Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
diCTAJuHTs.exe

Overview

General Information

Sample name:diCTAJuHTs.exe
renamed because original name is a hash value
Original sample name:9ecab398729b9a2e9d1c843707c40054.exe
Analysis ID:1580282
MD5:9ecab398729b9a2e9d1c843707c40054
SHA1:282b755423a18cf801f013694b9d4a4ff04a0d78
SHA256:68a7291a46870781bb9088ac64e7890087eb5ca851973c0d8d0b7566e650eabc
Tags:exeuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

  • System is w10x64
  • diCTAJuHTs.exe (PID: 7120 cmdline: "C:\Users\user\Desktop\diCTAJuHTs.exe" MD5: 9ECAB398729B9A2E9D1C843707C40054)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: diCTAJuHTs.exeVirustotal: Detection: 37%Perma Link
Source: diCTAJuHTs.exeReversingLabs: Detection: 42%
Source: diCTAJuHTs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF7DDF2C06C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7DDF21DAC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7DDF21DAC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2FF2C0_2_00007FF7DDF2FF2C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF197600_2_00007FF7DDF19760
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF11B800_2_00007FF7DDF11B80
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF17FCC0_2_00007FF7DDF17FCC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF22BE00_2_00007FF7DDF22BE0
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF287F40_2_00007FF7DDF287F4
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1E80C0_2_00007FF7DDF1E80C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF300100_2_00007FF7DDF30010
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF33C180_2_00007FF7DDF33C18
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2B13C0_2_00007FF7DDF2B13C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1A0600_2_00007FF7DDF1A060
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2C06C0_2_00007FF7DDF2C06C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2E0C00_2_00007FF7DDF2E0C0
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2E4EC0_2_00007FF7DDF2E4EC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1790D0_2_00007FF7DDF1790D
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2B13C0_2_00007FF7DDF2B13C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1E5A40_2_00007FF7DDF1E5A4
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF21DAC0_2_00007FF7DDF21DAC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF26DE00_2_00007FF7DDF26DE0
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF292000_2_00007FF7DDF29200
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF30A180_2_00007FF7DDF30A18
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF246840_2_00007FF7DDF24684
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF17AA40_2_00007FF7DDF17AA4
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF302A40_2_00007FF7DDF302A4
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF162D00_2_00007FF7DDF162D0
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF182D80_2_00007FF7DDF182D8
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF21DAC0_2_00007FF7DDF21DAC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF207000_2_00007FF7DDF20700
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: String function: 00007FF7DDF12760 appears 41 times
Source: classification engineClassification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF16FA0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7DDF16FA0
Source: diCTAJuHTs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\diCTAJuHTs.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: diCTAJuHTs.exeVirustotal: Detection: 37%
Source: diCTAJuHTs.exeReversingLabs: Detection: 42%
Source: C:\Users\user\Desktop\diCTAJuHTs.exeFile read: C:\Users\user\Desktop\diCTAJuHTs.exeJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\diCTAJuHTs.exeSection loaded: wintypes.dllJump to behavior
Source: diCTAJuHTs.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: diCTAJuHTs.exeStatic file information: File size 14444897 > 1048576
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: diCTAJuHTs.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: diCTAJuHTs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: diCTAJuHTs.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: diCTAJuHTs.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: diCTAJuHTs.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: diCTAJuHTs.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: diCTAJuHTs.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: diCTAJuHTs.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF13C90 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7DDF13C90
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-15779
Source: C:\Users\user\Desktop\diCTAJuHTs.exeAPI coverage: 6.7 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF7DDF2C06C
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7DDF21DAC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7DDF21DAC
Source: diCTAJuHTs.exeBinary or memory string: jqEMu
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF25750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7DDF25750
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF2DB48 GetProcessHeap,0_2_00007FF7DDF2DB48
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF25750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7DDF25750
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1B0C4 SetUnhandledExceptionFilter,0_2_00007FF7DDF1B0C4
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1A8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7DDF1A8DC
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1AEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7DDF1AEE0
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF33A60 cpuid 0_2_00007FF7DDF33A60
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF1ADC8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7DDF1ADC8
Source: C:\Users\user\Desktop\diCTAJuHTs.exeCode function: 0_2_00007FF7DDF30010 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7DDF30010
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
OS Credential Dumping2
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading
LSASS Memory21
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information
Security Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS13
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
diCTAJuHTs.exe38%VirustotalBrowse
diCTAJuHTs.exe42%ReversingLabsWin64.Trojan.Generic
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580282
Start date and time:2024-12-24 08:45:58 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 18s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:diCTAJuHTs.exe
renamed because original name is a hash value
Original Sample Name:9ecab398729b9a2e9d1c843707c40054.exe
Detection:MAL
Classification:mal48.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 98%
  • Number of executed functions: 25
  • Number of non-executed functions: 70
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Report size getting too big, too many NtSetInformationFile calls found.
No simulations
No context
No context
No context
No context
No context
No created / dropped files found
File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):7.9966455409097
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:diCTAJuHTs.exe
File size:14'444'897 bytes
MD5:9ecab398729b9a2e9d1c843707c40054
SHA1:282b755423a18cf801f013694b9d4a4ff04a0d78
SHA256:68a7291a46870781bb9088ac64e7890087eb5ca851973c0d8d0b7566e650eabc
SHA512:e99e4437c12d443f6458d337453ef829b209a0b68d0df64ba1fd3db26854552eae18fe1bf263c0b31c319fcc6ab766b3accb96b093b3000e89fb1e28a463e09c
SSDEEP:393216:bSatY8L2Vmd6melh2pOc/e+7G99YP0BmRFN+MebJ:bSai8yVmdKQpOun0ApiJ
TLSH:ABE6334053A00BD8F46A883388779517EB76F4AA579BDB8F875186600FB32FB9D71390
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'X.8c9.kc9.kc9.kwR.jh9.kwR.jd9.kwR.j.9.k.V#kg9.k1L.jE9.k1L.jr9.k1L.jj9.kwR.jh9.kc9.k.9.k.L.jp9.k.L.jb9.kRichc9.k...............
Icon Hash:00928e8e8686b000
Entrypoint:0x14000a8c8
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x6750E25E [Wed Dec 4 23:14:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:2
File Version Major:5
File Version Minor:2
Subsystem Version Major:5
Subsystem Version Minor:2
Import Hash:c5640c7a22008f949f9bc94a27623f95
Instruction
dec eax
sub esp, 28h
call 00007FE8FC61AA6Ch
dec eax
add esp, 28h
jmp 00007FE8FC61A3EFh
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0001A8D3h]
dec eax
mov ecx, ebx
call dword ptr [0001A8C2h]
call dword ptr [0001A83Ch]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [0001A8B8h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [0001A8ACh]
test eax, eax
je 00007FE8FC61A579h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [0003B6DAh]
call 00007FE8FC61A73Eh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [0003B7C1h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [0003B751h], eax
dec eax
mov eax, dword ptr [0003B7AAh]
dec eax
mov dword ptr [0003B61Bh], eax
dec eax
mov eax, dword ptr [esp+40h]
dec eax
mov dword ptr [0003B71Fh], eax
mov dword ptr [0003B5F5h], C0000409h
mov dword ptr [0003B5EFh], 00000001h
mov dword ptr [0003B5F9h], 00000001h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x35b180x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x5fc.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x480000x1de8.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c0000x748.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x339200x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x339400x138.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x250000x3e8.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x235d00x23600050ad070d74c0ab2baca6ee9c3b61b5dFalse0.5690426236749117data6.471510843579973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x250000x118980x11a0041b70ae4502758e24e137cafe311eeb7False0.4956504875886525PGP symmetric key encrypted data - Plaintext or unencrypted data5.711786264889031IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x370000x103980xc00b88590ca230f956ba7b5bffcbee69475False0.138671875data1.8589891596226968IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x480000x1de80x1e00626ab1518bc3687e03dacd39bbfde649False0.4921875data5.392285019157171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x4a0000xf40x2003fa4bb815d2865eb13ca6b140ccf210fFalse0.302734375data1.9616758456060694IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x4b0000x5fc0x600e9f38e874665b2f0eec96d08193b0b48False0.4609375data5.4060894423190256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x4c0000x7480x800ab10229e6319ea5b4dde9f2a80ec60f0False0.55322265625data5.222259043944798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x4b0580x5a2XML 1.0 document, ASCII text, with CRLF line terminators0.45145631067961167
DLLImport
USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetEnvironmentStringsW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetCommandLineW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RaiseException, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW
ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW
No network behavior found

Click to jump to process

Click to jump to process

Target ID:0
Start time:02:46:48
Start date:24/12/2024
Path:C:\Users\user\Desktop\diCTAJuHTs.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\diCTAJuHTs.exe"
Imagebase:0x7ff7ddf10000
File size:14'444'897 bytes
MD5 hash:9ECAB398729B9A2E9D1C843707C40054
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Reset < >

    Execution Graph

    Execution Coverage:4.9%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:10.9%
    Total number of Nodes:2000
    Total number of Limit Nodes:41
    execution_graph 14228 7ff7ddf1cca8 14229 7ff7ddf1ccca 14228->14229 14230 7ff7ddf1cced 14228->14230 14232 7ff7ddf1fc70 _findclose 13 API calls 14229->14232 14230->14229 14231 7ff7ddf1ccf2 14230->14231 14241 7ff7ddf1fba0 EnterCriticalSection 14231->14241 14234 7ff7ddf1cccf 14232->14234 14236 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14234->14236 14237 7ff7ddf1ccda 14236->14237 16735 7ff7ddf24534 16738 7ff7ddf244b8 16735->16738 16745 7ff7ddf2af44 EnterCriticalSection 16738->16745 16797 7ff7ddf2b13c 16798 7ff7ddf2b160 16797->16798 16801 7ff7ddf2b174 16797->16801 16799 7ff7ddf1fc70 _findclose 13 API calls 16798->16799 16800 7ff7ddf2b165 16799->16800 16802 7ff7ddf2b40e 16801->16802 16804 7ff7ddf2b1b7 16801->16804 16897 7ff7ddf2b780 16801->16897 16803 7ff7ddf1fc70 _findclose 13 API calls 16802->16803 16839 7ff7ddf2b243 16803->16839 16806 7ff7ddf2b213 16804->16806 16807 7ff7ddf2b1dd 16804->16807 16813 7ff7ddf2b207 16804->16813 16810 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16806->16810 16806->16839 16912 7ff7ddf24020 16807->16912 16808 7ff7ddf2b2c1 16816 7ff7ddf2b2de 16808->16816 16821 7ff7ddf2b330 16808->16821 16812 7ff7ddf2b229 16810->16812 16815 7ff7ddf259cc __free_lconv_num 13 API calls 16812->16815 16813->16808 16813->16839 16918 7ff7ddf316b0 16813->16918 16819 7ff7ddf2b237 16815->16819 16820 7ff7ddf259cc __free_lconv_num 13 API calls 16816->16820 16817 7ff7ddf2b1eb 16817->16813 16823 7ff7ddf2b780 33 API calls 16817->16823 16818 7ff7ddf259cc __free_lconv_num 13 API calls 16818->16800 16819->16813 16825 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16819->16825 16819->16839 16822 7ff7ddf2b2e7 16820->16822 16824 7ff7ddf2dab0 33 API calls 16821->16824 16821->16839 16830 7ff7ddf2b2ec 16822->16830 16954 7ff7ddf2dab0 16822->16954 16823->16813 16826 7ff7ddf2b36b 16824->16826 16827 7ff7ddf2b262 16825->16827 16828 7ff7ddf259cc __free_lconv_num 13 API calls 16826->16828 16832 7ff7ddf259cc __free_lconv_num 13 API calls 16827->16832 16828->16830 16834 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16830->16834 16830->16839 16831 7ff7ddf2b318 16833 7ff7ddf259cc __free_lconv_num 13 API calls 16831->16833 16832->16813 16833->16830 16835 7ff7ddf2b3b5 16834->16835 16836 7ff7ddf2b3fc 16835->16836 16837 7ff7ddf24c48 30 API calls 16835->16837 16838 7ff7ddf259cc __free_lconv_num 13 API calls 16836->16838 16840 7ff7ddf2b3cc 16837->16840 16838->16839 16839->16818 16841 7ff7ddf2b447 16840->16841 16842 7ff7ddf2b3d0 16840->16842 16844 7ff7ddf25984 _wfindfirst32i64 17 API calls 16841->16844 16963 7ff7ddf317c8 16842->16963 16846 7ff7ddf2b45b 16844->16846 16847 7ff7ddf2b484 16846->16847 16852 7ff7ddf2b498 16846->16852 16848 7ff7ddf1fc70 _findclose 13 API calls 16847->16848 16850 7ff7ddf2b489 16848->16850 16849 7ff7ddf1fc70 _findclose 13 API calls 16849->16836 16851 7ff7ddf2b72b 16853 7ff7ddf1fc70 _findclose 13 API calls 16851->16853 16852->16851 16854 7ff7ddf2b4d7 16852->16854 16982 7ff7ddf2b868 16852->16982 16858 7ff7ddf2b562 16853->16858 16856 7ff7ddf2b531 16854->16856 16859 7ff7ddf2b4ff 16854->16859 16863 7ff7ddf2b525 16854->16863 16856->16858 16861 7ff7ddf2b559 16856->16861 16864 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16856->16864 16857 7ff7ddf2b5e0 16871 7ff7ddf2b5fd 16857->16871 16877 7ff7ddf2b650 16857->16877 16869 7ff7ddf259cc __free_lconv_num 13 API calls 16858->16869 16997 7ff7ddf2405c 16859->16997 16861->16858 16861->16863 16865 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16861->16865 16863->16857 16863->16858 17003 7ff7ddf31570 16863->17003 16868 7ff7ddf2b54b 16864->16868 16870 7ff7ddf2b584 16865->16870 16867 7ff7ddf2b50d 16867->16863 16876 7ff7ddf2b868 33 API calls 16867->16876 16874 7ff7ddf259cc __free_lconv_num 13 API calls 16868->16874 16869->16850 16872 7ff7ddf259cc __free_lconv_num 13 API calls 16870->16872 16873 7ff7ddf259cc __free_lconv_num 13 API calls 16871->16873 16872->16863 16875 7ff7ddf2b606 16873->16875 16874->16861 16881 7ff7ddf2dab0 33 API calls 16875->16881 16883 7ff7ddf2b60c 16875->16883 16876->16863 16877->16858 16878 7ff7ddf2dab0 33 API calls 16877->16878 16879 7ff7ddf2b68c 16878->16879 16880 7ff7ddf259cc __free_lconv_num 13 API calls 16879->16880 16880->16883 16882 7ff7ddf2b638 16881->16882 16884 7ff7ddf259cc __free_lconv_num 13 API calls 16882->16884 16883->16858 16883->16883 16885 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16883->16885 16884->16883 16886 7ff7ddf2b6d7 16885->16886 16888 7ff7ddf2b0d4 _wfindfirst32i64 30 API calls 16886->16888 16896 7ff7ddf2b719 16886->16896 16887 7ff7ddf259cc __free_lconv_num 13 API calls 16887->16858 16889 7ff7ddf2b6ed 16888->16889 16890 7ff7ddf2b769 16889->16890 16891 7ff7ddf2b6f1 SetEnvironmentVariableW 16889->16891 16893 7ff7ddf25984 _wfindfirst32i64 17 API calls 16890->16893 16892 7ff7ddf2b714 16891->16892 16891->16896 16894 7ff7ddf1fc70 _findclose 13 API calls 16892->16894 16895 7ff7ddf2b77d 16893->16895 16894->16896 16896->16887 16898 7ff7ddf2b79d 16897->16898 16899 7ff7ddf2b7b5 16897->16899 16898->16804 16900 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16899->16900 16907 7ff7ddf2b7d9 16900->16907 16901 7ff7ddf2b85e 16903 7ff7ddf24ca8 33 API calls 16901->16903 16902 7ff7ddf2b83a 16905 7ff7ddf259cc __free_lconv_num 13 API calls 16902->16905 16904 7ff7ddf2b864 16903->16904 16905->16898 16906 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16906->16907 16907->16901 16907->16902 16907->16906 16908 7ff7ddf259cc __free_lconv_num 13 API calls 16907->16908 16909 7ff7ddf24c48 30 API calls 16907->16909 16910 7ff7ddf2b849 16907->16910 16908->16907 16909->16907 16911 7ff7ddf25984 _wfindfirst32i64 17 API calls 16910->16911 16911->16901 16913 7ff7ddf24030 16912->16913 16916 7ff7ddf24039 16912->16916 16913->16916 17027 7ff7ddf23b2c 16913->17027 16916->16802 16916->16817 16919 7ff7ddf316bd 16918->16919 16920 7ff7ddf30854 16918->16920 16922 7ff7ddf1da10 33 API calls 16919->16922 16921 7ff7ddf30861 16920->16921 16929 7ff7ddf30897 16920->16929 16923 7ff7ddf1fc70 _findclose 13 API calls 16921->16923 16942 7ff7ddf30808 16921->16942 16925 7ff7ddf316f1 16922->16925 16926 7ff7ddf3086b 16923->16926 16924 7ff7ddf308c1 16927 7ff7ddf1fc70 _findclose 13 API calls 16924->16927 16928 7ff7ddf316f6 16925->16928 16933 7ff7ddf31707 16925->16933 16934 7ff7ddf3171e 16925->16934 16931 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16926->16931 16932 7ff7ddf308c6 16927->16932 16928->16813 16929->16924 16930 7ff7ddf308e6 16929->16930 16939 7ff7ddf1da10 33 API calls 16930->16939 16944 7ff7ddf308d1 16930->16944 16936 7ff7ddf30876 16931->16936 16937 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16932->16937 16935 7ff7ddf1fc70 _findclose 13 API calls 16933->16935 16940 7ff7ddf3173a 16934->16940 16941 7ff7ddf31728 16934->16941 16938 7ff7ddf3170c 16935->16938 16936->16813 16937->16944 16943 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16938->16943 16939->16944 16946 7ff7ddf3174b 16940->16946 16947 7ff7ddf31762 16940->16947 16945 7ff7ddf1fc70 _findclose 13 API calls 16941->16945 16942->16813 16943->16928 16944->16813 16949 7ff7ddf3172d 16945->16949 17252 7ff7ddf308a4 16946->17252 17261 7ff7ddf33410 16947->17261 16952 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16949->16952 16952->16928 16953 7ff7ddf1fc70 _findclose 13 API calls 16953->16928 16955 7ff7ddf2dad2 16954->16955 16956 7ff7ddf2daef 16954->16956 16955->16956 16957 7ff7ddf2dae0 16955->16957 16962 7ff7ddf2daf9 16956->16962 17296 7ff7ddf32158 16956->17296 16958 7ff7ddf1fc70 _findclose 13 API calls 16957->16958 16961 7ff7ddf2dae5 __scrt_get_show_window_mode 16958->16961 16961->16831 17303 7ff7ddf32194 16962->17303 16964 7ff7ddf1da10 33 API calls 16963->16964 16965 7ff7ddf3182e 16964->16965 16966 7ff7ddf297f0 5 API calls 16965->16966 16967 7ff7ddf3183c 16965->16967 16966->16967 16968 7ff7ddf1fd6c 16 API calls 16967->16968 16969 7ff7ddf31894 16968->16969 16970 7ff7ddf31920 16969->16970 16971 7ff7ddf1da10 33 API calls 16969->16971 16973 7ff7ddf31931 16970->16973 16974 7ff7ddf259cc __free_lconv_num 13 API calls 16970->16974 16972 7ff7ddf318a7 16971->16972 16976 7ff7ddf297f0 5 API calls 16972->16976 16978 7ff7ddf318b0 16972->16978 16975 7ff7ddf2b3f3 16973->16975 16977 7ff7ddf259cc __free_lconv_num 13 API calls 16973->16977 16974->16973 16975->16836 16975->16849 16976->16978 16977->16975 16979 7ff7ddf1fd6c 16 API calls 16978->16979 16980 7ff7ddf31907 16979->16980 16980->16970 16981 7ff7ddf3190f SetEnvironmentVariableW 16980->16981 16981->16970 16983 7ff7ddf2b8a8 16982->16983 16990 7ff7ddf2b88b 16982->16990 16984 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16983->16984 16992 7ff7ddf2b8cc 16984->16992 16985 7ff7ddf2b950 16986 7ff7ddf24ca8 33 API calls 16985->16986 16988 7ff7ddf2b956 16986->16988 16987 7ff7ddf2b92d 16989 7ff7ddf259cc __free_lconv_num 13 API calls 16987->16989 16989->16990 16990->16854 16991 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 16991->16992 16992->16985 16992->16987 16992->16991 16993 7ff7ddf259cc __free_lconv_num 13 API calls 16992->16993 16994 7ff7ddf2b0d4 _wfindfirst32i64 30 API calls 16992->16994 16995 7ff7ddf2b93c 16992->16995 16993->16992 16994->16992 16996 7ff7ddf25984 _wfindfirst32i64 17 API calls 16995->16996 16996->16985 16998 7ff7ddf2406c 16997->16998 16999 7ff7ddf24075 16997->16999 16998->16999 17315 7ff7ddf23b98 16998->17315 16999->16851 16999->16867 17004 7ff7ddf3157d 17003->17004 17008 7ff7ddf315aa 17003->17008 17005 7ff7ddf31582 17004->17005 17004->17008 17007 7ff7ddf1fc70 _findclose 13 API calls 17005->17007 17006 7ff7ddf315e2 __crtLCMapStringW 17006->16863 17010 7ff7ddf31587 17007->17010 17008->17006 17009 7ff7ddf315ee 17008->17009 17012 7ff7ddf3160d 17008->17012 17011 7ff7ddf1fc70 _findclose 13 API calls 17009->17011 17013 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17010->17013 17014 7ff7ddf315f3 17011->17014 17015 7ff7ddf31629 17012->17015 17016 7ff7ddf31617 17012->17016 17017 7ff7ddf31592 17013->17017 17019 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17014->17019 17018 7ff7ddf1da10 33 API calls 17015->17018 17020 7ff7ddf1fc70 _findclose 13 API calls 17016->17020 17017->16863 17021 7ff7ddf31636 17018->17021 17019->17006 17022 7ff7ddf3161c 17020->17022 17021->17006 17357 7ff7ddf32ff0 17021->17357 17023 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17022->17023 17023->17006 17026 7ff7ddf1fc70 _findclose 13 API calls 17026->17006 17028 7ff7ddf23b45 17027->17028 17037 7ff7ddf23b41 17027->17037 17047 7ff7ddf2ccf4 17028->17047 17033 7ff7ddf23b57 17035 7ff7ddf259cc __free_lconv_num 13 API calls 17033->17035 17035->17037 17037->16916 17039 7ff7ddf23e60 17037->17039 17038 7ff7ddf259cc __free_lconv_num 13 API calls 17038->17033 17040 7ff7ddf23e7f 17039->17040 17045 7ff7ddf23e92 17039->17045 17040->16916 17041 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17041->17045 17042 7ff7ddf23f24 17043 7ff7ddf259cc __free_lconv_num 13 API calls 17042->17043 17043->17040 17044 7ff7ddf2a890 WideCharToMultiByte 17044->17045 17045->17040 17045->17041 17045->17042 17045->17044 17046 7ff7ddf259cc __free_lconv_num 13 API calls 17045->17046 17046->17045 17048 7ff7ddf23b4a 17047->17048 17049 7ff7ddf2cd01 17047->17049 17053 7ff7ddf2d02c GetEnvironmentStringsW 17048->17053 17082 7ff7ddf285b8 17049->17082 17054 7ff7ddf2d05a 17053->17054 17055 7ff7ddf2d0fc 17053->17055 17058 7ff7ddf2a890 WideCharToMultiByte 17054->17058 17056 7ff7ddf23b4f 17055->17056 17057 7ff7ddf2d106 FreeEnvironmentStringsW 17055->17057 17056->17033 17065 7ff7ddf23c00 17056->17065 17057->17056 17059 7ff7ddf2d0ac 17058->17059 17059->17055 17060 7ff7ddf27d90 _fread_nolock 14 API calls 17059->17060 17061 7ff7ddf2d0bb 17060->17061 17062 7ff7ddf2d0e5 17061->17062 17063 7ff7ddf2a890 WideCharToMultiByte 17061->17063 17064 7ff7ddf259cc __free_lconv_num 13 API calls 17062->17064 17063->17062 17064->17055 17066 7ff7ddf23c27 17065->17066 17067 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17066->17067 17077 7ff7ddf23c5c 17067->17077 17068 7ff7ddf259cc __free_lconv_num 13 API calls 17070 7ff7ddf23b64 17068->17070 17069 7ff7ddf23ccb 17069->17068 17070->17038 17071 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17071->17077 17072 7ff7ddf23cbc 17246 7ff7ddf23e1c 17072->17246 17074 7ff7ddf24c48 30 API calls 17074->17077 17076 7ff7ddf259cc __free_lconv_num 13 API calls 17076->17069 17077->17069 17077->17071 17077->17072 17077->17074 17078 7ff7ddf23cf3 17077->17078 17080 7ff7ddf259cc __free_lconv_num 13 API calls 17077->17080 17079 7ff7ddf25984 _wfindfirst32i64 17 API calls 17078->17079 17081 7ff7ddf23d05 17079->17081 17080->17077 17083 7ff7ddf285c9 17082->17083 17084 7ff7ddf285ce 17082->17084 17086 7ff7ddf29998 _invalid_parameter_noinfo 6 API calls 17083->17086 17085 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 17084->17085 17088 7ff7ddf285d6 17084->17088 17087 7ff7ddf285ed 17085->17087 17086->17084 17087->17088 17089 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17087->17089 17090 7ff7ddf24ca8 33 API calls 17088->17090 17095 7ff7ddf28650 17088->17095 17091 7ff7ddf28600 17089->17091 17092 7ff7ddf2865e 17090->17092 17093 7ff7ddf2861e 17091->17093 17094 7ff7ddf2860e 17091->17094 17097 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 17093->17097 17096 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 17094->17096 17107 7ff7ddf2ca7c 17095->17107 17098 7ff7ddf28615 17096->17098 17099 7ff7ddf28626 17097->17099 17104 7ff7ddf259cc __free_lconv_num 13 API calls 17098->17104 17100 7ff7ddf2862a 17099->17100 17101 7ff7ddf2863c 17099->17101 17102 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 17100->17102 17103 7ff7ddf28294 _invalid_parameter_noinfo 13 API calls 17101->17103 17102->17098 17105 7ff7ddf28644 17103->17105 17104->17088 17106 7ff7ddf259cc __free_lconv_num 13 API calls 17105->17106 17106->17088 17125 7ff7ddf2cc3c 17107->17125 17109 7ff7ddf2caa5 17140 7ff7ddf2c788 17109->17140 17112 7ff7ddf2cabf 17112->17048 17113 7ff7ddf27d90 _fread_nolock 14 API calls 17114 7ff7ddf2cad0 17113->17114 17121 7ff7ddf2cb6b 17114->17121 17147 7ff7ddf2cd70 17114->17147 17115 7ff7ddf259cc __free_lconv_num 13 API calls 17115->17112 17118 7ff7ddf2cb66 17119 7ff7ddf1fc70 _findclose 13 API calls 17118->17119 17119->17121 17120 7ff7ddf2cbc8 17120->17121 17158 7ff7ddf2c5cc 17120->17158 17121->17115 17122 7ff7ddf2cb8b 17122->17120 17123 7ff7ddf259cc __free_lconv_num 13 API calls 17122->17123 17123->17120 17126 7ff7ddf2cc5f 17125->17126 17127 7ff7ddf2cc69 17126->17127 17173 7ff7ddf2af44 EnterCriticalSection 17126->17173 17129 7ff7ddf2ccdb 17127->17129 17132 7ff7ddf24ca8 33 API calls 17127->17132 17129->17109 17133 7ff7ddf2ccf3 17132->17133 17136 7ff7ddf285b8 33 API calls 17133->17136 17139 7ff7ddf2cd46 17133->17139 17137 7ff7ddf2cd30 17136->17137 17138 7ff7ddf2ca7c 43 API calls 17137->17138 17138->17139 17139->17109 17141 7ff7ddf1da10 33 API calls 17140->17141 17142 7ff7ddf2c79c 17141->17142 17143 7ff7ddf2c7ba 17142->17143 17144 7ff7ddf2c7a8 GetOEMCP 17142->17144 17145 7ff7ddf2c7bf GetACP 17143->17145 17146 7ff7ddf2c7cf 17143->17146 17144->17146 17145->17146 17146->17112 17146->17113 17148 7ff7ddf2c788 35 API calls 17147->17148 17149 7ff7ddf2cd9b 17148->17149 17151 7ff7ddf2cdd8 IsValidCodePage 17149->17151 17155 7ff7ddf2ce1b __scrt_get_show_window_mode 17149->17155 17150 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 17152 7ff7ddf2cb5f 17150->17152 17153 7ff7ddf2cde9 17151->17153 17151->17155 17152->17118 17152->17122 17154 7ff7ddf2ce20 GetCPInfo 17153->17154 17157 7ff7ddf2cdf2 __scrt_get_show_window_mode 17153->17157 17154->17155 17154->17157 17155->17150 17174 7ff7ddf2c898 17157->17174 17245 7ff7ddf2af44 EnterCriticalSection 17158->17245 17175 7ff7ddf2c8d5 GetCPInfo 17174->17175 17184 7ff7ddf2c9cb 17174->17184 17176 7ff7ddf2c8e8 17175->17176 17175->17184 17185 7ff7ddf2d514 17176->17185 17177 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 17179 7ff7ddf2ca64 17177->17179 17179->17155 17183 7ff7ddf320a8 37 API calls 17183->17184 17184->17177 17186 7ff7ddf1da10 33 API calls 17185->17186 17187 7ff7ddf2d556 17186->17187 17188 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17187->17188 17190 7ff7ddf2d58c 17188->17190 17189 7ff7ddf2d593 17193 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 17189->17193 17190->17189 17191 7ff7ddf2d5b8 __scrt_get_show_window_mode 17190->17191 17192 7ff7ddf27d90 _fread_nolock 14 API calls 17190->17192 17195 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17191->17195 17196 7ff7ddf2d650 17191->17196 17192->17191 17194 7ff7ddf2c95f 17193->17194 17200 7ff7ddf320a8 17194->17200 17197 7ff7ddf2d632 17195->17197 17196->17189 17198 7ff7ddf259cc __free_lconv_num 13 API calls 17196->17198 17197->17196 17199 7ff7ddf2d636 GetStringTypeW 17197->17199 17198->17189 17199->17196 17201 7ff7ddf1da10 33 API calls 17200->17201 17202 7ff7ddf320cd 17201->17202 17205 7ff7ddf31d90 17202->17205 17206 7ff7ddf31dd2 17205->17206 17207 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17206->17207 17211 7ff7ddf31e1c 17207->17211 17208 7ff7ddf3205b 17209 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 17208->17209 17210 7ff7ddf2c992 17209->17210 17210->17183 17211->17208 17212 7ff7ddf27d90 _fread_nolock 14 API calls 17211->17212 17215 7ff7ddf31e4f 17211->17215 17212->17215 17213 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17214 7ff7ddf31ec1 17213->17214 17216 7ff7ddf31f53 17214->17216 17233 7ff7ddf29a98 17214->17233 17215->17213 17215->17216 17216->17208 17218 7ff7ddf259cc __free_lconv_num 13 API calls 17216->17218 17218->17208 17220 7ff7ddf31f62 17222 7ff7ddf31f7c 17220->17222 17223 7ff7ddf27d90 _fread_nolock 14 API calls 17220->17223 17221 7ff7ddf31f10 17221->17216 17224 7ff7ddf29a98 __crtLCMapStringW 6 API calls 17221->17224 17222->17216 17225 7ff7ddf29a98 __crtLCMapStringW 6 API calls 17222->17225 17223->17222 17224->17216 17227 7ff7ddf31ffd 17225->17227 17226 7ff7ddf32032 17226->17216 17228 7ff7ddf259cc __free_lconv_num 13 API calls 17226->17228 17227->17226 17239 7ff7ddf2a890 17227->17239 17228->17216 17234 7ff7ddf295c8 try_get_function 5 API calls 17233->17234 17235 7ff7ddf29ad6 17234->17235 17236 7ff7ddf29adb 17235->17236 17242 7ff7ddf29b74 17235->17242 17236->17216 17236->17220 17236->17221 17238 7ff7ddf29b37 LCMapStringW 17238->17236 17241 7ff7ddf2a8b3 WideCharToMultiByte 17239->17241 17243 7ff7ddf295c8 try_get_function 5 API calls 17242->17243 17244 7ff7ddf29ba2 __crtLCMapStringW 17243->17244 17244->17238 17250 7ff7ddf23e21 17246->17250 17251 7ff7ddf23cc4 17246->17251 17247 7ff7ddf23e4a 17249 7ff7ddf259cc __free_lconv_num 13 API calls 17247->17249 17248 7ff7ddf259cc __free_lconv_num 13 API calls 17248->17250 17249->17251 17250->17247 17250->17248 17251->17076 17253 7ff7ddf308d8 17252->17253 17254 7ff7ddf308c1 17252->17254 17253->17254 17256 7ff7ddf308e6 17253->17256 17255 7ff7ddf1fc70 _findclose 13 API calls 17254->17255 17257 7ff7ddf308c6 17255->17257 17259 7ff7ddf1da10 33 API calls 17256->17259 17260 7ff7ddf308d1 17256->17260 17258 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17257->17258 17258->17260 17259->17260 17260->16928 17262 7ff7ddf1da10 33 API calls 17261->17262 17263 7ff7ddf33435 17262->17263 17266 7ff7ddf330b0 17263->17266 17270 7ff7ddf330fa 17266->17270 17267 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 17268 7ff7ddf31789 17267->17268 17268->16928 17268->16953 17269 7ff7ddf33181 17271 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17269->17271 17277 7ff7ddf33185 17269->17277 17270->17269 17272 7ff7ddf3316c GetCPInfo 17270->17272 17270->17277 17273 7ff7ddf33219 17271->17273 17272->17269 17272->17277 17274 7ff7ddf3324c 17273->17274 17275 7ff7ddf27d90 _fread_nolock 14 API calls 17273->17275 17273->17277 17276 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17274->17276 17279 7ff7ddf333c9 17274->17279 17275->17274 17278 7ff7ddf332bb 17276->17278 17277->17267 17278->17279 17280 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17278->17280 17279->17277 17281 7ff7ddf259cc __free_lconv_num 13 API calls 17279->17281 17282 7ff7ddf332e1 17280->17282 17281->17277 17282->17279 17283 7ff7ddf27d90 _fread_nolock 14 API calls 17282->17283 17285 7ff7ddf3330a 17282->17285 17283->17285 17284 7ff7ddf2a0b0 _fread_nolock MultiByteToWideChar 17286 7ff7ddf3337b 17284->17286 17285->17284 17287 7ff7ddf333ad 17285->17287 17286->17287 17290 7ff7ddf2982c 17286->17290 17287->17279 17289 7ff7ddf259cc __free_lconv_num 13 API calls 17287->17289 17289->17279 17291 7ff7ddf295c8 try_get_function 5 API calls 17290->17291 17292 7ff7ddf2986a 17291->17292 17293 7ff7ddf2986f 17292->17293 17294 7ff7ddf29b74 __crtLCMapStringW 5 API calls 17292->17294 17293->17287 17295 7ff7ddf298cb CompareStringW 17294->17295 17295->17293 17297 7ff7ddf3217a HeapSize 17296->17297 17298 7ff7ddf32161 17296->17298 17299 7ff7ddf1fc70 _findclose 13 API calls 17298->17299 17300 7ff7ddf32166 17299->17300 17301 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17300->17301 17302 7ff7ddf32171 17301->17302 17302->16962 17304 7ff7ddf321a9 17303->17304 17305 7ff7ddf321b3 17303->17305 17306 7ff7ddf27d90 _fread_nolock 14 API calls 17304->17306 17307 7ff7ddf321b8 17305->17307 17314 7ff7ddf321bf _invalid_parameter_noinfo 17305->17314 17312 7ff7ddf321b1 17306->17312 17308 7ff7ddf259cc __free_lconv_num 13 API calls 17307->17308 17308->17312 17309 7ff7ddf321f2 HeapReAlloc 17309->17312 17309->17314 17310 7ff7ddf321c5 17311 7ff7ddf1fc70 _findclose 13 API calls 17310->17311 17311->17312 17312->16961 17313 7ff7ddf2dc34 _invalid_parameter_noinfo 2 API calls 17313->17314 17314->17309 17314->17310 17314->17313 17316 7ff7ddf23bb1 17315->17316 17323 7ff7ddf23bad 17315->17323 17333 7ff7ddf2d130 GetEnvironmentStringsW 17316->17333 17319 7ff7ddf23bbe 17322 7ff7ddf259cc __free_lconv_num 13 API calls 17319->17322 17322->17323 17323->16999 17325 7ff7ddf23f34 17323->17325 17324 7ff7ddf259cc __free_lconv_num 13 API calls 17324->17319 17326 7ff7ddf23f4f 17325->17326 17328 7ff7ddf23f62 17325->17328 17326->16999 17327 7ff7ddf2a0b0 MultiByteToWideChar _fread_nolock 17327->17328 17328->17326 17328->17327 17329 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17328->17329 17330 7ff7ddf23fd8 17328->17330 17332 7ff7ddf259cc __free_lconv_num 13 API calls 17328->17332 17329->17328 17331 7ff7ddf259cc __free_lconv_num 13 API calls 17330->17331 17331->17326 17332->17328 17334 7ff7ddf23bb6 17333->17334 17335 7ff7ddf2d154 17333->17335 17334->17319 17340 7ff7ddf23d08 17334->17340 17336 7ff7ddf27d90 _fread_nolock 14 API calls 17335->17336 17338 7ff7ddf2d18e memcpy_s 17336->17338 17337 7ff7ddf259cc __free_lconv_num 13 API calls 17339 7ff7ddf2d1ae FreeEnvironmentStringsW 17337->17339 17338->17337 17339->17334 17341 7ff7ddf23d30 17340->17341 17342 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17341->17342 17352 7ff7ddf23d6b 17342->17352 17343 7ff7ddf23de0 17344 7ff7ddf259cc __free_lconv_num 13 API calls 17343->17344 17345 7ff7ddf23bcb 17344->17345 17345->17324 17346 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 17346->17352 17347 7ff7ddf23dd1 17349 7ff7ddf23e1c 13 API calls 17347->17349 17348 7ff7ddf2b0d4 _wfindfirst32i64 30 API calls 17348->17352 17350 7ff7ddf23dd9 17349->17350 17353 7ff7ddf259cc __free_lconv_num 13 API calls 17350->17353 17351 7ff7ddf23e08 17354 7ff7ddf25984 _wfindfirst32i64 17 API calls 17351->17354 17352->17343 17352->17346 17352->17347 17352->17348 17352->17351 17355 7ff7ddf259cc __free_lconv_num 13 API calls 17352->17355 17353->17343 17356 7ff7ddf23e1a 17354->17356 17355->17352 17358 7ff7ddf33019 __crtLCMapStringW 17357->17358 17359 7ff7ddf31672 17358->17359 17360 7ff7ddf2982c 6 API calls 17358->17360 17359->17006 17359->17026 17360->17359 17382 7ff7ddf1fb44 17383 7ff7ddf1fb4f 17382->17383 17391 7ff7ddf29c3c 17383->17391 17404 7ff7ddf2af44 EnterCriticalSection 17391->17404 14094 7ff7ddf23048 14095 7ff7ddf2307e 14094->14095 14096 7ff7ddf2305f 14094->14096 14106 7ff7ddf1fba0 EnterCriticalSection 14095->14106 14107 7ff7ddf1fc70 14096->14107 14103 7ff7ddf2306f 14113 7ff7ddf28660 GetLastError 14107->14113 14109 7ff7ddf1fc79 14110 7ff7ddf25964 14109->14110 14194 7ff7ddf258b4 14110->14194 14114 7ff7ddf28687 14113->14114 14115 7ff7ddf28682 14113->14115 14119 7ff7ddf2868f SetLastError 14114->14119 14140 7ff7ddf299e0 14114->14140 14136 7ff7ddf29998 14115->14136 14119->14109 14123 7ff7ddf286db 14126 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 14123->14126 14124 7ff7ddf286cb 14125 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 14124->14125 14127 7ff7ddf286d2 14125->14127 14128 7ff7ddf286e3 14126->14128 14152 7ff7ddf259cc 14127->14152 14129 7ff7ddf286f9 14128->14129 14130 7ff7ddf286e7 14128->14130 14157 7ff7ddf28294 14129->14157 14131 7ff7ddf299e0 _invalid_parameter_noinfo 6 API calls 14130->14131 14131->14127 14162 7ff7ddf295c8 14136->14162 14141 7ff7ddf295c8 try_get_function 5 API calls 14140->14141 14142 7ff7ddf29a0e 14141->14142 14143 7ff7ddf29a20 TlsSetValue 14142->14143 14144 7ff7ddf286aa 14142->14144 14143->14144 14144->14119 14145 7ff7ddf29550 14144->14145 14151 7ff7ddf29561 _invalid_parameter_noinfo 14145->14151 14146 7ff7ddf295b2 14148 7ff7ddf1fc70 _findclose 12 API calls 14146->14148 14147 7ff7ddf29596 HeapAlloc 14149 7ff7ddf286bd 14147->14149 14147->14151 14148->14149 14149->14123 14149->14124 14151->14146 14151->14147 14171 7ff7ddf2dc34 14151->14171 14153 7ff7ddf25a03 14152->14153 14154 7ff7ddf259d1 HeapFree 14152->14154 14153->14119 14154->14153 14155 7ff7ddf259ec 14154->14155 14156 7ff7ddf1fc70 _findclose 12 API calls 14155->14156 14156->14153 14180 7ff7ddf2816c 14157->14180 14163 7ff7ddf29629 TlsGetValue 14162->14163 14168 7ff7ddf29624 try_get_function 14162->14168 14164 7ff7ddf2970c 14164->14163 14167 7ff7ddf2971a GetProcAddress 14164->14167 14165 7ff7ddf29658 LoadLibraryExW 14166 7ff7ddf29679 GetLastError 14165->14166 14165->14168 14166->14168 14167->14163 14168->14163 14168->14164 14168->14165 14169 7ff7ddf296f1 FreeLibrary 14168->14169 14170 7ff7ddf296b3 LoadLibraryExW 14168->14170 14169->14168 14170->14168 14174 7ff7ddf2dc64 14171->14174 14179 7ff7ddf2af44 EnterCriticalSection 14174->14179 14192 7ff7ddf2af44 EnterCriticalSection 14180->14192 14195 7ff7ddf28660 _invalid_parameter_noinfo 13 API calls 14194->14195 14196 7ff7ddf258d9 14195->14196 14197 7ff7ddf258ea 14196->14197 14202 7ff7ddf25984 IsProcessorFeaturePresent 14196->14202 14197->14103 14203 7ff7ddf25997 14202->14203 14206 7ff7ddf25750 14203->14206 14207 7ff7ddf2578a _wfindfirst32i64 __scrt_get_show_window_mode 14206->14207 14208 7ff7ddf257b2 RtlCaptureContext RtlLookupFunctionEntry 14207->14208 14209 7ff7ddf257ec RtlVirtualUnwind 14208->14209 14210 7ff7ddf25822 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14208->14210 14209->14210 14211 7ff7ddf25874 _wfindfirst32i64 14210->14211 14214 7ff7ddf1a5f0 14211->14214 14215 7ff7ddf1a5f9 14214->14215 14216 7ff7ddf1a604 GetCurrentProcess TerminateProcess 14215->14216 14217 7ff7ddf1a910 IsProcessorFeaturePresent 14215->14217 14218 7ff7ddf1a928 14217->14218 14223 7ff7ddf1ab04 RtlCaptureContext 14218->14223 14224 7ff7ddf1ab1e RtlLookupFunctionEntry 14223->14224 14225 7ff7ddf1a93b 14224->14225 14226 7ff7ddf1ab34 RtlVirtualUnwind 14224->14226 14227 7ff7ddf1a8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14225->14227 14226->14224 14226->14225 14280 7ff7ddf269cc 14281 7ff7ddf26a0d 14280->14281 14282 7ff7ddf269f5 14280->14282 14283 7ff7ddf26a87 14281->14283 14289 7ff7ddf26a3e 14281->14289 14305 7ff7ddf1fc50 14282->14305 14285 7ff7ddf1fc50 _fread_nolock 13 API calls 14283->14285 14288 7ff7ddf26a8c 14285->14288 14287 7ff7ddf1fc70 _findclose 13 API calls 14290 7ff7ddf26a02 14287->14290 14291 7ff7ddf1fc70 _findclose 13 API calls 14288->14291 14304 7ff7ddf22284 EnterCriticalSection 14289->14304 14293 7ff7ddf26a94 14291->14293 14295 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14293->14295 14295->14290 14306 7ff7ddf28660 _invalid_parameter_noinfo 13 API calls 14305->14306 14307 7ff7ddf1fc59 14306->14307 14307->14287 18389 7ff7ddf343cb 18390 7ff7ddf343da 18389->18390 18391 7ff7ddf343e4 18389->18391 18393 7ff7ddf2af98 LeaveCriticalSection 18390->18393 17429 7ff7ddf22650 17434 7ff7ddf2af44 EnterCriticalSection 17429->17434 14308 7ff7ddf1a754 14329 7ff7ddf1abb4 14308->14329 14311 7ff7ddf1a8a0 14437 7ff7ddf1aee0 IsProcessorFeaturePresent 14311->14437 14312 7ff7ddf1a770 __scrt_acquire_startup_lock 14314 7ff7ddf1a8aa 14312->14314 14321 7ff7ddf1a78e __scrt_release_startup_lock 14312->14321 14315 7ff7ddf1aee0 7 API calls 14314->14315 14317 7ff7ddf1a8b5 14315->14317 14316 7ff7ddf1a7b3 14318 7ff7ddf1a839 14335 7ff7ddf1b02c 14318->14335 14320 7ff7ddf1a83e 14338 7ff7ddf11000 14320->14338 14321->14316 14321->14318 14426 7ff7ddf24470 14321->14426 14326 7ff7ddf1a861 14326->14317 14433 7ff7ddf1ad48 14326->14433 14444 7ff7ddf1b1a8 14329->14444 14332 7ff7ddf1a768 14332->14311 14332->14312 14333 7ff7ddf1abe3 __scrt_initialize_crt 14333->14332 14446 7ff7ddf1c10c 14333->14446 14473 7ff7ddf1ba40 14335->14473 14337 7ff7ddf1b043 GetStartupInfoW 14337->14320 14339 7ff7ddf1100b 14338->14339 14475 7ff7ddf170f0 14339->14475 14341 7ff7ddf1101d 14486 7ff7ddf206c8 14341->14486 14346 7ff7ddf1363c 14348 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14346->14348 14349 7ff7ddf13650 14348->14349 14431 7ff7ddf1b070 GetModuleHandleW 14349->14431 14350 7ff7ddf1353b 14350->14346 14511 7ff7ddf164e0 14350->14511 14352 7ff7ddf13589 14353 7ff7ddf135d5 14352->14353 14355 7ff7ddf164e0 42 API calls 14352->14355 14526 7ff7ddf16a80 14353->14526 14357 7ff7ddf135aa 14355->14357 14357->14353 14548 7ff7ddf1f95c 14357->14548 14360 7ff7ddf136df 14363 7ff7ddf1370a 14360->14363 14582 7ff7ddf13040 14360->14582 14372 7ff7ddf1374d 14363->14372 14586 7ff7ddf17490 14363->14586 14364 7ff7ddf119c0 103 API calls 14368 7ff7ddf13620 14364->14368 14365 7ff7ddf16a80 31 API calls 14365->14353 14370 7ff7ddf13662 14368->14370 14371 7ff7ddf13624 14368->14371 14369 7ff7ddf1372a 14373 7ff7ddf1372f 14369->14373 14374 7ff7ddf13740 SetDllDirectoryW 14369->14374 14370->14360 14554 7ff7ddf13b50 14370->14554 14537 7ff7ddf12760 14371->14537 14600 7ff7ddf159d0 14372->14600 14377 7ff7ddf12760 18 API calls 14373->14377 14374->14372 14377->14346 14381 7ff7ddf13684 14388 7ff7ddf12760 18 API calls 14381->14388 14382 7ff7ddf137a8 14708 7ff7ddf15950 14382->14708 14388->14346 14389 7ff7ddf137b2 14390 7ff7ddf13866 14389->14390 14401 7ff7ddf137bb 14389->14401 14760 7ff7ddf12ed0 14390->14760 14391 7ff7ddf136b7 14570 7ff7ddf1c8c4 14391->14570 14396 7ff7ddf13873 14396->14346 14770 7ff7ddf16a10 14396->14770 14397 7ff7ddf1379e 14702 7ff7ddf154d0 14397->14702 14398 7ff7ddf1377f 14628 7ff7ddf151f0 14398->14628 14401->14346 14719 7ff7ddf12e70 14401->14719 14403 7ff7ddf13789 14403->14397 14405 7ff7ddf1378d 14403->14405 14696 7ff7ddf15860 14405->14696 14406 7ff7ddf164e0 42 API calls 14409 7ff7ddf138a7 14406->14409 14409->14346 14413 7ff7ddf138b8 14409->14413 14410 7ff7ddf13841 14412 7ff7ddf154d0 FreeLibrary 14410->14412 14414 7ff7ddf13855 14412->14414 14781 7ff7ddf16ac0 14413->14781 14415 7ff7ddf15950 14 API calls 14414->14415 14415->14346 14427 7ff7ddf24494 14426->14427 14428 7ff7ddf244a6 14426->14428 14427->14318 16678 7ff7ddf24b80 14428->16678 14432 7ff7ddf1b081 14431->14432 14432->14326 14435 7ff7ddf1ad59 14433->14435 14434 7ff7ddf1a878 14434->14316 14435->14434 14436 7ff7ddf1c10c __scrt_initialize_crt 7 API calls 14435->14436 14436->14434 14438 7ff7ddf1af06 _wfindfirst32i64 __scrt_get_show_window_mode 14437->14438 14439 7ff7ddf1af25 RtlCaptureContext RtlLookupFunctionEntry 14438->14439 14440 7ff7ddf1af4e RtlVirtualUnwind 14439->14440 14441 7ff7ddf1af8a __scrt_get_show_window_mode 14439->14441 14440->14441 14442 7ff7ddf1afbc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14441->14442 14443 7ff7ddf1b00e _wfindfirst32i64 14442->14443 14443->14314 14445 7ff7ddf1abd6 __scrt_dllmain_crt_thread_attach 14444->14445 14445->14332 14445->14333 14447 7ff7ddf1c11e 14446->14447 14448 7ff7ddf1c114 14446->14448 14447->14332 14452 7ff7ddf1c390 14448->14452 14453 7ff7ddf1c119 14452->14453 14454 7ff7ddf1c39f 14452->14454 14456 7ff7ddf1c3e8 14453->14456 14460 7ff7ddf1c5b8 14454->14460 14457 7ff7ddf1c413 14456->14457 14458 7ff7ddf1c417 14457->14458 14459 7ff7ddf1c3f6 DeleteCriticalSection 14457->14459 14458->14447 14459->14457 14464 7ff7ddf1c420 14460->14464 14465 7ff7ddf1c53a TlsFree 14464->14465 14470 7ff7ddf1c464 try_get_function 14464->14470 14466 7ff7ddf1c492 LoadLibraryExW 14468 7ff7ddf1c509 14466->14468 14469 7ff7ddf1c4b3 GetLastError 14466->14469 14467 7ff7ddf1c529 GetProcAddress 14467->14465 14468->14467 14471 7ff7ddf1c520 FreeLibrary 14468->14471 14469->14470 14470->14465 14470->14466 14470->14467 14472 7ff7ddf1c4d5 LoadLibraryExW 14470->14472 14471->14467 14472->14468 14472->14470 14474 7ff7ddf1ba20 14473->14474 14474->14337 14474->14474 14477 7ff7ddf1710f 14475->14477 14476 7ff7ddf17117 14476->14341 14477->14476 14478 7ff7ddf17160 WideCharToMultiByte 14477->14478 14480 7ff7ddf171b6 WideCharToMultiByte 14477->14480 14482 7ff7ddf17207 14477->14482 14478->14477 14478->14482 14480->14477 14480->14482 14481 7ff7ddf17233 14483 7ff7ddf17251 14481->14483 14485 7ff7ddf1f95c __vcrt_freefls 14 API calls 14481->14485 14834 7ff7ddf12610 14482->14834 14484 7ff7ddf1f95c __vcrt_freefls 14 API calls 14483->14484 14484->14476 14485->14481 14489 7ff7ddf2a4c4 14486->14489 14487 7ff7ddf2a547 14488 7ff7ddf1fc70 _findclose 13 API calls 14487->14488 14490 7ff7ddf2a54c 14488->14490 14489->14487 14492 7ff7ddf2a508 14489->14492 14491 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14490->14491 14494 7ff7ddf1351b 14491->14494 14863 7ff7ddf2a3a0 14492->14863 14495 7ff7ddf11ae0 14494->14495 14496 7ff7ddf11af5 14495->14496 14498 7ff7ddf11b10 14496->14498 14871 7ff7ddf124c0 14496->14871 14498->14346 14499 7ff7ddf13a40 14498->14499 14500 7ff7ddf1a620 14499->14500 14501 7ff7ddf13a4c GetModuleFileNameW 14500->14501 14502 7ff7ddf13a7b 14501->14502 14503 7ff7ddf13a92 14501->14503 14504 7ff7ddf12610 16 API calls 14502->14504 14907 7ff7ddf175a0 14503->14907 14507 7ff7ddf13a8e 14504->14507 14509 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14507->14509 14508 7ff7ddf12760 18 API calls 14508->14507 14510 7ff7ddf13acf 14509->14510 14510->14350 14512 7ff7ddf164ea 14511->14512 14513 7ff7ddf17490 16 API calls 14512->14513 14514 7ff7ddf1650c GetEnvironmentVariableW 14513->14514 14515 7ff7ddf16524 ExpandEnvironmentStringsW 14514->14515 14516 7ff7ddf16576 14514->14516 14518 7ff7ddf175a0 18 API calls 14515->14518 14517 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14516->14517 14519 7ff7ddf16588 14517->14519 14520 7ff7ddf1654c 14518->14520 14519->14352 14520->14516 14521 7ff7ddf16556 14520->14521 14918 7ff7ddf24ba8 14521->14918 14524 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14525 7ff7ddf1656e 14524->14525 14525->14352 14527 7ff7ddf17490 16 API calls 14526->14527 14528 7ff7ddf16a97 SetEnvironmentVariableW 14527->14528 14529 7ff7ddf1f95c __vcrt_freefls 14 API calls 14528->14529 14530 7ff7ddf135ea 14529->14530 14531 7ff7ddf119c0 14530->14531 14532 7ff7ddf119f0 14531->14532 14536 7ff7ddf11a6a 14532->14536 14934 7ff7ddf117a0 14532->14934 14535 7ff7ddf1c8c4 64 API calls 14535->14536 14536->14360 14536->14364 14538 7ff7ddf12780 __scrt_get_show_window_mode 14537->14538 14539 7ff7ddf17490 16 API calls 14538->14539 14540 7ff7ddf127fa 14539->14540 14541 7ff7ddf12839 MessageBoxA 14540->14541 14542 7ff7ddf127ff 14540->14542 14544 7ff7ddf12853 14541->14544 14543 7ff7ddf17490 16 API calls 14542->14543 14545 7ff7ddf12819 MessageBoxW 14543->14545 14546 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14544->14546 14545->14544 14547 7ff7ddf12863 14546->14547 14547->14346 14549 7ff7ddf259cc 14548->14549 14550 7ff7ddf259d1 HeapFree 14549->14550 14552 7ff7ddf135c9 14549->14552 14551 7ff7ddf259ec 14550->14551 14550->14552 14553 7ff7ddf1fc70 _findclose 13 API calls 14551->14553 14552->14365 14553->14552 14555 7ff7ddf13b5c 14554->14555 14556 7ff7ddf17490 16 API calls 14555->14556 14557 7ff7ddf13b87 14556->14557 14558 7ff7ddf17490 16 API calls 14557->14558 14559 7ff7ddf13b9a 14558->14559 14987 7ff7ddf20c88 14559->14987 14562 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14563 7ff7ddf1367c 14562->14563 14563->14381 14564 7ff7ddf16cf0 14563->14564 14569 7ff7ddf16d14 14564->14569 14565 7ff7ddf1f95c __vcrt_freefls 14 API calls 14566 7ff7ddf136b2 14565->14566 14566->14360 14566->14391 14567 7ff7ddf1cbe0 _fread_nolock 46 API calls 14567->14569 14568 7ff7ddf16deb 14568->14565 14569->14567 14569->14568 14571 7ff7ddf1c8db 14570->14571 14573 7ff7ddf1c8f9 14570->14573 14572 7ff7ddf1fc70 _findclose 13 API calls 14571->14572 14575 7ff7ddf1c8e0 14572->14575 14578 7ff7ddf1c8eb 14573->14578 15546 7ff7ddf1fba0 EnterCriticalSection 14573->15546 14577 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14575->14577 14577->14578 14578->14381 14583 7ff7ddf13057 14582->14583 14584 7ff7ddf13080 14582->14584 14583->14584 15547 7ff7ddf11770 14583->15547 14584->14363 14587 7ff7ddf17537 MultiByteToWideChar 14586->14587 14588 7ff7ddf174b1 MultiByteToWideChar 14586->14588 14589 7ff7ddf1755a 14587->14589 14590 7ff7ddf1757f 14587->14590 14591 7ff7ddf174d7 14588->14591 14596 7ff7ddf174fc 14588->14596 14592 7ff7ddf12610 14 API calls 14589->14592 14590->14369 14593 7ff7ddf12610 14 API calls 14591->14593 14594 7ff7ddf1756d 14592->14594 14595 7ff7ddf174ea 14593->14595 14594->14369 14595->14369 14596->14587 14597 7ff7ddf17512 14596->14597 14598 7ff7ddf12610 14 API calls 14597->14598 14599 7ff7ddf17525 14598->14599 14599->14369 14601 7ff7ddf159e5 14600->14601 14602 7ff7ddf13752 14601->14602 14603 7ff7ddf124c0 40 API calls 14601->14603 14602->14382 14604 7ff7ddf156b0 14602->14604 14603->14602 14605 7ff7ddf156d4 14604->14605 14608 7ff7ddf15701 14604->14608 14606 7ff7ddf156fc 14605->14606 14605->14608 14609 7ff7ddf11770 18 API calls 14605->14609 14610 7ff7ddf1376a 14605->14610 15551 7ff7ddf112b0 14606->15551 14608->14610 14611 7ff7ddf15837 14608->14611 14613 7ff7ddf157d7 memcpy_s 14608->14613 14609->14605 14610->14382 14615 7ff7ddf15260 14610->14615 14612 7ff7ddf12760 18 API calls 14611->14612 14612->14610 14613->14610 14614 7ff7ddf1f95c __vcrt_freefls 14 API calls 14613->14614 14614->14610 14623 7ff7ddf15273 memcpy_s 14615->14623 14617 7ff7ddf1f95c __vcrt_freefls 14 API calls 14618 7ff7ddf15473 14617->14618 14619 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14618->14619 14620 7ff7ddf1377b 14619->14620 14620->14397 14620->14398 14621 7ff7ddf154ac 14622 7ff7ddf12760 18 API calls 14621->14622 14627 7ff7ddf153b6 14622->14627 14623->14621 14625 7ff7ddf15495 14623->14625 14623->14627 15616 7ff7ddf11650 14623->15616 15621 7ff7ddf11440 14623->15621 14626 7ff7ddf12760 18 API calls 14625->14626 14626->14627 14627->14617 16068 7ff7ddf16ca0 14628->16068 14631 7ff7ddf16ca0 31 API calls 14632 7ff7ddf15215 14631->14632 14633 7ff7ddf1523a 14632->14633 14634 7ff7ddf1522d GetProcAddress 14632->14634 14635 7ff7ddf12760 18 API calls 14633->14635 14638 7ff7ddf15b0c GetProcAddress 14634->14638 14643 7ff7ddf15ae9 14634->14643 14637 7ff7ddf15246 14635->14637 14637->14403 14639 7ff7ddf15b31 GetProcAddress 14638->14639 14638->14643 14640 7ff7ddf15b56 GetProcAddress 14639->14640 14639->14643 14642 7ff7ddf15b7e GetProcAddress 14640->14642 14640->14643 14641 7ff7ddf12610 16 API calls 14644 7ff7ddf15afc 14641->14644 14642->14643 14645 7ff7ddf15ba6 GetProcAddress 14642->14645 14643->14641 14644->14403 14645->14643 14646 7ff7ddf15bce GetProcAddress 14645->14646 14647 7ff7ddf15bea 14646->14647 14648 7ff7ddf15bf6 GetProcAddress 14646->14648 14647->14648 14649 7ff7ddf15c1e GetProcAddress 14648->14649 14650 7ff7ddf15c12 14648->14650 14651 7ff7ddf15c3a 14649->14651 14652 7ff7ddf15c46 GetProcAddress 14649->14652 14650->14649 14651->14652 14653 7ff7ddf15c6e GetProcAddress 14652->14653 14654 7ff7ddf15c62 14652->14654 14655 7ff7ddf15c8a 14653->14655 14656 7ff7ddf15c96 GetProcAddress 14653->14656 14654->14653 14655->14656 14657 7ff7ddf15cbe GetProcAddress 14656->14657 14658 7ff7ddf15cb2 14656->14658 14659 7ff7ddf15cda 14657->14659 14660 7ff7ddf15ce6 GetProcAddress 14657->14660 14658->14657 14659->14660 14661 7ff7ddf15d0e GetProcAddress 14660->14661 14662 7ff7ddf15d02 14660->14662 14663 7ff7ddf15d2a 14661->14663 14664 7ff7ddf15d36 GetProcAddress 14661->14664 14662->14661 14663->14664 14665 7ff7ddf15d5e GetProcAddress 14664->14665 14666 7ff7ddf15d52 14664->14666 14667 7ff7ddf15d7a 14665->14667 14668 7ff7ddf15d86 GetProcAddress 14665->14668 14666->14665 14667->14668 14669 7ff7ddf15dae GetProcAddress 14668->14669 14670 7ff7ddf15da2 14668->14670 14671 7ff7ddf15dca 14669->14671 14672 7ff7ddf15dd6 GetProcAddress 14669->14672 14670->14669 14671->14672 14673 7ff7ddf15dfe GetProcAddress 14672->14673 14674 7ff7ddf15df2 14672->14674 14675 7ff7ddf15e1a 14673->14675 14676 7ff7ddf15e26 GetProcAddress 14673->14676 14674->14673 14675->14676 14697 7ff7ddf1587d 14696->14697 14698 7ff7ddf12760 18 API calls 14697->14698 14701 7ff7ddf1379c 14697->14701 14699 7ff7ddf158c9 14698->14699 14700 7ff7ddf154d0 FreeLibrary 14699->14700 14700->14701 14701->14389 14703 7ff7ddf154f6 14702->14703 14704 7ff7ddf154e2 14702->14704 14703->14382 14704->14703 14705 7ff7ddf1558f 14704->14705 16073 7ff7ddf16c80 FreeLibrary 14704->16073 14705->14703 16074 7ff7ddf16c80 FreeLibrary 14705->16074 14709 7ff7ddf159b2 14708->14709 14710 7ff7ddf15965 14708->14710 14709->14389 14711 7ff7ddf15976 14710->14711 14712 7ff7ddf1f95c __vcrt_freefls 14 API calls 14710->14712 14713 7ff7ddf15987 14711->14713 14714 7ff7ddf1f95c __vcrt_freefls 14 API calls 14711->14714 14712->14711 14715 7ff7ddf15998 14713->14715 14716 7ff7ddf1f95c __vcrt_freefls 14 API calls 14713->14716 14714->14713 14717 7ff7ddf1f95c __vcrt_freefls 14 API calls 14715->14717 14716->14715 14718 7ff7ddf159a0 14717->14718 14718->14389 16075 7ff7ddf14770 14719->16075 14722 7ff7ddf12ebd 14722->14410 14724 7ff7ddf12e94 14724->14722 16123 7ff7ddf14540 14724->16123 14726 7ff7ddf12ea0 14726->14722 16134 7ff7ddf14670 14726->16134 14728 7ff7ddf12eac 14728->14722 14729 7ff7ddf130e0 14728->14729 14730 7ff7ddf130f5 14728->14730 14731 7ff7ddf12760 18 API calls 14729->14731 14732 7ff7ddf1310e 14730->14732 14743 7ff7ddf13123 14730->14743 14736 7ff7ddf130ec 14731->14736 14733 7ff7ddf12760 18 API calls 14732->14733 14733->14736 14734 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14735 7ff7ddf13244 14734->14735 14735->14410 14736->14734 14737 7ff7ddf112b0 105 API calls 14737->14743 14738 7ff7ddf11770 18 API calls 14738->14743 14739 7ff7ddf134ad 14740 7ff7ddf12760 18 API calls 14739->14740 14740->14736 14741 7ff7ddf1348d 14742 7ff7ddf12760 18 API calls 14741->14742 14742->14736 14743->14736 14743->14737 14743->14738 14743->14739 14743->14741 14744 7ff7ddf13250 14743->14744 14745 7ff7ddf1f95c __vcrt_freefls 14 API calls 14743->14745 14746 7ff7ddf132ac 14744->14746 14747 7ff7ddf24ba8 30 API calls 14744->14747 14745->14743 14748 7ff7ddf116d0 18 API calls 14746->14748 14747->14746 14749 7ff7ddf132c7 14748->14749 14750 7ff7ddf132cc 14749->14750 14757 7ff7ddf132e0 14749->14757 14751 7ff7ddf24ba8 30 API calls 14750->14751 14759 7ff7ddf132d8 14751->14759 14758 7ff7ddf24ba8 30 API calls 14757->14758 14757->14759 14758->14759 16139 7ff7ddf123a0 14759->16139 14764 7ff7ddf12f84 14760->14764 14767 7ff7ddf12f43 14760->14767 14761 7ff7ddf12fc3 14763 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14761->14763 14762 7ff7ddf11aa0 65 API calls 14762->14764 14765 7ff7ddf12fd5 14763->14765 14764->14761 14764->14762 14765->14396 14767->14764 14768 7ff7ddf11770 18 API calls 14767->14768 14769 7ff7ddf11440 144 API calls 14767->14769 16375 7ff7ddf12980 14767->16375 14768->14767 14769->14767 14771 7ff7ddf17490 16 API calls 14770->14771 14772 7ff7ddf16a2f 14771->14772 14773 7ff7ddf17490 16 API calls 14772->14773 14774 7ff7ddf16a3f 14773->14774 14775 7ff7ddf21d4c 31 API calls 14774->14775 14776 7ff7ddf16a4d 14775->14776 14777 7ff7ddf1f95c __vcrt_freefls 14 API calls 14776->14777 14778 7ff7ddf16a57 14777->14778 14779 7ff7ddf1f95c __vcrt_freefls 14 API calls 14778->14779 14780 7ff7ddf1389b 14779->14780 14780->14406 14782 7ff7ddf16ad0 14781->14782 14783 7ff7ddf17490 16 API calls 14782->14783 14784 7ff7ddf16b01 14783->14784 16633 7ff7ddf229dc 14784->16633 14787 7ff7ddf229dc 16 API calls 14788 7ff7ddf16b1a 14787->14788 14789 7ff7ddf229dc 16 API calls 14788->14789 14790 7ff7ddf16b24 14789->14790 14791 7ff7ddf229dc 16 API calls 14790->14791 14792 7ff7ddf16b2e GetStartupInfoW 14791->14792 14793 7ff7ddf16b7b 14792->14793 14794 7ff7ddf24c20 _fread_nolock 30 API calls 14793->14794 14795 7ff7ddf16b83 14794->14795 14849 7ff7ddf1a620 14834->14849 14836 7ff7ddf1262c GetLastError 14837 7ff7ddf12659 14836->14837 14851 7ff7ddf16fa0 14837->14851 14839 7ff7ddf12690 __scrt_get_show_window_mode 14840 7ff7ddf17490 13 API calls 14839->14840 14841 7ff7ddf126e5 14840->14841 14842 7ff7ddf126ea 14841->14842 14843 7ff7ddf12724 MessageBoxA 14841->14843 14844 7ff7ddf17490 13 API calls 14842->14844 14845 7ff7ddf1273e 14843->14845 14846 7ff7ddf12704 MessageBoxW 14844->14846 14847 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14845->14847 14846->14845 14848 7ff7ddf1274e 14847->14848 14848->14481 14850 7ff7ddf1a64a 14849->14850 14850->14836 14850->14850 14852 7ff7ddf16fac 14851->14852 14853 7ff7ddf16fc7 GetLastError 14852->14853 14854 7ff7ddf16fcd FormatMessageW 14852->14854 14853->14854 14855 7ff7ddf1701c WideCharToMultiByte 14854->14855 14856 7ff7ddf17000 14854->14856 14858 7ff7ddf17056 14855->14858 14860 7ff7ddf17013 14855->14860 14857 7ff7ddf12610 13 API calls 14856->14857 14857->14860 14859 7ff7ddf12610 13 API calls 14858->14859 14859->14860 14861 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14860->14861 14862 7ff7ddf17085 14861->14862 14862->14839 14870 7ff7ddf1fba0 EnterCriticalSection 14863->14870 14872 7ff7ddf124dc 14871->14872 14873 7ff7ddf1fc70 _findclose 13 API calls 14872->14873 14874 7ff7ddf12534 14873->14874 14886 7ff7ddf1fc90 14874->14886 14876 7ff7ddf1253b __scrt_get_show_window_mode 14877 7ff7ddf17490 16 API calls 14876->14877 14878 7ff7ddf12590 14877->14878 14879 7ff7ddf125cf MessageBoxA 14878->14879 14880 7ff7ddf12595 14878->14880 14882 7ff7ddf125e9 14879->14882 14881 7ff7ddf17490 16 API calls 14880->14881 14883 7ff7ddf125af MessageBoxW 14881->14883 14884 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14882->14884 14883->14882 14885 7ff7ddf125f9 14884->14885 14885->14498 14887 7ff7ddf28660 _invalid_parameter_noinfo 13 API calls 14886->14887 14888 7ff7ddf1fca2 14887->14888 14889 7ff7ddf1fcaa 14888->14889 14890 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 14888->14890 14893 7ff7ddf1fcdd 14888->14893 14889->14876 14891 7ff7ddf1fcd2 14890->14891 14892 7ff7ddf259cc __free_lconv_num 13 API calls 14891->14892 14892->14893 14893->14889 14898 7ff7ddf29d00 14893->14898 14896 7ff7ddf25984 _wfindfirst32i64 17 API calls 14897 7ff7ddf1fd6b 14896->14897 14903 7ff7ddf29d18 14898->14903 14899 7ff7ddf29d1d 14900 7ff7ddf1fd49 14899->14900 14901 7ff7ddf1fc70 _findclose 13 API calls 14899->14901 14900->14889 14900->14896 14902 7ff7ddf29d27 14901->14902 14904 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14902->14904 14903->14899 14903->14900 14905 7ff7ddf29d62 14903->14905 14904->14900 14905->14900 14906 7ff7ddf1fc70 _findclose 13 API calls 14905->14906 14906->14902 14908 7ff7ddf17632 WideCharToMultiByte 14907->14908 14909 7ff7ddf175c4 WideCharToMultiByte 14907->14909 14911 7ff7ddf1765f 14908->14911 14915 7ff7ddf13aa5 14908->14915 14910 7ff7ddf175ee 14909->14910 14913 7ff7ddf17605 14909->14913 14912 7ff7ddf12610 16 API calls 14910->14912 14914 7ff7ddf12610 16 API calls 14911->14914 14912->14915 14913->14908 14916 7ff7ddf1761b 14913->14916 14914->14915 14915->14507 14915->14508 14917 7ff7ddf12610 16 API calls 14916->14917 14917->14915 14919 7ff7ddf1655e 14918->14919 14920 7ff7ddf24bbf 14918->14920 14919->14524 14920->14919 14925 7ff7ddf24c48 14920->14925 14923 7ff7ddf25984 _wfindfirst32i64 17 API calls 14924 7ff7ddf24c1c 14923->14924 14926 7ff7ddf24c5f 14925->14926 14927 7ff7ddf24c55 14925->14927 14928 7ff7ddf1fc70 _findclose 13 API calls 14926->14928 14927->14926 14931 7ff7ddf24c7a 14927->14931 14929 7ff7ddf24c66 14928->14929 14930 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14929->14930 14932 7ff7ddf24bec 14930->14932 14931->14932 14933 7ff7ddf1fc70 _findclose 13 API calls 14931->14933 14932->14919 14932->14923 14933->14929 14935 7ff7ddf117d4 14934->14935 14936 7ff7ddf117c4 14934->14936 14938 7ff7ddf16cf0 47 API calls 14935->14938 14939 7ff7ddf11832 14935->14939 14937 7ff7ddf13b50 98 API calls 14936->14937 14937->14935 14940 7ff7ddf11805 14938->14940 14941 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 14939->14941 14940->14939 14942 7ff7ddf1183c 14940->14942 14943 7ff7ddf1181f 14940->14943 14944 7ff7ddf119b0 14941->14944 14964 7ff7ddf1cbe0 14942->14964 14945 7ff7ddf124c0 40 API calls 14943->14945 14944->14535 14944->14536 14945->14939 14947 7ff7ddf11857 14948 7ff7ddf124c0 40 API calls 14947->14948 14948->14939 14949 7ff7ddf11851 14949->14947 14950 7ff7ddf118ee 14949->14950 14951 7ff7ddf118d3 14949->14951 14953 7ff7ddf1cbe0 _fread_nolock 46 API calls 14950->14953 14952 7ff7ddf124c0 40 API calls 14951->14952 14952->14939 14954 7ff7ddf11903 14953->14954 14954->14947 14955 7ff7ddf11915 14954->14955 14967 7ff7ddf1c954 14955->14967 14958 7ff7ddf1192d 14959 7ff7ddf12760 18 API calls 14958->14959 14959->14939 14960 7ff7ddf11940 14962 7ff7ddf11983 14960->14962 14963 7ff7ddf12760 18 API calls 14960->14963 14961 7ff7ddf1c8c4 64 API calls 14961->14939 14962->14939 14962->14961 14963->14962 14973 7ff7ddf1cc00 14964->14973 14968 7ff7ddf1c95d 14967->14968 14969 7ff7ddf11929 14967->14969 14970 7ff7ddf1fc70 _findclose 13 API calls 14968->14970 14969->14958 14969->14960 14971 7ff7ddf1c962 14970->14971 14972 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14971->14972 14972->14969 14974 7ff7ddf1cc2a 14973->14974 14975 7ff7ddf1cbf8 14973->14975 14974->14975 14976 7ff7ddf1cc39 __scrt_get_show_window_mode 14974->14976 14977 7ff7ddf1cc76 14974->14977 14975->14949 14980 7ff7ddf1fc70 _findclose 13 API calls 14976->14980 14986 7ff7ddf1fba0 EnterCriticalSection 14977->14986 14982 7ff7ddf1cc4e 14980->14982 14984 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14982->14984 14984->14975 14988 7ff7ddf20bbc 14987->14988 14989 7ff7ddf20be2 14988->14989 14992 7ff7ddf20c15 14988->14992 14990 7ff7ddf1fc70 _findclose 13 API calls 14989->14990 14991 7ff7ddf20be7 14990->14991 14993 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 14991->14993 14994 7ff7ddf20c28 14992->14994 14995 7ff7ddf20c1b 14992->14995 15005 7ff7ddf13ba9 14993->15005 15006 7ff7ddf25be4 14994->15006 14996 7ff7ddf1fc70 _findclose 13 API calls 14995->14996 14996->15005 15005->14562 15019 7ff7ddf2af44 EnterCriticalSection 15006->15019 15548 7ff7ddf11791 15547->15548 15549 7ff7ddf11785 15547->15549 15548->14583 15550 7ff7ddf12760 18 API calls 15549->15550 15550->15548 15552 7ff7ddf112f8 15551->15552 15553 7ff7ddf112c6 15551->15553 15557 7ff7ddf1130e 15552->15557 15558 7ff7ddf1132f 15552->15558 15554 7ff7ddf13b50 98 API calls 15553->15554 15555 7ff7ddf112d6 15554->15555 15555->15552 15556 7ff7ddf112de 15555->15556 15559 7ff7ddf12760 18 API calls 15556->15559 15560 7ff7ddf124c0 40 API calls 15557->15560 15563 7ff7ddf11364 15558->15563 15564 7ff7ddf11344 15558->15564 15561 7ff7ddf112ee 15559->15561 15562 7ff7ddf11325 15560->15562 15561->14608 15562->14608 15565 7ff7ddf1137e 15563->15565 15572 7ff7ddf11395 15563->15572 15566 7ff7ddf124c0 40 API calls 15564->15566 15577 7ff7ddf11050 15565->15577 15575 7ff7ddf1135f 15566->15575 15568 7ff7ddf1138f 15573 7ff7ddf1f95c __vcrt_freefls 14 API calls 15568->15573 15568->15575 15569 7ff7ddf11421 15569->14608 15570 7ff7ddf1cbe0 _fread_nolock 46 API calls 15570->15572 15571 7ff7ddf1c8c4 64 API calls 15571->15569 15572->15570 15574 7ff7ddf113de 15572->15574 15572->15575 15573->15575 15576 7ff7ddf124c0 40 API calls 15574->15576 15575->15569 15575->15571 15576->15568 15578 7ff7ddf110a6 15577->15578 15579 7ff7ddf110ad 15578->15579 15580 7ff7ddf110d3 15578->15580 15581 7ff7ddf12760 18 API calls 15579->15581 15583 7ff7ddf11109 15580->15583 15584 7ff7ddf110ed 15580->15584 15582 7ff7ddf110c0 15581->15582 15582->15568 15586 7ff7ddf1111b 15583->15586 15598 7ff7ddf11137 memcpy_s 15583->15598 15585 7ff7ddf124c0 40 API calls 15584->15585 15589 7ff7ddf11104 15585->15589 15587 7ff7ddf124c0 40 API calls 15586->15587 15587->15589 15588 7ff7ddf1cbe0 _fread_nolock 46 API calls 15588->15598 15590 7ff7ddf1f95c __vcrt_freefls 14 API calls 15589->15590 15591 7ff7ddf1127e 15590->15591 15593 7ff7ddf1f95c __vcrt_freefls 14 API calls 15591->15593 15592 7ff7ddf1c954 30 API calls 15592->15598 15594 7ff7ddf11286 15593->15594 15594->15568 15595 7ff7ddf111fe 15596 7ff7ddf12760 18 API calls 15595->15596 15596->15589 15598->15588 15598->15589 15598->15592 15598->15595 15599 7ff7ddf1d108 15598->15599 15600 7ff7ddf1d128 15599->15600 15601 7ff7ddf1d142 15599->15601 15600->15601 15602 7ff7ddf1d14a 15600->15602 15603 7ff7ddf1d132 15600->15603 15601->15598 15608 7ff7ddf1ceb8 15602->15608 15604 7ff7ddf1fc70 _findclose 13 API calls 15603->15604 15606 7ff7ddf1d137 15604->15606 15607 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 15606->15607 15607->15601 15615 7ff7ddf1fba0 EnterCriticalSection 15608->15615 15617 7ff7ddf116ab 15616->15617 15618 7ff7ddf11669 15616->15618 15617->14623 15618->15617 15619 7ff7ddf12760 18 API calls 15618->15619 15620 7ff7ddf116bf 15619->15620 15620->14623 15655 7ff7ddf16270 15621->15655 15623 7ff7ddf11454 15624 7ff7ddf11459 15623->15624 15664 7ff7ddf16590 15623->15664 15624->14623 15627 7ff7ddf114a7 15629 7ff7ddf114e0 15627->15629 15631 7ff7ddf13b50 98 API calls 15627->15631 15628 7ff7ddf11487 15630 7ff7ddf124c0 40 API calls 15628->15630 15634 7ff7ddf11516 15629->15634 15635 7ff7ddf114f6 15629->15635 15647 7ff7ddf1149d 15630->15647 15632 7ff7ddf114bf 15631->15632 15632->15629 15633 7ff7ddf114c7 15632->15633 15636 7ff7ddf12760 18 API calls 15633->15636 15638 7ff7ddf1151c 15634->15638 15639 7ff7ddf11534 15634->15639 15637 7ff7ddf124c0 40 API calls 15635->15637 15648 7ff7ddf114d6 15636->15648 15637->15648 15640 7ff7ddf11050 86 API calls 15638->15640 15641 7ff7ddf11556 15639->15641 15654 7ff7ddf11575 15639->15654 15640->15648 15644 7ff7ddf124c0 40 API calls 15641->15644 15642 7ff7ddf11624 15643 7ff7ddf1c8c4 64 API calls 15642->15643 15643->15647 15644->15648 15645 7ff7ddf115d3 15649 7ff7ddf1f95c __vcrt_freefls 14 API calls 15645->15649 15646 7ff7ddf1c8c4 64 API calls 15646->15642 15647->14623 15648->15642 15648->15646 15649->15648 15650 7ff7ddf1cbe0 _fread_nolock 46 API calls 15650->15654 15651 7ff7ddf115d5 15653 7ff7ddf124c0 40 API calls 15651->15653 15652 7ff7ddf1d108 64 API calls 15652->15654 15653->15645 15654->15645 15654->15650 15654->15651 15654->15652 15656 7ff7ddf162b8 15655->15656 15657 7ff7ddf16282 15655->15657 15656->15623 15680 7ff7ddf116d0 15657->15680 15662 7ff7ddf12760 18 API calls 15663 7ff7ddf162ad 15662->15663 15663->15623 15665 7ff7ddf165a0 15664->15665 15675 7ff7ddf16759 15665->15675 16035 7ff7ddf20898 15665->16035 15666 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15667 7ff7ddf1147f 15666->15667 15667->15627 15667->15628 15669 7ff7ddf16709 15670 7ff7ddf17490 16 API calls 15669->15670 15671 7ff7ddf16721 15670->15671 15672 7ff7ddf16748 15671->15672 16044 7ff7ddf12870 15671->16044 15673 7ff7ddf13b50 98 API calls 15672->15673 15673->15675 15675->15666 15676 7ff7ddf1662d 15676->15669 15676->15675 15677 7ff7ddf20898 37 API calls 15676->15677 15678 7ff7ddf17490 16 API calls 15676->15678 15679 7ff7ddf17300 32 API calls 15676->15679 15677->15676 15678->15676 15679->15676 15682 7ff7ddf116f5 15680->15682 15681 7ff7ddf11732 15684 7ff7ddf162d0 15681->15684 15682->15681 15683 7ff7ddf12760 18 API calls 15682->15683 15683->15681 15685 7ff7ddf162e8 15684->15685 15686 7ff7ddf1635b 15685->15686 15688 7ff7ddf164e0 42 API calls 15685->15688 15687 7ff7ddf16360 GetTempPathW 15686->15687 15689 7ff7ddf16375 15687->15689 15690 7ff7ddf16314 15688->15690 15702 7ff7ddf16436 15689->15702 15705 7ff7ddf1f95c __vcrt_freefls 14 API calls 15689->15705 15709 7ff7ddf163c1 15689->15709 15773 7ff7ddf22f7c 15689->15773 15776 7ff7ddf17300 15689->15776 15738 7ff7ddf15fd0 15690->15738 15692 7ff7ddf1631f 15706 7ff7ddf16354 15692->15706 15763 7ff7ddf21d4c 15692->15763 15694 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15697 7ff7ddf1629d 15694->15697 15697->15656 15697->15662 15698 7ff7ddf1f95c __vcrt_freefls 14 API calls 15700 7ff7ddf16344 15698->15700 15700->15687 15701 7ff7ddf16348 15700->15701 15703 7ff7ddf12760 18 API calls 15701->15703 15704 7ff7ddf175a0 18 API calls 15702->15704 15703->15706 15707 7ff7ddf16447 15704->15707 15705->15689 15706->15694 15708 7ff7ddf1f95c __vcrt_freefls 14 API calls 15707->15708 15710 7ff7ddf1644f 15708->15710 15709->15706 15711 7ff7ddf17490 16 API calls 15709->15711 15710->15706 15713 7ff7ddf17490 16 API calls 15710->15713 15712 7ff7ddf163d7 15711->15712 15714 7ff7ddf16419 SetEnvironmentVariableW 15712->15714 15715 7ff7ddf163dc 15712->15715 15716 7ff7ddf16465 15713->15716 15720 7ff7ddf1f95c __vcrt_freefls 14 API calls 15714->15720 15717 7ff7ddf17490 16 API calls 15715->15717 15718 7ff7ddf1646a 15716->15718 15719 7ff7ddf1649d SetEnvironmentVariableW 15716->15719 15722 7ff7ddf163ec 15717->15722 15723 7ff7ddf17490 16 API calls 15718->15723 15721 7ff7ddf16498 15719->15721 15720->15706 15724 7ff7ddf1f95c __vcrt_freefls 14 API calls 15721->15724 15725 7ff7ddf21d4c 31 API calls 15722->15725 15726 7ff7ddf1647a 15723->15726 15724->15706 15727 7ff7ddf163fa 15725->15727 15728 7ff7ddf21d4c 31 API calls 15726->15728 15729 7ff7ddf1f95c __vcrt_freefls 14 API calls 15727->15729 15730 7ff7ddf16488 15728->15730 15731 7ff7ddf16402 15729->15731 15732 7ff7ddf1f95c __vcrt_freefls 14 API calls 15730->15732 15733 7ff7ddf1f95c __vcrt_freefls 14 API calls 15731->15733 15734 7ff7ddf16490 15732->15734 15735 7ff7ddf1640a 15733->15735 15736 7ff7ddf1f95c __vcrt_freefls 14 API calls 15734->15736 15737 7ff7ddf1f95c __vcrt_freefls 14 API calls 15735->15737 15736->15721 15737->15706 15739 7ff7ddf15fdc 15738->15739 15740 7ff7ddf17490 16 API calls 15739->15740 15741 7ff7ddf15ffe 15740->15741 15742 7ff7ddf16019 ExpandEnvironmentStringsW 15741->15742 15743 7ff7ddf16006 15741->15743 15744 7ff7ddf1f95c __vcrt_freefls 14 API calls 15742->15744 15745 7ff7ddf12760 18 API calls 15743->15745 15746 7ff7ddf1603f 15744->15746 15752 7ff7ddf16012 15745->15752 15747 7ff7ddf16043 15746->15747 15748 7ff7ddf16056 15746->15748 15750 7ff7ddf12760 18 API calls 15747->15750 15753 7ff7ddf16070 15748->15753 15754 7ff7ddf16064 15748->15754 15749 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15751 7ff7ddf16138 15749->15751 15750->15752 15751->15692 15752->15749 15801 7ff7ddf20b08 15753->15801 15794 7ff7ddf215d4 15754->15794 15757 7ff7ddf1606e 15758 7ff7ddf1608a 15757->15758 15761 7ff7ddf1609d __scrt_get_show_window_mode 15757->15761 15759 7ff7ddf12760 18 API calls 15758->15759 15759->15752 15760 7ff7ddf16112 CreateDirectoryW 15760->15752 15761->15760 15762 7ff7ddf160ec CreateDirectoryW 15761->15762 15762->15761 15764 7ff7ddf21d59 15763->15764 15765 7ff7ddf21d6c 15763->15765 15766 7ff7ddf1fc70 _findclose 13 API calls 15764->15766 15911 7ff7ddf219c8 15765->15911 15768 7ff7ddf21d5e 15766->15768 15770 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 15768->15770 15771 7ff7ddf1633a 15770->15771 15771->15698 15919 7ff7ddf22be0 15773->15919 15777 7ff7ddf1a620 15776->15777 15778 7ff7ddf17310 GetCurrentProcess OpenProcessToken 15777->15778 15779 7ff7ddf1735b GetTokenInformation 15778->15779 15780 7ff7ddf173d1 15778->15780 15782 7ff7ddf17388 15779->15782 15783 7ff7ddf1737d GetLastError 15779->15783 15781 7ff7ddf1f95c __vcrt_freefls 14 API calls 15780->15781 15784 7ff7ddf173d9 15781->15784 15782->15780 15787 7ff7ddf1739e GetTokenInformation 15782->15787 15783->15780 15783->15782 15785 7ff7ddf173ea 15784->15785 15786 7ff7ddf173e4 CloseHandle 15784->15786 15789 7ff7ddf17413 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 15785->15789 15786->15785 15787->15780 15788 7ff7ddf173c4 ConvertSidToStringSidW 15787->15788 15788->15780 15790 7ff7ddf17446 CreateDirectoryW 15789->15790 15791 7ff7ddf17458 15789->15791 15790->15791 15792 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15791->15792 15793 7ff7ddf17471 15792->15793 15793->15689 15795 7ff7ddf21625 15794->15795 15796 7ff7ddf215f2 15794->15796 15795->15757 15796->15795 15815 7ff7ddf2b0d4 15796->15815 15799 7ff7ddf25984 _wfindfirst32i64 17 API calls 15800 7ff7ddf21655 15799->15800 15802 7ff7ddf20b27 15801->15802 15803 7ff7ddf20b90 15801->15803 15802->15803 15805 7ff7ddf20b2c 15802->15805 15851 7ff7ddf2a868 15803->15851 15807 7ff7ddf20b5c 15805->15807 15808 7ff7ddf20b3f 15805->15808 15806 7ff7ddf20b54 15806->15757 15832 7ff7ddf2093c GetFullPathNameW 15807->15832 15824 7ff7ddf208c8 GetFullPathNameW 15808->15824 15813 7ff7ddf20b7a 15813->15806 15814 7ff7ddf1f95c __vcrt_freefls 14 API calls 15813->15814 15814->15806 15816 7ff7ddf2b0eb 15815->15816 15817 7ff7ddf2b0e1 15815->15817 15818 7ff7ddf1fc70 _findclose 13 API calls 15816->15818 15817->15816 15822 7ff7ddf2b107 15817->15822 15819 7ff7ddf2b0f3 15818->15819 15820 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 15819->15820 15821 7ff7ddf21621 15820->15821 15821->15795 15821->15799 15822->15821 15823 7ff7ddf1fc70 _findclose 13 API calls 15822->15823 15823->15819 15825 7ff7ddf208ee GetLastError 15824->15825 15826 7ff7ddf20904 15824->15826 15827 7ff7ddf1fc00 _fread_nolock 13 API calls 15825->15827 15830 7ff7ddf1fc70 _findclose 13 API calls 15826->15830 15831 7ff7ddf20900 15826->15831 15828 7ff7ddf208fb 15827->15828 15829 7ff7ddf1fc70 _findclose 13 API calls 15828->15829 15829->15831 15830->15831 15831->15806 15833 7ff7ddf20973 GetLastError 15832->15833 15838 7ff7ddf20989 15832->15838 15834 7ff7ddf1fc00 _fread_nolock 13 API calls 15833->15834 15835 7ff7ddf20980 15834->15835 15839 7ff7ddf1fc70 _findclose 13 API calls 15835->15839 15836 7ff7ddf20985 15842 7ff7ddf20a20 15836->15842 15837 7ff7ddf209a7 15837->15836 15841 7ff7ddf209e0 GetFullPathNameW 15837->15841 15838->15836 15838->15837 15840 7ff7ddf1f95c __vcrt_freefls 14 API calls 15838->15840 15839->15836 15840->15837 15841->15833 15841->15836 15846 7ff7ddf20a99 memcpy_s 15842->15846 15847 7ff7ddf20a49 __scrt_get_show_window_mode 15842->15847 15843 7ff7ddf20a82 15844 7ff7ddf1fc70 _findclose 13 API calls 15843->15844 15845 7ff7ddf20a87 15844->15845 15849 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 15845->15849 15846->15813 15847->15843 15847->15846 15848 7ff7ddf20abb 15847->15848 15848->15846 15850 7ff7ddf1fc70 _findclose 13 API calls 15848->15850 15849->15846 15850->15845 15854 7ff7ddf2a680 15851->15854 15855 7ff7ddf2a6ac 15854->15855 15856 7ff7ddf2a6d5 15854->15856 15859 7ff7ddf1fc70 _findclose 13 API calls 15855->15859 15857 7ff7ddf2a6d9 15856->15857 15858 7ff7ddf2a6fa 15856->15858 15885 7ff7ddf2a7e8 15857->15885 15897 7ff7ddf29dd4 15858->15897 15874 7ff7ddf2a6b1 15859->15874 15863 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 15865 7ff7ddf2a6bc 15863->15865 15864 7ff7ddf2a6e2 15867 7ff7ddf1fc50 _fread_nolock 13 API calls 15864->15867 15869 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15865->15869 15866 7ff7ddf2a6ff 15870 7ff7ddf2a7a3 15866->15870 15876 7ff7ddf2a727 15866->15876 15868 7ff7ddf2a6e7 15867->15868 15871 7ff7ddf1fc70 _findclose 13 API calls 15868->15871 15872 7ff7ddf2a6ca 15869->15872 15870->15855 15873 7ff7ddf2a7ab 15870->15873 15871->15874 15872->15806 15875 7ff7ddf208c8 15 API calls 15873->15875 15874->15863 15875->15865 15877 7ff7ddf2093c 17 API calls 15876->15877 15878 7ff7ddf2a764 15877->15878 15879 7ff7ddf2a768 15878->15879 15880 7ff7ddf2a78b 15878->15880 15881 7ff7ddf20a20 30 API calls 15879->15881 15880->15865 15883 7ff7ddf1f95c __vcrt_freefls 14 API calls 15880->15883 15883->15865 15886 7ff7ddf2a821 15885->15886 15887 7ff7ddf2a802 15885->15887 15889 7ff7ddf2a82c GetDriveTypeW 15886->15889 15896 7ff7ddf2a81d 15886->15896 15888 7ff7ddf1fc50 _fread_nolock 13 API calls 15887->15888 15890 7ff7ddf2a807 15888->15890 15889->15896 15891 7ff7ddf1fc70 _findclose 13 API calls 15890->15891 15893 7ff7ddf2a812 15891->15893 15892 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15894 7ff7ddf2a6de 15892->15894 15895 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 15893->15895 15894->15864 15894->15866 15895->15896 15896->15892 15898 7ff7ddf1ba40 __scrt_get_show_window_mode 15897->15898 15899 7ff7ddf29e0a GetCurrentDirectoryW 15898->15899 15900 7ff7ddf29e48 15899->15900 15901 7ff7ddf29e21 15899->15901 15902 7ff7ddf29550 _invalid_parameter_noinfo 13 API calls 15900->15902 15903 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 15901->15903 15904 7ff7ddf29e57 15902->15904 15905 7ff7ddf29eb5 15903->15905 15906 7ff7ddf29e61 GetCurrentDirectoryW 15904->15906 15907 7ff7ddf29e70 15904->15907 15905->15866 15906->15907 15909 7ff7ddf29e75 15906->15909 15908 7ff7ddf1fc70 _findclose 13 API calls 15907->15908 15908->15909 15910 7ff7ddf259cc __free_lconv_num 13 API calls 15909->15910 15910->15901 15918 7ff7ddf2af44 EnterCriticalSection 15911->15918 15962 7ff7ddf2bd40 15919->15962 16012 7ff7ddf2babc 15962->16012 16033 7ff7ddf2af44 EnterCriticalSection 16012->16033 16036 7ff7ddf284e4 33 API calls 16035->16036 16038 7ff7ddf208ad 16036->16038 16037 7ff7ddf2a679 16055 7ff7ddf1a9e4 16037->16055 16038->16037 16041 7ff7ddf2a5a0 16038->16041 16042 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16041->16042 16043 7ff7ddf2a66e 16042->16043 16043->15676 16045 7ff7ddf12890 __scrt_get_show_window_mode 16044->16045 16046 7ff7ddf17490 16 API calls 16045->16046 16047 7ff7ddf1290a 16046->16047 16048 7ff7ddf12949 MessageBoxA 16047->16048 16049 7ff7ddf1290f 16047->16049 16051 7ff7ddf12963 16048->16051 16050 7ff7ddf17490 16 API calls 16049->16050 16052 7ff7ddf12929 MessageBoxW 16050->16052 16053 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16051->16053 16052->16051 16054 7ff7ddf12973 16053->16054 16054->15672 16058 7ff7ddf1a9f8 IsProcessorFeaturePresent 16055->16058 16059 7ff7ddf1aa0f 16058->16059 16064 7ff7ddf1aa94 RtlCaptureContext RtlLookupFunctionEntry 16059->16064 16065 7ff7ddf1aac4 RtlVirtualUnwind 16064->16065 16066 7ff7ddf1aa23 16064->16066 16065->16066 16067 7ff7ddf1a8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16066->16067 16069 7ff7ddf17490 16 API calls 16068->16069 16070 7ff7ddf16cb7 LoadLibraryExW 16069->16070 16071 7ff7ddf1f95c __vcrt_freefls 14 API calls 16070->16071 16072 7ff7ddf15202 16071->16072 16072->14631 16073->14705 16074->14703 16076 7ff7ddf14780 16075->16076 16077 7ff7ddf147bb 16076->16077 16080 7ff7ddf147db 16076->16080 16078 7ff7ddf12760 18 API calls 16077->16078 16079 7ff7ddf147d1 16078->16079 16084 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16079->16084 16082 7ff7ddf14832 16080->16082 16083 7ff7ddf1481a 16080->16083 16087 7ff7ddf12760 18 API calls 16080->16087 16081 7ff7ddf14869 16086 7ff7ddf16ca0 31 API calls 16081->16086 16082->16081 16085 7ff7ddf12760 18 API calls 16082->16085 16155 7ff7ddf13ae0 16083->16155 16089 7ff7ddf12e7e 16084->16089 16085->16081 16090 7ff7ddf14876 16086->16090 16087->16083 16089->14722 16097 7ff7ddf14af0 16089->16097 16092 7ff7ddf1487b 16090->16092 16093 7ff7ddf1489d 16090->16093 16094 7ff7ddf12610 16 API calls 16092->16094 16161 7ff7ddf13c90 GetProcAddress 16093->16161 16094->16079 16096 7ff7ddf16ca0 31 API calls 16096->16082 16098 7ff7ddf17490 16 API calls 16097->16098 16099 7ff7ddf14b12 16098->16099 16100 7ff7ddf14b17 16099->16100 16101 7ff7ddf14b2e 16099->16101 16102 7ff7ddf12760 18 API calls 16100->16102 16104 7ff7ddf17490 16 API calls 16101->16104 16103 7ff7ddf14b23 16102->16103 16103->14724 16107 7ff7ddf14b5c 16104->16107 16105 7ff7ddf12760 18 API calls 16106 7ff7ddf14cd7 16105->16106 16106->14724 16108 7ff7ddf14bde 16107->16108 16109 7ff7ddf14c03 16107->16109 16121 7ff7ddf14b61 16107->16121 16111 7ff7ddf12760 18 API calls 16108->16111 16110 7ff7ddf17490 16 API calls 16109->16110 16113 7ff7ddf14c1c 16110->16113 16112 7ff7ddf14bf3 16111->16112 16112->14724 16113->16121 16265 7ff7ddf148d0 16113->16265 16117 7ff7ddf14c6d 16118 7ff7ddf14ca4 16117->16118 16119 7ff7ddf1f95c __vcrt_freefls 14 API calls 16117->16119 16117->16121 16120 7ff7ddf1f95c __vcrt_freefls 14 API calls 16118->16120 16119->16117 16120->16121 16121->16105 16122 7ff7ddf14cc0 16121->16122 16122->14724 16124 7ff7ddf14557 16123->16124 16124->16124 16125 7ff7ddf14579 16124->16125 16133 7ff7ddf14590 16124->16133 16126 7ff7ddf12760 18 API calls 16125->16126 16127 7ff7ddf14585 16126->16127 16127->14726 16128 7ff7ddf1465d 16128->14726 16129 7ff7ddf112b0 105 API calls 16129->16133 16130 7ff7ddf11770 18 API calls 16130->16133 16131 7ff7ddf12760 18 API calls 16131->16133 16132 7ff7ddf1f95c __vcrt_freefls 14 API calls 16132->16133 16133->16128 16133->16129 16133->16130 16133->16131 16133->16132 16135 7ff7ddf1474d 16134->16135 16136 7ff7ddf1468b 16134->16136 16135->14728 16136->16135 16136->16136 16137 7ff7ddf11770 18 API calls 16136->16137 16138 7ff7ddf12760 18 API calls 16136->16138 16137->16136 16138->16136 16140 7ff7ddf123d9 16139->16140 16141 7ff7ddf123cc 16139->16141 16142 7ff7ddf123ee 16140->16142 16144 7ff7ddf17490 16 API calls 16140->16144 16143 7ff7ddf17490 16 API calls 16141->16143 16145 7ff7ddf17490 16 API calls 16142->16145 16147 7ff7ddf12403 16142->16147 16143->16140 16144->16142 16145->16147 16353 7ff7ddf12230 16147->16353 16156 7ff7ddf13aea 16155->16156 16157 7ff7ddf17490 16 API calls 16156->16157 16158 7ff7ddf13b12 16157->16158 16159 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16158->16159 16160 7ff7ddf13b3a 16159->16160 16160->16082 16160->16096 16162 7ff7ddf13cd0 GetProcAddress 16161->16162 16163 7ff7ddf13cb2 16161->16163 16162->16163 16164 7ff7ddf13cf5 GetProcAddress 16162->16164 16165 7ff7ddf12610 16 API calls 16163->16165 16164->16163 16166 7ff7ddf13d1a GetProcAddress 16164->16166 16167 7ff7ddf13cc5 16165->16167 16166->16163 16168 7ff7ddf13d42 GetProcAddress 16166->16168 16167->16079 16168->16163 16169 7ff7ddf13d6a GetProcAddress 16168->16169 16169->16163 16170 7ff7ddf13d92 GetProcAddress 16169->16170 16170->16163 16171 7ff7ddf13dba GetProcAddress 16170->16171 16172 7ff7ddf13de2 GetProcAddress 16171->16172 16173 7ff7ddf13dd6 16171->16173 16174 7ff7ddf13e0a GetProcAddress 16172->16174 16175 7ff7ddf13dfe 16172->16175 16173->16172 16176 7ff7ddf13e32 GetProcAddress 16174->16176 16177 7ff7ddf13e26 16174->16177 16175->16174 16178 7ff7ddf13e5a GetProcAddress 16176->16178 16179 7ff7ddf13e4e 16176->16179 16177->16176 16180 7ff7ddf13e82 GetProcAddress 16178->16180 16181 7ff7ddf13e76 16178->16181 16179->16178 16182 7ff7ddf13eaa GetProcAddress 16180->16182 16183 7ff7ddf13e9e 16180->16183 16181->16180 16184 7ff7ddf13ed2 GetProcAddress 16182->16184 16185 7ff7ddf13ec6 16182->16185 16183->16182 16186 7ff7ddf13efa GetProcAddress 16184->16186 16187 7ff7ddf13eee 16184->16187 16185->16184 16188 7ff7ddf13f22 GetProcAddress 16186->16188 16189 7ff7ddf13f16 16186->16189 16187->16186 16190 7ff7ddf13f4a GetProcAddress 16188->16190 16191 7ff7ddf13f3e 16188->16191 16189->16188 16192 7ff7ddf13f72 GetProcAddress 16190->16192 16193 7ff7ddf13f66 16190->16193 16191->16190 16194 7ff7ddf13f9a GetProcAddress 16192->16194 16195 7ff7ddf13f8e 16192->16195 16193->16192 16196 7ff7ddf13fc2 GetProcAddress 16194->16196 16197 7ff7ddf13fb6 16194->16197 16195->16194 16198 7ff7ddf13fea GetProcAddress 16196->16198 16199 7ff7ddf13fde 16196->16199 16197->16196 16200 7ff7ddf14012 GetProcAddress 16198->16200 16201 7ff7ddf14006 16198->16201 16199->16198 16202 7ff7ddf1403a GetProcAddress 16200->16202 16203 7ff7ddf1402e 16200->16203 16201->16200 16204 7ff7ddf14062 GetProcAddress 16202->16204 16205 7ff7ddf14056 16202->16205 16203->16202 16206 7ff7ddf1408a GetProcAddress 16204->16206 16207 7ff7ddf1407e 16204->16207 16205->16204 16207->16206 16271 7ff7ddf148ea mbstowcs 16265->16271 16266 7ff7ddf14a96 16267 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16266->16267 16269 7ff7ddf14ab5 16267->16269 16268 7ff7ddf11770 18 API calls 16268->16271 16291 7ff7ddf17690 16269->16291 16270 7ff7ddf149f8 16270->16266 16302 7ff7ddf24c20 16270->16302 16271->16266 16271->16268 16271->16270 16274 7ff7ddf14ace 16271->16274 16276 7ff7ddf12760 18 API calls 16274->16276 16276->16266 16277 7ff7ddf14a1b 16278 7ff7ddf24c20 _fread_nolock 30 API calls 16277->16278 16279 7ff7ddf14a2d 16278->16279 16280 7ff7ddf20f20 32 API calls 16279->16280 16281 7ff7ddf14a39 16280->16281 16327 7ff7ddf213f0 16281->16327 16283 7ff7ddf14a4b 16293 7ff7ddf176af 16291->16293 16292 7ff7ddf176b7 16292->16117 16293->16292 16294 7ff7ddf17700 MultiByteToWideChar 16293->16294 16296 7ff7ddf17748 MultiByteToWideChar 16293->16296 16298 7ff7ddf1778c 16293->16298 16294->16293 16294->16298 16295 7ff7ddf12610 16 API calls 16297 7ff7ddf177b8 16295->16297 16296->16293 16296->16298 16299 7ff7ddf177d1 16297->16299 16300 7ff7ddf1f95c __vcrt_freefls 14 API calls 16297->16300 16298->16295 16301 7ff7ddf1f95c __vcrt_freefls 14 API calls 16299->16301 16300->16297 16301->16292 16303 7ff7ddf24c29 16302->16303 16305 7ff7ddf14a0f 16302->16305 16304 7ff7ddf1fc70 _findclose 13 API calls 16303->16304 16306 7ff7ddf24c2e 16304->16306 16308 7ff7ddf20f20 16305->16308 16307 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16306->16307 16307->16305 16309 7ff7ddf20f79 16308->16309 16310 7ff7ddf20f49 16308->16310 16311 7ff7ddf20f8b 16309->16311 16312 7ff7ddf20f7e 16309->16312 16310->16309 16317 7ff7ddf20f69 16310->16317 16314 7ff7ddf20ff4 16311->16314 16316 7ff7ddf20fbb 16311->16316 16313 7ff7ddf1fc70 _findclose 13 API calls 16312->16313 16318 7ff7ddf20f83 16313->16318 16315 7ff7ddf1fc70 _findclose 13 API calls 16314->16315 16319 7ff7ddf20f6e 16315->16319 16333 7ff7ddf22284 EnterCriticalSection 16316->16333 16321 7ff7ddf1fc70 _findclose 13 API calls 16317->16321 16318->16277 16322 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16319->16322 16321->16319 16322->16318 16328 7ff7ddf213fe 16327->16328 16329 7ff7ddf21405 16327->16329 16334 7ff7ddf212c0 16328->16334 16331 7ff7ddf21403 16329->16331 16337 7ff7ddf21280 16329->16337 16331->16283 16352 7ff7ddf1fba0 EnterCriticalSection 16337->16352 16377 7ff7ddf12996 16375->16377 16376 7ff7ddf12db9 16377->16376 16419 7ff7ddf12dd0 16377->16419 16380 7ff7ddf12ad7 16382 7ff7ddf16270 80 API calls 16380->16382 16381 7ff7ddf12dd0 55 API calls 16383 7ff7ddf12ad3 16381->16383 16384 7ff7ddf12adf 16382->16384 16383->16380 16385 7ff7ddf12b45 16383->16385 16386 7ff7ddf12afc 16384->16386 16425 7ff7ddf16150 16384->16425 16387 7ff7ddf12dd0 55 API calls 16385->16387 16389 7ff7ddf12760 18 API calls 16386->16389 16392 7ff7ddf12b16 16386->16392 16390 7ff7ddf12b6e 16387->16390 16389->16392 16391 7ff7ddf12bc8 16390->16391 16393 7ff7ddf12dd0 55 API calls 16390->16393 16391->16386 16394 7ff7ddf16270 80 API calls 16391->16394 16395 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16392->16395 16396 7ff7ddf12b9b 16393->16396 16399 7ff7ddf12bd8 16394->16399 16397 7ff7ddf12b3a 16395->16397 16396->16391 16398 7ff7ddf12dd0 55 API calls 16396->16398 16397->14767 16398->16391 16399->16386 16400 7ff7ddf11ae0 40 API calls 16399->16400 16401 7ff7ddf12cf6 16399->16401 16404 7ff7ddf12c2f 16400->16404 16401->16386 16406 7ff7ddf12d0e 16401->16406 16402 7ff7ddf12d92 16403 7ff7ddf12760 18 API calls 16402->16403 16418 7ff7ddf12cf1 16403->16418 16404->16386 16404->16402 16409 7ff7ddf12cbc 16404->16409 16405 7ff7ddf11aa0 65 API calls 16405->16386 16406->16392 16407 7ff7ddf11440 144 API calls 16406->16407 16408 7ff7ddf11770 18 API calls 16406->16408 16411 7ff7ddf12d74 16406->16411 16407->16406 16408->16406 16410 7ff7ddf117a0 103 API calls 16409->16410 16412 7ff7ddf12cd3 16410->16412 16413 7ff7ddf12760 18 API calls 16411->16413 16412->16406 16414 7ff7ddf12cd7 16412->16414 16415 7ff7ddf12d85 16413->16415 16416 7ff7ddf124c0 40 API calls 16414->16416 16417 7ff7ddf11aa0 65 API calls 16415->16417 16416->16418 16417->16392 16418->16405 16420 7ff7ddf12e04 16419->16420 16421 7ff7ddf12e3b 16420->16421 16449 7ff7ddf205c0 16420->16449 16423 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16421->16423 16424 7ff7ddf12a86 16423->16424 16424->16380 16424->16381 16426 7ff7ddf1615e 16425->16426 16427 7ff7ddf13b50 98 API calls 16426->16427 16428 7ff7ddf16185 16427->16428 16429 7ff7ddf16590 115 API calls 16428->16429 16430 7ff7ddf16193 16429->16430 16431 7ff7ddf16243 16430->16431 16432 7ff7ddf161ad 16430->16432 16433 7ff7ddf1c8c4 64 API calls 16431->16433 16441 7ff7ddf1623f 16431->16441 16607 7ff7ddf1c928 16432->16607 16433->16441 16435 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16436 7ff7ddf16265 16435->16436 16436->16386 16437 7ff7ddf1c8c4 64 API calls 16439 7ff7ddf16237 16437->16439 16438 7ff7ddf1cbe0 _fread_nolock 46 API calls 16444 7ff7ddf161b2 16438->16444 16440 7ff7ddf1c8c4 64 API calls 16439->16440 16440->16441 16441->16435 16442 7ff7ddf1d108 64 API calls 16442->16444 16443 7ff7ddf161e9 16613 7ff7ddf22f98 16443->16613 16444->16438 16444->16442 16444->16443 16445 7ff7ddf1c954 30 API calls 16444->16445 16446 7ff7ddf1c928 30 API calls 16444->16446 16448 7ff7ddf16220 16444->16448 16445->16444 16446->16444 16448->16437 16450 7ff7ddf205e9 16449->16450 16451 7ff7ddf205dd 16449->16451 16452 7ff7ddf1da10 33 API calls 16450->16452 16466 7ff7ddf1fee4 16451->16466 16454 7ff7ddf20611 16452->16454 16456 7ff7ddf20621 16454->16456 16489 7ff7ddf297f0 16454->16489 16492 7ff7ddf1fd6c 16456->16492 16459 7ff7ddf20679 16461 7ff7ddf205e2 16459->16461 16463 7ff7ddf259cc __free_lconv_num 13 API calls 16459->16463 16460 7ff7ddf2068d 16462 7ff7ddf1fee4 52 API calls 16460->16462 16461->16421 16464 7ff7ddf20699 16462->16464 16463->16461 16464->16461 16465 7ff7ddf259cc __free_lconv_num 13 API calls 16464->16465 16465->16461 16467 7ff7ddf1ff1f 16466->16467 16468 7ff7ddf1ff03 16466->16468 16467->16468 16469 7ff7ddf1ff32 CreateFileW 16467->16469 16470 7ff7ddf1fc50 _fread_nolock 13 API calls 16468->16470 16471 7ff7ddf1ffac 16469->16471 16472 7ff7ddf1ff65 16469->16472 16473 7ff7ddf1ff08 16470->16473 16540 7ff7ddf204b4 16471->16540 16514 7ff7ddf20030 GetFileType 16472->16514 16476 7ff7ddf1fc70 _findclose 13 API calls 16473->16476 16478 7ff7ddf1ff0f 16476->16478 16481 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16478->16481 16479 7ff7ddf1ffc1 16563 7ff7ddf20270 16479->16563 16480 7ff7ddf1ffb5 16485 7ff7ddf1fc00 _fread_nolock 13 API calls 16480->16485 16483 7ff7ddf1ff1a 16481->16483 16483->16461 16484 7ff7ddf1ff8e CloseHandle 16484->16483 16488 7ff7ddf1ff73 16485->16488 16488->16483 16488->16484 16490 7ff7ddf295c8 try_get_function 5 API calls 16489->16490 16491 7ff7ddf29810 16490->16491 16491->16456 16493 7ff7ddf1fdb7 16492->16493 16494 7ff7ddf1fd95 16492->16494 16496 7ff7ddf1fdbb 16493->16496 16497 7ff7ddf1fe10 16493->16497 16495 7ff7ddf1fda3 16494->16495 16498 7ff7ddf259cc __free_lconv_num 13 API calls 16494->16498 16495->16459 16495->16460 16496->16495 16501 7ff7ddf1fdcf 16496->16501 16503 7ff7ddf259cc __free_lconv_num 13 API calls 16496->16503 16604 7ff7ddf2a0b0 16497->16604 16498->16495 16504 7ff7ddf27d90 _fread_nolock 14 API calls 16501->16504 16503->16501 16504->16495 16515 7ff7ddf2013b 16514->16515 16516 7ff7ddf2007e 16514->16516 16518 7ff7ddf20143 16515->16518 16519 7ff7ddf20165 16515->16519 16517 7ff7ddf200aa GetFileInformationByHandle 16516->16517 16524 7ff7ddf203ac 23 API calls 16516->16524 16520 7ff7ddf200d3 16517->16520 16521 7ff7ddf20156 GetLastError 16517->16521 16518->16521 16522 7ff7ddf20147 16518->16522 16523 7ff7ddf20188 PeekNamedPipe 16519->16523 16539 7ff7ddf20126 16519->16539 16525 7ff7ddf20270 34 API calls 16520->16525 16527 7ff7ddf1fc00 _fread_nolock 13 API calls 16521->16527 16526 7ff7ddf1fc70 _findclose 13 API calls 16522->16526 16523->16539 16528 7ff7ddf20098 16524->16528 16529 7ff7ddf200de 16525->16529 16526->16539 16527->16539 16528->16517 16528->16539 16580 7ff7ddf201d8 16529->16580 16530 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16532 7ff7ddf201c1 16530->16532 16532->16488 16534 7ff7ddf201d8 10 API calls 16535 7ff7ddf200fd 16534->16535 16536 7ff7ddf201d8 10 API calls 16535->16536 16537 7ff7ddf2010e 16536->16537 16538 7ff7ddf1fc70 _findclose 13 API calls 16537->16538 16537->16539 16538->16539 16539->16530 16541 7ff7ddf204ea 16540->16541 16543 7ff7ddf1fc70 _findclose 13 API calls 16541->16543 16559 7ff7ddf20592 16541->16559 16542 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16545 7ff7ddf1ffb1 16542->16545 16544 7ff7ddf204fe 16543->16544 16546 7ff7ddf1fc70 _findclose 13 API calls 16544->16546 16545->16479 16545->16480 16547 7ff7ddf20505 16546->16547 16548 7ff7ddf20b08 39 API calls 16547->16548 16549 7ff7ddf2051b 16548->16549 16550 7ff7ddf2052c 16549->16550 16551 7ff7ddf20523 16549->16551 16553 7ff7ddf1fc70 _findclose 13 API calls 16550->16553 16552 7ff7ddf1fc70 _findclose 13 API calls 16551->16552 16562 7ff7ddf20528 16552->16562 16554 7ff7ddf20531 16553->16554 16555 7ff7ddf20587 16554->16555 16556 7ff7ddf1fc70 _findclose 13 API calls 16554->16556 16557 7ff7ddf1f95c __vcrt_freefls 14 API calls 16555->16557 16558 7ff7ddf2053b 16556->16558 16557->16559 16560 7ff7ddf20b08 39 API calls 16558->16560 16559->16542 16560->16562 16561 7ff7ddf20575 GetDriveTypeW 16561->16555 16562->16555 16562->16561 16564 7ff7ddf20298 16563->16564 16572 7ff7ddf1ffce 16564->16572 16587 7ff7ddf29f40 16564->16587 16566 7ff7ddf2032c 16567 7ff7ddf29f40 34 API calls 16566->16567 16566->16572 16568 7ff7ddf2033f 16567->16568 16569 7ff7ddf29f40 34 API calls 16568->16569 16568->16572 16570 7ff7ddf20352 16569->16570 16571 7ff7ddf29f40 34 API calls 16570->16571 16570->16572 16571->16572 16573 7ff7ddf203ac 16572->16573 16574 7ff7ddf203c6 16573->16574 16575 7ff7ddf203fe 16574->16575 16576 7ff7ddf203d6 16574->16576 16577 7ff7ddf29dd4 23 API calls 16575->16577 16578 7ff7ddf1fc00 _fread_nolock 13 API calls 16576->16578 16579 7ff7ddf203e6 16576->16579 16577->16579 16578->16579 16579->16488 16581 7ff7ddf201f7 16580->16581 16582 7ff7ddf20204 FileTimeToSystemTime 16580->16582 16581->16582 16585 7ff7ddf201ff 16581->16585 16583 7ff7ddf20216 SystemTimeToTzSpecificLocalTime 16582->16583 16582->16585 16583->16585 16584 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 16586 7ff7ddf200ed 16584->16586 16585->16584 16586->16534 16588 7ff7ddf29f71 16587->16588 16589 7ff7ddf29f4d 16587->16589 16591 7ff7ddf29fab 16588->16591 16594 7ff7ddf29fca 16588->16594 16589->16588 16590 7ff7ddf29f52 16589->16590 16592 7ff7ddf1fc70 _findclose 13 API calls 16590->16592 16593 7ff7ddf1fc70 _findclose 13 API calls 16591->16593 16595 7ff7ddf29f57 16592->16595 16596 7ff7ddf29fb0 16593->16596 16597 7ff7ddf1da10 33 API calls 16594->16597 16598 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16595->16598 16599 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16596->16599 16600 7ff7ddf29fd7 16597->16600 16601 7ff7ddf29f62 16598->16601 16602 7ff7ddf29fbb 16599->16602 16600->16602 16603 7ff7ddf2f87c 34 API calls 16600->16603 16601->16566 16602->16566 16603->16600 16605 7ff7ddf2a0b8 MultiByteToWideChar 16604->16605 16608 7ff7ddf1c931 16607->16608 16609 7ff7ddf1c941 16607->16609 16610 7ff7ddf1fc70 _findclose 13 API calls 16608->16610 16609->16444 16611 7ff7ddf1c936 16610->16611 16612 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16611->16612 16612->16609 16614 7ff7ddf22fa0 16613->16614 16615 7ff7ddf22fbc 16614->16615 16616 7ff7ddf22fdd 16614->16616 16618 7ff7ddf1fc70 _findclose 13 API calls 16615->16618 16632 7ff7ddf1fba0 EnterCriticalSection 16616->16632 16620 7ff7ddf22fc1 16618->16620 16622 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 16620->16622 16626 7ff7ddf22fcb 16622->16626 16626->16448 16634 7ff7ddf22a04 16633->16634 16649 7ff7ddf22ab7 memcpy_s 16633->16649 16635 7ff7ddf22ac7 16634->16635 16637 7ff7ddf22a1b 16634->16637 16641 7ff7ddf28660 _invalid_parameter_noinfo 13 API calls 16635->16641 16635->16649 16636 7ff7ddf1fc70 _findclose 13 API calls 16638 7ff7ddf16b10 16636->16638 16651 7ff7ddf2af44 EnterCriticalSection 16637->16651 16638->14787 16642 7ff7ddf22ae3 16641->16642 16647 7ff7ddf27d90 _fread_nolock 14 API calls 16642->16647 16642->16649 16647->16649 16649->16636 16649->16638 16679 7ff7ddf284e4 33 API calls 16678->16679 16680 7ff7ddf24b89 16679->16680 16681 7ff7ddf24ca8 33 API calls 16680->16681 16682 7ff7ddf24b9f 16681->16682 14242 7ff7ddf242d8 14243 7ff7ddf2433f 14242->14243 14244 7ff7ddf242f5 GetModuleHandleW 14242->14244 14252 7ff7ddf241d0 14243->14252 14244->14243 14250 7ff7ddf24302 14244->14250 14250->14243 14266 7ff7ddf243e0 GetModuleHandleExW 14250->14266 14272 7ff7ddf2af44 EnterCriticalSection 14252->14272 14267 7ff7ddf24406 GetProcAddress 14266->14267 14268 7ff7ddf24425 14266->14268 14267->14268 14269 7ff7ddf2441d 14267->14269 14270 7ff7ddf2442f FreeLibrary 14268->14270 14271 7ff7ddf24435 14268->14271 14269->14268 14270->14271 14271->14243 17807 7ff7ddf28364 17808 7ff7ddf28369 17807->17808 17809 7ff7ddf2837e 17807->17809 17813 7ff7ddf28384 17808->17813 17814 7ff7ddf283c6 17813->17814 17817 7ff7ddf283ce 17813->17817 17815 7ff7ddf259cc __free_lconv_num 13 API calls 17814->17815 17815->17817 17816 7ff7ddf259cc __free_lconv_num 13 API calls 17818 7ff7ddf283db 17816->17818 17817->17816 17819 7ff7ddf259cc __free_lconv_num 13 API calls 17818->17819 17820 7ff7ddf283e8 17819->17820 17821 7ff7ddf259cc __free_lconv_num 13 API calls 17820->17821 17822 7ff7ddf283f5 17821->17822 17823 7ff7ddf259cc __free_lconv_num 13 API calls 17822->17823 17824 7ff7ddf28402 17823->17824 17825 7ff7ddf259cc __free_lconv_num 13 API calls 17824->17825 17826 7ff7ddf2840f 17825->17826 17827 7ff7ddf259cc __free_lconv_num 13 API calls 17826->17827 17828 7ff7ddf2841c 17827->17828 17829 7ff7ddf259cc __free_lconv_num 13 API calls 17828->17829 17830 7ff7ddf28429 17829->17830 17831 7ff7ddf259cc __free_lconv_num 13 API calls 17830->17831 17832 7ff7ddf28439 17831->17832 17833 7ff7ddf259cc __free_lconv_num 13 API calls 17832->17833 17834 7ff7ddf28449 17833->17834 17839 7ff7ddf28234 17834->17839 17853 7ff7ddf2af44 EnterCriticalSection 17839->17853 17916 7ff7ddf2a16c 17917 7ff7ddf2a354 17916->17917 17919 7ff7ddf2a1af _isindst 17916->17919 17918 7ff7ddf1fc70 _findclose 13 API calls 17917->17918 17934 7ff7ddf2a346 17918->17934 17919->17917 17922 7ff7ddf2a22b _isindst 17919->17922 17920 7ff7ddf1a5f0 _wfindfirst32i64 8 API calls 17921 7ff7ddf2a36f 17920->17921 17937 7ff7ddf305b4 17922->17937 17927 7ff7ddf2a380 17929 7ff7ddf25984 _wfindfirst32i64 17 API calls 17927->17929 17931 7ff7ddf2a394 17929->17931 17934->17920 17935 7ff7ddf2a288 17935->17934 17962 7ff7ddf305f4 17935->17962 17938 7ff7ddf305c2 17937->17938 17939 7ff7ddf2a249 17937->17939 17969 7ff7ddf2af44 EnterCriticalSection 17938->17969 17944 7ff7ddf2f9b0 17939->17944 17945 7ff7ddf2f9b9 17944->17945 17947 7ff7ddf2a25e 17944->17947 17946 7ff7ddf1fc70 _findclose 13 API calls 17945->17946 17948 7ff7ddf2f9be 17946->17948 17947->17927 17950 7ff7ddf2f9e0 17947->17950 17949 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17948->17949 17949->17947 17951 7ff7ddf2f9e9 17950->17951 17952 7ff7ddf2a26f 17950->17952 17953 7ff7ddf1fc70 _findclose 13 API calls 17951->17953 17952->17927 17956 7ff7ddf2fa10 17952->17956 17954 7ff7ddf2f9ee 17953->17954 17955 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17954->17955 17955->17952 17957 7ff7ddf2fa19 17956->17957 17958 7ff7ddf2a280 17956->17958 17959 7ff7ddf1fc70 _findclose 13 API calls 17957->17959 17958->17927 17958->17935 17960 7ff7ddf2fa1e 17959->17960 17961 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17960->17961 17961->17958 17970 7ff7ddf2af44 EnterCriticalSection 17962->17970 17971 7ff7ddf1a670 17972 7ff7ddf1a680 17971->17972 17988 7ff7ddf20ee0 17972->17988 17974 7ff7ddf1a68c 17994 7ff7ddf1ac00 17974->17994 17976 7ff7ddf1aee0 7 API calls 17977 7ff7ddf1a725 17976->17977 17978 7ff7ddf1a6a4 _RTC_Initialize 17986 7ff7ddf1a6f9 17978->17986 17999 7ff7ddf1adb0 17978->17999 17980 7ff7ddf1a6b9 18002 7ff7ddf239a8 17980->18002 17986->17976 17987 7ff7ddf1a715 17986->17987 17989 7ff7ddf20ef1 17988->17989 17990 7ff7ddf20ef9 17989->17990 17991 7ff7ddf1fc70 _findclose 13 API calls 17989->17991 17990->17974 17992 7ff7ddf20f08 17991->17992 17993 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 17992->17993 17993->17990 17995 7ff7ddf1ac11 17994->17995 17998 7ff7ddf1ac16 __scrt_acquire_startup_lock 17994->17998 17996 7ff7ddf1aee0 7 API calls 17995->17996 17995->17998 17997 7ff7ddf1ac8a 17996->17997 17998->17978 18027 7ff7ddf1ad74 17999->18027 18001 7ff7ddf1adb9 18001->17980 18003 7ff7ddf239c8 18002->18003 18004 7ff7ddf1a6c5 18002->18004 18005 7ff7ddf239d0 18003->18005 18006 7ff7ddf239e6 GetModuleFileNameW 18003->18006 18004->17986 18026 7ff7ddf1ae84 InitializeSListHead 18004->18026 18007 7ff7ddf1fc70 _findclose 13 API calls 18005->18007 18010 7ff7ddf23a11 18006->18010 18008 7ff7ddf239d5 18007->18008 18009 7ff7ddf25964 _invalid_parameter_noinfo 30 API calls 18008->18009 18009->18004 18011 7ff7ddf23948 13 API calls 18010->18011 18012 7ff7ddf23a51 18011->18012 18013 7ff7ddf23a59 18012->18013 18017 7ff7ddf23a71 18012->18017 18014 7ff7ddf1fc70 _findclose 13 API calls 18013->18014 18015 7ff7ddf23a5e 18014->18015 18016 7ff7ddf259cc __free_lconv_num 13 API calls 18015->18016 18016->18004 18018 7ff7ddf23a93 18017->18018 18020 7ff7ddf23ad8 18017->18020 18021 7ff7ddf23abf 18017->18021 18019 7ff7ddf259cc __free_lconv_num 13 API calls 18018->18019 18019->18004 18023 7ff7ddf259cc __free_lconv_num 13 API calls 18020->18023 18022 7ff7ddf259cc __free_lconv_num 13 API calls 18021->18022 18024 7ff7ddf23ac8 18022->18024 18023->18018 18025 7ff7ddf259cc __free_lconv_num 13 API calls 18024->18025 18025->18004 18028 7ff7ddf1ad8e 18027->18028 18030 7ff7ddf1ad87 18027->18030 18031 7ff7ddf249c0 18028->18031 18030->18001 18034 7ff7ddf2460c 18031->18034 18041 7ff7ddf2af44 EnterCriticalSection 18034->18041 18277 7ff7ddf2be94 18288 7ff7ddf31960 18277->18288 18289 7ff7ddf3198b 18288->18289 18290 7ff7ddf259cc __free_lconv_num 13 API calls 18289->18290 18291 7ff7ddf319a3 18289->18291 18290->18289 18292 7ff7ddf259cc __free_lconv_num 13 API calls 18291->18292 18293 7ff7ddf2be9d 18291->18293 18292->18291 18294 7ff7ddf2af44 EnterCriticalSection 18293->18294

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _fread_nolock$Message_invalid_parameter_noinfo
    • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
    • API String ID: 2153230061-4158440160
    • Opcode ID: a4e21bfb9890b1ab93ab310f7ac99d02a10967d8f8de6a41bf0c38dfa70191e7
    • Instruction ID: 69ecdabddc0b1e03575cac81605914108fc3c1d8ae547456295d97e5526f8542
    • Opcode Fuzzy Hash: a4e21bfb9890b1ab93ab310f7ac99d02a10967d8f8de6a41bf0c38dfa70191e7
    • Instruction Fuzzy Hash: D4517D72A0D60686EB54EF28D45027CB3A0FB88B58BD18137D92D87399EF7CE544C760

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 53 7ff7ddf30f7c-7ff7ddf30fef call 7ff7ddf30cac 56 7ff7ddf31009-7ff7ddf31013 call 7ff7ddf22394 53->56 57 7ff7ddf30ff1-7ff7ddf30ffa call 7ff7ddf1fc50 53->57 62 7ff7ddf3102e-7ff7ddf31097 CreateFileW 56->62 63 7ff7ddf31015-7ff7ddf3102c call 7ff7ddf1fc50 call 7ff7ddf1fc70 56->63 64 7ff7ddf30ffd-7ff7ddf31004 call 7ff7ddf1fc70 57->64 66 7ff7ddf31099-7ff7ddf3109f 62->66 67 7ff7ddf31114-7ff7ddf3111f GetFileType 62->67 63->64 81 7ff7ddf31342-7ff7ddf31362 64->81 70 7ff7ddf310e1-7ff7ddf3110f GetLastError call 7ff7ddf1fc00 66->70 71 7ff7ddf310a1-7ff7ddf310a5 66->71 73 7ff7ddf31121-7ff7ddf3115c GetLastError call 7ff7ddf1fc00 CloseHandle 67->73 74 7ff7ddf31172-7ff7ddf31179 67->74 70->64 71->70 79 7ff7ddf310a7-7ff7ddf310df CreateFileW 71->79 73->64 87 7ff7ddf31162-7ff7ddf3116d call 7ff7ddf1fc70 73->87 77 7ff7ddf3117b-7ff7ddf3117f 74->77 78 7ff7ddf31181-7ff7ddf31184 74->78 84 7ff7ddf3118a-7ff7ddf311db call 7ff7ddf222ac 77->84 78->84 85 7ff7ddf31186 78->85 79->67 79->70 92 7ff7ddf311fa-7ff7ddf3122a call 7ff7ddf30a18 84->92 93 7ff7ddf311dd-7ff7ddf311e9 call 7ff7ddf30eb8 84->93 85->84 87->64 98 7ff7ddf311ed-7ff7ddf311f5 call 7ff7ddf25b24 92->98 99 7ff7ddf3122c-7ff7ddf3126f 92->99 93->92 100 7ff7ddf311eb 93->100 98->81 102 7ff7ddf31291-7ff7ddf3129c 99->102 103 7ff7ddf31271-7ff7ddf31275 99->103 100->98 106 7ff7ddf312a2-7ff7ddf312a6 102->106 107 7ff7ddf31340 102->107 103->102 105 7ff7ddf31277-7ff7ddf3128c 103->105 105->102 106->107 108 7ff7ddf312ac-7ff7ddf312f1 CloseHandle CreateFileW 106->108 107->81 109 7ff7ddf31326-7ff7ddf3133b 108->109 110 7ff7ddf312f3-7ff7ddf31321 GetLastError call 7ff7ddf1fc00 call 7ff7ddf224d4 108->110 109->107 110->109
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
    • String ID:
    • API String ID: 1330151763-0
    • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
    • Instruction ID: 7095c6657b689dd8ea34a6a5cad0fe4d80ff329a23e7a77fbbf1fcfa0256d42d
    • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
    • Instruction Fuzzy Hash: 8AC1C337B28A4286EB10EF68C4901AC7761FB49B98B914236DE2E977D4EF78D551C320

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 115 7ff7ddf11000-7ff7ddf13528 call 7ff7ddf1c838 call 7ff7ddf1c830 call 7ff7ddf170f0 call 7ff7ddf1c830 call 7ff7ddf1a620 call 7ff7ddf1fb30 call 7ff7ddf206c8 call 7ff7ddf11ae0 133 7ff7ddf1363c 115->133 134 7ff7ddf1352e-7ff7ddf1353d call 7ff7ddf13a40 115->134 135 7ff7ddf13641-7ff7ddf13661 call 7ff7ddf1a5f0 133->135 134->133 140 7ff7ddf13543-7ff7ddf13556 call 7ff7ddf13910 134->140 140->133 143 7ff7ddf1355c-7ff7ddf1356f call 7ff7ddf139c0 140->143 143->133 146 7ff7ddf13575-7ff7ddf1359c call 7ff7ddf164e0 143->146 149 7ff7ddf135de-7ff7ddf13606 call 7ff7ddf16a80 call 7ff7ddf119c0 146->149 150 7ff7ddf1359e-7ff7ddf135ad call 7ff7ddf164e0 146->150 160 7ff7ddf1360c-7ff7ddf13622 call 7ff7ddf119c0 149->160 161 7ff7ddf136ef-7ff7ddf13700 149->161 150->149 156 7ff7ddf135af-7ff7ddf135b5 150->156 158 7ff7ddf135b7-7ff7ddf135bf 156->158 159 7ff7ddf135c1-7ff7ddf135db call 7ff7ddf1f95c call 7ff7ddf16a80 156->159 158->159 159->149 174 7ff7ddf13662-7ff7ddf13665 160->174 175 7ff7ddf13624-7ff7ddf13637 call 7ff7ddf12760 160->175 164 7ff7ddf13702-7ff7ddf1370c call 7ff7ddf13040 161->164 165 7ff7ddf13715-7ff7ddf1372d call 7ff7ddf17490 161->165 177 7ff7ddf1374d-7ff7ddf1375a call 7ff7ddf159d0 164->177 178 7ff7ddf1370e 164->178 179 7ff7ddf1372f-7ff7ddf1373b call 7ff7ddf12760 165->179 180 7ff7ddf13740-7ff7ddf13747 SetDllDirectoryW 165->180 174->161 176 7ff7ddf1366b-7ff7ddf13682 call 7ff7ddf13b50 174->176 175->133 188 7ff7ddf13689-7ff7ddf136b5 call 7ff7ddf16cf0 176->188 189 7ff7ddf13684-7ff7ddf13687 176->189 190 7ff7ddf137a8-7ff7ddf137ad call 7ff7ddf15950 177->190 191 7ff7ddf1375c-7ff7ddf1376c call 7ff7ddf156b0 177->191 178->165 179->133 180->177 203 7ff7ddf136b7-7ff7ddf136bf call 7ff7ddf1c8c4 188->203 204 7ff7ddf136df-7ff7ddf136ed 188->204 193 7ff7ddf136c4-7ff7ddf136da call 7ff7ddf12760 189->193 199 7ff7ddf137b2-7ff7ddf137b5 190->199 191->190 202 7ff7ddf1376e-7ff7ddf1377d call 7ff7ddf15260 191->202 193->133 200 7ff7ddf137bb-7ff7ddf137c8 199->200 201 7ff7ddf13866-7ff7ddf13875 call 7ff7ddf12ed0 199->201 206 7ff7ddf137d0-7ff7ddf137da 200->206 201->133 219 7ff7ddf1387b-7ff7ddf138b2 call 7ff7ddf16a10 call 7ff7ddf164e0 call 7ff7ddf15050 201->219 217 7ff7ddf1379e-7ff7ddf137a3 call 7ff7ddf154d0 202->217 218 7ff7ddf1377f-7ff7ddf1378b call 7ff7ddf151f0 202->218 203->193 204->164 210 7ff7ddf137dc-7ff7ddf137e1 206->210 211 7ff7ddf137e3-7ff7ddf137e5 206->211 210->206 210->211 215 7ff7ddf137e7-7ff7ddf1380a call 7ff7ddf11b20 211->215 216 7ff7ddf13831-7ff7ddf13861 call 7ff7ddf13030 call 7ff7ddf12e70 call 7ff7ddf13020 call 7ff7ddf154d0 call 7ff7ddf15950 211->216 215->133 229 7ff7ddf13810-7ff7ddf1381b 215->229 216->135 217->190 218->217 230 7ff7ddf1378d-7ff7ddf1379c call 7ff7ddf15860 218->230 219->133 243 7ff7ddf138b8-7ff7ddf138ed call 7ff7ddf13030 call 7ff7ddf16ac0 call 7ff7ddf154d0 call 7ff7ddf15950 219->243 233 7ff7ddf13820-7ff7ddf1382f 229->233 230->199 233->216 233->233 255 7ff7ddf138f7-7ff7ddf13901 call 7ff7ddf11aa0 243->255 256 7ff7ddf138ef-7ff7ddf138f2 call 7ff7ddf16780 243->256 255->135 256->255
    APIs
      • Part of subcall function 00007FF7DDF13A40: GetModuleFileNameW.KERNEL32(?,00007FF7DDF1353B), ref: 00007FF7DDF13A71
    • SetDllDirectoryW.KERNEL32 ref: 00007FF7DDF13747
      • Part of subcall function 00007FF7DDF164E0: GetEnvironmentVariableW.KERNEL32(00007FF7DDF13589), ref: 00007FF7DDF1651A
      • Part of subcall function 00007FF7DDF164E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7DDF16537
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
    • API String ID: 2344891160-3602715111
    • Opcode ID: 81b65a4905ddbf8ee23dfcbb140cb81087030596d11c06d7e09b8ead5103a781
    • Instruction ID: a8ec140f16ed3ca7292c17de3b45ddbdd9c7df9ff776b3295a7f45d6ef8012e8
    • Opcode Fuzzy Hash: 81b65a4905ddbf8ee23dfcbb140cb81087030596d11c06d7e09b8ead5103a781
    • Instruction Fuzzy Hash: ECB17061A1CA8355EA24FB2194512FDA7A0BF947C8FC44133EA6D4779AFE2CE605C730

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 260 7ff7ddf26408-7ff7ddf2642e 261 7ff7ddf26449-7ff7ddf2644d 260->261 262 7ff7ddf26430-7ff7ddf26444 call 7ff7ddf1fc50 call 7ff7ddf1fc70 260->262 264 7ff7ddf2682c-7ff7ddf26838 call 7ff7ddf1fc50 call 7ff7ddf1fc70 261->264 265 7ff7ddf26453-7ff7ddf2645a 261->265 276 7ff7ddf26843 262->276 283 7ff7ddf2683e call 7ff7ddf25964 264->283 265->264 267 7ff7ddf26460-7ff7ddf26492 265->267 267->264 270 7ff7ddf26498-7ff7ddf2649f 267->270 273 7ff7ddf264b8-7ff7ddf264bb 270->273 274 7ff7ddf264a1-7ff7ddf264b3 call 7ff7ddf1fc50 call 7ff7ddf1fc70 270->274 279 7ff7ddf26828-7ff7ddf2682a 273->279 280 7ff7ddf264c1-7ff7ddf264c3 273->280 274->283 281 7ff7ddf26846-7ff7ddf2685d 276->281 279->281 280->279 284 7ff7ddf264c9-7ff7ddf264cc 280->284 283->276 284->274 285 7ff7ddf264ce-7ff7ddf264f4 284->285 288 7ff7ddf26533-7ff7ddf2653b 285->288 289 7ff7ddf264f6-7ff7ddf264f9 285->289 293 7ff7ddf2653d-7ff7ddf26565 call 7ff7ddf27d90 call 7ff7ddf259cc * 2 288->293 294 7ff7ddf26505-7ff7ddf2651c call 7ff7ddf1fc50 call 7ff7ddf1fc70 call 7ff7ddf25964 288->294 291 7ff7ddf264fb-7ff7ddf26503 289->291 292 7ff7ddf26521-7ff7ddf2652e 289->292 291->292 291->294 296 7ff7ddf265b7-7ff7ddf265ca 292->296 321 7ff7ddf26567-7ff7ddf2657d call 7ff7ddf1fc70 call 7ff7ddf1fc50 293->321 322 7ff7ddf26582-7ff7ddf265b3 call 7ff7ddf26b60 293->322 325 7ff7ddf266bc 294->325 299 7ff7ddf265cc-7ff7ddf265d4 296->299 300 7ff7ddf26646-7ff7ddf26650 call 7ff7ddf2dda0 296->300 299->300 304 7ff7ddf265d6-7ff7ddf265d8 299->304 312 7ff7ddf266da 300->312 313 7ff7ddf26656-7ff7ddf2666b 300->313 304->300 309 7ff7ddf265da-7ff7ddf265f1 304->309 309->300 314 7ff7ddf265f3-7ff7ddf265ff 309->314 317 7ff7ddf266df-7ff7ddf266ff ReadFile 312->317 313->312 319 7ff7ddf2666d-7ff7ddf2667f GetConsoleMode 313->319 314->300 315 7ff7ddf26601-7ff7ddf26603 314->315 315->300 320 7ff7ddf26605-7ff7ddf2661d 315->320 323 7ff7ddf267f2-7ff7ddf267fb GetLastError 317->323 324 7ff7ddf26705-7ff7ddf2670d 317->324 319->312 326 7ff7ddf26681-7ff7ddf26689 319->326 320->300 328 7ff7ddf2661f-7ff7ddf2662b 320->328 321->325 322->296 333 7ff7ddf26818-7ff7ddf2681b 323->333 334 7ff7ddf267fd-7ff7ddf26813 call 7ff7ddf1fc70 call 7ff7ddf1fc50 323->334 324->323 330 7ff7ddf26713 324->330 327 7ff7ddf266bf-7ff7ddf266c9 call 7ff7ddf259cc 325->327 326->317 332 7ff7ddf2668b-7ff7ddf266ad ReadConsoleW 326->332 327->281 328->300 336 7ff7ddf2662d-7ff7ddf2662f 328->336 340 7ff7ddf2671a-7ff7ddf2672f 330->340 342 7ff7ddf266ce-7ff7ddf266d8 332->342 343 7ff7ddf266af GetLastError 332->343 337 7ff7ddf26821-7ff7ddf26823 333->337 338 7ff7ddf266b5-7ff7ddf266b7 call 7ff7ddf1fc00 333->338 334->325 336->300 347 7ff7ddf26631-7ff7ddf26641 336->347 337->327 338->325 340->327 349 7ff7ddf26731-7ff7ddf2673c 340->349 342->340 343->338 347->300 353 7ff7ddf2673e-7ff7ddf26757 call 7ff7ddf25fcc 349->353 354 7ff7ddf26763-7ff7ddf2676b 349->354 360 7ff7ddf2675c-7ff7ddf2675e 353->360 357 7ff7ddf2676d-7ff7ddf2677f 354->357 358 7ff7ddf267e0-7ff7ddf267ed call 7ff7ddf25d84 354->358 361 7ff7ddf26781 357->361 362 7ff7ddf267d3-7ff7ddf267db 357->362 358->360 360->327 363 7ff7ddf26786-7ff7ddf2678d 361->363 362->327 365 7ff7ddf267c9-7ff7ddf267cd 363->365 366 7ff7ddf2678f-7ff7ddf26793 363->366 365->362 367 7ff7ddf267af 366->367 368 7ff7ddf26795-7ff7ddf2679c 366->368 370 7ff7ddf267b5-7ff7ddf267c5 367->370 368->367 369 7ff7ddf2679e-7ff7ddf267a2 368->369 369->367 371 7ff7ddf267a4-7ff7ddf267ad 369->371 370->363 372 7ff7ddf267c7 370->372 371->370 372->362
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 6d76600332cd51621babe51080adacafe0eb3a98da8a3fe18a99b7ec18543619
    • Instruction ID: d99335d6a16656109ead00d9292609770a8029256919ccae395884a6312403e6
    • Opcode Fuzzy Hash: 6d76600332cd51621babe51080adacafe0eb3a98da8a3fe18a99b7ec18543619
    • Instruction Fuzzy Hash: 31C1D322A0C78682E660BB15A4402BEFF61EF80B84FD54133DA6D87795FE7CE855C760

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
    • String ID:
    • API String ID: 4144305933-0
    • Opcode ID: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
    • Instruction ID: 703eceab95abef03ff169053490912d938d24e45361a0203fd8ae9439da2d49d
    • Opcode Fuzzy Hash: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
    • Instruction Fuzzy Hash: B3314B22E0C50385FA24BB61E4213BDB691AF91794FC44037E97D4B2D7FE6DB9068231

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Message$ByteCharMultiWide
    • String ID: Fatal error detected
    • API String ID: 1878133881-4025702859
    • Opcode ID: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
    • Instruction ID: 6d9a4bb8861fd32dbec2df8b35dccf3b0424e6e4c60d630e6353ab0042b136b3
    • Opcode Fuzzy Hash: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
    • Instruction Fuzzy Hash: B921887262C68281EB30A710F4517EEA354FB94788FC44137EA9D47A99EF3CD205C760

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
    • Instruction ID: 5407be2cbfb1ee8763bccbff89224d35f9b5e54fb2400c7ae0c6eb649b5c8ced
    • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
    • Instruction Fuzzy Hash: 13E04820B0D70552F71477309C9527D66555F95741FD1553ADC2E82352FDBDF8848320

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 458 7ff7ddf1c980-7ff7ddf1c9a5 459 7ff7ddf1c9a7-7ff7ddf1c9aa 458->459 460 7ff7ddf1c9c1 458->460 459->460 461 7ff7ddf1c9ac-7ff7ddf1c9af 459->461 462 7ff7ddf1c9c3-7ff7ddf1c9d7 460->462 463 7ff7ddf1c9d8-7ff7ddf1c9e3 461->463 464 7ff7ddf1c9b1-7ff7ddf1c9b6 call 7ff7ddf1fc70 461->464 466 7ff7ddf1c9f3-7ff7ddf1c9f7 463->466 467 7ff7ddf1c9e5-7ff7ddf1c9f1 463->467 475 7ff7ddf1c9bc call 7ff7ddf25964 464->475 470 7ff7ddf1c9f9-7ff7ddf1ca03 call 7ff7ddf1ba40 466->470 471 7ff7ddf1ca0b-7ff7ddf1ca0e 466->471 467->466 469 7ff7ddf1ca1e-7ff7ddf1ca26 467->469 473 7ff7ddf1ca28-7ff7ddf1ca2b 469->473 474 7ff7ddf1ca2d 469->474 470->471 471->464 472 7ff7ddf1ca10-7ff7ddf1ca1c 471->472 472->464 472->469 477 7ff7ddf1ca32-7ff7ddf1ca51 473->477 474->477 475->460 480 7ff7ddf1cb97-7ff7ddf1cb9a 477->480 481 7ff7ddf1ca57-7ff7ddf1ca64 477->481 480->462 482 7ff7ddf1cadc-7ff7ddf1cae1 481->482 483 7ff7ddf1ca66-7ff7ddf1ca6d 481->483 485 7ff7ddf1cb4e-7ff7ddf1cb51 call 7ff7ddf26860 482->485 486 7ff7ddf1cae3-7ff7ddf1caef 482->486 483->482 484 7ff7ddf1ca6f 483->484 488 7ff7ddf1cbc2-7ff7ddf1cbc7 484->488 489 7ff7ddf1ca75-7ff7ddf1ca7f 484->489 493 7ff7ddf1cb56-7ff7ddf1cb59 485->493 490 7ff7ddf1cafb-7ff7ddf1cb01 486->490 491 7ff7ddf1caf1-7ff7ddf1caf8 486->491 492 7ff7ddf1cbce-7ff7ddf1cbd9 488->492 494 7ff7ddf1cb9f-7ff7ddf1cba3 489->494 495 7ff7ddf1ca85-7ff7ddf1ca8b 489->495 490->494 496 7ff7ddf1cb07-7ff7ddf1cb24 call 7ff7ddf24c20 call 7ff7ddf26408 490->496 491->490 492->462 493->492 497 7ff7ddf1cb5b-7ff7ddf1cb5e 493->497 500 7ff7ddf1cbb2-7ff7ddf1cbbd call 7ff7ddf1fc70 494->500 501 7ff7ddf1cba5-7ff7ddf1cbad call 7ff7ddf1ba40 494->501 498 7ff7ddf1ca8d-7ff7ddf1ca90 495->498 499 7ff7ddf1cac3-7ff7ddf1cad7 495->499 516 7ff7ddf1cb29-7ff7ddf1cb2b 496->516 497->494 503 7ff7ddf1cb60-7ff7ddf1cb77 497->503 505 7ff7ddf1caae-7ff7ddf1cab9 call 7ff7ddf1fc70 call 7ff7ddf25964 498->505 506 7ff7ddf1ca92-7ff7ddf1ca98 498->506 504 7ff7ddf1cb7e-7ff7ddf1cb89 499->504 500->475 501->500 503->504 504->481 512 7ff7ddf1cb8f 504->512 524 7ff7ddf1cabe 505->524 513 7ff7ddf1ca9a-7ff7ddf1caa2 call 7ff7ddf1b390 506->513 514 7ff7ddf1caa4-7ff7ddf1caa9 call 7ff7ddf1ba40 506->514 512->480 513->524 514->505 520 7ff7ddf1cbc9 516->520 521 7ff7ddf1cb31 516->521 520->492 521->488 525 7ff7ddf1cb37-7ff7ddf1cb4c 521->525 524->499 525->504
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 418abc046f0238a7e4161840f51ccb75892871292d6ebbe86ace378d7f50b21f
    • Instruction ID: 58a1bdeae3656c1f81f53e1a4a64eeb813f027064c4b2a201bc99dd289bad99e
    • Opcode Fuzzy Hash: 418abc046f0238a7e4161840f51ccb75892871292d6ebbe86ace378d7f50b21f
    • Instruction Fuzzy Hash: AE51D522B0D24185F629FE25981077EEA92BF44BA8FC44232DE7D577D9EE3CE4119630

    Control-flow Graph

    APIs
    • SetFilePointerEx.KERNELBASE(?,?,?,00007FF7DDF277DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF27707), ref: 00007FF7DDF26B00
    • GetLastError.KERNEL32(?,?,?,00007FF7DDF277DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF27707), ref: 00007FF7DDF26B0A
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
    • Instruction ID: af7d47877b18c59c84507cf960d94e5d69c0cfbc1af4d0e0597e640ba1556a25
    • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
    • Instruction Fuzzy Hash: 5701C462B1CA8281EA10AB25E84407DA651AF84BF4FD44333EA3E4B7D4FF7CD4958710

    Control-flow Graph

    APIs
    • CloseHandle.KERNELBASE(?,?,?,00007FF7DDF25A57,?,?,00000000,00007FF7DDF25AFF,?,?,?,?,?,?,00007FF7DDF1C892), ref: 00007FF7DDF25B8A
    • GetLastError.KERNEL32(?,?,?,00007FF7DDF25A57,?,?,00000000,00007FF7DDF25AFF,?,?,?,?,?,?,00007FF7DDF1C892), ref: 00007FF7DDF25B94
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: CloseErrorHandleLast
    • String ID:
    • API String ID: 918212764-0
    • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
    • Instruction ID: 2c3e2e1b86336a62b5a3b4dc745b107378644e9b9d9a7ce34342cbad0cf388a6
    • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
    • Instruction Fuzzy Hash: 77118621F0C64241FEA4776499A537D9A829F847A8FD84637DA3D873C2FE6CE4848320

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
    • Instruction ID: ec9a8720d545e5955443cb8a49ac3a0e9eed706925a59436a625c885f8189ab5
    • Opcode Fuzzy Hash: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
    • Instruction Fuzzy Hash: 7E41D132A1D20587EA14EB18D64027CBBA0FB55B58FC00132DBADC7790FF69E462C7A1

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
    • Instruction ID: 7d0b132d4df9a5e702b90d4d4aa7d294acdbb9ac4b0dc7dd102bd1cc80923999
    • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
    • Instruction Fuzzy Hash: 7631B262E0CA4691EA10AA25C45537CABD09F41FD8FC4413BC92D8B7D5FF2CE8458361

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _fread_nolock
    • String ID:
    • API String ID: 840049012-0
    • Opcode ID: 9a14401c5a825ed978c4862b406d3329acfe2ce1b9a010578fd99a48839cd6ad
    • Instruction ID: 3ab9af4eb6754eeaf76326955d0a15e1cdb7c76ee04b91775f347ed21daee38c
    • Opcode Fuzzy Hash: 9a14401c5a825ed978c4862b406d3329acfe2ce1b9a010578fd99a48839cd6ad
    • Instruction Fuzzy Hash: 05219421B1D29242FA14AB1299043BEE751BF45BC8FC84032EE2C07786EE3CE446C730

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: fc9ed733c9531663f2a1fa64f5afa218c335b2449458d7cf86e62dd5dbc485b9
    • Instruction ID: 149b8722b3ff2440ecc575ca96994738612d32bf9fc69ca0c7eeb47fde9a3baf
    • Opcode Fuzzy Hash: fc9ed733c9531663f2a1fa64f5afa218c335b2449458d7cf86e62dd5dbc485b9
    • Instruction Fuzzy Hash: 85318422A1C60286E7117F55984137DAA50AF80BA4FD10237E93D473E2FFBCEA859731

    Control-flow Graph

    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
    • Instruction ID: 44884710d865f95b6c43ddd461c249cea6ee3f2ef20ca2df7e553477f8ace79e
    • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
    • Instruction Fuzzy Hash: 59218C62A0C64246E6017F12984177DBA60AF40BB0FD58636ED3D8B3D2FE7CE9458B30
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
    • Instruction ID: e8bcce1a3eaf026c8ddf5cec75065fa746e3a3d2b84ea94e9b9844f89b505384
    • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
    • Instruction Fuzzy Hash: 65115123A5C64182EA60BF51980027DEA60FF84B88FD44433EA5CC7B96FF3CD5418760
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
    • Instruction ID: 2c0a62dd153ad7aeb9181adf7484622e2f1bb08e18c30bf75b3adbc8086d37e0
    • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
    • Instruction Fuzzy Hash: C221533260CA8286EB61AF19E44077DB6A0FB84B94FD54236E66D476D9FF7CD8408B10
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
    • Instruction ID: ed4f937de1b02fbb861683884a7a8ea186b59178d06b1d5c08453ba401210394
    • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
    • Instruction Fuzzy Hash: 9B217131A0970589EB11AF64D4402AC7AA8EB55708FC44536D61D82A85FF7CDA85CB90
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
    • Instruction ID: cc444c7fe8def9329bf73ac71dda73c21c534d73834c3ad06515bb90d7c590db
    • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
    • Instruction Fuzzy Hash: EB018261A0C78240E604AB52980016DE695AF95FE0FC88632DE7C57BD6EE3CD4014720
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
    • Instruction ID: 0e35b11cb3fd8e62e4b27ad18cf929207837ecf12952d60cfbbcacf4a218a6e2
    • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
    • Instruction Fuzzy Hash: 27114F72A1C64286EA05AF50D8412ADFB60EF80768FD04237E66D463E5FF7CE509CB20
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
    • Instruction ID: 8e428fce62462c1be6a553ac313c0d36afbe0851ab1d2ac86f935c397de61b9a
    • Opcode Fuzzy Hash: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
    • Instruction Fuzzy Hash: F0018F21E0D60241FE14BA76A89137DD5519F857B8FE84732E93E8B3D2FE2CE8418270
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
    • Instruction ID: c8e41804ded1f31d7b4bbc72c4e0b14e55292ebc27005e10d5b318a9003fc3fb
    • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
    • Instruction Fuzzy Hash: DBF09022B1C68241EA14BA5AA81107DE551AFC6BE0FD85132FA7D57B86EE6CD8414730
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
    • Instruction ID: fda0dd7cccc9aaf08d5e081471598431df5e02f377e241641805935e4e426cdb
    • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
    • Instruction Fuzzy Hash: F3F0E231A0C20341EA14BB79A85127DE6919F803A4FD84232FA3D863C3FE2CE4419330
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
    • Instruction ID: 526d78a53f550c1a8ef0056367807695314a85494dd3b6530fdc5849a8113544
    • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
    • Instruction Fuzzy Hash: 57E06D21A4D64380E914FBA6A41117DA5905F85BF4FC81731EA7E4A7C6FE6CE0548734
    APIs
    • HeapAlloc.KERNEL32(?,?,00000000,00007FF7DDF286BD,?,?,00000000,00007FF7DDF1FC79,?,?,?,?,00007FF7DDF259F1), ref: 00007FF7DDF295A5
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: AllocHeap
    • String ID:
    • API String ID: 4292702814-0
    • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
    • Instruction ID: b95dea25bd5558954d9537b10f7cba5dc4f2d9dea99b8461faa9eab99f1de355
    • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
    • Instruction Fuzzy Hash: A5F0F954B8E20741FE54766699622BD9AD55F98B80FC84432CD2EC7391FE6CE5848270
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
    • API String ID: 190572456-139387903
    • Opcode ID: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
    • Instruction ID: 5a1faf552da3e7aa6990a86334eee9a4fe181e99ca412e0da329a2e6f0a4ff4a
    • Opcode Fuzzy Hash: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
    • Instruction Fuzzy Hash: 2A3262A4A0EF1390FA55FB04A95417CA3E5AF49780BD55437C86E0A3A8FFBDB548C270
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
    • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
    • API String ID: 2446303242-1601438679
    • Opcode ID: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
    • Instruction ID: ca349538fc326480de8f5a400ceaa88bb3fac54c3a6b2019471448f66cd59b1b
    • Opcode Fuzzy Hash: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
    • Instruction Fuzzy Hash: 02A16A32208B8187E7189F61E45479EB371F788B94F90452ADB9D03B24DFBDE1A4CB50
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
    • Instruction ID: 64fec5f5b0fd3f594ebb1cda819a4db2b866d9fa691ea29dca5b425d3cf032cf
    • Opcode Fuzzy Hash: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
    • Instruction Fuzzy Hash: 0BB2D672E1C2828BE7649F65D4407FDBBA1FB44348FD45136DA2D9BA84FB38A904CB50
    APIs
    • GetLastError.KERNEL32(00000000,00007FF7DDF12690), ref: 00007FF7DDF16FC7
    • FormatMessageW.KERNEL32(00000000,00007FF7DDF12690), ref: 00007FF7DDF16FF6
    • WideCharToMultiByte.KERNEL32 ref: 00007FF7DDF1704C
      • Part of subcall function 00007FF7DDF12610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7DDF17233,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF12644
      • Part of subcall function 00007FF7DDF12610: MessageBoxW.USER32 ref: 00007FF7DDF1271C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ErrorLastMessage$ByteCharFormatMultiWide
    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
    • API String ID: 2920928814-2573406579
    • Opcode ID: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
    • Instruction ID: 681543b4515f39614d93a0174149023e004d555c24f52d52dc095792bb1b3d44
    • Opcode Fuzzy Hash: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
    • Instruction Fuzzy Hash: B7215071A1CA8391EB60BF15F84466EA3A5BF88384FC40136D5AD826A8FF7CE545C730
    APIs
    • GetTempPathW.KERNEL32(?,00000000,?,00007FF7DDF1629D), ref: 00007FF7DDF1636A
      • Part of subcall function 00007FF7DDF164E0: GetEnvironmentVariableW.KERNEL32(00007FF7DDF13589), ref: 00007FF7DDF1651A
      • Part of subcall function 00007FF7DDF164E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7DDF16537
      • Part of subcall function 00007FF7DDF21D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DDF21D65
    • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7DDF16421
      • Part of subcall function 00007FF7DDF12760: MessageBoxW.USER32 ref: 00007FF7DDF12831
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
    • API String ID: 3752271684-1116378104
    • Opcode ID: 2633e2f9f0d4dd96eeae635a19a113b42d19681f9234dfd4b9a2ea8617ccad62
    • Instruction ID: 6c44685569863438f01a6978ddd733a380d339617fd51ec377083ab97fdb6fdc
    • Opcode Fuzzy Hash: 2633e2f9f0d4dd96eeae635a19a113b42d19681f9234dfd4b9a2ea8617ccad62
    • Instruction Fuzzy Hash: 33516F11B0D69385FE54BB22A9652BED2515F89BC4FC40037EC6E8BBA6FD2CE5058730
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
    • API String ID: 0-2665694366
    • Opcode ID: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
    • Instruction ID: c114f094e88b6082f89e664ce035bc48fea8cd7af85f34330c03d93dee8d6ea9
    • Opcode Fuzzy Hash: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
    • Instruction Fuzzy Hash: 1D521672A186A697D7949F14D588A7E77ADFB84340FC1413AEA9983780EF3CD844CB60
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
    • Instruction ID: 79a168240560ac5cdf3e8bbfcac4bd2217c8cab5d4684d916d13d1636539076c
    • Opcode Fuzzy Hash: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
    • Instruction Fuzzy Hash: 49314F72609B819AEB60AF60E8403EDB364FB84744FC4403ADA5E47B94EF7CD548C720
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
    • String ID:
    • API String ID: 435049134-0
    • Opcode ID: 2ad49692c65a9643aff4bf0dd6164fb5e4ae0d0b7e62790cc916ec93dee904d3
    • Instruction ID: 16410e9b26465545b93a6fb6c601f14de66815071e50c23758096b26b3fe523d
    • Opcode Fuzzy Hash: 2ad49692c65a9643aff4bf0dd6164fb5e4ae0d0b7e62790cc916ec93dee904d3
    • Instruction Fuzzy Hash: 33B1AE22A1C64286E720FF22D8415BEA760EF84794FC54137EE6D87A96FF3CE4418760
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 70381fada3c5ae93ba7192b4a4a2bb5ed24ec96e14593e64572d2cabae56ca17
    • Instruction ID: d4b92443162f2167ebca606b830b74d8511e5fe06d82d7b3a5b175ae881db660
    • Opcode Fuzzy Hash: 70381fada3c5ae93ba7192b4a4a2bb5ed24ec96e14593e64572d2cabae56ca17
    • Instruction Fuzzy Hash: CFA1A072A1D68181EA20EB6698011BEABA1FB44BD4FD44537DE6D87BC4FF7CE4458320
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
    • Instruction ID: 9ee7c96eafe187c3585b9b04b8d20c38da6b04c47c1341e16a2c2fd5715ee151
    • Opcode Fuzzy Hash: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
    • Instruction Fuzzy Hash: F431843260CB8196DB60EF25E8402AEB7A0FB88758FD40136EAAD47B54EF7CD145CB10
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ErrorFileLastWrite$ConsoleOutput
    • String ID:
    • API String ID: 1443284424-0
    • Opcode ID: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
    • Instruction ID: 30dede0b38ceb05db06dd7dd20cac2fec4a9cecb5326acfc73deb7e158191775
    • Opcode Fuzzy Hash: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
    • Instruction Fuzzy Hash: 99E1F462B0C6819AE700DF64D0401ADBBB1FB45788FD44136EEAE97B99FE38D416C710
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
    • String ID:
    • API String ID: 428190724-0
    • Opcode ID: 76810fb177e4db148eeb30994ff645ccd78b16a1d3bce7f3da4ec91dfb23b20f
    • Instruction ID: d94b5f3e5da4da123864334b8aae9b605cc147f51782cc6bfa2388acd5268466
    • Opcode Fuzzy Hash: 76810fb177e4db148eeb30994ff645ccd78b16a1d3bce7f3da4ec91dfb23b20f
    • Instruction Fuzzy Hash: 02614C22A1C64286E720FF22D9815ADB760FB48784FC54137EA6D87A95FF3CE5418B60
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo
    • String ID: ?
    • API String ID: 1286766494-1684325040
    • Opcode ID: 0c884086102c4b45e394e5883d44db676d981fc4a610e566de8c3fbbb4b0ead5
    • Instruction ID: 7b4002b46d6b49499c48393ccdf509c4045fa1fedc6a1e0c1742013afc5bd847
    • Opcode Fuzzy Hash: 0c884086102c4b45e394e5883d44db676d981fc4a610e566de8c3fbbb4b0ead5
    • Instruction Fuzzy Hash: 2E91D326E1C25285EB20BF26D44027EAA61EF81BD4FD54133EEAC87AD5FE7CD4418750
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID: $header crc mismatch$unknown compression method$unknown header flags set
    • API String ID: 0-4074041902
    • Opcode ID: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
    • Instruction ID: 6c4593d9f6f3428dbf119c9099bed771049782c8eb74c47918372b4c60fc52bf
    • Opcode Fuzzy Hash: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
    • Instruction Fuzzy Hash: 32F1A47261C3C996E795AF05C088A3EBBA9FF54740FC5453ADAAD07390EB38E944C760
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
    • Instruction ID: eb13faf2dac4b50f465daa9dfc984ddd84d8e94356f6dcfb63461fcccc74b70b
    • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
    • Instruction Fuzzy Hash: E0C1F572B1C28687E724DF99E044A6EBB91F794784FD48136DB5A83784FA3CE941CB40
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
    • API String ID: 0-3255898291
    • Opcode ID: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
    • Instruction ID: ce8e7c2d4b3e8401f2337e52e24d651abcc86f311317f10c3369392aa0757db6
    • Opcode Fuzzy Hash: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
    • Instruction Fuzzy Hash: 49D15B33A0C5D14BD7699F39D40427CBBE1E795750F848136EAAA437C1EA3CDA4AC720
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID: incorrect header check$invalid window size$unknown compression method
    • API String ID: 0-1186847913
    • Opcode ID: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
    • Instruction ID: 32c9cdf7a8a6d86d987b97e3e0220070094ef9c1dad7103927e6e6978635f5d3
    • Opcode Fuzzy Hash: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
    • Instruction Fuzzy Hash: FF91D672A1C2C687E7A4AF15D488B3E76A9FF54340FD1413ADA6D46780EB38E944CB60
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID: $ $invalid block type
    • API String ID: 0-2056396358
    • Opcode ID: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
    • Instruction ID: fd083caae1a1fdd977a67db562325f1b090d0c108e046c473bcb65570df5e2f8
    • Opcode Fuzzy Hash: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
    • Instruction Fuzzy Hash: 9461C77390C78A9BE760AF15D98C63EBAACFB40350FD1453AD66882390EF39D544CB60
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: gfffffff
    • API String ID: 3215553584-1523873471
    • Opcode ID: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
    • Instruction ID: 31284a5690ec330e8eeb92d881051f7e32df5009b73cde64d85c1303631924ba
    • Opcode Fuzzy Hash: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
    • Instruction Fuzzy Hash: 9F912562B0D3C686EB11DB2994003ADAF90EB51BC4F858433CE5D9B785FE3DE5018721
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DDF29236
      • Part of subcall function 00007FF7DDF25984: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7DDF25961), ref: 00007FF7DDF2598D
      • Part of subcall function 00007FF7DDF25984: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7DDF25961), ref: 00007FF7DDF259B2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
    • String ID: -
    • API String ID: 4036615347-2547889144
    • Opcode ID: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
    • Instruction ID: ae5cecfc824481caa043765b8260a463d2befa2944d77b0810f6346eb8adb3fd
    • Opcode Fuzzy Hash: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
    • Instruction Fuzzy Hash: 0891F472A0C78586E660EB15954076EFBA1FB89BD4FC44236DAAD83BD8FB3CD5408710
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
    • Instruction ID: 10eaf039fcb16e109df9eea3109c84830ddf796b05b3d08a4c6c594f209dc3bd
    • Opcode Fuzzy Hash: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
    • Instruction Fuzzy Hash: B3B15C73608B888BEB15CF29C48636C77E0F744B88F968922DA6D877B4DB79D451C710
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3327727410ba43267f1818fc1ca42ebba00638f48a1b01f7df25d5506b79be8b
    • Instruction ID: 6e065a92672b3d8225f0f75f542fd28060ce0d7c31c256f5c50f02684fe3c305
    • Opcode Fuzzy Hash: 3327727410ba43267f1818fc1ca42ebba00638f48a1b01f7df25d5506b79be8b
    • Instruction Fuzzy Hash: 9C029E21A1E74745FA65BB21A50127DAAA0AF01BA4FC84637DE7D873D9FE3CB5018330
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo
    • String ID:
    • API String ID: 474895018-0
    • Opcode ID: 243d5d21dcd28f2a06ead8b026a9aab18a2fb0d1a5646949e8ba3d48c892d882
    • Instruction ID: 3a8d8ce8433e36bba0541984210fc090828e4b36e745b83bb1c94134571e3266
    • Opcode Fuzzy Hash: 243d5d21dcd28f2a06ead8b026a9aab18a2fb0d1a5646949e8ba3d48c892d882
    • Instruction Fuzzy Hash: 9B710722E4C2824AFB246E69945077DE681EF403A4FD60637DA7D877D1FEBDE8408720
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
    • Instruction ID: 91c1f6cf026f2343302aff7b6d89acbd49f29e45a57f242a0d1d381c79f588ff
    • Opcode Fuzzy Hash: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
    • Instruction Fuzzy Hash: 8B71D425A1C24382FBA8BA6980007BDA291EF40758FC45037DDAE17699EF3DE847C775
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: TMP
    • API String ID: 3215553584-3125297090
    • Opcode ID: 3772542ea4a4b3d8e13b1332826cfc2d2f2f0438b04aa7ee1bd917f2c6869f8a
    • Instruction ID: 4f3f6b73d58fb6c3591afb26dac907f09f989187540e2bbaa84d1b07457531c1
    • Opcode Fuzzy Hash: 3772542ea4a4b3d8e13b1332826cfc2d2f2f0438b04aa7ee1bd917f2c6869f8a
    • Instruction Fuzzy Hash: 4961C615B0D65241FA68BB2299119BEEA91AF44BD8FC84037DD2DC7BD5FE3CF4528220
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
    • Instruction ID: dd0ac6d57dd6035ea97c6c9cc912f6df726826fd5ce7276251873ca01afa60be
    • Opcode Fuzzy Hash: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
    • Instruction Fuzzy Hash: 4D612711F2C24346FA686AA960003BEE7929F81748FD41137DCBD172D9EE2DE8478B31
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
    • Instruction ID: a539a9354197e480d22a005d2dd8ec1edf75231d543ac8b7c42cdd4b461650dd
    • Opcode Fuzzy Hash: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
    • Instruction Fuzzy Hash: 29B09220E1FA02D2EA083B11AC8221862A57F88700FC9007AC85C40320EF6C21A59B21
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
    • Instruction ID: 0f87f06cc59328b468e737ec27fe531745feed2f4d1c37a9d2613092a9cf1140
    • Opcode Fuzzy Hash: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
    • Instruction Fuzzy Hash: A471A1B27341749BEB648B2EA514AB93390F36A349FC56115EB8447B81CE3EB921CB50
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
    • Instruction ID: 1eecb799a2a7b52ed01c1d387467b74a1ff6bb1228226516e0992df1ffb02214
    • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
    • Instruction Fuzzy Hash: 8341D653C8E78F04ED95A91815107FDAE80EF12BA1DD893B2DDB9933C7FD0C25868520
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 1d994b37b1cf4f1169b7266f25e6acd6a53ff83a833236cbbcbb6c3045857a73
    • Instruction ID: a46d1317675cc2c602af346e2a14d4c2c63c6e4e3b41952819a7528858fd95bb
    • Opcode Fuzzy Hash: 1d994b37b1cf4f1169b7266f25e6acd6a53ff83a833236cbbcbb6c3045857a73
    • Instruction Fuzzy Hash: 07410322719A5482EF04DF2AE9145ADB7A5B749FE4B899033DE5D87B58EF3CD0418340
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
    • Instruction ID: b01fe34aa81c09c87ac1128af5907cf71780952d2521dd822a8fac44ae0f3963
    • Opcode Fuzzy Hash: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
    • Instruction Fuzzy Hash: EEF06871B1C2958AEB94DF29E80262D77D0F708390FD0803AD9DD83B14D63C91518F14
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
    • Instruction ID: 42c96060d93a03887d1bca49397e6c09f8b1839c3982c516c51ccd4d0f57e634
    • Opcode Fuzzy Hash: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
    • Instruction Fuzzy Hash: A9A0016190C902E0E604AB00A95006CA220AB91300BD60032C12D411A4AE7EB5008320
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: AddressProc$LibraryLoad
    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
    • API String ID: 2238633743-1453502826
    • Opcode ID: f96951eaef3e1a62858032ea02cb2edabc398db729e2fb31a297987f2eff23a8
    • Instruction ID: bc5afa0a61496e981023eaf699112088ff895bf160179b3589de7aae33a96f24
    • Opcode Fuzzy Hash: f96951eaef3e1a62858032ea02cb2edabc398db729e2fb31a297987f2eff23a8
    • Instruction Fuzzy Hash: ACE1A1A4A4DB0391EA59EB18E89017CA2B5BF45740BD95037C86E0A3A4FFBCF558D270
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID:
    • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
    • API String ID: 0-666925554
    • Opcode ID: 6c41c365be8cfabf673c4a31a4534a87377e14776b52482b9a643b9dab18ecd8
    • Instruction ID: 4e3e5e289c069edb7a434233aac8c77af850e1089bd480e01b9ed6132dc3f42f
    • Opcode Fuzzy Hash: 6c41c365be8cfabf673c4a31a4534a87377e14776b52482b9a643b9dab18ecd8
    • Instruction Fuzzy Hash: 1A517861A0CA4281EA10FB25E4506BDE3A1AF86B98FC54533DE2D47796FE7DE6448330
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
    • String ID: D:(A;;FA;;;%s)$S-1-3-4
    • API String ID: 4998090-2855260032
    • Opcode ID: 9b298aaea292c1306737245ebaf89eee88d932f02e0e3e31ec4600088d9fae39
    • Instruction ID: b1850b9d845a4b7b1ef33432768e61f6936bd42507e94a99f2e2d4c074ff4057
    • Opcode Fuzzy Hash: 9b298aaea292c1306737245ebaf89eee88d932f02e0e3e31ec4600088d9fae39
    • Instruction Fuzzy Hash: 8041843261C68382E750AF51E4546AEB361FF84754FC40232EAAD476D9EF7CE548C760
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
    • String ID: P%
    • API String ID: 2147705588-2959514604
    • Opcode ID: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
    • Instruction ID: 2938a4356892442f5527c4814ffba5eb541b6bf1725a32880f741c42024670a8
    • Opcode Fuzzy Hash: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
    • Instruction Fuzzy Hash: 3151EA225187A186D6389F26B0181BEF7A1FB98B61F804126EFDE43744EF7CD085DB20
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Message
    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
    • API String ID: 2030045667-3659356012
    • Opcode ID: 893327c25544294db0ce57e4e76bbee404f2b937f3b806eda0ecf8d55bcdde89
    • Instruction ID: 5df36721c4bccc45d5c0cf781054db020b00f46b98aa42f4c099322cf34b34d7
    • Opcode Fuzzy Hash: 893327c25544294db0ce57e4e76bbee404f2b937f3b806eda0ecf8d55bcdde89
    • Instruction Fuzzy Hash: 81417A22A0CA5282EA24FB15E8406AEE3A1FB45B94FC44433DE6D07B55FE7CE581C730
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Message
    • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
    • API String ID: 2030045667-1060636955
    • Opcode ID: a83e5eb93ccfa6d0927fc27f652f3a0c4e2fd39bdd86852540d8cc23d0df4bb2
    • Instruction ID: 97bc2331d6d3929b1bb11d1f2a9ac7ec160fa9d15dfd2cea26a249751bde0244
    • Opcode Fuzzy Hash: a83e5eb93ccfa6d0927fc27f652f3a0c4e2fd39bdd86852540d8cc23d0df4bb2
    • Instruction Fuzzy Hash: 69519D22A0D68285EA60BB51E8403BEE291BB85798FC44137EE6D87795FF3CE545C730
    APIs
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF1718F
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF171DF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ByteCharMultiWide
    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
    • API String ID: 626452242-27947307
    • Opcode ID: 3b661c5e2e4b14a94d3802b2374cba9a1ba559b57611e88a2a5647d6c947ac9c
    • Instruction ID: 30245b1e33e1a29a5d1b35b13d78a4e548993efcbaf99a18c0acea051d23f076
    • Opcode Fuzzy Hash: 3b661c5e2e4b14a94d3802b2374cba9a1ba559b57611e88a2a5647d6c947ac9c
    • Instruction Fuzzy Hash: 5341803260CB8281D620AF15A44016EE7A4FB94794FD44136EEED47BA4EF7CD0568B20
    APIs
      • Part of subcall function 00007FF7DDF17490: MultiByteToWideChar.KERNEL32 ref: 00007FF7DDF174CA
      • Part of subcall function 00007FF7DDF229DC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7DDF24CC0), ref: 00007FF7DDF22A49
      • Part of subcall function 00007FF7DDF229DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7DDF24CC0), ref: 00007FF7DDF22A64
    • GetStartupInfoW.KERNEL32 ref: 00007FF7DDF16B47
      • Part of subcall function 00007FF7DDF24C20: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DDF24C34
      • Part of subcall function 00007FF7DDF22590: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DDF225F7
    • GetCommandLineW.KERNEL32 ref: 00007FF7DDF16BCF
    • CreateProcessW.KERNEL32 ref: 00007FF7DDF16C11
    • WaitForSingleObject.KERNEL32 ref: 00007FF7DDF16C25
    • GetExitCodeProcess.KERNEL32 ref: 00007FF7DDF16C35
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
    • String ID: CreateProcessW$Error creating child process!
    • API String ID: 1742298069-3524285272
    • Opcode ID: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
    • Instruction ID: 6f451144c9c03a1d9dc1a0108c77f4b7f66b2b893fabd62d75bc7cd73f3da734
    • Opcode Fuzzy Hash: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
    • Instruction Fuzzy Hash: DC414F32A0C68286D620FB64E4552AEF3A0FF94354FC0453AE6AD43B99FF7CE0558B50
    APIs
    • WideCharToMultiByte.KERNEL32(?,00007FF7DDF1353B), ref: 00007FF7DDF175E1
      • Part of subcall function 00007FF7DDF12610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7DDF17233,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF12644
      • Part of subcall function 00007FF7DDF12610: MessageBoxW.USER32 ref: 00007FF7DDF1271C
    • WideCharToMultiByte.KERNEL32(?,00007FF7DDF1353B), ref: 00007FF7DDF17655
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLastMessage
    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
    • API String ID: 3723044601-27947307
    • Opcode ID: 876e027a4cacc52fbedee53ab5b0883d55d26bfb3ce5297f7f74826ea4c11575
    • Instruction ID: 2f4d6e6a59b492d03fc4a5a7767da5d960783ff11161deb2d20ba14b58c0b349
    • Opcode Fuzzy Hash: 876e027a4cacc52fbedee53ab5b0883d55d26bfb3ce5297f7f74826ea4c11575
    • Instruction Fuzzy Hash: E0218921B0CB4695EA10AF2AA85006DB3A1BB94BD0FD44537CAAD437A4FFBCE445C320
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ByteCharMultiWide
    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
    • API String ID: 626452242-876015163
    • Opcode ID: d8946689e90d7941f31e770f6102f5168e1351d9c486639fa26d30acca252d06
    • Instruction ID: 25566c230b1119e215a00f48fa40bb02176c2c06ad61acb03443a8ac7e255836
    • Opcode Fuzzy Hash: d8946689e90d7941f31e770f6102f5168e1351d9c486639fa26d30acca252d06
    • Instruction Fuzzy Hash: E8418F32A0DA4282E610EF19B84017EB6A5FB94790FD50236DEAD47BA4FF7CE055C720
    APIs
      • Part of subcall function 00007FF7DDF17490: MultiByteToWideChar.KERNEL32 ref: 00007FF7DDF174CA
    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7DDF1631F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7DDF1602F
      • Part of subcall function 00007FF7DDF12760: MessageBoxW.USER32 ref: 00007FF7DDF12831
    Strings
    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7DDF1608A
    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7DDF16043
    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7DDF16006
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
    • API String ID: 1662231829-3498232454
    • Opcode ID: 94fa70ff3f4798ae99b7ccfec72e661d9022b619c83774a3babdcd63ded96e46
    • Instruction ID: 435a620ee54165fa11858c1743c4ea252dd8db483cf2e3bc465c641690db6045
    • Opcode Fuzzy Hash: 94fa70ff3f4798ae99b7ccfec72e661d9022b619c83774a3babdcd63ded96e46
    • Instruction Fuzzy Hash: 94318351B1DA8380FA64B725E9553BEE251AF997C4FC84037DA6E42796FE2CE1048730
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7DDF1C6D2,?,?,?,00007FF7DDF1C3CC,?,?,?,?,00007FF7DDF1C0ED), ref: 00007FF7DDF1C4A5
    • GetLastError.KERNEL32(?,?,?,00007FF7DDF1C6D2,?,?,?,00007FF7DDF1C3CC,?,?,?,?,00007FF7DDF1C0ED), ref: 00007FF7DDF1C4B3
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7DDF1C6D2,?,?,?,00007FF7DDF1C3CC,?,?,?,?,00007FF7DDF1C0ED), ref: 00007FF7DDF1C4DD
    • FreeLibrary.KERNEL32(?,?,?,00007FF7DDF1C6D2,?,?,?,00007FF7DDF1C3CC,?,?,?,?,00007FF7DDF1C0ED), ref: 00007FF7DDF1C523
    • GetProcAddress.KERNEL32(?,?,?,00007FF7DDF1C6D2,?,?,?,00007FF7DDF1C3CC,?,?,?,?,00007FF7DDF1C0ED), ref: 00007FF7DDF1C52F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
    • Instruction ID: 9df7200d2cb16ff7890860040edd5c8d89ddc8a5369c2263a0ef741c0e608050
    • Opcode Fuzzy Hash: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
    • Instruction Fuzzy Hash: E231AB61A1EA4291EE21BB06A80057DE395FF49BA4FDA0536ED3D4B384FE3CE4418330
    APIs
    • MultiByteToWideChar.KERNEL32 ref: 00007FF7DDF174CA
      • Part of subcall function 00007FF7DDF12610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7DDF17233,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF12644
      • Part of subcall function 00007FF7DDF12610: MessageBoxW.USER32 ref: 00007FF7DDF1271C
    • MultiByteToWideChar.KERNEL32 ref: 00007FF7DDF17550
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLastMessage
    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
    • API String ID: 3723044601-876015163
    • Opcode ID: c4110b2de02f7a5ffa56849697405ab86ad6fb27bfc0c3d14c80fc45a7395de6
    • Instruction ID: 2e618abede470c1160a61eb52283d77223c732bd207949a651fd4b28b8c39736
    • Opcode Fuzzy Hash: c4110b2de02f7a5ffa56849697405ab86ad6fb27bfc0c3d14c80fc45a7395de6
    • Instruction Fuzzy Hash: DD216521B0CA4291EB50EB19F44016EE3A1FB947C4FD84532DBAC43BA9FE7CE5468710
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
    • Instruction ID: abed82b9259262e5fddd24c9c7ea18feb8f3155ad90b7c040bb8be8819fd76cf
    • Opcode Fuzzy Hash: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
    • Instruction Fuzzy Hash: C3118131A1CB4186E350AB52F85472DA2A0FB88BE4FC50235EA6D87794EFBCE8448750
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
    • String ID: Unhandled exception in script
    • API String ID: 3081866767-2699770090
    • Opcode ID: 2617642130cb3c2885c8050bcfcfe7c95971074e5b05e943a74e7e47920840ec
    • Instruction ID: 88c5f1c41976d8e41d1f7487c65d7122e1cef17d1e9145e7ca93994c109f0d55
    • Opcode Fuzzy Hash: 2617642130cb3c2885c8050bcfcfe7c95971074e5b05e943a74e7e47920840ec
    • Instruction Fuzzy Hash: F6313F72A0DA8285EB24EB61E8551FDA360FF88794FC40136EA5E4BB59EF3CD145C720
    APIs
    • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7DDF17233,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF12644
      • Part of subcall function 00007FF7DDF16FA0: GetLastError.KERNEL32(00000000,00007FF7DDF12690), ref: 00007FF7DDF16FC7
      • Part of subcall function 00007FF7DDF16FA0: FormatMessageW.KERNEL32(00000000,00007FF7DDF12690), ref: 00007FF7DDF16FF6
      • Part of subcall function 00007FF7DDF17490: MultiByteToWideChar.KERNEL32 ref: 00007FF7DDF174CA
    • MessageBoxW.USER32 ref: 00007FF7DDF1271C
    • MessageBoxA.USER32 ref: 00007FF7DDF12738
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Message$ErrorLast$ByteCharFormatMultiWide
    • String ID: %s%s: %s$Fatal error detected
    • API String ID: 2806210788-2410924014
    • Opcode ID: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
    • Instruction ID: 218cdf2052497cc16d5c7fa349884f9744e6b3b79a35d36cde9781b2815e9f1a
    • Opcode Fuzzy Hash: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
    • Instruction Fuzzy Hash: 7F31237262C68291EA30AB10F4517EEA364FB94788FC44037E69D07A99EF7CD245CB60
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
    • Instruction ID: d009d97e6740d08fce67d2d9cb8f46027336f0a4f7614effe228363c32af70d7
    • Opcode Fuzzy Hash: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
    • Instruction Fuzzy Hash: E6F05461B1D64281EB48AF10E89437CA765EF84B41FC51437D96F86264FFBCE588C320
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DDF2778A
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF27707,?,?,?,00007FF7DDF2136B), ref: 00007FF7DDF27848
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF27707,?,?,?,00007FF7DDF2136B), ref: 00007FF7DDF278D2
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2210144848-0
    • Opcode ID: abf261f407780d73d122f22d6a8d00088c8cb71f7aeeba393a2ce32a2c31ccc9
    • Instruction ID: 08d20f368288646b940525ad931f8b2c6e4a30e747629f122368f3f62d644bce
    • Opcode Fuzzy Hash: abf261f407780d73d122f22d6a8d00088c8cb71f7aeeba393a2ce32a2c31ccc9
    • Instruction Fuzzy Hash: 3781AF22E1C65285F710BB6598402BDAAA0FF44B98FD44133DEAE97691FF3CA845C730
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
    • Instruction ID: ba812ee5e5c35f46e5d46467f3502f31d4f7eb501e388d65077052ad793d17fd
    • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
    • Instruction Fuzzy Hash: 3A119423E1CA4343F658B1A8E45237DD0D06F54374FDA8636EB7E062F6AE9CA8844331
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
    • Instruction ID: 5f3b4ee774e0f44a74ae3b781e409e9c2b36b4714a8f6a6cbd1bd242143a71e1
    • Opcode Fuzzy Hash: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
    • Instruction Fuzzy Hash: D981A373E0C202A5F775BE258A1027CBEA1AF11B48FD58037CA2DD7294FB2DE841D621
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Message$ByteCharMultiWide
    • String ID: %s%s: %s$Fatal error detected
    • API String ID: 1878133881-2410924014
    • Opcode ID: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
    • Instruction ID: 0af93ec3949f997c47224033f5f0dc350dc535f89f6aa4eff45f60891617c5be
    • Opcode Fuzzy Hash: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
    • Instruction Fuzzy Hash: 2131327262C68291E620B710E4517EEA364FF94788FC44037EA9D47A99EF3CD349CB60
    APIs
    • GetModuleFileNameW.KERNEL32(?,00007FF7DDF1353B), ref: 00007FF7DDF13A71
      • Part of subcall function 00007FF7DDF12610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7DDF17233,?,?,?,?,?,?,?,?,?,?,?,00007FF7DDF1101D), ref: 00007FF7DDF12644
      • Part of subcall function 00007FF7DDF12610: MessageBoxW.USER32 ref: 00007FF7DDF1271C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ErrorFileLastMessageModuleName
    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
    • API String ID: 2581892565-1977442011
    • Opcode ID: 92334261f092cf2d1155b54ab5fcfe7084b86c2a9d62fcc169c45073f1b6a509
    • Instruction ID: 54e64801ae2a0db18e52eda835cb8b269d2a99a4308599f48f09452a2c2430fb
    • Opcode Fuzzy Hash: 92334261f092cf2d1155b54ab5fcfe7084b86c2a9d62fcc169c45073f1b6a509
    • Instruction Fuzzy Hash: D2018411B1DA4281FA60B720E8553BDA391BF88780FC40433D86D8A39AFE5CF1498730
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _get_daylight$_isindst
    • String ID:
    • API String ID: 4170891091-0
    • Opcode ID: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
    • Instruction ID: 7a4637d2e25e4c532300ac1e11da28b11cb6d3847ff231e7eb8c277074a9d2d5
    • Opcode Fuzzy Hash: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
    • Instruction Fuzzy Hash: 19513C73F0C1129AFB38EB6898415BCBB61AB04358FD40137DE2D96AD5FB3DA9458710
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$_get_daylight
    • String ID:
    • API String ID: 72036449-0
    • Opcode ID: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
    • Instruction ID: 14c8d25c52d00d4f188454b164078a1aa620e3a3acf2f647bc62cd7b315a7abe
    • Opcode Fuzzy Hash: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
    • Instruction Fuzzy Hash: 4751A132E8C20386F7697E28941537EE690DB41754FDA8437EA2D462D5EEACF8808761
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
    • String ID:
    • API String ID: 2780335769-0
    • Opcode ID: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
    • Instruction ID: f0a07767b702adcc795aa788d57c1d1e494cb845efe53a4849905d081c9135bc
    • Opcode Fuzzy Hash: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
    • Instruction Fuzzy Hash: B4518E23A086418AFB14EFB0D8513BDABA1EB44B58FD44136DE1D9B799FF38D4858360
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: LongWindow$DialogInvalidateRect
    • String ID:
    • API String ID: 1956198572-0
    • Opcode ID: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
    • Instruction ID: b52def1ecf736bf550e07cd8dc95127b7bd5222530722d38e177c9e8152bca2b
    • Opcode Fuzzy Hash: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
    • Instruction Fuzzy Hash: 13110C21E0C18642FB54B76AF5443BD9252EFC4BC0FC84432E96907B8DEE7DE4C58220
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-3916222277
    • Opcode ID: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
    • Instruction ID: 63acf05f5a3d0b2fdab2bfc9821d54514f68c5b0f0672477854ab369a57072db
    • Opcode Fuzzy Hash: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
    • Instruction Fuzzy Hash: AF518132D0C30286E768AF28884437CB7B5FB25B4AFD41137CA2A46295EF2DE585C730
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: e+000$gfff
    • API String ID: 3215553584-3030954782
    • Opcode ID: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
    • Instruction ID: 1c98a558dabaf568b0572580e3f9b642354048419b2da629ab54a2c24a4939ee
    • Opcode Fuzzy Hash: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
    • Instruction Fuzzy Hash: A5510A62B1C7C186E7659B25984036DEE91EB51B90FC89632C6AC87BD6EE2CD444C710
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: mbstowcs
    • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
    • API String ID: 103190477-3625900369
    • Opcode ID: 44298b2597042ed1f4765d06e6ba261b942b1130dda733e6c1315838163e3a23
    • Instruction ID: 8c5e058c410d3243189312a52e9dac8af3793916d43ea7fdd9ceeea4ee4b9710
    • Opcode Fuzzy Hash: 44298b2597042ed1f4765d06e6ba261b942b1130dda733e6c1315838163e3a23
    • Instruction Fuzzy Hash: 9851BE22A0C60245FB14BB25E4553BEA6A5EF84B94FC04137DA6D473DAFE7CE84183B0
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\diCTAJuHTs.exe
    • API String ID: 13503096-2059439171
    • Opcode ID: 42781f58a5dd844ab671a5851bd5fe7d0f4f51e497937ca85619c6fe76df429d
    • Instruction ID: dcf6a938023ff3a2571f4c05d96adb84314ae04c180d55c194ed89c7137918d0
    • Opcode Fuzzy Hash: 42781f58a5dd844ab671a5851bd5fe7d0f4f51e497937ca85619c6fe76df429d
    • Instruction Fuzzy Hash: EE416F76A0D71286E714FF21A4410BCBAA4EB44798BD4403BE96E8BB95FE3DE5418720
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
    • Instruction ID: e3b58768d85438ec954aa91a313393bb03d6ef191ddefdae6d36ad0e4aa38e90
    • Opcode Fuzzy Hash: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
    • Instruction Fuzzy Hash: C241B162A1CA4182DB20AF25E4453AEBBA0FB88794FC54032EE9D87788FF3CD441C750
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: CurrentDirectory
    • String ID: :
    • API String ID: 1611563598-336475711
    • Opcode ID: c4a2b5a5518626f88fa0b707d726c254c873bc95232582f93e82de54877482e1
    • Instruction ID: dfdefd0c5bb6611df7ba0151c86e282c8b8ca0cddc55648b2df79b0b41a6ac0e
    • Opcode Fuzzy Hash: c4a2b5a5518626f88fa0b707d726c254c873bc95232582f93e82de54877482e1
    • Instruction Fuzzy Hash: 8021B472A0CA4281FB20AB15D44426DB7B1FB88B54FC54036DAAD87684FF7CEA458771
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Message$ByteCharMultiWide
    • String ID: Error detected
    • API String ID: 1878133881-3513342764
    • Opcode ID: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
    • Instruction ID: 2f47e17f16ed5f048048bbb1688cb296a60e95b08b4b98da9607ab3eae89f76d
    • Opcode Fuzzy Hash: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
    • Instruction Fuzzy Hash: 0121887262C68281EB30AB10F4517EEA354FB98788FC04137EA9D47A99EF3CD205C760
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: CompareStringtry_get_function
    • String ID: CompareStringEx
    • API String ID: 3328479835-2590796910
    • Opcode ID: b38ec196671d9afb90d7824daebd837d8761de2e7fc61caa139df7cd0b58523b
    • Instruction ID: d32772156a238f5a9cf17ec6ee1a2b6e981ce51b61d1949f3a1d0d17df296385
    • Opcode Fuzzy Hash: b38ec196671d9afb90d7824daebd837d8761de2e7fc61caa139df7cd0b58523b
    • Instruction Fuzzy Hash: 0F113E32A0CB8186D764DB15F4402AAB7A1FBC9BD0F944136EE9D83B19EF7CD5908B40
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Stringtry_get_function
    • String ID: LCMapStringEx
    • API String ID: 2588686239-3893581201
    • Opcode ID: f6cc7dc4c18284a5f607d832a4838958271fd3e644fb08c6973070f79d4d0757
    • Instruction ID: da22a56522ffc0e8a6c87c2d777cdcb3e2c00aefd9e8fb87d34318e61d0b6ff6
    • Opcode Fuzzy Hash: f6cc7dc4c18284a5f607d832a4838958271fd3e644fb08c6973070f79d4d0757
    • Instruction Fuzzy Hash: 03113E32A0CB8186D760DB15B4402AAF7A1FBC9B90F944136EE9D83B19EF7CD5808B40
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: :
    • API String ID: 3215553584-336475711
    • Opcode ID: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
    • Instruction ID: 57f427410a80a7a5b842e72b8d9e6f1135fa56572f6b62eb37b70c98506f0082
    • Opcode Fuzzy Hash: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
    • Instruction Fuzzy Hash: FF01AD6390C20286F730BB60A4512BEB7A0EF48754FC04037D96D86695FF3CE5098A34
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF7DDF29A65
    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF7DDF25D0E,?,?,?,00007FF7DDF25C06,?,?,?,00007FF7DDF20C32,?,?,00000000,00007FF7DDF13BA9), ref: 00007FF7DDF29A7F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: CountCriticalInitializeSectionSpintry_get_function
    • String ID: InitializeCriticalSectionEx
    • API String ID: 539475747-3084827643
    • Opcode ID: fc613323f04bb19a95fccbb7a97f89168904b09938c4ff9a868c3f34c5850709
    • Instruction ID: b6e40be56f6c4ef84f7b194ac3aad211e44384d488370f4dc72464d352c9775a
    • Opcode Fuzzy Hash: fc613323f04bb19a95fccbb7a97f89168904b09938c4ff9a868c3f34c5850709
    • Instruction Fuzzy Hash: 46F05E22B1D74282E614AB41F4400ADA662EF88B90FC95437EE6D07B54EEBCE9958760
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF7DDF29A09
    • TlsSetValue.KERNEL32(?,?,00000000,00007FF7DDF286AA,?,?,00000000,00007FF7DDF1FC79,?,?,?,?,00007FF7DDF259F1), ref: 00007FF7DDF29A20
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2086673379.00007FF7DDF11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DDF10000, based on PE: true
    • Associated: 00000000.00000002.2086661250.00007FF7DDF10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086694381.00007FF7DDF35000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF47000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086712402.00007FF7DDF56000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2086743695.00007FF7DDF58000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7ddf10000_diCTAJuHTs.jbxd
    Similarity
    • API ID: Valuetry_get_function
    • String ID: FlsSetValue
    • API String ID: 738293619-3750699315
    • Opcode ID: bd8a3b7dfe699e95648d1a6f597fab97cbf9c501d19f7925580fd405873d9e1a
    • Instruction ID: 8035b988ea93d5735858fcdc32786644fe310aa02ac6f6fa248fd4cbbab2b071
    • Opcode Fuzzy Hash: bd8a3b7dfe699e95648d1a6f597fab97cbf9c501d19f7925580fd405873d9e1a
    • Instruction Fuzzy Hash: D4E06D62E1D60382EA086B55F8000BCA222EF88780FCA4033D93D4B354FEBCE8D4C720