 26308->26310 26309->26306 26311 7ff7febe129c 33 API calls 26310->26311 26313 7ff7febf6506 26311->26313 26312 7ff7febf653e 26312->26061 26313->26312 26314 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26313->26314 26315 7ff7febf6560 26314->26315 26317 7ff7febe1fb3 26316->26317 26318 7ff7febe1fdc 26316->26318 26317->26318 26319 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26317->26319 26318->26067 26320 7ff7febe2000 26319->26320 26322 7ff7febf3e4d swprintf 26321->26322 26573 7ff7fec19ef0 26322->26573 26325 7ff7fec0b014 LoadBitmapW 26326 7ff7fec0b046 26325->26326 26327 7ff7fec0b03e 26325->26327 26329 7ff7fec0b04e GetObjectW 26326->26329 26330 7ff7fec0b063 26326->26330 26612 7ff7fec08624 FindResourceW 26327->26612 26329->26330 26626 7ff7fec0849c 26330->26626 26333 7ff7fec0b0bf 26333->26080 26334 7ff7fec08624 10 API calls 26339 7ff7fec0b08a 26334->26339 26336 7ff7fec0b0a7 26632 7ff7fec084cc 26336->26632 26631 7ff7fec08504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26339->26631 26639 7ff7febf98dc 26341->26639 26343 7ff7febf98ba 26706 7ff7febfa43c GetModuleHandleW FindResourceW 26343->26706 26345 7ff7febf98c2 26345->26085 26347 7ff7fec121d0 33 API calls 26346->26347 26348 7ff7fec067fa 26347->26348 26348->26094 26788 7ff7fec1783c 31 API calls _invalid_parameter_noinfo_noreturn 26349->26788 26351 7ff7fec1791d 26789 7ff7fec17934 16 API calls abort 26351->26789 26355 7ff7febe12d0 26354->26355 26362 7ff7febe139b 26354->26362 26358 7ff7febe12de BuildCatchObjectHelperInternal 26355->26358 26359 7ff7febe1396 26355->26359 26360 7ff7febe1338 26355->26360 26358->26065 26790 7ff7febe1f80 33 API calls 3 library calls 26359->26790 26360->26358 26363 7ff7fec121d0 33 API calls 26360->26363 26791 7ff7febe2004 33 API calls std::_Xinvalid_argument 26362->26791 26363->26358 26364->26072 26365->26090 26366->26095 26367->26099 26368->26104 26369->26092 26370->26109 26371->26112 26373 7ff7fec12329 26372->26373 26374 7ff7fec10dba 26373->26374 26375 7ff7fec12550 IsProcessorFeaturePresent 26373->26375 26374->26117 26376 7ff7fec12568 26375->26376 26792 7ff7fec12744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26376->26792 26378 7ff7fec1257b 26793 7ff7fec12510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26378->26793 26382 7ff7febfdff4 GetModuleHandleW 26381->26382 26382->26205 26382->26206 26384 7ff7febf7e0c 26383->26384 26385 7ff7febf7e55 26384->26385 26386 7ff7febf7e23 26384->26386 26430 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 26385->26430 26388 7ff7febe129c 33 API calls 26386->26388 26390 7ff7febf7e47 26388->26390 26389 7ff7febf7e5a 26390->26242 26392 7ff7febf51c8 GetVersionExW 26391->26392 26393 7ff7febf51fb 26391->26393 26392->26393 26394 7ff7fec12320 _handle_error 8 API calls 26393->26394 26395 7ff7febf5228 26394->26395 26395->26242 26397 7ff7febf80a5 26396->26397 26431 7ff7febf8188 26397->26431 26399 7ff7febf80ca 26399->26242 26401 7ff7febf32e4 26400->26401 26402 7ff7febf32e7 GetFileAttributesW 26400->26402 26401->26402 26403 7ff7febf32f8 26402->26403 26411 7ff7febf3375 26402->26411 26440 7ff7febf6a0c 26403->26440 26404 7ff7fec12320 _handle_error 8 API calls 26406 7ff7febf3389 26404->26406 26406->26242 26408 7ff7febf3323 GetFileAttributesW 26409 7ff7febf333c 26408->26409 26410 7ff7febf3399 26409->26410 26409->26411 26412 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26410->26412 26411->26404 26413 7ff7febf339e 26412->26413 26414->26213 26415->26235 26416->26244 26418 7ff7febfaaf3 26417->26418 26542 7ff7febf9774 26418->26542 26421 7ff7febfab86 26424 7ff7febfda98 48 API calls 26421->26424 26422 7ff7febfab58 LoadStringW 26422->26421 26423 7ff7febfab71 LoadStringW 26422->26423 26423->26421 26424->26273 26425->26277 26426->26265 26427->26259 26428->26270 26429->26228 26430->26389 26432 7ff7febf8326 26431->26432 26435 7ff7febf81ba 26431->26435 26439 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 26432->26439 26434 7ff7febf832b 26437 7ff7febf81d4 BuildCatchObjectHelperInternal 26435->26437 26438 7ff7febf58a4 33 API calls 2 library calls 26435->26438 26437->26399 26438->26437 26439->26434 26441 7ff7febf6a4b 26440->26441 26459 7ff7febf6a44 26440->26459 26443 7ff7febe129c 33 API calls 26441->26443 26442 7ff7fec12320 _handle_error 8 API calls 26444 7ff7febf331f 26442->26444 26445 7ff7febf6a76 26443->26445 26444->26408 26444->26409 26446 7ff7febf6a96 26445->26446 26447 7ff7febf6cc7 26445->26447 26449 7ff7febf6ab0 26446->26449 26472 7ff7febf6b49 26446->26472 26448 7ff7febf62dc 35 API calls 26447->26448 26451 7ff7febf6ce6 26448->26451 26450 7ff7febf70ab 26449->26450 26513 7ff7febec098 33 API calls 2 library calls 26449->26513 26525 7ff7febe2004 33 API calls std::_Xinvalid_argument 26450->26525 26452 7ff7febf6eef 26451->26452 26456 7ff7febf6d1b 26451->26456 26458 7ff7febf6b44 26451->26458 26455 7ff7febf70cf 26452->26455 26522 7ff7febec098 33 API calls 2 library calls 26452->26522 26528 7ff7febe2004 33 API calls std::_Xinvalid_argument 26455->26528 26462 7ff7febf70bd 26456->26462 26516 7ff7febec098 33 API calls 2 library calls 26456->26516 26457 7ff7febf70b1 26465 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26457->26465 26458->26457 26458->26459 26463 7ff7febf70d5 26458->26463 26467 7ff7febf70a6 26458->26467 26459->26442 26460 7ff7febf6b03 26474 7ff7febe1fa0 31 API calls 26460->26474 26480 7ff7febf6b15 BuildCatchObjectHelperInternal 26460->26480 26526 7ff7febe2004 33 API calls std::_Xinvalid_argument 26462->26526 26466 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26463->26466 26471 7ff7febf70b7 26465->26471 26473 7ff7febf70db 26466->26473 26478 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26467->26478 26468 7ff7febf6f56 26523 7ff7febe11cc 33 API calls BuildCatchObjectHelperInternal 26468->26523 26482 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26471->26482 26472->26458 26479 7ff7febe129c 33 API calls 26472->26479 26484 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26473->26484 26474->26480 26476 7ff7febf70c3 26487 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26476->26487 26477 7ff7febe1fa0 31 API calls 26477->26458 26478->26450 26485 7ff7febf6bbe 26479->26485 26480->26477 26481 7ff7febf6f69 26524 7ff7febf57ac 33 API calls BuildCatchObjectHelperInternal 26481->26524 26482->26462 26483 7ff7febe1fa0 31 API calls 26497 7ff7febf6df5 26483->26497 26488 7ff7febf70e1 26484->26488 26514 7ff7febf5820 33 API calls 26485->26514 26490 7ff7febf70c9 26487->26490 26527 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 26490->26527 26491 7ff7febf6bd3 26515 7ff7febee164 33 API calls 2 library calls 26491->26515 26492 7ff7febf6d76 BuildCatchObjectHelperInternal 26492->26476 26492->26483 26493 7ff7febe1fa0 31 API calls 26496 7ff7febf6fec 26493->26496 26499 7ff7febe1fa0 31 API calls 26496->26499 26503 7ff7febf6e21 26497->26503 26517 7ff7febe1744 33 API calls 4 library calls 26497->26517 26498 7ff7febf6be9 BuildCatchObjectHelperInternal 26498->26471 26501 7ff7febe1fa0 31 API calls 26498->26501 26502 7ff7febf6ff6 26499->26502 26500 7ff7febf6f79 BuildCatchObjectHelperInternal 26500->26473 26500->26493 26505 7ff7febf6c6d 26501->26505 26506 7ff7febe1fa0 31 API calls 26502->26506 26503->26490 26507 7ff7febe129c 33 API calls 26503->26507 26508 7ff7febe1fa0 31 API calls 26505->26508 26506->26458 26509 7ff7febf6ec2 26507->26509 26508->26458 26518 7ff7febe2034 26509->26518 26511 7ff7febf6edf 26512 7ff7febe1fa0 31 API calls 26511->26512 26512->26458 26513->26460 26514->26491 26515->26498 26516->26492 26517->26503 26519 7ff7febe2085 26518->26519 26521 7ff7febe2059 BuildCatchObjectHelperInternal 26518->26521 26529 7ff7febe15b8 26519->26529 26521->26511 26522->26468 26523->26481 26524->26500 26527->26455 26533 7ff7febe15f7 26529->26533 26539 7ff7febe1736 26529->26539 26530 7ff7febe161f BuildCatchObjectHelperInternal 26537 7ff7febe16e4 BuildCatchObjectHelperInternal 26530->26537 26538 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26530->26538 26532 7ff7febe173c 26541 7ff7febe1f80 33 API calls 3 library calls 26532->26541 26533->26530 26533->26532 26536 7ff7fec121d0 33 API calls 26533->26536 26535 7ff7febe1742 26536->26530 26537->26521 26538->26539 26540 7ff7febe2004 33 API calls std::_Xinvalid_argument 26539->26540 26541->26535 26549 7ff7febf9638 26542->26549 26545 7ff7febf97d9 26547 7ff7fec12320 _handle_error 8 API calls 26545->26547 26548 7ff7febf97f2 26547->26548 26548->26421 26548->26422 26550 7ff7febf9692 26549->26550 26558 7ff7febf9730 26549->26558 26551 7ff7febf96c0 26550->26551 26563 7ff7fec00f68 WideCharToMultiByte 26550->26563 26555 7ff7febf96ef 26551->26555 26565 7ff7febfaa88 45 API calls 2 library calls 26551->26565 26553 7ff7fec12320 _handle_error 8 API calls 26554 7ff7febf9764 26553->26554 26554->26545 26559 7ff7febf9800 26554->26559 26566 7ff7fec1a270 31 API calls 2 library calls 26555->26566 26558->26553 26560 7ff7febf9840 26559->26560 26562 7ff7febf9869 26559->26562 26567 7ff7fec1a270 31 API calls 2 library calls 26560->26567 26562->26545 26564 7ff7fec00faa 26563->26564 26564->26551 26565->26555 26566->26558 26567->26562 26569 7ff7febe20f6 26568->26569 26570 7ff7febe20cb BuildCatchObjectHelperInternal 26568->26570 26572 7ff7febe1474 33 API calls 3 library calls 26569->26572 26570->26286 26572->26570 26574 7ff7fec19f4e 26573->26574 26575 7ff7fec19f36 26573->26575 26574->26575 26577 7ff7fec19f58 26574->26577 26600 7ff7fec1d69c 15 API calls _invalid_parameter_noinfo_noreturn 26575->26600 26602 7ff7fec17ef0 35 API calls 2 library calls 26577->26602 26578 7ff7fec19f3b 26601 7ff7fec178e4 31 API calls _invalid_parameter_noinfo_noreturn 26578->26601 26581 7ff7fec12320 _handle_error 8 API calls 26583 7ff7febf3e69 SetEnvironmentVariableW GetModuleHandleW LoadIconW 26581->26583 26582 7ff7fec19f69 __scrt_get_show_window_mode 26603 7ff7fec17e70 15 API calls _set_errno_from_matherr 26582->26603 26583->26325 26585 7ff7fec19fd4 26604 7ff7fec182f8 46 API calls 3 library calls 26585->26604 26587 7ff7fec19fdd 26588 7ff7fec1a014 26587->26588 26589 7ff7fec19fe5 26587->26589 26591 7ff7fec1a06c 26588->26591 26592 7ff7fec1a092 26588->26592 26593 7ff7fec1a023 26588->26593 26594 7ff7fec1a01a 26588->26594 26605 7ff7fec1d90c 26589->26605 26595 7ff7fec1d90c __free_lconv_num 15 API calls 26591->26595 26592->26591 26596 7ff7fec1a09c 26592->26596 26597 7ff7fec1d90c __free_lconv_num 15 API calls 26593->26597 26594->26591 26594->26593 26599 7ff7fec19f46 26595->26599 26598 7ff7fec1d90c __free_lconv_num 15 API calls 26596->26598 26597->26599 26598->26599 26599->26581 26600->26578 26601->26599 26602->26582 26603->26585 26604->26587 26606 7ff7fec1d911 RtlRestoreThreadPreferredUILanguages 26605->26606 26610 7ff7fec1d941 __free_lconv_num 26605->26610 26607 7ff7fec1d92c 26606->26607 26606->26610 26611 7ff7fec1d69c 15 API calls _invalid_parameter_noinfo_noreturn 26607->26611 26609 7ff7fec1d931 GetLastError 26609->26610 26610->26599 26611->26609 26613 7ff7fec0864f SizeofResource 26612->26613 26614 7ff7fec0879b 26612->26614 26613->26614 26615 7ff7fec08669 LoadResource 26613->26615 26614->26326 26615->26614 26616 7ff7fec08682 LockResource 26615->26616 26616->26614 26617 7ff7fec08697 GlobalAlloc 26616->26617 26617->26614 26618 7ff7fec086b8 GlobalLock 26617->26618 26619 7ff7fec08792 GlobalFree 26618->26619 26620 7ff7fec086ca BuildCatchObjectHelperInternal 26618->26620 26619->26614 26621 7ff7fec08789 GlobalUnlock 26620->26621 26622 7ff7fec086f6 GdipAlloc 26620->26622 26621->26619 26623 7ff7fec0870b 26622->26623 26623->26621 26624 7ff7fec0875a GdipCreateHBITMAPFromBitmap 26623->26624 26625 7ff7fec08772 26623->26625 26624->26625 26625->26621 26627 7ff7fec084cc 4 API calls 26626->26627 26628 7ff7fec084aa 26627->26628 26630 7ff7fec084b9 26628->26630 26637 7ff7fec08504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26628->26637 26630->26333 26630->26334 26630->26339 26631->26336 26633 7ff7fec084de 26632->26633 26635 7ff7fec084e3 26632->26635 26638 7ff7fec08590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26633->26638 26636 7ff7fec08df4 15 API calls _handle_error 26635->26636 26636->26333 26637->26630 26638->26635 26642 7ff7febf98fe _snwprintf 26639->26642 26640 7ff7febf9973 26757 7ff7febf68b0 48 API calls 26640->26757 26642->26640 26644 7ff7febf9a89 26642->26644 26643 7ff7febe1fa0 31 API calls 26646 7ff7febf99fd 26643->26646 26644->26646 26649 7ff7febe20b0 33 API calls 26644->26649 26645 7ff7febf997d BuildCatchObjectHelperInternal 26645->26643 26647 7ff7febfa42e 26645->26647 26708 7ff7febf24c0 26646->26708 26648 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26647->26648 26650 7ff7febfa434 26648->26650 26649->26646 26654 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26650->26654 26653 7ff7febf9a22 26655 7ff7febf204c 100 API calls 26653->26655 26657 7ff7febfa43a 26654->26657 26658 7ff7febf9a2b 26655->26658 26656 7ff7febf9b17 26726 7ff7fec1a450 26656->26726 26658->26650 26660 7ff7febf9a66 26658->26660 26664 7ff7fec12320 _handle_error 8 API calls 26660->26664 26661 7ff7febf9aad 26661->26656 26665 7ff7febf8e58 33 API calls 26661->26665 26663 7ff7fec1a450 31 API calls 26677 7ff7febf9b57 __vcrt_FlsAlloc 26663->26677 26666 7ff7febfa40e 26664->26666 26665->26661 26666->26343 26667 7ff7febf9c89 26669 7ff7febf2aa0 101 API calls 26667->26669 26680 7ff7febf9d5c 26667->26680 26671 7ff7febf9ca1 26669->26671 26672 7ff7febf28d0 104 API calls 26671->26672 26671->26680 26678 7ff7febf9cc9 26672->26678 26677->26667 26677->26680 26734 7ff7febf2bb0 26677->26734 26743 7ff7febf28d0 26677->26743 26748 7ff7febf2aa0 26677->26748 26678->26680 26700 7ff7febf9cd7 __vcrt_FlsAlloc 26678->26700 26758 7ff7fec00bbc MultiByteToWideChar 26678->26758 26753 7ff7febf204c 26680->26753 26681 7ff7febfa1ec 26693 7ff7febfa2c2 26681->26693 26764 7ff7fec1cf90 31 API calls 2 library calls 26681->26764 26683 7ff7febfa157 26683->26681 26761 7ff7fec1cf90 31 API calls 2 library calls 26683->26761 26685 7ff7febfa14b 26685->26343 26687 7ff7febfa2ae 26687->26693 26766 7ff7febf8cd0 33 API calls 2 library calls 26687->26766 26688 7ff7febfa3a2 26690 7ff7fec1a450 31 API calls 26688->26690 26689 7ff7febfa249 26765 7ff7fec1b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26689->26765 26692 7ff7febfa3cb 26690->26692 26695 7ff7fec1a450 31 API calls 26692->26695 26693->26688 26697 7ff7febf8e58 33 API calls 26693->26697 26694 7ff7febfa16d 26762 7ff7fec1b7bc 31 API calls _invalid_parameter_noinfo_noreturn 26694->26762 26695->26680 26697->26693 26698 7ff7febfa1d8 26698->26681 26763 7ff7febf8cd0 33 API calls 2 library calls 26698->26763 26700->26680 26700->26681 26700->26683 26700->26685 26701 7ff7febfa429 26700->26701 26703 7ff7fec00f68 WideCharToMultiByte 26700->26703 26759 7ff7febfaa88 45 API calls 2 library calls 26700->26759 26760 7ff7fec1a270 31 API calls 2 library calls 26700->26760 26767 7ff7fec12624 8 API calls 26701->26767 26703->26700 26707 7ff7febfa468 26706->26707 26707->26345 26709 7ff7febf24fd CreateFileW 26708->26709 26711 7ff7febf25ae GetLastError 26709->26711 26720 7ff7febf266e 26709->26720 26712 7ff7febf6a0c 49 API calls 26711->26712 26713 7ff7febf25dc 26712->26713 26714 7ff7febf25e0 CreateFileW GetLastError 26713->26714 26719 7ff7febf262c 26713->26719 26714->26719 26715 7ff7febf26b1 SetFileTime 26718 7ff7febf26cf 26715->26718 26716 7ff7febf2708 26717 7ff7fec12320 _handle_error 8 API calls 26716->26717 26721 7ff7febf271b 26717->26721 26718->26716 26722 7ff7febe20b0 33 API calls 26718->26722 26719->26720 26723 7ff7febf2736 26719->26723 26720->26715 26720->26718 26721->26653 26721->26661 26722->26716 26724 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26723->26724 26725 7ff7febf273b 26724->26725 26727 7ff7fec1a47d 26726->26727 26733 7ff7fec1a492 26727->26733 26768 7ff7fec1d69c 15 API calls _invalid_parameter_noinfo_noreturn 26727->26768 26729 7ff7fec1a487 26769 7ff7fec178e4 31 API calls _invalid_parameter_noinfo_noreturn 26729->26769 26730 7ff7fec12320 _handle_error 8 API calls 26732 7ff7febf9b37 26730->26732 26732->26663 26733->26730 26735 7ff7febf2bcd 26734->26735 26736 7ff7febf2be9 26734->26736 26737 7ff7febf2bfb 26735->26737 26770 7ff7febeb9c4 99 API calls Concurrency::cancel_current_task 26735->26770 26736->26737 26739 7ff7febf2c01 SetFilePointer 26736->26739 26737->26677 26739->26737 26740 7ff7febf2c1e GetLastError 26739->26740 26740->26737 26741 7ff7febf2c28 26740->26741 26741->26737 26771 7ff7febeb9c4 99 API calls Concurrency::cancel_current_task 26741->26771 26744 7ff7febf28f6 26743->26744 26746 7ff7febf28fd 26743->26746 26744->26677 26746->26744 26747 7ff7febf2320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26746->26747 26772 7ff7febeb8a4 99 API calls Concurrency::cancel_current_task 26746->26772 26747->26746 26773 7ff7febf2778 26748->26773 26751 7ff7febf2ac7 26751->26677 26754 7ff7febf2066 26753->26754 26755 7ff7febf2072 26753->26755 26754->26755 26781 7ff7febf20d0 26754->26781 26757->26645 26758->26700 26759->26700 26760->26700 26761->26694 26762->26698 26763->26681 26764->26689 26765->26687 26766->26693 26767->26647 26768->26729 26769->26733 26779 7ff7febf2789 _snwprintf 26773->26779 26774 7ff7febf2890 SetFilePointer 26776 7ff7febf27b5 26774->26776 26778 7ff7febf28b8 GetLastError 26774->26778 26775 7ff7fec12320 _handle_error 8 API calls 26777 7ff7febf281d 26775->26777 26776->26775 26777->26751 26780 7ff7febeb9c4 99 API calls Concurrency::cancel_current_task 26777->26780 26778->26776 26779->26774 26779->26776 26782 7ff7febf2102 26781->26782 26783 7ff7febf20ea 26781->26783 26784 7ff7febf2126 26782->26784 26787 7ff7febeb544 99 API calls 26782->26787 26783->26782 26785 7ff7febf20f6 FindCloseChangeNotification 26783->26785 26784->26755 26785->26782 26787->26784 26788->26351 26790->26362 26792->26378 26794 7ff7fec0ae1c PeekMessageW 26795 7ff7fec0ae3c GetMessageW 26794->26795 26796 7ff7fec0ae80 26794->26796 26797 7ff7fec0ae6a TranslateMessage DispatchMessageW 26795->26797 26798 7ff7fec0ae5b IsDialogMessageW 26795->26798 26797->26796 26798->26796 26798->26797 26799 7ff7fec07d10 26800 7ff7fec07d53 NtdllDefWindowProc_W 26799->26800 26801 7ff7fec07d39 SetWindowLongPtrW 26799->26801 26803 7ff7fec4e260 26800->26803 26804 7ff7fec07190 26801->26804 26805 7ff7fec121d0 33 API calls 26804->26805 26806 7ff7fec071bd 26805->26806 26807 7ff7fec07292 26806->26807 26816 7ff7fec07d80 26806->26816 26807->26800 26809 7ff7fec07238 26809->26807 26810 7ff7fec072bf 26809->26810 26811 7ff7fec072f9 26809->26811 26813 7ff7febf4e24 35 API calls 26810->26813 26820 7ff7febf4e24 26811->26820 26814 7ff7fec072c4 26813->26814 26827 7ff7febf5230 SysFreeString 26814->26827 26819 7ff7fec07dad 26816->26819 26817 7ff7fec12320 _handle_error 8 API calls 26818 7ff7fec07e6d 26817->26818 26818->26809 26819->26817 26821 7ff7fec121d0 33 API calls 26820->26821 26822 7ff7febf4e43 26821->26822 26823 7ff7febf4e50 SysAllocString 26822->26823 26824 7ff7febf4e6d 26822->26824 26823->26824 26825 7ff7febf4e7e 26824->26825 26826 7ff7febf525a SysFreeString 26824->26826 26825->26814 26826->26825 26827->26807 26828 7ff7fec06cb0 26829 7ff7fec06cd4 26828->26829 26830 7ff7fec06cbd 26828->26830 26830->26829 26832 7ff7fec07e7c 26830->26832 26833 7ff7fec07e8c 26832->26833 26834 7ff7fec07e9b 26832->26834 26833->26834 26836 7ff7fec06e80 26833->26836 26834->26829 26837 7ff7fec0714f 26836->26837 26840 7ff7fec06ebd 26836->26840 26838 7ff7fec12320 _handle_error 8 API calls 26837->26838 26839 7ff7fec07160 26838->26839 26839->26834 26841 7ff7febe129c 33 API calls 26840->26841 26842 7ff7fec06ef4 26841->26842 26869 7ff7fec013f4 26842->26869 26844 7ff7fec06f4b 26847 7ff7febe2034 33 API calls 26844->26847 26845 7ff7fec06f22 26845->26844 26846 7ff7febe2034 33 API calls 26845->26846 26846->26844 26851 7ff7fec06f6d 26847->26851 26848 7ff7fec06f91 26849 7ff7fec07031 26848->26849 26895 7ff7fec073c4 33 API calls 26848->26895 26872 7ff7fec01000 26849->26872 26851->26848 26853 7ff7febe2034 33 API calls 26851->26853 26853->26848 26854 7ff7fec07054 26876 7ff7fec07eec 26854->26876 26855 7ff7febe1fa0 31 API calls 26855->26849 26857 7ff7fec06faf BuildCatchObjectHelperInternal 26857->26855 26859 7ff7fec07180 26857->26859 26858 7ff7fec07075 GlobalAlloc 26863 7ff7fec070a6 26858->26863 26860 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26859->26860 26861 7ff7fec07186 26860->26861 26862 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26861->26862 26864 7ff7fec0718c 26862->26864 26866 7ff7fec070cb 26863->26866 26883 7ff7fec06d14 26863->26883 26866->26837 26866->26861 26867 7ff7fec0717b 26866->26867 26868 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 26867->26868 26868->26859 26870 7ff7fec01416 26869->26870 26871 7ff7fec01421 CompareStringW 26870->26871 26871->26845 26873 7ff7fec01217 26872->26873 26874 7ff7fec0102e 26872->26874 26873->26854 26874->26873 26875 7ff7fec009a8 33 API calls 26874->26875 26875->26874 26877 7ff7fec07fd3 26876->26877 26878 7ff7fec07f1b 26876->26878 26897 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 26877->26897 26882 7ff7fec07f27 BuildCatchObjectHelperInternal 26878->26882 26896 7ff7fec06638 33 API calls 2 library calls 26878->26896 26881 7ff7fec07fd8 26882->26858 26890 7ff7fec06d5e 26883->26890 26884 7ff7fec06e56 26885 7ff7fec12320 _handle_error 8 API calls 26884->26885 26886 7ff7fec06e6a 26885->26886 26886->26866 26887 7ff7fec06dfd 26898 7ff7fec078a0 34 API calls 26887->26898 26889 7ff7fec06e09 26891 7ff7fec06e30 ShowWindow 26889->26891 26890->26884 26890->26887 26899 7ff7febe2520 26891->26899 26895->26857 26896->26882 26897->26881 26898->26889 26900 7ff7febe2527 26899->26900 26901 7ff7febe252a SetDlgItemTextW 26899->26901 26900->26901 26902 7ff7fec06bd0 GetClientRect CopyRect 26903 7ff7fec06c79 26902->26903 26904 7ff7fec12320 _handle_error 8 API calls 26903->26904 26905 7ff7fec06c88 26904->26905 26906 7ff7fec06b80 IsWindow 26907 7ff7fec06b9e 26906->26907 26908 7ff7fec111cf 26909 7ff7fec11102 26908->26909 26912 7ff7fec11900 26909->26912 26938 7ff7fec11558 26912->26938 26915 7ff7fec1198b 26916 7ff7fec11868 DloadReleaseSectionWriteAccess 6 API calls 26915->26916 26917 7ff7fec11998 RaiseException 26916->26917 26918 7ff7fec11141 26917->26918 26919 7ff7fec11a3d LoadLibraryExA 26921 7ff7fec11aa9 26919->26921 26922 7ff7fec11a54 GetLastError 26919->26922 26920 7ff7fec11b85 26946 7ff7fec11868 26920->26946 26925 7ff7fec11abd 26921->26925 26928 7ff7fec11ab4 FreeLibrary 26921->26928 26926 7ff7fec11a69 26922->26926 26927 7ff7fec11a7e 26922->26927 26923 7ff7fec119b4 26923->26919 26923->26920 26923->26921 26923->26925 26924 7ff7fec11b1b GetProcAddress 26924->26920 26931 7ff7fec11b30 GetLastError 26924->26931 26925->26920 26925->26924 26926->26921 26926->26927 26930 7ff7fec11868 DloadReleaseSectionWriteAccess 6 API calls 26927->26930 26928->26925 26932 7ff7fec11a8b RaiseException 26930->26932 26933 7ff7fec11b45 26931->26933 26932->26918 26933->26920 26934 7ff7fec11868 DloadReleaseSectionWriteAccess 6 API calls 26933->26934 26935 7ff7fec11b67 RaiseException 26934->26935 26936 7ff7fec11558 _com_raise_error 6 API calls 26935->26936 26937 7ff7fec11b81 26936->26937 26937->26920 26939 7ff7fec1156e 26938->26939 26945 7ff7fec115d3 26938->26945 26954 7ff7fec11604 26939->26954 26942 7ff7fec115ce 26944 7ff7fec11604 DloadReleaseSectionWriteAccess 3 API calls 26942->26944 26944->26945 26945->26915 26945->26923 26947 7ff7fec11878 26946->26947 26953 7ff7fec118d1 26946->26953 26948 7ff7fec11604 DloadReleaseSectionWriteAccess 3 API calls 26947->26948 26949 7ff7fec1187d 26948->26949 26950 7ff7fec118cc 26949->26950 26951 7ff7fec117d8 DloadProtectSection 3 API calls 26949->26951 26952 7ff7fec11604 DloadReleaseSectionWriteAccess 3 API calls 26950->26952 26951->26950 26952->26953 26953->26918 26955 7ff7fec1161f 26954->26955 26956 7ff7fec11573 26954->26956 26955->26956 26957 7ff7fec11624 GetModuleHandleW 26955->26957 26956->26942 26961 7ff7fec117d8 26956->26961 26958 7ff7fec1163e GetProcAddress 26957->26958 26959 7ff7fec11639 26957->26959 26958->26959 26960 7ff7fec11653 GetProcAddress 26958->26960 26959->26956 26960->26959 26962 7ff7fec117fa DloadProtectSection 26961->26962 26963 7ff7fec1183a VirtualProtect 26962->26963 26964 7ff7fec11802 26962->26964 26966 7ff7fec116a4 VirtualQuery GetSystemInfo 26962->26966 26963->26964 26964->26942 26966->26963 26967 7ff7fec120f0 26968 7ff7fec12106 _com_error::_com_error 26967->26968 26973 7ff7fec14078 26968->26973 26970 7ff7fec12117 26971 7ff7fec11900 _com_raise_error 14 API calls 26970->26971 26972 7ff7fec12163 26971->26972 26974 7ff7fec14097 26973->26974 26975 7ff7fec140b4 RtlPcToFileHeader 26973->26975 26974->26975 26976 7ff7fec140db RaiseException 26975->26976 26977 7ff7fec140cc 26975->26977 26976->26970 26977->26976 26978 7ff7fec0b190 27306 7ff7febe255c 26978->27306 26980 7ff7fec0b1db 26981 7ff7fec0b1ef 26980->26981 26982 7ff7fec0be93 26980->26982 27120 7ff7fec0b20c 26980->27120 26985 7ff7fec0b2db 26981->26985 26986 7ff7fec0b1ff 26981->26986 26981->27120 27325 7ff7fec0f390 26982->27325 26984 7ff7fec12320 _handle_error 8 API calls 26988 7ff7fec0c350 26984->26988 26989 7ff7fec0b391 26985->26989 26995 7ff7fec0b2f5 26985->26995 26998 7ff7febfaae0 48 API calls 26986->26998 26986->27120 27548 7ff7febe22bc 34 API calls 3 library calls 26989->27548 26990 7ff7fec0bec9 26992 7ff7fec0bef0 GetDlgItem IsDlgButtonChecked 26990->26992 26993 7ff7fec0bed5 SendDlgItemMessageW 26990->26993 26991 7ff7fec0beba IsDlgButtonChecked 26991->26990 26996 7ff7febf62dc 35 API calls 26992->26996 26993->26992 26999 7ff7febfaae0 48 API calls 26995->26999 27000 7ff7fec0bf47 GetDlgItem 26996->27000 26997 7ff7fec0b3a7 27004 7ff7fec0b408 GetDlgItem 26997->27004 27161 7ff7fec0b3b1 26997->27161 27225 7ff7fec0b3f5 26997->27225 27001 7ff7fec0b236 26998->27001 27002 7ff7fec0b313 SetDlgItemTextW 26999->27002 27005 7ff7febe2520 SetDlgItemTextW 27000->27005 27315 7ff7febe1ec4 SHGetMalloc 27001->27315 27003 7ff7fec0b326 27002->27003 27011 7ff7fec0b340 GetMessageW 27003->27011 27003->27120 27007 7ff7fec0b44f 27004->27007 27008 7ff7fec0b422 IsDlgButtonChecked IsDlgButtonChecked 27004->27008 27009 7ff7fec0bf7a 27005->27009 27018 7ff7fec0b4f2 27007->27018 27019 7ff7fec0b465 27007->27019 27008->27007 27343 7ff7fec091e8 GetClassNameW 27009->27343 27014 7ff7fec0b35e IsDialogMessageW 27011->27014 27011->27120 27013 7ff7fec0b25c 27023 7ff7fec0c363 27013->27023 27013->27120 27014->27003 27017 7ff7fec0b373 TranslateMessage DispatchMessageW 27014->27017 27017->27003 27550 7ff7febe8d04 27018->27550 27025 7ff7febfaae0 48 API calls 27019->27025 27021 7ff7febfaae0 48 API calls 27022 7ff7fec0bcd6 SetDlgItemTextW 27021->27022 27028 7ff7febfaae0 48 API calls 27022->27028 27029 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27023->27029 27031 7ff7fec0b46f 27025->27031 27027 7ff7febe1fa0 31 API calls 27027->27120 27033 7ff7fec0bd08 27028->27033 27034 7ff7fec0c368 27029->27034 27030 7ff7fec0b52c 27560 7ff7fec0ef80 33 API calls 2 library calls 27030->27560 27043 7ff7febe129c 33 API calls 27031->27043 27032 7ff7fec0bfce 27037 7ff7fec0c00a 27032->27037 27039 7ff7febfaae0 48 API calls 27032->27039 27046 7ff7febe129c 33 API calls 27033->27046 27041 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27034->27041 27036 7ff7fec0ce88 157 API calls 27036->27032 27137 7ff7fec0c155 27037->27137 27368 7ff7fec0ce88 27037->27368 27038 7ff7fec0b537 27042 7ff7febfaae0 48 API calls 27038->27042 27044 7ff7fec0bfe1 SetDlgItemTextW 27039->27044 27048 7ff7fec0c36e 27041->27048 27049 7ff7fec0b555 27042->27049 27050 7ff7fec0b498 27043->27050 27045 7ff7febfaae0 48 API calls 27044->27045 27051 7ff7fec0bffc SetDlgItemTextW 27045->27051 27073 7ff7fec0bd31 27046->27073 27057 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27048->27057 27561 7ff7febfda98 48 API calls 27049->27561 27549 7ff7fec0f0a4 24 API calls _handle_error 27050->27549 27051->27037 27052 7ff7fec0c06e 27058 7ff7fec0c147 27052->27058 27059 7ff7fec0c07a SetForegroundWindow 27052->27059 27055 7ff7fec0c300 27062 7ff7fec0c328 27055->27062 27072 7ff7febfaae0 48 API calls 27055->27072 27056 7ff7fec0bdda 27064 7ff7febfaae0 48 API calls 27056->27064 27066 7ff7fec0c374 27057->27066 27065 7ff7fec0ce88 157 API calls 27058->27065 27059->27058 27067 7ff7fec0c08f 27059->27067 27060 7ff7fec0b568 27562 7ff7fec0f0a4 24 API calls _handle_error 27060->27562 27061 7ff7fec0b4a5 27061->27034 27082 7ff7fec0b4e8 27061->27082 27074 7ff7febe1fa0 31 API calls 27062->27074 27063 7ff7fec07b28 46 API calls 27063->27052 27076 7ff7fec0bde4 27064->27076 27065->27137 27084 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27066->27084 27067->27058 27081 7ff7fec0ce88 157 API calls 27067->27081 27068 7ff7fec0c298 27068->27055 27071 7ff7fec0c2f8 IsDlgButtonChecked 27068->27071 27070 7ff7fec0c25c 27524 7ff7fec07b28 ShowWindow 27070->27524 27071->27055 27080 7ff7fec0c319 SetDlgItemTextW 27072->27080 27073->27056 27088 7ff7febe129c 33 API calls 27073->27088 27074->27120 27095 7ff7febe129c 33 API calls 27076->27095 27077 7ff7fec0b578 27078 7ff7febe1fa0 31 API calls 27077->27078 27085 7ff7fec0b586 27078->27085 27079 7ff7fec0b5ec 27087 7ff7fec0b61a 27079->27087 27564 7ff7febf32a8 51 API calls 27079->27564 27080->27062 27089 7ff7fec0c0ad 27081->27089 27082->27079 27563 7ff7fec0fa80 33 API calls 2 library calls 27082->27563 27091 7ff7fec0c37a 27084->27091 27085->27048 27085->27082 27103 7ff7fec0b5cc 27085->27103 27566 7ff7febf2f58 56 API calls 2 library calls 27087->27566 27092 7ff7fec0bd7f 27088->27092 27089->27058 27093 7ff7fec0c0ba DialogBoxParamW 27089->27093 27090 7ff7febe1fa0 31 API calls 27090->27068 27101 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27091->27101 27098 7ff7febfaae0 48 API calls 27092->27098 27093->27058 27115 7ff7fec0c0e2 27093->27115 27100 7ff7fec0be0d 27095->27100 27096 7ff7febe129c 33 API calls 27096->27137 27105 7ff7fec0bd8a 27098->27105 27099 7ff7fec0b630 27106 7ff7fec0b64c 27099->27106 27107 7ff7fec0b634 GetLastError 27099->27107 27111 7ff7febe129c 33 API calls 27100->27111 27102 7ff7fec0c380 27101->27102 27112 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27102->27112 27103->27082 27104 7ff7fec0b60a 27104->27087 27109 7ff7fec0b60e 27104->27109 27582 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27105->27582 27567 7ff7febf7fc4 SetCurrentDirectoryW 27106->27567 27107->27106 27108 7ff7febfaae0 48 API calls 27108->27137 27565 7ff7fec09d90 12 API calls _handle_error 27109->27565 27117 7ff7fec0be4e 27111->27117 27118 7ff7fec0c386 27112->27118 27114 7ff7fec0bda2 27123 7ff7febe2034 33 API calls 27114->27123 27115->27102 27115->27120 27129 7ff7febe1fa0 31 API calls 27117->27129 27122 7ff7febe255c 61 API calls 27118->27122 27120->26984 27121 7ff7fec0b65e 27124 7ff7fec0b674 27121->27124 27125 7ff7fec0b665 GetLastError 27121->27125 27126 7ff7fec0c3e4 27122->27126 27127 7ff7fec0bdbe 27123->27127 27128 7ff7fec0b722 27124->27128 27130 7ff7fec0b72b 27124->27130 27133 7ff7fec0b68b GetTickCount 27124->27133 27125->27124 27135 7ff7fec0c489 GetDlgItem 27126->27135 27162 7ff7fec0c3e8 27126->27162 27177 7ff7fec0c3fd 27126->27177 27132 7ff7febe1fa0 31 API calls 27127->27132 27128->27130 27146 7ff7fec0bb79 27128->27146 27134 7ff7fec0be78 27129->27134 27136 7ff7fec0ba50 27130->27136 27142 7ff7febf6454 34 API calls 27130->27142 27131 7ff7febe2034 33 API calls 27131->27137 27138 7ff7fec0bdcc 27132->27138 27568 7ff7febe4228 33 API calls _handle_error 27133->27568 27141 7ff7febe1fa0 31 API calls 27134->27141 27164 7ff7fec0c4a0 27135->27164 27136->27161 27578 7ff7febebd0c 33 API calls 27136->27578 27137->27068 27137->27070 27137->27096 27137->27108 27137->27131 27155 7ff7febe1fa0 31 API calls 27137->27155 27583 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27137->27583 27144 7ff7febe1fa0 31 API calls 27138->27144 27148 7ff7fec0be83 27141->27148 27149 7ff7fec0b74e 27142->27149 27143 7ff7fec12320 _handle_error 8 API calls 27150 7ff7fec0ca97 27143->27150 27144->27056 27145 7ff7fec0b6a0 27569 7ff7febe3c84 47 API calls BuildCatchObjectHelperInternal 27145->27569 27159 7ff7febfaae0 48 API calls 27146->27159 27147 7ff7fec0ba75 27579 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27147->27579 27153 7ff7febe1fa0 31 API calls 27148->27153 27571 7ff7febfb914 102 API calls 27149->27571 27153->27161 27154 7ff7fec0c434 SendDlgItemMessageW 27154->27162 27155->27137 27157 7ff7fec0b6ba 27158 7ff7febe1fa0 31 API calls 27157->27158 27166 7ff7fec0b6c8 27158->27166 27167 7ff7fec0bba7 SetDlgItemTextW 27159->27167 27160 7ff7fec0ba8a 27168 7ff7febfaae0 48 API calls 27160->27168 27161->27027 27162->27143 27163 7ff7fec0b768 27572 7ff7febfda98 48 API calls 27163->27572 27165 7ff7febe129c 33 API calls 27164->27165 27170 7ff7fec0c4cc 27165->27170 27570 7ff7febf2134 51 API calls 2 library calls 27166->27570 27171 7ff7febe2534 27167->27171 27172 7ff7fec0ba97 27168->27172 27584 7ff7febf80d8 33 API calls 27170->27584 27175 7ff7fec0bbc5 SetDlgItemTextW GetDlgItem 27171->27175 27580 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27172->27580 27173 7ff7fec0b7aa GetCommandLineW 27178 7ff7fec0b869 27173->27178 27179 7ff7fec0b84f 27173->27179 27182 7ff7fec0bbf0 27175->27182 27183 7ff7fec0bc13 27175->27183 27177->27154 27177->27162 27573 7ff7fec0ab54 33 API calls _handle_error 27178->27573 27197 7ff7febe20b0 33 API calls 27179->27197 27180 7ff7fec0c4e0 27186 7ff7febe250c SetDlgItemTextW 27180->27186 27194 7ff7fec0bc00 SetWindowLongPtrW 27182->27194 27189 7ff7fec0ce88 157 API calls 27183->27189 27184 7ff7fec0baaa 27188 7ff7febe1fa0 31 API calls 27184->27188 27191 7ff7fec0c4f4 27186->27191 27187 7ff7fec0b6ee 27192 7ff7fec0b704 27187->27192 27193 7ff7fec0b6f5 GetLastError 27187->27193 27195 7ff7fec0bab5 27188->27195 27196 7ff7fec0bc2b 27189->27196 27190 7ff7fec0b87a 27574 7ff7fec0ab54 33 API calls _handle_error 27190->27574 27203 7ff7fec0c526 SendDlgItemMessageW FindFirstFileW 27191->27203 27199 7ff7febf204c 100 API calls 27192->27199 27193->27192 27194->27183 27200 7ff7febe1fa0 31 API calls 27195->27200 27201 7ff7fec0ce88 157 API calls 27196->27201 27197->27178 27204 7ff7fec0b711 27199->27204 27205 7ff7fec0bac3 27200->27205 27206 7ff7fec0bc3c 27201->27206 27202 7ff7fec0b88b 27575 7ff7fec0ab54 33 API calls _handle_error 27202->27575 27209 7ff7fec0c57b 27203->27209 27298 7ff7fec0ca04 27203->27298 27210 7ff7febe1fa0 31 API calls 27204->27210 27217 7ff7febfaae0 48 API calls 27205->27217 27581 7ff7fec0f974 237 API calls _handle_error 27206->27581 27208 7ff7fec0b89c 27576 7ff7febfb9b4 102 API calls 27208->27576 27220 7ff7febfaae0 48 API calls 27209->27220 27213 7ff7fec0b71c 27210->27213 27213->27128 27214 7ff7fec0bc52 27218 7ff7fec0ce88 157 API calls 27214->27218 27215 7ff7fec0b8b3 27577 7ff7fec0fbdc 33 API calls 27215->27577 27216 7ff7fec0ca81 27216->27162 27222 7ff7fec0badb 27217->27222 27230 7ff7fec0bc6a 27218->27230 27224 7ff7fec0c59e 27220->27224 27221 7ff7fec0caa9 27226 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27221->27226 27229 7ff7febe129c 33 API calls 27222->27229 27223 7ff7fec0b8d2 CreateFileMappingW 27227 7ff7fec0b911 MapViewOfFile 27223->27227 27249 7ff7fec0b953 BuildCatchObjectHelperInternal 27223->27249 27231 7ff7febe129c 33 API calls 27224->27231 27225->27021 27225->27161 27228 7ff7fec0caae 27226->27228 27227->27249 27233 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27228->27233 27238 7ff7fec0bb04 27229->27238 27230->27225 27232 7ff7fec0ce88 157 API calls 27230->27232 27234 7ff7fec0c5cd 27231->27234 27232->27225 27235 7ff7fec0cab4 27233->27235 27585 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27234->27585 27240 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27235->27240 27237 7ff7fec0c5e8 27586 7ff7febee164 33 API calls 2 library calls 27237->27586 27238->27091 27239 7ff7fec0bb5a 27238->27239 27243 7ff7febe1fa0 31 API calls 27239->27243 27242 7ff7fec0caba 27240->27242 27247 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27242->27247 27243->27161 27244 7ff7fec0b9c3 27250 7ff7fec0b9dc UnmapViewOfFile CloseHandle 27244->27250 27251 7ff7fec0b9ef 27244->27251 27245 7ff7fec0c5ff 27246 7ff7febe1fa0 31 API calls 27245->27246 27252 7ff7fec0c60c 27246->27252 27248 7ff7fec0cac0 27247->27248 27254 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27248->27254 27249->27244 27255 7ff7fec0b9b1 Sleep 27249->27255 27250->27251 27251->27066 27253 7ff7fec0ba25 27251->27253 27252->27228 27256 7ff7febe1fa0 31 API calls 27252->27256 27257 7ff7febe1fa0 31 API calls 27253->27257 27258 7ff7fec0cac6 27254->27258 27255->27244 27255->27249 27259 7ff7fec0c673 27256->27259 27260 7ff7fec0ba42 27257->27260 27263 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27258->27263 27262 7ff7febe250c SetDlgItemTextW 27259->27262 27261 7ff7febe1fa0 31 API calls 27260->27261 27261->27136 27264 7ff7fec0c687 FindClose 27262->27264 27267 7ff7fec0cacc 27263->27267 27265 7ff7fec0c797 SendDlgItemMessageW 27264->27265 27266 7ff7fec0c6a3 27264->27266 27269 7ff7fec0c7cb 27265->27269 27587 7ff7fec0a2cc 10 API calls _handle_error 27266->27587 27272 7ff7febfaae0 48 API calls 27269->27272 27270 7ff7fec0c6c6 27271 7ff7febfaae0 48 API calls 27270->27271 27273 7ff7fec0c6cf 27271->27273 27274 7ff7fec0c7d8 27272->27274 27588 7ff7febfda98 48 API calls 27273->27588 27276 7ff7febe129c 33 API calls 27274->27276 27278 7ff7fec0c807 27276->27278 27277 7ff7febe1fa0 31 API calls 27280 7ff7fec0c783 27277->27280 27589 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27278->27589 27279 7ff7fec0c6ec BuildCatchObjectHelperInternal 27279->27235 27279->27277 27282 7ff7febe250c SetDlgItemTextW 27280->27282 27282->27265 27283 7ff7fec0c822 27590 7ff7febee164 33 API calls 2 library calls 27283->27590 27285 7ff7fec0c839 27286 7ff7febe1fa0 31 API calls 27285->27286 27287 7ff7fec0c845 BuildCatchObjectHelperInternal 27286->27287 27288 7ff7febe1fa0 31 API calls 27287->27288 27289 7ff7fec0c87f 27288->27289 27290 7ff7febe1fa0 31 API calls 27289->27290 27291 7ff7fec0c88c 27290->27291 27291->27242 27292 7ff7febe1fa0 31 API calls 27291->27292 27293 7ff7fec0c8f3 27292->27293 27294 7ff7febe250c SetDlgItemTextW 27293->27294 27295 7ff7fec0c907 27294->27295 27295->27298 27591 7ff7fec0a2cc 10 API calls _handle_error 27295->27591 27297 7ff7fec0c932 27299 7ff7febfaae0 48 API calls 27297->27299 27298->27162 27298->27216 27298->27221 27298->27258 27300 7ff7fec0c93c 27299->27300 27592 7ff7febfda98 48 API calls 27300->27592 27302 7ff7febe1fa0 31 API calls 27303 7ff7fec0c9f0 27302->27303 27305 7ff7febe250c SetDlgItemTextW 27303->27305 27304 7ff7fec0c959 BuildCatchObjectHelperInternal 27304->27248 27304->27302 27305->27298 27307 7ff7febe25d0 27306->27307 27308 7ff7febe256a 27306->27308 27307->26980 27308->27307 27593 7ff7febfa4ac 27308->27593 27311 7ff7febe2596 GetParent 27311->27307 27312 7ff7febe25a4 GetDlgItem 27311->27312 27312->27307 27313 7ff7febe25b7 27312->27313 27313->27307 27314 7ff7febe25be SetDlgItemTextW 27313->27314 27314->27307 27316 7ff7febe1ef9 SHBrowseForFolderW 27315->27316 27318 7ff7febe1f45 27315->27318 27317 7ff7febe1f3a 27316->27317 27316->27318 27640 7ff7febf7f08 27317->27640 27320 7ff7fec12320 _handle_error 8 API calls 27318->27320 27321 7ff7febe1f72 27320->27321 27321->27013 27322 7ff7febe250c 27321->27322 27323 7ff7febe2513 27322->27323 27324 7ff7febe2516 SetDlgItemTextW 27322->27324 27323->27324 27326 7ff7fec0849c 4 API calls 27325->27326 27327 7ff7fec0f3bf 27326->27327 27328 7ff7fec0f4b7 27327->27328 27329 7ff7fec0f3c7 GetWindow 27327->27329 27331 7ff7fec12320 _handle_error 8 API calls 27328->27331 27330 7ff7fec0f3e2 27329->27330 27330->27328 27333 7ff7fec0f3ee GetClassNameW 27330->27333 27335 7ff7fec0f496 GetWindow 27330->27335 27336 7ff7fec0f429 IsDlgButtonChecked 27330->27336 27332 7ff7fec0be9b 27331->27332 27332->26990 27332->26991 27649 7ff7fec013c4 CompareStringW 27333->27649 27335->27328 27335->27330 27336->27335 27337 7ff7fec0f445 GetObjectW 27336->27337 27650 7ff7fec08504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27337->27650 27339 7ff7fec0f461 27340 7ff7fec084cc 4 API calls 27339->27340 27651 7ff7fec08df4 15 API calls _handle_error 27339->27651 27340->27339 27342 7ff7fec0f479 IsDlgButtonChecked 27342->27330 27344 7ff7fec09248 27343->27344 27345 7ff7fec0921b 27343->27345 27346 7ff7fec0925b 27344->27346 27347 7ff7fec0924d SHAutoComplete 27344->27347 27652 7ff7fec013c4 CompareStringW 27345->27652 27349 7ff7fec12320 _handle_error 8 API calls 27346->27349 27347->27346 27351 7ff7fec0926b 27349->27351 27350 7ff7fec0922c 27350->27344 27352 7ff7fec09230 FindWindowExW 27350->27352 27353 7ff7fec0a3a0 27351->27353 27352->27344 27354 7ff7fec0a3b0 _snwprintf 27353->27354 27653 7ff7febe2950 27354->27653 27359 7ff7fec0a402 27670 7ff7febe3378 27359->27670 27360 7ff7fec0a3f4 27361 7ff7febe2c54 108 API calls 27360->27361 27366 7ff7fec0a3fe 27361->27366 27365 7ff7fec12320 _handle_error 8 API calls 27367 7ff7fec0a42d 27365->27367 27366->27365 27367->27032 27367->27036 28035 7ff7fec0aa08 27368->28035 27370 7ff7fec0d1ee 27371 7ff7febe1fa0 31 API calls 27370->27371 27372 7ff7fec0d1f7 27371->27372 27373 7ff7fec12320 _handle_error 8 API calls 27372->27373 27374 7ff7fec0c025 27373->27374 27374->27052 27374->27063 27375 7ff7fec0eefa 28117 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 27375->28117 27378 7ff7fec0ef00 28118 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 27378->28118 27380 7ff7febfd22c 33 API calls 27475 7ff7fec0cf03 BuildCatchObjectHelperInternal 27380->27475 27382 7ff7fec0ef06 27385 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27382->27385 27383 7ff7fec0eeee 27384 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27383->27384 27386 7ff7fec0eef4 27384->27386 27387 7ff7fec0ef0c 27385->27387 28116 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 27386->28116 27390 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27387->27390 27392 7ff7fec0ef12 27390->27392 27391 7ff7fec0ee4a 27393 7ff7fec0eed2 27391->27393 27394 7ff7febe20b0 33 API calls 27391->27394 27397 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27392->27397 28114 7ff7febe1f80 33 API calls 3 library calls 27393->28114 27398 7ff7fec0ee77 27394->27398 27395 7ff7febe13a4 33 API calls 27399 7ff7fec0dc3a GetTempPathW 27395->27399 27396 7ff7fec0eee8 28115 7ff7febe2004 33 API calls std::_Xinvalid_argument 27396->28115 27401 7ff7fec0ef18 27397->27401 28113 7ff7fec0abe8 33 API calls 3 library calls 27398->28113 27399->27475 27400 7ff7febf62dc 35 API calls 27400->27475 27410 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27401->27410 27405 7ff7fec1bb8c 43 API calls 27405->27475 27407 7ff7fec0ee8d 27414 7ff7febe1fa0 31 API calls 27407->27414 27417 7ff7fec0eea4 BuildCatchObjectHelperInternal 27407->27417 27408 7ff7febe2520 SetDlgItemTextW 27408->27475 27411 7ff7fec0ef1e 27410->27411 27418 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27411->27418 27413 7ff7fec0e7f3 27413->27393 27413->27396 27416 7ff7fec121d0 33 API calls 27413->27416 27429 7ff7fec0e83b BuildCatchObjectHelperInternal 27413->27429 27414->27417 27415 7ff7febe1fa0 31 API calls 27415->27393 27416->27429 27417->27415 27421 7ff7fec0ef24 27418->27421 27419 7ff7fec0aa08 33 API calls 27419->27475 27428 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27421->27428 27422 7ff7fec0ef6c 28121 7ff7febe2004 33 API calls std::_Xinvalid_argument 27422->28121 27423 7ff7febe20b0 33 API calls 27423->27475 27424 7ff7febe1fa0 31 API calls 27424->27391 27425 7ff7fec0ef78 28123 7ff7febe2004 33 API calls std::_Xinvalid_argument 27425->28123 27432 7ff7fec0ef2a 27428->27432 27437 7ff7febe20b0 33 API calls 27429->27437 27487 7ff7fec0eb8f 27429->27487 27442 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27432->27442 27433 7ff7fec0ef72 28122 7ff7febe1f80 33 API calls 3 library calls 27433->28122 27436 7ff7fec0ef66 28120 7ff7febe1f80 33 API calls 3 library calls 27436->28120 27443 7ff7fec0e963 27437->27443 27439 7ff7fec0ed40 27439->27425 27439->27433 27458 7ff7fec0ed95 BuildCatchObjectHelperInternal 27439->27458 27463 7ff7fec121d0 33 API calls 27439->27463 27441 7ff7fec0ec2a 27441->27422 27441->27436 27451 7ff7fec0ec72 BuildCatchObjectHelperInternal 27441->27451 27452 7ff7fec0ecf9 27441->27452 27441->27458 27450 7ff7fec0ef30 27442->27450 27459 7ff7febe129c 33 API calls 27443->27459 27497 7ff7fec0ef60 27443->27497 27447 7ff7fec099c8 31 API calls 27447->27475 27465 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27450->27465 28112 7ff7fec0f4e0 65 API calls 3 library calls 27451->28112 27460 7ff7fec121d0 33 API calls 27452->27460 27454 7ff7fec0d5e9 GetDlgItem 27461 7ff7febe2520 SetDlgItemTextW 27454->27461 27456 7ff7fec0ed3b 27456->27458 27458->27424 27466 7ff7fec0e9a6 27459->27466 27460->27451 27462 7ff7fec0d608 IsDlgButtonChecked 27461->27462 27462->27475 27463->27458 27464 7ff7fec0d8aa BuildCatchObjectHelperInternal 27464->27392 27464->27475 27514 7ff7febe1fa0 31 API calls 27464->27514 27516 7ff7febf32bc 51 API calls 27464->27516 27519 7ff7fec0db21 MoveFileW 27464->27519 28086 7ff7febf3d34 51 API calls 2 library calls 27464->28086 28087 7ff7febf65b0 33 API calls 3 library calls 27464->28087 28088 7ff7febf5aa8 33 API calls 27464->28088 28089 7ff7febf72cc 8 API calls 27464->28089 28090 7ff7febe1744 33 API calls 4 library calls 27464->28090 28091 7ff7febf31bc 51 API calls 2 library calls 27464->28091 28092 7ff7febe4228 33 API calls _handle_error 27464->28092 28093 7ff7febf5820 33 API calls 27464->28093 28094 7ff7febee164 33 API calls 2 library calls 27464->28094 28095 7ff7febe1150 33 API calls BuildCatchObjectHelperInternal 27464->28095 28096 7ff7febf3f30 54 API calls _handle_error 27464->28096 27471 7ff7fec0ef36 27465->27471 28108 7ff7febfd22c 27466->28108 27467 7ff7febe1fa0 31 API calls 27467->27475 27468 7ff7febf5b60 53 API calls 27468->27475 27469 7ff7febe2674 31 API calls 27469->27475 27477 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27471->27477 27473 7ff7febfdc2c 33 API calls 27473->27475 27474 7ff7fec0d63c IsDlgButtonChecked 27474->27475 27475->27370 27475->27375 27475->27378 27475->27380 27475->27382 27475->27383 27475->27386 27475->27387 27475->27391 27475->27395 27475->27400 27475->27401 27475->27405 27475->27408 27475->27411 27475->27413 27475->27419 27475->27421 27475->27423 27475->27432 27475->27447 27475->27450 27475->27464 27475->27467 27475->27468 27475->27469 27475->27471 27475->27473 27475->27474 27478 7ff7fec0ef3c 27475->27478 27488 7ff7fec0ef42 27475->27488 27496 7ff7febe2034 33 API calls 27475->27496 27502 7ff7febf5aa8 33 API calls 27475->27502 27504 7ff7febe250c SetDlgItemTextW 27475->27504 27507 7ff7febf7df4 47 API calls 27475->27507 27512 7ff7fec013f4 CompareStringW 27475->27512 27513 7ff7febe129c 33 API calls 27475->27513 27522 7ff7febe8d04 33 API calls 27475->27522 28039 7ff7fec013c4 CompareStringW 27475->28039 28040 7ff7fec0a440 27475->28040 28076 7ff7febfcfa4 35 API calls _invalid_parameter_noinfo_noreturn 27475->28076 28077 7ff7fec095b4 33 API calls Concurrency::cancel_current_task 27475->28077 28078 7ff7fec10684 31 API calls _invalid_parameter_noinfo_noreturn 27475->28078 28079 7ff7febedf4c 47 API calls BuildCatchObjectHelperInternal 27475->28079 28080 7ff7fec0a834 33 API calls _invalid_parameter_noinfo_noreturn 27475->28080 28081 7ff7fec09518 33 API calls 27475->28081 28082 7ff7fec0abe8 33 API calls 3 library calls 27475->28082 28083 7ff7febf7368 33 API calls 2 library calls 27475->28083 28084 7ff7febf4088 33 API calls 27475->28084 28085 7ff7febf3f30 54 API calls _handle_error 27475->28085 28097 7ff7febf3ea0 FindClose 27475->28097 28098 7ff7febe4228 33 API calls _handle_error 27475->28098 28099 7ff7febf5820 33 API calls 27475->28099 28100 7ff7febee164 33 API calls 2 library calls 27475->28100 28101 7ff7febf32a8 51 API calls 27475->28101 28102 7ff7fec09cd0 47 API calls 27475->28102 28103 7ff7fec087d8 51 API calls 3 library calls 27475->28103 28104 7ff7fec0ab54 33 API calls _handle_error 27475->28104 28105 7ff7febf5b08 CompareStringW 27475->28105 28106 7ff7febf2f58 56 API calls 2 library calls 27475->28106 28107 7ff7febf7eb0 47 API calls 27475->28107 27477->27478 27484 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27478->27484 27484->27488 27485 7ff7febe129c 33 API calls 27517 7ff7fec0e9d1 27485->27517 27486 7ff7fec0ef54 27490 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27486->27490 27487->27439 27487->27441 27487->27486 27489 7ff7fec0ef5a 27487->27489 27495 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27488->27495 27493 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27489->27493 27490->27489 27491 7ff7fec013c4 CompareStringW 27491->27517 27493->27497 27499 7ff7fec0ef48 27495->27499 27496->27475 28119 7ff7febe704c 47 API calls BuildCatchObjectHelperInternal 27497->28119 27501 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27499->27501 27505 7ff7fec0ef4e 27501->27505 27502->27475 27504->27475 27509 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27505->27509 27507->27475 27509->27486 27511 7ff7febe1fa0 31 API calls 27511->27517 27512->27475 27513->27475 27514->27464 27516->27464 27517->27485 27517->27487 27517->27491 27517->27499 27517->27505 27517->27511 27518 7ff7febfd22c 33 API calls 27517->27518 27518->27517 27519->27464 27520 7ff7fec0db55 MoveFileExW 27519->27520 27520->27464 27522->27475 28128 7ff7fec07778 LoadCursorW RegisterClassExW 27524->28128 27526 7ff7fec07b80 27527 7ff7fec07b93 27526->27527 28129 7ff7fec1b7bc 31 API calls _invalid_parameter_noinfo_noreturn 27526->28129 27529 7ff7fec07ba8 27527->27529 28130 7ff7fec1b7bc 31 API calls _invalid_parameter_noinfo_noreturn 27527->28130 27530 7ff7fec07bb4 GetWindowRect GetParent MapWindowPoints 27529->27530 27532 7ff7fec07bf4 GetParent CreateWindowExW 27530->27532 27533 7ff7fec07bee 27530->27533 27534 7ff7fec07cb6 27532->27534 27535 7ff7fec07c64 27532->27535 27533->27532 27537 7ff7fec07cd3 27534->27537 27538 7ff7fec07cbb ShowWindow UpdateWindow 27534->27538 27535->27534 27536 7ff7fec07c6b 27535->27536 27536->27537 27541 7ff7fec07c80 27536->27541 27539 7ff7fec12320 _handle_error 8 API calls 27537->27539 27538->27537 27540 7ff7fec07ce3 27539->27540 27540->27090 28131 7ff7fec078a0 34 API calls 27541->28131 27543 7ff7fec07c8d ShowWindow 27544 7ff7febe2520 SetDlgItemTextW 27543->27544 27545 7ff7fec07ca9 27544->27545 27546 7ff7febe1fa0 31 API calls 27545->27546 27547 7ff7fec07cb4 27546->27547 27547->27537 27548->26997 27549->27061 27551 7ff7febe8d34 27550->27551 27558 7ff7febe8de8 27550->27558 27554 7ff7febe8d42 BuildCatchObjectHelperInternal 27551->27554 27555 7ff7febe8de3 27551->27555 27556 7ff7febe8d91 27551->27556 27554->27030 28132 7ff7febe1f80 33 API calls 3 library calls 27555->28132 27556->27554 27559 7ff7fec121d0 33 API calls 27556->27559 28133 7ff7febe2004 33 API calls std::_Xinvalid_argument 27558->28133 27559->27554 27560->27038 27561->27060 27562->27077 27563->27079 27564->27104 27565->27087 27566->27099 27567->27121 27568->27145 27569->27157 27570->27187 27571->27163 27572->27173 27573->27190 27574->27202 27575->27208 27576->27215 27577->27223 27578->27147 27579->27160 27580->27184 27581->27214 27582->27114 27583->27137 27584->27180 27585->27237 27586->27245 27587->27270 27588->27279 27589->27283 27590->27285 27591->27297 27592->27304 27594 7ff7febf3e28 swprintf 46 API calls 27593->27594 27595 7ff7febfa509 27594->27595 27596 7ff7fec00f68 WideCharToMultiByte 27595->27596 27600 7ff7febfa519 27596->27600 27597 7ff7febfa589 27616 7ff7febf9408 27597->27616 27600->27597 27609 7ff7febf9800 31 API calls 27600->27609 27613 7ff7febfa56a SetDlgItemTextW 27600->27613 27601 7ff7febfa6f2 GetSystemMetrics GetWindow 27602 7ff7febfa821 27601->27602 27614 7ff7febfa71d 27601->27614 27604 7ff7fec12320 _handle_error 8 API calls 27602->27604 27603 7ff7febfa6c2 27631 7ff7febf95a8 27603->27631 27607 7ff7febe258f 27604->27607 27606 7ff7febfa603 27606->27603 27612 7ff7febfa6aa GetWindowRect 27606->27612 27607->27307 27607->27311 27609->27600 27610 7ff7febfa6e5 SetDlgItemTextW 27610->27601 27611 7ff7febfa73e GetWindowRect 27611->27614 27612->27603 27613->27600 27614->27602 27614->27611 27615 7ff7febfa800 GetWindow 27614->27615 27615->27602 27615->27614 27617 7ff7febf95a8 47 API calls 27616->27617 27621 7ff7febf944f 27617->27621 27618 7ff7febf955a 27619 7ff7fec12320 _handle_error 8 API calls 27618->27619 27620 7ff7febf958e GetWindowRect GetClientRect 27619->27620 27620->27601 27620->27606 27621->27618 27622 7ff7febe129c 33 API calls 27621->27622 27623 7ff7febf949c 27622->27623 27624 7ff7febe129c 33 API calls 27623->27624 27630 7ff7febf95a1 27623->27630 27627 7ff7febf9514 27624->27627 27625 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27626 7ff7febf95a7 27625->27626 27627->27618 27628 7ff7febf959c 27627->27628 27629 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27628->27629 27629->27630 27630->27625 27632 7ff7febf3e28 swprintf 46 API calls 27631->27632 27633 7ff7febf95eb 27632->27633 27634 7ff7fec00f68 WideCharToMultiByte 27633->27634 27635 7ff7febf9603 27634->27635 27636 7ff7febf9800 31 API calls 27635->27636 27637 7ff7febf961b 27636->27637 27638 7ff7fec12320 _handle_error 8 API calls 27637->27638 27639 7ff7febf962b 27638->27639 27639->27601 27639->27610 27641 7ff7febe13a4 33 API calls 27640->27641 27642 7ff7febf7f39 SHGetPathFromIDListW 27641->27642 27643 7ff7febf7f5b 27642->27643 27644 7ff7febe20b0 33 API calls 27643->27644 27646 7ff7febf7f69 27644->27646 27645 7ff7febf7fa3 27645->27318 27646->27645 27647 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27646->27647 27648 7ff7febf7fc0 27647->27648 27649->27330 27650->27339 27651->27342 27652->27350 27654 7ff7febe296c 27653->27654 27692 7ff7febf86ec 27654->27692 27656 7ff7febe298d 27657 7ff7fec121d0 33 API calls 27656->27657 27661 7ff7febe2ac2 27656->27661 27659 7ff7febe2ab0 27657->27659 27659->27661 27662 7ff7febe91c8 35 API calls 27659->27662 27698 7ff7febf4d04 27661->27698 27662->27661 27663 7ff7febe3b74 27712 7ff7febf2ca8 27663->27712 27666 7ff7febe3b86 27666->27359 27666->27360 27668 7ff7febe3b94 27668->27666 27749 7ff7febe28a4 82 API calls 2 library calls 27668->27749 27671 7ff7febe3396 27670->27671 27672 7ff7febe339a 27670->27672 27676 7ff7febe2c54 27671->27676 27886 7ff7febe3294 27672->27886 27675 7ff7febf2aa0 101 API calls 27675->27671 27677 7ff7febe2c74 27676->27677 27678 7ff7febe2c88 27676->27678 27677->27678 28031 7ff7febe2d80 31 API calls _invalid_parameter_noinfo_noreturn 27677->28031 27679 7ff7febe1fa0 31 API calls 27678->27679 27682 7ff7febe2ca1 27679->27682 27691 7ff7febe2d2c 27682->27691 28032 7ff7febe3090 31 API calls _invalid_parameter_noinfo_noreturn 27682->28032 27683 7ff7febe2d08 28033 7ff7febe3090 31 API calls _invalid_parameter_noinfo_noreturn 27683->28033 27684 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27686 7ff7febe2d7c 27684->27686 27687 7ff7febe2d14 27688 7ff7febe1fa0 31 API calls 27687->27688 27689 7ff7febe2d20 27688->27689 28034 7ff7febf878c 108 API calls 27689->28034 27691->27684 27693 7ff7febf870a 27692->27693 27694 7ff7fec121d0 33 API calls 27693->27694 27695 7ff7febf872f 27694->27695 27696 7ff7fec121d0 33 API calls 27695->27696 27697 7ff7febf8759 27696->27697 27697->27656 27699 7ff7febf4d32 __scrt_get_show_window_mode 27698->27699 27708 7ff7febf4bac 27699->27708 27701 7ff7febf4d54 27702 7ff7febf4d90 27701->27702 27704 7ff7febf4dae 27701->27704 27703 7ff7fec12320 _handle_error 8 API calls 27702->27703 27705 7ff7febe2b32 27703->27705 27706 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27704->27706 27705->27663 27707 7ff7febf4db3 27706->27707 27709 7ff7febf4c27 27708->27709 27711 7ff7febf4c2f BuildCatchObjectHelperInternal 27708->27711 27710 7ff7febe1fa0 31 API calls 27709->27710 27710->27711 27711->27701 27716 7ff7febf24c0 54 API calls 27712->27716 27713 7ff7febf2cc1 27714 7ff7febe3b82 27713->27714 27750 7ff7febeb7e8 99 API calls 2 library calls 27713->27750 27714->27666 27717 7ff7febe33e4 27714->27717 27716->27713 27741 7ff7febf28d0 104 API calls 27717->27741 27718 7ff7febe3674 27762 7ff7febe28a4 82 API calls 2 library calls 27718->27762 27719 7ff7febe3431 __scrt_get_show_window_mode 27726 7ff7febe344e 27719->27726 27729 7ff7febe3601 27719->27729 27747 7ff7febf2bb0 101 API calls 27719->27747 27722 7ff7febe34cc 27742 7ff7febf28d0 104 API calls 27722->27742 27723 7ff7febe3682 27724 7ff7febe370c 27723->27724 27723->27729 27744 7ff7febf2aa0 101 API calls 27723->27744 27751 7ff7febe69f8 27723->27751 27728 7ff7febe3740 27724->27728 27724->27729 27763 7ff7febe28a4 82 API calls 2 library calls 27724->27763 27726->27718 27726->27723 27727 7ff7febe35cb 27727->27726 27730 7ff7febe35d7 27727->27730 27728->27729 27732 7ff7febe384d 27728->27732 27743 7ff7febf2bb0 101 API calls 27728->27743 27729->27668 27730->27729 27733 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27730->27733 27731 7ff7febe34eb 27731->27727 27740 7ff7febf2aa0 101 API calls 27731->27740 27732->27729 27735 7ff7febe20b0 33 API calls 27732->27735 27734 7ff7febe3891 27733->27734 27734->27668 27735->27729 27736 7ff7febe69f8 132 API calls 27738 7ff7febe378e 27736->27738 27737 7ff7febe35a7 27737->27727 27745 7ff7febf28d0 104 API calls 27737->27745 27738->27736 27739 7ff7febe3803 27738->27739 27746 7ff7febf2aa0 101 API calls 27738->27746 27748 7ff7febf2aa0 101 API calls 27739->27748 27740->27737 27741->27719 27742->27731 27743->27738 27744->27723 27745->27727 27746->27738 27747->27722 27748->27732 27749->27666 27750->27714 27752 7ff7febe6a0e 27751->27752 27756 7ff7febe6a0a 27751->27756 27761 7ff7febf2bb0 101 API calls 27752->27761 27753 7ff7febe6a1b 27754 7ff7febe6a2f 27753->27754 27755 7ff7febe6a3e 27753->27755 27754->27756 27764 7ff7febe5e24 27754->27764 27839 7ff7febe5130 130 API calls 2 library calls 27755->27839 27756->27723 27759 7ff7febe6a3c 27759->27756 27840 7ff7febe466c 82 API calls 27759->27840 27761->27753 27762->27729 27763->27728 27765 7ff7febe5e67 27764->27765 27766 7ff7febe5ea5 27765->27766 27773 7ff7febe5eb7 27765->27773 27790 7ff7febe6034 27765->27790 27851 7ff7febe28a4 82 API calls 2 library calls 27766->27851 27769 7ff7febe6134 27858 7ff7febe6fcc 82 API calls 27769->27858 27771 7ff7febe5f44 27853 7ff7febe6d88 82 API calls 27771->27853 27772 7ff7febe69af 27775 7ff7fec12320 _handle_error 8 API calls 27772->27775 27773->27769 27773->27771 27852 7ff7febe6f38 33 API calls BuildCatchObjectHelperInternal 27773->27852 27778 7ff7febe69c3 27775->27778 27777 7ff7febe69e4 27780 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27777->27780 27778->27759 27779 7ff7febe6973 27801 7ff7febe5eb2 27779->27801 27875 7ff7febe466c 82 API calls 27779->27875 27783 7ff7febe69e9 27780->27783 27782 7ff7febe612e 27782->27769 27782->27779 27786 7ff7febf85f0 104 API calls 27782->27786 27785 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27783->27785 27787 7ff7febe69ef 27785->27787 27788 7ff7febe61a4 27786->27788 27789 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27787->27789 27788->27769 27796 7ff7febe61ac 27788->27796 27791 7ff7febe69f5 27789->27791 27841 7ff7febf85f0 27790->27841 27792 7ff7febe6097 27857 7ff7febe433c 82 API calls 2 library calls 27792->27857 27795 7ff7febe5f5d 27795->27790 27795->27792 27854 7ff7febe433c 82 API calls 2 library calls 27795->27854 27855 7ff7febe6d88 82 API calls 27795->27855 27856 7ff7febea1a0 109 API calls _handle_error 27795->27856 27797 7ff7febe623f 27796->27797 27859 7ff7febe466c 82 API calls 27796->27859 27797->27779 27800 7ff7febe6266 27797->27800 27804 7ff7febe62ce 27800->27804 27805 7ff7febe68b7 27800->27805 27801->27772 27801->27777 27801->27787 27806 7ff7febe6481 27804->27806 27809 7ff7febe62e0 27804->27809 27807 7ff7febf4d04 31 API calls 27805->27807 27867 7ff7febf4c74 33 API calls 27806->27867 27813 7ff7febe68c6 27807->27813 27809->27801 27824 7ff7febe638f 27809->27824 27860 7ff7febe4228 33 API calls _handle_error 27809->27860 27811 7ff7febe6360 27861 7ff7febe3c84 47 API calls BuildCatchObjectHelperInternal 27811->27861 27813->27801 27874 7ff7febe4840 130 API calls 3 library calls 27813->27874 27814 7ff7febe6375 27862 7ff7febe701c 82 API calls 27814->27862 27822 7ff7febe1fa0 31 API calls 27822->27824 27823 7ff7febe6402 27823->27801 27866 7ff7febfc800 8 API calls _handle_error 27823->27866 27824->27822 27824->27823 27863 7ff7febe4228 33 API calls _handle_error 27824->27863 27864 7ff7febe3c84 47 API calls BuildCatchObjectHelperInternal 27824->27864 27865 7ff7febe701c 82 API calls 27824->27865 27827 7ff7febe649e 27868 7ff7febe3d00 33 API calls __scrt_get_show_window_mode 27827->27868 27828 7ff7febe66f9 27869 7ff7fec00d54 33 API calls 27828->27869 27830 7ff7febe672e 27831 7ff7febe6745 27830->27831 27870 7ff7febe4840 130 API calls 3 library calls 27830->27870 27832 7ff7febe674b 27831->27832 27836 7ff7febe675b 27831->27836 27871 7ff7febe473c 50 API calls 27832->27871 27838 7ff7febe6756 27836->27838 27872 7ff7febf8598 33 API calls BuildCatchObjectHelperInternal 27836->27872 27838->27783 27838->27801 27873 7ff7febe433c 82 API calls 2 library calls 27838->27873 27839->27759 27842 7ff7febf8614 27841->27842 27843 7ff7febf869a 27841->27843 27845 7ff7febe40b0 33 API calls 27842->27845 27848 7ff7febf867c 27842->27848 27843->27848 27876 7ff7febe40b0 27843->27876 27847 7ff7febf864d 27845->27847 27846 7ff7febf86b3 27850 7ff7febf28d0 104 API calls 27846->27850 27880 7ff7febea174 27847->27880 27848->27782 27850->27848 27851->27801 27853->27795 27854->27795 27855->27795 27856->27795 27857->27801 27858->27801 27860->27811 27861->27814 27863->27824 27864->27824 27866->27801 27867->27827 27868->27828 27869->27830 27870->27831 27871->27838 27872->27838 27873->27801 27874->27801 27877 7ff7febe40dd 27876->27877 27878 7ff7febe40d7 __scrt_get_show_window_mode 27876->27878 27877->27878 27884 7ff7febe4120 33 API calls 2 library calls 27877->27884 27878->27846 27881 7ff7febea185 27880->27881 27882 7ff7febea19a 27881->27882 27885 7ff7febfaf18 8 API calls 2 library calls 27881->27885 27882->27848 27885->27882 27887 7ff7febe32bb 27886->27887 27889 7ff7febe32f6 27886->27889 27888 7ff7febe69f8 132 API calls 27887->27888 27890 7ff7febe32db 27888->27890 27894 7ff7febe6e74 27889->27894 27890->27675 27898 7ff7febe6e95 27894->27898 27895 7ff7febe69f8 132 API calls 27895->27898 27896 7ff7febe331d 27896->27890 27899 7ff7febe3904 27896->27899 27898->27895 27898->27896 27926 7ff7febfe808 27898->27926 27934 7ff7febe6a7c 27899->27934 27902 7ff7febe396a 27905 7ff7febe399a 27902->27905 27906 7ff7febe3989 27902->27906 27903 7ff7febe3a8a 27907 7ff7fec12320 _handle_error 8 API calls 27903->27907 27911 7ff7febe39a3 27905->27911 27914 7ff7febe39ec 27905->27914 27967 7ff7fec00d54 33 API calls 27906->27967 27910 7ff7febe3a9e 27907->27910 27908 7ff7febe3ab3 27912 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27908->27912 27910->27890 27968 7ff7fec00c80 33 API calls 27911->27968 27915 7ff7febe3ab8 27912->27915 27969 7ff7febe26b4 33 API calls BuildCatchObjectHelperInternal 27914->27969 27920 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27915->27920 27916 7ff7febe39b0 27921 7ff7febe1fa0 31 API calls 27916->27921 27924 7ff7febe39c0 BuildCatchObjectHelperInternal 27916->27924 27918 7ff7febe1fa0 31 API calls 27925 7ff7febe394f 27918->27925 27919 7ff7febe3a13 27970 7ff7fec00ae8 34 API calls _invalid_parameter_noinfo_noreturn 27919->27970 27923 7ff7febe3abe 27920->27923 27921->27924 27924->27918 27925->27903 27925->27908 27925->27915 27927 7ff7febfe811 27926->27927 27928 7ff7febfe82b 27927->27928 27932 7ff7febeb664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27927->27932 27929 7ff7febfe845 SetThreadExecutionState 27928->27929 27933 7ff7febeb664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27928->27933 27932->27928 27933->27929 27935 7ff7febe6a96 _snwprintf 27934->27935 27936 7ff7febe6ae4 27935->27936 27937 7ff7febe6ac4 27935->27937 27939 7ff7febe6d4d 27936->27939 27942 7ff7febe6b0f 27936->27942 28009 7ff7febe28a4 82 API calls 2 library calls 27937->28009 28015 7ff7febe28a4 82 API calls 2 library calls 27939->28015 27941 7ff7febe6ad0 27943 7ff7fec12320 _handle_error 8 API calls 27941->27943 27942->27941 27971 7ff7fec01f94 27942->27971 27944 7ff7febe394b 27943->27944 27944->27902 27944->27925 27966 7ff7febe2794 33 API calls __std_swap_ranges_trivially_swappable 27944->27966 27947 7ff7febe6b85 27950 7ff7febe6c2a 27947->27950 27965 7ff7febe6b7b 27947->27965 28011 7ff7febf8968 109 API calls 27947->28011 27948 7ff7febe6b80 27948->27947 27954 7ff7febe40b0 33 API calls 27948->27954 27949 7ff7febe6b6e 28010 7ff7febe28a4 82 API calls 2 library calls 27949->28010 27980 7ff7febf4760 27950->27980 27954->27947 27956 7ff7febe6c52 27957 7ff7febe6cd1 27956->27957 27958 7ff7febe6cc7 27956->27958 28012 7ff7fec01f20 151 API calls 2 library calls 27957->28012 27984 7ff7febf1794 27958->27984 27961 7ff7febe6ccf 28013 7ff7febf4700 8 API calls _handle_error 27961->28013 27963 7ff7febe6cfd 27963->27965 28014 7ff7febe433c 82 API calls 2 library calls 27963->28014 27999 7ff7fec01870 27965->27999 27966->27902 27967->27925 27968->27916 27969->27919 27970->27925 27972 7ff7fec02056 std::bad_alloc::bad_alloc 27971->27972 27975 7ff7fec01fc5 std::bad_alloc::bad_alloc 27971->27975 27974 7ff7fec14078 Concurrency::cancel_current_task 2 API calls 27972->27974 27973 7ff7febe6b59 27973->27947 27973->27948 27973->27949 27974->27975 27975->27973 27976 7ff7fec14078 Concurrency::cancel_current_task 2 API calls 27975->27976 27977 7ff7fec0200f std::bad_alloc::bad_alloc 27975->27977 27976->27977 27977->27973 27978 7ff7fec14078 Concurrency::cancel_current_task 2 API calls 27977->27978 27979 7ff7fec020a9 27978->27979 27981 7ff7febf4780 27980->27981 27983 7ff7febf478a 27980->27983 27982 7ff7fec121d0 33 API calls 27981->27982 27982->27983 27983->27956 27985 7ff7febf17be __scrt_get_show_window_mode 27984->27985 28016 7ff7febf8a48 27985->28016 27987 7ff7febf1856 27987->27961 27988 7ff7febf17f2 27990 7ff7febf8a48 146 API calls 27988->27990 27991 7ff7febf1830 27988->27991 28026 7ff7febf8c4c 113 API calls BuildCatchObjectHelperInternal 27988->28026 27990->27988 27991->27987 27992 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27991->27992 27996 7ff7febf1882 27992->27996 27993 7ff7febf18c2 27994 7ff7febf190d 27993->27994 27997 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 27993->27997 27994->27961 27995 7ff7febe1fa0 31 API calls 27995->27996 27996->27993 27996->27994 27996->27995 27998 7ff7febf193b 27997->27998 28000 7ff7fec0188e 27999->28000 28001 7ff7fec01899 28000->28001 28006 7ff7fec018ae 28000->28006 28029 7ff7febfe948 108 API calls 28001->28029 28004 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 28005 7ff7fec01ad0 28004->28005 28008 7ff7fec01a37 28006->28008 28030 7ff7febfa984 31 API calls _invalid_parameter_noinfo_noreturn 28006->28030 28008->28004 28009->27941 28010->27965 28011->27950 28012->27961 28013->27963 28014->27965 28015->27941 28017 7ff7febf8bcd 28016->28017 28022 7ff7febf8a91 BuildCatchObjectHelperInternal 28016->28022 28018 7ff7febf8c1a 28017->28018 28020 7ff7febea174 8 API calls 28017->28020 28019 7ff7febfe808 3 API calls 28018->28019 28023 7ff7febf8c1f 28019->28023 28020->28018 28022->28017 28022->28023 28025 7ff7febf28d0 104 API calls 28022->28025 28027 7ff7febf4888 108 API calls 28022->28027 28028 7ff7fec0612c 137 API calls 3 library calls 28022->28028 28023->27988 28025->28022 28027->28022 28028->28022 28030->28008 28031->27678 28032->27683 28033->27687 28036 7ff7fec0aa2f 28035->28036 28037 7ff7fec0aa36 28035->28037 28036->27475 28037->28036 28124 7ff7febe1744 33 API calls 4 library calls 28037->28124 28039->27475 28041 7ff7fec0a47f 28040->28041 28062 7ff7fec0a706 28040->28062 28125 7ff7fec0cdf8 33 API calls 28041->28125 28042 7ff7fec12320 _handle_error 8 API calls 28045 7ff7fec0a717 28042->28045 28044 7ff7fec0a49e 28046 7ff7febe129c 33 API calls 28044->28046 28045->27454 28047 7ff7fec0a4de 28046->28047 28048 7ff7febe129c 33 API calls 28047->28048 28049 7ff7fec0a517 28048->28049 28050 7ff7febe129c 33 API calls 28049->28050 28051 7ff7fec0a54a 28050->28051 28126 7ff7fec0a834 33 API calls _invalid_parameter_noinfo_noreturn 28051->28126 28053 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 28054 7ff7fec0a73a 28053->28054 28056 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 28054->28056 28055 7ff7fec0a573 28055->28054 28057 7ff7fec0a740 28055->28057 28058 7ff7febe20b0 33 API calls 28055->28058 28059 7ff7fec0a685 28055->28059 28068 7ff7fec0a734 28055->28068 28056->28057 28060 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 28057->28060 28058->28059 28061 7ff7fec0a746 28059->28061 28059->28062 28063 7ff7fec0a72f 28059->28063 28060->28061 28064 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 28061->28064 28062->28042 28066 7ff7fec17904 _invalid_parameter_noinfo_noreturn 31 API calls 28063->28066 28065 7ff7fec0a74c 28064->28065 28067 7ff7febe255c 61 API calls 28065->28067 28066->28068 28069 7ff7fec0a795 28067->28069 28068->28053 28070 7ff7fec0a801 SetDlgItemTextW 28069->28070 28073 7ff7fec0a7a1 28069->28073 28075 7ff7fec0a7ad 28069->28075 28070->28075 28071 7ff7fec12320 _handle_error 8 API calls 28072 7ff7fec0a827 28071->28072 28072->27454 28073->28075 28127 7ff7febfbb00 102 API calls 28073->28127 28075->28071 28076->27475 28077->27475 28078->27475 28079->27475 28080->27475 28081->27475 28082->27475 28083->27475 28084->27475 28085->27475 28086->27464 28087->27464 28088->27464 28089->27464 28090->27464 28091->27464 28092->27464 28093->27464 28094->27464 28095->27464 28096->27464 28098->27475 28099->27475 28100->27475 28101->27475 28102->27475 28103->27475 28104->27475 28105->27475 28106->27475 28107->27475 28110 7ff7febfd25e 28108->28110 28109 7ff7febfd292 28109->27517 28110->28109 28111 7ff7febe1744 33 API calls 28110->28111 28111->28110 28112->27456 28113->27407 28114->27396 28116->27375 28117->27378 28118->27382 28119->27436 28120->27422 28122->27425 28124->28037 28125->28044 28126->28055 28127->28075 28128->27526 28129->27527 28130->27530 28131->27543 28132->27558 28134 7ff7fec11491 28135 7ff7fec113c9 28134->28135 28136 7ff7fec11900 _com_raise_error 14 API calls 28135->28136 28137 7ff7fec11408 28136->28137 28138 7ff7fec11552 28139 7ff7fec114a2 28138->28139 28140 7ff7fec11900 _com_raise_error 14 API calls 28139->28140 28140->28139

    Executed Functions

    Function 00007FF7FEC0B190 Relevance: 111.7, APIs: 52, Strings: 11, Instructions: 1421windowfilesleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$Text$ButtonChecked$FileSend$ErrorLast$CloseDialogFindLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchFirstForegroundHandleLineMappingParamParentSleepTickTranslateUnmapWindow
    • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$c:\$p$runas$winrarsfxmappingfile.tmp
    • API String ID: 3781586631-2870799519
    • Opcode ID: 8c25b8f5574f35ddc0c2ad3852aa72c203d9154403b40ae796b6435585b0b73b
    • Instruction ID: 6c6919896f4ae12b1343a530a525da842bfd0cf8bfbc7e1eda26b8c8e2fedde1
    • Opcode Fuzzy Hash: 8c25b8f5574f35ddc0c2ad3852aa72c203d9154403b40ae796b6435585b0b73b
    • Instruction Fuzzy Hash: 62D2CF62A0D68285EB20FB25E8406F9E361EFC5790FD04131FAAD476E6DE3CE544C7A1
    Function 00007FF7FEC0CE88 Relevance: 65.0, APIs: 25, Strings: 11, Instructions: 1963fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ButtonCheckedFileMove$ItemPathTemp
    • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$c:\$lnk
    • API String ID: 1440029262-811407598
    • Opcode ID: feba819d6598e8d423f9e7027c5168d8c23c22b90adcf7986964b7bc32e38086
    • Instruction ID: 916f0f7168417f78b162591d59f41773677da7a117737977968849574b085efc
    • Opcode Fuzzy Hash: feba819d6598e8d423f9e7027c5168d8c23c22b90adcf7986964b7bc32e38086
    • Instruction Fuzzy Hash: A0138272B04B8289EB10EF64D8402EC77A1EB84798FD01536EB6D57AD9DF38D585C3A0
    Function 00007FF7FEC10754 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 380filesleeptimeCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1483 7ff7fec10754-7ff7fec10829 call 7ff7febfdfd0 call 7ff7febf62dc call 7ff7fec0946c call 7ff7fec13cf0 call 7ff7fec09a14 1494 7ff7fec1082b-7ff7fec10840 1483->1494 1495 7ff7fec10860-7ff7fec10883 1483->1495 1496 7ff7fec1085b call 7ff7fec1220c 1494->1496 1497 7ff7fec10842-7ff7fec10855 1494->1497 1498 7ff7fec108ba-7ff7fec108dd 1495->1498 1499 7ff7fec10885-7ff7fec1089a 1495->1499 1496->1495 1497->1496 1500 7ff7fec10ddd-7ff7fec10de2 call 7ff7fec17904 1497->1500 1504 7ff7fec108df-7ff7fec108f4 1498->1504 1505 7ff7fec10914-7ff7fec10937 1498->1505 1502 7ff7fec1089c-7ff7fec108af 1499->1502 1503 7ff7fec108b5 call 7ff7fec1220c 1499->1503 1520 7ff7fec10de3-7ff7fec10e2f call 7ff7fec17904 call 7ff7fec11900 1500->1520 1502->1500 1502->1503 1503->1498 1508 7ff7fec1090f call 7ff7fec1220c 1504->1508 1509 7ff7fec108f6-7ff7fec10909 1504->1509 1510 7ff7fec10939-7ff7fec1094e 1505->1510 1511 7ff7fec1096e-7ff7fec1097a GetCommandLineW 1505->1511 1508->1505 1509->1500 1509->1508 1512 7ff7fec10969 call 7ff7fec1220c 1510->1512 1513 7ff7fec10950-7ff7fec10963 1510->1513 1514 7ff7fec10b47-7ff7fec10b5e call 7ff7febf6454 1511->1514 1515 7ff7fec10980-7ff7fec109b7 call 7ff7fec1797c call 7ff7febe129c call 7ff7fec0cad0 1511->1515 1512->1511 1513->1500 1513->1512 1527 7ff7fec10b89-7ff7fec10cce call 7ff7febe1fa0 SetEnvironmentVariableW GetLocalTime call 7ff7febf3e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff7fec0b014 call 7ff7febf98ac call 7ff7fec067b4 * 2 DialogBoxParamW call 7ff7fec068a8 1514->1527 1528 7ff7fec10b60-7ff7fec10b85 call 7ff7febe1fa0 call 7ff7fec13640 1514->1528 1543 7ff7fec109b9-7ff7fec109cc 1515->1543 1544 7ff7fec109ec-7ff7fec109f3 1515->1544 1540 7ff7fec10e34-7ff7fec10e6a 1520->1540 1578 7ff7fec10cd3-7ff7fec10ce4 call 7ff7fec068a8 1527->1578 1528->1527 1545 7ff7fec10e6c 1540->1545 1549 7ff7fec109e7 call 7ff7fec1220c 1543->1549 1550 7ff7fec109ce-7ff7fec109e1 1543->1550 1546 7ff7fec109f9-7ff7fec10a13 OpenFileMappingW 1544->1546 1547 7ff7fec10adb-7ff7fec10b12 call 7ff7fec1797c call 7ff7febe129c call 7ff7fec0fd0c 1544->1547 1545->1545 1552 7ff7fec10a19-7ff7fec10a39 MapViewOfFile 1546->1552 1553 7ff7fec10ad0-7ff7fec10ad9 CloseHandle 1546->1553 1547->1514 1571 7ff7fec10b14-7ff7fec10b27 1547->1571 1549->1544 1550->1520 1550->1549 1552->1553 1557 7ff7fec10a3f-7ff7fec10a6f UnmapViewOfFile MapViewOfFile 1552->1557 1553->1514 1557->1553 1560 7ff7fec10a71-7ff7fec10aca call 7ff7fec0a190 call 7ff7fec0fd0c call 7ff7febfb9b4 call 7ff7febfbb00 call 7ff7febfbb70 UnmapViewOfFile 1557->1560 1560->1553 1574 7ff7fec10b29-7ff7fec10b3c 1571->1574 1575 7ff7fec10b42 call 7ff7fec1220c 1571->1575 1574->1575 1579 7ff7fec10dd7-7ff7fec10ddc call 7ff7fec17904 1574->1579 1575->1514 1588 7ff7fec10cec-7ff7fec10cf3 1578->1588 1589 7ff7fec10ce6 Sleep 1578->1589 1579->1500 1591 7ff7fec10cfa-7ff7fec10d1d call 7ff7febfb8e0 call 7ff7fec4e0f0 1588->1591 1592 7ff7fec10cf5 call 7ff7fec09f4c 1588->1592 1589->1588 1599 7ff7fec10d1f call 7ff7fec4e0f0 1591->1599 1600 7ff7fec10d25-7ff7fec10d2c 1591->1600 1592->1591 1599->1600 1602 7ff7fec10d48-7ff7fec10d59 1600->1602 1603 7ff7fec10d2e-7ff7fec10d35 1600->1603 1605 7ff7fec10d5b-7ff7fec10d67 call 7ff7fec0fe24 CloseHandle 1602->1605 1606 7ff7fec10d6d-7ff7fec10d7a 1602->1606 1603->1602 1604 7ff7fec10d37-7ff7fec10d43 call 7ff7febeba0c 1603->1604 1604->1602 1605->1606 1609 7ff7fec10d7c-7ff7fec10d89 1606->1609 1610 7ff7fec10d9f-7ff7fec10dd6 call 7ff7fec094e4 call 7ff7fec12320 1606->1610 1612 7ff7fec10d99-7ff7fec10d9b 1609->1612 1613 7ff7fec10d8b-7ff7fec10d93 1609->1613 1612->1610 1616 7ff7fec10d9d 1612->1616 1613->1610 1615 7ff7fec10d95-7ff7fec10d97 1613->1615 1615->1610 1616->1610
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDirectoryModuleProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
    • API String ID: 3400486126-3710569615
    • Opcode ID: 90ce4131d24f677c68c7a398a64b562f3535bba57e65092bbdebbf5ef0a00a5f
    • Instruction ID: b87bb65a732d635c479ff7af40aa5588bcbfd87c2245373ddb8eff95d575fae3
    • Opcode Fuzzy Hash: 90ce4131d24f677c68c7a398a64b562f3535bba57e65092bbdebbf5ef0a00a5f
    • Instruction Fuzzy Hash: 18126661A19B8285EB10BB25E8452BDE361FFC4794FC04231EABD46AE5DF3CE540C7A0
    Function 00007FF7FEBFA4AC Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 250COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Window$Rect$ItemText$ByteCharClientMetricsMultiSystemWideswprintf
    • String ID: $%s:$CAPTION
    • API String ID: 165908239-404845831
    • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
    • Instruction ID: 766d351bb0eb863e92388c2a47d2e8fc185db522695703aa784054d4403443c1
    • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
    • Instruction Fuzzy Hash: F791E932B186428AE718EF69A800A69F7A1FBC4784F805535FE5D47B98CF3CE805CB50
    Function 00007FF7FEC08624 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
    • String ID: PNG
    • API String ID: 541704414-364855578
    • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
    • Instruction ID: 52ba653229761e38c799ebd8718e84d69439367e202fcb8e8b571e90ac8b2b12
    • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
    • Instruction Fuzzy Hash: CE412326A09B0281EF15AB16D845379E3A1AFC4B90F844435FE2D873E8EF7CD444C7A0
    Function 00007FF7FEBE4840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: CMT
    • API String ID: 3668304517-2756464174
    • Opcode ID: fdd9c915db8bbdbc7b678ee07b0780c4e124944889983d71e770a4cd879ae1d4
    • Instruction ID: af58f4ce66db3964822afccfca6d79286a26059e676412252a52be0701c8b90e
    • Opcode Fuzzy Hash: fdd9c915db8bbdbc7b678ee07b0780c4e124944889983d71e770a4cd879ae1d4
    • Instruction Fuzzy Hash: 1EE2DE22B0968286EB18EB75D550AFDB7A1EB85384FC00035DA6E477D6DF3CE454C3A2
    Function 00007FF7FEBE5E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID: CMT
    • API String ID: 0-2756464174
    • Opcode ID: 589854a86694341a55c69b07c8121abed16d2d53b78a965ac968b8bdafdd2d04
    • Instruction ID: 69c6e6979b8d6e92bd5225a1d95cd6e13e6f2bbc2260a4e8a54060686e885f5a
    • Opcode Fuzzy Hash: 589854a86694341a55c69b07c8121abed16d2d53b78a965ac968b8bdafdd2d04
    • Instruction Fuzzy Hash: 6042C062B0868296EB18EBB4C1506FDB7A1EB91344FC00136DB7E576DADF38E518C391
    Function 00007FF7FEC07D10 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: LongWindow
    • String ID:
    • API String ID: 1378638983-0
    • Opcode ID: 76ef30bd2952a735a61a9b11dbe66dc2751a7d34feade28c12788be8e6367f79
    • Instruction ID: 8dd1360c52f3218e6d38f17ffbfb279246544132ad179c7fcc707450b528930b
    • Opcode Fuzzy Hash: 76ef30bd2952a735a61a9b11dbe66dc2751a7d34feade28c12788be8e6367f79
    • Instruction Fuzzy Hash: F801D223E0CB8186E720AB166C40059EBA1FB95FD0B4D8271EFA8077D6CE38E851C380
    Function 00007FF7FEBFDFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff7febfdfd0-7ff7febfe024 call 7ff7fec12450 GetModuleHandleW 3 7ff7febfe026-7ff7febfe039 GetProcAddress 0->3 4 7ff7febfe07b-7ff7febfe3a5 0->4 7 7ff7febfe053-7ff7febfe066 GetProcAddress 3->7 8 7ff7febfe03b-7ff7febfe04a 3->8 5 7ff7febfe503-7ff7febfe521 call 7ff7febf6454 call 7ff7febf7df4 4->5 6 7ff7febfe3ab-7ff7febfe3b4 call 7ff7fec1b788 4->6 19 7ff7febfe525-7ff7febfe52f call 7ff7febf51a4 5->19 6->5 15 7ff7febfe3ba-7ff7febfe3fd call 7ff7febf6454 CreateFileW 6->15 7->4 11 7ff7febfe068-7ff7febfe078 7->11 8->7 11->4 22 7ff7febfe403-7ff7febfe416 SetFilePointer 15->22 23 7ff7febfe4f0-7ff7febfe4fe CloseHandle call 7ff7febe1fa0 15->23 27 7ff7febfe564-7ff7febfe5ac call 7ff7fec1797c call 7ff7febe129c call 7ff7febf8090 call 7ff7febe1fa0 call 7ff7febf32bc 19->27 28 7ff7febfe531-7ff7febfe53c call 7ff7febfdd88 19->28 22->23 25 7ff7febfe41c-7ff7febfe43e ReadFile 22->25 23->5 25->23 29 7ff7febfe444-7ff7febfe452 25->29 66 7ff7febfe5b1-7ff7febfe5b4 27->66 28->27 39 7ff7febfe53e-7ff7febfe562 CompareStringW 28->39 32 7ff7febfe800-7ff7febfe807 call 7ff7fec12624 29->32 33 7ff7febfe458-7ff7febfe4ac call 7ff7fec1797c call 7ff7febe129c 29->33 48 7ff7febfe4c3-7ff7febfe4d9 call 7ff7febfd0a0 33->48 39->27 42 7ff7febfe5bd-7ff7febfe5c6 39->42 42->19 45 7ff7febfe5cc 42->45 49 7ff7febfe5d1-7ff7febfe5d4 45->49 61 7ff7febfe4ae-7ff7febfe4be call 7ff7febfdd88 48->61 62 7ff7febfe4db-7ff7febfe4eb call 7ff7febe1fa0 * 2 48->62 52 7ff7febfe5d6-7ff7febfe5d9 49->52 53 7ff7febfe63f-7ff7febfe642 49->53 58 7ff7febfe5dd-7ff7febfe62d call 7ff7fec1797c call 7ff7febe129c call 7ff7febf8090 call 7ff7febe1fa0 call 7ff7febf32bc 52->58 56 7ff7febfe7c2-7ff7febfe7ff call 7ff7febe1fa0 * 2 call 7ff7fec12320 53->56 57 7ff7febfe648-7ff7febfe65b call 7ff7febf7eb0 call 7ff7febf51a4 53->57 82 7ff7febfe706-7ff7febfe753 call 7ff7febfda98 AllocConsole 57->82 83 7ff7febfe661-7ff7febfe701 call 7ff7febfdd88 * 2 call 7ff7febfaae0 call 7ff7febfda98 call 7ff7febfaae0 call 7ff7febfdc2c call 7ff7fec087ac call 7ff7febe19e0 57->83 107 7ff7febfe62f-7ff7febfe638 58->107 108 7ff7febfe63c 58->108 61->48 62->23 72 7ff7febfe5b6 66->72 73 7ff7febfe5ce 66->73 72->42 73->49 93 7ff7febfe755-7ff7febfe7aa GetCurrentProcessId AttachConsole call 7ff7febfe868 call 7ff7febfe858 GetStdHandle WriteConsoleW Sleep FreeConsole 82->93 94 7ff7febfe7b0 82->94 100 7ff7febfe7b4-7ff7febfe7bb call 7ff7febe19e0 ExitProcess 83->100 93->94 94->100 107->58 112 7ff7febfe63a 107->112 108->53 112->53
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
    • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
    • API String ID: 1496594111-2013832382
    • Opcode ID: b00e2e6d214aa52dc68ba8bdb5057dfd573f1e9f3d9b8fa57946a832f5175614
    • Instruction ID: 4c6a4f79b23a16473e1fa17b40f3c51304cb6467524ee282b762aad0a7ad142c
    • Opcode Fuzzy Hash: b00e2e6d214aa52dc68ba8bdb5057dfd573f1e9f3d9b8fa57946a832f5175614
    • Instruction Fuzzy Hash: 07321D35A09B8295EB11AF64E8405E9B3A4FFC4354FD00236EA6D067E5EF3CD655C3A0
    Function 00007FF7FEBF98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FEBF8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7FEBF8F8D
    • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7FEBF9F75
    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7FEBFA42F
    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7FEBFA435
      • Part of subcall function 00007FF7FEC00BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF7FEC00B44), ref: 00007FF7FEC00BE9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
    • API String ID: 3629253777-3268106645
    • Opcode ID: d5f6a8ed9f6566674b9dc477b5212b2b29b5a39c6d918fbb76a58129d937936d
    • Instruction ID: e195a5c74499c2c4730a8dc4c8a2cb7f1281d0113edc745723b546d089a42f14
    • Opcode Fuzzy Hash: d5f6a8ed9f6566674b9dc477b5212b2b29b5a39c6d918fbb76a58129d937936d
    • Instruction Fuzzy Hash: 4162C132B1968285EB14EBA4D444ABDA365FB84784FC05132EA7D476E9EF3CE544C3E0
    Function 00007FF7FEC11900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1891 7ff7fec11900-7ff7fec11989 call 7ff7fec11558 1894 7ff7fec1198b-7ff7fec119af call 7ff7fec11868 RaiseException 1891->1894 1895 7ff7fec119b4-7ff7fec119d1 1891->1895 1901 7ff7fec11bb8-7ff7fec11bd5 1894->1901 1897 7ff7fec119d3-7ff7fec119e4 1895->1897 1898 7ff7fec119e6-7ff7fec119ea 1895->1898 1900 7ff7fec119ed-7ff7fec119f9 1897->1900 1898->1900 1902 7ff7fec11a1a-7ff7fec11a1d 1900->1902 1903 7ff7fec119fb-7ff7fec11a0d 1900->1903 1904 7ff7fec11a23-7ff7fec11a26 1902->1904 1905 7ff7fec11ac4-7ff7fec11acb 1902->1905 1915 7ff7fec11b89-7ff7fec11b93 1903->1915 1916 7ff7fec11a13 1903->1916 1909 7ff7fec11a28-7ff7fec11a3b 1904->1909 1910 7ff7fec11a3d-7ff7fec11a52 LoadLibraryExA 1904->1910 1907 7ff7fec11acd-7ff7fec11adc 1905->1907 1908 7ff7fec11adf-7ff7fec11ae2 1905->1908 1907->1908 1911 7ff7fec11ae8-7ff7fec11aec 1908->1911 1912 7ff7fec11b85 1908->1912 1909->1910 1913 7ff7fec11aa9-7ff7fec11ab2 1909->1913 1910->1913 1914 7ff7fec11a54-7ff7fec11a67 GetLastError 1910->1914 1918 7ff7fec11b1b-7ff7fec11b2e GetProcAddress 1911->1918 1919 7ff7fec11aee-7ff7fec11af2 1911->1919 1912->1915 1924 7ff7fec11abd 1913->1924 1925 7ff7fec11ab4-7ff7fec11ab7 FreeLibrary 1913->1925 1920 7ff7fec11a69-7ff7fec11a7c 1914->1920 1921 7ff7fec11a7e-7ff7fec11aa4 call 7ff7fec11868 RaiseException 1914->1921 1922 7ff7fec11bb0 call 7ff7fec11868 1915->1922 1923 7ff7fec11b95-7ff7fec11ba6 1915->1923 1916->1902 1918->1912 1930 7ff7fec11b30-7ff7fec11b43 GetLastError 1918->1930 1919->1918 1927 7ff7fec11af4-7ff7fec11aff 1919->1927 1920->1913 1920->1921 1921->1901 1933 7ff7fec11bb5 1922->1933 1923->1922 1924->1905 1925->1924 1927->1918 1931 7ff7fec11b01-7ff7fec11b08 1927->1931 1935 7ff7fec11b5a-7ff7fec11b81 call 7ff7fec11868 RaiseException call 7ff7fec11558 1930->1935 1936 7ff7fec11b45-7ff7fec11b58 1930->1936 1931->1918 1937 7ff7fec11b0a-7ff7fec11b0f 1931->1937 1933->1901 1935->1912 1936->1912 1936->1935 1937->1918 1939 7ff7fec11b11-7ff7fec11b19 1937->1939 1939->1912 1939->1918
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
    • String ID: H
    • API String ID: 3432403771-2852464175
    • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
    • Instruction ID: 7ffee3e49a4324b9b70463b1d05e910e4e716ce0d530a157d1c0e5cfa805f790
    • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
    • Instruction Fuzzy Hash: 21915E72A15B518AEB10DF65D8406ACB3B1FB88BA4F854436EE2D17794EF3CE445C3A0
    Function 00007FF7FEC07B28 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Window$Show$Parent$ClassCreateCursorLoadPointsRectRegisterUpdate
    • String ID: RarHtmlClassName
    • API String ID: 1583632621-1658105358
    • Opcode ID: 25e10118fc127f943416c4d3264f1baf1a615f34ad43d758d85ed87ca73a3c98
    • Instruction ID: fc3042ffc1c40cdb270c71806b8fc3576ffdd70ace59079699fde43ccde2698f
    • Opcode Fuzzy Hash: 25e10118fc127f943416c4d3264f1baf1a615f34ad43d758d85ed87ca73a3c98
    • Instruction Fuzzy Hash: D9518421609B818AEB68FB26E44437AE361FBC5780F804435EE9E47795DF3CE445CB90
    Function 00007FF7FEC06E80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 2045 7ff7fec06e80-7ff7fec06eb7 2046 7ff7fec07154-7ff7fec0717a call 7ff7fec12320 2045->2046 2047 7ff7fec06ebd-7ff7fec06f01 call 7ff7fec06cdc call 7ff7fec1797c call 7ff7febe129c 2045->2047 2056 7ff7fec06f03-7ff7fec06f0b 2047->2056 2057 7ff7fec06f0d-7ff7fec06f2a call 7ff7fec013f4 2047->2057 2056->2056 2056->2057 2060 7ff7fec06f2c-7ff7fec06f46 call 7ff7fec1797c call 7ff7febe2034 2057->2060 2061 7ff7fec06f4b-7ff7fec06f70 call 7ff7fec1797c call 7ff7febe2034 2057->2061 2060->2061 2069 7ff7fec06f72-7ff7fec06f8c call 7ff7fec1797c call 7ff7febe2034 2061->2069 2070 7ff7fec06f91-7ff7fec06f99 2061->2070 2069->2070 2071 7ff7fec07031-7ff7fec070b9 call 7ff7fec01000 call 7ff7fec179b0 call 7ff7fec07eec GlobalAlloc call 7ff7febfd850 call 7ff7fec4e340 2070->2071 2072 7ff7fec06f9f-7ff7fec06fb9 call 7ff7fec073c4 2070->2072 2104 7ff7fec070dd-7ff7fec070e5 2071->2104 2105 7ff7fec070bb-7ff7fec070c6 call 7ff7fec06d14 2071->2105 2081 7ff7fec06fbb-7ff7fec06fc3 2072->2081 2082 7ff7fec07028-7ff7fec0702c call 7ff7febe1fa0 2072->2082 2084 7ff7fec06fc5-7ff7fec06fd7 2081->2084 2085 7ff7fec06ff7-7ff7fec07024 call 7ff7fec13640 2081->2085 2082->2071 2088 7ff7fec06ff2 call 7ff7fec1220c 2084->2088 2089 7ff7fec06fd9-7ff7fec06fec 2084->2089 2085->2082 2088->2085 2089->2088 2092 7ff7fec07181-7ff7fec07186 call 7ff7fec17904 2089->2092 2099 7ff7fec07187-7ff7fec0718f call 7ff7fec17904 2092->2099 2107 7ff7fec07110-7ff7fec07124 2104->2107 2108 7ff7fec070e7-7ff7fec070f4 2104->2108 2110 7ff7fec070cb-7ff7fec070dc 2105->2110 2107->2046 2109 7ff7fec07126-7ff7fec07138 2107->2109 2111 7ff7fec070f6-7ff7fec07109 2108->2111 2112 7ff7fec0710b call 7ff7fec1220c 2108->2112 2114 7ff7fec0714f call 7ff7fec1220c 2109->2114 2115 7ff7fec0713a-7ff7fec0714d 2109->2115 2110->2104 2111->2099 2111->2112 2112->2107 2114->2046 2115->2114 2116 7ff7fec0717b-7ff7fec07180 call 7ff7fec17904 2115->2116 2116->2092
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
    • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
    • API String ID: 2721297748-1533471033
    • Opcode ID: 124782140cab751a06563efccc428b77e03dcad5fc607de4dfc3233a338ff39a
    • Instruction ID: c7f40236e92563e16579c7c4411113da107fc927206fca4c25b4e84feeb96d8e
    • Opcode Fuzzy Hash: 124782140cab751a06563efccc428b77e03dcad5fc607de4dfc3233a338ff39a
    • Instruction Fuzzy Hash: B681C162F19A4285FB04FBA5D4402EDA371AF85798F800135EE2D57ADADE3CD50AC3A4
    Function 00007FF7FEBF24C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 2974 7ff7febf24c0-7ff7febf24fb 2975 7ff7febf2506 2974->2975 2976 7ff7febf24fd-7ff7febf2504 2974->2976 2977 7ff7febf2509-7ff7febf2578 2975->2977 2976->2975 2976->2977 2978 7ff7febf257d-7ff7febf25a8 CreateFileW 2977->2978 2979 7ff7febf257a 2977->2979 2980 7ff7febf25ae-7ff7febf25de GetLastError call 7ff7febf6a0c 2978->2980 2981 7ff7febf2688-7ff7febf268d 2978->2981 2979->2978 2990 7ff7febf25e0-7ff7febf262a CreateFileW GetLastError 2980->2990 2991 7ff7febf262c 2980->2991 2983 7ff7febf2693-7ff7febf2697 2981->2983 2984 7ff7febf26a5-7ff7febf26a9 2983->2984 2985 7ff7febf2699-7ff7febf269c 2983->2985 2988 7ff7febf26cf-7ff7febf26e3 2984->2988 2989 7ff7febf26ab-7ff7febf26af 2984->2989 2985->2984 2987 7ff7febf269e 2985->2987 2987->2984 2993 7ff7febf26e5-7ff7febf26f0 2988->2993 2994 7ff7febf270c-7ff7febf2735 call 7ff7fec12320 2988->2994 2989->2988 2992 7ff7febf26b1-7ff7febf26c9 SetFileTime 2989->2992 2995 7ff7febf2632-7ff7febf263a 2990->2995 2991->2995 2992->2988 2996 7ff7febf26f2-7ff7febf26fa 2993->2996 2997 7ff7febf2708 2993->2997 2998 7ff7febf2673-7ff7febf2686 2995->2998 2999 7ff7febf263c-7ff7febf2653 2995->2999 3001 7ff7febf26ff-7ff7febf2703 call 7ff7febe20b0 2996->3001 3002 7ff7febf26fc 2996->3002 2997->2994 2998->2983 3003 7ff7febf2655-7ff7febf2668 2999->3003 3004 7ff7febf266e call 7ff7fec1220c 2999->3004 3001->2997 3002->3001 3003->3004 3007 7ff7febf2736-7ff7febf273b call 7ff7fec17904 3003->3007 3004->2998
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3536497005-0
    • Opcode ID: 3a28dd0dcfd7b89b689d9fe25ecc7464786bdc3a32dccfb94d5fbab1a7314792
    • Instruction ID: 5cf30bd198875de83b0e147b44ab9829c5effafaa969408d7fe52534ce639da7
    • Opcode Fuzzy Hash: 3a28dd0dcfd7b89b689d9fe25ecc7464786bdc3a32dccfb94d5fbab1a7314792
    • Instruction Fuzzy Hash: A6610266A0878185E720AB69E40076EA7B1FBC47A8F900334DFB903AD8DF3DC454C794
    Function 00007FF7FEC0AE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Message$DialogDispatchPeekTranslate
    • String ID:
    • API String ID: 1266772231-0
    • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
    • Instruction ID: 11cb30e9daf02f58495f4de7fe54383913be38f95f627c013826e3023e0a9bda
    • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
    • Instruction Fuzzy Hash: FCF04F72B3C54286FB50AB20EC95A36A362FFD0744FC05431F65E86894DF2CD508CB50
    Function 00007FF7FEC091E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AutoClassCompareCompleteFindNameStringWindow
    • String ID: EDIT
    • API String ID: 4243998846-3080729518
    • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
    • Instruction ID: 90d4b784b9ed1b15bd2e341e8ea6a2b52579e2cd99135072108523192f6dfbc5
    • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
    • Instruction Fuzzy Hash: C6013161B18A4381FB20AB25EC117B6E395AFD8744FC41031EA6E4B7E5DE2CE149C7A0
    Function 00007FF7FEC12D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
    • String ID:
    • API String ID: 1452418845-0
    • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
    • Instruction ID: 75174709bac201e0c9557bbd1a91dd20d66cdc33a8167a71a559f96fa74290bd
    • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
    • Instruction Fuzzy Hash: B7310A29A0C20342FB58BB68D4517BEA291AFC1764FD55434FA3E4B6D3DE2CA405D2F1
    Function 00007FF7FEBF2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 3376 7ff7febf2320-7ff7febf2341 3377 7ff7febf2343-7ff7febf234e GetStdHandle 3376->3377 3378 7ff7febf2352-7ff7febf236f ReadFile 3376->3378 3377->3378 3379 7ff7febf2371-7ff7febf237b call 7ff7febf2490 3378->3379 3380 7ff7febf23cf 3378->3380 3384 7ff7febf2395-7ff7febf2399 3379->3384 3385 7ff7febf237d-7ff7febf2386 3379->3385 3381 7ff7febf23d3-7ff7febf23e7 3380->3381 3387 7ff7febf239b-7ff7febf23a4 GetLastError 3384->3387 3388 7ff7febf23aa-7ff7febf23ae 3384->3388 3385->3384 3386 7ff7febf2388-7ff7febf2393 call 7ff7febf2320 3385->3386 3386->3381 3387->3388 3390 7ff7febf23a6-7ff7febf23a8 3387->3390 3391 7ff7febf23b0-7ff7febf23b8 3388->3391 3392 7ff7febf23ca-7ff7febf23cd 3388->3392 3390->3381 3391->3392 3394 7ff7febf23ba-7ff7febf23c3 GetLastError 3391->3394 3392->3381 3394->3392 3395 7ff7febf23c5-7ff7febf23c8 3394->3395 3395->3386
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorLast$FileHandleRead
    • String ID:
    • API String ID: 2244327787-0
    • Opcode ID: e6c7667c98988b07af27c09c467f113a23c428662ff70dade886dc0e45c8ef01
    • Instruction ID: b9c6906192f7b8777ccfe269cfbd5d98330572b35670b447a75b0bea767a6378
    • Opcode Fuzzy Hash: e6c7667c98988b07af27c09c467f113a23c428662ff70dade886dc0e45c8ef01
    • Instruction Fuzzy Hash: D8218462E0C58289EB60BF91A90063DE3A0FBC5B94FD44531DA7D4A7D4CF7CD88587A1
    Function 00007FF7FEC0B014 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: GlobalResource$AllocBitmapGdipLoadLock$CreateFindFreeFromObjectSizeofUnlock
    • String ID: ]
    • API String ID: 3029289444-3352871620
    • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
    • Instruction ID: af398ab74571873faeef435f8ce3eaca7e152e2d2554f57d7bf02ab66df8f0b7
    • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
    • Instruction Fuzzy Hash: EB117F61B0D64245EB64FB21A654279D292AFC8BC4F884034FB7E47BD6DE2CE904C7A0
    Function 00007FF7FEBE1EC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: BrowseFolderFromListMallocPath
    • String ID: A
    • API String ID: 2332185071-3554254475
    • Opcode ID: 0c281e5323f8bfbdeeaae068e3954dc023ec51b6ad3a07668b904f8d39298968
    • Instruction ID: 04d7afdded918c4a3a5dc116c32605b11ca2cef307527350f8b56e1e846c69f7
    • Opcode Fuzzy Hash: 0c281e5323f8bfbdeeaae068e3954dc023ec51b6ad3a07668b904f8d39298968
    • Instruction Fuzzy Hash: E6119166618B8586FB509B11F48436AF3A4FBC8BD0F940031EA9D07B99DF3CD048CB90
    Function 00007FF7FEC0946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: DirectoryInitializeMallocSystem
    • String ID: riched20.dll
    • API String ID: 174490985-3360196438
    • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
    • Instruction ID: 8d46e3911c86417775a3dd145d329f3c3d9f1fd38c7153b05f5364b98b564a84
    • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
    • Instruction Fuzzy Hash: 50F03C71A1CA8186EB01AF60E81466AB3A0FBC8754F800135F9AE46794DF7CD159CB50
    Function 00007FF7FEC01F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: std::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 1875163511-0
    • Opcode ID: 473e069831e40b03067e3ac07c55198f41caec4ce5e3ab4939735fa524c57bef
    • Instruction ID: 03ab4b5ac7c7a50be943c42f2f8f9c7f69168dd6e7f22ec19002358ac2aa9c03
    • Opcode Fuzzy Hash: 473e069831e40b03067e3ac07c55198f41caec4ce5e3ab4939735fa524c57bef
    • Instruction Fuzzy Hash: E9318322A0864651FB24B714E4443BDE7A0FBC0B88F944032F7BC465E6DF6DDA46C351
    Function 00007FF7FEBF32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 1203560049-0
    • Opcode ID: 85da30fe1743cc553a0db4a1375168b1f74b8b313009b96f55f923233ac5e066
    • Instruction ID: bc7ac50afe381377c1aeb4a2713903ac81f420d1c56cf8a86b43d8425d3f207c
    • Opcode Fuzzy Hash: 85da30fe1743cc553a0db4a1375168b1f74b8b313009b96f55f923233ac5e066
    • Instruction Fuzzy Hash: C3213022A1878181EB10EB69E44512DA361FBC9BA4F900231FABD47BE9DF3CD541C794
    Function 00007FF7FEBE255C Relevance: 4.5, APIs: 3, Instructions: 37COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Item$RectText$ClientParentWindowswprintf
    • String ID:
    • API String ID: 209416863-0
    • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
    • Instruction ID: e7ae45a7d38aa2c655fc440dd522b738eecb4dd802797ab45195b6f94b588bf8
    • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
    • Instruction Fuzzy Hash: EA014420E0D38A41FF597752A55867AE7D26FC5748FC84035DC6D062D9EE6CE884C3A1
    Function 00007FF7FEBE3904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 059fe93b6b6045c61731c70e0e29f52abe1320b84121e6dc329f1e36eead177c
    • Instruction ID: 3de097dea32e8709eb538e95ada853749ae63407ac7f87e544137d43c32cbc85
    • Opcode Fuzzy Hash: 059fe93b6b6045c61731c70e0e29f52abe1320b84121e6dc329f1e36eead177c
    • Instruction Fuzzy Hash: CB41B122F1465184FB10EBB5D441AADB361AF84B98FD41235EE2D27ADADE3CD482C391
    Function 00007FF7FEBE15B8 Relevance: 3.1, APIs: 2, Instructions: 111COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 73155330-0
    • Opcode ID: 85daa6c2c240d2c4d18d7ff96353ee588ba1a4ebacb5533b4b5283e299b1b2c1
    • Instruction ID: 92663ef718d5180eaa945343f350f60c09ea92da7e273c5c3cce0388ef3a3df3
    • Opcode Fuzzy Hash: 85daa6c2c240d2c4d18d7ff96353ee588ba1a4ebacb5533b4b5283e299b1b2c1
    • Instruction Fuzzy Hash: 2D41F262B0864695EB04AB56A5045BEF351AB84FE4FE80632EF7D07BD6DE3CE041C391
    Function 00007FF7FEBF2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
    • Instruction ID: 0e9f399017ca84365123b8f6422b2e7c95ea5fafed9de0df094b2ea73f690c17
    • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
    • Instruction Fuzzy Hash: 9D31B822B1959282EF65ABAAD940A79A350AFC4BD4FD40131DE3D477D0DE3CD841D7A0
    Function 00007FF7FEBF7F08 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FromListPath_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 2469645512-0
    • Opcode ID: 41b94f6260d4a77b131a65acd134c30259ca8eda58d601b7dc2cd8c4afeb0d78
    • Instruction ID: 3ab41965837dd592600a525a012ab9db5f9723d787a64b01d7044ba51ef081b7
    • Opcode Fuzzy Hash: 41b94f6260d4a77b131a65acd134c30259ca8eda58d601b7dc2cd8c4afeb0d78
    • Instruction Fuzzy Hash: BB110466B2568542EE14AB66944437DE311AFC9FE0F948231EB7D077D6DE2CD480C250
    Function 00007FF7FEC06BD0 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Rect$ClientCopy
    • String ID:
    • API String ID: 1880273418-0
    • Opcode ID: 2f6d5af47f683ad8005f9bb983b07738bfe9bdf6addeaebacbd905efd0d7acb8
    • Instruction ID: 9f09a57d6d37cccfe04cd70d0c8dc61d5d4ccdca3b614afdcfd009cb8483ca72
    • Opcode Fuzzy Hash: 2f6d5af47f683ad8005f9bb983b07738bfe9bdf6addeaebacbd905efd0d7acb8
    • Instruction Fuzzy Hash: 6E216A73610B848AE710DF26E48476AB3A0F388BA5F448021EF9D4B751DB3DD4A5CB40
    Function 00007FF7FEBFAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: LoadString
    • String ID:
    • API String ID: 2948472770-0
    • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
    • Instruction ID: 987ae537d7f77b44b28ba85643dc5d2a892339638ac83439a9a1050de973f04a
    • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
    • Instruction Fuzzy Hash: 5811A961B0865186EB04AF06A840428F7A2BBD8FC0BD44435DA2D937A5DE3CE501C394
    Function 00007FF7FEBF2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
    • Instruction ID: fb57a48e56a5dbd8c633568fe1f4fe1fa14aca021e9a25a2d386ef5c1b43dfa5
    • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
    • Instruction Fuzzy Hash: 6B11B731A0C68181EB60AB65E841679A360FBC4BB4FD40331EA7D462E5CF3CD992C390
    Function 00007FF7FEBFEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
    Download Yara Rule
    APIs
    • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7FEBFEBAD,?,?,?,?,00007FF7FEBF5752,?,?,?,00007FF7FEBF56DE), ref: 00007FF7FEBFEB5C
    • GetProcessAffinityMask.KERNEL32 ref: 00007FF7FEBFEB6F
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Process$AffinityCurrentMask
    • String ID:
    • API String ID: 1231390398-0
    • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
    • Instruction ID: da6038f0cf7980ada6904642838ef8f5c2c6a927720b334cbd5b63a64a11ebc4
    • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
    • Instruction Fuzzy Hash: F8E02B62F1458642DF089F55C8408E9B392BFC8B40BC48036E61B83658DE2CE145CB40
    Function 00007FF7FEC121D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 1173176844-0
    • Opcode ID: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
    • Instruction ID: cc6f462f290ece2232c0a54c2aee11b7c8a0ae7b2964f00e59cb0e5428c8f6ad
    • Opcode Fuzzy Hash: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
    • Instruction Fuzzy Hash: 21E0EC45E0910B45FF2D726118251BC80400FD9370FE81730FE7E056D2AD1CA896E1F1
    Function 00007FF7FEC1D90C Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorLanguagesLastPreferredRestoreThread
    • String ID:
    • API String ID: 588628887-0
    • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
    • Instruction ID: 0fb3dc5b6eaefee3564d06823b4c6a8c3f33c1fa3035af09c4983e6d78567589
    • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
    • Instruction Fuzzy Hash: FFE08C61E0D10346FF08BBB298051BC9B915FD4B62F840030E92D8A2D2EE2CA481C7A0
    Function 00007FF7FEBE33E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 7a23e25faff7f81180b76b60ee52a325f4d060335247a6f7438b488b522aacc7
    • Instruction ID: df5a49caf761445d3757856f9628d7bbd3cd5e47f7fd80e5bbc18c1b35ab6ac9
    • Opcode Fuzzy Hash: 7a23e25faff7f81180b76b60ee52a325f4d060335247a6f7438b488b522aacc7
    • Instruction Fuzzy Hash: 60D1A672B0868256EB69AB2595406BDF7A1FF85B84FC40035CB6D077E1CF3CE46187A2
    Function 00007FF7FEC01870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FEBFE948: ReleaseSemaphore.KERNEL32 ref: 00007FF7FEBFE974
      • Part of subcall function 00007FF7FEBFE948: CloseHandle.KERNEL32 ref: 00007FF7FEBFE993
      • Part of subcall function 00007FF7FEBFE948: DeleteCriticalSection.KERNEL32 ref: 00007FF7FEBFE9AA
      • Part of subcall function 00007FF7FEBFE948: CloseHandle.KERNEL32 ref: 00007FF7FEBFE9B7
    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7FEC01ACB
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 904680172-0
    • Opcode ID: 9769b8d8c6adf9e9843dd34bf36c89e921551141ac818f266a3f44a314c80fc1
    • Instruction ID: 7aa62883eb55961a43f1014c77a14abbbe6844a206fc0e6319bde6a9cedea91d
    • Opcode Fuzzy Hash: 9769b8d8c6adf9e9843dd34bf36c89e921551141ac818f266a3f44a314c80fc1
    • Instruction Fuzzy Hash: 17614B62B15A85A2EF08EB65D5540BCE365FB80FA0B944236E73D47AD6CF2CE471C390
    Function 00007FF7FEBF1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: ea6a7865e2e9e8746dbc325a2513cec599ace0577c60dc52ba5a7a1e0ec76fb7
    • Instruction ID: 19e09f9979c57495d6fda8caa3d6e06e06a86f76901b65e7bcd7e17e8b7e2349
    • Opcode Fuzzy Hash: ea6a7865e2e9e8746dbc325a2513cec599ace0577c60dc52ba5a7a1e0ec76fb7
    • Instruction Fuzzy Hash: 7041C462B18AC142EB14AA57AA44769E255EBC4BD0FC48536EE6C07F9ADF3CD4518380
    Function 00007FF7FEC06D14 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ShowWindow
    • String ID:
    • API String ID: 1268545403-0
    • Opcode ID: d099c03d8e2848a1e30d564a57ddf97b32082f3d37bcdae0bfe2462c3f495dc5
    • Instruction ID: edd3d6ab334f910c48ae74aa6bf9de15b4dbe372c993f32edffc17736b719ca4
    • Opcode Fuzzy Hash: d099c03d8e2848a1e30d564a57ddf97b32082f3d37bcdae0bfe2462c3f495dc5
    • Instruction Fuzzy Hash: 18410866B04B1686FB10AB6AD9903AC6770BB84B88F804032EF1D87BA5DF3CD444C390
    Function 00007FF7FEBE129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 680105476-0
    • Opcode ID: cdd7092e0f71e960e2c796ddb651167829935750abdcc78008bf605f86b39d5f
    • Instruction ID: 98ec1623831f7acc5cae60d2da594b798b3f2ebd9b606d6a42c40d3709e2649e
    • Opcode Fuzzy Hash: cdd7092e0f71e960e2c796ddb651167829935750abdcc78008bf605f86b39d5f
    • Instruction Fuzzy Hash: DC21A122A0825195EB14AF51A50067DB250FB84BF0FF80B32EE7E07BC1DE7CE4518391
    Function 00007FF7FEC2124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
    • Instruction ID: 0d08060fcbb4a2e721b76f5d08f9b52e9ae998556298ae0cabb563ac7cff0ce2
    • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
    • Instruction Fuzzy Hash: 23110722A1C69386F720AB51A440679E2A5FBC0790FD50536FAADD66D6DF2CE800C7A4
    Function 00007FF7FEC11558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FEC11604: GetModuleHandleW.KERNEL32(?,?,?,00007FF7FEC11573,?,?,?,00007FF7FEC1192A), ref: 00007FF7FEC1162B
    • DloadProtectSection.DELAYIMP ref: 00007FF7FEC115C9
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: DloadHandleModuleProtectSection
    • String ID:
    • API String ID: 2883838935-0
    • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
    • Instruction ID: 33dd001d58912c3f638ef5e05f78830cf27d3508dd731faadb4f62bf4299d293
    • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
    • Instruction Fuzzy Hash: F011E162D0C60781FB60BB15A840378A391AFD4B58FD40436F92D462E2EF3CA495D7F0
    Function 00007FF7FEC1FA04 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
    • Instruction ID: d8a6c4280f5d7de4f4da1419b8a5b52328126d58193205d730cd5c57348417e3
    • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
    • Instruction Fuzzy Hash: 5CF06D91B0924789FF587A6199113BC92909FC8BA0FCC5430E92E8A3C1ED2CE691C2B0
    Function 00007FF7FEBF20D0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
    Download Yara Rule
    APIs
    • FindCloseChangeNotification.KERNEL32(?,?,00000001,00007FF7FEBF207E), ref: 00007FF7FEBF20F6
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ChangeCloseFindNotification
    • String ID:
    • API String ID: 2591292051-0
    • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
    • Instruction ID: 94fe4bdb8c6bcd41d2be7b2ef29d5557d50cbe4384d933b1efd3db3bb9f74e39
    • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
    • Instruction Fuzzy Hash: CDF0FF22A0828285FB289B60E042778A661EBD0B78FC80334E73C011D4CF28C995C3A4
    Function 00007FF7FEC1D94C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
    • Instruction ID: e9d2ef26f88858b8cde2f3ab6796ed830bf540b444697c779b741ab8038fe97a
    • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
    • Instruction Fuzzy Hash: 3FF05811B0924785FF187AB158102BC9A905FC47B2F881A30FD3E862C1DE2CA480C6B0
    Function 00007FF7FEC06B80 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Window
    • String ID:
    • API String ID: 2353593579-0
    • Opcode ID: 19568bbba615d437ef4d7e10947b2e48dd1839d5b66ced1b227cb4eb1e0913fe
    • Instruction ID: 55b999ab435e421e8e2fe73d26f2e3992b705846c3cb1a27ac56118acec3d226
    • Opcode Fuzzy Hash: 19568bbba615d437ef4d7e10947b2e48dd1839d5b66ced1b227cb4eb1e0913fe
    • Instruction Fuzzy Hash: ACE0E6B271894181EB645F56F9801296370DB8CBD4F555131EB5DC7754DE28C8E1D740

    Non-executed Functions

    Function 00007FF7FEBEC2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
    • API String ID: 2659423929-3508440684
    • Opcode ID: d022bdf220f1469836e8b11dc5ccee1e8133842d4d74336f22b2492593fef88c
    • Instruction ID: c59c6045b3f2409042333260f42c00c8e08e73bd61ea05452ddede11a549d7e8
    • Opcode Fuzzy Hash: d022bdf220f1469836e8b11dc5ccee1e8133842d4d74336f22b2492593fef88c
    • Instruction Fuzzy Hash: AF62C162F0868285FB00AB74D4486BDB361ABC57A4FD04231EA7C57ADADF3CE584C791
    Function 00007FF7FEBFF180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
    • String ID: %ls$%s: %s
    • API String ID: 2539828978-2259941744
    • Opcode ID: 5f8e31e4d4d181a0b4ac54d77603c22ade31506edde57a20747cb3639f8e7bc1
    • Instruction ID: 8a9a89b2f72574806e8ac01b488c1958d9d86bfffd0942fefe0db46dbd1e91a3
    • Opcode Fuzzy Hash: 5f8e31e4d4d181a0b4ac54d77603c22ade31506edde57a20747cb3639f8e7bc1
    • Instruction Fuzzy Hash: 88B2D862A1968241EB14BB65E4551BEE311EFC6790FD04236FBBD43BEADE2CD540C390
    Function 00007FF7FEC22550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfomemcpy_s
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 1759834784-2761157908
    • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
    • Instruction ID: 3483994be4265ea8f45c78bf09d4330a5fcfc12b3fc7a3049c8c736e74470bdd
    • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
    • Instruction Fuzzy Hash: 1AB2FB72E082828BE729AE69D4407FDB795FBC4788F905135EA2957BC4DF38E504CB90
    Function 00007FF7FEBF1A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
    • String ID: rtmp
    • API String ID: 3587137053-870060881
    • Opcode ID: 9584e141ec954376f8208e33381218a1dea599408f88b417761a047d989f2899
    • Instruction ID: 5f6852986f482645a0fc786290f266be3237d74bf148be8ab000d7690d1a7cd8
    • Opcode Fuzzy Hash: 9584e141ec954376f8208e33381218a1dea599408f88b417761a047d989f2899
    • Instruction Fuzzy Hash: F2F1D522B08A8281EB10EBA5D8405FDA761FBC57D4FD01532EA6D47AEADF3CD584C790
    Function 00007FF7FEBEF930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: __tmp_reference_source_
    • API String ID: 3668304517-685763994
    • Opcode ID: 03d12901710120870c289bb985fda3a35d64c61b5b23fc82cc44f1d8826b478f
    • Instruction ID: ccd8aa6c26782f3e4fcb5bacf3d8284636cb7964fe3ec47edd7c4cb2bdbc1f5b
    • Opcode Fuzzy Hash: 03d12901710120870c289bb985fda3a35d64c61b5b23fc82cc44f1d8826b478f
    • Instruction Fuzzy Hash: 1DE28462A086C292EB64ABA5E1407AEE761FBC1750FC04132DBBD136E6CF3CE455C791
    Function 00007FF7FEBF5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 1693479884-0
    • Opcode ID: 42882c5e1b64cf364603feffb0a4dffa6fd5e54fa856c7804417c031547eb997
    • Instruction ID: 2bc8a5668eb19e8f0a55aceb9918945ce73444bf97c69a3f82626ac100aab97e
    • Opcode Fuzzy Hash: 42882c5e1b64cf364603feffb0a4dffa6fd5e54fa856c7804417c031547eb997
    • Instruction Fuzzy Hash: 88A1C662F1AB9145FF00ABB998545BCA361ABC5BE4BD44231DE3E17BC5DE3CD481C290
    Function 00007FF7FEBF40BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
    • String ID:
    • API String ID: 474548282-0
    • Opcode ID: e946e08dc8eba9ecab1b1533132c2bb6995f9a4699fd30eb303f74d9a567b386
    • Instruction ID: dbf091419f4d8de98261b998f105491d1a34e56f04249caae5583abd68ec50a8
    • Opcode Fuzzy Hash: e946e08dc8eba9ecab1b1533132c2bb6995f9a4699fd30eb303f74d9a567b386
    • Instruction Fuzzy Hash: 2861B172A18A8281EB10AB69E84066DA361FBC57B4FD04331EABD076D9DF3CD584C790
    Function 00007FF7FEC13170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
    • Instruction ID: f41eb8f09e4d77cb434cfd5c1340911c981dcd24490a2c88ae1b656328ba3bea
    • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
    • Instruction Fuzzy Hash: 00315072608B818AEB60AF64E8503EDB364FB84758F844439EA5D47BD9DF3CD548C760
    Function 00007FF7FEC176D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
    • Instruction ID: 477793625ba78d4f2e616eca438b40c04a5da2c14aa88efa714fa93698b00f83
    • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
    • Instruction Fuzzy Hash: 80316236608B8185EB60DF25E8402AEB3A4FBC9764F940135FAAD43B99DF3CD545CB50
    Function 00007FF7FEBE1AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 2ede25571788319afd1ece2c8349ab9326b5cc4c0a2031bfa6d214eef26c37c8
    • Instruction ID: d2224ca6030702aa5889f6cfb0efe6382f0c287da4f9c509ad4c27503c4d07c9
    • Opcode Fuzzy Hash: 2ede25571788319afd1ece2c8349ab9326b5cc4c0a2031bfa6d214eef26c37c8
    • Instruction Fuzzy Hash: D8B1EF22B15A8685EB10AB65D8446EDB361FFC5794FE04232EAAC07BDADF3CD540C391
    Function 00007FF7FEC1FA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FEC1FAC4
      • Part of subcall function 00007FF7FEC17934: GetCurrentProcess.KERNEL32(00007FF7FEC20CCD), ref: 00007FF7FEC17961
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CurrentProcess_invalid_parameter_noinfo
    • String ID: *?$.
    • API String ID: 2518042432-3972193922
    • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
    • Instruction ID: 445f66bea13fdc06c82dfc79369033ff7e604573f0a8a27655e3c0f759eea5a5
    • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
    • Instruction Fuzzy Hash: 1B51C362B15B9585EB10EFA698104BDA7A4FF98BE8B844531EE2D17BC5DE3CD042C360
    Function 00007FF7FEC22080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
    • Instruction ID: 5dbbf55b1cc7cc95e7b734926c1b3407a876eaed675cedd2158cf0c7659b1c46
    • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
    • Instruction Fuzzy Hash: 46D1E432B1828687DB38DF15E1846AAF7A1FBC8784F548134EB5E57B84DA3DE841CB50
    Function 00007FF7FEBEB6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorFormatFreeLastLocalMessage
    • String ID:
    • API String ID: 1365068426-0
    • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
    • Instruction ID: d182e1ccd44b7070589faa2284c913eba83876d078f736924aa5752e4398b85f
    • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
    • Instruction Fuzzy Hash: 7701F47660C74282D714AF16B89057AB355FBC97C1F844034EAAD47B85CE3CD505C755
    Function 00007FF7FEC1FCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID: .
    • API String ID: 0-248832578
    • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
    • Instruction ID: b79dc1c02784b857a282981ef52d58d3def30594f2b7ad4a6d70b1c42092b734
    • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
    • Instruction Fuzzy Hash: 3431B622B186D545EB20AA2698057BDAA91AFD5BF4F948235FE7C47BC6CE3CD501C340
    Function 00007FF7FEC25AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
    • Instruction ID: 2bd761ac74f7f261443b138e3f752569b7a397458899a0c61c4af84e6e7aed6b
    • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
    • Instruction Fuzzy Hash: A6B19D73600B888BEB15CF29C84636DBBA0F784B48F148821EB6D837E8CB39D451C711
    Function 00007FF7FEC0A2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FormatInfoLocaleNumber
    • String ID:
    • API String ID: 2169056816-0
    • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
    • Instruction ID: 403d300b15be5a5a96955ccfaec08acd02f0ee58327cf9a1fc5eb734b769e3fa
    • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
    • Instruction Fuzzy Hash: A9111A32A19B8199E761AF11E8107E9B361FFC8B44FC44135EA9D03698DF3CE545C794
    Function 00007FF7FEBF126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FEBF24C0: CreateFileW.KERNEL32 ref: 00007FF7FEBF259B
      • Part of subcall function 00007FF7FEBF24C0: GetLastError.KERNEL32 ref: 00007FF7FEBF25AE
      • Part of subcall function 00007FF7FEBF24C0: CreateFileW.KERNEL32 ref: 00007FF7FEBF260E
      • Part of subcall function 00007FF7FEBF24C0: GetLastError.KERNEL32 ref: 00007FF7FEBF2617
    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7FEBF15D0
      • Part of subcall function 00007FF7FEBF3980: MoveFileW.KERNEL32 ref: 00007FF7FEBF39BD
      • Part of subcall function 00007FF7FEBF3980: MoveFileW.KERNEL32 ref: 00007FF7FEBF3A34
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 34527147-0
    • Opcode ID: bf192cea98af03643e15de890051a395ba0ec686757b7d1c45a8bc4adf441be7
    • Instruction ID: c4f1a915a3710b7ef10f717db4080dc41fdcfe10d1cf1d0332d47e8ae9f6afc1
    • Opcode Fuzzy Hash: bf192cea98af03643e15de890051a395ba0ec686757b7d1c45a8bc4adf441be7
    • Instruction Fuzzy Hash: 8491C122B1868282EB10EBA6D444AADA361FBD4BC4FC04032EE2D57BD6DF3CD545C790
    Function 00007FF7FEC08DF4 Relevance: 1.7, APIs: 1, Instructions: 186COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ObjectRelease$CapsDevice
    • String ID:
    • API String ID: 1061551593-0
    • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
    • Instruction ID: a2cfefbceb9d12662c3d3f5a2b9bf3f689e003e33357d0c79f908132446d4383
    • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
    • Instruction Fuzzy Hash: F6810976B18A0586EB209F6AE8406ADB771FBC8B88F404132EE2D577A4DF3CD545C790
    Function 00007FF7FEBF4EB0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Version
    • String ID:
    • API String ID: 1889659487-0
    • Opcode ID: 5e1f820920c456f15e44ae9d5f0cc3b6f822566f542002a6e47536c5256bfc9c
    • Instruction ID: 6c6627cd4dd12956457c51ef1a2d437185cde3ea9e2a950151d624e6ab4a8350
    • Opcode Fuzzy Hash: 5e1f820920c456f15e44ae9d5f0cc3b6f822566f542002a6e47536c5256bfc9c
    • Instruction Fuzzy Hash: 56018F71A8D5C289FB31A764A4157B9E3929BE9306FC50134E5FC062D1CE3CA048CBB5
    Function 00007FF7FEC18C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
    • Instruction ID: cd8f21d29f5a8af58dde36ea409cc6404f1eb7762bb9ec89a40932c7d50b703a
    • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
    • Instruction Fuzzy Hash: 1F81F327A1C34346EBA8BA1580406BDE291EFD1B68FD41531FD2987AD5CF2DE846C7E0
    Function 00007FF7FEC189A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
    • Instruction ID: f8737be0b06a08ed7786b9327251ce6346172adeb7aed2d2419fd24b4368a6e2
    • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
    • Instruction Fuzzy Hash: 76711823A0C28247FB68AA29444027DE7919FC1B78F941931FD2D877D6CE2DE856C7E1
    Function 00007FF7FEBFC96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID: gj
    • API String ID: 0-4203073231
    • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
    • Instruction ID: 9f0d191099c9a6beea1c74bc82aa1003c2a511ca67159c19959810f0da29851b
    • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
    • Instruction Fuzzy Hash: 265190377286908BD724CF25E404A9EB3A5F388758F445126EF9A93B49CB3DE945CF40
    Function 00007FF7FEC1C838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID: @
    • API String ID: 0-2766056989
    • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
    • Instruction ID: e9f5d3a0ca3e8295066c89391708fb24f5f32637f8ad27614811c122ab7d68dd
    • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
    • Instruction Fuzzy Hash: 3F41DF72714B548AEB08DF2AD4552A9B3A1A788FD0B999037EF2D87794DE3CD442C340
    Function 00007FF7FEC20D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
    • Instruction ID: 4bb13f4aaa8ec967fcb1a0a7af3f9de476d3f73f23015d2b10e19777c333b0e8
    • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
    • Instruction Fuzzy Hash: 8FB09220E1BA02C2EB083B116C8225462A5BF88700FD48038E21C41360DE3C21A587A0
    Function 00007FF7FEC03964 Relevance: .9, Instructions: 931COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f10b3c0000bd651423828cb986904098d4bd6c393877fd54d7a895255c38939a
    • Instruction ID: f70a105c643ed4c4a9ea075a9a563419044f02ff97d9c4386806537475410cfc
    • Opcode Fuzzy Hash: f10b3c0000bd651423828cb986904098d4bd6c393877fd54d7a895255c38939a
    • Instruction Fuzzy Hash: 5E8225B3A096C186D705DF68D4042BDBBA1F791B88F59813AEB6E873C6DA3CD445C360
    Function 00007FF7FEBE76C0 Relevance: .9, Instructions: 893COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
    • Instruction ID: b537a4d98007c191cfc4aa045c88cd7990ccfe50af12699a38c7cb388474909b
    • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
    • Instruction Fuzzy Hash: 44627F9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
    Function 00007FF7FEC053F0 Relevance: .9, Instructions: 891COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 48af5ed364a5f24a1952bf7eddbdda76aa6abd9a5dc0519f651bf09102684f27
    • Instruction ID: 2f17200b610c235d6f652dc1b11e808b724109dcdc3e1238824ac197f1d8a2b5
    • Opcode Fuzzy Hash: 48af5ed364a5f24a1952bf7eddbdda76aa6abd9a5dc0519f651bf09102684f27
    • Instruction Fuzzy Hash: 4D8211B3A096C18BD724DF28D4046FCBB61F795B48F488136EBAD87785CA3C9845C760
    Function 00007FF7FEBFBB90 Relevance: .6, Instructions: 587COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
    • Instruction ID: 5876c112e0917b26b3f17d77f32da7c298269998229a71951762043bfa7e1b79
    • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
    • Instruction Fuzzy Hash: 1022F4B3B246508BD728CF25C89AE5E3766F798744B4B8229DF0ACB785DB38D505CB40
    Function 00007FF7FEC04B98 Relevance: .6, Instructions: 578COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
    • Instruction ID: 515680522d1e3275f7723d253af51494429603f6e72c4156f5c2c61aa600967d
    • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
    • Instruction Fuzzy Hash: 3532F472A082918BE72CDF24D550ABD77A1F794B08F458139EB6A87BC4DB3CE854C790
    Function 00007FF7FEC01F20 Relevance: .3, Instructions: 337COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0228d8965efd66e5acd2ce596e8aa2d6118fa608a5d4ddadfc443f2646216464
    • Instruction ID: dc4ee8270193cbd798d6ecb586351ab1639440531ef264c794c3010fa0f9e394
    • Opcode Fuzzy Hash: 0228d8965efd66e5acd2ce596e8aa2d6118fa608a5d4ddadfc443f2646216464
    • Instruction Fuzzy Hash: BAE1E562A082828AEB74EF29A0442BEF791FB84748F854135EB6EC77C5DE3CE541C754
    Function 00007FF7FEC03484 Relevance: .3, Instructions: 302COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8c3f9089be966249862bf56ce032710d6eb03eb50aa34be6e58aa05575d530c2
    • Instruction ID: 7ab9eaa1487c4c5f60abff21ad16e691db249ab953a01061228ffc0c1e08d143
    • Opcode Fuzzy Hash: 8c3f9089be966249862bf56ce032710d6eb03eb50aa34be6e58aa05575d530c2
    • Instruction Fuzzy Hash: 54B1CFA2B04BC992DF59EA6AD6086E9A391B785FC4F848032EF2D47781DF3CE155C350
    Function 00007FF7FEBE7288 Relevance: .3, Instructions: 294COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
    • Instruction ID: 56fbad733d3b269dd8118f40d4892333c9b1adad725245975e3d9eb83d3a6177
    • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
    • Instruction Fuzzy Hash: D1C1AEB7B281908FE350CF7AD400A9D7BB1F39878CB515125EF59A3B09D639D645CB40
    Function 00007FF7FEC02D58 Relevance: .3, Instructions: 268COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
    • Instruction ID: 0719a1a65c3c2f854cf27f81a05c30b288d6fb748d4773e7c4bfa3ce63fd5388
    • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
    • Instruction Fuzzy Hash: 42A15A73A0818246EB19EA28D4047FDAB91EBD1748FD54535EB6D877C6CE3CE941C3A0
    Function 00007FF7FEBFAF18 Relevance: .2, Instructions: 244COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
    • Instruction ID: 67c22010ef819ca285cc66535ff5733e978f558a25334a4d1e32fb81aa6c686b
    • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
    • Instruction Fuzzy Hash: D9C10673A291E04DE302CBB5A4248FD3FB1E75D34DB864152EFA666B4AC5285201DB70
    Function 00007FF7FEBEA310 Relevance: .2, Instructions: 230COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AddressProc
    • String ID:
    • API String ID: 190572456-0
    • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
    • Instruction ID: be6296d6a6d5cb3bf4dd3306462f075dc574310e4046c04be7111de35f2abdf9
    • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
    • Instruction Fuzzy Hash: 22912062B185C196EB11EF29D441AEDA721FF95788FC40031EF5E07799EE38E64AC390
    Function 00007FF7FEBFB534 Relevance: .2, Instructions: 181COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
    • Instruction ID: fc60ea16df4b611194a0062270cdd6e6bc6d4d4daf916c17c7df15f9dd15948f
    • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
    • Instruction Fuzzy Hash: 1A612423F085D159EB01DFB585508FDBFA1A789784BC58032DFBA57686CA3CE505CBA0
    Function 00007FF7FEC021D0 Relevance: .1, Instructions: 137COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
    • Instruction ID: 9d4c3def957773b9f6e23511fb482562728d8280e6e4798d3f95ed5049cc44e8
    • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
    • Instruction Fuzzy Hash: 62510173A181514BE7289F28A018BADBB51F7D0B58F854134EB5987BCACE3DE541CB90
    Function 00007FF7FEBF4928 Relevance: .1, Instructions: 136COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Create$CriticalEventInitializeSectionSemaphore
    • String ID:
    • API String ID: 3340455307-0
    • Opcode ID: 68becbd5703a10b5a30c686f297672e1b1629d23221157c68dbf3feabe6115d7
    • Instruction ID: 041dc8156f56e8ac6ddcf9eb76756e4722495c7fdbbee51f76e44b720d75cbcb
    • Opcode Fuzzy Hash: 68becbd5703a10b5a30c686f297672e1b1629d23221157c68dbf3feabe6115d7
    • Instruction Fuzzy Hash: FB411732B156A646FB64EF61A900B6AA252FBC4784FC49030DE6D077D4DE3CE4428794
    Function 00007FF7FEC02AB0 Relevance: .1, Instructions: 112COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
    • Instruction ID: a14935169b0c0bde9d7426e845c1da527a91119b39053c578477a2c389d2695d
    • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
    • Instruction Fuzzy Hash: 4331D2B2A085914BD758EE5A965067EABD0B7C4344F848139EB6A83B82DE3CE045C760
    Function 00007FF7FEBFDC70 Relevance: .0, Instructions: 39COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
    • Instruction ID: 1849b9a961d84744e6f90a27b89171fa7ae30a70caf1891aaa2b0aa9baa4fac2
    • Opcode Fuzzy Hash: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
    • Instruction Fuzzy Hash: C6F01261F1C0C742FB6830AD5C19B39A0569BD1314FD44935D53FC62C5D9EDE88111EA
    Function 00007FF7FEC13354 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
    • Instruction ID: 1596f5bb2148c3a13ea589536f238d86ad248e7c90a6533246da522bda28541f
    • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
    • Instruction Fuzzy Hash: 1FA0026690CC42D0E744AB14EC64074E330FBD0B14BD14031F02D412E4DF3CA402C3A4
    Function 00007FF7FEBED7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
    • API String ID: 3668304517-727060406
    • Opcode ID: 2f19ab4c30c8eac6d144c901c4549240b956f6a692c877d1095a563e450749ff
    • Instruction ID: 80b0570351e5ae5322dc5d44184acbc7eb3486d55c67d1a3e807ff6f75f5ff16
    • Opcode Fuzzy Hash: 2f19ab4c30c8eac6d144c901c4549240b956f6a692c877d1095a563e450749ff
    • Instruction Fuzzy Hash: B541E936B05F0199EB00AF65E8403ED73A9EB88798F800136EA6C03799EF78D555C394
    Function 00007FF7FEC12A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
    • API String ID: 2565136772-3242537097
    • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
    • Instruction ID: 013bf9f06ce11157f5c691eb9bd46355bde7d1efd28e0d7310aab74ecd23f5da
    • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
    • Instruction Fuzzy Hash: 7921196AE1DB4385FB58BB50EC54178A3A1AFC8790FC44034F96E027E0DE3CA455E3A0
    Function 00007FF7FEC0F0A4 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
    • String ID:
    • API String ID: 4119318379-0
    • Opcode ID: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
    • Instruction ID: 8a698ebad39a3efe8795ee949dd26e0a914b707cbf333d0d0f66705182dd9e72
    • Opcode Fuzzy Hash: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
    • Instruction Fuzzy Hash: 0641B431B186428AF710EF61EC10BA9A361EBC5B98F841135ED2A0BBD5CE7DD445C7A4
    Function 00007FF7FEBF6A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
    • String ID: DXGIDebug.dll$UNC$\\?\
    • API String ID: 4097890229-4048004291
    • Opcode ID: bb0a924f0c5a4caa22d27de4294407f5187326082299eb41cc76b54580724487
    • Instruction ID: 28dd482899ae14bf0148fd9e21368f0adc1d014ca5ce5243bf91cf1bbcdc9686
    • Opcode Fuzzy Hash: bb0a924f0c5a4caa22d27de4294407f5187326082299eb41cc76b54580724487
    • Instruction Fuzzy Hash: F212BE22B19A8280EB10EBA5E4545ADA375EBC1B98FD04132DE7D07AE9DF3CD549C3D0
    Function 00007FF7FEC0F4E0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 285COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ShowWindow$CloseCodeExitHandleProcess_invalid_parameter_noinfo_noreturn
    • String ID: .exe$.inf$Install$p
    • API String ID: 2891444047-3607691742
    • Opcode ID: 169854d1da345eb311f85763710173a518587d7cc33cadbf2b322f6e3284e820
    • Instruction ID: a675c3ceab137ad99ff93f052053e9b985e079b1375558044dda227eba6231ef
    • Opcode Fuzzy Hash: 169854d1da345eb311f85763710173a518587d7cc33cadbf2b322f6e3284e820
    • Instruction Fuzzy Hash: AFC18F62F1D64285FB00EB25D9402BDA3A1AFC9B84F844131EB6D876E5DF3CE495C3A0
    Function 00007FF7FEC1E650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
    • API String ID: 3215553584-2617248754
    • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
    • Instruction ID: e1706da7d7fa09bb26ab41d5fd27ff27082b1539d3a912e9ee042bb76f0f2561
    • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
    • Instruction Fuzzy Hash: 0741C072A0AB4589F704EF25E8417ED73A4EB943A4F844536EE6C47B94DE3CD025C394
    Function 00007FF7FEC0A440 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 257COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
    • String ID: GETPASSWORD1$Software\WinRAR SFX
    • API String ID: 3936042273-1315819833
    • Opcode ID: cbdb2342dbc27246140afa92192789482b4dc38f3de2603255fba98438e470aa
    • Instruction ID: 5bc85ddcdfe9609182bdda440b167b72ff645e07cac144355b69940f89c5a8f2
    • Opcode Fuzzy Hash: cbdb2342dbc27246140afa92192789482b4dc38f3de2603255fba98438e470aa
    • Instruction Fuzzy Hash: 92B1B263F1974285FB00EB65D4442BCA372ABC57A4F804235EB6C67ADAEE3CE445C390
    Function 00007FF7FEBFB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AddressProc$CurrentDirectoryProcessSystem
    • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
    • API String ID: 2915667086-2207617598
    • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
    • Instruction ID: ced828571d7bf27749e942e396811c63df0e67a6ee037bda1d4578a9179cf00c
    • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
    • Instruction Fuzzy Hash: 11314924A0EB8280FB14AF56E898975A7A1AFC4B90FC45135E97E037E4DE3CE541C3E0
    Function 00007FF7FEC087D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: $
    • API String ID: 3668304517-227171996
    • Opcode ID: 56fe83ab7fc023708ab0dc9b9006e7019537d41578a3ace6a3dce8fe456965a2
    • Instruction ID: d558784a2890e74ac9114ecd7e6cea37663af0de7e2bfb06da3a36706eead382
    • Opcode Fuzzy Hash: 56fe83ab7fc023708ab0dc9b9006e7019537d41578a3ace6a3dce8fe456965a2
    • Instruction Fuzzy Hash: 7EF1AD63F15B4680EF04AB65D4441BCA361AB94BA8FD09231EB7D57BD5DE7CE180C3A0
    Function 00007FF7FEC0AE90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Item$ParentText
    • String ID: LICENSEDLG
    • API String ID: 1247523477-2177901306
    • Opcode ID: c9866e54caf27f8de0546440d051b205f4abbef2781f57b8390c33b5ac276555
    • Instruction ID: c721f0205efba7bfab090411852370e000596bc2ab6f48e7a76221032539d4a3
    • Opcode Fuzzy Hash: c9866e54caf27f8de0546440d051b205f4abbef2781f57b8390c33b5ac276555
    • Instruction Fuzzy Hash: C6419272A0C65286FB14BB11A8147B9A361AFC4F85F844134FA2E47BD5CF3CE545C3A0
    Function 00007FF7FEC0F390 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ButtonCheckedWindow$ClassNameObject
    • String ID: STATIC
    • API String ID: 1224570422-1882779555
    • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
    • Instruction ID: ae4e0b1c9ef42d703736b44cf5e6682e03eb1aa2cd41789ed99aa806c883d76d
    • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
    • Instruction Fuzzy Hash: B931A425B0C64246FB60BB51A9547B9A392BFC8B90F814030FE6D47BD5DE3CD445C7A0
    Function 00007FF7FEBEEF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 32efafbb7390ebf5100f4cf43a7682da9a470af0ab71aec0b6d9d1dbc8d7c03a
    • Instruction ID: e0bcd8297d109db0e0783809942639d4a019141b11eadf23c0218da5363aaa36
    • Opcode Fuzzy Hash: 32efafbb7390ebf5100f4cf43a7682da9a470af0ab71aec0b6d9d1dbc8d7c03a
    • Instruction Fuzzy Hash: AA12C262F18B4284EB10EB65D4446ADB371EBC57A8FD00232EA6C17AE9DF3CD585C391
    Function 00007FF7FEC157EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 2940173790-393685449
    • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
    • Instruction ID: e802aafc79ad4aeb607e658083aa4bae2b8e7556568bd149879644ba718969e8
    • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
    • Instruction Fuzzy Hash: 75E1A373A087828AE710AF64D4803ADB7A0FB85768F944135EAAD477E5CF3CE485C791
    Function 00007FF7FEBF4F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AllocClearStringVariant
    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
    • API String ID: 1959693985-3505469590
    • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
    • Instruction ID: 505080988bb5fc34b5e7eabac3ddafa5b043d9625a7757fcbf2eebee10f5a54a
    • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
    • Instruction Fuzzy Hash: 97715D36A19B4585EB10EF65E8805ADB7B4FBC8B98B801132EE6D43BA4CF3CD544C390
    Function 00007FF7FEC172EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7FEC174F3,?,?,?,00007FF7FEC1525E,?,?,?,00007FF7FEC15219), ref: 00007FF7FEC17371
    • GetLastError.KERNEL32(?,?,00000000,00007FF7FEC174F3,?,?,?,00007FF7FEC1525E,?,?,?,00007FF7FEC15219), ref: 00007FF7FEC1737F
    • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7FEC174F3,?,?,?,00007FF7FEC1525E,?,?,?,00007FF7FEC15219), ref: 00007FF7FEC173A9
    • FreeLibrary.KERNEL32(?,?,00000000,00007FF7FEC174F3,?,?,?,00007FF7FEC1525E,?,?,?,00007FF7FEC15219), ref: 00007FF7FEC173EF
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7FEC174F3,?,?,?,00007FF7FEC1525E,?,?,?,00007FF7FEC15219), ref: 00007FF7FEC173FB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
    • Instruction ID: b9edfc784ed9de627c98f216f69272ab3b14c850e274b27a58fc7438b1fdcbf1
    • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
    • Instruction Fuzzy Hash: EF31A122A1B64281EF11BB06A800579A295FF8ABB0FD94935ED3D4B3C1DF3CE050C7A0
    Function 00007FF7FEC11604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetModuleHandleW.KERNEL32(?,?,?,00007FF7FEC11573,?,?,?,00007FF7FEC1192A), ref: 00007FF7FEC1162B
    • GetProcAddress.KERNEL32(?,?,?,00007FF7FEC11573,?,?,?,00007FF7FEC1192A), ref: 00007FF7FEC11648
    • GetProcAddress.KERNEL32(?,?,?,00007FF7FEC11573,?,?,?,00007FF7FEC1192A), ref: 00007FF7FEC11664
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AddressProc$HandleModule
    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
    • API String ID: 667068680-1718035505
    • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
    • Instruction ID: f876e4240e6483113f8c1709a9d6f480eb33983fc1b086180497af451caf607e
    • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
    • Instruction Fuzzy Hash: 0A11FA21A1DB4685FF65AB00A94027C92A5AF88BE4FC85436F93D0A3D1EE3DA444D6A0
    Function 00007FF7FEBFED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FEBF51A4: GetVersionExW.KERNEL32 ref: 00007FF7FEBF51D5
    • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7FEBE5AB4), ref: 00007FF7FEBFED8C
    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7FEBE5AB4), ref: 00007FF7FEBFED98
    • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7FEBE5AB4), ref: 00007FF7FEBFEDA8
    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7FEBE5AB4), ref: 00007FF7FEBFEDB6
    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7FEBE5AB4), ref: 00007FF7FEBFEDC4
    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7FEBE5AB4), ref: 00007FF7FEBFEE05
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Time$File$System$Local$SpecificVersion
    • String ID:
    • API String ID: 2092733347-0
    • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
    • Instruction ID: 8b8ae27a9762d8c1c1f603d4dbb517c22b4ebe65fe539d2c6a9aa834a07d57b2
    • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
    • Instruction Fuzzy Hash: 065190B2B106518BEB04DFB8E8404AC77B1F788798BA04036EE2D67B98DF38D555C750
    Function 00007FF7FEBFF010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Time$File$System$Local$SpecificVersion
    • String ID:
    • API String ID: 2092733347-0
    • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
    • Instruction ID: 5487f6433f04380a1b9f48a2bdafd25433ac990143c9e2c9fc557688fcd25a9a
    • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
    • Instruction Fuzzy Hash: 2D314963B10A518DEB00DFB5D8801AC7370FB48758B94503AEE2DA3A98EF38D995C350
    Function 00007FF7FEBF7918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: .rar$exe$rar$sfx
    • API String ID: 3668304517-630704357
    • Opcode ID: d24effea9e783ff427ac553708fed51da51d2c01aea1787dc637bfdbc21b400f
    • Instruction ID: e25307924a60e64c182ef896bb289745d7cc2a7ad09db7a9f8a0397abf6997f5
    • Opcode Fuzzy Hash: d24effea9e783ff427ac553708fed51da51d2c01aea1787dc637bfdbc21b400f
    • Instruction Fuzzy Hash: 95A1F326A25A9640EB00AF65D8546BCA361BFC5BA8FD01231DD3D076EACF3CE541C3E0
    Function 00007FF7FEC15CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: abort$CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 2889003569-2084237596
    • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
    • Instruction ID: 3e1dbd196e233605fe539a3d80f772f86cbd53321210b67e28f5f6abc33b4aa7
    • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
    • Instruction Fuzzy Hash: EC91B173A08B818AE710EB64E4802ADBBA0FB85798F504139FE9D177A5DF3CD195C740
    Function 00007FF7FEC14F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm$f
    • API String ID: 2395640692-629598281
    • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
    • Instruction ID: a7c2a492056dbd96504d5830aa11bf8c398c029ee3b1df066f9db803ceeedfca
    • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
    • Instruction Fuzzy Hash: 74519332B1960286DB15EB15E444A2DA756FB85BA4FA08034FE3E477D8DF7CE841C790
    Function 00007FF7FEBECEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
    • String ID: SeRestorePrivilege$SeSecurityPrivilege
    • API String ID: 2102711378-639343689
    • Opcode ID: 4ad8962ae40659baaf1511d456c0931157e13c4a94880edc0a22eb1ae19da66a
    • Instruction ID: b26cf53ceb763b0cf5e0dcef18cd2e9f96dffe5c2de4cb3e77314dfad5b04f02
    • Opcode Fuzzy Hash: 4ad8962ae40659baaf1511d456c0931157e13c4a94880edc0a22eb1ae19da66a
    • Instruction Fuzzy Hash: 6651CC62E0864285FB11FB749851ABDB361AFD47A4FC40130EE3D176D6DE3CA885C3A2
    Function 00007FF7FEC0FD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
    • String ID: sfxcmd$sfxpar
    • API String ID: 3540648995-3493335439
    • Opcode ID: f7f09a535254ba7702706040489ea7439e58d63b661cc729fc85acc9afefde13
    • Instruction ID: 7610c3c5c67796f1c8efd182d3e3ef1a10652c90e331d58174151ced5a5fc105
    • Opcode Fuzzy Hash: f7f09a535254ba7702706040489ea7439e58d63b661cc729fc85acc9afefde13
    • Instruction Fuzzy Hash: B6315232A18B5684EB04AF65E8841ACB371FBC4B98F940531EF6D577E9DE38D085C3A4
    Function 00007FF7FEC0FED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID:
    • String ID: RENAMEDLG$REPLACEFILEDLG
    • API String ID: 0-56093855
    • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
    • Instruction ID: aefd0e7a3abc3c89f768d944880f7b9efda0a0bff08372bebecee8b214978b10
    • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
    • Instruction Fuzzy Hash: 9E21EB2191DB8780FB10EB15B8441B4A3A2EFC9B84F940436FA6D873E4DE3CE195C7A0
    Function 00007FF7FEC1BFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
    • Instruction ID: 9eb0aaeeea2bf0095cc936c5487e5734fd34edf65463e3275122adca588cd63f
    • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
    • Instruction Fuzzy Hash: 2AF06222A19A4281EF48AB51F85077DA360EFC87D0F941039FA6F466E4DE3CE484C7A1
    Function 00007FF7FEC245C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
    • Instruction ID: 23ff9ee297c49f6c996a1c3e0b8a1f6f7370ef4b048430ddbab36acc664f2c59
    • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
    • Instruction Fuzzy Hash: 3681D362F2865286FB10BB6598406BDA6A1BBC5B98F804135FE2E537D5CF3CA441C7A0
    Function 00007FF7FEBF3AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 2398171386-0
    • Opcode ID: 42f25852ea0a3013a87b1866b8aa603ec7d7e54c19cf150e3c062246af700ff7
    • Instruction ID: 85e68e70c643394fd04ce5e66dc12f2c61fb8f50ff562998ed522b38f0da56ee
    • Opcode Fuzzy Hash: 42f25852ea0a3013a87b1866b8aa603ec7d7e54c19cf150e3c062246af700ff7
    • Instruction Fuzzy Hash: 2F51E522B04B8259FB50EBB5E8506BDA371ABC87A8FC04635DE3D4A7D9DE3C9445C390
    Function 00007FF7FEC23F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
    • String ID:
    • API String ID: 3659116390-0
    • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
    • Instruction ID: 6f0f5c9e49d5ae08f6301924281381473808cb9c0f892afa6f6c0578fbedf0ef
    • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
    • Instruction Fuzzy Hash: 0D51B032A14A518AE710DB65E8403ACBBB1FB84798F848135EF6E5BBD8DF38D145C760
    Function 00007FF7FEC11E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ByteCharMultiWide$AllocString
    • String ID:
    • API String ID: 262959230-0
    • Opcode ID: 78e2e37474c2608188e0610e2bf8cd52de6089622287df06285a14f25de4e8db
    • Instruction ID: da6c315a323a671ae9da7e832a60ea712277812927e676faea99df02fddecb90
    • Opcode Fuzzy Hash: 78e2e37474c2608188e0610e2bf8cd52de6089622287df06285a14f25de4e8db
    • Instruction Fuzzy Hash: EA41D532A0968689EB14AF6198443BCA291EF84FB4F944636FA7D477D5DF3CD142C3A0
    Function 00007FF7FEC1F414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: AddressProc
    • String ID:
    • API String ID: 190572456-0
    • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
    • Instruction ID: 057f781954d8d4276ded4b37478c7c8513d87cffd0b24f40fa734a0f188e04cd
    • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
    • Instruction Fuzzy Hash: 7741B662B09A8285FB15AF56A810679A395BF94BF0F894535FD3D4B7C4EE3CE440C3A0
    Function 00007FF7FEC256D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
    • Instruction ID: c5972af55e6e299254974d442958f17955293704049cea4414a77cd25ac838b6
    • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
    • Instruction Fuzzy Hash: 1C119436EACB0785FB543924E54137B91417FD5BA0FC84234FA7D065E6DE6CA440C1A7
    Function 00007FF7FEC0FE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Message$DispatchObjectPeekSingleTranslateWait
    • String ID:
    • API String ID: 3621893840-0
    • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
    • Instruction ID: 9106993514c5b239639e62482c16b8dd30892d314c9afe08b1c532538471bcad
    • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
    • Instruction Fuzzy Hash: 89F06262B3C58682FB50A720E854F36A222FFE4B05FC41030FA6E859D5DE2CD149C760
    Function 00007FF7FEC1625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: __except_validate_context_recordabort
    • String ID: csm$csm
    • API String ID: 746414643-3733052814
    • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
    • Instruction ID: d7aee4e1289983071a5bf9a4ca0a13812c2a154673f1d0b886090454a60a4198
    • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
    • Instruction Fuzzy Hash: B971C0726086918AD760AF25D05077DFBA0FB85BA8F848135EEAC47BC9CB3CD491C791
    Function 00007FF7FEC180F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $*
    • API String ID: 3215553584-3982473090
    • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
    • Instruction ID: 7b0f3c1768620b5ee64344683a0f14f1b7240214182a8f208bbc77a552b8cd6e
    • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
    • Instruction Fuzzy Hash: 13519A7390C6428AF766AF38844437C7BA1FB86B28F941135F66A412D9CF3CD481C7A6
    Function 00007FF7FEC21758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ByteCharMultiWide$StringType
    • String ID: $%s
    • API String ID: 3586891840-3791308623
    • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
    • Instruction ID: f964250578a507bc2c96a00bb718244bc6596d5c0cb0c5b25ff01580f19ec48b
    • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
    • Instruction Fuzzy Hash: 37419922B1578149EB619F25D8402A9A395FB84FA8F850276FE2D477C5DF3CE541C390
    Function 00007FF7FEC166A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CreateFrameInfo__except_validate_context_recordabort
    • String ID: csm
    • API String ID: 2466640111-1018135373
    • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
    • Instruction ID: ad81bc8b41b06904b037faf46e1ad5cfa9f28a332bf0b902a6052875af48c1d8
    • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
    • Instruction Fuzzy Hash: DD515E7362974187E720AB56E04026EB7A4FBC9BA0F940534EB9D07B95CF3CE451CB91
    Function 00007FF7FEC24360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ByteCharErrorFileLastMultiWideWrite
    • String ID: U
    • API String ID: 2456169464-4171548499
    • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
    • Instruction ID: c0511ac7d3a06d58335d24735088176a05b89e3456968082f538a4ae699799dc
    • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
    • Instruction Fuzzy Hash: CD41A022A19A8182EB20EF25E8443BAB7A1FBC8794F844131FE5D87798DF7CD441C790
    Function 00007FF7FEC090B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ObjectRelease
    • String ID:
    • API String ID: 1429681911-3916222277
    • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
    • Instruction ID: 2bdc857572170327e3eef989f5bdb20c9c8d40872af3dae834f5e608a74a9c61
    • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
    • Instruction Fuzzy Hash: 75314E356087418AEB18AF12BC1862AB761F789FD1F814435ED6A47B94CE3CD449CB50
    Function 00007FF7FEBFE870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
    Download Yara Rule
    APIs
    • InitializeCriticalSection.KERNEL32(?,?,?,00007FF7FEC0317F,?,?,00001000,00007FF7FEBEE51D), ref: 00007FF7FEBFE8BB
    • CreateSemaphoreW.KERNEL32(?,?,?,00007FF7FEC0317F,?,?,00001000,00007FF7FEBEE51D), ref: 00007FF7FEBFE8CB
    • CreateEventW.KERNEL32(?,?,?,00007FF7FEC0317F,?,?,00001000,00007FF7FEBEE51D), ref: 00007FF7FEBFE8E4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Create$CriticalEventInitializeSectionSemaphore
    • String ID: Thread pool initialization failed.
    • API String ID: 3340455307-2182114853
    • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
    • Instruction ID: ce4308aa69eb0c2b1d306c9e4729d9b2cda2ac1b4fa1ec192cab4ba5d208e824
    • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
    • Instruction Fuzzy Hash: D1210632E1968186F710AF64D8447BD72A2FBD8B0CF988034DA2D0A2D5CF7E9445C7E4
    Function 00007FF7FEC07778 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33registryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ClassCursorLoadRegister
    • String ID: P$RarHtmlClassName
    • API String ID: 1693014935-552670043
    • Opcode ID: 66395fa0630a1625fd954670e03c4fb124a2b76a3b71242d49b815316c9f43a1
    • Instruction ID: d09d91f2277007dfe0055d549619fb823d24d277a4a9f0f2b2c1e5fb329d0e25
    • Opcode Fuzzy Hash: 66395fa0630a1625fd954670e03c4fb124a2b76a3b71242d49b815316c9f43a1
    • Instruction Fuzzy Hash: 32013932E04B41DEF7009FA0E8443AD73B4F748758F644238EE981AA58DF788155CB90
    Function 00007FF7FEC085E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CapsDeviceRelease
    • String ID:
    • API String ID: 127614599-3916222277
    • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
    • Instruction ID: 2269a0f4ba63dc69b39b05e2a22b9ebc944461e8b6e289923de9848442d9dc8c
    • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
    • Instruction Fuzzy Hash: 44E0CD20B0C64186FB186775B98903A9362978CBD0F564035EA3F477D4CD3CC4C4C310
    Function 00007FF7FEBED1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$FileTime
    • String ID:
    • API String ID: 1137671866-0
    • Opcode ID: 9c21b1f25fbccd14be34930bd084bba422da6d7fe28c10e58640f4972f681cfd
    • Instruction ID: 862a5e77e5eb1a28a57d90687886a7b505d5ec34ae67c01d93956cbecfe5181f
    • Opcode Fuzzy Hash: 9c21b1f25fbccd14be34930bd084bba422da6d7fe28c10e58640f4972f681cfd
    • Instruction Fuzzy Hash: 4DA1D362A18B8281EB10EB65E8405ADB371FFC5794FC05231EAAD07AE9DF7CE544C391
    Function 00007FF7FEBF2CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FileWrite$Handle
    • String ID:
    • API String ID: 4209713984-0
    • Opcode ID: 36bd0183a846d9ba9312903715bf2ef21d1db3e0abb52a3d50b28083c89a0b57
    • Instruction ID: 635160412a458a31a38604ebeaf895697db53eeac2074400e4b3845a802810f5
    • Opcode Fuzzy Hash: 36bd0183a846d9ba9312903715bf2ef21d1db3e0abb52a3d50b28083c89a0b57
    • Instruction Fuzzy Hash: C551E622A1968292FB10AB65E854B7AE350FFC5B90FD40131EA7D06AD0DF3CE485C7A0
    Function 00007FF7FEC00548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorLast
    • String ID:
    • API String ID: 1452528299-0
    • Opcode ID: cfa26c4a097f1d9774ca1d21d3052aab459b5d34ed3f4bd27b06be766575ef65
    • Instruction ID: 3c84c9b8e547b8ba85e49f260a0af0d31752fcafd4581a35350f126dd17bf424
    • Opcode Fuzzy Hash: cfa26c4a097f1d9774ca1d21d3052aab459b5d34ed3f4bd27b06be766575ef65
    • Instruction Fuzzy Hash: 9051B162B14A4685FB00BB65D4452FCA322EBC5B98FC14532EA6C57BDADE2CD144C3E4
    Function 00007FF7FEC09D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
    • String ID:
    • API String ID: 1077098981-0
    • Opcode ID: 3b698565756ad25c4425689a1d29b855ba2ab6589ff95071d83f0d5ba0ad07f7
    • Instruction ID: 697bfbd9ebf4e0185f24eb20d407f854fa1c6d33b2e4f1e49893ed0da7d10a56
    • Opcode Fuzzy Hash: 3b698565756ad25c4425689a1d29b855ba2ab6589ff95071d83f0d5ba0ad07f7
    • Instruction Fuzzy Hash: 6F515F32618B4286E7509F21E8447ADB375FBC4B84F901036FA6D97AA4DF3CD405CB90
    Function 00007FF7FEC1DB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
    • String ID:
    • API String ID: 4141327611-0
    • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
    • Instruction ID: 7fe587895c139691a57702d13beb239eec98a0d3678f27460e8c911030585012
    • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
    • Instruction Fuzzy Hash: 3041B232A0C78246FB65AE14905037DEB90EFC0BB1F948531FA6D46AC9CF6CD841C7A0
    Function 00007FF7FEBF3980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FileMove_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3823481717-0
    • Opcode ID: 9a9a58264430c11791c0c606b390f78d08ba3037c1fa37d6a31b7cedc8df9908
    • Instruction ID: 9f601dde5a89bfa303f4ef56636bc9245c37bdd6ce480999454d4029f8e1611d
    • Opcode Fuzzy Hash: 9a9a58264430c11791c0c606b390f78d08ba3037c1fa37d6a31b7cedc8df9908
    • Instruction Fuzzy Hash: E241B162F14B9184FB00EBB6E8455ACA371BF84BA4B805231EE7D1BAD9DF38D045C390
    Function 00007FF7FEBF3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 2359106489-0
    • Opcode ID: c4315f6e237c344fce324f4f2bddc8a7628f12fda2cf81b11bf7f20b6059f8a8
    • Instruction ID: 4d91e273b84b239550fb5cee598948790f3f75ba4b41477951625def84ec3d93
    • Opcode Fuzzy Hash: c4315f6e237c344fce324f4f2bddc8a7628f12fda2cf81b11bf7f20b6059f8a8
    • Instruction Fuzzy Hash: A731A262E0C6C281EB20BB65A444A7DE351BFC87A0FD40231EEBD4A6D5DF3CD44587A0
    Function 00007FF7FEC20B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
    Download Yara Rule
    APIs
    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7FEC1C45B), ref: 00007FF7FEC20B91
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7FEC1C45B), ref: 00007FF7FEC20BF3
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7FEC1C45B), ref: 00007FF7FEC20C2D
    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7FEC1C45B), ref: 00007FF7FEC20C57
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ByteCharEnvironmentMultiStringsWide$Free
    • String ID:
    • API String ID: 1557788787-0
    • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
    • Instruction ID: ddc4be8835df4a438a6cd3c876aebd7e6a88d94ec939ba423864f0864796d236
    • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
    • Instruction Fuzzy Hash: 6E21A531F18B9181E724AF12A841029F6A5FBD4BD0B894135EEAE23BE4DF3CE452C350
    Function 00007FF7FEC1D440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorLast$abort
    • String ID:
    • API String ID: 1447195878-0
    • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
    • Instruction ID: a334eb97698032f6aa57191cda95dfa70c2d2a8b5b0fd9545456cef840c5aa70
    • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
    • Instruction Fuzzy Hash: 61018822B0864242FB58B765AA5513C95A15FC47B1F840838FD3F067D6ED2CF841C2B1
    Function 00007FF7FEBFE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FEBFECD8: ResetEvent.KERNEL32 ref: 00007FF7FEBFECF1
      • Part of subcall function 00007FF7FEBFECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF7FEBFED07
    • ReleaseSemaphore.KERNEL32 ref: 00007FF7FEBFE974
    • CloseHandle.KERNEL32 ref: 00007FF7FEBFE993
    • DeleteCriticalSection.KERNEL32 ref: 00007FF7FEBFE9AA
    • CloseHandle.KERNEL32 ref: 00007FF7FEBFE9B7
      • Part of subcall function 00007FF7FEBFEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7FEBFE95F,?,?,?,00007FF7FEBF463A,?,?,?), ref: 00007FF7FEBFEA63
      • Part of subcall function 00007FF7FEBFEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7FEBFE95F,?,?,?,00007FF7FEBF463A,?,?,?), ref: 00007FF7FEBFEA6E
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
    • String ID:
    • API String ID: 502429940-0
    • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
    • Instruction ID: 537a00d7fd4269ed1c7488c7b461c8d3a716907a4fef9d0e11c8760723b91522
    • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
    • Instruction Fuzzy Hash: 2001ED37A14A9192E758AB21E98466DE321FBC4B90F804031EB7D076A5CF39E4B5C794
    Function 00007FF7FEC08590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: CapsDevice$Release
    • String ID:
    • API String ID: 1035833867-0
    • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
    • Instruction ID: 11d9a22671d8346d243a918f6c3f62754b47cb47f64b4b49aae56ce4fccde6cb
    • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
    • Instruction Fuzzy Hash: C6E01260E0D70286FF297B766C59136A292AF88741F898439E93F4A3D0DD3CA085C760
    Function 00007FF7FEBEE34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: DXGIDebug.dll
    • API String ID: 3668304517-540382549
    • Opcode ID: e7651ac11b2f684bb7122a8860872b45a6cc5eba0690d4c353d0561425072845
    • Instruction ID: 48d91af4a571181fb379a6755f57c6ec407af23a4f8f9d84a4148c322cb3a204
    • Opcode Fuzzy Hash: e7651ac11b2f684bb7122a8860872b45a6cc5eba0690d4c353d0561425072845
    • Instruction Fuzzy Hash: 7571CD72A14B8186EB14DB65E8407ADB3A8FB94794F804236DBAD07B95DF7CE061C390
    Function 00007FF7FEC1E1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: e+000$gfff
    • API String ID: 3215553584-3030954782
    • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
    • Instruction ID: 80ceeed0d174a981cf953f1f5fcd74b2878b2960f160750c5d48792511c8946c
    • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
    • Instruction Fuzzy Hash: 61513A62B187C14AE725AF35984036DAB91EBC1BA0F888231E7BC87BD6CF2CD444C751
    Function 00007FF7FEBF9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$swprintf
    • String ID: SIZE
    • API String ID: 449872665-3243624926
    • Opcode ID: 95182320ee7b3a48c420107a4992996f84afbbac13f0d5532198c1d22c251322
    • Instruction ID: 57ddc3ef416d38541107d3768f5e32f90fbe4c9afcfba0bae9f71b2c7c54e07d
    • Opcode Fuzzy Hash: 95182320ee7b3a48c420107a4992996f84afbbac13f0d5532198c1d22c251322
    • Instruction Fuzzy Hash: DB41C162A1878685EF10AB95E4417BDE350EFC57A0FD04232FABD466EAEE3CD540C790
    Function 00007FF7FEC1C2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FileModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\68#U2591.exe
    • API String ID: 3307058713-1388781261
    • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
    • Instruction ID: a1d929be008d87566c4882c1e2ecbaf3fcd0d4655adda25d633038d34aa2e08c
    • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
    • Instruction Fuzzy Hash: 4C417032A0865286EB18EF25A4404FCA795EBC4BA4BD44036FA6D47BD5DE3DE441C3A1
    Function 00007FF7FEBF9638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ByteCharMultiWide_snwprintf
    • String ID: $%s$@%s
    • API String ID: 2650857296-834177443
    • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
    • Instruction ID: d26445db5d44bb195ba31dc48584a24f7fd66efca0e80cbe3b09394eeca5c1a6
    • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
    • Instruction Fuzzy Hash: 4431C672B18A8655EB10AFA6D4406E9A3A0FB84784FC01032EE7D077E9DF3DE505D790
    Function 00007FF7FEC0FA80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: Software\WinRAR SFX$c:\
    • API String ID: 3668304517-2538208311
    • Opcode ID: 9720fa09b182028469021de2c29ba7ab9608411a5fa033cd0cb0118181a87e38
    • Instruction ID: 251375b5f2b3f87eeb8f440b4b1b46756c196001d5a1b4a82c90da7a5256cdc0
    • Opcode Fuzzy Hash: 9720fa09b182028469021de2c29ba7ab9608411a5fa033cd0cb0118181a87e38
    • Instruction Fuzzy Hash: 4B414172608A4189EB10EF25E8546A9B3A5FBC8798F801631FA6C43AD8DF7CD195C750
    Function 00007FF7FEC1EB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID: @
    • API String ID: 3000768030-2766056989
    • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
    • Instruction ID: 9b8ae988b1876151032dc255967159edf86f1106e3962faa2c86e3b4320f2bbf
    • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
    • Instruction Fuzzy Hash: 82219322E08A8285EB64AB25989013DA651EBC5774F681336E67F477D4CE3CD881C3A5
    Function 00007FF7FEC14078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7FEC11D3E), ref: 00007FF7FEC140BC
    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7FEC11D3E), ref: 00007FF7FEC14102
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
    • Instruction ID: 7b4e7c7d2e37bc17456d77b816b18b7d27529b4f28278d1d1faa582bb6e570a2
    • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
    • Instruction Fuzzy Hash: F6114F32608B4182EB209F15E840269B7E1FB88B94F584235EFAD07798DF3CD955CB40
    Function 00007FF7FEBFEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: Thread$CreatePriority
    • String ID: CreateThread failed
    • API String ID: 2610526550-3849766595
    • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
    • Instruction ID: 6827863ee19b92db10cf67510e3406026b20f5e21b1639c1df9967a853bbef6c
    • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
    • Instruction Fuzzy Hash: 04118231A08A8291EB10EF50E881579F361FBC4794FD44135E66D026E9DF3CE551C7E0
    Function 00007FF7FEBFEA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
    Download Yara Rule
    APIs
    • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF7FEBFE95F,?,?,?,00007FF7FEBF463A,?,?,?), ref: 00007FF7FEBFEA63
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7FEBFE95F,?,?,?,00007FF7FEBF463A,?,?,?), ref: 00007FF7FEBFEA6E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: ErrorLastObjectSingleWait
    • String ID: WaitForMultipleObjects error %d, GetLastError %d
    • API String ID: 1211598281-2248577382
    • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
    • Instruction ID: 33a3e0b4132b00e6da78c1a2574f4b9dcaa4b82556b95a77bda58ebbbb71bba7
    • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
    • Instruction Fuzzy Hash: FBE01A22E1984291F710B7609C82878A2127FE1770FD00330E03E415F59E2CA945C3E2
    Function 00007FF7FEBFA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3248834239.00007FF7FEBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7FEBE0000, based on PE: true
    • Associated: 00000000.00000002.3248820422.00007FF7FEBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248861968.00007FF7FEC28000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC3B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248880662.00007FF7FEC40000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3248911008.00007FF7FEC4E000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7febe0000_68#U2591.jbxd
    Similarity
    • API ID: FindHandleModuleResource
    • String ID: RTL
    • API String ID: 3537982541-834975271
    • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
    • Instruction ID: 3c5f27e7fd3774f735f0afee6a8d15c939075c4bf170eac25da272fbd7c4fa45
    • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
    • Instruction Fuzzy Hash: 5ED05B51F0964541FF196775584573452505F5CF41FC44038DC6D063D4DE2CD084C7A0