Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1PI1dOAtKY.exe

Overview

General Information

Sample name:1PI1dOAtKY.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:3fe5fd377ea9bde5ca15723d214916b9a8e1b780bd49fab6e75412315c155b52
Analysis ID:1539800
MD5:65265a6752011edf039bdeafeb4e1551
SHA1:7414c76369b2e5762c93936a22ba530d80488d10
SHA256:3fe5fd377ea9bde5ca15723d214916b9a8e1b780bd49fab6e75412315c155b52
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • 1PI1dOAtKY.exe (PID: 6404 cmdline: "C:\Users\user\Desktop\1PI1dOAtKY.exe" MD5: 65265A6752011EDF039BDEAFEB4E1551)
    • conhost.exe (PID: 1816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 1PI1dOAtKY.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: 1PI1dOAtKY.exeVirustotal: Detection: 10%Perma Link
Source: 1PI1dOAtKY.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D7A740 InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,GetLastError,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00007FF746D7A740
Source: 1PI1dOAtKY.exeString found in binary or memory: https://http://Mozilla/5.0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB26440_2_00007FF746DB2644
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DC6F640_2_00007FF746DC6F64
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D8E0530_2_00007FF746D8E053
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB20200_2_00007FF746DB2020
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DBDA9C0_2_00007FF746DBDA9C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D847B00_2_00007FF746D847B0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DAE7640_2_00007FF746DAE764
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D7A7400_2_00007FF746D7A740
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DCF8F80_2_00007FF746DCF8F8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DC48FC0_2_00007FF746DC48FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D865D00_2_00007FF746D865D0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DBB59C0_2_00007FF746DBB59C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D8A5940_2_00007FF746D8A594
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D765900_2_00007FF746D76590
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DDB6980_2_00007FF746DDB698
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB56AC0_2_00007FF746DB56AC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D773600_2_00007FF746D77360
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D825000_2_00007FF746D82500
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D754A00_2_00007FF746D754A0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D7E4800_2_00007FF746D7E480
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DD54740_2_00007FF746DD5474
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D834700_2_00007FF746D83470
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DC14500_2_00007FF746DC1450
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D751900_2_00007FF746D75190
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D841600_2_00007FF746D84160
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DA51240_2_00007FF746DA5124
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB52FC0_2_00007FF746DB52FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DC42D80_2_00007FF746DC42D8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D8F2980_2_00007FF746D8F298
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB12480_2_00007FF746DB1248
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB00100_2_00007FF746DB0010
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DD1FE40_2_00007FF746DD1FE4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DA8F9C0_2_00007FF746DA8F9C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB0FB00_2_00007FF746DB0FB0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D75F700_2_00007FF746D75F70
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D86F320_2_00007FF746D86F32
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D850500_2_00007FF746D85050
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DA1DC40_2_00007FF746DA1DC4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D78DD00_2_00007FF746D78DD0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DBCE740_2_00007FF746DBCE74
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D8BE200_2_00007FF746D8BE20
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DADBB40_2_00007FF746DADBB4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D7CB600_2_00007FF746D7CB60
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D8CB400_2_00007FF746D8CB40
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DA1B380_2_00007FF746DA1B38
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D8FB3E0_2_00007FF746D8FB3E
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DD5CC80_2_00007FF746DD5CC8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D81A000_2_00007FF746D81A00
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D739F00_2_00007FF746D739F0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: String function: 00007FF746DA0700 appears 63 times
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: String function: 00007FF746D94AE0 appears 36 times
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: String function: 00007FF746D9C040 appears 144 times
Source: classification engineClassification label: mal56.winEXE@2/1@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:120:WilError_03
Source: 1PI1dOAtKY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 1PI1dOAtKY.exeVirustotal: Detection: 10%
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeFile read: C:\Users\user\Desktop\1PI1dOAtKY.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\1PI1dOAtKY.exe "C:\Users\user\Desktop\1PI1dOAtKY.exe"
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeSection loaded: wininet.dllJump to behavior
Source: 1PI1dOAtKY.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 1PI1dOAtKY.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 1PI1dOAtKY.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 1PI1dOAtKY.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 1PI1dOAtKY.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 1PI1dOAtKY.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 1PI1dOAtKY.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DCD8FC LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF746DCD8FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DA5124 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF746DA5124
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: malloc,GetAdaptersInfo,free,malloc,GetAdaptersInfo,free,sprintf,free,0_2_00007FF746D74030
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeEvaded block: after key decisiongraph_0-43573
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeEvaded block: after key decisiongraph_0-43511
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeEvaded block: after key decisiongraph_0-43513
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-44460
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: 1PI1dOAtKY.exe, 00000000.00000002.2026520257.00000187C39D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeAPI call chain: ExitProcess graph end nodegraph_0-43963
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeAPI call chain: ExitProcess graph end nodegraph_0-43543
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DAD1DC __crtCaptureCurrentContext,IsDebuggerPresent,__crtUnhandledException,0_2_00007FF746DAD1DC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DC227C EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00007FF746DC227C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DCD8FC LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF746DCD8FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DD466C _lseeki64_nolock,_lseeki64_nolock,GetProcessHeap,HeapAlloc,_errno,_errno,_setmode_nolock,__doserrno,_errno,_setmode_nolock,GetProcessHeap,HeapFree,_lseeki64_nolock,SetEndOfFile,_errno,__doserrno,GetLastError,_lseeki64_nolock,0_2_00007FF746DD466C
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DAC73C SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF746DAC73C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DB3868 SetUnhandledExceptionFilter,0_2_00007FF746DB3868
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DAF8B8 cpuid 0_2_00007FF746DAF8B8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __crtGetLocaleInfoEx,0_2_00007FF746DC47F8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,0_2_00007FF746DC4744
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,__crtGetUserDefaultLocaleName,_invoke_watson,_invoke_watson,_getptd,_getptd,LcidFromHexString,GetLocaleInfoW,0_2_00007FF746DC48FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,0_2_00007FF746DC282C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,0_2_00007FF746DC3540
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_00007FF746DC2654
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __crtGetLocaleInfoEx,malloc,__crtGetLocaleInfoEx,WideCharToMultiByte,free,0_2_00007FF746DC24F8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,GetLocaleInfoW,0_2_00007FF746DC51E8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF746DC5138
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,TestDefaultCountry,__crtGetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,__crtGetLocaleInfoEx,_invoke_watson,0_2_00007FF746DC42D8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,_getptd,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,_getptd,EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,__crtDownlevelLCIDToLocaleName,__crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,_itow_s,0_2_00007FF746DC5290
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale_downlevel,__get_qualified_locale,__lc_lctowcs,__crtGetLocaleInfoEx,GetACP,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,0_2_00007FF746DB1248
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,0_2_00007FF746DACFE0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,TestDefaultLanguage,0_2_00007FF746DC4FEC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: EnumSystemLocalesW,0_2_00007FF746DACF9C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,0_2_00007FF746DC2DB8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,TestDefaultLanguage,0_2_00007FF746DC4DBC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,EnumSystemLocalesW,0_2_00007FF746DC4D28
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,0_2_00007FF746DA7EF4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,free,__crtGetLocaleInfoEx,_invoke_watson,0_2_00007FF746DAEB88
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: _getptd,EnumSystemLocalesW,0_2_00007FF746DC4C74
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D754A0 SetFileAttributesA,std::ios_base::_Ios_base_dtor,_time64,Sleep,_time64,_time64,_time64,rand,rand,SetFileAttributesA,GetSystemTime,rand,SystemTimeToFileTime,CreateFileA,SetFileTime,CloseHandle,std::ios_base::_Ios_base_dtor,0_2_00007FF746D754A0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746D737C0 GetUserNameA,0_2_00007FF746D737C0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DBAD54 GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,std::bad_exception::bad_exception,_CxxThrowException,std::bad_exception::bad_exception,_CxxThrowException,0_2_00007FF746DBAD54
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DD0158 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00007FF746DD0158
Source: C:\Users\user\Desktop\1PI1dOAtKY.exeCode function: 0_2_00007FF746DD10A0 Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,0_2_00007FF746DD10A0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Native API		1
DLL Side-Loading		1
Process Injection		1
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
System Owner/User Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials24
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
1PI1dOAtKY.exe11%VirustotalBrowse
1PI1dOAtKY.exe100%AviraHEUR/AGEN.1319794

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://http://Mozilla/5.01PI1dOAtKY.exefalse
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1539800
    Start date and time:2024-10-23 06:29:33 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 4s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:3
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:1PI1dOAtKY.exe
    (renamed file extension from none to exe, renamed because original name is a hash value)
    Original Sample Name:3fe5fd377ea9bde5ca15723d214916b9a8e1b780bd49fab6e75412315c155b52
    Detection:MAL
    Classification:mal56.winEXE@2/1@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 99%
    • Number of executed functions: 23
    • Number of non-executed functions: 86
    Cookbook Comments:
    • Stop behavior analysis, all processes terminated

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe
    • Not all processes where analyzed, report is missing behavior information

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    \Device\ConDrv

    Download File
    Process:C:\Users\user\Desktop\1PI1dOAtKY.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):1555
    Entropy (8bit):4.710273607729329
    Encrypted:false
    SSDEEP:24:w3GSdNffPmFMqFh4im3S1emA26uuMj4/4rku3MkHtXDe98vO++ly+Npy+tbDZAd1:9SdkJPAke5uuMqo3ltTI+Z+y+4W+t
    MD5:F028EC760D3B3F8A0B9DB4CF6ED0BD85
    SHA1:229C305A97F890BF2EB66D9B5A0FB60FE79A3258
    SHA-256:96EC03AE0A7A7233F01D904F60AACC43A748B32190B7232CAB74A4349236B8A9
    SHA-512:32883789EFAA3375782ED6D9699838F4587F6BBC952115AFDB74C7ED00F4DFE90E93FD402798AD013FABB8F0B56578C47828304BD3A1DD87C0AEC261A38DDCB3
    Malicious:false
    Reputation:low
    Preview:aescriptsLicTool_Verbose v4.1.43 (20241006) / AESCRIPTSLICLIB 4.1.3....usage: aescriptsLicTool_Verbose productName privNum [licString] [version]..'productName' is the name of the product to be validated or licensed (this is the filename of the license file without extension)..'privNum' is the private number of the product (can be set to - to ignore for certain actions)..'licString' is the license string of the product to be licensed..('licString' can be set to - to unlicense a product)..('licString' can be set to -content to retrieve the current content of the license file as a string)..('licString' can be set to PID@REMOTE to request a floating license - replace PID with the product ID on the server)..'version' is the optional version of the product to be licensed....The tool can also be run in 'licenser' or 'license checker' mode..Licenser mode call syntax:..aescriptsLicTool_Verbose productName - [licString] [version] -license..License checker mode call syntax:..aescriptsLicTool_Verb

    Static File Info

    General

    File type:PE32+ executable (console) x86-64, for MS Windows
    Entropy (8bit):6.129641582558878
    TrID:
    • Win64 Executable Console (202006/5) 92.65%
    • Win64 Executable (generic) (12005/4) 5.51%
    • Generic Win/DOS Executable (2004/3) 0.92%
    • DOS Executable Generic (2002/1) 0.92%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:1PI1dOAtKY.exe
    File size:645'776 bytes
    MD5:65265a6752011edf039bdeafeb4e1551
    SHA1:7414c76369b2e5762c93936a22ba530d80488d10
    SHA256:3fe5fd377ea9bde5ca15723d214916b9a8e1b780bd49fab6e75412315c155b52
    SHA512:6356f085894624e61a8dc67b19fc27ebf4c17b75b4cda970f120edc80d63946527ca845224c8b71d2d65a12efe5bfff7d781c050c382a517a958c0d3959afe63
    SSDEEP:12288:y6UPqQaO4tv82UlCKIMBnD1pnS8nWy9i4elej:y6jOK8GKIM5bWy9zj
    TLSH:25D46B59B39440E5D067C279CA574516F3B278460B3A9BDB03A0876B1F37AE09F3EB21
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O};.!.;.!.;.!..|..4.!..|....!..|....!.....6.!.;. ...!..U..:.!.]T..:.!.]T..:.!.Rich;.!.........PE..d......g.........."........

    File Icon

    Icon Hash:00928e8e8686b000

    Static PE Info

    General

    Entrypoint:0x140037e30
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x140000000
    Subsystem:windows cui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Time Stamp:0x67021889 [Sun Oct 6 04:56:41 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:3ee642cb8c343ab97cf5b604d88a461f

    Entrypoint Preview

    Instruction
    dec eax
    sub esp, 28h
    call 00007F0B68C7C838h
    dec eax
    add esp, 28h
    jmp 00007F0B68C705F7h
    int3
    int3
    dec eax
    sub esp, 28h
    call 00007F0B68C79118h
    dec eax
    mov ecx, dword ptr [eax+000000C0h]
    dec eax
    cmp ecx, dword ptr [0005C965h]
    je 00007F0B68C707C8h
    mov eax, dword ptr [eax+000000C8h]
    test dword ptr [0005CAD3h], eax
    jne 00007F0B68C707BAh
    call 00007F0B68C795CDh
    dec eax
    mov ecx, eax
    mov eax, dword ptr [ecx+04h]
    dec eax
    add esp, 28h
    ret
    int3
    dec eax
    sub esp, 28h
    call 00007F0B68C790E0h
    dec eax
    mov ecx, dword ptr [eax+000000C0h]
    dec eax
    cmp ecx, dword ptr [0005C92Dh]
    je 00007F0B68C707C8h
    mov eax, dword ptr [eax+000000C8h]
    test dword ptr [0005CA9Bh], eax
    jne 00007F0B68C707BAh
    call 00007F0B68C79595h
    dec eax
    mov ecx, eax
    dec eax
    lea eax, dword ptr [ecx+00000128h]
    dec eax
    add esp, 28h
    ret
    int3
    dec eax
    sub esp, 28h
    call 00007F0B68C790A4h
    dec eax
    mov ecx, dword ptr [eax+000000C0h]
    dec eax
    cmp ecx, dword ptr [0005C8F1h]
    je 00007F0B68C707C8h
    mov eax, dword ptr [eax+000000C8h]
    test dword ptr [0005CA5Fh], eax
    jne 00007F0B68C707BAh
    call 00007F0B68C79559h
    dec eax
    mov ecx, eax
    mov eax, dword ptr [ecx+000000D4h]
    dec eax
    add esp, 28h
    ret
    int3
    int3
    dec esp
    mov ebx, esp

    Rich Headers

    Programming Language:
    • [RES] VS2012 UPD4 build 61030
    • [LNK] VS2012 UPD4 build 61030

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x914240x8c.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x1e0.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x9a0000x50c4.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa10000xfbc.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x812900x70.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x710000x4d0.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x6f7890x6f8008a8e32c0d99c274fc8002dc11f45bcaaFalse0.505165271160314data6.372737146819066IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x710000x213de0x21400f7ca2b641a4baf725e5feea0e55d4344False0.354984140037594data4.614733432030153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x930000x6a600x3a0071fce75483d7bb8ef829447188123647False0.2231950431034483data3.9381026450080876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .pdata0x9a0000x50c40x5200be34dba8af943daf4f72a01864fb08c0False0.4907583841463415data5.750850673396023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0xa00000x1e00x200584568d783300e149a02ddab2f14ce0fFalse0.525390625data4.692060940173397IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0xa10000x3a920x3c00fa960895ca86a7d9e8087af3dc53212fFalse0.1248046875data2.177846270977989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_MANIFEST0xa00600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

    Imports

    DLLImport
    WS2_32.dllinet_ntop, ioctlsocket, gethostname, connect, WSAStartup, getaddrinfo, select, WSAGetLastError, setsockopt, WSACleanup, recv, socket, freeaddrinfo, __WSAFDIsSet, closesocket, send
    IPHLPAPI.DLLGetAdaptersInfo
    KERNEL32.dllGetThreadPriority, CreateFileW, SetEnvironmentVariableA, WriteConsoleW, SetStdHandle, ReadConsoleW, CreateTimerQueue, RegisterWaitForSingleObject, GetNumaHighestNodeNumber, ChangeTimerQueueTimer, SetEndOfFile, QueryDepthSList, LoadLibraryW, UnregisterWait, CreateFileA, SystemTimeToFileTime, FormatMessageA, SetFileTime, Sleep, CreateDirectoryA, GetLastError, SetFileAttributesA, CloseHandle, GetSystemTime, UnregisterWaitEx, GetStartupInfoW, InterlockedFlushSList, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, ReleaseSemaphore, DuplicateHandle, VirtualProtect, VirtualFree, VirtualAlloc, GetVersionExW, WideCharToMultiByte, GetCurrentThreadId, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetSystemTimeAsFileTime, MultiByteToWideChar, GetStringTypeW, ExitProcess, GetModuleHandleExW, GetProcAddress, AreFileApisANSI, HeapFree, HeapAlloc, IsDebuggerPresent, IsProcessorFeaturePresent, GetCommandLineA, GetCPInfo, RtlPcToFileHeader, RaiseException, RtlLookupFunctionEntry, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsGetValue, CreateTimerQueueTimer, RtlCaptureContext, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsSetValue, TlsFree, SignalObjectAndWait, GetModuleHandleW, CreateSemaphoreW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetStdHandle, GetFileType, WriteFile, GetModuleFileNameW, FreeLibrary, LoadLibraryExW, IsValidCodePage, GetACP, GetOEMCP, GetProcessHeap, GetCurrentThread, ReadFile, SetFilePointerEx, FlushFileBuffers, GetConsoleCP, GetConsoleMode, HeapSize, CreateDirectoryW, GetModuleFileNameA, QueryPerformanceCounter, GetCurrentProcessId, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetFilePointer, HeapReAlloc, DeleteTimerQueueTimer, GetProcessAffinityMask, SetThreadAffinityMask, OutputDebugStringW, SwitchToThread, CreateThread, GetThreadTimes, FreeLibraryAndExitThread, GetModuleHandleA, SetEvent, WaitForSingleObject, CreateEventW, SetThreadPriority, GetTickCount
    ADVAPI32.dllGetUserNameA
    SHELL32.dllSHGetFolderPathA
    WININET.dllHttpSendRequestA, HttpOpenRequestA, InternetCloseHandle, InternetReadFile, InternetConnectA, HttpQueryInfoA, InternetSetOptionA, InternetOpenA

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    No network behavior found

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:00:30:21
    Start date:23/10/2024
    Path:C:\Users\user\Desktop\1PI1dOAtKY.exe
    Wow64 process (32bit):false
    Commandline:"C:\Users\user\Desktop\1PI1dOAtKY.exe"
    Imagebase:0x7ff746d70000
    File size:645'776 bytes
    MD5 hash:65265A6752011EDF039BDEAFEB4E1551
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:1
    Start time:00:30:21
    Start date:23/10/2024
    Path:C:\Windows\System32\conhost.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Imagebase:0x7ff6d64d0000
    File size:862'208 bytes
    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:4.7%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:23.9%
      Total number of Nodes:1198
      Total number of Limit Nodes:11
      execution_graph 43067 7ff746d8e053 43076 7ff746d8e05d memchr 43067->43076 43068 7ff746d8e271 43182 7ff746d8e30a memchr _wsetlocale_set_cat 43068->43182 43302 7ff746d9c040 43068->43302 43072 7ff746d9c040 283 API calls 43073 7ff746d8e29c 43072->43073 43312 7ff746d9c3d0 43073->43312 43076->43068 43346 7ff746d94ae0 43076->43346 43077 7ff746d9c040 283 API calls 43078 7ff746d8e2ba 43077->43078 43079 7ff746d9c040 283 API calls 43078->43079 43080 7ff746d8e2c9 43079->43080 43081 7ff746d9c040 283 API calls 43080->43081 43083 7ff746d8e2d8 43081->43083 43085 7ff746d9c040 283 API calls 43083->43085 43087 7ff746d8e2e7 43085->43087 43086 7ff746d8d640 283 API calls 43088 7ff746d8ee4c 43086->43088 43322 7ff746d91bd0 43087->43322 43091 7ff746d9c040 283 API calls 43088->43091 43093 7ff746d8ee70 43091->43093 43095 7ff746d91bd0 283 API calls 43093->43095 43097 7ff746d8ee7b 43095->43097 43096 7ff746d91bd0 283 API calls 43099 7ff746d8e302 43096->43099 43098 7ff746d91e30 283 API calls 43097->43098 43100 7ff746d8ee83 43098->43100 43101 7ff746d91e30 283 API calls 43099->43101 43102 7ff746d9c040 283 API calls 43100->43102 43101->43182 43103 7ff746d8ee96 43102->43103 43104 7ff746d91bd0 283 API calls 43103->43104 43105 7ff746d8eea1 43104->43105 43106 7ff746d91e30 283 API calls 43105->43106 43109 7ff746d8eea9 43106->43109 43107 7ff746d91e30 283 API calls 43107->43182 43108 7ff746d8e978 43113 7ff746d94ae0 283 API calls 43108->43113 43110 7ff746d9c040 283 API calls 43109->43110 43111 7ff746d8eebc 43110->43111 43112 7ff746d91bd0 283 API calls 43111->43112 43114 7ff746d8eec7 43112->43114 43115 7ff746d8e9c6 43113->43115 43117 7ff746d91e30 283 API calls 43114->43117 43356 7ff746d9bed0 283 API calls 43115->43356 43116 7ff746d9c040 283 API calls 43116->43182 43120 7ff746d8eecf 43117->43120 43119 7ff746d8e9e1 43357 7ff746d71f70 283 API calls 3 library calls 43119->43357 43121 7ff746d9c040 283 API calls 43120->43121 43123 7ff746d8eee2 43121->43123 43124 7ff746d91bd0 283 API calls 43123->43124 43126 7ff746d8eeed 43124->43126 43125 7ff746d8ea3e 43127 7ff746d8ecce 43125->43127 43358 7ff746d9bcc0 283 API calls 2 library calls 43125->43358 43130 7ff746d91e30 283 API calls 43126->43130 43385 7ff746d91590 283 API calls 43127->43385 43128 7ff746da65a0 283 API calls 43128->43182 43129 7ff746d94ae0 283 API calls 43129->43182 43133 7ff746d8eef5 43130->43133 43136 7ff746d9c040 283 API calls 43133->43136 43134 7ff746d8ecdd 43137 7ff746d91bd0 283 API calls 43134->43137 43135 7ff746d8ea73 43359 7ff746d94210 283 API calls 2 library calls 43135->43359 43140 7ff746d8ef08 43136->43140 43141 7ff746d8ece8 43137->43141 43138 7ff746d8ee27 43340 7ff746d8d640 43138->43340 43143 7ff746d91bd0 283 API calls 43140->43143 43144 7ff746d91e30 283 API calls 43141->43144 43142 7ff746d8ea90 43145 7ff746d8eaa6 43142->43145 43360 7ff746d949b0 43142->43360 43146 7ff746d8ef13 43143->43146 43147 7ff746d8ecf0 43144->43147 43376 7ff746d94210 283 API calls 2 library calls 43145->43376 43150 7ff746d91e30 283 API calls 43146->43150 43154 7ff746d9c3d0 283 API calls 43147->43154 43181 7ff746d8ed30 43147->43181 43153 7ff746d8ef1b 43150->43153 43151 7ff746d8eabc 43152 7ff746d94ae0 283 API calls 43151->43152 43155 7ff746d8ead1 43152->43155 43156 7ff746d9c040 283 API calls 43153->43156 43157 7ff746d8ed1d 43154->43157 43377 7ff746d94210 283 API calls 2 library calls 43155->43377 43159 7ff746d8ef2e 43156->43159 43160 7ff746d91bd0 283 API calls 43157->43160 43163 7ff746d91bd0 283 API calls 43159->43163 43164 7ff746d8ed28 43160->43164 43161 7ff746d9c3d0 283 API calls 43161->43182 43162 7ff746d8eae7 43166 7ff746d94ae0 283 API calls 43162->43166 43167 7ff746d8ef39 43163->43167 43168 7ff746d91e30 283 API calls 43164->43168 43165 7ff746d8d640 283 API calls 43165->43182 43170 7ff746d8eaff 43166->43170 43171 7ff746d91e30 283 API calls 43167->43171 43168->43181 43169 7ff746d91bd0 283 API calls 43169->43182 43184 7ff746d8eb46 43170->43184 43378 7ff746d94210 283 API calls 2 library calls 43170->43378 43172 7ff746d8ef41 43171->43172 43173 7ff746d9c040 283 API calls 43172->43173 43176 7ff746d8ef54 43173->43176 43175 7ff746d8ebac 43179 7ff746d8ebf3 43175->43179 43380 7ff746d94210 283 API calls 2 library calls 43175->43380 43180 7ff746d91bd0 283 API calls 43176->43180 43177 7ff746d91590 283 API calls 43177->43182 43178 7ff746d8eb30 43178->43184 43187 7ff746d949b0 283 API calls 43178->43187 43197 7ff746d8ec3d 43179->43197 43381 7ff746d94210 283 API calls 2 library calls 43179->43381 43186 7ff746d8ef5f 43180->43186 43386 7ff746da4a30 43181->43386 43182->43107 43182->43108 43182->43116 43182->43128 43182->43129 43182->43138 43182->43161 43182->43165 43182->43169 43182->43177 43354 7ff746d91560 283 API calls 43182->43354 43355 7ff746d92650 283 API calls _Yarn 43182->43355 43184->43175 43379 7ff746d94210 283 API calls 2 library calls 43184->43379 43193 7ff746d91e30 283 API calls 43186->43193 43187->43184 43188 7ff746d8ebdd 43188->43179 43200 7ff746d949b0 283 API calls 43188->43200 43191 7ff746d8ec27 43191->43197 43201 7ff746d949b0 283 API calls 43191->43201 43196 7ff746d8ef67 43193->43196 43195 7ff746d8eb9a 43202 7ff746d94ae0 283 API calls 43195->43202 43203 7ff746d9c040 283 API calls 43196->43203 43198 7ff746d8ec8c 43197->43198 43382 7ff746d94210 283 API calls 2 library calls 43197->43382 43383 7ff746d7a740 297 API calls 3 library calls 43198->43383 43200->43179 43201->43197 43202->43175 43206 7ff746d8ef7a 43203->43206 43209 7ff746d91bd0 283 API calls 43206->43209 43207 7ff746d8ec76 43207->43198 43210 7ff746d8ec7b 43207->43210 43208 7ff746d8ec9f 43384 7ff746d98970 283 API calls 43208->43384 43212 7ff746d8ef85 43209->43212 43213 7ff746d949b0 283 API calls 43210->43213 43215 7ff746d91e30 283 API calls 43212->43215 43213->43198 43214 7ff746d8ecc2 43214->43127 43216 7ff746d8ef8d 43215->43216 43217 7ff746d91bd0 283 API calls 43216->43217 43218 7ff746d8ef99 43217->43218 43219 7ff746d91e30 283 API calls 43218->43219 43220 7ff746d8efa5 43219->43220 43221 7ff746d9c040 283 API calls 43220->43221 43222 7ff746d8efb8 43221->43222 43223 7ff746d91bd0 283 API calls 43222->43223 43224 7ff746d8efc3 43223->43224 43225 7ff746d91e30 283 API calls 43224->43225 43226 7ff746d8efcb 43225->43226 43227 7ff746d9c040 283 API calls 43226->43227 43228 7ff746d8efde 43227->43228 43229 7ff746d91bd0 283 API calls 43228->43229 43230 7ff746d8efe9 43229->43230 43231 7ff746d91e30 283 API calls 43230->43231 43232 7ff746d8eff1 43231->43232 43233 7ff746d9c040 283 API calls 43232->43233 43234 7ff746d8f004 43233->43234 43235 7ff746d91bd0 283 API calls 43234->43235 43236 7ff746d8f00f 43235->43236 43237 7ff746d91e30 283 API calls 43236->43237 43238 7ff746d8f017 43237->43238 43239 7ff746d9c040 283 API calls 43238->43239 43240 7ff746d8f02a 43239->43240 43241 7ff746d91bd0 283 API calls 43240->43241 43242 7ff746d8f035 43241->43242 43243 7ff746d91e30 283 API calls 43242->43243 43244 7ff746d8f03d 43243->43244 43245 7ff746d9c040 283 API calls 43244->43245 43246 7ff746d8f050 43245->43246 43247 7ff746d91bd0 283 API calls 43246->43247 43248 7ff746d8f05b 43247->43248 43249 7ff746d91e30 283 API calls 43248->43249 43250 7ff746d8f063 43249->43250 43251 7ff746d91bd0 283 API calls 43250->43251 43252 7ff746d8f06f 43251->43252 43253 7ff746d91e30 283 API calls 43252->43253 43254 7ff746d8f07b 43253->43254 43255 7ff746d9c040 283 API calls 43254->43255 43256 7ff746d8f08e 43255->43256 43257 7ff746d91bd0 283 API calls 43256->43257 43258 7ff746d8f099 43257->43258 43259 7ff746d91e30 283 API calls 43258->43259 43260 7ff746d8f0a1 43259->43260 43261 7ff746d9c040 283 API calls 43260->43261 43262 7ff746d8f0b4 43261->43262 43263 7ff746d91bd0 283 API calls 43262->43263 43264 7ff746d8f0bf 43263->43264 43265 7ff746d91e30 283 API calls 43264->43265 43266 7ff746d8f0c7 43265->43266 43267 7ff746d9c040 283 API calls 43266->43267 43268 7ff746d8f0da 43267->43268 43269 7ff746d91bd0 283 API calls 43268->43269 43270 7ff746d8f0e5 43269->43270 43271 7ff746d91e30 283 API calls 43270->43271 43272 7ff746d8f0ed 43271->43272 43273 7ff746d9c040 283 API calls 43272->43273 43274 7ff746d8f100 43273->43274 43275 7ff746d91bd0 283 API calls 43274->43275 43276 7ff746d8f10b 43275->43276 43277 7ff746d91e30 283 API calls 43276->43277 43278 7ff746d8f113 43277->43278 43279 7ff746d9c040 283 API calls 43278->43279 43280 7ff746d8f126 43279->43280 43281 7ff746d91bd0 283 API calls 43280->43281 43282 7ff746d8f131 43281->43282 43283 7ff746d91e30 283 API calls 43282->43283 43284 7ff746d8f139 43283->43284 43285 7ff746d9c040 283 API calls 43284->43285 43286 7ff746d8f14c 43285->43286 43287 7ff746d91bd0 283 API calls 43286->43287 43288 7ff746d8f157 43287->43288 43289 7ff746d91e30 283 API calls 43288->43289 43290 7ff746d8f15f 43289->43290 43291 7ff746d9c040 283 API calls 43290->43291 43292 7ff746d8f172 43291->43292 43293 7ff746d91bd0 283 API calls 43292->43293 43294 7ff746d8f17d 43293->43294 43295 7ff746d91e30 283 API calls 43294->43295 43296 7ff746d8f185 43295->43296 43297 7ff746d9c040 283 API calls 43296->43297 43298 7ff746d8f198 43297->43298 43299 7ff746d91bd0 283 API calls 43298->43299 43300 7ff746d8f1a3 43299->43300 43301 7ff746d91e30 283 API calls 43300->43301 43301->43181 43303 7ff746d9c073 43302->43303 43304 7ff746d91e30 283 API calls 43303->43304 43308 7ff746d9c0dc 43303->43308 43304->43308 43306 7ff746d9c248 43307 7ff746d8e28d 43306->43307 43423 7ff746d98630 283 API calls 43306->43423 43307->43072 43310 7ff746d9c0f3 43308->43310 43395 7ff746d92540 43308->43395 43310->43306 43399 7ff746d71920 43310->43399 43314 7ff746d9c414 43312->43314 43313 7ff746d9c456 43319 7ff746d9c46d 43313->43319 43321 7ff746d92540 283 API calls 43313->43321 43314->43313 43315 7ff746d91e30 283 API calls 43314->43315 43315->43313 43316 7ff746d71920 283 API calls 43317 7ff746d9c5c8 43316->43317 43318 7ff746d8e2ab 43317->43318 44183 7ff746d98630 283 API calls 43317->44183 43318->43077 43319->43316 43319->43317 43321->43319 43323 7ff746d91c08 43322->43323 43324 7ff746d91c2c 43323->43324 43325 7ff746d91e30 283 API calls 43323->43325 43326 7ff746d91c43 43324->43326 43331 7ff746d935e0 283 API calls 43324->43331 43325->43324 43327 7ff746d71920 283 API calls 43326->43327 43328 7ff746d91cca 43326->43328 43327->43328 43329 7ff746d8e2f2 43328->43329 44184 7ff746d98630 283 API calls 43328->44184 43332 7ff746d91e30 43329->43332 43331->43326 43333 7ff746d8e2fa 43332->43333 43334 7ff746d91e51 43332->43334 43333->43096 44185 7ff746d96440 283 API calls 43334->44185 43336 7ff746d91e5e 43337 7ff746d91e9f 43336->43337 43339 7ff746d71920 283 API calls 43336->43339 43337->43333 44186 7ff746d98630 283 API calls 43337->44186 43339->43337 43341 7ff746d8d65a 43340->43341 43343 7ff746d8d665 _Mtx_unlock 43341->43343 44187 7ff746da0368 283 API calls std::_Throw_Cpp_error 43341->44187 43344 7ff746d8d687 43343->43344 44188 7ff746da0368 283 API calls std::_Throw_Cpp_error 43343->44188 43344->43086 43347 7ff746d94afd 43346->43347 43348 7ff746d94b61 43347->43348 43349 7ff746d94c05 43347->43349 43351 7ff746d98510 _RunAllParam 283 API calls 43348->43351 43353 7ff746d94b79 _Yarn 43348->43353 44189 7ff746da0700 283 API calls 2 library calls 43349->44189 43351->43353 43353->43076 43354->43182 43355->43182 43356->43119 43357->43125 43358->43135 43359->43142 43361 7ff746d94ab4 43360->43361 43362 7ff746d949da 43360->43362 44191 7ff746da0738 283 API calls 2 library calls 43361->44191 43364 7ff746d94a18 43362->43364 43365 7ff746d949e9 43362->43365 43370 7ff746d94a22 43364->43370 43371 7ff746d94acd 43364->43371 43366 7ff746d94ac0 43365->43366 43367 7ff746d949f7 43365->43367 44192 7ff746da0738 283 API calls 2 library calls 43366->44192 44190 7ff746d910e0 283 API calls _Yarn 43367->44190 43374 7ff746d98510 _RunAllParam 283 API calls 43370->43374 43375 7ff746d94a13 _Yarn 43370->43375 44193 7ff746da0700 283 API calls 2 library calls 43371->44193 43374->43375 43375->43145 43376->43151 43377->43162 43378->43178 43379->43195 43380->43188 43381->43191 43382->43207 43383->43208 43384->43214 43385->43134 43387 7ff746da4a39 43386->43387 43388 7ff746d90e25 43387->43388 43389 7ff746da732c IsProcessorFeaturePresent 43387->43389 43390 7ff746da7343 43389->43390 44194 7ff746dac0f8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 43390->44194 43392 7ff746da7356 44195 7ff746da72e0 5 API calls 2 library calls 43392->44195 43396 7ff746d925d9 43395->43396 43397 7ff746d92569 _Yarn 43395->43397 43396->43310 43397->43396 43424 7ff746d935e0 43397->43424 43400 7ff746d7195d 43399->43400 43401 7ff746d71af8 43399->43401 43402 7ff746d7196b 43400->43402 43404 7ff746da87f8 _CxxThrowException 2 API calls 43400->43404 43403 7ff746da4a30 __strgtold12_l 9 API calls 43401->43403 43405 7ff746d71a0a 43402->43405 43408 7ff746d94ae0 283 API calls 43402->43408 43406 7ff746d71b05 43403->43406 43404->43402 43407 7ff746d71a83 43405->43407 43411 7ff746d94ae0 283 API calls 43405->43411 43406->43306 43410 7ff746d94ae0 283 API calls 43407->43410 43409 7ff746d719a8 43408->43409 44180 7ff746da4d0c 283 API calls std::exception::_Copy_str 43409->44180 43413 7ff746d71a96 43410->43413 43414 7ff746d71a21 43411->43414 44182 7ff746da4d0c 283 API calls std::exception::_Copy_str 43413->44182 44181 7ff746da4d0c 283 API calls std::exception::_Copy_str 43414->44181 43415 7ff746d719c8 43420 7ff746da87f8 _CxxThrowException 2 API calls 43415->43420 43418 7ff746d71ab6 43422 7ff746da87f8 _CxxThrowException 2 API calls 43418->43422 43419 7ff746d71a41 43421 7ff746da87f8 _CxxThrowException 2 API calls 43419->43421 43420->43405 43421->43407 43422->43401 43423->43307 43427 7ff746d93626 43424->43427 43438 7ff746d9361f 43424->43438 43425 7ff746da4a30 __strgtold12_l 9 API calls 43426 7ff746d938bf 43425->43426 43426->43397 43428 7ff746d936a5 43427->43428 43433 7ff746d936c4 43427->43433 43427->43438 43440 7ff746da4a50 43428->43440 43430 7ff746d93882 43432 7ff746da4a50 fputc 283 API calls 43430->43432 43430->43438 43432->43438 43433->43430 43434 7ff746d9386f 43433->43434 43436 7ff746d93863 43433->43436 43433->43438 43458 7ff746da76c8 283 API calls 4 library calls 43433->43458 43459 7ff746d98510 43433->43459 43466 7ff746da0700 283 API calls 2 library calls 43434->43466 43465 7ff746da0700 283 API calls 2 library calls 43436->43465 43438->43425 43441 7ff746da4a8f 43440->43441 43442 7ff746da4a77 43440->43442 43467 7ff746da5b20 43441->43467 43494 7ff746da66c8 283 API calls _getptd_noexit 43442->43494 43445 7ff746da4a7c 43495 7ff746dad340 14 API calls _invalid_parameter_noinfo 43445->43495 43449 7ff746da4b1f 43453 7ff746da4b2b 43449->43453 43473 7ff746dad39c 43449->43473 43452 7ff746da4a87 43452->43438 43504 7ff746da5bbc LeaveCriticalSection 43453->43504 43456 7ff746da4b14 43503 7ff746dad340 14 API calls _invalid_parameter_noinfo 43456->43503 43458->43433 43460 7ff746d98544 43459->43460 43461 7ff746d98595 43460->43461 43464 7ff746d985a2 _Yarn 43460->43464 43799 7ff746da7c18 43460->43799 43461->43464 43842 7ff746da06bc RtlPcToFileHeader RaiseException Concurrency::details::GetSharedTimerQueue _CxxThrowException 43461->43842 43464->43433 43468 7ff746da5b75 EnterCriticalSection 43467->43468 43469 7ff746da5b35 43467->43469 43469->43468 43470 7ff746da5b41 43469->43470 43505 7ff746da929c 43470->43505 43472 7ff746da4a97 43472->43449 43496 7ff746dad528 43472->43496 43474 7ff746dad528 _fileno 283 API calls 43473->43474 43475 7ff746dad3be 43474->43475 43476 7ff746dad3e0 43475->43476 43477 7ff746dad3c9 43475->43477 43478 7ff746dad3e5 43476->43478 43486 7ff746dad3f2 _flsbuf 43476->43486 43622 7ff746da66c8 283 API calls _getptd_noexit 43477->43622 43623 7ff746da66c8 283 API calls _getptd_noexit 43478->43623 43481 7ff746dad457 43482 7ff746dad4ef 43481->43482 43483 7ff746dad464 43481->43483 43598 7ff746db2564 43482->43598 43485 7ff746dad480 43483->43485 43490 7ff746dad499 43483->43490 43487 7ff746db2564 _flsbuf 283 API calls 43485->43487 43486->43481 43488 7ff746dad3ce 43486->43488 43491 7ff746dad44b 43486->43491 43624 7ff746dc13f0 43486->43624 43487->43488 43488->43453 43490->43488 43633 7ff746db2314 43490->43633 43491->43481 43632 7ff746db1f70 283 API calls _malloc_crt 43491->43632 43494->43445 43495->43452 43497 7ff746dad531 43496->43497 43498 7ff746da4aaa 43496->43498 43797 7ff746da66c8 283 API calls _getptd_noexit 43497->43797 43498->43449 43502 7ff746da66c8 283 API calls _getptd_noexit 43498->43502 43500 7ff746dad536 43798 7ff746dad340 14 API calls _invalid_parameter_noinfo 43500->43798 43502->43456 43503->43449 43506 7ff746da92ba 43505->43506 43507 7ff746da92cb EnterCriticalSection 43505->43507 43511 7ff746da9368 43506->43511 43512 7ff746da9385 43511->43512 43513 7ff746da939e 43511->43513 43541 7ff746dae6f0 283 API calls 2 library calls 43512->43541 43515 7ff746da92bf 43513->43515 43516 7ff746da93b6 43513->43516 43515->43507 43534 7ff746da5020 43515->43534 43544 7ff746daae18 283 API calls malloc 43516->43544 43517 7ff746da938a 43542 7ff746dae764 283 API calls 8 library calls 43517->43542 43520 7ff746da93c0 43522 7ff746da93d7 43520->43522 43523 7ff746da93c8 43520->43523 43521 7ff746da9394 43543 7ff746da5008 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 43521->43543 43525 7ff746da929c _lock 281 API calls 43522->43525 43545 7ff746da66c8 283 API calls _getptd_noexit 43523->43545 43528 7ff746da93e1 43525->43528 43527 7ff746da93cd 43527->43515 43529 7ff746da93fd 43528->43529 43530 7ff746da93ec InitializeCriticalSectionAndSpinCount 43528->43530 43546 7ff746da5a10 43529->43546 43531 7ff746da9403 LeaveCriticalSection 43530->43531 43531->43515 43533 7ff746da9402 43533->43531 43553 7ff746dae6f0 283 API calls 2 library calls 43534->43553 43536 7ff746da502d 43572 7ff746dae764 283 API calls 8 library calls 43536->43572 43538 7ff746da5034 43554 7ff746da51f8 43538->43554 43541->43517 43542->43521 43544->43520 43545->43527 43547 7ff746da5a15 RtlFreeHeap 43546->43547 43551 7ff746da5a45 free 43546->43551 43548 7ff746da5a30 43547->43548 43547->43551 43552 7ff746da66c8 283 API calls _getptd_noexit 43548->43552 43550 7ff746da5a35 GetLastError 43550->43551 43551->43533 43552->43550 43553->43536 43555 7ff746da929c _lock 275 API calls 43554->43555 43556 7ff746da5226 43555->43556 43557 7ff746da524d DecodePointer 43556->43557 43558 7ff746da5314 doexit 43556->43558 43557->43558 43559 7ff746da526b DecodePointer 43557->43559 43563 7ff746da534a 43558->43563 43592 7ff746da9484 LeaveCriticalSection 43558->43592 43562 7ff746da5290 43559->43562 43562->43558 43565 7ff746da529e EncodePointer 43562->43565 43569 7ff746da52b2 DecodePointer EncodePointer 43562->43569 43566 7ff746da5045 43563->43566 43591 7ff746da9484 LeaveCriticalSection 43563->43591 43564 7ff746da5363 43567 7ff746da4fc4 __crtCorExitProcess GetModuleHandleExW GetProcAddress 43564->43567 43565->43562 43568 7ff746da536b ExitProcess 43567->43568 43573 7ff746d7df90 43569->43573 43572->43538 43574 7ff746d7e09d 43573->43574 43575 7ff746d7dfd7 ListArray 43573->43575 43576 7ff746d7e0d0 WSACleanup 43574->43576 43577 7ff746d7e0df 43574->43577 43575->43574 43578 7ff746d94ae0 282 API calls 43575->43578 43576->43577 43595 7ff746da0fc4 283 API calls 2 library calls 43577->43595 43579 7ff746d7e025 43578->43579 43593 7ff746d815d0 283 API calls 2 library calls 43579->43593 43582 7ff746d7e11e 43596 7ff746da0fc4 283 API calls 2 library calls 43582->43596 43584 7ff746d7e12b 43597 7ff746da0fc4 283 API calls 2 library calls 43584->43597 43586 7ff746d7e138 43588 7ff746da4a30 __strgtold12_l 9 API calls 43586->43588 43587 7ff746d7e05a ListArray 43587->43574 43587->43587 43594 7ff746d84160 283 API calls 2 library calls 43587->43594 43589 7ff746d7e17c DecodePointer DecodePointer 43588->43589 43589->43562 43593->43587 43594->43574 43595->43582 43596->43584 43597->43586 43599 7ff746db259f 43598->43599 43600 7ff746db2587 43598->43600 43602 7ff746db2616 43599->43602 43607 7ff746db25d1 43599->43607 43718 7ff746da6658 283 API calls _getptd_noexit 43600->43718 43723 7ff746da6658 283 API calls _getptd_noexit 43602->43723 43603 7ff746db258c 43719 7ff746da66c8 283 API calls _getptd_noexit 43603->43719 43606 7ff746db261b 43724 7ff746da66c8 283 API calls _getptd_noexit 43606->43724 43657 7ff746dc5ea8 43607->43657 43610 7ff746db2623 43725 7ff746dad340 14 API calls _invalid_parameter_noinfo 43610->43725 43611 7ff746db25d8 43613 7ff746db25f5 43611->43613 43614 7ff746db25e4 43611->43614 43720 7ff746da66c8 283 API calls _getptd_noexit 43613->43720 43665 7ff746db2644 43614->43665 43617 7ff746db25f1 43722 7ff746dc6308 LeaveCriticalSection 43617->43722 43618 7ff746db25fa 43721 7ff746da6658 283 API calls _getptd_noexit 43618->43721 43621 7ff746db2594 43621->43488 43622->43488 43623->43488 43625 7ff746dc1406 43624->43625 43626 7ff746dc13f9 43624->43626 43629 7ff746dc13fe 43625->43629 43787 7ff746da66c8 283 API calls _getptd_noexit 43625->43787 43786 7ff746da66c8 283 API calls _getptd_noexit 43626->43786 43629->43491 43630 7ff746dc143d 43788 7ff746dad340 14 API calls _invalid_parameter_noinfo 43630->43788 43632->43481 43634 7ff746db234f 43633->43634 43635 7ff746db2337 43633->43635 43637 7ff746db23c9 43634->43637 43641 7ff746db2381 43634->43641 43789 7ff746da6658 283 API calls _getptd_noexit 43635->43789 43794 7ff746da6658 283 API calls _getptd_noexit 43637->43794 43638 7ff746db233c 43790 7ff746da66c8 283 API calls _getptd_noexit 43638->43790 43644 7ff746dc5ea8 __lock_fhandle 283 API calls 43641->43644 43642 7ff746db23ce 43795 7ff746da66c8 283 API calls _getptd_noexit 43642->43795 43643 7ff746db2344 43643->43488 43646 7ff746db2388 43644->43646 43648 7ff746db23a6 43646->43648 43649 7ff746db2394 43646->43649 43647 7ff746db23d6 43796 7ff746dad340 14 API calls _invalid_parameter_noinfo 43647->43796 43791 7ff746da66c8 283 API calls _getptd_noexit 43648->43791 43652 7ff746db23f8 _lseeki64_nolock 283 API calls 43649->43652 43653 7ff746db23a1 43652->43653 43793 7ff746dc6308 LeaveCriticalSection 43653->43793 43654 7ff746db23ab 43792 7ff746da6658 283 API calls _getptd_noexit 43654->43792 43658 7ff746dc5f12 EnterCriticalSection 43657->43658 43659 7ff746dc5ee0 43657->43659 43658->43611 43660 7ff746da929c _lock 281 API calls 43659->43660 43661 7ff746dc5eea 43660->43661 43662 7ff746dc5ef2 InitializeCriticalSectionAndSpinCount 43661->43662 43663 7ff746dc5f08 43661->43663 43662->43663 43726 7ff746da9484 LeaveCriticalSection 43663->43726 43667 7ff746db2666 __crtGetStringTypeA_stat 43665->43667 43666 7ff746db268e 43669 7ff746da4a30 __strgtold12_l 9 API calls 43666->43669 43667->43666 43668 7ff746db269a 43667->43668 43671 7ff746db26f6 43667->43671 43732 7ff746da6658 283 API calls _getptd_noexit 43668->43732 43672 7ff746db2d65 43669->43672 43674 7ff746db270b 43671->43674 43735 7ff746db23f8 43671->43735 43672->43617 43673 7ff746db269f 43733 7ff746da66c8 283 API calls _getptd_noexit 43673->43733 43675 7ff746dc13f0 _isatty 271 API calls 43674->43675 43678 7ff746db2712 43675->43678 43680 7ff746db29d6 43678->43680 43727 7ff746db07b0 43678->43727 43679 7ff746db26a6 43734 7ff746dad340 14 API calls _invalid_parameter_noinfo 43679->43734 43682 7ff746db2cb8 WriteFile 43680->43682 43683 7ff746db29ed 43680->43683 43686 7ff746db2cde GetLastError 43682->43686 43710 7ff746db2ba1 43682->43710 43684 7ff746db2ac7 43683->43684 43698 7ff746db29ff 43683->43698 43688 7ff746db2ba6 43684->43688 43702 7ff746db2ad1 43684->43702 43692 7ff746db29a3 43686->43692 43699 7ff746db2bf6 WideCharToMultiByte 43688->43699 43704 7ff746db2d11 43688->43704 43689 7ff746db276b 43689->43680 43690 7ff746db2778 GetConsoleCP 43689->43690 43690->43692 43715 7ff746db2792 _chsize_nolock 43690->43715 43692->43666 43692->43704 43709 7ff746db2d03 43692->43709 43745 7ff746da66c8 283 API calls _getptd_noexit 43692->43745 43693 7ff746db2a49 WriteFile 43693->43686 43693->43698 43694 7ff746db2d3d 43749 7ff746da6658 283 API calls _getptd_noexit 43694->43749 43696 7ff746db2b28 WriteFile 43696->43686 43703 7ff746db2b71 43696->43703 43698->43692 43698->43693 43698->43704 43699->43686 43711 7ff746db2c45 43699->43711 43701 7ff746db2cf8 43746 7ff746da6658 283 API calls _getptd_noexit 43701->43746 43702->43696 43702->43704 43703->43692 43703->43702 43703->43710 43704->43666 43748 7ff746da66c8 283 API calls _getptd_noexit 43704->43748 43705 7ff746db2c47 WriteFile 43708 7ff746db2c91 GetLastError 43705->43708 43705->43711 43708->43711 43747 7ff746da6678 283 API calls 2 library calls 43709->43747 43710->43692 43711->43688 43711->43692 43711->43705 43711->43710 43712 7ff746db2838 WideCharToMultiByte 43712->43692 43713 7ff746db287b WriteFile 43712->43713 43713->43686 43714 7ff746db28b0 43713->43714 43714->43686 43714->43692 43714->43715 43716 7ff746dc6490 WriteConsoleW CreateFileW _putwch_nolock 43714->43716 43717 7ff746db28d4 WriteFile 43714->43717 43715->43692 43715->43712 43715->43714 43744 7ff746db33a8 283 API calls _LocaleUpdate::_LocaleUpdate 43715->43744 43716->43714 43717->43686 43717->43714 43718->43603 43719->43621 43720->43618 43721->43617 43723->43606 43724->43610 43725->43621 43750 7ff746db07d4 GetLastError 43727->43750 43729 7ff746db07bb 43730 7ff746db07cb GetConsoleMode 43729->43730 43731 7ff746da5020 _lock 283 API calls 43729->43731 43730->43680 43730->43689 43731->43730 43732->43673 43733->43679 43734->43666 43767 7ff746dc61e4 43735->43767 43738 7ff746db241d 43779 7ff746da66c8 283 API calls _getptd_noexit 43738->43779 43739 7ff746db242e SetFilePointerEx 43741 7ff746db2422 43739->43741 43742 7ff746db2446 GetLastError 43739->43742 43741->43674 43780 7ff746da6678 283 API calls 2 library calls 43742->43780 43744->43715 43745->43701 43746->43709 43747->43704 43748->43694 43749->43666 43764 7ff746dac228 43750->43764 43752 7ff746db07f1 43753 7ff746db0840 SetLastError 43752->43753 43754 7ff746daad98 _calloc_crt 280 API calls 43752->43754 43753->43729 43755 7ff746db0806 43754->43755 43755->43753 43756 7ff746dac244 _getptd_noexit TlsSetValue 43755->43756 43757 7ff746db081c 43756->43757 43758 7ff746db0823 43757->43758 43759 7ff746db0839 43757->43759 43760 7ff746db0858 _initptd 280 API calls 43758->43760 43761 7ff746da5a10 free 280 API calls 43759->43761 43762 7ff746db082a GetCurrentThreadId 43760->43762 43763 7ff746db083e 43761->43763 43762->43753 43763->43753 43765 7ff746dac238 43764->43765 43766 7ff746dac23b TlsGetValue 43764->43766 43765->43766 43768 7ff746dc61ed 43767->43768 43770 7ff746dc6202 43767->43770 43781 7ff746da6658 283 API calls _getptd_noexit 43768->43781 43775 7ff746db2417 43770->43775 43783 7ff746da6658 283 API calls _getptd_noexit 43770->43783 43771 7ff746dc61f2 43782 7ff746da66c8 283 API calls _getptd_noexit 43771->43782 43774 7ff746dc623c 43784 7ff746da66c8 283 API calls _getptd_noexit 43774->43784 43775->43738 43775->43739 43777 7ff746dc6244 43785 7ff746dad340 14 API calls _invalid_parameter_noinfo 43777->43785 43779->43741 43780->43741 43781->43771 43782->43775 43783->43774 43784->43777 43785->43775 43786->43629 43787->43630 43788->43629 43789->43638 43790->43643 43791->43654 43792->43653 43794->43642 43795->43647 43796->43643 43797->43500 43798->43498 43802 7ff746da7c23 43799->43802 43801 7ff746da7c42 Concurrency::details::GetSharedTimerQueue 43862 7ff746da87f8 43801->43862 43802->43801 43843 7ff746daeb4c DecodePointer 43802->43843 43845 7ff746da5c2c 43802->43845 43805 7ff746da7c80 Concurrency::details::FreeThreadProxyFactory::Create 43867 7ff746db04e8 GetProcessHeap 43805->43867 43807 7ff746da7ced 43808 7ff746da7d13 43807->43808 43810 7ff746da7cff 43807->43810 43811 7ff746da7cfa 43807->43811 43868 7ff746db091c 43808->43868 43955 7ff746dae764 283 API calls 8 library calls 43810->43955 43954 7ff746dae6f0 283 API calls 2 library calls 43811->43954 43816 7ff746da7d09 43956 7ff746da5008 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 43816->43956 43839 7ff746da7d9d 43840 7ff746da5020 _lock 282 API calls 43839->43840 43841 7ff746da7da8 43839->43841 43840->43841 43841->43461 43844 7ff746daeb67 43843->43844 43844->43802 43846 7ff746da5cc0 43845->43846 43854 7ff746da5c44 43845->43854 43847 7ff746daeb4c _callnewh DecodePointer 43846->43847 43849 7ff746da5cc5 43847->43849 43848 7ff746da5c7c HeapAlloc 43852 7ff746da5cb5 43848->43852 43848->43854 43966 7ff746da66c8 283 API calls _getptd_noexit 43849->43966 43852->43802 43853 7ff746da5ca5 43964 7ff746da66c8 283 API calls _getptd_noexit 43853->43964 43854->43848 43854->43853 43857 7ff746daeb4c _callnewh DecodePointer 43854->43857 43858 7ff746da5caa 43854->43858 43859 7ff746da5c5c 43854->43859 43857->43854 43965 7ff746da66c8 283 API calls _getptd_noexit 43858->43965 43859->43848 43961 7ff746dae6f0 283 API calls 2 library calls 43859->43961 43962 7ff746dae764 283 API calls 8 library calls 43859->43962 43963 7ff746da5008 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 43859->43963 43863 7ff746da8878 RtlPcToFileHeader 43862->43863 43864 7ff746da8868 43862->43864 43865 7ff746da88b8 RaiseException 43863->43865 43866 7ff746da889d 43863->43866 43864->43863 43865->43805 43866->43865 43867->43807 43967 7ff746da5124 EncodePointer 43868->43967 43870 7ff746db0927 43972 7ff746da9424 43870->43972 43873 7ff746db098e 43977 7ff746db099c TlsFree _mtterm 43873->43977 43950 7ff746da50be 43951 7ff746da50e1 _IsNonwritableInCurrentImage 43950->43951 44014 7ff746de02d0 43950->44014 44017 7ff746de0300 43950->44017 43951->43839 43954->43810 43955->43816 43961->43859 43962->43859 43964->43858 43965->43852 43966->43852 43968 7ff746da513d _init_pointers 43967->43968 43978 7ff746daeb2c EncodePointer 43968->43978 43970 7ff746da5165 30 API calls 43970->43870 43973 7ff746da943f 43972->43973 43974 7ff746da9445 InitializeCriticalSectionAndSpinCount 43973->43974 43975 7ff746da9470 43973->43975 43974->43973 43975->43873 43976 7ff746dac1f0 TlsAlloc 43975->43976 43978->43970 44013 7ff746da6c35 44013->43950 44036 7ff746d7de90 44014->44036 44072 7ff746d8d780 44017->44072 44022 7ff746da6b41 DecodePointer DecodePointer 44023 7ff746da6b6b 44022->44023 44025 7ff746da6c06 _onexit 44022->44025 44024 7ff746db2ec4 _onexit 278 API calls 44023->44024 44023->44025 44026 7ff746da6b87 44024->44026 44025->44013 44027 7ff746da6be4 EncodePointer EncodePointer 44026->44027 44028 7ff746da6bb4 44026->44028 44029 7ff746da6ba3 44026->44029 44027->44025 44028->44025 44031 7ff746da6bab 44028->44031 44030 7ff746daae94 _realloc_crt 278 API calls 44029->44030 44030->44031 44031->44028 44032 7ff746da6bcc EncodePointer 44031->44032 44033 7ff746daae94 _realloc_crt 278 API calls 44031->44033 44032->44027 44034 7ff746da6bc7 44033->44034 44034->44025 44034->44032 44051 7ff746da0ff0 44036->44051 44038 7ff746d7debf 44039 7ff746d7deca 44038->44039 44062 7ff746da0368 283 API calls std::_Throw_Cpp_error 44038->44062 44041 7ff746da0ff0 _Mtx_init 283 API calls 44039->44041 44042 7ff746d7dedb 44041->44042 44043 7ff746d7dee6 44042->44043 44063 7ff746da0368 283 API calls std::_Throw_Cpp_error 44042->44063 44044 7ff746da0ff0 _Mtx_init 283 API calls 44043->44044 44046 7ff746d7def7 44044->44046 44047 7ff746d7df02 44046->44047 44064 7ff746da0368 283 API calls std::_Throw_Cpp_error 44046->44064 44054 7ff746d73730 44047->44054 44050 7ff746d7df74 44065 7ff746dab0b4 44051->44065 44053 7ff746da1015 Concurrency::details::_NonReentrantPPLLock::_NonReentrantPPLLock 44053->44038 44055 7ff746d73760 44054->44055 44055->44055 44056 7ff746d737a3 44055->44056 44057 7ff746d73770 WSAStartup 44055->44057 44059 7ff746da4a30 __strgtold12_l 9 API calls 44056->44059 44058 7ff746da4a30 __strgtold12_l 9 API calls 44057->44058 44060 7ff746d7379b 44058->44060 44061 7ff746d737b5 44059->44061 44060->44050 44061->44050 44062->44039 44063->44043 44064->44047 44066 7ff746db51bc _calloc_impl 283 API calls 44065->44066 44067 7ff746dab0c9 44066->44067 44068 7ff746da66c8 _errno 283 API calls 44067->44068 44071 7ff746dab0e6 44067->44071 44069 7ff746dab0dc 44068->44069 44070 7ff746da66c8 _errno 283 API calls 44069->44070 44069->44071 44070->44071 44071->44053 44101 7ff746d8d6a0 44072->44101 44075 7ff746d949b0 283 API calls 44076 7ff746d8d7ee 44075->44076 44107 7ff746d74980 44076->44107 44079 7ff746d8da9b 44080 7ff746da4a30 __strgtold12_l 9 API calls 44079->44080 44081 7ff746d8db8b 44080->44081 44081->43950 44083 7ff746d8d929 44084 7ff746d94ae0 283 API calls 44083->44084 44085 7ff746d8d95e 44084->44085 44086 7ff746d949b0 283 API calls 44085->44086 44087 7ff746d8d986 44086->44087 44132 7ff746d73330 283 API calls __strgtold12_l 44087->44132 44089 7ff746d8d99a 44133 7ff746d9bed0 283 API calls 44089->44133 44092 7ff746d8d9ae 44134 7ff746d71f70 283 API calls 3 library calls 44092->44134 44093 7ff746d8da38 44135 7ff746da65a0 283 API calls strtoxl 44093->44135 44095 7ff746d8da51 44136 7ff746da65a0 283 API calls strtoxl 44095->44136 44097 7ff746d8da67 44137 7ff746da65a0 283 API calls strtoxl 44097->44137 44099 7ff746d8da7d 44099->44079 44100 7ff746d949b0 283 API calls 44099->44100 44100->44079 44102 7ff746d8d6f0 ListArray 44101->44102 44102->44102 44103 7ff746d94ae0 283 API calls 44102->44103 44104 7ff746d8d759 44103->44104 44105 7ff746da4a30 __strgtold12_l 9 API calls 44104->44105 44106 7ff746d8d76c 44105->44106 44106->44075 44108 7ff746d74a3a 44107->44108 44111 7ff746d749eb std::ios_base::_Ios_base_dtor _Yarn 44107->44111 44138 7ff746d931b0 44108->44138 44113 7ff746da4a30 __strgtold12_l 9 API calls 44111->44113 44114 7ff746d74c6a 44113->44114 44114->44079 44131 7ff746d913c0 283 API calls 44114->44131 44115 7ff746d74a64 44116 7ff746d71920 283 API calls 44115->44116 44117 7ff746d74aa0 44116->44117 44120 7ff746d74b59 _Yarn ~ListArray 44117->44120 44149 7ff746d92280 44117->44149 44119 7ff746d74ab9 44155 7ff746d92190 44119->44155 44179 7ff746d93480 283 API calls _RunAllParam 44120->44179 44128 7ff746d74b34 44129 7ff746d94ae0 283 API calls 44128->44129 44129->44120 44130 7ff746d71920 283 API calls 44130->44128 44131->44083 44132->44089 44133->44092 44134->44093 44135->44095 44136->44097 44137->44099 44139 7ff746d95780 283 API calls 44138->44139 44140 7ff746d93234 44139->44140 44141 7ff746d98690 283 API calls 44140->44141 44142 7ff746d74a44 44141->44142 44143 7ff746d95df0 44142->44143 44144 7ff746d95e4e 44143->44144 44145 7ff746d95e12 44143->44145 44144->44115 44146 7ff746da0974 283 API calls 44145->44146 44147 7ff746d95e22 44146->44147 44147->44144 44148 7ff746d9cd50 283 API calls 44147->44148 44148->44144 44151 7ff746d922b0 44149->44151 44150 7ff746d95840 283 API calls 44152 7ff746d922c1 44150->44152 44151->44150 44153 7ff746d922f2 44152->44153 44154 7ff746d93d00 283 API calls 44152->44154 44153->44119 44154->44153 44156 7ff746d921c1 44155->44156 44157 7ff746d71920 283 API calls 44156->44157 44158 7ff746d921cc 44157->44158 44159 7ff746d95840 283 API calls 44158->44159 44160 7ff746d921f3 44159->44160 44163 7ff746d74adb 44160->44163 44164 7ff746d93d00 283 API calls 44160->44164 44161 7ff746d92223 44162 7ff746d71920 283 API calls 44161->44162 44161->44163 44162->44163 44165 7ff746d920a0 44163->44165 44164->44161 44168 7ff746d920e8 44165->44168 44166 7ff746d95840 283 API calls 44167 7ff746d920f9 44166->44167 44169 7ff746d92119 44167->44169 44172 7ff746d92480 283 API calls 44167->44172 44168->44166 44170 7ff746d74aeb 44169->44170 44171 7ff746d71920 283 API calls 44169->44171 44173 7ff746d95e90 44170->44173 44171->44170 44172->44169 44174 7ff746d95eb2 44173->44174 44175 7ff746d74b09 44173->44175 44176 7ff746d96010 _RunAllParam 283 API calls 44174->44176 44175->44128 44175->44130 44177 7ff746d95eb7 44176->44177 44178 7ff746da7b50 fclose 283 API calls 44177->44178 44178->44175 44179->44111 44180->43415 44181->43419 44182->43418 44183->43318 44184->43329 44185->43336 44186->43333 44187->43343 44188->43344 44190->43375 44194->43392 44196 7ff746db7424 44197 7ff746db744f 44196->44197 44198 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44197->44198 44199 7ff746db745a 44198->44199 44201 7ff746db7479 Concurrency::details::InternalContextBase::Dispatch 44199->44201 44202 7ff746dcb518 44199->44202 44225 7ff746dab250 InitializeCriticalSectionAndSpinCount 44202->44225 44204 7ff746dcb558 44226 7ff746dca6a0 44204->44226 44206 7ff746dcb59a 44207 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44206->44207 44208 7ff746dcb5ab 44207->44208 44209 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44208->44209 44210 7ff746dcb5bc 44209->44210 44211 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44210->44211 44212 7ff746dcb5cd 44211->44212 44213 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44212->44213 44214 7ff746dcb5de 44213->44214 44215 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44214->44215 44216 7ff746dcb5ef 44215->44216 44217 7ff746dcb61f 44216->44217 44218 7ff746dcb607 GetCurrentThread GetThreadPriority 44216->44218 44237 7ff746db8ce0 44217->44237 44218->44217 44221 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44223 7ff746dcb726 Concurrency::details::HillClimbing::HillClimbing 44221->44223 44241 7ff746db9004 44223->44241 44224 7ff746dcb752 44224->44201 44224->44224 44225->44204 44227 7ff746dca6ac 44226->44227 44228 7ff746dca6ba 44226->44228 44227->44206 44245 7ff746db68b8 283 API calls std::exception::exception 44228->44245 44230 7ff746dca6d9 44231 7ff746da87f8 _CxxThrowException 2 API calls 44230->44231 44232 7ff746dca6ea 44231->44232 44233 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44232->44233 44234 7ff746dca70a 44233->44234 44235 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44234->44235 44236 7ff746dca717 44235->44236 44236->44206 44238 7ff746db8d4d 44237->44238 44240 7ff746db8cf7 _SpinWait 44237->44240 44238->44221 44238->44223 44240->44238 44246 7ff746db963c 44240->44246 44244 7ff746db8f68 _SpinWait 44241->44244 44242 7ff746db8fd5 44242->44224 44243 7ff746db963c Concurrency::details::ResourceManager::InitializeSystemInformation 366 API calls 44243->44242 44244->44242 44244->44243 44245->44230 44247 7ff746db9669 44246->44247 44248 7ff746db9664 44246->44248 44250 7ff746db9680 44247->44250 44278 7ff746db6f3c GetCurrentProcess GetProcessAffinityMask 44247->44278 44262 7ff746dbad54 GetVersionExW 44248->44262 44252 7ff746db9766 44250->44252 44253 7ff746db9696 44250->44253 44254 7ff746db976f 44252->44254 44255 7ff746db9825 44252->44255 44299 7ff746db901c 293 API calls 2 library calls 44253->44299 44300 7ff746db901c 293 API calls 2 library calls 44254->44300 44258 7ff746db9820 44255->44258 44259 7ff746db6f3c Concurrency::details::ResourceManager::CaptureProcessAffinity 356 API calls 44255->44259 44258->44238 44259->44258 44260 7ff746db96a0 Concurrency::details::ResourceManager::ApplyAffinityRestrictions 44260->44258 44296 7ff746db70b4 44260->44296 44263 7ff746dbae29 std::bad_exception::bad_exception 44262->44263 44264 7ff746dbad88 44262->44264 44267 7ff746da87f8 _CxxThrowException 2 API calls 44263->44267 44265 7ff746dbae44 std::bad_exception::bad_exception 44264->44265 44268 7ff746dbad91 44264->44268 44272 7ff746da87f8 _CxxThrowException 2 API calls 44265->44272 44266 7ff746dbadb9 44271 7ff746da4a30 __strgtold12_l 9 API calls 44266->44271 44267->44265 44268->44266 44301 7ff746db5ef4 GetModuleHandleW GetProcAddress GetProcAddress 44268->44301 44270 7ff746dbae14 44313 7ff746dccb44 GetModuleHandleW GetProcAddress 44270->44313 44274 7ff746dbadd3 44271->44274 44275 7ff746dbae67 44272->44275 44274->44247 44276 7ff746dbae19 44276->44266 44415 7ff746dcd1f8 LoadLibraryExW 44276->44415 44279 7ff746db6fb6 44278->44279 44280 7ff746db6f87 GetLastError 44278->44280 44283 7ff746db7040 44279->44283 44284 7ff746db6fd4 GetCurrentThread 44279->44284 44295 7ff746db7021 44279->44295 44281 7ff746db6fa5 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44280->44281 44286 7ff746da87f8 _CxxThrowException 2 API calls 44281->44286 44282 7ff746da4a30 __strgtold12_l 9 API calls 44285 7ff746db70a3 44282->44285 44287 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44283->44287 44432 7ff746db6a60 80 API calls Concurrency::details::platform::__GetThreadGroupAffinity 44284->44432 44285->44250 44286->44279 44289 7ff746db704c 44287->44289 44292 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44289->44292 44289->44295 44290 7ff746db6fe7 44291 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44290->44291 44293 7ff746db6ff3 44291->44293 44292->44295 44294 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44293->44294 44294->44295 44295->44282 44297 7ff746da5a10 free 283 API calls 44296->44297 44298 7ff746db70c4 44297->44298 44298->44258 44299->44260 44300->44260 44302 7ff746db5fd0 GetLastError 44301->44302 44304 7ff746db5f3d Concurrency::details::platform::InitializeSystemFunctionPointers 44301->44304 44303 7ff746db5fee Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44302->44303 44305 7ff746da87f8 _CxxThrowException 2 API calls 44303->44305 44304->44302 44307 7ff746db5f5d GetModuleHandleW GetProcAddress 44304->44307 44306 7ff746db5fff 44305->44306 44308 7ff746db5fa0 GetLastError 44307->44308 44309 7ff746db5f86 Concurrency::details::platform::InitializeSystemFunctionPointers 44307->44309 44310 7ff746db5fbe Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44308->44310 44309->44270 44311 7ff746da87f8 _CxxThrowException 2 API calls 44310->44311 44312 7ff746db5fcf 44311->44312 44312->44302 44314 7ff746dccb82 Concurrency::details::platform::InitializeSystemFunctionPointers 44313->44314 44315 7ff746dccebd GetLastError 44313->44315 44317 7ff746dccb8a GetModuleHandleW GetProcAddress 44314->44317 44316 7ff746dccedb Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44315->44316 44320 7ff746da87f8 _CxxThrowException 2 API calls 44316->44320 44318 7ff746dccbb3 Concurrency::details::platform::InitializeSystemFunctionPointers 44317->44318 44319 7ff746dcceed GetLastError 44317->44319 44323 7ff746dccbbb GetModuleHandleW GetProcAddress 44318->44323 44322 7ff746dccf0a Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44319->44322 44321 7ff746dcceec 44320->44321 44321->44319 44326 7ff746da87f8 _CxxThrowException 2 API calls 44322->44326 44324 7ff746dccbe4 Concurrency::details::platform::InitializeSystemFunctionPointers 44323->44324 44325 7ff746dccf1b GetLastError 44323->44325 44329 7ff746dccbec GetModuleHandleW GetProcAddress 44324->44329 44328 7ff746dccf38 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44325->44328 44327 7ff746dccf1a 44326->44327 44327->44325 44330 7ff746da87f8 _CxxThrowException 2 API calls 44328->44330 44331 7ff746dccc15 Concurrency::details::platform::InitializeSystemFunctionPointers 44329->44331 44332 7ff746dccf49 GetLastError 44329->44332 44333 7ff746dccf48 44330->44333 44335 7ff746dccc1d GetModuleHandleW GetProcAddress 44331->44335 44334 7ff746dccf69 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44332->44334 44333->44332 44336 7ff746da87f8 _CxxThrowException 2 API calls 44334->44336 44337 7ff746dccc46 Concurrency::details::platform::InitializeSystemFunctionPointers 44335->44337 44338 7ff746dccf7d GetLastError 44335->44338 44339 7ff746dccf7c 44336->44339 44341 7ff746dccc4e GetModuleHandleW GetProcAddress 44337->44341 44340 7ff746dccf9a Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44338->44340 44339->44338 44344 7ff746da87f8 _CxxThrowException 2 API calls 44340->44344 44342 7ff746dccfab GetLastError 44341->44342 44343 7ff746dccc77 Concurrency::details::platform::InitializeSystemFunctionPointers 44341->44343 44346 7ff746dccfcb Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44342->44346 44347 7ff746dccc7f GetModuleHandleW GetProcAddress 44343->44347 44345 7ff746dccfaa 44344->44345 44345->44342 44348 7ff746da87f8 _CxxThrowException 2 API calls 44346->44348 44349 7ff746dccfdf GetLastError 44347->44349 44350 7ff746dccca8 Concurrency::details::platform::InitializeSystemFunctionPointers 44347->44350 44351 7ff746dccfde 44348->44351 44352 7ff746dccffc Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44349->44352 44353 7ff746dcccb0 GetModuleHandleW GetProcAddress 44350->44353 44351->44349 44354 7ff746da87f8 _CxxThrowException 2 API calls 44352->44354 44355 7ff746dcd00d GetLastError 44353->44355 44356 7ff746dcccd9 Concurrency::details::platform::InitializeSystemFunctionPointers 44353->44356 44357 7ff746dcd00c 44354->44357 44358 7ff746dcd02d Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44355->44358 44359 7ff746dccce1 GetModuleHandleW GetProcAddress 44356->44359 44357->44355 44362 7ff746da87f8 _CxxThrowException 2 API calls 44358->44362 44360 7ff746dcd041 GetLastError 44359->44360 44361 7ff746dccd0a Concurrency::details::platform::InitializeSystemFunctionPointers 44359->44361 44364 7ff746dcd05f Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44360->44364 44365 7ff746dccd12 GetModuleHandleW GetProcAddress 44361->44365 44363 7ff746dcd040 44362->44363 44363->44360 44368 7ff746da87f8 _CxxThrowException 2 API calls 44364->44368 44366 7ff746dcd071 GetLastError 44365->44366 44367 7ff746dccd3b Concurrency::details::platform::InitializeSystemFunctionPointers 44365->44367 44370 7ff746dcd08f Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44366->44370 44371 7ff746dccd43 GetModuleHandleW GetProcAddress 44367->44371 44369 7ff746dcd070 44368->44369 44369->44366 44372 7ff746da87f8 _CxxThrowException 2 API calls 44370->44372 44373 7ff746dcd0a1 GetLastError 44371->44373 44374 7ff746dccd6c Concurrency::details::platform::InitializeSystemFunctionPointers 44371->44374 44375 7ff746dcd0a0 44372->44375 44376 7ff746dcd0be Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44373->44376 44377 7ff746dccd74 GetModuleHandleW GetProcAddress 44374->44377 44375->44373 44380 7ff746da87f8 _CxxThrowException 2 API calls 44376->44380 44378 7ff746dcd0cf GetLastError 44377->44378 44379 7ff746dccd9d Concurrency::details::platform::InitializeSystemFunctionPointers 44377->44379 44382 7ff746dcd0ec Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44378->44382 44383 7ff746dccda5 GetModuleHandleW GetProcAddress 44379->44383 44381 7ff746dcd0ce 44380->44381 44381->44378 44386 7ff746da87f8 _CxxThrowException 2 API calls 44382->44386 44384 7ff746dcd0fd GetLastError 44383->44384 44385 7ff746dccdce Concurrency::details::platform::InitializeSystemFunctionPointers 44383->44385 44387 7ff746dcd11a Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44384->44387 44389 7ff746dccdd6 GetModuleHandleW GetProcAddress 44385->44389 44388 7ff746dcd0fc 44386->44388 44390 7ff746da87f8 _CxxThrowException 2 API calls 44387->44390 44388->44384 44391 7ff746dccdff Concurrency::details::platform::InitializeSystemFunctionPointers 44389->44391 44392 7ff746dcd12b GetLastError 44389->44392 44393 7ff746dcd12a 44390->44393 44395 7ff746dcce07 GetModuleHandleW GetProcAddress 44391->44395 44394 7ff746dcd148 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44392->44394 44393->44392 44396 7ff746da87f8 _CxxThrowException 2 API calls 44394->44396 44397 7ff746dcce30 Concurrency::details::platform::InitializeSystemFunctionPointers 44395->44397 44398 7ff746dcd159 GetLastError 44395->44398 44399 7ff746dcd158 44396->44399 44401 7ff746dcce38 GetModuleHandleW GetProcAddress 44397->44401 44400 7ff746dcd179 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44398->44400 44399->44398 44402 7ff746da87f8 _CxxThrowException 2 API calls 44400->44402 44403 7ff746dcce61 Concurrency::details::platform::InitializeSystemFunctionPointers 44401->44403 44404 7ff746dcd18d GetLastError 44401->44404 44406 7ff746dcd18c 44402->44406 44407 7ff746dcce69 GetModuleHandleW GetProcAddress 44403->44407 44405 7ff746dcd1ad Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44404->44405 44410 7ff746da87f8 _CxxThrowException 2 API calls 44405->44410 44406->44404 44408 7ff746dcd1c1 GetLastError 44407->44408 44409 7ff746dcce92 Concurrency::details::platform::InitializeSystemFunctionPointers 44407->44409 44412 7ff746dcd1e1 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44408->44412 44409->44276 44411 7ff746dcd1c0 44410->44411 44411->44408 44413 7ff746da87f8 _CxxThrowException 2 API calls 44412->44413 44414 7ff746dcd1f4 44413->44414 44416 7ff746dcd220 GetModuleHandleW GetProcAddress 44415->44416 44417 7ff746dcd29d GetLastError 44415->44417 44419 7ff746dcd246 Concurrency::details::platform::InitializeSystemFunctionPointers 44416->44419 44420 7ff746dcd2cd GetLastError 44416->44420 44418 7ff746dcd2bb Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44417->44418 44423 7ff746da87f8 _CxxThrowException 2 API calls 44418->44423 44422 7ff746dcd24e GetModuleHandleW GetProcAddress 44419->44422 44421 7ff746dcd2eb Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44420->44421 44426 7ff746da87f8 _CxxThrowException 2 API calls 44421->44426 44424 7ff746dcd2fd GetLastError 44422->44424 44428 7ff746dcd27b Concurrency::details::platform::InitializeSystemFunctionPointers 44422->44428 44425 7ff746dcd2cc 44423->44425 44427 7ff746dcd31b Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44424->44427 44425->44420 44429 7ff746dcd2fc 44426->44429 44430 7ff746da87f8 _CxxThrowException 2 API calls 44427->44430 44428->44266 44429->44424 44431 7ff746dcd32c 44430->44431 44432->44290 44433 7ff746da0e5c 44434 7ff746da0ebf 44433->44434 44435 7ff746da0e91 GetCurrentThreadId 44433->44435 44436 7ff746da0ec4 GetCurrentThreadId 44434->44436 44441 7ff746da0ee1 44434->44441 44437 7ff746da0e9f 44435->44437 44451 7ff746da0eb4 44435->44451 44438 7ff746da0ed6 44436->44438 44439 7ff746da0edf 44436->44439 44442 7ff746dab9f0 Concurrency::critical_section::lock 446 API calls 44437->44442 44455 7ff746dab9f0 44438->44455 44446 7ff746da0f96 GetCurrentThreadId 44439->44446 44439->44451 44440 7ff746da0f42 GetCurrentThreadId 44440->44439 44445 7ff746da0f50 44440->44445 44441->44440 44453 7ff746da0eef _Xtime_diff_to_millis2 44441->44453 44443 7ff746da0ea8 GetCurrentThreadId 44442->44443 44443->44451 44462 7ff746daba2c 444 API calls 2 library calls 44445->44462 44446->44451 44447 7ff746da4a30 __strgtold12_l 9 API calls 44450 7ff746da0fb1 44447->44450 44451->44447 44452 7ff746da0f13 GetCurrentThreadId 44452->44439 44452->44453 44453->44439 44453->44451 44453->44452 44460 7ff746da2d6c GetSystemTimeAsFileTime _Xtime_get_ticks 44453->44460 44461 7ff746dabacc 446 API calls 4 library calls 44453->44461 44463 7ff746dab0f8 44455->44463 44459 7ff746daba16 Concurrency::critical_section::_Switch_to_active 44459->44439 44460->44453 44461->44453 44462->44439 44464 7ff746dab13d TlsGetValue 44463->44464 44465 7ff746dab14e 44463->44465 44464->44465 44466 7ff746dab153 44464->44466 44480 7ff746dbc8dc 44465->44480 44468 7ff746dab1b0 44466->44468 44485 7ff746db8ff4 78 API calls 2 library calls 44466->44485 44479 7ff746dab524 443 API calls 4 library calls 44468->44479 44470 7ff746dab160 44471 7ff746dab180 44470->44471 44476 7ff746dab165 Concurrency::details::GetSharedTimerQueue 44470->44476 44486 7ff746dc04b0 3 API calls 3 library calls 44471->44486 44473 7ff746dab185 CreateTimerQueueTimer 44473->44468 44474 7ff746dab209 Concurrency::details::GetSharedTimerQueue 44473->44474 44475 7ff746da87f8 _CxxThrowException 2 API calls 44474->44475 44477 7ff746dab24e 44475->44477 44476->44468 44478 7ff746da87f8 _CxxThrowException 2 API calls 44476->44478 44478->44474 44479->44459 44487 7ff746dbd348 44480->44487 44482 7ff746dbc8eb 44495 7ff746dbc274 TlsGetValue 44482->44495 44485->44470 44486->44473 44488 7ff746dbd370 _SpinWait Concurrency::details::SchedulerBase::SafeReference 44487->44488 44494 7ff746dbd3eb Concurrency::details::InternalContextBase::Dispatch 44488->44494 44509 7ff746dca5a8 44488->44509 44490 7ff746dbd3bb Concurrency::SchedulerPolicy::operator= 44512 7ff746dbc940 44490->44512 44494->44482 44496 7ff746dbc2bd 44495->44496 44497 7ff746dbc29d 44495->44497 44630 7ff746dbd41c InterlockedPopEntrySList 44496->44630 44498 7ff746dbc2a3 44497->44498 44499 7ff746dbc2f9 std::bad_exception::bad_exception 44497->44499 44500 7ff746dbc2b5 44498->44500 44638 7ff746dd05ac 301 API calls 4 library calls 44498->44638 44504 7ff746da87f8 _CxxThrowException 2 API calls 44499->44504 44639 7ff746dc86c8 TlsSetValue 44500->44639 44507 7ff746dbc314 44504->44507 44541 7ff746dca73c 44509->44541 44511 7ff746dca5d0 44511->44490 44559 7ff746dca99c 44512->44559 44519 7ff746dbda9c 44590 7ff746db741c 44519->44590 44521 7ff746dbdadb Concurrency::details::SchedulerBase::Initialize 44522 7ff746db9004 Concurrency::details::SchedulerBase::Initialize 366 API calls 44521->44522 44523 7ff746dbdaf2 GetNumaHighestNodeNumber 44522->44523 44524 7ff746dbdb03 GetLastError 44523->44524 44535 7ff746dbdb30 Concurrency::details::QuickBitSet::Grow ~ListArray Concurrency::details::SchedulerBase::Initialize ListArray 44523->44535 44525 7ff746dbdb20 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44524->44525 44526 7ff746da87f8 _CxxThrowException 2 API calls 44525->44526 44526->44535 44528 7ff746da7c18 283 API calls Concurrency::details::FreeThreadProxyFactory::Create 44528->44535 44529 7ff746dbdfe4 283 API calls Concurrency::details::SchedulerBase::Initialize 44529->44535 44530 7ff746dbde83 Concurrency::details::QuickBitSet::Grow Concurrency::details::SchedulerBase::GetValidSchedulingRingIndex Concurrency::details::ReferenceCountedQuickBitSet::Grow 44603 7ff746dac1a4 CreateSemaphoreW 44530->44603 44535->44528 44535->44529 44535->44530 44601 7ff746dd1260 286 API calls 2 library calls 44535->44601 44602 7ff746dced00 285 API calls 2 library calls 44535->44602 44542 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44541->44542 44543 7ff746dca76f Concurrency::SchedulerPolicy::_ValidPolicyValue 44542->44543 44544 7ff746dca87b 44543->44544 44549 7ff746da87f8 RtlPcToFileHeader RaiseException _CxxThrowException 44543->44549 44557 7ff746db68b8 283 API calls std::exception::exception 44543->44557 44558 7ff746db6908 283 API calls std::exception::exception 44543->44558 44552 7ff746dca6ec 44544->44552 44547 7ff746dca8a2 Concurrency::SchedulerPolicy::_ResolvePolicyValues 44547->44511 44548 7ff746dca883 std::bad_exception::bad_exception 44548->44547 44551 7ff746da87f8 _CxxThrowException 2 API calls 44548->44551 44549->44543 44551->44547 44553 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44552->44553 44554 7ff746dca70a 44553->44554 44555 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44554->44555 44556 7ff746dca717 44555->44556 44556->44548 44557->44543 44558->44543 44560 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44559->44560 44561 7ff746dca9af 44560->44561 44562 7ff746dca9b3 44561->44562 44563 7ff746dca9ca 44561->44563 44564 7ff746dca6a0 Concurrency::details::InternalContextBase::Dispatch 283 API calls 44562->44564 44585 7ff746db6908 283 API calls std::exception::exception 44563->44585 44566 7ff746dca9c0 44564->44566 44569 7ff746dbc94e 44566->44569 44586 7ff746db6908 283 API calls std::exception::exception 44566->44586 44567 7ff746dca9db 44568 7ff746da87f8 _CxxThrowException 2 API calls 44567->44568 44568->44566 44574 7ff746dbc46c 44569->44574 44571 7ff746dca9fe 44572 7ff746da87f8 _CxxThrowException 2 API calls 44571->44572 44573 7ff746dcaa0f 44572->44573 44575 7ff746dbc494 _SpinWait 44574->44575 44576 7ff746dbc4f1 44575->44576 44577 7ff746dbc4e0 44575->44577 44587 7ff746dcdcb4 293 API calls 4 library calls 44575->44587 44580 7ff746dd3e7c 44576->44580 44577->44576 44588 7ff746dbe39c 6 API calls 3 library calls 44577->44588 44581 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44580->44581 44582 7ff746dd3e98 44581->44582 44583 7ff746dbc95b 44582->44583 44589 7ff746dd3d88 298 API calls Concurrency::details::SchedulerBase::SchedulerBase 44582->44589 44583->44519 44585->44567 44586->44571 44587->44577 44588->44576 44589->44583 44592 7ff746db749c _SpinWait 44590->44592 44591 7ff746db74fb 44593 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44591->44593 44592->44591 44595 7ff746db7520 Concurrency::details::platform::InitializeSystemFunctionPointers 44592->44595 44594 7ff746db7505 44593->44594 44599 7ff746db7517 Concurrency::details::platform::InitializeSystemFunctionPointers 44594->44599 44604 7ff746db6a8c 44594->44604 44597 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44595->44597 44595->44599 44598 7ff746db7545 44597->44598 44598->44599 44600 7ff746db6a8c Concurrency::details::ResourceManager::ResourceManager 371 API calls 44598->44600 44599->44521 44600->44599 44601->44535 44602->44535 44620 7ff746dab250 InitializeCriticalSectionAndSpinCount 44604->44620 44606 7ff746db6ad0 44621 7ff746dcd368 44606->44621 44609 7ff746db963c Concurrency::details::ResourceManager::InitializeSystemInformation 366 API calls 44610 7ff746db6b14 44609->44610 44628 7ff746db7678 283 API calls 3 library calls 44610->44628 44612 7ff746db6b1c 44613 7ff746db6b25 44612->44613 44614 7ff746db6b2e VirtualAlloc 44612->44614 44616 7ff746db6b93 CreateEventW 44613->44616 44615 7ff746db6b51 Concurrency::details::GetSharedTimerQueue 44614->44615 44619 7ff746db6b8f 44614->44619 44618 7ff746da87f8 _CxxThrowException 2 API calls 44615->44618 44617 7ff746db6bc5 44616->44617 44617->44599 44618->44619 44619->44616 44620->44606 44629 7ff746dab250 InitializeCriticalSectionAndSpinCount 44621->44629 44623 7ff746dcd390 TlsAlloc 44624 7ff746db6b0c 44623->44624 44625 7ff746dcd39f GetLastError 44623->44625 44624->44609 44626 7ff746dcd3bd Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44625->44626 44627 7ff746da87f8 _CxxThrowException 2 API calls 44626->44627 44627->44624 44628->44612 44629->44623 44631 7ff746dbd457 44630->44631 44632 7ff746dbd47e 44630->44632 44634 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44631->44634 44654 7ff746dd3ae0 GetCurrentThreadId 44632->44654 44636 7ff746dbd461 44634->44636 44635 7ff746dbc2d8 44640 7ff746dc8d3c TlsSetValue 44635->44640 44636->44635 44641 7ff746dd3758 44636->44641 44675 7ff746dc7df8 44641->44675 44644 7ff746dd37e4 Concurrency::details::VirtualProcessor::ExerciseClaim 44647 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44644->44647 44645 7ff746dd37b5 GetLastError 44646 7ff746dd37d3 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44645->44646 44648 7ff746da87f8 _CxxThrowException 2 API calls 44646->44648 44649 7ff746dd37fc 44647->44649 44648->44644 44679 7ff746dd1d00 44649->44679 44652 7ff746dd3ae0 Concurrency::details::ExternalContextBase::PrepareForUse 91 API calls 44653 7ff746dd383d 44652->44653 44653->44635 44655 7ff746dd3b14 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 44654->44655 44656 7ff746dd3bb0 44654->44656 44657 7ff746dd3b5b 44655->44657 44658 7ff746dd3bc7 GetLastError 44655->44658 44656->44635 44684 7ff746db8ff4 78 API calls 2 library calls 44657->44684 44659 7ff746dd3be5 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44658->44659 44662 7ff746da87f8 _CxxThrowException 2 API calls 44659->44662 44661 7ff746dd3b60 44663 7ff746dd3b85 RegisterWaitForSingleObject 44661->44663 44664 7ff746dd3b65 44661->44664 44668 7ff746dd3b77 44662->44668 44663->44656 44666 7ff746dd3c27 GetLastError 44663->44666 44685 7ff746db65e4 15 API calls 3 library calls 44664->44685 44667 7ff746dd3c45 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44666->44667 44671 7ff746da87f8 _CxxThrowException 2 API calls 44667->44671 44668->44656 44669 7ff746dd3bf7 GetLastError 44668->44669 44670 7ff746dd3c15 Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error 44669->44670 44673 7ff746da87f8 _CxxThrowException 2 API calls 44670->44673 44672 7ff746dd3c56 44671->44672 44674 7ff746dd3c26 44673->44674 44674->44666 44677 7ff746dc7e77 Concurrency::details::ContextBase::ContextBase ListArray 44675->44677 44676 7ff746dc7f35 CreateEventW 44676->44644 44676->44645 44677->44676 44683 7ff746dc929c EncodePointer ListArray Concurrency::details::Etw::Trace 44677->44683 44681 7ff746dd1d2d _SpinWait ListArray 44679->44681 44680 7ff746dd1e52 44680->44652 44681->44680 44682 7ff746da7c18 Concurrency::details::FreeThreadProxyFactory::Create 283 API calls 44681->44682 44682->44681 44683->44676 44684->44661 44685->44668

      Executed Functions

      Function 00007FF746D8E053 Relevance: 85.0, APIs: 2, Strings: 54, Instructions: 1009COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: memchr$Mtx_unlock
      • String ID: days$ seconds$'licString' is the license string of the product to be licensed$'privNum' is the private number of the product (can be set to - to ignore for certain actions)$'productName' is the name of the product to be validated or licensed (this is the filename of the license file without extension)$'version' is the optional version of the product to be licensed$('licString' can be set to - to unlicense a product)$('licString' can be set to -content to retrieve the current content of the license file as a string)$('licString' can be set to PID@REMOTE to request a floating license - replace PID with the product ID on the server)$) / $-auth_check_days$-auth_check_days [numDays] sets the online activation check interval in days$-check$-force_online$-force_online enables forced online activation$-license$-multi$-multi enables support for multi-licenses$-offline_support$-online$-online enables online checks$-timeout$-timeout [timeout] sets the online activation timeout in milliseconds$-unauth_check_days$-unauth_check_days [numDays] sets the online activation grace period in days$-url$-url [URL] sets the online check URL to use$-web$.43 ($2000$20241006$AESCRIPTSLICLIB 4.1.3$Forced online activation active$License checker mode call syntax:$Licenser mode call syntax:$Offline licensing support active$Online check active$Online check inactive$Setting online activation check interval to $Setting online activation grace period to $Setting online activation timeout to $Support for multi-licenses active$The following additional flags can be appended to the command line to enable specific features:$The tool can also be run in 'licenser' or 'license checker' mode$Using online check URL $aescriptsLicTool_Verbose$aescriptsLicTool_Verbose productName - [licString] [version] -check$aescriptsLicTool_Verbose productName - [licString] [version] -license$t$usage: aescriptsLicTool_Verbose productName privNum [licString] [version]$|||||||||$%$&;$6;
      • API String ID: 3101769438-276666048
      • Opcode ID: 2a67cadb1012ae0152ac74b0451cecdfbdab6efe015fe0c4970de11ac9beb21d
      • Instruction ID: dc47c7cfea6932e1c2aeac163dd6fca7fbc13e681658dd384db8bf6c161f075d
      • Opcode Fuzzy Hash: 2a67cadb1012ae0152ac74b0451cecdfbdab6efe015fe0c4970de11ac9beb21d
      • Instruction Fuzzy Hash: 96A25C61A1C696C5EF24BB25DC543FBE391FF46B88FC40031D50E4B696EE6CE5098B60
      Function 00007FF746DB2644 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 694 7ff746db2644-7ff746db268c call 7ff746db5010 697 7ff746db2695-7ff746db2698 694->697 698 7ff746db268e-7ff746db2690 694->698 700 7ff746db26b9-7ff746db26eb 697->700 701 7ff746db269a-7ff746db26b4 call 7ff746da6658 call 7ff746da66c8 call 7ff746dad340 697->701 699 7ff746db2d56-7ff746db2d7f call 7ff746da4a30 698->699 704 7ff746db26f6-7ff746db26fc 700->704 705 7ff746db26ed-7ff746db26f4 700->705 701->699 708 7ff746db26fe-7ff746db2706 call 7ff746db23f8 704->708 709 7ff746db270b-7ff746db2714 call 7ff746dc13f0 704->709 705->701 705->704 708->709 715 7ff746db29d6-7ff746db29e7 709->715 716 7ff746db271a-7ff746db272b 709->716 718 7ff746db2cb8-7ff746db2cd4 WriteFile 715->718 719 7ff746db29ed-7ff746db29f9 715->719 716->715 720 7ff746db2731-7ff746db2765 call 7ff746db07b0 GetConsoleMode 716->720 725 7ff746db2cd6-7ff746db2cdc 718->725 726 7ff746db2cde-7ff746db2ce4 GetLastError 718->726 722 7ff746db29ff-7ff746db2a02 719->722 723 7ff746db2ac7-7ff746db2acb 719->723 720->715 735 7ff746db276b-7ff746db276d 720->735 727 7ff746db2d16-7ff746db2d2c 722->727 728 7ff746db2a08 722->728 731 7ff746db2ad1-7ff746db2ad4 723->731 732 7ff746db2ba6-7ff746db2ba9 723->732 730 7ff746db2ce6-7ff746db2ce8 725->730 726->730 736 7ff746db2d38-7ff746db2d48 call 7ff746da66c8 call 7ff746da6658 727->736 737 7ff746db2d2e-7ff746db2d32 727->737 734 7ff746db2a0b-7ff746db2a16 728->734 739 7ff746db2d50-7ff746db2d54 730->739 740 7ff746db2cea-7ff746db2cec 730->740 731->727 733 7ff746db2ada 731->733 732->727 738 7ff746db2baf 732->738 741 7ff746db2adf-7ff746db2aea 733->741 742 7ff746db2a18-7ff746db2a21 734->742 743 7ff746db276f-7ff746db2772 735->743 744 7ff746db2778-7ff746db278c GetConsoleCP 735->744 736->739 737->698 737->736 745 7ff746db2bb5-7ff746db2bba 738->745 739->699 740->727 747 7ff746db2cee-7ff746db2cf1 740->747 750 7ff746db2aec-7ff746db2af5 741->750 751 7ff746db2a23-7ff746db2a2c 742->751 752 7ff746db2a49-7ff746db2a8c WriteFile 742->752 743->715 743->744 753 7ff746db2792-7ff746db2795 744->753 754 7ff746db29cd-7ff746db29d1 744->754 755 7ff746db2bbc-7ff746db2bc5 745->755 748 7ff746db2cf3-7ff746db2d03 call 7ff746da66c8 call 7ff746da6658 747->748 749 7ff746db2d0a-7ff746db2d11 call 7ff746da6678 747->749 748->749 749->727 758 7ff746db2af7-7ff746db2b04 750->758 759 7ff746db2b28-7ff746db2b6b WriteFile 750->759 761 7ff746db2a38-7ff746db2a47 751->761 762 7ff746db2a2e-7ff746db2a35 751->762 752->726 765 7ff746db2a92-7ff746db2aa8 752->765 763 7ff746db291f-7ff746db2924 753->763 764 7ff746db279b-7ff746db27ba 753->764 754->740 766 7ff746db2bf6-7ff746db2c3f WideCharToMultiByte 755->766 767 7ff746db2bc7-7ff746db2bd4 755->767 774 7ff746db2b06-7ff746db2b10 758->774 775 7ff746db2b14-7ff746db2b26 758->775 759->726 776 7ff746db2b71-7ff746db2b87 759->776 761->742 761->752 762->761 769 7ff746db2926-7ff746db2942 763->769 770 7ff746db2944 763->770 778 7ff746db27dc-7ff746db27e6 call 7ff746db33a8 764->778 779 7ff746db27bc-7ff746db27da 764->779 765->730 780 7ff746db2aae-7ff746db2abc 765->780 766->726 773 7ff746db2c45 766->773 781 7ff746db2be2-7ff746db2bf4 767->781 782 7ff746db2bd6-7ff746db2bde 767->782 785 7ff746db2949-7ff746db294e 769->785 770->785 783 7ff746db2c47-7ff746db2c81 WriteFile 773->783 774->775 775->750 775->759 776->730 787 7ff746db2b8d-7ff746db2b9b 776->787 803 7ff746db27e8-7ff746db27f5 778->803 804 7ff746db281c-7ff746db2822 778->804 788 7ff746db2825-7ff746db2832 call 7ff746dc6488 779->788 780->734 784 7ff746db2ac2 780->784 781->755 781->766 782->781 792 7ff746db2c91-7ff746db2c99 GetLastError 783->792 793 7ff746db2c83-7ff746db2c8d 783->793 784->730 790 7ff746db298f 785->790 791 7ff746db2950-7ff746db295f call 7ff746dc6490 785->791 787->741 796 7ff746db2ba1 787->796 809 7ff746db29c4-7ff746db29c8 788->809 810 7ff746db2838-7ff746db2875 WideCharToMultiByte 788->810 802 7ff746db2994-7ff746db299c 790->802 791->726 815 7ff746db2965-7ff746db296b 791->815 799 7ff746db2c9d-7ff746db2c9f 792->799 793->783 798 7ff746db2c8f 793->798 796->730 798->799 799->730 808 7ff746db2ca1-7ff746db2cb0 799->808 802->809 811 7ff746db299e 802->811 805 7ff746db29a3-7ff746db29bb 803->805 806 7ff746db27fb-7ff746db2811 call 7ff746dc6488 803->806 804->788 805->809 806->809 819 7ff746db2817-7ff746db281a 806->819 808->745 813 7ff746db2cb6 808->813 809->730 810->809 814 7ff746db287b-7ff746db28aa WriteFile 810->814 811->753 813->730 814->726 818 7ff746db28b0-7ff746db28be 814->818 815->790 817 7ff746db296d-7ff746db2983 call 7ff746dc6490 815->817 817->726 825 7ff746db2989-7ff746db298b 817->825 818->809 820 7ff746db28c4-7ff746db28ce 818->820 819->810 820->802 823 7ff746db28d4-7ff746db2906 WriteFile 820->823 823->726 824 7ff746db290c-7ff746db2911 823->824 824->809 826 7ff746db2917-7ff746db291d 824->826 825->790 826->802
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: __doserrno_errno_invalid_parameter_noinfo
      • String ID: U
      • API String ID: 3902385426-4171548499
      • Opcode ID: 310e5d689b6c9005fc2c29a6e7927e47ab9f9910382af6568becb401648d8fdb
      • Instruction ID: 14881e2b5f23db94d2a7757a4a5ab4c467df392053c665a17ee5e1823ca8b1b2
      • Opcode Fuzzy Hash: 310e5d689b6c9005fc2c29a6e7927e47ab9f9910382af6568becb401648d8fdb
      • Instruction Fuzzy Hash: 59127C63A1C642D6EF20BF25E84437BE7A1FB89B44F940136DA4D42A98DF3DE545CB20
      Function 00007FF746DC5644 Relevance: 48.6, APIs: 32, Instructions: 573COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
      • String ID:
      • API String ID: 388111225-0
      • Opcode ID: b1aebb7bc750ed6bd965db0952ebf2d304918c80961731e59570ffc347a6a6d3
      • Instruction ID: 626d4cc90850efa0d5a0c85a657f71b5dca1af69ec5a582d155817a3df6d9109
      • Opcode Fuzzy Hash: b1aebb7bc750ed6bd965db0952ebf2d304918c80961731e59570ffc347a6a6d3
      • Instruction Fuzzy Hash: DD320122A1C68AC5EF10BF298C802BEEB90EB51754FD48635CA1E43795DF2DE8118B71
      Function 00007FF746DA7C18 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 827 7ff746da7c18-7ff746da7c21 828 7ff746da7c32-7ff746da7c3a call 7ff746da5c2c 827->828 831 7ff746da7c42-7ff746da7ca6 call 7ff746da4d3c call 7ff746da87f8 call 7ff746db3e74 828->831 832 7ff746da7c23-7ff746da7c2d call 7ff746daeb4c 828->832 841 7ff746da7ca8-7ff746da7caa 831->841 842 7ff746da7cac-7ff746da7cc3 831->842 832->828 832->831 843 7ff746da7ce4-7ff746da7cef call 7ff746db04e8 841->843 842->841 842->843 846 7ff746da7cf1-7ff746da7cf8 843->846 847 7ff746da7d13-7ff746da7d1a call 7ff746db091c 843->847 849 7ff746da7cff-7ff746da7d0e call 7ff746dae764 call 7ff746da5008 846->849 850 7ff746da7cfa call 7ff746dae6f0 846->850 854 7ff746da7d1c-7ff746da7d23 847->854 855 7ff746da7d3e-7ff746da7d4b call 7ff746dae680 call 7ff746dad730 847->855 849->847 850->849 857 7ff746da7d25 call 7ff746dae6f0 854->857 858 7ff746da7d2a-7ff746da7d39 call 7ff746dae764 call 7ff746da5008 854->858 868 7ff746da7d57-7ff746da7d77 GetCommandLineA call 7ff746db3f68 call 7ff746db3a84 855->868 869 7ff746da7d4d-7ff746da7d52 call 7ff746da7e04 855->869 857->858 858->855 875 7ff746da7d83-7ff746da7d8a call 7ff746db3d40 868->875 876 7ff746da7d79-7ff746da7d7e call 7ff746da5020 868->876 869->868 880 7ff746da7d96-7ff746da7d9f call 7ff746da5068 875->880 881 7ff746da7d8c-7ff746da7d91 call 7ff746da5020 875->881 876->875 885 7ff746da7da1-7ff746da7da3 call 7ff746da5020 880->885 886 7ff746da7da8-7ff746da7dd0 call 7ff746d8df40 880->886 881->880 885->886 890 7ff746da7dd2-7ff746da7dd4 call 7ff746da5390 886->890 891 7ff746da7dd9-7ff746da7e03 call 7ff746da5058 886->891 890->891
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _callnewh_errno$AllocHeapmalloc
      • String ID: bad allocation
      • API String ID: 3727741168-2104205924
      • Opcode ID: 7dfc25d6364a89fa24b2a1d03c71c712614c6b3cfffbc134d47ee1c094b8417a
      • Instruction ID: 8a53563cb8eb15b85c5711ef5fbd8b67dfea423dd1f30d97d3296e9df4387463
      • Opcode Fuzzy Hash: 7dfc25d6364a89fa24b2a1d03c71c712614c6b3cfffbc134d47ee1c094b8417a
      • Instruction Fuzzy Hash: 2F311228E0CA17D1FE20BB61AC412BBE3A4AF90744FD40835D94D86796EE7CE401CF21
      Function 00007FF746DA7CC5 Relevance: 21.1, APIs: 14, Instructions: 76COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 896 7ff746da7cc5-7ff746da7cce 897 7ff746da7cd0-7ff746da7cd9 896->897 898 7ff746da7ca8-7ff746da7caa 896->898 899 7ff746da7ce4-7ff746da7cef call 7ff746db04e8 897->899 900 7ff746da7cdb-7ff746da7ce1 897->900 898->899 903 7ff746da7cf1-7ff746da7cf8 899->903 904 7ff746da7d13-7ff746da7d1a call 7ff746db091c 899->904 900->899 906 7ff746da7cff 903->906 907 7ff746da7cfa call 7ff746dae6f0 903->907 911 7ff746da7d1c-7ff746da7d23 904->911 912 7ff746da7d3e call 7ff746dae680 904->912 910 7ff746da7d04 call 7ff746dae764 906->910 907->906 913 7ff746da7d09 910->913 914 7ff746da7d25 call 7ff746dae6f0 911->914 915 7ff746da7d2a 911->915 920 7ff746da7d43-7ff746da7d44 call 7ff746dad730 912->920 917 7ff746da7d0e call 7ff746da5008 913->917 914->915 919 7ff746da7d2f call 7ff746dae764 915->919 917->904 921 7ff746da7d34 919->921 924 7ff746da7d49-7ff746da7d4b 920->924 923 7ff746da7d39 call 7ff746da5008 921->923 923->912 925 7ff746da7d57-7ff746da7d77 GetCommandLineA call 7ff746db3f68 call 7ff746db3a84 924->925 926 7ff746da7d4d-7ff746da7d52 call 7ff746da7e04 924->926 932 7ff746da7d83-7ff746da7d8a call 7ff746db3d40 925->932 933 7ff746da7d79-7ff746da7d7e call 7ff746da5020 925->933 926->925 937 7ff746da7d96-7ff746da7d98 call 7ff746da5068 932->937 938 7ff746da7d8c-7ff746da7d91 call 7ff746da5020 932->938 933->932 941 7ff746da7d9d-7ff746da7d9f 937->941 938->937 942 7ff746da7da1-7ff746da7da3 call 7ff746da5020 941->942 943 7ff746da7da8-7ff746da7dc3 call 7ff746d8df40 941->943 942->943 946 7ff746da7dc8-7ff746da7dd0 943->946 947 7ff746da7dd2-7ff746da7dd4 call 7ff746da5390 946->947 948 7ff746da7dd9-7ff746da7e03 call 7ff746da5058 946->948 947->948
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _set_error_mode$CommandEnvironmentInitializeLineStrings__crt__setargv_cinit_heap_init_ioinit_mtinit_setenvpfast_error_exit
      • String ID:
      • API String ID: 3166661917-0
      • Opcode ID: b0981de98021ddb0104c549e5ebe9159d348e26bf22f0a2f6efc72fa0723fe93
      • Instruction ID: e7c53db8a992061449bfbcef0b6c8baac1d71ca7c570a79dd4977a935448bd83
      • Opcode Fuzzy Hash: b0981de98021ddb0104c549e5ebe9159d348e26bf22f0a2f6efc72fa0723fe93
      • Instruction Fuzzy Hash: DD31E724E0C253C6FF9477659D612BBE295AF81748FD40439EA0D463D3EE2CE840DA71
      Function 00007FF746DC5528 Relevance: 16.6, APIs: 11, Instructions: 81COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
      • String ID:
      • API String ID: 388111225-0
      • Opcode ID: 45f8a82ceec06cf673c7f0369de7f0b233dfce2b3635af425e81092c052b3ba0
      • Instruction ID: ae99ca02ec986b3217bffa7a1f399d82e764672531c93e65f790db298c211859
      • Opcode Fuzzy Hash: 45f8a82ceec06cf673c7f0369de7f0b233dfce2b3635af425e81092c052b3ba0
      • Instruction Fuzzy Hash: DC31AF21B1C69AC6EF127F659C4113FEA50AF80760FD94538E929177D2CF7CE8418BA0
      Function 00007FF746DB2314 Relevance: 15.1, APIs: 10, Instructions: 67COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
      • String ID:
      • API String ID: 2644381645-0
      • Opcode ID: dd8faada70b3f1f2db14f4a0876ca9cda89bb6854984bafce4abb2666d957345
      • Instruction ID: 15d1e92bbbbd22aabac28a1c5a1ad3bf9dd6ac1a348b88ef479c91397ea9bb04
      • Opcode Fuzzy Hash: dd8faada70b3f1f2db14f4a0876ca9cda89bb6854984bafce4abb2666d957345
      • Instruction Fuzzy Hash: B1217A22B1D691D5EE153F15AC4537EE9506F80BB0FD94638EA3D063DACE3CA4418B30
      Function 00007FF746DB4E1C Relevance: 15.1, APIs: 10, Instructions: 67COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
      • String ID:
      • API String ID: 1078912150-0
      • Opcode ID: 72afa058709bb828e96d3415c19377e2bbb9911eed6dfa1a6824f421d2ce3fe8
      • Instruction ID: bc743914bf6835afe65daf0a3b6886d6a9a80b94110e34e50b160ef6093427b6
      • Opcode Fuzzy Hash: 72afa058709bb828e96d3415c19377e2bbb9911eed6dfa1a6824f421d2ce3fe8
      • Instruction Fuzzy Hash: CD219022B1C692D5EF11BB259C4537EE5506F80B60FD94538EA1D463DACF7CA8418B30
      Function 00007FF746DB2564 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
      • String ID:
      • API String ID: 2464146582-0
      • Opcode ID: 5fcd879006f93b5fe29c795d0880f50e6eebd262978a8f42948adc3209e56eb7
      • Instruction ID: b2d44d6dd8fc1221502c7d2598d7d19e8932ade5a98d0954f0483c2c4c959656
      • Opcode Fuzzy Hash: 5fcd879006f93b5fe29c795d0880f50e6eebd262978a8f42948adc3209e56eb7
      • Instruction Fuzzy Hash: FF21A922B0C592D5EF113F249C4637EE9506F80BA1F894538EA29073DACE7CA8418BB4
      Function 00007FF746DB36E8 Relevance: 13.6, APIs: 9, Instructions: 57COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
      • String ID:
      • API String ID: 2140805544-0
      • Opcode ID: f87f21952b45cb965ec34267ab40e2fd4b9299d68018c2f6f6fc69f248886a23
      • Instruction ID: 9c0b2f43d1afe07e431a18794ed0d82d8e09d7d12773f4fce1d64a7029fbc059
      • Opcode Fuzzy Hash: f87f21952b45cb965ec34267ab40e2fd4b9299d68018c2f6f6fc69f248886a23
      • Instruction Fuzzy Hash: 8311CD72E0C682D6EF157B25AC4527EEA50AF80B61FDA0638D91D073D6CEBCE4414B70
      Function 00007FF746D93A00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 195COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1113 7ff746d93a00-7ff746d93a42 1114 7ff746d93a70-7ff746d93a78 1113->1114 1115 7ff746d93a44-7ff746d93a52 1113->1115 1117 7ff746d93a83-7ff746d93a91 1114->1117 1118 7ff746d93a7a-7ff746d93a7e 1114->1118 1115->1114 1116 7ff746d93a54-7ff746d93a6b 1115->1116 1119 7ff746d93cca-7ff746d93cf2 call 7ff746da4a30 1116->1119 1120 7ff746d93a93-7ff746d93aab 1117->1120 1121 7ff746d93aad-7ff746d93ab2 1117->1121 1118->1119 1120->1121 1122 7ff746d93ab4-7ff746d93abb call 7ff746da6738 1121->1122 1123 7ff746d93ad6-7ff746d93af5 call 7ff746da6738 1121->1123 1129 7ff746d93ac0-7ff746d93ac3 1122->1129 1130 7ff746d93af9-7ff746d93aff 1123->1130 1131 7ff746d93ac5-7ff746d93ac8 1129->1131 1132 7ff746d93acd-7ff746d93ad1 1129->1132 1133 7ff746d93b05-7ff746d93b13 1130->1133 1134 7ff746d93cb8-7ff746d93cbd 1130->1134 1135 7ff746d93cc8 1131->1135 1132->1135 1136 7ff746d93b19-7ff746d93b21 1133->1136 1137 7ff746d93cab-7ff746d93cb7 call 7ff746da0700 1133->1137 1134->1135 1138 7ff746d93cbf-7ff746d93cc3 call 7ff746da72d8 1134->1138 1135->1119 1139 7ff746d93b27-7ff746d93b2e 1136->1139 1140 7ff746d93c9e-7ff746d93caa call 7ff746da0700 1136->1140 1137->1134 1138->1135 1144 7ff746d93b30-7ff746d93b3f call 7ff746d98510 1139->1144 1145 7ff746d93b41-7ff746d93b44 1139->1145 1140->1137 1152 7ff746d93b59-7ff746d93b64 1144->1152 1149 7ff746d93b66-7ff746d93b91 1145->1149 1150 7ff746d93b46-7ff746d93b57 1145->1150 1153 7ff746d93b95-7ff746d93be5 1149->1153 1150->1152 1152->1149 1152->1153 1153->1134 1155 7ff746d93beb-7ff746d93bee 1153->1155 1156 7ff746d93bf0-7ff746d93bf3 1155->1156 1157 7ff746d93c02-7ff746d93c0e 1155->1157 1156->1134 1158 7ff746d93bf9-7ff746d93bfe 1156->1158 1159 7ff746d93c10-7ff746d93c27 call 7ff746d910e0 1157->1159 1160 7ff746d93c62-7ff746d93c7a 1157->1160 1161 7ff746d93c00 1158->1161 1162 7ff746d93c3d-7ff746d93c57 call 7ff746da74b0 1158->1162 1166 7ff746d93c2c-7ff746d93c38 call 7ff746da6738 1159->1166 1164 7ff746d93c5c-7ff746d93c60 1160->1164 1165 7ff746d93c7c 1160->1165 1161->1166 1162->1164 1164->1134 1168 7ff746d93c80-7ff746d93c96 call 7ff746da61b0 1165->1168 1166->1130 1168->1164 1173 7ff746d93c98-7ff746d93c9c 1168->1173 1173->1168
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: fgetc
      • String ID: string too long
      • API String ID: 2807381905-2556327735
      • Opcode ID: 1a938cfd65599276fb3aadb580e9b2d1027a9da448c82545d8171305ed1fd370
      • Instruction ID: 66ad48ddaf68b3e5ede9a7520432916ac168ba9d4bd2974c6a299cc6de7638e0
      • Opcode Fuzzy Hash: 1a938cfd65599276fb3aadb580e9b2d1027a9da448c82545d8171305ed1fd370
      • Instruction Fuzzy Hash: 15914D32709A41D9EF14EF25C8502ADB3A0FB45768F854632DA2D43BE9EF38D568C720
      Function 00007FF746D7DF90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103networkCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Mtx_destroy$CleanupIos_base_dtorstd::ios_base::_
      • String ID: 1.0.0
      • API String ID: 4003963943-322658870
      • Opcode ID: e2633af78b420bc41f454823a79be59aadfea9a2133544200fed54a12148376b
      • Instruction ID: 354f5c427b3958fa8b73b87c4165fb157a7820758c0f0b3f2f742aa96c9e1cc6
      • Opcode Fuzzy Hash: e2633af78b420bc41f454823a79be59aadfea9a2133544200fed54a12148376b
      • Instruction Fuzzy Hash: 56512621A1DAA2D5FF10BB21EC5436BE3A9BB81794FC00135D99D436E6CF7CE4468B20
      Function 00007FF746D935E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 198COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1213 7ff746d935e0-7ff746d9361d 1214 7ff746d9361f-7ff746d93621 1213->1214 1215 7ff746d93626-7ff746d93630 1213->1215 1216 7ff746d938b3-7ff746d938da call 7ff746da4a30 1214->1216 1217 7ff746d93661-7ff746d93669 1215->1217 1218 7ff746d93632-7ff746d93640 1215->1218 1221 7ff746d93674-7ff746d93682 1217->1221 1222 7ff746d9366b-7ff746d9366f 1217->1222 1218->1217 1219 7ff746d93642-7ff746d9365c 1218->1219 1219->1216 1224 7ff746d93684-7ff746d9369c 1221->1224 1225 7ff746d9369e-7ff746d936a3 1221->1225 1222->1216 1224->1225 1226 7ff746d936c4-7ff746d936f6 1225->1226 1227 7ff746d936a5-7ff746d936b0 call 7ff746da4a50 1225->1227 1229 7ff746d936f9-7ff746d936fd 1226->1229 1230 7ff746d936b5-7ff746d936bf 1227->1230 1231 7ff746d93701-7ff746d93752 1229->1231 1232 7ff746d938b1 1230->1232 1234 7ff746d93758-7ff746d9375b 1231->1234 1235 7ff746d9389e 1231->1235 1232->1216 1236 7ff746d93761-7ff746d9377c 1234->1236 1237 7ff746d93882-7ff746d93885 1234->1237 1238 7ff746d938a2-7ff746d938a6 1235->1238 1240 7ff746d937ab-7ff746d937ba 1236->1240 1241 7ff746d9377e-7ff746d937a5 call 7ff746da76c8 1236->1241 1237->1235 1242 7ff746d93887-7ff746d9389a call 7ff746da4a50 1237->1242 1238->1232 1239 7ff746d938a8-7ff746d938ac call 7ff746da72d8 1238->1239 1239->1232 1245 7ff746d937c0-7ff746d937c7 1240->1245 1246 7ff746d9387d-7ff746d93880 1240->1246 1241->1238 1241->1240 1242->1235 1245->1231 1249 7ff746d937cd-7ff746d937d1 1245->1249 1246->1238 1249->1238 1251 7ff746d937d7-7ff746d937e1 1249->1251 1252 7ff746d93870-7ff746d9387c call 7ff746da0700 1251->1252 1253 7ff746d937e7-7ff746d937ef 1251->1253 1252->1246 1255 7ff746d937f1-7ff746d937f4 1253->1255 1256 7ff746d93863-7ff746d9386f call 7ff746da0700 1253->1256 1259 7ff746d9380f-7ff746d93812 1255->1259 1260 7ff746d937f6-7ff746d93830 call 7ff746d98510 1255->1260 1256->1252 1261 7ff746d93814-7ff746d93828 1259->1261 1262 7ff746d93836-7ff746d9385e 1259->1262 1260->1231 1260->1262 1261->1229 1262->1229
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID: string too long
      • API String ID: 0-2556327735
      • Opcode ID: 70e423f66ee6790fe538ff7c039c66202f1dfd9db47b5ea2ea59a5846aeafa6a
      • Instruction ID: 49ba877b21b0da16cb56a305ecc66eaccf5d86e99e6b16767b0572ca5e4f7ac1
      • Opcode Fuzzy Hash: 70e423f66ee6790fe538ff7c039c66202f1dfd9db47b5ea2ea59a5846aeafa6a
      • Instruction Fuzzy Hash: 4791AF32B08A81D9EF14AF25C8402EDB761F705768F814632DA2D97BE4EF38D568C760
      Function 00007FF746DA0974 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1267 7ff746da0974 1269 7ff746da08ab 1267->1269 1270 7ff746da08ae-7ff746da08b1 1267->1270 1269->1270 1271 7ff746da08b3 1270->1271 1272 7ff746da08b6-7ff746da08c8 1270->1272 1271->1272 1273 7ff746da08cb-7ff746da08cd 1272->1273 1274 7ff746da08e0-7ff746da08ec 1273->1274 1275 7ff746da08cf-7ff746da08de 1273->1275 1276 7ff746da08f2-7ff746da08f5 1274->1276 1277 7ff746da08ee-7ff746da08f0 1274->1277 1275->1273 1275->1274 1279 7ff746da08f7-7ff746da08fa 1276->1279 1280 7ff746da091d-7ff746da0936 call 7ff746da6c44 1276->1280 1278 7ff746da0956-7ff746da0970 1277->1278 1279->1280 1281 7ff746da08fc-7ff746da0911 call 7ff746da6c44 1279->1281 1280->1277 1285 7ff746da0938-7ff746da093a 1280->1285 1281->1280 1289 7ff746da0913 1281->1289 1287 7ff746da0953 1285->1287 1288 7ff746da093c-7ff746da0945 call 7ff746daa908 1285->1288 1287->1278 1292 7ff746da094a-7ff746da094c 1288->1292 1291 7ff746da0916-7ff746da091b call 7ff746da7b50 1289->1291 1291->1277 1292->1287 1294 7ff746da094e-7ff746da0951 1292->1294 1294->1291
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _fsopen$fclosefseek
      • String ID:
      • API String ID: 410343947-0
      • Opcode ID: 264fa5cf69113298d8e32d3fe2f0c6501ea07c7103afaa3aed354072517c642a
      • Instruction ID: 5a4f212fea8ba6a79881648c5edb4f4e456727f2b21b900cfb219e77eb403bfc
      • Opcode Fuzzy Hash: 264fa5cf69113298d8e32d3fe2f0c6501ea07c7103afaa3aed354072517c642a
      • Instruction Fuzzy Hash: 7621CE21F1D602C4FEA8FA16995167BE690EF48B88F988134CE4D837D1DE2DE8018B50
      Function 00007FF746DB741C Relevance: 4.6, APIs: 3, Instructions: 65COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Resource$Concurrency::details::ManagerManager::$SpinWait
      • String ID:
      • API String ID: 2068395708-0
      • Opcode ID: 207cf36d981dac8a2c53e82cc65969d2a1ecd1de745d3672c8d56939984ecf0e
      • Instruction ID: 7a6f5014f14dbbc94a91b5c0a90a3dbfb3f0ea5f3f174bd596b9a7fcd53ef6ab
      • Opcode Fuzzy Hash: 207cf36d981dac8a2c53e82cc65969d2a1ecd1de745d3672c8d56939984ecf0e
      • Instruction Fuzzy Hash: F6217E21A0EB43D6EF50BB55AC5027BE2D0AF44B50F984138D94E473D9EE2CE4448F74
      Function 00007FF746D7DE90 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Mtx_init$calloc
      • String ID:
      • API String ID: 2545118020-0
      • Opcode ID: f828f983e790094a28bbb2a708ea9e09a06a1c05030c6f23811644e6675f23a9
      • Instruction ID: 889db77c624f4ab8116005ca9047ab29a8631724783c8073018c7230fcb841ee
      • Opcode Fuzzy Hash: f828f983e790094a28bbb2a708ea9e09a06a1c05030c6f23811644e6675f23a9
      • Instruction Fuzzy Hash: 5921622090D672E5FF50BB60AC5527BE698BF14308FC40539C48D872A2DF7CA4479635
      Function 00007FF746D93D00 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1347 7ff746d93d00-7ff746d93d2c 1348 7ff746d93d3e-7ff746d93d46 1347->1348 1349 7ff746d93d2e-7ff746d93d32 1347->1349 1351 7ff746d93dbf-7ff746d93dcb 1348->1351 1352 7ff746d93d48-7ff746d93d4f call 7ff746d96010 1348->1352 1349->1348 1350 7ff746d93d34-7ff746d93d39 1349->1350 1350->1348 1354 7ff746d93d3b 1350->1354 1355 7ff746d93dcf-7ff746d93de7 1351->1355 1352->1351 1357 7ff746d93d51-7ff746d93d54 1352->1357 1354->1348 1358 7ff746d93d56-7ff746d93d59 1357->1358 1359 7ff746d93d5b-7ff746d93d68 call 7ff746da625c 1357->1359 1358->1359 1360 7ff746d93d71-7ff746d93d7d call 7ff746da6210 1358->1360 1362 7ff746d93d6d-7ff746d93d6f 1359->1362 1364 7ff746d93d82-7ff746d93d84 1360->1364 1362->1351 1362->1360 1364->1351 1365 7ff746d93d86-7ff746d93d8d 1364->1365 1366 7ff746d93d8f-7ff746d93da7 1365->1366 1367 7ff746d93da9-7ff746d93dbd 1365->1367 1366->1367 1367->1355
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _fseeki64fgetpos
      • String ID:
      • API String ID: 3401907645-0
      • Opcode ID: 2d07afbde344102b07baddbf295aeba4b69dc366d2f8b588f6cf9893c080d52c
      • Instruction ID: 84d1dec1430a8524a3072c8ce8aa64aee5441a8709c1971fe8cce29ebe3c9b38
      • Opcode Fuzzy Hash: 2d07afbde344102b07baddbf295aeba4b69dc366d2f8b588f6cf9893c080d52c
      • Instruction Fuzzy Hash: A1212B32A08B45C6EF54AF2AE9503AAE3A4F785B94F454031DB4C87765EF38D8668710
      Function 00007FF746D74980 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Ios_base_dtorstd::ios_base::_
      • String ID:
      • API String ID: 323602529-0
      • Opcode ID: 9b44925c02c2e88953423d10a3ad63bf04538ca92b4ab34bcf1bfa73036b6fc8
      • Instruction ID: f2131d67cb7fd2d7ba700b03b903662808983b6acc16dd9561934f3f484a31d4
      • Opcode Fuzzy Hash: 9b44925c02c2e88953423d10a3ad63bf04538ca92b4ab34bcf1bfa73036b6fc8
      • Instruction Fuzzy Hash: D9915C32618B81C5EB20EF25D8907AEB7A1F781798F904035EA4D47B99DF39E485C750
      Function 00007FF746D98510 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Xbad_allocstd::_
      • String ID:
      • API String ID: 3176948561-0
      • Opcode ID: 65db9a40eaa5fbbba215111751e52e9e89efcc606b35c70aad929287497c0950
      • Instruction ID: e43708cae908247e1446e386cfc78af946e33f83b83c5341bfafd5636ff76b06
      • Opcode Fuzzy Hash: 65db9a40eaa5fbbba215111751e52e9e89efcc606b35c70aad929287497c0950
      • Instruction Fuzzy Hash: D0219161A0D742C1FF64BA29990017AE2909B52FF4F908B34DE3E077D9EE38D44A8A50
      Function 00007FF746D95E90 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: fclose
      • String ID:
      • API String ID: 3125558077-0
      • Opcode ID: 5a875a415c49c9c20a898516846b72c16f7ad0147206709a1b9ba25a693ae870
      • Instruction ID: f081e655891f616a97681084821a6b09607821911054eaaa23ebe0c322b8bb70
      • Opcode Fuzzy Hash: 5a875a415c49c9c20a898516846b72c16f7ad0147206709a1b9ba25a693ae870
      • Instruction Fuzzy Hash: F4210332609B80C5DB019F39E490399B7A8FB98F88F544136CA8D87758EF35C896C790
      Function 00007FF746D73730 Relevance: 1.5, APIs: 1, Instructions: 28networkCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Startup
      • String ID:
      • API String ID: 724789610-0
      • Opcode ID: d796a6bf9521cb0195dfca69093e4acaf78ed48d890644789f0a43a6fc02fca1
      • Instruction ID: d9284b85f2404e6d3add619ac03c9c3e126551ff2e83c9e9b65550ab66c03fe0
      • Opcode Fuzzy Hash: d796a6bf9521cb0195dfca69093e4acaf78ed48d890644789f0a43a6fc02fca1
      • Instruction Fuzzy Hash: CD011D34E1D652C6FF90B714EC613B7E394BBA9344FC01035C90D46345EE2CE4028E50
      Function 00007FF746D8D640 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Mtx_unlock
      • String ID:
      • API String ID: 1418687624-0
      • Opcode ID: d06215beca06562395e28bd098bf8e419738607fef14e18969a7b4fe457cafd1
      • Instruction ID: 6eb344356625ebfb453731a27235bbc6819852aef130e49fd4ca3f5340d65286
      • Opcode Fuzzy Hash: d06215beca06562395e28bd098bf8e419738607fef14e18969a7b4fe457cafd1
      • Instruction Fuzzy Hash: 45F08511F0C242C2EF143726AC820BFE1926F88744FC44035E65E873C3EE2CE84A8B20
      Function 00007FF746DA7C2F Relevance: 1.3, APIs: 1, Instructions: 7COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _callnewh_errno$AllocHeapmalloc
      • String ID:
      • API String ID: 3727741168-0
      • Opcode ID: 6e648e51d8c46801f16917810c9e2fad3662a4875bcee400e5c3c3c9bf6f3398
      • Instruction ID: 0e1a2b18d924fba6f4240b6caa4f5bde27cf2b7756818406ba508faf351a6a91
      • Opcode Fuzzy Hash: 6e648e51d8c46801f16917810c9e2fad3662a4875bcee400e5c3c3c9bf6f3398
      • Instruction Fuzzy Hash: FBB01281E0E303D1FD0532111801139C1400F40341C8C08308C0E003C75D2CE8914832

      Non-executed Functions

      Function 00007FF746D7E480 Relevance: 180.7, APIs: 2, Strings: 100, Instructions: 2243COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Time_time64$FileSystemrand
      • String ID: (e: $ (permanent activation!)$ and initializing lastActivationTimestamp$ bytes received$ days$ days (currently $ days ago, grace period of $ days ago, so starting new grace period of $ days is over, so successfuly online check is immediately necessary$ days) - activation step #$ days, enforcing activation$ days, so no further online check is necessary at the moment$#OFF$&device_id=$&lic=$&mode=$&p=$': $), so invalidating local license$, 'error_code' = $, 'license_status' = $, lastActivationTry: $//ipa$1.0.0$1.0.0|||||$20241006$BTA$ESB$FLT$FSU$Invalid response from server for deactivation$Invalidating local license$Next required successful online activation check in $Online check disabled - return$Online check end$Online check return code of web request: $Online check send data for '$Online check start: lastActivation: $Product has been successfully activated before and is still in allowed period of $Product has been successfully activated before, but more than $Product has been successfully activated more than 4 times - skipping online check in future$Product has been successfully activated within the last $Product has not been activated, but online check already done today$Product has not been activated, doing online check$Product is over the initial grace period of $Product needs activation, as it it over the activation interval of $Product requires an immediate successful online activation!$Received a valid response from the server, 'status' = 'error', 'code' = $Received a valid response from the server, 'status' = 'ok', 'code' = $SUB$Server did not respond or came back with an invalid response$Server did not respond or came back with an invalid response, but activation is enforced, so invalidating local license$Server response: $Server says deactivation successful$Server says license is expired (L$Server says license is invalid (E$Server says license is invalid (L$Server says license is over activation limit (L$Server says license is valid$Server says missing device ID (E$Server says payload is invalid (E$Server says record not found (E$Server says subscription is invalid (L$Server sent device_id $TLC$Trigger for $Updating local license (lastActivationTryTimestamp and lastActivationTimestamp) with $Updating local license (lastActivationTryTimestamp only) with $Updating local license (lastActivationTryTimestamp) with $Using online check URL: $WARNING: Server response is not encrypted - tolerated for now, but should be changed to an ecrypted text!$WARNING: no local device ID found to send to server for deactivation!$_status:$activate$activation of this product$aescripts$aescripts-license-fw/$c$code:$com/api/$deactivate$doOnlineCheck start, mode $doOnlineCheck: invalid license (trial license), skipping online check$doOnlineCheck: invalid license, skipping online check$doOnlineCheck: license type not suited for online check (FLT/FSU/BTA/#OFF), skipping online check$doOnlineCheck: product is permanently activated - skipping online check$error:$error_code:$id:$license$p$ps:$result:$sending device ID $t$v1/$|a:$|a:1$|d:$|o:
      • API String ID: 2872900303-3171066617
      • Opcode ID: 76b10ab93aa04b2c8b0ad846a928d2e8ce072a53fd178dbdec2aac89510018cd
      • Instruction ID: ab8fb81be110ecc22c8540cef0649b45ff5bdc226581e81629115f6b3d122513
      • Opcode Fuzzy Hash: 76b10ab93aa04b2c8b0ad846a928d2e8ce072a53fd178dbdec2aac89510018cd
      • Instruction Fuzzy Hash: 5D335B61A0CA82D0EE60FB15EC553FBE361EB86784FC00136D59D466EAEF2CD549CB60
      Function 00007FF746D8FB3E Relevance: 55.9, Strings: 44, Instructions: 905COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: AttributesFile
      • String ID: (limited license period from $ to $-$-content$1.0.0$DATA*$ESB$FILE*$FLT$FSU$SUB$WARNING: invalid machine ID - there was a problem reading your network adapter data!$_RENDER_ONLY$a_next: $a_succ: $a_try: $content$first name: '$invalid$last name: '$license end: '$license start: '$license type: '$loading license directly (*$local license deactivated$number of user licenses: $product ID: '$product version: '$remote license lease dropped$result: $serial: '$status: $status: floating licenses can only be used with the floating license server$t$valid$writing new license to file$ $-$:$D$J$S$l$
      • API String ID: 3188754299-916615497
      • Opcode ID: e002cb56796556247d3cc60f55a90bf9c91938eb4366fbb0ff23aed608770551
      • Instruction ID: f15b90c417f185d652bdcbeb51d878fde69c32bc19709f4b28a34d8825044389
      • Opcode Fuzzy Hash: e002cb56796556247d3cc60f55a90bf9c91938eb4366fbb0ff23aed608770551
      • Instruction Fuzzy Hash: FF920F61A1D982D4EF24FB25DC512FBE361AF56388FC05436D50D4B6AAFE2CD608CB60
      Function 00007FF746D7A740 Relevance: 39.3, APIs: 14, Strings: 8, Instructions: 764networkfileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Internet$Http$CloseHandleOption$InfoOpenQueryRequest$ConnectErrorFileLastReadSend
      • String ID: Content-Type$Content-Type: application/x-www-form-urlencoded$GET$Mozilla/5.0 (Compatible)$POST$http://$https://$t
      • API String ID: 1486255883-1336110008
      • Opcode ID: ba58e2f75b416f112594b53a6ae6878838e6ba7699d92f3cd6147f220f0cb922
      • Instruction ID: f4a031d15c024ae24db8fa32f3fd4cb25fa779760674b1a2ec2161e7481762b4
      • Opcode Fuzzy Hash: ba58e2f75b416f112594b53a6ae6878838e6ba7699d92f3cd6147f220f0cb922
      • Instruction Fuzzy Hash: 4982033661CAC2C1EB31AB14E8547EBE3A1FB89784F804136D68D47A9ADF7DD148CB11
      Function 00007FF746DC1450 Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 694COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
      • String ID: $@
      • API String ID: 3318157856-1077428164
      • Opcode ID: 88c9b5e4abb27927cb064ca53120f5ed29995979e43e2f8379dfcc59aa9e6c90
      • Instruction ID: 80cff5ff623d19eb5a16fe93f49c18d44a216b31821b538f87fffd35cca8d514
      • Opcode Fuzzy Hash: 88c9b5e4abb27927cb064ca53120f5ed29995979e43e2f8379dfcc59aa9e6c90
      • Instruction Fuzzy Hash: EF52E022A0C6AAC5FF64BA158D4077FEAA4BF49780F940135DB4E566D4DF3CE8418FA0
      Function 00007FF746DADBB4 Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 687COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
      • String ID: $%li.%li.%li.%li
      • API String ID: 3318157856-2495504251
      • Opcode ID: 53a93e026cdb33f0ba4079394c99ec866ed19bb3243859ba2758b9384a7bb7d4
      • Instruction ID: 26130181bb78558dc2cb17be07c445b9e0bc076c4bb7550bd50532144acbc55c
      • Opcode Fuzzy Hash: 53a93e026cdb33f0ba4079394c99ec866ed19bb3243859ba2758b9384a7bb7d4
      • Instruction Fuzzy Hash: 6752CF22A0C696C5FF64BA16984437FEAA0BF45780F944036DA8E467E4DF7DE940DF20
      Function 00007FF746D754A0 Relevance: 33.8, APIs: 17, Strings: 2, Instructions: 574timesleepfileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: File$Time_time64$rand$AttributesIos_base_dtorSystemstd::ios_base::_$CloseCreateFolderHandlePathSleepXbad_allocstd::_
      • String ID: gfff$string too long
      • API String ID: 438800184-2250279893
      • Opcode ID: f48570b9438044147d6169b71e2f6c8697e3a89a47b065e7cdbbb993b120ddd2
      • Instruction ID: 98218476d12de201bd1ffaceffe2f9e3cd6a0c7fa68c801e3d8ad9b2c01cc001
      • Opcode Fuzzy Hash: f48570b9438044147d6169b71e2f6c8697e3a89a47b065e7cdbbb993b120ddd2
      • Instruction Fuzzy Hash: 2B525D32609AC2D9EF70BF34CC543EEA361EB45748F800236DA5D4AA9ADF39D645C721
      Function 00007FF746D8A594 Relevance: 28.5, APIs: 4, Strings: 12, Instructions: 543COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _errno$_time64
      • String ID: bytes to file $0$@REMOTE$FAIL ($FLT$FSU$new license data: $new license data: trial license$writing $l$(b$Ub
      • API String ID: 318442946-2718888663
      • Opcode ID: 2faf1186b392844c7a8e173c96a5c6931f4663901252734f3063624bf9146494
      • Instruction ID: 7a82d2695814ffe43533e2973144984ac5f72ef004a0d49ad20301202e12db9c
      • Opcode Fuzzy Hash: 2faf1186b392844c7a8e173c96a5c6931f4663901252734f3063624bf9146494
      • Instruction Fuzzy Hash: 38423B62A0DAC2C1EE30BB15E8543EBE761EB82784FC44135D69D47A9AEF2CD548CF50
      Function 00007FF746D85050 Relevance: 23.8, APIs: 5, Strings: 8, Instructions: 1078COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Time_time64$FileSystem_getptdrand
      • String ID: 1.0.0$@REMOTE$FLT$FLT$FSU$_RENDER_ONLY$gfff$gfff
      • API String ID: 2056829080-791714639
      • Opcode ID: fb20300fa841780d844b4cdcaf53c710758ea8605ded05741403712cfa48ef4a
      • Instruction ID: ec0aeaf3f26aa022e9a3f02d12b3294a663a7fb463ee7389611b6a3efb26777f
      • Opcode Fuzzy Hash: fb20300fa841780d844b4cdcaf53c710758ea8605ded05741403712cfa48ef4a
      • Instruction Fuzzy Hash: 0FB23B2260CAC2C1EFB0BB24E8547EBE751EB82744F904535D69D46AAADF7CD489CF10
      Function 00007FF746D86F32 Relevance: 19.2, Strings: 14, Instructions: 1678COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID: *****$000000000000$@REMOTE$DATA*$LICS*$TLC$_RENDER_ONLY$acde48001122$license data: $no matching machine ID found!$trial license found (no valid license data)$|a:$|d:$|o:
      • API String ID: 0-3095003553
      • Opcode ID: 26b0d6aed7b2d02e8b74628cebc35146b0c6599b3a704bc69bcfaeb2a67077dd
      • Instruction ID: 0e4dfbc56ba15e506b9c9da1f5566c3bbd389323ec9298ca7e0fda4dc24a86e3
      • Opcode Fuzzy Hash: 26b0d6aed7b2d02e8b74628cebc35146b0c6599b3a704bc69bcfaeb2a67077dd
      • Instruction Fuzzy Hash: 55034E2261C6C2D1EF31BA15E8943FBE761FB96784F800132D69D47A9AEE2CD509CF50
      Function 00007FF746D83470 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 790COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: remove$FolderPath_errno_invalid_parameter_noinfo_wgetenv
      • String ID: 27100$</string>$<key>$LicensingBackupServer_Address$LicensingBackupServer_Port$LicensingServer_Address$LicensingServer_Port$aescriptsLicensingServer
      • API String ID: 2317211808-1479187049
      • Opcode ID: 411b386f009fd4ea07bcd56b4c65bfa66c3fa2465820cf6a174a641641dffbc7
      • Instruction ID: f72304a6cdc0be8bd04e62a8cef0f1bd3e2d8c2edff68f1c7b0661b089eb7f12
      • Opcode Fuzzy Hash: 411b386f009fd4ea07bcd56b4c65bfa66c3fa2465820cf6a174a641641dffbc7
      • Instruction Fuzzy Hash: EC727232A0C781C5EF10FF65D8843EEAB61EB41788F801035EA5D5BA9ADF39D589CB50
      Function 00007FF746D74030 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: free$AdaptersInfomalloc$sprintf
      • String ID: %li.%li.%li.%li
      • API String ID: 3176089250-1731176481
      • Opcode ID: d10cdf357ab2bc3959a5a3fc129a597d6f23535822cbe3174e1f630efbb2aa6d
      • Instruction ID: ba858d53802cee5fdeb659e3ad0acba55de5594ad21e55d0c2caf21cadeafa2e
      • Opcode Fuzzy Hash: d10cdf357ab2bc3959a5a3fc129a597d6f23535822cbe3174e1f630efbb2aa6d
      • Instruction Fuzzy Hash: 52128C22A1CB91C9EF11EF64E8403AEB7A0FB45798F940235EA5D47AD9CF38D440CB50
      Function 00007FF746D739F0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 373windownetworkCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: FormatMessagefreeaddrinfogetaddrinfogethostnameinet_ntop
      • String ID: .local$.localdomain$getaddrinfo error
      • API String ID: 1835220482-1587782278
      • Opcode ID: 4227a21081fd419a4c05240025a767e1e5a9454a560846ddd155f91dd31bdc0c
      • Instruction ID: a0125af90a38b2d0f90c0314cd77ff7722983b00ce6b698929f59f322f279e50
      • Opcode Fuzzy Hash: 4227a21081fd419a4c05240025a767e1e5a9454a560846ddd155f91dd31bdc0c
      • Instruction Fuzzy Hash: F7026A32A1DB92C9EB00FB74EC403AEA7A1FB41758F800235EA5D17A9ADF78D544CB50
      Function 00007FF746D865D0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 314COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _time64
      • String ID: 1.0.0$@REMOTE$FLT$TLC$_RENDER_ONLY$K
      • API String ID: 1670930206-2998733053
      • Opcode ID: 6a2d34c6ceb55a6fa653833b9ca4c061a6abb3f4207e8aff040eca89f61d54ab
      • Instruction ID: 9334fc1885945e75d38977e8db4b8eedcac8f8c016ac742f8eee9d09f375f1f5
      • Opcode Fuzzy Hash: 6a2d34c6ceb55a6fa653833b9ca4c061a6abb3f4207e8aff040eca89f61d54ab
      • Instruction Fuzzy Hash: F6F18C22A1CA81C9FB20FB74DC443EEBB61EB41758F800136EA5D56ADADF78D145CB50
      Function 00007FF746D82500 Relevance: 11.4, APIs: 4, Strings: 2, Instructions: 917COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: closesocket$Mtx_unlockNameUserrandrecv
      • String ID: DRPL$REQL
      • API String ID: 2035232360-3605393878
      • Opcode ID: 721fc08aca532f495d05d118156107921167988e477034a3580ef18a1549f98c
      • Instruction ID: 573bfcf63b5211a6bc6ba516414465e81f182e97563f2c0dce2aec6b499e8ce0
      • Opcode Fuzzy Hash: 721fc08aca532f495d05d118156107921167988e477034a3580ef18a1549f98c
      • Instruction Fuzzy Hash: 79A27022A0CA82C9EF10BF71DC543EEA761EB41798F801535EA5D47ADADF78D184C7A0
      Function 00007FF746D8BE20 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 465COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _time64$Mtx_unlock
      • String ID: 1.0.0$t~
      • API String ID: 1903240241-4207783639
      • Opcode ID: c360343a8360908138749ddabf9604666f8e131e62fd64f0da7eb135858dfb96
      • Instruction ID: 8d0fcb30c7158781e5fab7519d74e6380812e35c48d13c7f7fd62a4cca26e9a1
      • Opcode Fuzzy Hash: c360343a8360908138749ddabf9604666f8e131e62fd64f0da7eb135858dfb96
      • Instruction Fuzzy Hash: C432497250C7C1C5EB71AB24E8443EBF6A4EB95764F804235D6E946AEADF3CD188CB10
      Function 00007FF746D8CB40 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 446COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _time64$Mtx_unlock
      • String ID: 1.0.0$@REMOTE$content
      • API String ID: 1903240241-4152950612
      • Opcode ID: 40e5f10e47ca47a6761a1aedc3e36bdca0f7d5396d43875c1889cb17a7612ab4
      • Instruction ID: 8882911b60f77d390ccc98386c548db5be5793085531d90231a4f0521643f84e
      • Opcode Fuzzy Hash: 40e5f10e47ca47a6761a1aedc3e36bdca0f7d5396d43875c1889cb17a7612ab4
      • Instruction Fuzzy Hash: CE323A7250CBC2C5EB71BB24E8443EBE6A0FB957A4F804235D6A946ADADF7CD044CB10
      Function 00007FF746D78DD0 Relevance: 8.5, APIs: 3, Strings: 1, Instructions: 1485COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _wcstoi64sprintf
      • String ID: 2%i
      • API String ID: 3955018481-70509047
      • Opcode ID: 5e23b37e2fdf3e6468c6f338f5f408d1b77b1317337c8013a83a54b6ab350443
      • Instruction ID: c6f9951feaba8124fe913fab0f70033d3217f223a070e7b6b8e7a611be64b9a8
      • Opcode Fuzzy Hash: 5e23b37e2fdf3e6468c6f338f5f408d1b77b1317337c8013a83a54b6ab350443
      • Instruction Fuzzy Hash: 6EE22E22A1D582D5EF20FB71CC553EEA360FB96388FC01531E64D87ADAEE29D618C750
      Function 00007FF746D7CB60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 1071COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: sprintf
      • String ID: 1%i$3194837251290356$7654321234567898
      • API String ID: 590974362-2870800511
      • Opcode ID: 3398522d3731beca5f597bdad1c4eb6b5ef9381435dd5f48417ed061d0fb1c3a
      • Instruction ID: dba4d988131e68ee9f2cb7d26048a98bfe64da3e8ac19580cdcae89cfbc06df6
      • Opcode Fuzzy Hash: 3398522d3731beca5f597bdad1c4eb6b5ef9381435dd5f48417ed061d0fb1c3a
      • Instruction Fuzzy Hash: EFC23D22A0DA81D9EF20FF74DC543EEA760EB45348F804536DA4D5BAAADF38D648C750
      Function 00007FF746D75F70 Relevance: 6.3, APIs: 4, Instructions: 327COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Ios_base_dtor_time64std::ios_base::_$FolderPath
      • String ID:
      • API String ID: 1954716527-0
      • Opcode ID: af25f6fde421100cb7257152a915afc76279274dcf84ef90c747a9d93e43852d
      • Instruction ID: dbde64dbc341513f3fe6454c1dab06d253e97ec285ec42ce30e07f8f3efb412d
      • Opcode Fuzzy Hash: af25f6fde421100cb7257152a915afc76279274dcf84ef90c747a9d93e43852d
      • Instruction Fuzzy Hash: 74F13D2260C6C2C9EF70BF34CC547EAA761EB41348F804135D65D4AADAEF78D689C751
      Function 00007FF746D75190 Relevance: 4.7, APIs: 3, Instructions: 191COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: AttributesCreateDirectoryFileFolderPath
      • String ID:
      • API String ID: 1991693529-0
      • Opcode ID: 82fd2451d5227bc0dcd1215ad816a73d7755197062dc978f56ad1395053a3863
      • Instruction ID: 9d890e9a9406a9e96acb71e6644280f768f258a794f4d809d78eb4d7440c950f
      • Opcode Fuzzy Hash: 82fd2451d5227bc0dcd1215ad816a73d7755197062dc978f56ad1395053a3863
      • Instruction Fuzzy Hash: 8D91A522A1CA91C5FF14BB64EC443AEE761FB417A8F901235EA6D07ADACF78D444CB11
      Function 00007FF746D8F298 Relevance: 4.0, Strings: 3, Instructions: 296COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID: - Unknown$DATA*$FILE*
      • API String ID: 0-115703852
      • Opcode ID: e1c2be8004ab9af23c8c31ef78b101c7679321b3403413e10f1c5487ff0b581b
      • Instruction ID: ccd1a21307661e61d388a1752464846b8e2e4ea61b3c5ebbc4984ac9b114d367
      • Opcode Fuzzy Hash: e1c2be8004ab9af23c8c31ef78b101c7679321b3403413e10f1c5487ff0b581b
      • Instruction Fuzzy Hash: ADE11C22A1C6C2D5EF35FE24CC553EEA361EB55788FC00432D60D4BA9AEF68D649C720
      Function 00007FF746DB3868 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled
      • String ID: csm
      • API String ID: 3192549508-1018135373
      • Opcode ID: 2447300f6ec3465ead16d629e4ce46c99b562a325acde4c5e5da852cf9bc7048
      • Instruction ID: 585076b58638f8b15d4ec5a07bb67f789d87573a87174ebb076fe79712a7c149
      • Opcode Fuzzy Hash: 2447300f6ec3465ead16d629e4ce46c99b562a325acde4c5e5da852cf9bc7048
      • Instruction Fuzzy Hash: C1E06539E1C002E5DE597A259C8907EE7A1EB94B04FD21531C20DC2394DA6CE992DF12
      Function 00007FF746D847B0 Relevance: 3.0, Strings: 2, Instructions: 547COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: memchr
      • String ID: 1.0.0$string too long
      • API String ID: 3297308162-3307889991
      • Opcode ID: 33dfac10b30f5bac4d1ad7bc2cfdde2bb7764896482db54e0ee1ae35160bfca3
      • Instruction ID: 72991942a8c0cfb372b2e8683a47ab44ae8fe23cf81be782a97e936c91143bce
      • Opcode Fuzzy Hash: 33dfac10b30f5bac4d1ad7bc2cfdde2bb7764896482db54e0ee1ae35160bfca3
      • Instruction Fuzzy Hash: 7D429C22A1CB81C5EF10FF65D8843AEE7A1FB51B48F900536EA5E47A9ADF78D144CB10
      Function 00007FF746D84160 Relevance: 2.8, Strings: 2, Instructions: 309COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID: DRPL$REQL
      • API String ID: 0-3605393878
      • Opcode ID: c9a52c2b3fbd5138a98fb996f46619709b60f3b5713481f66d8d2fef14153de3
      • Instruction ID: 968aa83cd5b4730a486d83d2b99b7381616aa955a48b97a6285e47b8a551975b
      • Opcode Fuzzy Hash: c9a52c2b3fbd5138a98fb996f46619709b60f3b5713481f66d8d2fef14153de3
      • Instruction Fuzzy Hash: CAE12922608BC199EB70AF74EC443EEB7A4F74174CF804135DA9D1BA9ADF789288C750
      Function 00007FF746D737C0 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: NameUser
      • String ID:
      • API String ID: 2645101109-0
      • Opcode ID: 0f98686a4b8fcfee3e556cf16876fa0a5e50784ec64797073e31495439e65b8c
      • Instruction ID: d77c163591c4f2a9211745a82083ef4aa21f061105f4bada2b229eca2cee55d8
      • Opcode Fuzzy Hash: 0f98686a4b8fcfee3e556cf16876fa0a5e50784ec64797073e31495439e65b8c
      • Instruction Fuzzy Hash: 21518C32A1CA92C5FB10FB74E8403AEA760EB41798F800235DA5E57AEADF78D145CB50
      Function 00007FF746D81A00 Relevance: 1.6, Strings: 1, Instructions: 323COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID: 27100
      • API String ID: 0-2886292763
      • Opcode ID: 6e4a6d859505b2f3c07ea4f32d8960a1d868a64456b9a277e269e8e1eb1d1e88
      • Instruction ID: b3f50c985fae0b2f1fe31aab8988adca91e8aa600fce9eff4e22aae87a6ba529
      • Opcode Fuzzy Hash: 6e4a6d859505b2f3c07ea4f32d8960a1d868a64456b9a277e269e8e1eb1d1e88
      • Instruction Fuzzy Hash: E7D19126B1D602C1FF14BA61EC547BFE3A1AB46B98F804630DD2A07BC6DF78D1498B50
      Function 00007FF746DACF9C Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • EnumSystemLocalesW.KERNEL32(?,?,?,?,00007FF746DC42C7,?,?,00000140,00007FF746DC4997), ref: 00007FF746DACFCD
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: EnumLocalesSystem
      • String ID:
      • API String ID: 2099609381-0
      • Opcode ID: 987e55d109183da88758b5caddb6c4ece99c384733c83da0ac54fc19a894a36d
      • Instruction ID: 164c6265fc70094de4e285df833dd2ae0ff80f953cf1022a8426768dd489f661
      • Opcode Fuzzy Hash: 987e55d109183da88758b5caddb6c4ece99c384733c83da0ac54fc19a894a36d
      • Instruction Fuzzy Hash: 11E0EC75E1EA22D5FF457B45FC82323E2A0BB58305FC04236C40E16764CF2CE0958720
      Function 00007FF746D76590 Relevance: .6, Instructions: 611COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 56002f7d27eb1eb39365d711a26b4f71e54e163b4668d0f80b23bc306ea981a8
      • Instruction ID: ad015363bf0b841af4e8986c8b9c825def1f6356c8c2d65412f4ed30bc2ba53c
      • Opcode Fuzzy Hash: 56002f7d27eb1eb39365d711a26b4f71e54e163b4668d0f80b23bc306ea981a8
      • Instruction Fuzzy Hash: 511292B7F3816057C35DCB29EC52F9A3692B7A4308749D428E706D2F08E63DFA159B44
      Function 00007FF746D77360 Relevance: .2, Instructions: 233COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Ios_base_dtorstd::ios_base::_
      • String ID:
      • API String ID: 323602529-0
      • Opcode ID: 61394798c055cc122092d47e7fc80b814d525bccadcad0948e68e49d4e1d6167
      • Instruction ID: 0cf527801d784b9a8650703ae46a15588f3d173090892b38cdfd2f54fc874541
      • Opcode Fuzzy Hash: 61394798c055cc122092d47e7fc80b814d525bccadcad0948e68e49d4e1d6167
      • Instruction Fuzzy Hash: 9CA1D322B2C69186EB14BB78EC453AEE661F781348F800539EA4D4BFDADF79D444CB50
      Function 00007FF746DCCB44 Relevance: 180.6, APIs: 85, Strings: 18, Instructions: 371libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: AddressConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionHandleLastModuleProcThrow
      • String ID: CreateRemoteThreadEx$CreateUmsCompletionList$CreateUmsThreadContext$DeleteProcThreadAttributeList$DeleteUmsCompletionList$DeleteUmsThreadContext$DequeueUmsCompletionListItems$EnterUmsSchedulingMode$ExecuteUmsThread$GetCurrentUmsThread$GetNextUmsListItem$GetUmsCompletionListEvent$InitializeProcThreadAttributeList$QueryUmsThreadInformation$SetUmsThreadInformation$UmsThreadYield$UpdateProcThreadAttribute$kernel32.dll
      • API String ID: 1942842289-2643937717
      • Opcode ID: 2beddd28d9a71738a41f93e85f78c5167e4941fd89a7b66c7690ebcdfcd8415d
      • Instruction ID: 971c36b47f11a7a3387bd34ba8cf1f6534bdb9b5e2d30ccc5063c1f53c48d154
      • Opcode Fuzzy Hash: 2beddd28d9a71738a41f93e85f78c5167e4941fd89a7b66c7690ebcdfcd8415d
      • Instruction Fuzzy Hash: 0302D824F0DA57D5EE08BB61EC542BAE2A1BF89784FC44035D94E47299EE3CE505CBB0
      Function 00007FF746DBA504 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 88synchronizationCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: CriticalExceptionResourceSectionThrowWaitstd::exception::exception$Concurrency::details::EnterEventLeaveManagerManager::~ObjectSingleSpin
      • String ID: pScheduler$version
      • API String ID: 699445218-3154422776
      • Opcode ID: 37124c8201fcf94d47151efbafb6cda6ec09a0aeebdb7ffeb8d655e1df7dfb0a
      • Instruction ID: efb839b5885ae97d936d38e6ce1214bcb424f33f9578333da51dfcf94e2a73f1
      • Opcode Fuzzy Hash: 37124c8201fcf94d47151efbafb6cda6ec09a0aeebdb7ffeb8d655e1df7dfb0a
      • Instruction Fuzzy Hash: 39415831A0DA56D2EF10FB54EC400BAE3A0FB84790F840132D65D43AA8DF7CE555CB60
      Function 00007FF746D8A9CB Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 377COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID:
      • String ID: bytes to file $content$new license data: trial license$writing $(b$Ub
      • API String ID: 0-3042556935
      • Opcode ID: 67f29d3554dbf294886c29468a21855e38c7c375944c9162ccc8094c270c95f0
      • Instruction ID: 3e7288a9970325f229cb17b3678f3fc90d3b0c6c222516318f0238090c1601c5
      • Opcode Fuzzy Hash: 67f29d3554dbf294886c29468a21855e38c7c375944c9162ccc8094c270c95f0
      • Instruction Fuzzy Hash: 9C123B6260CAC2C1EB35BB15E8453EBE765FB86784F840135E68D47A9AEF2CD548CF10
      Function 00007FF746D71920 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 114COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Exception$Throw$std::exception::exception$FileHeaderRaise
      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 4097400096-1866435925
      • Opcode ID: 20b84a5826d7b11eb14a7e140e936dd628b3824314bec0e49429d5af5ecbd604
      • Instruction ID: 87895f98acdfb174cd2191ce48c18ab39973dc626b7426ec0488fd63232c6567
      • Opcode Fuzzy Hash: 20b84a5826d7b11eb14a7e140e936dd628b3824314bec0e49429d5af5ecbd604
      • Instruction Fuzzy Hash: 30510636B0DB01D8EB14FF64D8A02EAB3A1FB4474CF804935DA1D46AA9DF79D119C760
      Function 00007FF746DB606C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 62COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DB9043,?,?,?,?,00007FF746DB9779), ref: 00007FF746DB6083
      • malloc.LIBCMT ref: 00007FF746DB6090
        • Part of subcall function 00007FF746DA5C2C: _FF_MSGBANNER.LIBCMT ref: 00007FF746DA5C5C
        • Part of subcall function 00007FF746DA5C2C: _NMSG_WRITE.LIBCMT ref: 00007FF746DA5C66
        • Part of subcall function 00007FF746DA5C2C: HeapAlloc.KERNEL32(?,?,00000000,00007FF746DAAE48,?,?,?,00007FF746DA93C0,?,?,?,00007FF746DA92BF), ref: 00007FF746DA5C81
        • Part of subcall function 00007FF746DA5C2C: _callnewh.LIBCMT ref: 00007FF746DA5C9A
        • Part of subcall function 00007FF746DA5C2C: _errno.LIBCMT ref: 00007FF746DA5CA5
        • Part of subcall function 00007FF746DA5C2C: _errno.LIBCMT ref: 00007FF746DA5CB0
        • Part of subcall function 00007FF746DAC2B0: SetLastError.KERNEL32(?,?,?,?,00007FF746DB6083,?,?,?,?,?,?,00000000,00007FF746DB9043), ref: 00007FF746DAC2D0
      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DB9043,?,?,?,?,00007FF746DB9779), ref: 00007FF746DB60BA
      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00007FF746DB60D3
      • _CxxThrowException.LIBCMT ref: 00007FF746DB60E4
      • _CxxThrowException.LIBCMT ref: 00007FF746DB6123
      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DB9043,?,?,?,?,00007FF746DB9779), ref: 00007FF746DB6129
      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00007FF746DB6142
      • _CxxThrowException.LIBCMT ref: 00007FF746DB6153
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ErrorLast$ExceptionThrow$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error_errno$AllocHeap_callnewhmalloc
      • String ID: bad allocation
      • API String ID: 1961218317-2104205924
      • Opcode ID: 0225e01ed3cd48f97f23321390d0bb6128aebccebbd389f9e5f25c7c7613fbfe
      • Instruction ID: 9a2dbacfe8ff5e768dd5433f315d76b2778501eedb18a8b518ea6f1e3fc47042
      • Opcode Fuzzy Hash: 0225e01ed3cd48f97f23321390d0bb6128aebccebbd389f9e5f25c7c7613fbfe
      • Instruction Fuzzy Hash: BF212C25B0CA47D1EE14BB62EC541BAE3A1FF84788F808431D64D47699EE3CE515CB60
      Function 00007FF746D82250 Relevance: 16.7, APIs: 11, Instructions: 171networkCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Cpp_errorThrow_std::_$Mtx_unlockclosesocketsetsockoptsocket$Concurrency::critical_section::unlockfreeaddrinfogetaddrinfoinet_ntop
      • String ID:
      • API String ID: 3148495818-0
      • Opcode ID: f604289629911277989480bb5d5973037388575b7524291c876a2ebb8b5018d2
      • Instruction ID: 5cbab12402b493107474df3d7bbb52f6cad61e10c03c784c5e56b36b71ce5f96
      • Opcode Fuzzy Hash: f604289629911277989480bb5d5973037388575b7524291c876a2ebb8b5018d2
      • Instruction Fuzzy Hash: 29815C36A0CA42C6EB20BF25E85436AF3A0EB48B54F944235DA9D477D5DF7CE481CB60
      Function 00007FF746DD89FC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 96COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrowstd::exception::exception$AffinitizeConcurrency::details::FreeObjectProcessorRoot::SignalVirtualWait
      • String ID: pContext$switchState
      • API String ID: 2521916644-2660820399
      • Opcode ID: a3473efad4469623265d71763c12b7fb0313d89ce7e337f260fd642833b2ecea
      • Instruction ID: a5ff626c3bc0f35be366805763fa91717d60f93caf7f68fe67070cda87041df2
      • Opcode Fuzzy Hash: a3473efad4469623265d71763c12b7fb0313d89ce7e337f260fd642833b2ecea
      • Instruction Fuzzy Hash: 3D419D76A0DB0AC2EF21FB01E84066AE3A0FB84B84F905131DB5D07BA8DE3CE555CB50
      Function 00007FF746DCACA0 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43threadCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrow$std::bad_exception::bad_exception$Concurrency::details::CurrentExecutionProxy::ResourceSchedulerThreadValuestd::exception::exception
      • String ID: pScheduler
      • API String ID: 2546527957-923244539
      • Opcode ID: 0a92d1236b80b8fdbef8a58dc719a057624d1992e7403410bef65b88da2779f8
      • Instruction ID: 54237b9cc119eeeaef6ba443a7d2cc1e6df11dc1ab994e3d0f24cd3f0846aa76
      • Opcode Fuzzy Hash: 0a92d1236b80b8fdbef8a58dc719a057624d1992e7403410bef65b88da2779f8
      • Instruction Fuzzy Hash: 21111C62A0CA46D1EE20FB05E8500BAE370FB84788FD44131EA8D476A9EF7CD645CB60
      Function 00007FF746DB248C Relevance: 13.6, APIs: 9, Instructions: 63COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
      • String ID:
      • API String ID: 2927645455-0
      • Opcode ID: a89aaae0539ade81d037064eb86fb358608727817e567aabedb7f0df4bab6221
      • Instruction ID: 736bb64ad4c830c4c591fe46d7289dbf3033f449c4211e13c00355d2c3d77333
      • Opcode Fuzzy Hash: a89aaae0539ade81d037064eb86fb358608727817e567aabedb7f0df4bab6221
      • Instruction Fuzzy Hash: 8121B322B0C686C5EF157F65AC9527FE5906F81B50FD80138D61E463DACE6CE841CB38
      Function 00007FF746D81EE0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: remove$FolderPath
      • String ID: .lic$.plist$aescripts\
      • API String ID: 2070512967-1236034080
      • Opcode ID: 50eeefc3062eecd178c5cc6e2785b66720f537c8fa5d53ec275a4f874a5f38b1
      • Instruction ID: ca6fc5c8c85b38471756f95775bb505f728aea0394e9a2af9e334afa91353597
      • Opcode Fuzzy Hash: 50eeefc3062eecd178c5cc6e2785b66720f537c8fa5d53ec275a4f874a5f38b1
      • Instruction Fuzzy Hash: 9D814F2261CA82C1EF10BB15E8543ABE761FB92764FD00235E6AD43AE9DF7DD444CB50
      Function 00007FF746DD87C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrow$std::bad_exception::bad_exception$std::exception::exception
      • String ID: pContext
      • API String ID: 3610078031-2046700901
      • Opcode ID: 1a10e65e9c3be4f5ef1747115894c9c672c718e4b042ef2fd29cfcd7c0986a62
      • Instruction ID: ac23afa2bdf826a0d173136dc5ad2936782d28aec14bf226add331d7720a04c0
      • Opcode Fuzzy Hash: 1a10e65e9c3be4f5ef1747115894c9c672c718e4b042ef2fd29cfcd7c0986a62
      • Instruction Fuzzy Hash: 0B116D65A0DA46D1EF54FB04E8501BAE3A0FF84B48FD04031DA5E476A9EE3CE549CB60
      Function 00007FF746DB1820 Relevance: 12.2, APIs: 8, Instructions: 168COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: free$Sleep_malloc_crtmalloc
      • String ID:
      • API String ID: 2523592665-0
      • Opcode ID: d538ba41b055fb1f9364d438104dd17988e7f216bec028accaf4dd629781d306
      • Instruction ID: 18d82d13a3ef6025ed6afec99a299475c6dbc579ca26e8155242b8995ee3f244
      • Opcode Fuzzy Hash: d538ba41b055fb1f9364d438104dd17988e7f216bec028accaf4dd629781d306
      • Instruction Fuzzy Hash: AB616126B0DB42E2EF14BB16ED4067AF2A0BB48B94F844135DE5D03B59DF3CE4658B50
      Function 00007FF746DC5F40 Relevance: 12.1, APIs: 8, Instructions: 132COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: CriticalSection$_lock$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt_mtinitlocknum
      • String ID:
      • API String ID: 854778215-0
      • Opcode ID: 08545cbb6868adf57ace4d267df997acc697e57f35bf43482b42d38d8ee1e828
      • Instruction ID: eafac65e29329b3f6ac5c84d76eb1f27d22a280518f03867fa71d16fa824ad7f
      • Opcode Fuzzy Hash: 08545cbb6868adf57ace4d267df997acc697e57f35bf43482b42d38d8ee1e828
      • Instruction Fuzzy Hash: FA51BC22A1C685C2EF24BB25DC4422AE3A5FF94B58F954135DA4D477D5CF3CE841CB60
      Function 00007FF746DB7370 Relevance: 12.0, APIs: 8, Instructions: 44threadCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Thread$Concurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorExceptionLastLibraryLoadThrow$PriorityReference
      • String ID:
      • API String ID: 2237552173-0
      • Opcode ID: 0cb42799f0be884d7e1ea55998eca801c8cc529737faef5f85796a878d6bb837
      • Instruction ID: 091891913cd8155ea5564a616ce24c33ed2e75f4a6a8198e563acb4f9195b841
      • Opcode Fuzzy Hash: 0cb42799f0be884d7e1ea55998eca801c8cc529737faef5f85796a878d6bb837
      • Instruction Fuzzy Hash: 63112A21A1DA43D6EF04B721EC543BBE2A1BF84B44F904531E95E86699EE3CE505CBA0
      Function 00007FF746DC7720 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
      • String ID:
      • API String ID: 1573762532-0
      • Opcode ID: d285b2bbadf80e2166a45276edc87aa0736bfca5b4ec6619b3545f8714ce3ff0
      • Instruction ID: 61874f2247e19a1b60357f73fb0858b070378b95a0996a5b72ee3734eda09fbc
      • Opcode Fuzzy Hash: d285b2bbadf80e2166a45276edc87aa0736bfca5b4ec6619b3545f8714ce3ff0
      • Instruction Fuzzy Hash: D041F262E0C29BC1EF647B1299405BBE6A0FF41B90FC84135EB89076C4DF2CE941DBA0
      Function 00007FF746DC125C Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
      • String ID:
      • API String ID: 781512312-0
      • Opcode ID: 0899df62475010d5ee482fa7f7096b6a796be90366d2c6e758e3543dec0c843c
      • Instruction ID: 23fff1183a3a95284265f3feaa35e09250190339d4ffe3fb8e9f93105a209bfc
      • Opcode Fuzzy Hash: 0899df62475010d5ee482fa7f7096b6a796be90366d2c6e758e3543dec0c843c
      • Instruction Fuzzy Hash: 9C412666E0C2B6C1EF60B7119C111BEF2A0EB44BA5FD44035E79907AC4DF2CE8528B60
      Function 00007FF746D9CD50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
      • String ID: bad cast
      • API String ID: 1776536810-3145022300
      • Opcode ID: b620016426c3c4f85725f080e70a896ebae7bd1f02c87cd46daec41abacdc0d6
      • Instruction ID: 7bf9d243953dc42283d1aa91d7eed6da6feb9bd5fa21b57dd452838450619d1a
      • Opcode Fuzzy Hash: b620016426c3c4f85725f080e70a896ebae7bd1f02c87cd46daec41abacdc0d6
      • Instruction Fuzzy Hash: 33315265A0CA12C1EE11BB15EC401BBE7A0FB95BA4F844231DA5E437E5EE3CE446CB20
      Function 00007FF746D9CC10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
      • String ID: bad cast
      • API String ID: 1776536810-3145022300
      • Opcode ID: 8a5555141b173215c6208a9c8aeb2d79524cb6a645284a8cc6ebc8768d1bb076
      • Instruction ID: e4bdb4cc5b23c68fd39b5aca68e2223038ba333034dd5437ff91b2c00a1bd61d
      • Opcode Fuzzy Hash: 8a5555141b173215c6208a9c8aeb2d79524cb6a645284a8cc6ebc8768d1bb076
      • Instruction Fuzzy Hash: A3315061A0DA12C1EE14BB15EC401BBE7A0FB95BA4FD40231DA5D137E5DE3CE546CB20
      Function 00007FF746D9C990 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
      • String ID: bad cast
      • API String ID: 1776536810-3145022300
      • Opcode ID: 0cb3c862abbe387d89923255385b267e96230e7d8c8512852b1ed9874cb265e9
      • Instruction ID: 2d3f1d025484e0fcc534db3190c70b5957c76f537954d97dbde33c17b2cd778e
      • Opcode Fuzzy Hash: 0cb3c862abbe387d89923255385b267e96230e7d8c8512852b1ed9874cb265e9
      • Instruction Fuzzy Hash: 74313E61A0CA12D1EE11FB15EC405ABE3A1FB957A4F844231DA5D137E6DF3CE846CB24
      Function 00007FF746D9CAD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
      • String ID: bad cast
      • API String ID: 1776536810-3145022300
      • Opcode ID: cf94a65d29a58edc82353b24941c8619b48cca9a216b557fe6a530e4c3d837b9
      • Instruction ID: cbba79fd69991f1aba74f42cb070d3babaed6e1610e09b507f67590d35c8a7b7
      • Opcode Fuzzy Hash: cf94a65d29a58edc82353b24941c8619b48cca9a216b557fe6a530e4c3d837b9
      • Instruction Fuzzy Hash: AB314F61A0CA12D1EE14BB15EC401ABF3A0FB95BA8FC44231DA5D437E5DE3CE446CB20
      Function 00007FF746D9BD00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
      • String ID: bad cast
      • API String ID: 1776536810-3145022300
      • Opcode ID: aa154f2c991e8ed59acf2e90d9ba5e8cd8cb48189b39342ab2e944e951774971
      • Instruction ID: 8d224be55ea883947f398560fd9a27bf9feea02384a5f902705517d40c0c1168
      • Opcode Fuzzy Hash: aa154f2c991e8ed59acf2e90d9ba5e8cd8cb48189b39342ab2e944e951774971
      • Instruction Fuzzy Hash: 4E314E21A0DA12C1EE10BB15EC401ABE3A1FF95BA4FD50231DA5E437A5DE3CE446CB20
      Function 00007FF746DB3574 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
      • String ID:
      • API String ID: 3191669884-0
      • Opcode ID: 0feb9feecc3329452ea8ec885c6d8bb3b47baf9b3ae0000ffeb1a2f89b7271b5
      • Instruction ID: 31137e49d4eeca4149c925496fd29c9955b2da0ed718401970814d2677842ea6
      • Opcode Fuzzy Hash: 0feb9feecc3329452ea8ec885c6d8bb3b47baf9b3ae0000ffeb1a2f89b7271b5
      • Instruction Fuzzy Hash: 3E319171A0C785D9EB20BB11D98067EF6A4FB94FE0F994131EA5D03799CF38E8419B60
      Function 00007FF746DD82F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrow$Concurrency::details::CoreDecrementEventProxy::SchedulerSubscriptionstd::bad_exception::bad_exceptionstd::exception::exception
      • String ID: pScheduler
      • API String ID: 627769529-923244539
      • Opcode ID: 4a65618706d70c55c2da5df99ba9c83219bbdc0a02742f42fd5244051ed5d83f
      • Instruction ID: d24ce3566c6b31040717204c4d48b16a539629397e15d9ec79a5e4468003e79d
      • Opcode Fuzzy Hash: 4a65618706d70c55c2da5df99ba9c83219bbdc0a02742f42fd5244051ed5d83f
      • Instruction Fuzzy Hash: 18013075A0CA0AD1EE14FB14E8500BAE361FF80B48FD01431EA5D4B6A5DF3CE546CB50
      Function 00007FF746DAA330 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd
      • String ID: MOC$RCC$csm
      • API String ID: 3186804695-2671469338
      • Opcode ID: 9cd19f3f06bc7988da1e9b1409e20964e5baf2f5a54db59486cd1313f4ff8454
      • Instruction ID: 0151432524ec98d23a17213daedaef80145b2f9f50fe538a0c05332d0be99e59
      • Opcode Fuzzy Hash: 9cd19f3f06bc7988da1e9b1409e20964e5baf2f5a54db59486cd1313f4ff8454
      • Instruction Fuzzy Hash: B6F01235D0C246C5EE557B5588453BAE1A0EF54B05FC98571C24802382CBBCE8809E62
      Function 00007FF746DB8D64 Relevance: 9.1, APIs: 6, Instructions: 103COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Concurrency::details::$Manager::ResourceVersion$CompletionCreateExceptionInformationListRetrieveSpinSystemThrowWaitstd::bad_exception::bad_exception
      • String ID:
      • API String ID: 1876357193-0
      • Opcode ID: 04b2fa28b64b16b95eb29dc48d225d5f6a05fa65057bac5eed109b2516558bb8
      • Instruction ID: 63f197ee89bfa65767f11a9f9a182a6f46aaff2ee3f7c0a4c5367cdae07f3f0f
      • Opcode Fuzzy Hash: 04b2fa28b64b16b95eb29dc48d225d5f6a05fa65057bac5eed109b2516558bb8
      • Instruction Fuzzy Hash: 3831A472E0C292D6EF687B15D80027EE391FF80F41FD44036E64D96699CE2DE9508B20
      Function 00007FF746D74770 Relevance: 9.1, APIs: 6, Instructions: 71networkCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ioctlsocket$ErrorLastconnectselect
      • String ID:
      • API String ID: 3923486878-0
      • Opcode ID: 03cf7c826b59199f0458c21940543876197c5f873f210f816771850b6b73a7d2
      • Instruction ID: 99a3501cc972cbe3836091bac4bc68bff287f7a6d841b9529954085dcd392e91
      • Opcode Fuzzy Hash: 03cf7c826b59199f0458c21940543876197c5f873f210f816771850b6b73a7d2
      • Instruction Fuzzy Hash: B021C522A1CA8186EB54BB25EC0466AF261BF89759FC45231E94E42BA4DF3CD4048F10
      Function 00007FF746D9D810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Getcvt$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__updatetlocinfo_getptdlocaleconv
      • String ID: false$true
      • API String ID: 379465546-2658103896
      • Opcode ID: 73d06d7626cf9a4e34ff0ac674d40b771966c80e8ed58987b3a410164db86684
      • Instruction ID: 26ec4a75d5317ce9120767a4139c879c4eda821380278f3f6b1ec51dc4989f51
      • Opcode Fuzzy Hash: 73d06d7626cf9a4e34ff0ac674d40b771966c80e8ed58987b3a410164db86684
      • Instruction Fuzzy Hash: 7931E32260CF81C2DF26BB21E94016AF7A1F755BE0B884236CAAE07395EF3CD159C750
      Function 00007FF746DAA233 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd$ExceptionRaise_getptd_noexit
      • String ID: csm
      • API String ID: 1742125525-1018135373
      • Opcode ID: 07e646bd3f459ca950e7042a5cd6759f866d2739a47ac95533c609a32ddd3d48
      • Instruction ID: 091a6f3f50ab5963be67ed55a7a9e7060f572b82a6bd5abe99d9c53213adb3ec
      • Opcode Fuzzy Hash: 07e646bd3f459ca950e7042a5cd6759f866d2739a47ac95533c609a32ddd3d48
      • Instruction Fuzzy Hash: 5521D636A0C641C6DA30AE52E44026EF761FB89BA5F444236DE9E07795CF3DE885CB50
      Function 00007FF746DC6334 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
      • String ID:
      • API String ID: 2998201375-0
      • Opcode ID: 5297c7b9408e9efefd71701747c1766c4c13969b4c72a5129c678fb0fd4e6d0e
      • Instruction ID: e544ba4c7769c37e2710a95425961f554d60f762623ccc3e845cd0ca6522a46f
      • Opcode Fuzzy Hash: 5297c7b9408e9efefd71701747c1766c4c13969b4c72a5129c678fb0fd4e6d0e
      • Instruction Fuzzy Hash: 10419D32B0C7C5C6EB60AF15AD5423AFAA1EF88B80F584135EB8947B95DF38D8518B50
      Function 00007FF746DC86D8 Relevance: 7.5, APIs: 5, Instructions: 43COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Work$Concurrency::details::List$ArrayQueueQueue::$AcquireBase::Concurrency::details::_CriticalDetachedEntryGroupInterlockedLock::_ReentrantReinitializeScheduleSegment
      • String ID:
      • API String ID: 935885060-0
      • Opcode ID: 012604970d0fc19f81394ac8f7f33d0d900d104ee6330319d1940e19e3f4b366
      • Instruction ID: c20e0d70101d471a5bdeb830ee326edb7986221d05a72efc615c97ea3676be08
      • Opcode Fuzzy Hash: 012604970d0fc19f81394ac8f7f33d0d900d104ee6330319d1940e19e3f4b366
      • Instruction Fuzzy Hash: D5110A25B1DB46C2EF64BB15E81073AE6A0EB85B94F940634DBAD073D9EF39D0108B50
      Function 00007FF746D712F0 Relevance: 7.5, APIs: 6, Instructions: 41COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: free$ErrorFreeHeapLast_errnosetlocale
      • String ID:
      • API String ID: 3944588114-0
      • Opcode ID: a129dca775d2206b801279d9bcf3f6d9b083367e658b8ec053318e3da434a495
      • Instruction ID: 686b7e42ea5004cfa7a9d6a91da990a8c90d3a630ce66bb88b6ba64d5c61dfcd
      • Opcode Fuzzy Hash: a129dca775d2206b801279d9bcf3f6d9b083367e658b8ec053318e3da434a495
      • Instruction Fuzzy Hash: 66013021B1E601C4EF58BF619CD157AE395FF84F84F980535D60E07A85CE28E890C6B1
      Function 00007FF746DC61E4 Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd_noexit$__doserrno_errno
      • String ID:
      • API String ID: 2964073243-0
      • Opcode ID: 0927e6ef729c9e596bf91f2aacf5c84096a56864d4d06e221d04a04a90b24eca
      • Instruction ID: 5fc2bf2fda96f2299d8fe11786b561fa793e1755a30ee97dd9526cb30bdf8aab
      • Opcode Fuzzy Hash: 0927e6ef729c9e596bf91f2aacf5c84096a56864d4d06e221d04a04a90b24eca
      • Instruction Fuzzy Hash: 8001ADB1F0E69AC4EE293B148C6937EE590AF91B21FD84335C52D063E2CF2CA0018A70
      Function 00007FF746DBC600 Relevance: 7.5, APIs: 5, Instructions: 29COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • Concurrency::details::_CriticalNonReentrantLock::_Acquire.LIBCMT ref: 00007FF746DBC61C
        • Part of subcall function 00007FF746DB66D0: _SpinWait.LIBCMT ref: 00007FF746DB66FF
      • Concurrency::details::SchedulerBase::UpdatePendingVersion.LIBCMT ref: 00007FF746DBC624
        • Part of subcall function 00007FF746DBFE00: Concurrency::details::SchedulerBase::ComputeSafePointCommitVersion.LIBCMT ref: 00007FF746DBFE09
      • Concurrency::details::SchedulerBase::CommitToVersion.LIBCMT ref: 00007FF746DBC630
      • Concurrency::details::_CriticalNonReentrantLock::_Acquire.LIBCMT ref: 00007FF746DBC638
      • Concurrency::details::SchedulerBase::UpdateCommitVersion.LIBCMT ref: 00007FF746DBC642
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Base::Concurrency::details::SchedulerVersion$Commit$AcquireConcurrency::details::_CriticalLock::_ReentrantUpdate$ComputePendingPointSafeSpinWait
      • String ID:
      • API String ID: 4127798528-0
      • Opcode ID: b752e140cde508a889828605ea4a5ff6bff43a6522ddf288ae4795b530531b87
      • Instruction ID: ba994f77274dbe570b1898d7589bf191d968d9d436e029eaa95145c4ebff4de7
      • Opcode Fuzzy Hash: b752e140cde508a889828605ea4a5ff6bff43a6522ddf288ae4795b530531b87
      • Instruction Fuzzy Hash: 49F09011F0C29291ED14BA226D411BFD210AF84FC0F841031EA0A0B75ACE2CD4428B90
      Function 00007FF746DA8CA0 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd$_inconsistency$DecodePointer_getptd_noexit
      • String ID:
      • API String ID: 3566995948-0
      • Opcode ID: db5a918070a374afb43049a900a9a587905e0fb94cbe37e2d6d5f365a64d4e94
      • Instruction ID: a14978698316f725bbf13830d7fd20109bd6a21616d81f4bffaa3b8ebaa9a8ac
      • Opcode Fuzzy Hash: db5a918070a374afb43049a900a9a587905e0fb94cbe37e2d6d5f365a64d4e94
      • Instruction Fuzzy Hash: F6F0F422E0D682D0EF517B51D4411BFE265AF48B40F8C4131EB4C07387DE68E8909F70
      Function 00007FF746D8AFC1 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 152COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _errnoremove$FolderPath_getptd_noexit
      • String ID: bytes to file $writing
      • API String ID: 1059067161-3905530474
      • Opcode ID: 6470c3c141038dd0d7531a56ba1d2c0fcef42c991189d2220646269d5382af48
      • Instruction ID: 4cc35f0712b5002eeffad2362f41c17bbf86104e9f3dc018908d449344b3641b
      • Opcode Fuzzy Hash: 6470c3c141038dd0d7531a56ba1d2c0fcef42c991189d2220646269d5382af48
      • Instruction Fuzzy Hash: 89611962A0D6C2D1EE20B711EC553EFE351AF96784FC04431D68D476AAEE2CE558CF60
      Function 00007FF746D96360 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 116COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrowXbad_allocstd::_
      • String ID: gfffffff$gfffffff$vector<T> too long
      • API String ID: 944563697-3862842194
      • Opcode ID: b72b5e22a1e6967b328d59947a3b1c2996316e6ef01403dbe5283b184ee46dcc
      • Instruction ID: b1baba3a1b55fcec572b181343139296d0849827d7b8cf004876e6fd6e53e13d
      • Opcode Fuzzy Hash: b72b5e22a1e6967b328d59947a3b1c2996316e6ef01403dbe5283b184ee46dcc
      • Instruction Fuzzy Hash: C731F5A1F0DB6AC2DE04BB4BBD04076D355BB59BC4B849432CE0D8B394EE3CE1468A12
      Function 00007FF746DA5CE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
      Download Yara Rule
      APIs
      • _getptd_noexit.LIBCMT ref: 00007FF746DA5CF0
        • Part of subcall function 00007FF746DB07D4: GetLastError.KERNEL32(?,?,?,00007FF746DA66D1,?,?,?,?,00007FF746DA5A35,?,?,?,00007FF746DA4EA0), ref: 00007FF746DB07DE
        • Part of subcall function 00007FF746DB07D4: _calloc_crt.LIBCMT ref: 00007FF746DB0801
        • Part of subcall function 00007FF746DB07D4: _initptd.LIBCMT ref: 00007FF746DB0825
        • Part of subcall function 00007FF746DB07D4: GetCurrentThreadId.KERNEL32 ref: 00007FF746DB082A
        • Part of subcall function 00007FF746DB07D4: SetLastError.KERNEL32(?,?,?,00007FF746DA66D1,?,?,?,?,00007FF746DA5A35,?,?,?,00007FF746DA4EA0), ref: 00007FF746DB0842
      • _calloc_crt.LIBCMT ref: 00007FF746DA5D20
      • _invoke_watson.LIBCMT ref: 00007FF746DA5D78
        • Part of subcall function 00007FF746DAD360: _call_reportfault.LIBCMT ref: 00007FF746DAD388
      Strings
      • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00007FF746DA5CFD
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ErrorLast_calloc_crt$CurrentThread_call_reportfault_getptd_noexit_initptd_invoke_watson
      • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
      • API String ID: 835963739-798102604
      • Opcode ID: e458e596050656dde5d0d4c743bcf5eb15964c97def0755c343391bd7b1bd0b9
      • Instruction ID: 13eba1f91a4e837a28c069dc04b2e71575a2fa1728759c5474a1cbd977a6ad0d
      • Opcode Fuzzy Hash: e458e596050656dde5d0d4c743bcf5eb15964c97def0755c343391bd7b1bd0b9
      • Instruction Fuzzy Hash: 7C117C26A0C606D2EE54BA2098453BFE290AF84B44F994435DA4D1BB86EE3CF840CB60
      Function 00007FF746DD45A4 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
      • String ID:
      • API String ID: 4151157258-0
      • Opcode ID: 36c0bb8c8628e5e199e1d459f3f3e4ff65f57ebdba7ca7f1b266bdbb24a60703
      • Instruction ID: 64a10ad21885e272b48ca5895767c4d839ffd7ccb10e87a217a9db653384e687
      • Opcode Fuzzy Hash: 36c0bb8c8628e5e199e1d459f3f3e4ff65f57ebdba7ca7f1b266bdbb24a60703
      • Instruction Fuzzy Hash: 8F219662A0C3A6C1EF617A1598502BFE690EB80BD4F9C4135E7AF47AC5DD2CD5418FA0
      Function 00007FF746DBC20C Relevance: 6.0, APIs: 4, Instructions: 30COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF746DBCA80: TlsGetValue.KERNEL32(?,?,?,?,00007FF746DBC21A), ref: 00007FF746DBCA8A
      • Concurrency::details::SchedulerBase::AttachExternalContext.LIBCMT ref: 00007FF746DBC224
        • Part of subcall function 00007FF746DBC274: TlsGetValue.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DBC8F8,?,?,?,00007FF746DAB153), ref: 00007FF746DBC28F
        • Part of subcall function 00007FF746DBC274: Concurrency::details::InternalContextBase::LeaveScheduler.LIBCMT ref: 00007FF746DBC2B0
        • Part of subcall function 00007FF746DBC274: Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00007FF746DBC2D3
      • Concurrency::details::SchedulerBase::ThrowSchedulerEvent.LIBCMT ref: 00007FF746DBC24B
        • Part of subcall function 00007FF746DBFC84: Concurrency::details::Etw::Trace.LIBCMT ref: 00007FF746DBFCF5
      • std::bad_exception::bad_exception.LIBCMT ref: 00007FF746DBC25B
      • _CxxThrowException.LIBCMT ref: 00007FF746DBC26C
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Concurrency::details::Scheduler$Base::$Context$ExternalThrowValue$AttachEtw::EventExceptionInternalLeaveTracestd::bad_exception::bad_exception
      • String ID:
      • API String ID: 3337661974-0
      • Opcode ID: a8ffa42869d0cca481dc8e7d30508a6de5a9f9c283b2c504f4a04659c1eefe2b
      • Instruction ID: 587ed1a56df1a5a3e4daeaf1f78382641b38aeef13ade24c5d367e123f082b0c
      • Opcode Fuzzy Hash: a8ffa42869d0cca481dc8e7d30508a6de5a9f9c283b2c504f4a04659c1eefe2b
      • Instruction Fuzzy Hash: 1EF090A1E0C153D2EE24BB949C501B7E350BF85B48F881030DA6D0B39ACD2DF8458F60
      Function 00007FF746DCA99C Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrowstd::bad_exception::bad_exception
      • String ID:
      • API String ID: 1480402491-0
      • Opcode ID: 52b6f9ac578ef59788abf9f234be2f52d284893acd74629aa72149f022c5e788
      • Instruction ID: c1c5bca316edc104e2e7d6f293983b0c0ffa4fa56b23d65eeff0da34f67be1a0
      • Opcode Fuzzy Hash: 52b6f9ac578ef59788abf9f234be2f52d284893acd74629aa72149f022c5e788
      • Instruction Fuzzy Hash: 7CF0EC61F1C95BD1EE10BB21EC511BBD361BF50388FD44031D98D465AADE2DD906CBA0
      Function 00007FF746DD9340 Relevance: 6.0, APIs: 4, Instructions: 21threadCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • SetThreadPriority.KERNEL32(?,?,?,?,?,?,?,?,00007FF746DCD610), ref: 00007FF746DD934B
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF746DCD610), ref: 00007FF746DD935A
      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00007FF746DD9373
      • _CxxThrowException.LIBCMT ref: 00007FF746DD9384
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastPriorityThreadThrow
      • String ID:
      • API String ID: 152467346-0
      • Opcode ID: bd81974e09e3a9616df76e0388476f62eaa7e0dc68a4e20fee498b5bbef2bd85
      • Instruction ID: c920185999d4ddf8fdf034d06149458500feeb5846704e65149974ac13f3cc9c
      • Opcode Fuzzy Hash: bd81974e09e3a9616df76e0388476f62eaa7e0dc68a4e20fee498b5bbef2bd85
      • Instruction Fuzzy Hash: 5CE03965E0CA46C6EF18BB26DC401BAE2A0FB88744FD04931D64D865A8EE3DE516CB60
      Function 00007FF746DBC9B4 Relevance: 6.0, APIs: 4, Instructions: 19timeCOMMON
      Download Yara Rule
      APIs
      • UnregisterWaitEx.KERNEL32 ref: 00007FF746DBC9C8
      • Concurrency::details::platform::__DeleteTimerQueueTimer.LIBCMT ref: 00007FF746DBC9DB
        • Part of subcall function 00007FF746DB6000: DeleteTimerQueueTimer.KERNEL32 ref: 00007FF746DB6030
      • CloseHandle.KERNEL32 ref: 00007FF746DBC9E7
      • Concurrency::details::SchedulerBase::Finalize.LIBCMT ref: 00007FF746DBC9F9
        • Part of subcall function 00007FF746DBCAA4: CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DBF973,?,?,00000000,00007FF746DBC335), ref: 00007FF746DBCACA
        • Part of subcall function 00007FF746DBCAA4: InterlockedFlushSList.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DBF973,?,?,00000000,00007FF746DBC335), ref: 00007FF746DBCB10
        • Part of subcall function 00007FF746DBCAA4: InterlockedFlushSList.KERNEL32(?,?,?,?,?,?,00000000,00007FF746DBF973,?,?,00000000,00007FF746DBC335), ref: 00007FF746DBCB53
        • Part of subcall function 00007FF746DBCAA4: Concurrency::details::SchedulerBase::ThrowSchedulerEvent.LIBCMT ref: 00007FF746DBCBB0
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Timer$Scheduler$Base::CloseConcurrency::details::DeleteFlushHandleInterlockedListQueue$Concurrency::details::platform::__EventFinalizeThrowUnregisterWait
      • String ID:
      • API String ID: 1020705008-0
      • Opcode ID: 5d5854dba2f339c7cf30f9e02c3e4fad926736d1f37232c3274770b9356adc06
      • Instruction ID: 36d305c1a6feddc1d351b2f178125208f91c4bf56426f045f7810c60c98e0440
      • Opcode Fuzzy Hash: 5d5854dba2f339c7cf30f9e02c3e4fad926736d1f37232c3274770b9356adc06
      • Instruction Fuzzy Hash: D6E0EDA1A09881C1FF547B779C552BEA220FB54FB5F981331DD3E091E9CE1991514A20
      Function 00007FF746D959D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Xbad_allocstd::_$ExceptionThrowmalloc
      • String ID: vector<T> too long
      • API String ID: 1779041212-3788999226
      • Opcode ID: 4d53f08d9b7ad03c66b59ad33f6aded35af7739e85ecd2f3f253366adc879c3a
      • Instruction ID: 532a1ba7dde4a333459f19380352d657d55e525ed4d164c867b8e2ee7ecfc2de
      • Opcode Fuzzy Hash: 4d53f08d9b7ad03c66b59ad33f6aded35af7739e85ecd2f3f253366adc879c3a
      • Instruction Fuzzy Hash: 0B51B562B0D781C2EF14BB16B80516AE295FB45BE0F548A32DEAD177D9EE3CE0418B10
      Function 00007FF746D96BF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: swprintf
      • String ID: %$+
      • API String ID: 233258989-2626897407
      • Opcode ID: 6fa85a4a5f98d9b2edd65c8fc52f8eaba122c580845481ee6f06e08475fe2951
      • Instruction ID: 2b31af7d4cc199fa4cc4f8348a55c554089b66b730ed12f97593a4c455e711ef
      • Opcode Fuzzy Hash: 6fa85a4a5f98d9b2edd65c8fc52f8eaba122c580845481ee6f06e08475fe2951
      • Instruction Fuzzy Hash: 1951D722A0CBC5C5FE26B724EC513BBE655AF96380FA44231EA4D16795EF2CE4498B10
      Function 00007FF746D96E30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: swprintf
      • String ID: %$+
      • API String ID: 233258989-2626897407
      • Opcode ID: ba670cdc73b5d295f30c137456232ec9728c73304c93483a7b7d5d2b88c9bbc0
      • Instruction ID: 5d663c3f4dbd75f5b02366a0dfd3a6dc66903da4a41f784b1837a917b30dc44e
      • Opcode Fuzzy Hash: ba670cdc73b5d295f30c137456232ec9728c73304c93483a7b7d5d2b88c9bbc0
      • Instruction Fuzzy Hash: B251D622A0CBC1C5FE65BB24EC513ABE651AF56784F848231EA4D52A95EF3CE4498B10
      Function 00007FF746D969F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: swprintf
      • String ID: %$+
      • API String ID: 233258989-2626897407
      • Opcode ID: bd2448649ee57e4d5998f2208d3a164235575cf06586aa510bff15654f418069
      • Instruction ID: 5612d2cf90b1cabad7833e5f121a50fddeb7eb05b160645c4974a1d99a30cd7c
      • Opcode Fuzzy Hash: bd2448649ee57e4d5998f2208d3a164235575cf06586aa510bff15654f418069
      • Instruction Fuzzy Hash: C121A05260C7C184FB21AB15E8417EBE7A1EB96784F848035DB8D07B96EF2CD50DCB51
      Function 00007FF746D96AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: swprintf
      • String ID: %$+
      • API String ID: 233258989-2626897407
      • Opcode ID: 4f884a797e3be12bfada8cb5e3661bfcc9e2ec278513ca55729cd4a6a98e770f
      • Instruction ID: 3e00ad23983d093c6deea4097b546d117729868e202fca34b59c918ec4061f68
      • Opcode Fuzzy Hash: 4f884a797e3be12bfada8cb5e3661bfcc9e2ec278513ca55729cd4a6a98e770f
      • Instruction Fuzzy Hash: 9A21A01260C7C185FB25AB15E8913EBF761EB96798F848035EB8C07B89EB2CD50DCB51
      Function 00007FF746D967F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: swprintf
      • String ID: %$+
      • API String ID: 233258989-2626897407
      • Opcode ID: 38663dba18d0d25d2075d16b7d25364ae185f2c545367c52f6517a1dd6074f36
      • Instruction ID: 5101bd07bee940c099039ca5b7a775bd2f0ee75ca00c6bce2262102d618662f7
      • Opcode Fuzzy Hash: 38663dba18d0d25d2075d16b7d25364ae185f2c545367c52f6517a1dd6074f36
      • Instruction Fuzzy Hash: D021A15260C7C185FB25AB54E8413EBF760EBAA794F844035EB8D03B89EF6CD149CB61
      Function 00007FF746D968F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: swprintf
      • String ID: %$+
      • API String ID: 233258989-2626897407
      • Opcode ID: c2ab8cbe4c38ac8b2161e06a6ed5e29d440f316e3521188a2708fde680d69b84
      • Instruction ID: 04cca84cfa9ba0caf26fbf7d5b8a4ac363dfce39ae59a4a7935d8a36f2ba6ae5
      • Opcode Fuzzy Hash: c2ab8cbe4c38ac8b2161e06a6ed5e29d440f316e3521188a2708fde680d69b84
      • Instruction Fuzzy Hash: 6A21BF5260C7C195FB21AB54E8413EBF760EB9A794F844035EACD03B89EF2CD049CB61
      Function 00007FF746DDBD9D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd
      • String ID: csm$csm
      • API String ID: 3186804695-3733052814
      • Opcode ID: 761bbdb581a1da8e2284ec1f21cb742ae57594a5225517d28d8f09f6c435668e
      • Instruction ID: 033ca54f09d7d0308e055a5f9e81391a91fff0700d3b53ff4ae7f32035e70517
      • Opcode Fuzzy Hash: 761bbdb581a1da8e2284ec1f21cb742ae57594a5225517d28d8f09f6c435668e
      • Instruction Fuzzy Hash: DC3141B7508B04CADB60BF26C4802697B71FB58B9CF851275E71D47B54CB35D890CB94
      Function 00007FF746DD70C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Exception$FileHeaderRaiseSleepThrow_malloc_crtmalloc
      • String ID: bad allocation
      • API String ID: 340456944-2104205924
      • Opcode ID: 35f1bc3740df1caf6d7d07bf89e0cc798afd3c848886c57562113992f615682e
      • Instruction ID: 3ee8c75777ba9af73c79dd49f583bab263bfe495d8a24ac9b0f3131d0a133588
      • Opcode Fuzzy Hash: 35f1bc3740df1caf6d7d07bf89e0cc798afd3c848886c57562113992f615682e
      • Instruction Fuzzy Hash: 2F217132608B42D2DB14BF15EC8016AF3A4FB94BA4B848235DBAD037A4DF3CD565CB50
      Function 00007FF746DAC77A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _handle_error
      • String ID: !$sqrt
      • API String ID: 1757819995-799759792
      • Opcode ID: 062c47d617d1b06cc8f9885f04ed537725f66ac90b938101cb89aa41ff868c8d
      • Instruction ID: 7a12b429b8839acb009354eff8c6c9a5b22225e8df1028c967bbe6aef2508771
      • Opcode Fuzzy Hash: 062c47d617d1b06cc8f9885f04ed537725f66ac90b938101cb89aa41ff868c8d
      • Instruction Fuzzy Hash: C5219572D1CB85C2DB51EF61A84136BE661FFDA7A4F600335EA6915BC9DB6CD0418F00
      Function 00007FF746DDBE91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _getptd$_inconsistency
      • String ID: csm
      • API String ID: 1773999731-1018135373
      • Opcode ID: cc382658ad257d6a53cdc3de2009e2b9ead7a3f4f7326b46ffc43048dfa9dc90
      • Instruction ID: 86f2eb64eeecbd252c4cb74b57d763a48a86c5651a828573e5e99a793606fb0f
      • Opcode Fuzzy Hash: cc382658ad257d6a53cdc3de2009e2b9ead7a3f4f7326b46ffc43048dfa9dc90
      • Instruction Fuzzy Hash: 4C012C6290C682C9DF60FE718C912BEE3A4EF54B99F841572DF1D8B745DE28D880CB50
      Function 00007FF746DCBB84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrowstd::exception::exception
      • String ID: pContext
      • API String ID: 4279132481-2046700901
      • Opcode ID: 9a9254acd0818dea865ed3536d1d2b2c234e7448caf268871d4950f6f5e143a4
      • Instruction ID: baa921f20cc572b49ca5522341096507c37d3910e2a247770ca81cc33a3e72db
      • Opcode Fuzzy Hash: 9a9254acd0818dea865ed3536d1d2b2c234e7448caf268871d4950f6f5e143a4
      • Instruction Fuzzy Hash: 5CF04666A0DB4AC1DE18FB01E98416AE3A1FF88BC4B848031DA9D07B28EF7CD154CB40
      Function 00007FF746DAC778 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: _handle_error
      • String ID: !$sqrt
      • API String ID: 1757819995-799759792
      • Opcode ID: 9ee81001ab96a3020d92c62d35741d9657c359ef35bf3942f53d73308bbadfc5
      • Instruction ID: 7c6348b69fd7c759541e06670a56850d8450bfacb979a4aff904654fff6f094e
      • Opcode Fuzzy Hash: 9ee81001ab96a3020d92c62d35741d9657c359ef35bf3942f53d73308bbadfc5
      • Instruction Fuzzy Hash: F2F08676E1CB85C2DA10EF51D841367E621EFEB7A4F504335EA5C19B88DB6CD0808F40
      Function 00007FF746DD0888 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: ExceptionThrowstd::exception::exception
      • String ID: pThreadProxy
      • API String ID: 4279132481-3651400591
      • Opcode ID: 3b6d5a5437ee8c8c730aa7db00305f52f2161aba5272be33be333d17a79e59f8
      • Instruction ID: fb8432d761d487edb983dac2b897515465960e42e02e35ee18ae01d27565890a
      • Opcode Fuzzy Hash: 3b6d5a5437ee8c8c730aa7db00305f52f2161aba5272be33be333d17a79e59f8
      • Instruction Fuzzy Hash: ADE01CB5A0CB4BD0DE14FB40F84419AE3A4FB84348FD04531D69C46A64DE7CD219CB50
      Function 00007FF746DD911D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2027370922.00007FF746D71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF746D70000, based on PE: true
      • Associated: 00000000.00000002.2027338420.00007FF746D70000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027426396.00007FF746DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027497628.00007FF746E03000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2027537069.00007FF746E0A000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff746d70000_1PI1dOAtKY.jbxd
      Similarity
      • API ID: Exceptionstd::bad_exception::bad_exception$FileHeaderRaiseThrow
      • String ID: Access violation - no RTTI data!
      • API String ID: 2866377151-2158758863
      • Opcode ID: 23997e88545030d1aea56eb2b441ca10bd2c9bedac894ae6f7fbeb74f77f7ac1
      • Instruction ID: ec05809e10a1992df7fff72f2032981202d5db26d380dc368eb02bb679bb7a58
      • Opcode Fuzzy Hash: 23997e88545030d1aea56eb2b441ca10bd2c9bedac894ae6f7fbeb74f77f7ac1
      • Instruction Fuzzy Hash: 09E01A26A1CA46D1DA41FB01F8817AAE320F784394FC11132EE1C43659DF39D98BCB50