Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
G6xnfES308.exe

Overview

General Information

Sample name:G6xnfES308.exe
renamed because original name is a hash value
Original sample name:727e4f3a96a22e109e3345e0c54cafcc.exe
Analysis ID:1580890
MD5:727e4f3a96a22e109e3345e0c54cafcc
SHA1:48fd9b372b4c46eb8d4355d409a8cb2fbad75316
SHA256:94edbfc9e6d4274c871d96e4d215d0ccaa30890e00b2151c72578c3da53af1a2
Tags:exeuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • G6xnfES308.exe (PID: 4896 cmdline: "C:\Users\user\Desktop\G6xnfES308.exe" MD5: 727E4F3A96A22E109E3345E0C54CAFCC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: G6xnfES308.exeVirustotal: Detection: 54%Perma Link
Source: G6xnfES308.exeReversingLabs: Detection: 39%
Source: G6xnfES308.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057F4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF787057F4C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057F4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF787057F4C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787061FE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF787061FE4
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787048B00 FindFirstFileExW,FindClose,0_2_00007FF787048B00
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870673BC0_2_00007FF7870673BC
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870560300_2_00007FF787056030
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78706481C0_2_00007FF78706481C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870610380_2_00007FF787061038
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057F4C0_2_00007FF787057F4C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870490D00_2_00007FF7870490D0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78706A0F80_2_00007FF78706A0F8
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057F4C0_2_00007FF787057F4C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787041F500_2_00007FF787041F50
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787051F940_2_00007FF787051F94
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870587D00_2_00007FF7870587D0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787061FE40_2_00007FF787061FE4
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870537E00_2_00007FF7870537E0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787052E500_2_00007FF787052E50
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787066E700_2_00007FF787066E70
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870666EC0_2_00007FF7870666EC
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78705A5300_2_00007FF78705A530
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787051D900_2_00007FF787051D90
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78705E5B00_2_00007FF78705E5B0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057D980_2_00007FF787057D98
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78705EC300_2_00007FF78705EC30
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870664700_2_00007FF787066470
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870610380_2_00007FF787061038
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787051B840_2_00007FF787051B84
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870643800_2_00007FF787064380
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870523A40_2_00007FF7870523A4
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787053BE40_2_00007FF787053BE4
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78705E11C0_2_00007FF78705E11C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870479600_2_00007FF787047960
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870519800_2_00007FF787051980
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870521A00_2_00007FF7870521A0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: String function: 00007FF787042B30 appears 47 times
Source: classification engineClassification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787048570 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF787048570
Source: G6xnfES308.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\G6xnfES308.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: G6xnfES308.exeVirustotal: Detection: 54%
Source: G6xnfES308.exeReversingLabs: Detection: 39%
Source: C:\Users\user\Desktop\G6xnfES308.exeFile read: C:\Users\user\Desktop\G6xnfES308.exeJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\G6xnfES308.exeSection loaded: wintypes.dllJump to behavior
Source: G6xnfES308.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: G6xnfES308.exeStatic file information: File size 14186081 > 1048576
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: G6xnfES308.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: G6xnfES308.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: G6xnfES308.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: G6xnfES308.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: G6xnfES308.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: G6xnfES308.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: G6xnfES308.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: G6xnfES308.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78708506C push rcx; iretd 0_2_00007FF78708506D
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787046F00 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF787046F00
Source: C:\Users\user\Desktop\G6xnfES308.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16760
Source: C:\Users\user\Desktop\G6xnfES308.exeAPI coverage: 5.8 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057F4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF787057F4C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787057F4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF787057F4C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787061FE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF787061FE4
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787048B00 FindFirstFileExW,FindClose,0_2_00007FF787048B00
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78704C67C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78704C67C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787063BF0 GetProcessHeap,0_2_00007FF787063BF0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78704C860 SetUnhandledExceptionFilter,0_2_00007FF78704C860
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78704C67C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78704C67C
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78704BDE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF78704BDE0
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78705ACD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78705ACD8
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF787069F40 cpuid 0_2_00007FF787069F40
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF78704C560 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF78704C560
Source: C:\Users\user\Desktop\G6xnfES308.exeCode function: 0_2_00007FF7870666EC _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7870666EC

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
G6xnfES308.exe54%VirustotalBrowse
G6xnfES308.exe39%ReversingLabsWin64.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1580890
    Start date and time:2024-12-26 12:55:36 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 15s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:2
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:G6xnfES308.exe
    renamed because original name is a hash value
    Original Sample Name:727e4f3a96a22e109e3345e0c54cafcc.exe
    Detection:MAL
    Classification:mal48.winEXE@1/0@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 98%
    • Number of executed functions: 17
    • Number of non-executed functions: 84
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe
    • Excluded IPs from analysis (whitelisted): 20.190.177.82, 13.107.246.63
    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, login.live.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com
    • Report size getting too big, too many NtSetInformationFile calls found.

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    fp2e7a.wpc.phicdn.netXM6cn2uNux.exeGet hashmaliciousLummaCBrowse
    • 192.229.221.95
    bG89JAQXz2.exeGet hashmaliciousLummaCBrowse
    • 192.229.221.95
    q8b3OisMC4.dllGet hashmaliciousUnknownBrowse
    • 192.229.221.95
    eszstwQPwq.ps1Get hashmaliciousLockBit ransomware, MetasploitBrowse
    • 192.229.221.95
    0vM02qWRT9.ps1Get hashmaliciousLockBit ransomware, MetasploitBrowse
    • 192.229.221.95
    30136156071477318040.jsGet hashmaliciousUnknownBrowse
    • 192.229.221.95
    BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
    • 192.229.221.95
    6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
    • 192.229.221.95
    2ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
    • 192.229.221.95
    BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
    • 192.229.221.95

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32+ executable (GUI) x86-64, for MS Windows
    Entropy (8bit):7.995732935302339
    TrID:
    • Win64 Executable GUI (202006/5) 77.37%
    • InstallShield setup (43055/19) 16.49%
    • Win64 Executable (generic) (12005/4) 4.60%
    • Generic Win/DOS Executable (2004/3) 0.77%
    • DOS Executable Generic (2002/1) 0.77%
    File name:G6xnfES308.exe
    File size:14'186'081 bytes
    MD5:727e4f3a96a22e109e3345e0c54cafcc
    SHA1:48fd9b372b4c46eb8d4355d409a8cb2fbad75316
    SHA256:94edbfc9e6d4274c871d96e4d215d0ccaa30890e00b2151c72578c3da53af1a2
    SHA512:67ba801a5041d041c8f26f32b3045187e0570c5348a352b5b6707767bc26f9ac2c5d7b5a14d95510650e38d3004dddd9e5ad0150647b3a5f41e6e6e141f34bed
    SSDEEP:393216:uEkMDn78nxpUTLfhJuW+eGQRCMTozGxu8C0ibfz6e57xeBOxIg:uUDn87UTLJ4W+e5RLoztZ026e5VeM2g
    TLSH:8EE63389929009F5E6A1D13D15464D6FE232B0600394F6B72375F22A2FB73A24F3DB5B
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

    File Icon

    Icon Hash:4a464cd47461e179

    Static PE Info

    General

    Entrypoint:0x14000c2f0
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Time Stamp:0x66F02D25 [Sun Sep 22 14:43:49 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:5
    OS Version Minor:2
    File Version Major:5
    File Version Minor:2
    Subsystem Version Major:5
    Subsystem Version Minor:2
    Import Hash:1af6c885af093afc55142c2f1761dbe8

    Entrypoint Preview

    Instruction
    dec eax
    sub esp, 28h
    call 00007FBD6123014Ch
    dec eax
    add esp, 28h
    jmp 00007FBD6122FD5Fh
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    dec eax
    sub esp, 28h
    call 00007FBD612306C4h
    test eax, eax
    je 00007FBD6122FF03h
    dec eax
    mov eax, dword ptr [00000030h]
    dec eax
    mov ecx, dword ptr [eax+08h]
    jmp 00007FBD6122FEE7h
    dec eax
    cmp ecx, eax
    je 00007FBD6122FEF6h
    xor eax, eax
    dec eax
    cmpxchg dword ptr [0003418Ch], ecx
    jne 00007FBD6122FED0h
    xor al, al
    dec eax
    add esp, 28h
    ret
    mov al, 01h
    jmp 00007FBD6122FED9h
    int3
    int3
    int3
    inc eax
    push ebx
    dec eax
    sub esp, 20h
    movzx eax, byte ptr [00034177h]
    test ecx, ecx
    mov ebx, 00000001h
    cmove eax, ebx
    mov byte ptr [00034167h], al
    call 00007FBD612304C3h
    call 00007FBD612315E2h
    test al, al
    jne 00007FBD6122FEE6h
    xor al, al
    jmp 00007FBD6122FEF6h
    call 00007FBD6123E581h
    test al, al
    jne 00007FBD6122FEEBh
    xor ecx, ecx
    call 00007FBD612315F2h
    jmp 00007FBD6122FECCh
    mov al, bl
    dec eax
    add esp, 20h
    pop ebx
    ret
    int3
    int3
    int3
    inc eax
    push ebx
    dec eax
    sub esp, 20h
    cmp byte ptr [0003412Ch], 00000000h
    mov ebx, ecx
    jne 00007FBD6122FF49h
    cmp ecx, 01h
    jnbe 00007FBD6122FF4Ch
    call 00007FBD6123062Ah
    test eax, eax
    je 00007FBD6122FF0Ah

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x3cee40x78.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000xf41c.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22c8.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x758.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x3a4200x1c.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a2e00x140.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x29d900x29e0015c814a42215e290d8bab54e3db4f28eFalse0.5531133395522388data6.488360740396217IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x2b0000x12d0c0x12e00377d3e0f7c95bb22c4f7a316a5b04f1bFalse0.5158319536423841data5.820062241150467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x3e0000x33480xe00e1f21cabb4e5e084c6e11e610d715023False0.13253348214285715Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8227234993173287IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .pdata0x420000x22c80x2400b142de92a6283807ff34839c180f053cFalse0.4743923611111111data5.326103127679494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    _RDATA0x450000x15c0x200ee29821d11e5dd21c3e807a502fa5813False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0x460000xf41c0xf600c654ab5a3bc06ebf8c554f36c31153c0False0.8030837144308943data7.554967714213712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0x560000x7580x8007813f7270f60606010808eaa88aee14bFalse0.5439453125data5.24418466384704IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_ICON0x462080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
    RT_ICON0x470b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
    RT_ICON0x479580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
    RT_ICON0x47ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
    RT_ICON0x513ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
    RT_ICON0x539940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
    RT_ICON0x54a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
    RT_GROUP_ICON0x54ea40x68data0.7019230769230769
    RT_MANIFEST0x54f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

    Imports

    DLLImport
    USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
    COMCTL32.dll
    KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 26, 2024 12:56:25.071598053 CET1.1.1.1192.168.2.60x52baNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Dec 26, 2024 12:56:25.071598053 CET1.1.1.1192.168.2.60x52baNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:06:56:28
    Start date:26/12/2024
    Path:C:\Users\user\Desktop\G6xnfES308.exe
    Wow64 process (32bit):false
    Commandline:"C:\Users\user\Desktop\G6xnfES308.exe"
    Imagebase:0x7ff787040000
    File size:14'186'081 bytes
    MD5 hash:727E4F3A96A22E109E3345E0C54CAFCC
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:5.6%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:17.3%
      Total number of Nodes:2000
      Total number of Limit Nodes:37
      execution_graph 15185 7ff787050d1c 15186 7ff787050d4c 15185->15186 15189 7ff787050a6c 15186->15189 15188 7ff787050d6a 15190 7ff787050a8c 15189->15190 15195 7ff787050ab9 15189->15195 15191 7ff787050a96 15190->15191 15192 7ff787050ac1 15190->15192 15190->15195 15203 7ff78705aed8 15191->15203 15196 7ff7870509ac 15192->15196 15195->15188 15211 7ff78705546c EnterCriticalSection 15196->15211 15212 7ff78705ac20 15203->15212 15207 7ff78705af13 15207->15195 15213 7ff78705ac3c GetLastError 15212->15213 15214 7ff78705ac77 15212->15214 15215 7ff78705ac4c 15213->15215 15214->15207 15218 7ff78705ac8c 15214->15218 15225 7ff78705ba50 15215->15225 15219 7ff78705aca8 GetLastError SetLastError 15218->15219 15220 7ff78705acc0 15218->15220 15219->15220 15220->15207 15221 7ff78705afc4 IsProcessorFeaturePresent 15220->15221 15222 7ff78705afd7 15221->15222 15303 7ff78705acd8 15222->15303 15226 7ff78705ba8a FlsSetValue 15225->15226 15227 7ff78705ba6f FlsGetValue 15225->15227 15228 7ff78705ac67 SetLastError 15226->15228 15230 7ff78705ba97 15226->15230 15227->15228 15229 7ff78705ba84 15227->15229 15228->15214 15229->15226 15242 7ff78705f258 15230->15242 15232 7ff78705baa6 15233 7ff78705bac4 FlsSetValue 15232->15233 15234 7ff78705bab4 FlsSetValue 15232->15234 15235 7ff78705bad0 FlsSetValue 15233->15235 15236 7ff78705bae2 15233->15236 15237 7ff78705babd 15234->15237 15235->15237 15255 7ff78705b5b8 15236->15255 15249 7ff78705b00c 15237->15249 15247 7ff78705f269 _findclose 15242->15247 15243 7ff78705f29e HeapAlloc 15245 7ff78705f2b8 15243->15245 15243->15247 15244 7ff78705f2ba 15263 7ff7870555c4 15244->15263 15245->15232 15247->15243 15247->15244 15260 7ff787063d00 15247->15260 15250 7ff78705b040 15249->15250 15251 7ff78705b011 HeapFree 15249->15251 15250->15228 15251->15250 15252 7ff78705b02c GetLastError 15251->15252 15253 7ff78705b039 __free_lconv_mon 15252->15253 15254 7ff7870555c4 _findclose 9 API calls 15253->15254 15254->15250 15289 7ff78705b490 15255->15289 15266 7ff787063d40 15260->15266 15272 7ff78705b988 GetLastError 15263->15272 15265 7ff7870555cd 15265->15245 15271 7ff787060db8 EnterCriticalSection 15266->15271 15273 7ff78705b9ac 15272->15273 15274 7ff78705b9c9 FlsSetValue 15272->15274 15273->15274 15286 7ff78705b9b9 15273->15286 15275 7ff78705b9db 15274->15275 15274->15286 15277 7ff78705f258 _findclose 5 API calls 15275->15277 15276 7ff78705ba35 SetLastError 15276->15265 15278 7ff78705b9ea 15277->15278 15279 7ff78705ba08 FlsSetValue 15278->15279 15280 7ff78705b9f8 FlsSetValue 15278->15280 15281 7ff78705ba14 FlsSetValue 15279->15281 15282 7ff78705ba26 15279->15282 15283 7ff78705ba01 15280->15283 15281->15283 15284 7ff78705b5b8 _findclose 5 API calls 15282->15284 15285 7ff78705b00c __free_lconv_mon 5 API calls 15283->15285 15287 7ff78705ba2e 15284->15287 15285->15286 15286->15276 15288 7ff78705b00c __free_lconv_mon 5 API calls 15287->15288 15288->15276 15301 7ff787060db8 EnterCriticalSection 15289->15301 15304 7ff78705ad12 _wfindfirst32i64 memcpy_s 15303->15304 15305 7ff78705ad3a RtlCaptureContext RtlLookupFunctionEntry 15304->15305 15306 7ff78705adaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15305->15306 15307 7ff78705ad74 RtlVirtualUnwind 15305->15307 15308 7ff78705adfc _wfindfirst32i64 15306->15308 15307->15306 15311 7ff78704bdc0 15308->15311 15312 7ff78704bdc9 15311->15312 15313 7ff78704be20 IsProcessorFeaturePresent 15312->15313 15314 7ff78704bdd4 GetCurrentProcess TerminateProcess 15312->15314 15315 7ff78704be38 15313->15315 15320 7ff78704c014 RtlCaptureContext 15315->15320 15321 7ff78704c02e RtlLookupFunctionEntry 15320->15321 15322 7ff78704be4b 15321->15322 15323 7ff78704c044 RtlVirtualUnwind 15321->15323 15324 7ff78704bde0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15322->15324 15323->15321 15323->15322 18600 7ff787061e20 18611 7ff787067db4 18600->18611 18613 7ff787067dc1 18611->18613 18612 7ff78705b00c __free_lconv_mon 11 API calls 18612->18613 18613->18612 18614 7ff787067ddd 18613->18614 18615 7ff78705b00c __free_lconv_mon 11 API calls 18614->18615 18616 7ff787061e29 18614->18616 18615->18614 18617 7ff787060db8 EnterCriticalSection 18616->18617 18719 7ff787061038 18720 7ff78706105c 18719->18720 18723 7ff78706106c 18719->18723 18721 7ff7870555c4 _findclose 11 API calls 18720->18721 18744 7ff787061061 18721->18744 18722 7ff78706134c 18724 7ff7870555c4 _findclose 11 API calls 18722->18724 18723->18722 18725 7ff78706108e 18723->18725 18726 7ff787061351 18724->18726 18727 7ff7870610af 18725->18727 18850 7ff7870616f4 18725->18850 18728 7ff78705b00c __free_lconv_mon 11 API calls 18726->18728 18730 7ff787061121 18727->18730 18732 7ff7870610d5 18727->18732 18736 7ff787061115 18727->18736 18728->18744 18734 7ff78705f258 _findclose 11 API calls 18730->18734 18749 7ff7870610e4 18730->18749 18731 7ff7870611ce 18743 7ff7870611eb 18731->18743 18750 7ff78706123d 18731->18750 18865 7ff787059d50 18732->18865 18737 7ff787061137 18734->18737 18736->18731 18736->18749 18871 7ff787067afc 18736->18871 18740 7ff78705b00c __free_lconv_mon 11 API calls 18737->18740 18739 7ff78705b00c __free_lconv_mon 11 API calls 18739->18744 18745 7ff787061145 18740->18745 18741 7ff7870610fd 18741->18736 18748 7ff7870616f4 45 API calls 18741->18748 18742 7ff7870610df 18746 7ff7870555c4 _findclose 11 API calls 18742->18746 18747 7ff78705b00c __free_lconv_mon 11 API calls 18743->18747 18745->18736 18745->18749 18753 7ff78705f258 _findclose 11 API calls 18745->18753 18746->18749 18751 7ff7870611f4 18747->18751 18748->18736 18749->18739 18750->18749 18752 7ff787063b4c 40 API calls 18750->18752 18759 7ff7870611f9 18751->18759 18907 7ff787063b4c 18751->18907 18754 7ff78706127a 18752->18754 18756 7ff787061167 18753->18756 18757 7ff78705b00c __free_lconv_mon 11 API calls 18754->18757 18762 7ff78705b00c __free_lconv_mon 11 API calls 18756->18762 18758 7ff787061284 18757->18758 18758->18749 18758->18759 18760 7ff787061340 18759->18760 18765 7ff78705f258 _findclose 11 API calls 18759->18765 18764 7ff78705b00c __free_lconv_mon 11 API calls 18760->18764 18761 7ff787061225 18763 7ff78705b00c __free_lconv_mon 11 API calls 18761->18763 18762->18736 18763->18759 18764->18744 18766 7ff7870612c8 18765->18766 18767 7ff7870612d9 18766->18767 18768 7ff7870612d0 18766->18768 18770 7ff78705ab3c __std_exception_copy 37 API calls 18767->18770 18769 7ff78705b00c __free_lconv_mon 11 API calls 18768->18769 18790 7ff7870612d7 18769->18790 18771 7ff7870612e8 18770->18771 18772 7ff78706137b 18771->18772 18773 7ff7870612f0 18771->18773 18775 7ff78705afc4 _wfindfirst32i64 17 API calls 18772->18775 18916 7ff787067c14 18773->18916 18778 7ff78706138f 18775->18778 18776 7ff78705b00c __free_lconv_mon 11 API calls 18776->18744 18781 7ff7870613b8 18778->18781 18785 7ff7870613c8 18778->18785 18779 7ff787061338 18784 7ff78705b00c __free_lconv_mon 11 API calls 18779->18784 18780 7ff787061317 18782 7ff7870555c4 _findclose 11 API calls 18780->18782 18783 7ff7870555c4 _findclose 11 API calls 18781->18783 18786 7ff78706131c 18782->18786 18812 7ff7870613bd 18783->18812 18784->18760 18788 7ff7870616ab 18785->18788 18791 7ff7870613ea 18785->18791 18787 7ff78705b00c __free_lconv_mon 11 API calls 18786->18787 18787->18790 18789 7ff7870555c4 _findclose 11 API calls 18788->18789 18793 7ff7870616b0 18789->18793 18790->18776 18792 7ff787061407 18791->18792 18935 7ff7870617dc 18791->18935 18796 7ff78706147b 18792->18796 18798 7ff78706142f 18792->18798 18802 7ff78706146f 18792->18802 18795 7ff78705b00c __free_lconv_mon 11 API calls 18793->18795 18795->18812 18800 7ff7870614a3 18796->18800 18803 7ff78705f258 _findclose 11 API calls 18796->18803 18819 7ff78706143e 18796->18819 18797 7ff78706152e 18811 7ff78706154b 18797->18811 18820 7ff78706159e 18797->18820 18950 7ff787059d8c 18798->18950 18800->18802 18805 7ff78705f258 _findclose 11 API calls 18800->18805 18800->18819 18802->18797 18802->18819 18956 7ff7870679bc 18802->18956 18807 7ff787061495 18803->18807 18810 7ff7870614c5 18805->18810 18806 7ff78705b00c __free_lconv_mon 11 API calls 18806->18812 18813 7ff78705b00c __free_lconv_mon 11 API calls 18807->18813 18808 7ff787061457 18808->18802 18818 7ff7870617dc 45 API calls 18808->18818 18809 7ff787061439 18814 7ff7870555c4 _findclose 11 API calls 18809->18814 18815 7ff78705b00c __free_lconv_mon 11 API calls 18810->18815 18816 7ff78705b00c __free_lconv_mon 11 API calls 18811->18816 18813->18800 18814->18819 18815->18802 18817 7ff787061554 18816->18817 18824 7ff787063b4c 40 API calls 18817->18824 18826 7ff78706155a 18817->18826 18818->18802 18819->18806 18820->18819 18821 7ff787063b4c 40 API calls 18820->18821 18822 7ff7870615dc 18821->18822 18823 7ff78705b00c __free_lconv_mon 11 API calls 18822->18823 18825 7ff7870615e6 18823->18825 18828 7ff787061586 18824->18828 18825->18819 18825->18826 18827 7ff78706169f 18826->18827 18831 7ff78705f258 _findclose 11 API calls 18826->18831 18830 7ff78705b00c __free_lconv_mon 11 API calls 18827->18830 18829 7ff78705b00c __free_lconv_mon 11 API calls 18828->18829 18829->18826 18830->18812 18832 7ff78706162b 18831->18832 18833 7ff78706163c 18832->18833 18834 7ff787061633 18832->18834 18836 7ff787060f54 _wfindfirst32i64 37 API calls 18833->18836 18835 7ff78705b00c __free_lconv_mon 11 API calls 18834->18835 18838 7ff78706163a 18835->18838 18837 7ff78706164a 18836->18837 18839 7ff7870616df 18837->18839 18840 7ff787061652 SetEnvironmentVariableW 18837->18840 18844 7ff78705b00c __free_lconv_mon 11 API calls 18838->18844 18843 7ff78705afc4 _wfindfirst32i64 17 API calls 18839->18843 18841 7ff787061697 18840->18841 18842 7ff787061676 18840->18842 18847 7ff78705b00c __free_lconv_mon 11 API calls 18841->18847 18845 7ff7870555c4 _findclose 11 API calls 18842->18845 18846 7ff7870616f3 18843->18846 18844->18812 18848 7ff78706167b 18845->18848 18847->18827 18849 7ff78705b00c __free_lconv_mon 11 API calls 18848->18849 18849->18838 18851 7ff787061729 18850->18851 18857 7ff787061711 18850->18857 18852 7ff78705f258 _findclose 11 API calls 18851->18852 18860 7ff78706174d 18852->18860 18853 7ff7870617ae 18855 7ff78705b00c __free_lconv_mon 11 API calls 18853->18855 18854 7ff78705ab9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18856 7ff7870617d8 18854->18856 18855->18857 18857->18727 18858 7ff78705f258 _findclose 11 API calls 18858->18860 18859 7ff78705b00c __free_lconv_mon 11 API calls 18859->18860 18860->18853 18860->18858 18860->18859 18861 7ff78705ab3c __std_exception_copy 37 API calls 18860->18861 18862 7ff7870617bd 18860->18862 18864 7ff7870617d2 18860->18864 18861->18860 18863 7ff78705afc4 _wfindfirst32i64 17 API calls 18862->18863 18863->18864 18864->18854 18866 7ff787059d60 18865->18866 18867 7ff787059d69 18865->18867 18866->18867 18980 7ff787059828 18866->18980 18867->18741 18867->18742 18872 7ff787066cac 18871->18872 18873 7ff787067b09 18871->18873 18874 7ff787066cb9 18872->18874 18879 7ff787066cef 18872->18879 18875 7ff787055098 45 API calls 18873->18875 18878 7ff7870555c4 _findclose 11 API calls 18874->18878 18894 7ff787066c60 18874->18894 18876 7ff787067b3d 18875->18876 18880 7ff787067b42 18876->18880 18886 7ff787067b53 18876->18886 18889 7ff787067b6a 18876->18889 18877 7ff787066d19 18881 7ff7870555c4 _findclose 11 API calls 18877->18881 18882 7ff787066cc3 18878->18882 18879->18877 18885 7ff787066d3e 18879->18885 18880->18736 18883 7ff787066d1e 18881->18883 18884 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18882->18884 18887 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18883->18887 18888 7ff787066cce 18884->18888 18895 7ff787055098 45 API calls 18885->18895 18898 7ff787066d29 18885->18898 18890 7ff7870555c4 _findclose 11 API calls 18886->18890 18887->18898 18888->18736 18892 7ff787067b74 18889->18892 18893 7ff787067b86 18889->18893 18891 7ff787067b58 18890->18891 18896 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18891->18896 18897 7ff7870555c4 _findclose 11 API calls 18892->18897 18899 7ff787067bae 18893->18899 18900 7ff787067b97 18893->18900 18894->18736 18895->18898 18896->18880 18901 7ff787067b79 18897->18901 18898->18736 19206 7ff787069924 18899->19206 19197 7ff787066cfc 18900->19197 18904 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18901->18904 18904->18880 18906 7ff7870555c4 _findclose 11 API calls 18906->18880 18908 7ff787063b8b 18907->18908 18909 7ff787063b6e 18907->18909 18910 7ff787063b95 18908->18910 19246 7ff787068608 18908->19246 18909->18908 18911 7ff787063b7c 18909->18911 19253 7ff787060fbc 18910->19253 18913 7ff7870555c4 _findclose 11 API calls 18911->18913 18915 7ff787063b81 memcpy_s 18913->18915 18915->18761 18917 7ff787055098 45 API calls 18916->18917 18918 7ff787067c7a 18917->18918 18919 7ff78705f4e4 5 API calls 18918->18919 18920 7ff787067c88 18918->18920 18919->18920 18921 7ff787055684 14 API calls 18920->18921 18922 7ff787067ce4 18921->18922 18923 7ff787067d74 18922->18923 18924 7ff787055098 45 API calls 18922->18924 18926 7ff787067d85 18923->18926 18927 7ff78705b00c __free_lconv_mon 11 API calls 18923->18927 18925 7ff787067cf7 18924->18925 18929 7ff78705f4e4 5 API calls 18925->18929 18932 7ff787067d00 18925->18932 18928 7ff787061313 18926->18928 18930 7ff78705b00c __free_lconv_mon 11 API calls 18926->18930 18927->18926 18928->18779 18928->18780 18929->18932 18930->18928 18931 7ff787055684 14 API calls 18933 7ff787067d5b 18931->18933 18932->18931 18933->18923 18934 7ff787067d63 SetEnvironmentVariableW 18933->18934 18934->18923 18936 7ff78706181c 18935->18936 18943 7ff7870617ff 18935->18943 18937 7ff78705f258 _findclose 11 API calls 18936->18937 18945 7ff787061840 18937->18945 18938 7ff7870618c4 18940 7ff78705ab9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18938->18940 18939 7ff7870618a1 18942 7ff78705b00c __free_lconv_mon 11 API calls 18939->18942 18941 7ff7870618ca 18940->18941 18942->18943 18943->18792 18944 7ff78705f258 _findclose 11 API calls 18944->18945 18945->18938 18945->18939 18945->18944 18946 7ff78705b00c __free_lconv_mon 11 API calls 18945->18946 18947 7ff787060f54 _wfindfirst32i64 37 API calls 18945->18947 18948 7ff7870618b0 18945->18948 18946->18945 18947->18945 18949 7ff78705afc4 _wfindfirst32i64 17 API calls 18948->18949 18949->18938 18951 7ff787059d9c 18950->18951 18952 7ff787059da5 18950->18952 18951->18952 19265 7ff78705989c 18951->19265 18952->18808 18952->18809 18957 7ff7870679c9 18956->18957 18959 7ff7870679f6 18956->18959 18958 7ff7870679ce 18957->18958 18957->18959 18960 7ff7870555c4 _findclose 11 API calls 18958->18960 18961 7ff787067a3a 18959->18961 18964 7ff787067a59 18959->18964 18978 7ff787067a2e __crtLCMapStringW 18959->18978 18962 7ff7870679d3 18960->18962 18963 7ff7870555c4 _findclose 11 API calls 18961->18963 18965 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18962->18965 18966 7ff787067a3f 18963->18966 18967 7ff787067a63 18964->18967 18968 7ff787067a75 18964->18968 18969 7ff7870679de 18965->18969 18971 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18966->18971 18972 7ff7870555c4 _findclose 11 API calls 18967->18972 18970 7ff787055098 45 API calls 18968->18970 18969->18802 18973 7ff787067a82 18970->18973 18971->18978 18974 7ff787067a68 18972->18974 18973->18978 19312 7ff7870694e0 18973->19312 18975 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 18974->18975 18975->18978 18978->18802 18979 7ff7870555c4 _findclose 11 API calls 18979->18978 18981 7ff78705983d 18980->18981 18982 7ff787059841 18980->18982 18981->18867 18995 7ff787059b7c 18981->18995 19003 7ff787062d60 18982->19003 18987 7ff787059853 18990 7ff78705b00c __free_lconv_mon 11 API calls 18987->18990 18988 7ff78705985f 19029 7ff78705990c 18988->19029 18990->18981 18992 7ff78705b00c __free_lconv_mon 11 API calls 18993 7ff787059886 18992->18993 18994 7ff78705b00c __free_lconv_mon 11 API calls 18993->18994 18994->18981 18996 7ff787059ba5 18995->18996 19001 7ff787059bbe 18995->19001 18996->18867 18997 7ff7870605c8 WideCharToMultiByte 18997->19001 18998 7ff78705f258 _findclose 11 API calls 18998->19001 18999 7ff787059c4e 19000 7ff78705b00c __free_lconv_mon 11 API calls 18999->19000 19000->18996 19001->18996 19001->18997 19001->18998 19001->18999 19002 7ff78705b00c __free_lconv_mon 11 API calls 19001->19002 19002->19001 19004 7ff787062d6d 19003->19004 19005 7ff787059846 19003->19005 19048 7ff78705b8e4 19004->19048 19009 7ff78706309c GetEnvironmentStringsW 19005->19009 19010 7ff7870630cc 19009->19010 19011 7ff78705984b 19009->19011 19012 7ff7870605c8 WideCharToMultiByte 19010->19012 19011->18987 19011->18988 19013 7ff78706311d 19012->19013 19014 7ff787063124 FreeEnvironmentStringsW 19013->19014 19015 7ff78705dcbc _fread_nolock 12 API calls 19013->19015 19014->19011 19016 7ff787063137 19015->19016 19017 7ff787063148 19016->19017 19018 7ff78706313f 19016->19018 19019 7ff7870605c8 WideCharToMultiByte 19017->19019 19020 7ff78705b00c __free_lconv_mon 11 API calls 19018->19020 19021 7ff78706316b 19019->19021 19022 7ff787063146 19020->19022 19023 7ff787063179 19021->19023 19024 7ff78706316f 19021->19024 19022->19014 19026 7ff78705b00c __free_lconv_mon 11 API calls 19023->19026 19025 7ff78705b00c __free_lconv_mon 11 API calls 19024->19025 19027 7ff787063177 FreeEnvironmentStringsW 19025->19027 19026->19027 19027->19011 19031 7ff787059931 19029->19031 19030 7ff78705f258 _findclose 11 API calls 19042 7ff787059967 19030->19042 19031->19030 19032 7ff78705996f 19033 7ff78705b00c __free_lconv_mon 11 API calls 19032->19033 19034 7ff787059867 19033->19034 19034->18992 19035 7ff7870599e2 19036 7ff78705b00c __free_lconv_mon 11 API calls 19035->19036 19036->19034 19037 7ff78705f258 _findclose 11 API calls 19037->19042 19038 7ff7870599d1 19039 7ff787059b38 11 API calls 19038->19039 19041 7ff7870599d9 19039->19041 19040 7ff78705ab3c __std_exception_copy 37 API calls 19040->19042 19043 7ff78705b00c __free_lconv_mon 11 API calls 19041->19043 19042->19032 19042->19035 19042->19037 19042->19038 19042->19040 19044 7ff787059a07 19042->19044 19045 7ff78705b00c __free_lconv_mon 11 API calls 19042->19045 19043->19032 19046 7ff78705afc4 _wfindfirst32i64 17 API calls 19044->19046 19045->19042 19047 7ff787059a1a 19046->19047 19049 7ff78705b8f5 FlsGetValue 19048->19049 19050 7ff78705b910 FlsSetValue 19048->19050 19051 7ff78705b90a 19049->19051 19052 7ff78705b902 19049->19052 19050->19052 19053 7ff78705b91d 19050->19053 19051->19050 19054 7ff78705b908 19052->19054 19055 7ff78705ab9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19052->19055 19056 7ff78705f258 _findclose 11 API calls 19053->19056 19068 7ff787062a34 19054->19068 19057 7ff78705b985 19055->19057 19058 7ff78705b92c 19056->19058 19059 7ff78705b94a FlsSetValue 19058->19059 19060 7ff78705b93a FlsSetValue 19058->19060 19061 7ff78705b968 19059->19061 19062 7ff78705b956 FlsSetValue 19059->19062 19063 7ff78705b943 19060->19063 19064 7ff78705b5b8 _findclose 11 API calls 19061->19064 19062->19063 19065 7ff78705b00c __free_lconv_mon 11 API calls 19063->19065 19066 7ff78705b970 19064->19066 19065->19052 19067 7ff78705b00c __free_lconv_mon 11 API calls 19066->19067 19067->19054 19091 7ff787062ca4 19068->19091 19070 7ff787062a69 19106 7ff787062734 19070->19106 19073 7ff787062a86 19073->19005 19074 7ff78705dcbc _fread_nolock 12 API calls 19075 7ff787062a97 19074->19075 19076 7ff787062a9f 19075->19076 19078 7ff787062aae 19075->19078 19077 7ff78705b00c __free_lconv_mon 11 API calls 19076->19077 19077->19073 19078->19078 19113 7ff787062ddc 19078->19113 19081 7ff787062baa 19082 7ff7870555c4 _findclose 11 API calls 19081->19082 19083 7ff787062baf 19082->19083 19085 7ff78705b00c __free_lconv_mon 11 API calls 19083->19085 19084 7ff787062c05 19087 7ff787062c6c 19084->19087 19124 7ff787062564 19084->19124 19085->19073 19086 7ff787062bc4 19086->19084 19089 7ff78705b00c __free_lconv_mon 11 API calls 19086->19089 19088 7ff78705b00c __free_lconv_mon 11 API calls 19087->19088 19088->19073 19089->19084 19092 7ff787062cc7 19091->19092 19093 7ff787062cd1 19092->19093 19139 7ff787060db8 EnterCriticalSection 19092->19139 19096 7ff787062d43 19093->19096 19097 7ff78705ab9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19093->19097 19096->19070 19099 7ff787062d5b 19097->19099 19101 7ff787062db2 19099->19101 19103 7ff78705b8e4 50 API calls 19099->19103 19101->19070 19104 7ff787062d9c 19103->19104 19105 7ff787062a34 65 API calls 19104->19105 19105->19101 19107 7ff787055098 45 API calls 19106->19107 19108 7ff787062748 19107->19108 19109 7ff787062754 GetOEMCP 19108->19109 19110 7ff787062766 19108->19110 19111 7ff78706277b 19109->19111 19110->19111 19112 7ff78706276b GetACP 19110->19112 19111->19073 19111->19074 19112->19111 19114 7ff787062734 47 API calls 19113->19114 19115 7ff787062e09 19114->19115 19117 7ff787062e46 IsValidCodePage 19115->19117 19122 7ff787062f5f 19115->19122 19123 7ff787062e60 memcpy_s 19115->19123 19116 7ff78704bdc0 _wfindfirst32i64 8 API calls 19118 7ff787062ba1 19116->19118 19119 7ff787062e57 19117->19119 19117->19122 19118->19081 19118->19086 19120 7ff787062e86 GetCPInfo 19119->19120 19119->19123 19120->19122 19120->19123 19122->19116 19140 7ff78706284c 19123->19140 19196 7ff787060db8 EnterCriticalSection 19124->19196 19141 7ff787062889 GetCPInfo 19140->19141 19142 7ff78706297f 19140->19142 19141->19142 19147 7ff78706289c 19141->19147 19143 7ff78704bdc0 _wfindfirst32i64 8 API calls 19142->19143 19144 7ff787062a1e 19143->19144 19144->19122 19145 7ff7870635b0 48 API calls 19146 7ff787062913 19145->19146 19151 7ff787068554 19146->19151 19147->19145 19150 7ff787068554 54 API calls 19150->19142 19152 7ff787055098 45 API calls 19151->19152 19153 7ff787068579 19152->19153 19156 7ff787068220 19153->19156 19157 7ff787068261 19156->19157 19158 7ff78705fd00 _fread_nolock MultiByteToWideChar 19157->19158 19161 7ff7870682ab 19158->19161 19159 7ff787068529 19160 7ff78704bdc0 _wfindfirst32i64 8 API calls 19159->19160 19162 7ff787062946 19160->19162 19161->19159 19163 7ff78705dcbc _fread_nolock 12 API calls 19161->19163 19165 7ff7870682e3 19161->19165 19176 7ff7870683e1 19161->19176 19162->19150 19163->19165 19164 7ff78705b00c __free_lconv_mon 11 API calls 19164->19159 19166 7ff78705fd00 _fread_nolock MultiByteToWideChar 19165->19166 19165->19176 19167 7ff787068356 19166->19167 19167->19176 19187 7ff78705f6a4 19167->19187 19170 7ff7870683a1 19173 7ff78705f6a4 __crtLCMapStringW 6 API calls 19170->19173 19170->19176 19171 7ff7870683f2 19172 7ff78705dcbc _fread_nolock 12 API calls 19171->19172 19174 7ff7870684c4 19171->19174 19177 7ff787068410 19171->19177 19172->19177 19173->19176 19175 7ff78705b00c __free_lconv_mon 11 API calls 19174->19175 19174->19176 19175->19176 19176->19159 19176->19164 19177->19176 19178 7ff78705f6a4 __crtLCMapStringW 6 API calls 19177->19178 19179 7ff787068490 19178->19179 19179->19174 19180 7ff7870684c6 19179->19180 19181 7ff7870684b0 19179->19181 19183 7ff7870605c8 WideCharToMultiByte 19180->19183 19182 7ff7870605c8 WideCharToMultiByte 19181->19182 19184 7ff7870684be 19182->19184 19183->19184 19184->19174 19185 7ff7870684de 19184->19185 19185->19176 19186 7ff78705b00c __free_lconv_mon 11 API calls 19185->19186 19186->19176 19188 7ff78705f2d0 __crtLCMapStringW 5 API calls 19187->19188 19190 7ff78705f6e2 19188->19190 19189 7ff78705f6ea 19189->19170 19189->19171 19189->19176 19190->19189 19193 7ff78705f790 19190->19193 19192 7ff78705f753 LCMapStringW 19192->19189 19194 7ff78705f2d0 __crtLCMapStringW 5 API calls 19193->19194 19195 7ff78705f7be __crtLCMapStringW 19194->19195 19195->19192 19198 7ff787066d19 19197->19198 19199 7ff787066d30 19197->19199 19200 7ff7870555c4 _findclose 11 API calls 19198->19200 19199->19198 19202 7ff787066d3e 19199->19202 19201 7ff787066d1e 19200->19201 19203 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19201->19203 19204 7ff787055098 45 API calls 19202->19204 19205 7ff787066d29 19202->19205 19203->19205 19204->19205 19205->18880 19207 7ff787055098 45 API calls 19206->19207 19208 7ff787069949 19207->19208 19211 7ff7870695a0 19208->19211 19214 7ff7870695ee 19211->19214 19212 7ff78704bdc0 _wfindfirst32i64 8 API calls 19213 7ff787067bd5 19212->19213 19213->18880 19213->18906 19215 7ff787069675 19214->19215 19217 7ff787069660 GetCPInfo 19214->19217 19220 7ff787069679 19214->19220 19216 7ff78705fd00 _fread_nolock MultiByteToWideChar 19215->19216 19215->19220 19218 7ff78706970d 19216->19218 19217->19215 19217->19220 19219 7ff78705dcbc _fread_nolock 12 API calls 19218->19219 19218->19220 19221 7ff787069744 19218->19221 19219->19221 19220->19212 19221->19220 19222 7ff78705fd00 _fread_nolock MultiByteToWideChar 19221->19222 19223 7ff7870697b2 19222->19223 19224 7ff787069894 19223->19224 19225 7ff78705fd00 _fread_nolock MultiByteToWideChar 19223->19225 19224->19220 19226 7ff78705b00c __free_lconv_mon 11 API calls 19224->19226 19227 7ff7870697d8 19225->19227 19226->19220 19227->19224 19228 7ff78705dcbc _fread_nolock 12 API calls 19227->19228 19229 7ff787069805 19227->19229 19228->19229 19229->19224 19230 7ff78705fd00 _fread_nolock MultiByteToWideChar 19229->19230 19231 7ff78706987c 19230->19231 19232 7ff78706989c 19231->19232 19233 7ff787069882 19231->19233 19240 7ff78705f528 19232->19240 19233->19224 19235 7ff78705b00c __free_lconv_mon 11 API calls 19233->19235 19235->19224 19237 7ff7870698db 19237->19220 19239 7ff78705b00c __free_lconv_mon 11 API calls 19237->19239 19238 7ff78705b00c __free_lconv_mon 11 API calls 19238->19237 19239->19220 19241 7ff78705f2d0 __crtLCMapStringW 5 API calls 19240->19241 19243 7ff78705f566 19241->19243 19242 7ff78705f56e 19242->19237 19242->19238 19243->19242 19244 7ff78705f790 __crtLCMapStringW 5 API calls 19243->19244 19245 7ff78705f5d7 CompareStringW 19244->19245 19245->19242 19247 7ff78706862a HeapSize 19246->19247 19248 7ff787068611 19246->19248 19249 7ff7870555c4 _findclose 11 API calls 19248->19249 19250 7ff787068616 19249->19250 19251 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19250->19251 19252 7ff787068621 19251->19252 19252->18910 19254 7ff787060fdb 19253->19254 19255 7ff787060fd1 19253->19255 19257 7ff787060fe0 19254->19257 19263 7ff787060fe7 _findclose 19254->19263 19256 7ff78705dcbc _fread_nolock 12 API calls 19255->19256 19261 7ff787060fd9 19256->19261 19258 7ff78705b00c __free_lconv_mon 11 API calls 19257->19258 19258->19261 19259 7ff787060fed 19262 7ff7870555c4 _findclose 11 API calls 19259->19262 19260 7ff78706101a HeapReAlloc 19260->19261 19260->19263 19261->18915 19262->19261 19263->19259 19263->19260 19264 7ff787063d00 _findclose 2 API calls 19263->19264 19264->19263 19266 7ff7870598b5 19265->19266 19277 7ff7870598b1 19265->19277 19286 7ff7870631ac GetEnvironmentStringsW 19266->19286 19269 7ff7870598ce 19293 7ff787059a1c 19269->19293 19270 7ff7870598c2 19271 7ff78705b00c __free_lconv_mon 11 API calls 19270->19271 19271->19277 19274 7ff78705b00c __free_lconv_mon 11 API calls 19275 7ff7870598f5 19274->19275 19276 7ff78705b00c __free_lconv_mon 11 API calls 19275->19276 19276->19277 19277->18952 19278 7ff787059c5c 19277->19278 19283 7ff787059c7f 19278->19283 19284 7ff787059c96 19278->19284 19279 7ff78705fd00 MultiByteToWideChar _fread_nolock 19279->19284 19280 7ff78705f258 _findclose 11 API calls 19280->19284 19281 7ff787059d0a 19282 7ff78705b00c __free_lconv_mon 11 API calls 19281->19282 19282->19283 19283->18952 19284->19279 19284->19280 19284->19281 19284->19283 19285 7ff78705b00c __free_lconv_mon 11 API calls 19284->19285 19285->19284 19287 7ff7870598ba 19286->19287 19288 7ff7870631d0 19286->19288 19287->19269 19287->19270 19289 7ff78705dcbc _fread_nolock 12 API calls 19288->19289 19291 7ff787063207 memcpy_s 19289->19291 19290 7ff78705b00c __free_lconv_mon 11 API calls 19292 7ff787063227 FreeEnvironmentStringsW 19290->19292 19291->19290 19292->19287 19294 7ff787059a44 19293->19294 19295 7ff78705f258 _findclose 11 API calls 19294->19295 19306 7ff787059a7f 19295->19306 19296 7ff787059a87 19297 7ff78705b00c __free_lconv_mon 11 API calls 19296->19297 19298 7ff7870598d6 19297->19298 19298->19274 19299 7ff787059b01 19300 7ff78705b00c __free_lconv_mon 11 API calls 19299->19300 19300->19298 19301 7ff78705f258 _findclose 11 API calls 19301->19306 19302 7ff787059af0 19304 7ff787059b38 11 API calls 19302->19304 19303 7ff787060f54 _wfindfirst32i64 37 API calls 19303->19306 19305 7ff787059af8 19304->19305 19308 7ff78705b00c __free_lconv_mon 11 API calls 19305->19308 19306->19296 19306->19299 19306->19301 19306->19302 19306->19303 19307 7ff787059b24 19306->19307 19310 7ff78705b00c __free_lconv_mon 11 API calls 19306->19310 19309 7ff78705afc4 _wfindfirst32i64 17 API calls 19307->19309 19308->19296 19311 7ff787059b36 19309->19311 19310->19306 19314 7ff787069509 __crtLCMapStringW 19312->19314 19313 7ff787067abe 19313->18978 19313->18979 19314->19313 19315 7ff78705f528 6 API calls 19314->19315 19315->19313 19698 7ff78705fdec 19699 7ff78705ffde 19698->19699 19702 7ff78705fe2e _isindst 19698->19702 19700 7ff7870555c4 _findclose 11 API calls 19699->19700 19718 7ff78705ffce 19700->19718 19701 7ff78704bdc0 _wfindfirst32i64 8 API calls 19703 7ff78705fff9 19701->19703 19702->19699 19704 7ff78705feae _isindst 19702->19704 19719 7ff787066a04 19704->19719 19709 7ff78706000a 19711 7ff78705afc4 _wfindfirst32i64 17 API calls 19709->19711 19712 7ff78706001e 19711->19712 19716 7ff78705ff0b 19716->19718 19744 7ff787066a48 19716->19744 19718->19701 19720 7ff787066a13 19719->19720 19721 7ff78705fecc 19719->19721 19751 7ff787060db8 EnterCriticalSection 19720->19751 19726 7ff787065e08 19721->19726 19727 7ff787065e11 19726->19727 19729 7ff78705fee1 19726->19729 19728 7ff7870555c4 _findclose 11 API calls 19727->19728 19730 7ff787065e16 19728->19730 19729->19709 19732 7ff787065e38 19729->19732 19731 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19730->19731 19731->19729 19733 7ff787065e41 19732->19733 19735 7ff78705fef2 19732->19735 19734 7ff7870555c4 _findclose 11 API calls 19733->19734 19736 7ff787065e46 19734->19736 19735->19709 19738 7ff787065e68 19735->19738 19737 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19736->19737 19737->19735 19739 7ff78705ff03 19738->19739 19740 7ff787065e71 19738->19740 19739->19709 19739->19716 19741 7ff7870555c4 _findclose 11 API calls 19740->19741 19742 7ff787065e76 19741->19742 19743 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19742->19743 19743->19739 19752 7ff787060db8 EnterCriticalSection 19744->19752 18251 7ff787059ff1 18252 7ff78705aa68 45 API calls 18251->18252 18253 7ff787059ff6 18252->18253 18254 7ff78705a01d GetModuleHandleW 18253->18254 18255 7ff78705a067 18253->18255 18254->18255 18261 7ff78705a02a 18254->18261 18263 7ff787059ef4 18255->18263 18261->18255 18277 7ff78705a118 GetModuleHandleExW 18261->18277 18283 7ff787060db8 EnterCriticalSection 18263->18283 18278 7ff78705a14c GetProcAddress 18277->18278 18279 7ff78705a175 18277->18279 18280 7ff78705a15e 18278->18280 18281 7ff78705a17a FreeLibrary 18279->18281 18282 7ff78705a181 18279->18282 18280->18279 18281->18282 18282->18255 19850 7ff78705a3e0 19853 7ff78705a35c 19850->19853 19860 7ff787060db8 EnterCriticalSection 19853->19860 19861 7ff78705cbe0 19872 7ff787060db8 EnterCriticalSection 19861->19872 19485 7ff78706ac89 19486 7ff78706ac98 19485->19486 19487 7ff78706aca2 19485->19487 19489 7ff787060e18 LeaveCriticalSection 19486->19489 19494 7ff78705b690 19495 7ff78705b695 19494->19495 19496 7ff78705b6aa 19494->19496 19500 7ff78705b6b0 19495->19500 19501 7ff78705b6fa 19500->19501 19502 7ff78705b6f2 19500->19502 19504 7ff78705b00c __free_lconv_mon 11 API calls 19501->19504 19503 7ff78705b00c __free_lconv_mon 11 API calls 19502->19503 19503->19501 19505 7ff78705b707 19504->19505 19506 7ff78705b00c __free_lconv_mon 11 API calls 19505->19506 19507 7ff78705b714 19506->19507 19508 7ff78705b00c __free_lconv_mon 11 API calls 19507->19508 19509 7ff78705b721 19508->19509 19510 7ff78705b00c __free_lconv_mon 11 API calls 19509->19510 19511 7ff78705b72e 19510->19511 19512 7ff78705b00c __free_lconv_mon 11 API calls 19511->19512 19513 7ff78705b73b 19512->19513 19514 7ff78705b00c __free_lconv_mon 11 API calls 19513->19514 19515 7ff78705b748 19514->19515 19516 7ff78705b00c __free_lconv_mon 11 API calls 19515->19516 19517 7ff78705b755 19516->19517 19518 7ff78705b00c __free_lconv_mon 11 API calls 19517->19518 19519 7ff78705b765 19518->19519 19520 7ff78705b00c __free_lconv_mon 11 API calls 19519->19520 19521 7ff78705b775 19520->19521 19526 7ff78705b558 19521->19526 19540 7ff787060db8 EnterCriticalSection 19526->19540 19542 7ff78704c090 19543 7ff78704c0a0 19542->19543 19559 7ff78705a238 19543->19559 19545 7ff78704c0ac 19565 7ff78704c398 19545->19565 19547 7ff78704c119 19548 7ff78704c67c 7 API calls 19547->19548 19558 7ff78704c135 19547->19558 19550 7ff78704c145 19548->19550 19549 7ff78704c0c4 _RTC_Initialize 19549->19547 19570 7ff78704c548 19549->19570 19552 7ff78704c0d9 19573 7ff7870596a4 19552->19573 19560 7ff78705a249 19559->19560 19561 7ff78705a251 19560->19561 19562 7ff7870555c4 _findclose 11 API calls 19560->19562 19561->19545 19563 7ff78705a260 19562->19563 19564 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19563->19564 19564->19561 19566 7ff78704c3a9 19565->19566 19569 7ff78704c3ae __scrt_release_startup_lock 19565->19569 19567 7ff78704c67c 7 API calls 19566->19567 19566->19569 19568 7ff78704c422 19567->19568 19569->19549 19598 7ff78704c50c 19570->19598 19572 7ff78704c551 19572->19552 19574 7ff7870596c4 19573->19574 19575 7ff78704c0e5 19573->19575 19576 7ff7870596cc 19574->19576 19577 7ff7870596e2 GetModuleFileNameW 19574->19577 19575->19547 19597 7ff78704c61c InitializeSListHead 19575->19597 19578 7ff7870555c4 _findclose 11 API calls 19576->19578 19581 7ff78705970d 19577->19581 19579 7ff7870596d1 19578->19579 19580 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 19579->19580 19580->19575 19613 7ff787059644 19581->19613 19584 7ff787059755 19585 7ff7870555c4 _findclose 11 API calls 19584->19585 19586 7ff78705975a 19585->19586 19587 7ff78705b00c __free_lconv_mon 11 API calls 19586->19587 19587->19575 19588 7ff78705976d 19589 7ff78705978f 19588->19589 19591 7ff7870597bb 19588->19591 19592 7ff7870597d4 19588->19592 19590 7ff78705b00c __free_lconv_mon 11 API calls 19589->19590 19590->19575 19593 7ff78705b00c __free_lconv_mon 11 API calls 19591->19593 19595 7ff78705b00c __free_lconv_mon 11 API calls 19592->19595 19594 7ff7870597c4 19593->19594 19596 7ff78705b00c __free_lconv_mon 11 API calls 19594->19596 19595->19589 19596->19575 19599 7ff78704c526 19598->19599 19601 7ff78704c51f 19598->19601 19602 7ff78705a87c 19599->19602 19601->19572 19605 7ff78705a4b8 19602->19605 19612 7ff787060db8 EnterCriticalSection 19605->19612 19614 7ff78705965c 19613->19614 19618 7ff787059694 19613->19618 19615 7ff78705f258 _findclose 11 API calls 19614->19615 19614->19618 19616 7ff78705968a 19615->19616 19617 7ff78705b00c __free_lconv_mon 11 API calls 19616->19617 19617->19618 19618->19584 19618->19588 19888 7ff787055410 19889 7ff78705541b 19888->19889 19897 7ff78705f864 19889->19897 19910 7ff787060db8 EnterCriticalSection 19897->19910 15325 7ff78704c17c 15346 7ff78704c34c 15325->15346 15328 7ff78704c2c8 15448 7ff78704c67c IsProcessorFeaturePresent 15328->15448 15329 7ff78704c198 __scrt_acquire_startup_lock 15331 7ff78704c2d2 15329->15331 15338 7ff78704c1b6 __scrt_release_startup_lock 15329->15338 15332 7ff78704c67c 7 API calls 15331->15332 15334 7ff78704c2dd __FrameHandler3::FrameUnwindToEmptyState 15332->15334 15333 7ff78704c1db 15335 7ff78704c261 15352 7ff78704c7c8 15335->15352 15337 7ff78704c266 15355 7ff787041000 15337->15355 15338->15333 15338->15335 15437 7ff78705a1bc 15338->15437 15343 7ff78704c289 15343->15334 15444 7ff78704c4e0 15343->15444 15455 7ff78704c94c 15346->15455 15349 7ff78704c190 15349->15328 15349->15329 15350 7ff78704c37b __scrt_initialize_crt 15350->15349 15457 7ff78704da98 15350->15457 15484 7ff78704d1e0 15352->15484 15354 7ff78704c7df GetStartupInfoW 15354->15337 15356 7ff78704100b 15355->15356 15486 7ff7870487b0 15356->15486 15358 7ff78704101d 15493 7ff787055ff8 15358->15493 15360 7ff7870439cb 15500 7ff787041eb0 15360->15500 15364 7ff78704bdc0 _wfindfirst32i64 8 API calls 15365 7ff787043b93 15364->15365 15442 7ff78704c80c GetModuleHandleW 15365->15442 15366 7ff7870439ea 15430 7ff787043ad2 15366->15430 15516 7ff787047b70 15366->15516 15368 7ff787043a1f 15369 7ff787043a6b 15368->15369 15371 7ff787047b70 61 API calls 15368->15371 15531 7ff787048050 15369->15531 15375 7ff787043a40 __vcrt_freefls 15371->15375 15372 7ff787043a80 15535 7ff787041cb0 15372->15535 15375->15369 15379 7ff787048050 58 API calls 15375->15379 15376 7ff787043b4d 15378 7ff787043bad 15376->15378 15590 7ff787048980 15376->15590 15377 7ff787041cb0 121 API calls 15380 7ff787043ab6 15377->15380 15385 7ff787043bfb 15378->15385 15378->15430 15614 7ff787048be0 15378->15614 15379->15369 15383 7ff787043aba 15380->15383 15384 7ff787043ad7 15380->15384 15554 7ff787042b30 15383->15554 15384->15376 15567 7ff787043fe0 15384->15567 15628 7ff787046df0 15385->15628 15387 7ff787043be0 15391 7ff787043b73 15387->15391 15392 7ff787043bee SetDllDirectoryW 15387->15392 15397 7ff787042b30 59 API calls 15391->15397 15392->15385 15396 7ff787043af5 15403 7ff787042b30 59 API calls 15396->15403 15397->15430 15400 7ff787043c15 15426 7ff787043c47 15400->15426 15641 7ff787046600 15400->15641 15401 7ff787043b23 15401->15376 15404 7ff787043b28 15401->15404 15402 7ff787043d06 15721 7ff7870434c0 15402->15721 15403->15430 15586 7ff78705028c 15404->15586 15410 7ff787043d1b 15728 7ff787048950 LocalFree 15410->15728 15411 7ff787043c66 15419 7ff787043ca8 15411->15419 15683 7ff787041ef0 15411->15683 15412 7ff787043c49 15677 7ff787046850 15412->15677 15418 7ff787043d20 15729 7ff787047fe0 15418->15729 15419->15430 15687 7ff787043460 15419->15687 15424 7ff787043d33 15427 7ff787047b70 61 API calls 15424->15427 15425 7ff787043ce1 15429 7ff787046850 FreeLibrary 15425->15429 15426->15402 15426->15411 15428 7ff787043d3f 15427->15428 15736 7ff787048090 15428->15736 15429->15430 15430->15364 15438 7ff78705a1f4 15437->15438 15439 7ff78705a1d3 15437->15439 18246 7ff78705aa68 15438->18246 15439->15335 15443 7ff78704c81d 15442->15443 15443->15343 15445 7ff78704c4f1 15444->15445 15446 7ff78704c2a0 15445->15446 15447 7ff78704da98 __scrt_initialize_crt 7 API calls 15445->15447 15446->15333 15447->15446 15449 7ff78704c6a2 _wfindfirst32i64 memcpy_s 15448->15449 15450 7ff78704c6c1 RtlCaptureContext RtlLookupFunctionEntry 15449->15450 15451 7ff78704c6ea RtlVirtualUnwind 15450->15451 15452 7ff78704c726 memcpy_s 15450->15452 15451->15452 15453 7ff78704c758 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15452->15453 15454 7ff78704c7aa _wfindfirst32i64 15453->15454 15454->15331 15456 7ff78704c36e __scrt_dllmain_crt_thread_attach 15455->15456 15456->15349 15456->15350 15458 7ff78704daaa 15457->15458 15459 7ff78704daa0 15457->15459 15458->15349 15463 7ff78704de14 15459->15463 15464 7ff78704de23 15463->15464 15465 7ff78704daa5 15463->15465 15471 7ff78704e050 15464->15471 15467 7ff78704de80 15465->15467 15468 7ff78704deab 15467->15468 15469 7ff78704de8e DeleteCriticalSection 15468->15469 15470 7ff78704deaf 15468->15470 15469->15468 15470->15458 15475 7ff78704deb8 15471->15475 15476 7ff78704dfd2 TlsFree 15475->15476 15481 7ff78704defc __vcrt_InitializeCriticalSectionEx 15475->15481 15477 7ff78704df2a LoadLibraryExW 15479 7ff78704df4b GetLastError 15477->15479 15480 7ff78704dfa1 15477->15480 15478 7ff78704dfc1 GetProcAddress 15478->15476 15479->15481 15480->15478 15482 7ff78704dfb8 FreeLibrary 15480->15482 15481->15476 15481->15477 15481->15478 15483 7ff78704df6d LoadLibraryExW 15481->15483 15482->15478 15483->15480 15483->15481 15485 7ff78704d1c0 15484->15485 15485->15354 15485->15485 15488 7ff7870487cf 15486->15488 15487 7ff787048820 WideCharToMultiByte 15487->15488 15490 7ff7870488c6 15487->15490 15488->15487 15489 7ff787048874 WideCharToMultiByte 15488->15489 15488->15490 15492 7ff7870487d7 __vcrt_freefls 15488->15492 15489->15488 15489->15490 15773 7ff7870429e0 15490->15773 15492->15358 15496 7ff787060150 15493->15496 15494 7ff7870601a3 15495 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15494->15495 15497 7ff7870601cc 15495->15497 15496->15494 15498 7ff7870601f6 15496->15498 15497->15360 16172 7ff787060028 15498->16172 15501 7ff787041ec5 15500->15501 15502 7ff787041ee0 15501->15502 16180 7ff787042890 15501->16180 15502->15430 15504 7ff787043ed0 15502->15504 15505 7ff78704bd60 15504->15505 15506 7ff787043edc GetModuleFileNameW 15505->15506 15507 7ff787043f0b 15506->15507 15508 7ff787043f22 15506->15508 15510 7ff7870429e0 57 API calls 15507->15510 16220 7ff787048cf0 15508->16220 15511 7ff787043f1e 15510->15511 15514 7ff78704bdc0 _wfindfirst32i64 8 API calls 15511->15514 15513 7ff787042b30 59 API calls 15513->15511 15515 7ff787043f5f 15514->15515 15515->15366 15517 7ff787047b7a 15516->15517 15518 7ff787048be0 57 API calls 15517->15518 15519 7ff787047b9c GetEnvironmentVariableW 15518->15519 15520 7ff787047c06 15519->15520 15521 7ff787047bb4 ExpandEnvironmentStringsW 15519->15521 15522 7ff78704bdc0 _wfindfirst32i64 8 API calls 15520->15522 15523 7ff787048cf0 59 API calls 15521->15523 15524 7ff787047c18 15522->15524 15525 7ff787047bdc 15523->15525 15524->15368 15525->15520 15526 7ff787047be6 15525->15526 16231 7ff78705aa9c 15526->16231 15529 7ff78704bdc0 _wfindfirst32i64 8 API calls 15530 7ff787047bfe 15529->15530 15530->15368 15532 7ff787048be0 57 API calls 15531->15532 15533 7ff787048067 SetEnvironmentVariableW 15532->15533 15534 7ff78704807f __vcrt_freefls 15533->15534 15534->15372 15536 7ff787041cbe 15535->15536 15537 7ff787041ef0 49 API calls 15536->15537 15538 7ff787041cf4 15537->15538 15539 7ff787041dde 15538->15539 15540 7ff787041ef0 49 API calls 15538->15540 15542 7ff78704bdc0 _wfindfirst32i64 8 API calls 15539->15542 15541 7ff787041d1a 15540->15541 15541->15539 16238 7ff787041aa0 15541->16238 15543 7ff787041e6c 15542->15543 15543->15376 15543->15377 15547 7ff787041dcc 15548 7ff787043e50 49 API calls 15547->15548 15548->15539 15549 7ff787041d8f 15549->15547 15550 7ff787041e34 15549->15550 15551 7ff787043e50 49 API calls 15550->15551 15552 7ff787041e41 15551->15552 16274 7ff787044060 15552->16274 15555 7ff787042b50 15554->15555 15556 7ff787054bc4 49 API calls 15555->15556 15557 7ff787042b9b memcpy_s 15556->15557 15558 7ff787048be0 57 API calls 15557->15558 15559 7ff787042bd0 15558->15559 15560 7ff787042c0d MessageBoxA 15559->15560 15561 7ff787042bd5 15559->15561 15562 7ff787042c27 15560->15562 15563 7ff787048be0 57 API calls 15561->15563 15565 7ff78704bdc0 _wfindfirst32i64 8 API calls 15562->15565 15564 7ff787042bef MessageBoxW 15563->15564 15564->15562 15566 7ff787042c37 15565->15566 15566->15430 15568 7ff787043fec 15567->15568 15569 7ff787048be0 57 API calls 15568->15569 15570 7ff787044017 15569->15570 15571 7ff787048be0 57 API calls 15570->15571 15572 7ff78704402a 15571->15572 16316 7ff7870565a8 15572->16316 15575 7ff78704bdc0 _wfindfirst32i64 8 API calls 15576 7ff787043aed 15575->15576 15576->15396 15577 7ff7870482c0 15576->15577 15578 7ff7870482e4 15577->15578 15579 7ff787050914 73 API calls 15578->15579 15584 7ff7870483bb __vcrt_freefls 15578->15584 15580 7ff7870482fe 15579->15580 15580->15584 16733 7ff787059170 15580->16733 15584->15401 15587 7ff7870502bc 15586->15587 16748 7ff787050068 15587->16748 15591 7ff787048995 15590->15591 16759 7ff787048660 GetCurrentProcess OpenProcessToken 15591->16759 15594 7ff787048660 7 API calls 15595 7ff7870489c1 15594->15595 15596 7ff7870489da 15595->15596 15597 7ff7870489f4 15595->15597 16769 7ff787048750 15596->16769 15599 7ff787048750 48 API calls 15597->15599 15601 7ff787048a07 LocalFree LocalFree 15599->15601 15602 7ff787048a23 15601->15602 15604 7ff787048a2f 15601->15604 16773 7ff787042c50 15602->16773 15605 7ff78704bdc0 _wfindfirst32i64 8 API calls 15604->15605 15606 7ff787043b6e 15605->15606 15606->15391 15607 7ff7870414f0 15606->15607 15610 7ff78704157f 15607->15610 15612 7ff787041506 15607->15612 15610->15378 16980 7ff787047960 15612->16980 15615 7ff787048c87 MultiByteToWideChar 15614->15615 15616 7ff787048c01 MultiByteToWideChar 15614->15616 15617 7ff787048caa 15615->15617 15618 7ff787048ccf 15615->15618 15619 7ff787048c4c 15616->15619 15620 7ff787048c27 15616->15620 15621 7ff7870429e0 55 API calls 15617->15621 15618->15387 15619->15615 15625 7ff787048c62 15619->15625 15622 7ff7870429e0 55 API calls 15620->15622 15623 7ff787048cbd 15621->15623 15624 7ff787048c3a 15622->15624 15623->15387 15624->15387 15626 7ff7870429e0 55 API calls 15625->15626 15627 7ff787048c75 15626->15627 15627->15387 15629 7ff787046e05 15628->15629 15630 7ff787043c00 15629->15630 15631 7ff787042890 59 API calls 15629->15631 15630->15426 15632 7ff787046aa0 15630->15632 15631->15630 15633 7ff787046ada 15632->15633 15634 7ff787046ac3 15632->15634 15633->15400 15634->15633 17302 7ff7870415a0 15634->17302 15636 7ff787046ae4 15636->15633 15637 7ff787044060 49 API calls 15636->15637 15639 7ff787046b45 15637->15639 15638 7ff787042b30 59 API calls 15638->15633 15639->15638 15640 7ff787046bb5 memcpy_s __vcrt_freefls 15639->15640 15640->15400 15642 7ff78704661a memcpy_s 15641->15642 15643 7ff78704673f 15642->15643 15645 7ff78704675b 15642->15645 15649 7ff787044060 49 API calls 15642->15649 15650 7ff787046720 15642->15650 15659 7ff787046741 15642->15659 17348 7ff787041950 15642->17348 17352 7ff787041710 15642->17352 15646 7ff787044060 49 API calls 15643->15646 15648 7ff787042b30 59 API calls 15645->15648 15647 7ff7870467b8 15646->15647 15651 7ff787044060 49 API calls 15647->15651 15654 7ff787046751 __vcrt_freefls 15648->15654 15649->15642 15650->15643 15652 7ff787044060 49 API calls 15650->15652 15653 7ff7870467e8 15651->15653 15652->15643 15657 7ff787044060 49 API calls 15653->15657 15655 7ff78704bdc0 _wfindfirst32i64 8 API calls 15654->15655 15656 7ff787043c26 15655->15656 15656->15412 15661 7ff787046580 15656->15661 15657->15654 15660 7ff787042b30 59 API calls 15659->15660 15660->15654 17531 7ff787048270 15661->17531 15663 7ff78704659c 15664 7ff787048270 58 API calls 15663->15664 15665 7ff7870465af 15664->15665 15666 7ff7870465e5 15665->15666 15667 7ff7870465c7 15665->15667 15668 7ff787042b30 59 API calls 15666->15668 17535 7ff787046f00 GetProcAddress 15667->17535 15670 7ff787043c34 15668->15670 15670->15412 15681 7ff78704688d 15677->15681 15682 7ff787046862 15677->15682 15678 7ff78704694b 15678->15681 17595 7ff787048250 FreeLibrary 15678->17595 15681->15426 15682->15678 15682->15681 17594 7ff787048250 FreeLibrary 15682->17594 15684 7ff787041f15 15683->15684 15685 7ff787054bc4 49 API calls 15684->15685 15686 7ff787041f38 15685->15686 15686->15419 17596 7ff787045bd0 15687->17596 15690 7ff7870434ad 15690->15425 15692 7ff787043484 15692->15690 15722 7ff787043574 15721->15722 15726 7ff787043533 15721->15726 15723 7ff78704bdc0 _wfindfirst32i64 8 API calls 15722->15723 15724 7ff7870435c5 15723->15724 15724->15410 15724->15430 15726->15722 15727 7ff787041710 135 API calls 15726->15727 17919 7ff787042d70 15726->17919 15727->15726 15728->15418 15730 7ff787048be0 57 API calls 15729->15730 15731 7ff787047fff 15730->15731 15732 7ff787048be0 57 API calls 15731->15732 15733 7ff78704800f 15732->15733 15734 7ff787057eec 38 API calls 15733->15734 15735 7ff78704801d __vcrt_freefls 15734->15735 15735->15424 15737 7ff7870480a0 15736->15737 15792 7ff78704bd60 15773->15792 15776 7ff787042a29 15794 7ff787054bc4 15776->15794 15781 7ff787041ef0 49 API calls 15782 7ff787042a86 memcpy_s 15781->15782 15783 7ff787048be0 54 API calls 15782->15783 15784 7ff787042abb 15783->15784 15785 7ff787042af8 MessageBoxA 15784->15785 15786 7ff787042ac0 15784->15786 15787 7ff787042b12 15785->15787 15788 7ff787048be0 54 API calls 15786->15788 15789 7ff78704bdc0 _wfindfirst32i64 8 API calls 15787->15789 15790 7ff787042ada MessageBoxW 15788->15790 15791 7ff787042b22 15789->15791 15790->15787 15791->15492 15793 7ff7870429fc GetLastError 15792->15793 15793->15776 15796 7ff787054c1e 15794->15796 15795 7ff787054c43 15797 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15795->15797 15796->15795 15798 7ff787054c7f 15796->15798 15800 7ff787054c6d 15797->15800 15824 7ff787052e50 15798->15824 15801 7ff78704bdc0 _wfindfirst32i64 8 API calls 15800->15801 15804 7ff787042a57 15801->15804 15802 7ff78705b00c __free_lconv_mon 11 API calls 15802->15800 15803 7ff787054d28 15806 7ff787054d5c 15803->15806 15811 7ff787054d31 15803->15811 15812 7ff787048570 15804->15812 15806->15802 15807 7ff787054d80 15807->15806 15808 7ff787054d8a 15807->15808 15810 7ff78705b00c __free_lconv_mon 11 API calls 15808->15810 15809 7ff78705b00c __free_lconv_mon 11 API calls 15809->15800 15810->15800 15811->15809 15813 7ff78704857c 15812->15813 15814 7ff78704859d FormatMessageW 15813->15814 15815 7ff787048597 GetLastError 15813->15815 15816 7ff7870485ec WideCharToMultiByte 15814->15816 15817 7ff7870485d0 15814->15817 15815->15814 15819 7ff787048626 15816->15819 15820 7ff7870485e3 15816->15820 15818 7ff7870429e0 54 API calls 15817->15818 15818->15820 15821 7ff7870429e0 54 API calls 15819->15821 15822 7ff78704bdc0 _wfindfirst32i64 8 API calls 15820->15822 15821->15820 15823 7ff787042a5e 15822->15823 15823->15781 15825 7ff787052e8e 15824->15825 15826 7ff787052e7e 15824->15826 15827 7ff787052e97 15825->15827 15834 7ff787052ec5 15825->15834 15830 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15826->15830 15828 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15827->15828 15829 7ff787052ebd 15828->15829 15829->15803 15829->15806 15829->15807 15829->15811 15830->15829 15832 7ff787053174 15836 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15832->15836 15834->15826 15834->15829 15834->15832 15838 7ff7870537e0 15834->15838 15864 7ff7870534a8 15834->15864 15894 7ff787052d30 15834->15894 15897 7ff787054a00 15834->15897 15836->15826 15839 7ff787053895 15838->15839 15840 7ff787053822 15838->15840 15841 7ff78705389a 15839->15841 15842 7ff7870538ef 15839->15842 15843 7ff787053828 15840->15843 15844 7ff7870538bf 15840->15844 15845 7ff78705389c 15841->15845 15846 7ff7870538cf 15841->15846 15842->15844 15854 7ff7870538fe 15842->15854 15862 7ff787053858 15842->15862 15851 7ff78705382d 15843->15851 15843->15854 15921 7ff787051d90 15844->15921 15847 7ff78705383d 15845->15847 15853 7ff7870538ab 15845->15853 15928 7ff787051980 15846->15928 15863 7ff78705392d 15847->15863 15903 7ff787054144 15847->15903 15851->15847 15852 7ff787053870 15851->15852 15851->15862 15852->15863 15913 7ff787054600 15852->15913 15853->15844 15856 7ff7870538b0 15853->15856 15854->15863 15935 7ff7870521a0 15854->15935 15856->15863 15917 7ff787054798 15856->15917 15858 7ff78704bdc0 _wfindfirst32i64 8 API calls 15860 7ff787053bc3 15858->15860 15860->15834 15862->15863 15942 7ff78705ef18 15862->15942 15863->15858 15865 7ff7870534b3 15864->15865 15866 7ff7870534c9 15864->15866 15867 7ff787053895 15865->15867 15868 7ff787053822 15865->15868 15883 7ff787053507 15865->15883 15869 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15866->15869 15866->15883 15870 7ff78705389a 15867->15870 15871 7ff7870538ef 15867->15871 15872 7ff787053828 15868->15872 15873 7ff7870538bf 15868->15873 15869->15883 15874 7ff78705389c 15870->15874 15875 7ff7870538cf 15870->15875 15871->15873 15884 7ff7870538fe 15871->15884 15892 7ff787053858 15871->15892 15880 7ff78705382d 15872->15880 15872->15884 15877 7ff787051d90 38 API calls 15873->15877 15876 7ff78705383d 15874->15876 15881 7ff7870538ab 15874->15881 15878 7ff787051980 38 API calls 15875->15878 15879 7ff787054144 47 API calls 15876->15879 15893 7ff78705392d 15876->15893 15877->15892 15878->15892 15879->15892 15880->15876 15882 7ff787053870 15880->15882 15880->15892 15881->15873 15886 7ff7870538b0 15881->15886 15887 7ff787054600 47 API calls 15882->15887 15882->15893 15883->15834 15885 7ff7870521a0 38 API calls 15884->15885 15884->15893 15885->15892 15889 7ff787054798 37 API calls 15886->15889 15886->15893 15887->15892 15888 7ff78704bdc0 _wfindfirst32i64 8 API calls 15890 7ff787053bc3 15888->15890 15889->15892 15890->15834 15891 7ff78705ef18 47 API calls 15891->15892 15892->15891 15892->15893 15893->15888 16100 7ff787050f54 15894->16100 15898 7ff787054a17 15897->15898 16117 7ff78705e078 15898->16117 15904 7ff787054166 15903->15904 15952 7ff787050dc0 15904->15952 15908 7ff78705432c 15908->15862 15909 7ff7870542a3 15909->15908 15912 7ff787054a00 45 API calls 15909->15912 15911 7ff787054a00 45 API calls 15911->15909 15912->15908 15914 7ff787054680 15913->15914 15915 7ff787054618 15913->15915 15914->15862 15915->15914 15916 7ff78705ef18 47 API calls 15915->15916 15916->15914 15920 7ff7870547b9 15917->15920 15918 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15919 7ff7870547ea 15918->15919 15919->15862 15920->15918 15920->15919 15922 7ff787051dc3 15921->15922 15923 7ff787051df2 15922->15923 15925 7ff787051eaf 15922->15925 15924 7ff787050dc0 12 API calls 15923->15924 15927 7ff787051e2f 15923->15927 15924->15927 15926 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15925->15926 15926->15927 15927->15862 15929 7ff7870519b3 15928->15929 15930 7ff7870519e2 15929->15930 15932 7ff787051a9f 15929->15932 15931 7ff787050dc0 12 API calls 15930->15931 15934 7ff787051a1f 15930->15934 15931->15934 15933 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15932->15933 15933->15934 15934->15862 15936 7ff7870521d3 15935->15936 15937 7ff787052202 15936->15937 15939 7ff7870522bf 15936->15939 15938 7ff787050dc0 12 API calls 15937->15938 15941 7ff78705223f 15937->15941 15938->15941 15940 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15939->15940 15940->15941 15941->15862 15943 7ff78705ef40 15942->15943 15944 7ff787054a00 45 API calls 15943->15944 15945 7ff78705ef85 15943->15945 15948 7ff78705ef45 memcpy_s 15943->15948 15950 7ff78705ef6e memcpy_s 15943->15950 15944->15945 15945->15948 15945->15950 16097 7ff7870605c8 15945->16097 15946 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15946->15948 15948->15862 15950->15946 15950->15948 15953 7ff787050df7 15952->15953 15959 7ff787050de6 15952->15959 15953->15959 15982 7ff78705dcbc 15953->15982 15956 7ff78705b00c __free_lconv_mon 11 API calls 15958 7ff787050e38 15956->15958 15957 7ff78705b00c __free_lconv_mon 11 API calls 15957->15959 15958->15957 15960 7ff78705ec30 15959->15960 15961 7ff78705ec4d 15960->15961 15962 7ff78705ec80 15960->15962 15963 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 15961->15963 15962->15961 15964 7ff78705ecb2 15962->15964 15972 7ff787054281 15963->15972 15970 7ff78705edc5 15964->15970 15977 7ff78705ecfa 15964->15977 15965 7ff78705eeb7 16022 7ff78705e11c 15965->16022 15967 7ff78705ee7d 16015 7ff78705e4b4 15967->16015 15969 7ff78705ee4c 16008 7ff78705e794 15969->16008 15970->15965 15970->15967 15970->15969 15971 7ff78705ee0f 15970->15971 15974 7ff78705ee05 15970->15974 15998 7ff78705e9c4 15971->15998 15972->15909 15972->15911 15974->15967 15976 7ff78705ee0a 15974->15976 15976->15969 15976->15971 15977->15972 15989 7ff78705ab3c 15977->15989 15980 7ff78705afc4 _wfindfirst32i64 17 API calls 15981 7ff78705ef14 15980->15981 15983 7ff78705dd07 15982->15983 15988 7ff78705dccb _findclose 15982->15988 15984 7ff7870555c4 _findclose 11 API calls 15983->15984 15986 7ff787050e24 15984->15986 15985 7ff78705dcee HeapAlloc 15985->15986 15985->15988 15986->15956 15986->15958 15987 7ff787063d00 _findclose 2 API calls 15987->15988 15988->15983 15988->15985 15988->15987 15990 7ff78705ab49 15989->15990 15991 7ff78705ab53 15989->15991 15990->15991 15995 7ff78705ab6e 15990->15995 15992 7ff7870555c4 _findclose 11 API calls 15991->15992 15997 7ff78705ab5a 15992->15997 15994 7ff78705ab66 15994->15972 15994->15980 15995->15994 15996 7ff7870555c4 _findclose 11 API calls 15995->15996 15996->15997 16031 7ff78705afa4 15997->16031 16033 7ff78706481c 15998->16033 16002 7ff78705ea6c 16003 7ff78705ea70 16002->16003 16004 7ff78705eac1 16002->16004 16006 7ff78705ea8c 16002->16006 16003->15972 16086 7ff78705e5b0 16004->16086 16082 7ff78705e86c 16006->16082 16009 7ff78706481c 38 API calls 16008->16009 16010 7ff78705e7de 16009->16010 16011 7ff787064264 37 API calls 16010->16011 16012 7ff78705e82e 16011->16012 16013 7ff78705e832 16012->16013 16014 7ff78705e86c 45 API calls 16012->16014 16013->15972 16014->16013 16016 7ff78706481c 38 API calls 16015->16016 16017 7ff78705e4ff 16016->16017 16018 7ff787064264 37 API calls 16017->16018 16019 7ff78705e557 16018->16019 16020 7ff78705e55b 16019->16020 16021 7ff78705e5b0 45 API calls 16019->16021 16020->15972 16021->16020 16023 7ff78705e194 16022->16023 16024 7ff78705e161 16022->16024 16026 7ff78705e1ac 16023->16026 16028 7ff78705e22d 16023->16028 16025 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16024->16025 16030 7ff78705e18d memcpy_s 16025->16030 16027 7ff78705e4b4 46 API calls 16026->16027 16027->16030 16029 7ff787054a00 45 API calls 16028->16029 16028->16030 16029->16030 16030->15972 16032 7ff78705ae3c _invalid_parameter_noinfo 37 API calls 16031->16032 16034 7ff78706486f fegetenv 16033->16034 16035 7ff78706877c 37 API calls 16034->16035 16038 7ff7870648c2 16035->16038 16036 7ff7870649b2 16039 7ff78706877c 37 API calls 16036->16039 16037 7ff7870648ef 16041 7ff78705ab3c __std_exception_copy 37 API calls 16037->16041 16038->16036 16042 7ff78706498c 16038->16042 16043 7ff7870648dd 16038->16043 16040 7ff7870649dc 16039->16040 16044 7ff78706877c 37 API calls 16040->16044 16045 7ff78706496d 16041->16045 16046 7ff78705ab3c __std_exception_copy 37 API calls 16042->16046 16043->16036 16043->16037 16047 7ff7870649ed 16044->16047 16048 7ff787065a94 16045->16048 16053 7ff787064975 16045->16053 16046->16045 16050 7ff787068970 20 API calls 16047->16050 16049 7ff78705afc4 _wfindfirst32i64 17 API calls 16048->16049 16051 7ff787065aa9 16049->16051 16060 7ff787064a56 memcpy_s 16050->16060 16052 7ff78704bdc0 _wfindfirst32i64 8 API calls 16054 7ff78705ea11 16052->16054 16053->16052 16078 7ff787064264 16054->16078 16055 7ff787064dff memcpy_s 16056 7ff78706513f 16057 7ff787064380 37 API calls 16056->16057 16064 7ff787065857 16057->16064 16058 7ff787064a97 memcpy_s 16073 7ff7870653db memcpy_s 16058->16073 16074 7ff787064ef3 memcpy_s 16058->16074 16059 7ff7870650eb 16059->16056 16061 7ff787065aac memcpy_s 37 API calls 16059->16061 16060->16055 16060->16058 16062 7ff7870555c4 _findclose 11 API calls 16060->16062 16061->16056 16063 7ff787064ed0 16062->16063 16065 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16063->16065 16067 7ff787065aac memcpy_s 37 API calls 16064->16067 16077 7ff7870658b2 16064->16077 16065->16058 16066 7ff787065a38 16069 7ff78706877c 37 API calls 16066->16069 16067->16077 16068 7ff7870555c4 11 API calls _findclose 16068->16073 16069->16053 16070 7ff7870555c4 11 API calls _findclose 16070->16074 16071 7ff78705afa4 37 API calls _invalid_parameter_noinfo 16071->16073 16072 7ff78705afa4 37 API calls _invalid_parameter_noinfo 16072->16074 16073->16056 16073->16059 16073->16068 16073->16071 16074->16059 16074->16070 16074->16072 16075 7ff787064380 37 API calls 16075->16077 16076 7ff787065aac memcpy_s 37 API calls 16076->16077 16077->16066 16077->16075 16077->16076 16079 7ff787064283 16078->16079 16080 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16079->16080 16081 7ff7870642ae memcpy_s 16079->16081 16080->16081 16081->16002 16083 7ff78705e898 memcpy_s 16082->16083 16084 7ff787054a00 45 API calls 16083->16084 16085 7ff78705e952 memcpy_s 16083->16085 16084->16085 16085->16003 16087 7ff78705e5eb 16086->16087 16090 7ff78705e638 memcpy_s 16086->16090 16088 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16087->16088 16089 7ff78705e617 16088->16089 16089->16003 16091 7ff78705e6a3 16090->16091 16093 7ff787054a00 45 API calls 16090->16093 16092 7ff78705ab3c __std_exception_copy 37 API calls 16091->16092 16096 7ff78705e6e5 memcpy_s 16092->16096 16093->16091 16094 7ff78705afc4 _wfindfirst32i64 17 API calls 16095 7ff78705e790 16094->16095 16096->16094 16099 7ff7870605ec WideCharToMultiByte 16097->16099 16101 7ff787050f93 16100->16101 16102 7ff787050f81 16100->16102 16105 7ff787050fa0 16101->16105 16108 7ff787050fdd 16101->16108 16103 7ff7870555c4 _findclose 11 API calls 16102->16103 16104 7ff787050f86 16103->16104 16106 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16104->16106 16107 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16105->16107 16112 7ff787050f91 16106->16112 16107->16112 16109 7ff787051086 16108->16109 16110 7ff7870555c4 _findclose 11 API calls 16108->16110 16111 7ff7870555c4 _findclose 11 API calls 16109->16111 16109->16112 16113 7ff78705107b 16110->16113 16114 7ff787051130 16111->16114 16112->15834 16115 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16113->16115 16116 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16114->16116 16115->16109 16116->16112 16118 7ff787054a3f 16117->16118 16119 7ff78705e091 16117->16119 16121 7ff78705e0e4 16118->16121 16119->16118 16125 7ff787063a74 16119->16125 16122 7ff787054a4f 16121->16122 16123 7ff78705e0fd 16121->16123 16122->15834 16123->16122 16169 7ff787062dc0 16123->16169 16137 7ff78705b810 GetLastError 16125->16137 16128 7ff787063ace 16128->16118 16138 7ff78705b834 FlsGetValue 16137->16138 16139 7ff78705b851 FlsSetValue 16137->16139 16140 7ff78705b84b 16138->16140 16156 7ff78705b841 16138->16156 16141 7ff78705b863 16139->16141 16139->16156 16140->16139 16143 7ff78705f258 _findclose 11 API calls 16141->16143 16142 7ff78705b8bd SetLastError 16144 7ff78705b8dd 16142->16144 16145 7ff78705b8ca 16142->16145 16146 7ff78705b872 16143->16146 16160 7ff78705ab9c 16144->16160 16145->16128 16159 7ff787060db8 EnterCriticalSection 16145->16159 16148 7ff78705b890 FlsSetValue 16146->16148 16149 7ff78705b880 FlsSetValue 16146->16149 16152 7ff78705b89c FlsSetValue 16148->16152 16153 7ff78705b8ae 16148->16153 16151 7ff78705b889 16149->16151 16154 7ff78705b00c __free_lconv_mon 11 API calls 16151->16154 16152->16151 16155 7ff78705b5b8 _findclose 11 API calls 16153->16155 16154->16156 16157 7ff78705b8b6 16155->16157 16156->16142 16158 7ff78705b00c __free_lconv_mon 11 API calls 16157->16158 16158->16142 16161 7ff787063dc0 __FrameHandler3::FrameUnwindToEmptyState EnterCriticalSection LeaveCriticalSection 16160->16161 16162 7ff78705aba5 16161->16162 16163 7ff78705abb4 16162->16163 16164 7ff787063e10 __FrameHandler3::FrameUnwindToEmptyState 44 API calls 16162->16164 16165 7ff78705abbd IsProcessorFeaturePresent 16163->16165 16166 7ff78705abe7 __FrameHandler3::FrameUnwindToEmptyState 16163->16166 16164->16163 16167 7ff78705abcc 16165->16167 16168 7ff78705acd8 _wfindfirst32i64 14 API calls 16167->16168 16168->16166 16170 7ff78705b810 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16169->16170 16171 7ff787062dc9 16170->16171 16179 7ff78705546c EnterCriticalSection 16172->16179 16181 7ff7870428ac 16180->16181 16182 7ff787054bc4 49 API calls 16181->16182 16183 7ff7870428fd 16182->16183 16184 7ff7870555c4 _findclose 11 API calls 16183->16184 16185 7ff787042902 16184->16185 16199 7ff7870555e4 16185->16199 16188 7ff787041ef0 49 API calls 16189 7ff787042931 memcpy_s 16188->16189 16190 7ff787048be0 57 API calls 16189->16190 16191 7ff787042966 16190->16191 16192 7ff78704296b 16191->16192 16193 7ff7870429a3 MessageBoxA 16191->16193 16195 7ff787048be0 57 API calls 16192->16195 16194 7ff7870429bd 16193->16194 16197 7ff78704bdc0 _wfindfirst32i64 8 API calls 16194->16197 16196 7ff787042985 MessageBoxW 16195->16196 16196->16194 16198 7ff7870429cd 16197->16198 16198->15502 16200 7ff78705b988 _findclose 11 API calls 16199->16200 16202 7ff7870555fb 16200->16202 16201 7ff787042909 16201->16188 16202->16201 16203 7ff78705f258 _findclose 11 API calls 16202->16203 16205 7ff78705563b 16202->16205 16204 7ff787055630 16203->16204 16206 7ff78705b00c __free_lconv_mon 11 API calls 16204->16206 16205->16201 16211 7ff78705f928 16205->16211 16206->16205 16209 7ff78705afc4 _wfindfirst32i64 17 API calls 16210 7ff787055680 16209->16210 16216 7ff78705f945 16211->16216 16212 7ff78705f94a 16213 7ff787055661 16212->16213 16214 7ff7870555c4 _findclose 11 API calls 16212->16214 16213->16201 16213->16209 16215 7ff78705f954 16214->16215 16217 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16215->16217 16216->16212 16216->16213 16218 7ff78705f994 16216->16218 16217->16213 16218->16213 16219 7ff7870555c4 _findclose 11 API calls 16218->16219 16219->16215 16221 7ff787048d14 WideCharToMultiByte 16220->16221 16222 7ff787048d82 WideCharToMultiByte 16220->16222 16224 7ff787048d3e 16221->16224 16225 7ff787048d55 16221->16225 16223 7ff787048daf 16222->16223 16228 7ff787043f35 16222->16228 16226 7ff7870429e0 57 API calls 16223->16226 16227 7ff7870429e0 57 API calls 16224->16227 16225->16222 16229 7ff787048d6b 16225->16229 16226->16228 16227->16228 16228->15511 16228->15513 16230 7ff7870429e0 57 API calls 16229->16230 16230->16228 16232 7ff78705aab3 16231->16232 16235 7ff787047bee 16231->16235 16233 7ff78705ab3c __std_exception_copy 37 API calls 16232->16233 16232->16235 16234 7ff78705aae0 16233->16234 16234->16235 16236 7ff78705afc4 _wfindfirst32i64 17 API calls 16234->16236 16235->15529 16237 7ff78705ab10 16236->16237 16239 7ff787043fe0 116 API calls 16238->16239 16240 7ff787041ad6 16239->16240 16241 7ff787041c84 16240->16241 16243 7ff7870482c0 83 API calls 16240->16243 16242 7ff78704bdc0 _wfindfirst32i64 8 API calls 16241->16242 16244 7ff787041c98 16242->16244 16245 7ff787041b0e 16243->16245 16244->15539 16271 7ff787043e50 16244->16271 16269 7ff787041b3f 16245->16269 16277 7ff787050914 16245->16277 16246 7ff78705028c 74 API calls 16246->16241 16248 7ff787041b28 16249 7ff787041b2c 16248->16249 16250 7ff787041b44 16248->16250 16251 7ff787042890 59 API calls 16249->16251 16281 7ff7870505dc 16250->16281 16251->16269 16254 7ff787041b77 16257 7ff787050914 73 API calls 16254->16257 16255 7ff787041b5f 16256 7ff787042890 59 API calls 16255->16256 16256->16269 16258 7ff787041bc4 16257->16258 16259 7ff787041bee 16258->16259 16260 7ff787041bd6 16258->16260 16261 7ff7870505dc _fread_nolock 53 API calls 16259->16261 16262 7ff787042890 59 API calls 16260->16262 16263 7ff787041c03 16261->16263 16262->16269 16264 7ff787041c09 16263->16264 16265 7ff787041c1e 16263->16265 16266 7ff787042890 59 API calls 16264->16266 16284 7ff787050350 16265->16284 16266->16269 16269->16246 16270 7ff787042b30 59 API calls 16270->16269 16272 7ff787041ef0 49 API calls 16271->16272 16273 7ff787043e6d 16272->16273 16273->15549 16275 7ff787041ef0 49 API calls 16274->16275 16276 7ff787044090 16275->16276 16276->15539 16278 7ff787050944 16277->16278 16290 7ff7870506a4 16278->16290 16280 7ff78705095d 16280->16248 16302 7ff7870505fc 16281->16302 16285 7ff787050359 16284->16285 16286 7ff787041c32 16284->16286 16287 7ff7870555c4 _findclose 11 API calls 16285->16287 16286->16269 16286->16270 16288 7ff78705035e 16287->16288 16289 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16288->16289 16289->16286 16291 7ff78705070e 16290->16291 16292 7ff7870506ce 16290->16292 16291->16292 16294 7ff78705071a 16291->16294 16293 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16292->16293 16300 7ff7870506f5 16293->16300 16301 7ff78705546c EnterCriticalSection 16294->16301 16300->16280 16303 7ff787041b59 16302->16303 16304 7ff787050626 16302->16304 16303->16254 16303->16255 16304->16303 16305 7ff787050635 memcpy_s 16304->16305 16306 7ff787050672 16304->16306 16308 7ff7870555c4 _findclose 11 API calls 16305->16308 16315 7ff78705546c EnterCriticalSection 16306->16315 16311 7ff78705064a 16308->16311 16313 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16311->16313 16313->16303 16317 7ff7870564dc 16316->16317 16318 7ff787056502 16317->16318 16321 7ff787056535 16317->16321 16319 7ff7870555c4 _findclose 11 API calls 16318->16319 16320 7ff787056507 16319->16320 16322 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16320->16322 16323 7ff78705653b 16321->16323 16324 7ff787056548 16321->16324 16326 7ff787044039 16322->16326 16327 7ff7870555c4 _findclose 11 API calls 16323->16327 16335 7ff78705b2ec 16324->16335 16326->15575 16327->16326 16348 7ff787060db8 EnterCriticalSection 16335->16348 16734 7ff7870591a0 16733->16734 16737 7ff787058c7c 16734->16737 16738 7ff787058c97 16737->16738 16739 7ff787058cc6 16737->16739 16740 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16738->16740 16747 7ff78705546c EnterCriticalSection 16739->16747 16744 7ff787058cb7 16740->16744 16749 7ff787050083 16748->16749 16750 7ff7870500b1 16748->16750 16751 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16749->16751 16753 7ff7870500a3 16750->16753 16758 7ff78705546c EnterCriticalSection 16750->16758 16751->16753 16760 7ff78704869f GetTokenInformation 16759->16760 16761 7ff787048721 __vcrt_freefls 16759->16761 16762 7ff7870486cb 16760->16762 16763 7ff7870486c0 GetLastError 16760->16763 16764 7ff78704873a 16761->16764 16765 7ff787048734 CloseHandle 16761->16765 16762->16761 16766 7ff7870486e7 GetTokenInformation 16762->16766 16763->16761 16763->16762 16764->15594 16765->16764 16766->16761 16768 7ff78704870a 16766->16768 16767 7ff787048714 ConvertSidToStringSidW 16767->16761 16768->16761 16768->16767 16770 7ff787048775 16769->16770 16786 7ff787054e18 16770->16786 16774 7ff787042c70 16773->16774 16775 7ff787054bc4 49 API calls 16774->16775 16776 7ff787042cbb memcpy_s 16775->16776 16777 7ff787048be0 57 API calls 16776->16777 16778 7ff787042cf0 16777->16778 16779 7ff787042d2d MessageBoxA 16778->16779 16780 7ff787042cf5 16778->16780 16782 7ff787042d47 16779->16782 16781 7ff787048be0 57 API calls 16780->16781 16783 7ff787042d0f MessageBoxW 16781->16783 16784 7ff78704bdc0 _wfindfirst32i64 8 API calls 16782->16784 16783->16782 16785 7ff787042d57 16784->16785 16785->15604 16788 7ff787054e72 16786->16788 16787 7ff787054e97 16790 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16787->16790 16788->16787 16789 7ff787054ed3 16788->16789 16804 7ff7870531d0 16789->16804 16792 7ff787054ec1 16790->16792 16794 7ff78704bdc0 _wfindfirst32i64 8 API calls 16792->16794 16797 7ff787048798 16794->16797 16795 7ff78705b00c __free_lconv_mon 11 API calls 16795->16792 16796 7ff787054fb4 16796->16795 16797->15601 16798 7ff787054f89 16801 7ff78705b00c __free_lconv_mon 11 API calls 16798->16801 16799 7ff787054fda 16799->16796 16800 7ff787054fe4 16799->16800 16803 7ff78705b00c __free_lconv_mon 11 API calls 16800->16803 16801->16792 16802 7ff787054f80 16802->16796 16802->16798 16803->16792 16805 7ff78705320e 16804->16805 16806 7ff7870531fe 16804->16806 16807 7ff787053217 16805->16807 16812 7ff787053245 16805->16812 16808 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16806->16808 16809 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16807->16809 16810 7ff78705323d 16808->16810 16809->16810 16810->16796 16810->16798 16810->16799 16810->16802 16812->16806 16812->16810 16815 7ff787053be4 16812->16815 16848 7ff787053630 16812->16848 16885 7ff787052dc0 16812->16885 16816 7ff787053c97 16815->16816 16817 7ff787053c26 16815->16817 16820 7ff787053c9c 16816->16820 16821 7ff787053cf0 16816->16821 16818 7ff787053c2c 16817->16818 16819 7ff787053cc1 16817->16819 16822 7ff787053c60 16818->16822 16823 7ff787053c31 16818->16823 16904 7ff787051f94 16819->16904 16824 7ff787053c9e 16820->16824 16825 7ff787053cd1 16820->16825 16826 7ff787053d07 16821->16826 16827 7ff787053cfa 16821->16827 16832 7ff787053cff 16821->16832 16829 7ff787053c37 16822->16829 16822->16832 16823->16826 16823->16829 16830 7ff787053c40 16824->16830 16835 7ff787053cad 16824->16835 16911 7ff787051b84 16825->16911 16918 7ff7870548ec 16826->16918 16827->16819 16827->16832 16829->16830 16836 7ff787053c72 16829->16836 16845 7ff787053c5b 16829->16845 16846 7ff787053d30 16830->16846 16888 7ff787054398 16830->16888 16832->16846 16922 7ff7870523a4 16832->16922 16835->16819 16838 7ff787053cb2 16835->16838 16836->16846 16898 7ff7870546d4 16836->16898 16841 7ff787054798 37 API calls 16838->16841 16838->16846 16840 7ff78704bdc0 _wfindfirst32i64 8 API calls 16842 7ff78705402a 16840->16842 16841->16845 16842->16812 16843 7ff787054a00 45 API calls 16847 7ff787053f1c 16843->16847 16845->16843 16845->16846 16845->16847 16846->16840 16847->16846 16929 7ff78705f0c8 16847->16929 16849 7ff78705363e 16848->16849 16850 7ff787053654 16848->16850 16851 7ff787053694 16849->16851 16852 7ff787053c97 16849->16852 16853 7ff787053c26 16849->16853 16850->16851 16854 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16850->16854 16851->16812 16857 7ff787053c9c 16852->16857 16858 7ff787053cf0 16852->16858 16855 7ff787053c2c 16853->16855 16856 7ff787053cc1 16853->16856 16854->16851 16859 7ff787053c60 16855->16859 16860 7ff787053c31 16855->16860 16865 7ff787051f94 38 API calls 16856->16865 16861 7ff787053c9e 16857->16861 16862 7ff787053cd1 16857->16862 16863 7ff787053d07 16858->16863 16864 7ff787053cfa 16858->16864 16869 7ff787053cff 16858->16869 16866 7ff787053c37 16859->16866 16859->16869 16860->16863 16860->16866 16867 7ff787053c40 16861->16867 16874 7ff787053cad 16861->16874 16871 7ff787051b84 38 API calls 16862->16871 16870 7ff7870548ec 45 API calls 16863->16870 16864->16856 16864->16869 16882 7ff787053c5b 16865->16882 16866->16867 16872 7ff787053c72 16866->16872 16866->16882 16868 7ff787054398 47 API calls 16867->16868 16883 7ff787053d30 16867->16883 16868->16882 16873 7ff7870523a4 38 API calls 16869->16873 16869->16883 16870->16882 16871->16882 16875 7ff7870546d4 46 API calls 16872->16875 16872->16883 16873->16882 16874->16856 16876 7ff787053cb2 16874->16876 16875->16882 16878 7ff787054798 37 API calls 16876->16878 16876->16883 16877 7ff78704bdc0 _wfindfirst32i64 8 API calls 16879 7ff78705402a 16877->16879 16878->16882 16879->16812 16880 7ff787054a00 45 API calls 16884 7ff787053f1c 16880->16884 16881 7ff78705f0c8 46 API calls 16881->16884 16882->16880 16882->16883 16882->16884 16883->16877 16884->16881 16884->16883 16963 7ff787051208 16885->16963 16889 7ff7870543be 16888->16889 16890 7ff787050dc0 12 API calls 16889->16890 16891 7ff78705440e 16890->16891 16892 7ff78705ec30 46 API calls 16891->16892 16901 7ff787054709 16898->16901 16899 7ff78705474e 16899->16845 16900 7ff787054727 16903 7ff78705f0c8 46 API calls 16900->16903 16901->16899 16901->16900 16902 7ff787054a00 45 API calls 16901->16902 16902->16900 16903->16899 16905 7ff787051fc7 16904->16905 16906 7ff787051ff6 16905->16906 16908 7ff7870520b3 16905->16908 16910 7ff787052033 16906->16910 16941 7ff787050e68 16906->16941 16909 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16908->16909 16909->16910 16910->16845 16912 7ff787051bb7 16911->16912 16913 7ff787051be6 16912->16913 16915 7ff787051ca3 16912->16915 16914 7ff787050e68 12 API calls 16913->16914 16917 7ff787051c23 16913->16917 16914->16917 16916 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16915->16916 16916->16917 16917->16845 16919 7ff78705492f 16918->16919 16921 7ff787054933 __crtLCMapStringW 16919->16921 16949 7ff787054988 16919->16949 16921->16845 16923 7ff7870523d7 16922->16923 16924 7ff787052406 16923->16924 16926 7ff7870524c3 16923->16926 16925 7ff787050e68 12 API calls 16924->16925 16928 7ff787052443 16924->16928 16925->16928 16927 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16926->16927 16927->16928 16928->16845 16931 7ff78705f0f9 16929->16931 16939 7ff78705f107 16929->16939 16930 7ff78705f127 16933 7ff78705f138 16930->16933 16934 7ff78705f15f 16930->16934 16931->16930 16932 7ff787054a00 45 API calls 16931->16932 16931->16939 16932->16930 16934->16939 16939->16847 16942 7ff787050e8e 16941->16942 16943 7ff787050e9f 16941->16943 16942->16910 16943->16942 16944 7ff78705dcbc _fread_nolock 12 API calls 16943->16944 16945 7ff787050ed0 16944->16945 16950 7ff7870549ae 16949->16950 16951 7ff7870549a6 16949->16951 16950->16921 16952 7ff787054a00 45 API calls 16951->16952 16952->16950 16964 7ff78705123d 16963->16964 16965 7ff78705124f 16963->16965 16966 7ff7870555c4 _findclose 11 API calls 16964->16966 16968 7ff78705125d 16965->16968 16972 7ff787051299 16965->16972 16967 7ff787051242 16966->16967 16969 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16967->16969 16970 7ff78705aed8 _invalid_parameter_noinfo 37 API calls 16968->16970 16977 7ff78705124d 16969->16977 16970->16977 16971 7ff787051615 16974 7ff7870555c4 _findclose 11 API calls 16971->16974 16971->16977 16972->16971 16973 7ff7870555c4 _findclose 11 API calls 16972->16973 16976 7ff78705160a 16973->16976 16975 7ff7870518a9 16974->16975 16978 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16975->16978 16979 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 16976->16979 16977->16812 16978->16977 16979->16971 16981 7ff787047976 16980->16981 16982 7ff7870479ed GetTempPathW 16981->16982 16984 7ff787047b70 61 API calls 16981->16984 16983 7ff787047a02 16982->16983 17051 7ff787042830 16983->17051 16985 7ff7870479a6 16984->16985 17017 7ff787047430 16985->17017 16992 7ff787047a1b __vcrt_freefls 16996 7ff787047ac6 16992->16996 17000 7ff787047a51 16992->17000 17055 7ff787058ba4 16992->17055 17058 7ff787048b80 16992->17058 16999 7ff787048cf0 59 API calls 16996->16999 17001 7ff787048be0 57 API calls 17000->17001 17016 7ff7870479e6 __vcrt_freefls 17000->17016 17018 7ff78704743c 17017->17018 17019 7ff787048be0 57 API calls 17018->17019 17020 7ff78704745e 17019->17020 17021 7ff787047479 ExpandEnvironmentStringsW 17020->17021 17022 7ff787047466 17020->17022 17023 7ff78704749f __vcrt_freefls 17021->17023 17024 7ff787042b30 59 API calls 17022->17024 17025 7ff7870474b6 17023->17025 17026 7ff7870474a3 17023->17026 17030 7ff787047472 17024->17030 17031 7ff7870474d0 17025->17031 17032 7ff7870474c4 17025->17032 17028 7ff787042b30 59 API calls 17026->17028 17027 7ff78704bdc0 _wfindfirst32i64 8 API calls 17028->17030 17030->17027 17052 7ff787042855 17051->17052 17053 7ff787054e18 48 API calls 17052->17053 17054 7ff787042874 17053->17054 17054->16992 17179 7ff7870587d0 17055->17179 17059 7ff787048ba6 CreateDirectoryW 17058->17059 17060 7ff787048b90 17058->17060 17059->16992 17220 7ff787061cc8 17179->17220 17303 7ff787043fe0 116 API calls 17302->17303 17304 7ff7870415c7 17303->17304 17305 7ff7870415f0 17304->17305 17306 7ff7870415cf 17304->17306 17307 7ff787050914 73 API calls 17305->17307 17308 7ff787042b30 59 API calls 17306->17308 17309 7ff787041601 17307->17309 17310 7ff7870415df 17308->17310 17311 7ff787041621 17309->17311 17312 7ff787041605 17309->17312 17310->15636 17314 7ff787041651 17311->17314 17315 7ff787041631 17311->17315 17313 7ff787042890 59 API calls 17312->17313 17324 7ff78704161c __vcrt_freefls 17313->17324 17317 7ff787041666 17314->17317 17321 7ff78704167d 17314->17321 17316 7ff787042890 59 API calls 17315->17316 17316->17324 17326 7ff787041050 17317->17326 17318 7ff78705028c 74 API calls 17320 7ff7870416f7 17318->17320 17320->15636 17322 7ff7870505dc _fread_nolock 53 API calls 17321->17322 17323 7ff7870416be 17321->17323 17321->17324 17322->17321 17325 7ff787042890 59 API calls 17323->17325 17324->17318 17325->17324 17327 7ff7870410a6 17326->17327 17328 7ff7870410ad 17327->17328 17329 7ff7870410d3 17327->17329 17330 7ff787042b30 59 API calls 17328->17330 17332 7ff787041109 17329->17332 17333 7ff7870410ed 17329->17333 17331 7ff7870410c0 17330->17331 17331->17324 17335 7ff78704111b 17332->17335 17342 7ff787041137 memcpy_s 17332->17342 17334 7ff787042890 59 API calls 17333->17334 17338 7ff787041104 __vcrt_freefls 17334->17338 17336 7ff787042890 59 API calls 17335->17336 17336->17338 17337 7ff7870505dc _fread_nolock 53 API calls 17337->17342 17338->17324 17339 7ff7870411fe 17340 7ff787042b30 59 API calls 17339->17340 17340->17338 17342->17337 17342->17338 17342->17339 17343 7ff787050350 37 API calls 17342->17343 17344 7ff787050d1c 17342->17344 17343->17342 17345 7ff787050d4c 17344->17345 17346 7ff787050a6c 76 API calls 17345->17346 17347 7ff787050d6a 17346->17347 17347->17342 17349 7ff78704196f 17348->17349 17351 7ff7870419d3 17348->17351 17349->17351 17394 7ff787055170 17349->17394 17351->15642 17353 7ff78704173e 17352->17353 17354 7ff787041726 17352->17354 17356 7ff787041768 17353->17356 17357 7ff787041744 17353->17357 17355 7ff787042b30 59 API calls 17354->17355 17359 7ff787041732 17355->17359 17448 7ff787047c20 17356->17448 17409 7ff7870412b0 17357->17409 17359->15642 17363 7ff7870417b9 17367 7ff787043fe0 116 API calls 17363->17367 17364 7ff78704178d 17366 7ff787042890 59 API calls 17364->17366 17365 7ff78704175f 17365->15642 17369 7ff7870417a3 17366->17369 17370 7ff7870417ce 17367->17370 17368 7ff787042b30 59 API calls 17368->17365 17369->15642 17371 7ff7870417ee 17370->17371 17372 7ff7870417d6 17370->17372 17374 7ff787050914 73 API calls 17371->17374 17373 7ff787042b30 59 API calls 17372->17373 17375 7ff7870417e5 17373->17375 17376 7ff7870417ff 17374->17376 17380 7ff78705028c 74 API calls 17375->17380 17377 7ff787041823 17376->17377 17378 7ff787041803 17376->17378 17395 7ff78705517d 17394->17395 17397 7ff7870551aa 17394->17397 17398 7ff7870555c4 _findclose 11 API calls 17395->17398 17405 7ff787055134 17395->17405 17396 7ff7870551cd 17399 7ff7870555c4 _findclose 11 API calls 17396->17399 17397->17396 17400 7ff7870551e9 17397->17400 17401 7ff787055187 17398->17401 17402 7ff7870551d2 17399->17402 17403 7ff787055098 45 API calls 17400->17403 17404 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 17401->17404 17406 7ff78705afa4 _invalid_parameter_noinfo 37 API calls 17402->17406 17408 7ff7870551dd 17403->17408 17407 7ff787055192 17404->17407 17405->17349 17406->17408 17407->17349 17408->17349 17410 7ff7870412c2 17409->17410 17411 7ff787043fe0 116 API calls 17410->17411 17412 7ff7870412f2 17411->17412 17413 7ff7870412fa 17412->17413 17414 7ff787041311 17412->17414 17415 7ff787042b30 59 API calls 17413->17415 17416 7ff787050914 73 API calls 17414->17416 17421 7ff78704130a __vcrt_freefls 17415->17421 17417 7ff787041323 17416->17417 17418 7ff787041327 17417->17418 17419 7ff78704134d 17417->17419 17420 7ff787042890 59 API calls 17418->17420 17423 7ff787041368 17419->17423 17424 7ff787041390 17419->17424 17422 7ff78704133e 17420->17422 17425 7ff78704bdc0 _wfindfirst32i64 8 API calls 17421->17425 17426 7ff78705028c 74 API calls 17422->17426 17427 7ff787042890 59 API calls 17423->17427 17428 7ff7870413aa 17424->17428 17439 7ff787041463 17424->17439 17429 7ff787041454 17425->17429 17426->17421 17430 7ff787041383 17427->17430 17431 7ff787041050 98 API calls 17428->17431 17429->17365 17429->17368 17433 7ff78705028c 74 API calls 17430->17433 17434 7ff7870413bb 17431->17434 17432 7ff7870413c3 17435 7ff78705028c 74 API calls 17432->17435 17433->17421 17434->17432 17437 7ff7870414d2 __vcrt_freefls 17434->17437 17438 7ff7870413cf 17435->17438 17436 7ff7870505dc _fread_nolock 53 API calls 17436->17439 17444 7ff78705028c 74 API calls 17437->17444 17467 7ff7870477d0 17438->17467 17439->17432 17439->17436 17442 7ff7870414bb 17439->17442 17443 7ff787042890 59 API calls 17442->17443 17443->17437 17444->17421 17449 7ff787047c30 17448->17449 17450 7ff787041ef0 49 API calls 17449->17450 17451 7ff787047c71 17450->17451 17452 7ff787043f70 57 API calls 17451->17452 17466 7ff787047cf1 17451->17466 17454 7ff787047c82 17452->17454 17453 7ff78704bdc0 _wfindfirst32i64 8 API calls 17455 7ff787041785 17453->17455 17456 7ff787047d2b 17454->17456 17457 7ff787047ca2 __vcrt_freefls 17454->17457 17459 7ff787047b70 61 API calls 17454->17459 17455->17363 17455->17364 17458 7ff7870477d0 64 API calls 17456->17458 17461 7ff787047d14 17457->17461 17462 7ff787047ce0 17457->17462 17460 7ff787047d36 17458->17460 17459->17457 17465 7ff787043fe0 116 API calls 17460->17465 17460->17466 17464 7ff787042c50 59 API calls 17461->17464 17463 7ff787042c50 59 API calls 17462->17463 17463->17466 17464->17456 17465->17466 17466->17453 17532 7ff787048be0 57 API calls 17531->17532 17533 7ff787048287 LoadLibraryExW 17532->17533 17534 7ff7870482a4 __vcrt_freefls 17533->17534 17534->15663 17536 7ff787046f29 17535->17536 17537 7ff787046f4c GetProcAddress 17535->17537 17539 7ff7870429e0 57 API calls 17536->17539 17537->17536 17538 7ff787046f71 GetProcAddress 17537->17538 17538->17536 17594->15678 17595->15681 17597 7ff787045be0 17596->17597 17598 7ff787041ef0 49 API calls 17597->17598 17599 7ff787045c12 17598->17599 17600 7ff787045c3b 17599->17600 17601 7ff787045c1b 17599->17601 17603 7ff787045c92 17600->17603 17605 7ff787044060 49 API calls 17600->17605 17602 7ff787042b30 59 API calls 17601->17602 17623 7ff787045c31 17602->17623 17604 7ff787044060 49 API calls 17603->17604 17610 7ff787045cab 17604->17610 17606 7ff787045c5c 17605->17606 17607 7ff787045c7a 17606->17607 17611 7ff787042b30 59 API calls 17606->17611 17612 7ff787043f70 57 API calls 17607->17612 17608 7ff78704bdc0 _wfindfirst32i64 8 API calls 17613 7ff78704346e 17608->17613 17609 7ff787045cc9 17615 7ff787048270 58 API calls 17609->17615 17610->17609 17614 7ff787042b30 59 API calls 17610->17614 17611->17607 17616 7ff787045c84 17612->17616 17613->15690 17624 7ff787045d30 17613->17624 17614->17609 17617 7ff787045cd6 17615->17617 17616->17603 17622 7ff787048270 58 API calls 17616->17622 17618 7ff787045cfd 17617->17618 17619 7ff787045cdb 17617->17619 17694 7ff7870451f0 GetProcAddress 17618->17694 17620 7ff7870429e0 57 API calls 17619->17620 17620->17623 17622->17603 17623->17608 17778 7ff787044df0 17624->17778 17626 7ff787045d54 17627 7ff787045d6d 17626->17627 17628 7ff787045d5c 17626->17628 17785 7ff787044540 17627->17785 17629 7ff787042b30 59 API calls 17628->17629 17635 7ff787045d68 17629->17635 17635->15692 17695 7ff787045212 17694->17695 17696 7ff787045230 GetProcAddress 17694->17696 17699 7ff7870429e0 57 API calls 17695->17699 17696->17695 17697 7ff787045255 GetProcAddress 17696->17697 17697->17695 17698 7ff78704527a GetProcAddress 17697->17698 17698->17695 17700 7ff7870452a2 GetProcAddress 17698->17700 17701 7ff787045225 17699->17701 17700->17695 17701->17623 17781 7ff787044e15 17778->17781 17779 7ff787044e1d 17779->17626 17780 7ff787044faf 17782 7ff78704515a __vcrt_freefls 17780->17782 17783 7ff787044260 47 API calls 17780->17783 17781->17779 17781->17780 17820 7ff7870570b8 17781->17820 17782->17626 17783->17780 17786 7ff787044570 17785->17786 17821 7ff7870570e8 17820->17821 17824 7ff7870565b4 17821->17824 17825 7ff7870565f7 17824->17825 17826 7ff7870565e5 17824->17826 17827 7ff787056641 17825->17827 17829 7ff787056604 17825->17829 17828 7ff7870555c4 _findclose 11 API calls 17826->17828 17830 7ff78705665c 17827->17830 17833 7ff787054a00 45 API calls 17827->17833 17833->17830 17920 7ff787042d86 17919->17920 17921 7ff787041ef0 49 API calls 17920->17921 17922 7ff787042db9 17921->17922 17923 7ff787043e50 49 API calls 17922->17923 17953 7ff7870430ea 17922->17953 17924 7ff787042e27 17923->17924 17925 7ff787043e50 49 API calls 17924->17925 17926 7ff787042e38 17925->17926 17927 7ff787042e59 17926->17927 17928 7ff787042e95 17926->17928 17970 7ff7870431b0 17927->17970 17930 7ff7870431b0 75 API calls 17928->17930 17931 7ff787042e93 17930->17931 17932 7ff787042f16 17931->17932 17933 7ff787042ed4 17931->17933 17935 7ff7870431b0 75 API calls 17932->17935 17978 7ff7870475b0 17933->17978 17937 7ff787042f40 17935->17937 17940 7ff7870431b0 75 API calls 17937->17940 17947 7ff787042fdc 17937->17947 17942 7ff787042f72 17940->17942 17942->17947 17948 7ff7870431b0 75 API calls 17942->17948 17943 7ff787041eb0 59 API calls 17945 7ff78704302f 17943->17945 17951 7ff787041ef0 49 API calls 17945->17951 17945->17953 17947->17943 17961 7ff7870430ef 17947->17961 17950 7ff787042fa0 17948->17950 17950->17947 17960 7ff787055170 45 API calls 17960->17961 17961->17960 17962 7ff787043148 17961->17962 17971 7ff7870431e4 17970->17971 17972 7ff787054bc4 49 API calls 17971->17972 17973 7ff78704320a 17972->17973 17974 7ff78704321b 17973->17974 18015 7ff787055eec 17973->18015 17976 7ff78704bdc0 _wfindfirst32i64 8 API calls 17974->17976 17977 7ff787043239 17976->17977 17977->17931 17979 7ff7870475be 17978->17979 17980 7ff787043fe0 116 API calls 17979->17980 17981 7ff7870475ed 17980->17981 17982 7ff787041ef0 49 API calls 17981->17982 18016 7ff787055f09 18015->18016 18017 7ff787055f15 18015->18017 18032 7ff787055800 18016->18032 18018 7ff787055098 45 API calls 18017->18018 18020 7ff787055f3d 18018->18020 18033 7ff787055837 18032->18033 18034 7ff78705581a 18032->18034 18033->18034 18247 7ff78705b810 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18246->18247 18248 7ff78705aa71 18247->18248 18249 7ff78705ab9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18248->18249 18250 7ff78705aa91 18249->18250

      Executed Functions

      Function 00007FF7870673BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 196 7ff7870673bc-7ff78706742f call 7ff7870670f0 199 7ff787067449-7ff787067453 call 7ff787058534 196->199 200 7ff787067431-7ff78706743a call 7ff7870555a4 196->200 205 7ff78706746e-7ff7870674d7 CreateFileW 199->205 206 7ff787067455-7ff78706746c call 7ff7870555a4 call 7ff7870555c4 199->206 207 7ff78706743d-7ff787067444 call 7ff7870555c4 200->207 210 7ff7870674d9-7ff7870674df 205->210 211 7ff787067554-7ff78706755f GetFileType 205->211 206->207 218 7ff78706778a-7ff7870677aa 207->218 216 7ff787067521-7ff78706754f GetLastError call 7ff787055538 210->216 217 7ff7870674e1-7ff7870674e5 210->217 213 7ff7870675b2-7ff7870675b9 211->213 214 7ff787067561-7ff78706759c GetLastError call 7ff787055538 CloseHandle 211->214 221 7ff7870675bb-7ff7870675bf 213->221 222 7ff7870675c1-7ff7870675c4 213->222 214->207 230 7ff7870675a2-7ff7870675ad call 7ff7870555c4 214->230 216->207 217->216 223 7ff7870674e7-7ff78706751f CreateFileW 217->223 228 7ff7870675ca-7ff78706761f call 7ff78705844c 221->228 222->228 229 7ff7870675c6 222->229 223->211 223->216 235 7ff78706763e-7ff78706766f call 7ff787066e70 228->235 236 7ff787067621-7ff78706762d call 7ff7870672f8 228->236 229->228 230->207 242 7ff787067675-7ff7870676b7 235->242 243 7ff787067671-7ff787067673 235->243 236->235 241 7ff78706762f 236->241 244 7ff787067631-7ff787067639 call 7ff78705b184 241->244 245 7ff7870676d9-7ff7870676e4 242->245 246 7ff7870676b9-7ff7870676bd 242->246 243->244 244->218 249 7ff787067788 245->249 250 7ff7870676ea-7ff7870676ee 245->250 246->245 248 7ff7870676bf-7ff7870676d4 246->248 248->245 249->218 250->249 252 7ff7870676f4-7ff787067739 CloseHandle CreateFileW 250->252 253 7ff78706773b-7ff787067769 GetLastError call 7ff787055538 call 7ff787058674 252->253 254 7ff78706776e-7ff787067783 252->254 253->254 254->249
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
      • String ID:
      • API String ID: 1617910340-0
      • Opcode ID: 3a34930d5f91773cec3df5f99ae8c8b4927d9c8c66a9e1d3c980e3b08bacfc22
      • Instruction ID: 261c07e368507eb14eee250af1664b34453211d769aec27c1fc88181005d7b24
      • Opcode Fuzzy Hash: 3a34930d5f91773cec3df5f99ae8c8b4927d9c8c66a9e1d3c980e3b08bacfc22
      • Instruction Fuzzy Hash: A4C1D172B24B4285EB10EF64C4A02AC7761FB49BA8BA55235DA2FD73D5CF38D052C310
      Function 00007FF787041AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _fread_nolock$Message
      • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
      • API String ID: 677216364-1384898525
      • Opcode ID: 39b48819520bc35b7f99ae839b6e2eafbc663665763a5edf1abbaa61daf94d82
      • Instruction ID: 1b4846197b26a58cc72b72f8bf8a444ccad572d4ac6f7829d59839a5fa614766
      • Opcode Fuzzy Hash: 39b48819520bc35b7f99ae839b6e2eafbc663665763a5edf1abbaa61daf94d82
      • Instruction Fuzzy Hash: E9519FB1B4960286EB24EF28D45117DB7A0FF48B88BB08135D91EC7799DE3CE442CB64
      Function 00007FF787041000 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 269COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 48 7ff787041000-7ff7870439d6 call 7ff787050060 call 7ff787050058 call 7ff7870487b0 call 7ff787050058 call 7ff78704bd60 call 7ff7870553f0 call 7ff787055ff8 call 7ff787041eb0 66 7ff7870439dc-7ff7870439ec call 7ff787043ed0 48->66 67 7ff787043b7f 48->67 66->67 72 7ff7870439f2-7ff787043a05 call 7ff787043da0 66->72 69 7ff787043b84-7ff787043ba4 call 7ff78704bdc0 67->69 72->67 76 7ff787043a0b-7ff787043a32 call 7ff787047b70 72->76 79 7ff787043a74-7ff787043a9c call 7ff787048050 call 7ff787041cb0 76->79 80 7ff787043a34-7ff787043a43 call 7ff787047b70 76->80 91 7ff787043b4d-7ff787043b5e 79->91 92 7ff787043aa2-7ff787043ab8 call 7ff787041cb0 79->92 80->79 86 7ff787043a45-7ff787043a4b 80->86 88 7ff787043a57-7ff787043a71 call 7ff78705507c call 7ff787048050 86->88 89 7ff787043a4d-7ff787043a55 86->89 88->79 89->88 95 7ff787043bb2-7ff787043bb5 91->95 96 7ff787043b60-7ff787043b67 91->96 105 7ff787043aba-7ff787043acd call 7ff787042b30 92->105 106 7ff787043ad7-7ff787043ada 92->106 100 7ff787043bb7-7ff787043bbd 95->100 101 7ff787043bcb-7ff787043be3 call 7ff787048be0 95->101 96->95 97 7ff787043b69-7ff787043b71 call 7ff787048980 96->97 115 7ff787043ba5-7ff787043bb0 call 7ff7870414f0 97->115 116 7ff787043b73 97->116 107 7ff787043bfb-7ff787043c08 call 7ff787046df0 100->107 108 7ff787043bbf-7ff787043bc9 100->108 117 7ff787043bee-7ff787043bf5 SetDllDirectoryW 101->117 118 7ff787043be5-7ff787043bec 101->118 120 7ff787043ad2 105->120 106->91 109 7ff787043adc-7ff787043af3 call 7ff787043fe0 106->109 123 7ff787043c0a-7ff787043c17 call 7ff787046aa0 107->123 124 7ff787043c53-7ff787043c58 call 7ff787046d70 107->124 108->101 108->107 126 7ff787043afa-7ff787043b26 call 7ff7870482c0 109->126 127 7ff787043af5-7ff787043af8 109->127 115->67 115->95 122 7ff787043b7a call 7ff787042b30 116->122 117->107 118->122 120->67 122->67 123->124 139 7ff787043c19-7ff787043c28 call 7ff787046600 123->139 134 7ff787043c5d-7ff787043c60 124->134 126->91 141 7ff787043b28-7ff787043b30 call 7ff78705028c 126->141 132 7ff787043b35-7ff787043b4b call 7ff787042b30 127->132 132->67 137 7ff787043d06-7ff787043d15 call 7ff7870434c0 134->137 138 7ff787043c66-7ff787043c70 134->138 137->67 151 7ff787043d1b-7ff787043d74 call 7ff787048950 call 7ff787047fe0 call 7ff787047b70 call 7ff787043620 call 7ff787048090 call 7ff787046850 call 7ff787046d70 137->151 142 7ff787043c73-7ff787043c7d 138->142 155 7ff787043c2a-7ff787043c36 call 7ff787046580 139->155 156 7ff787043c49-7ff787043c4e call 7ff787046850 139->156 141->132 147 7ff787043c7f-7ff787043c84 142->147 148 7ff787043c86-7ff787043c88 142->148 147->142 147->148 153 7ff787043c8a-7ff787043cad call 7ff787041ef0 148->153 154 7ff787043cd1-7ff787043d01 call 7ff787043620 call 7ff787043460 call 7ff787043610 call 7ff787046850 call 7ff787046d70 148->154 191 7ff787043d82-7ff787043d8c call 7ff787041e80 151->191 192 7ff787043d76-7ff787043d7d call 7ff787047d50 151->192 153->67 166 7ff787043cb3-7ff787043cbd 153->166 154->69 155->156 167 7ff787043c38-7ff787043c47 call 7ff787046c40 155->167 156->124 170 7ff787043cc0-7ff787043ccf 166->170 167->134 170->154 170->170 191->69 192->191
      APIs
        • Part of subcall function 00007FF787043ED0: GetModuleFileNameW.KERNEL32(?,00007FF7870439EA), ref: 00007FF787043F01
      • SetDllDirectoryW.KERNEL32 ref: 00007FF787043BF5
        • Part of subcall function 00007FF787047B70: GetEnvironmentVariableW.KERNEL32(00007FF787043A1F), ref: 00007FF787047BAA
        • Part of subcall function 00007FF787047B70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF787047BC7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
      • API String ID: 2344891160-1544818733
      • Opcode ID: 3c017d0b3639bc96ed264c2cea0ad7036811798b0c58c9f5a9dfd195ef997cdf
      • Instruction ID: 738bc05e90b1b95cfcb853224af9a586948230b8d69f1ab98edef85d70a2102e
      • Opcode Fuzzy Hash: 3c017d0b3639bc96ed264c2cea0ad7036811798b0c58c9f5a9dfd195ef997cdf
      • Instruction Fuzzy Hash: 8CB1A021B9C64351EA24FB2194522BDE390BF8478CFE05135EA4FD7696EF2CE506C7A0
      Function 00007FF78705C11C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 259 7ff78705c11c-7ff78705c142 260 7ff78705c15d-7ff78705c161 259->260 261 7ff78705c144-7ff78705c158 call 7ff7870555a4 call 7ff7870555c4 259->261 263 7ff78705c537-7ff78705c543 call 7ff7870555a4 call 7ff7870555c4 260->263 264 7ff78705c167-7ff78705c16e 260->264 277 7ff78705c54e 261->277 280 7ff78705c549 call 7ff78705afa4 263->280 264->263 266 7ff78705c174-7ff78705c1a2 264->266 266->263 269 7ff78705c1a8-7ff78705c1af 266->269 272 7ff78705c1c8-7ff78705c1cb 269->272 273 7ff78705c1b1-7ff78705c1c3 call 7ff7870555a4 call 7ff7870555c4 269->273 275 7ff78705c533-7ff78705c535 272->275 276 7ff78705c1d1-7ff78705c1d7 272->276 273->280 281 7ff78705c551-7ff78705c568 275->281 276->275 282 7ff78705c1dd-7ff78705c1e0 276->282 277->281 280->277 282->273 286 7ff78705c1e2-7ff78705c207 282->286 288 7ff78705c23a-7ff78705c241 286->288 289 7ff78705c209-7ff78705c20b 286->289 290 7ff78705c243-7ff78705c26b call 7ff78705dcbc call 7ff78705b00c * 2 288->290 291 7ff78705c216-7ff78705c22d call 7ff7870555a4 call 7ff7870555c4 call 7ff78705afa4 288->291 292 7ff78705c20d-7ff78705c214 289->292 293 7ff78705c232-7ff78705c238 289->293 320 7ff78705c26d-7ff78705c283 call 7ff7870555c4 call 7ff7870555a4 290->320 321 7ff78705c288-7ff78705c2b3 call 7ff78705c944 290->321 325 7ff78705c3c0 291->325 292->291 292->293 294 7ff78705c2b8-7ff78705c2cf 293->294 297 7ff78705c34a-7ff78705c354 call 7ff78706408c 294->297 298 7ff78705c2d1-7ff78705c2d9 294->298 311 7ff78705c3de 297->311 312 7ff78705c35a-7ff78705c36f 297->312 298->297 301 7ff78705c2db-7ff78705c2dd 298->301 301->297 305 7ff78705c2df-7ff78705c2f5 301->305 305->297 309 7ff78705c2f7-7ff78705c303 305->309 309->297 314 7ff78705c305-7ff78705c307 309->314 316 7ff78705c3e3-7ff78705c403 ReadFile 311->316 312->311 317 7ff78705c371-7ff78705c383 GetConsoleMode 312->317 314->297 319 7ff78705c309-7ff78705c321 314->319 322 7ff78705c4fd-7ff78705c506 GetLastError 316->322 323 7ff78705c409-7ff78705c411 316->323 317->311 324 7ff78705c385-7ff78705c38d 317->324 319->297 330 7ff78705c323-7ff78705c32f 319->330 320->325 321->294 327 7ff78705c508-7ff78705c51e call 7ff7870555c4 call 7ff7870555a4 322->327 328 7ff78705c523-7ff78705c526 322->328 323->322 332 7ff78705c417 323->332 324->316 326 7ff78705c38f-7ff78705c3b1 ReadConsoleW 324->326 329 7ff78705c3c3-7ff78705c3cd call 7ff78705b00c 325->329 334 7ff78705c3b3 GetLastError 326->334 335 7ff78705c3d2-7ff78705c3dc 326->335 327->325 339 7ff78705c52c-7ff78705c52e 328->339 340 7ff78705c3b9-7ff78705c3bb call 7ff787055538 328->340 329->281 330->297 338 7ff78705c331-7ff78705c333 330->338 342 7ff78705c41e-7ff78705c433 332->342 334->340 335->342 338->297 347 7ff78705c335-7ff78705c345 338->347 339->329 340->325 342->329 349 7ff78705c435-7ff78705c440 342->349 347->297 352 7ff78705c467-7ff78705c46f 349->352 353 7ff78705c442-7ff78705c45b call 7ff78705bd34 349->353 355 7ff78705c4eb-7ff78705c4f8 call 7ff78705bb74 352->355 356 7ff78705c471-7ff78705c483 352->356 359 7ff78705c460-7ff78705c462 353->359 355->359 360 7ff78705c4de-7ff78705c4e6 356->360 361 7ff78705c485 356->361 359->329 360->329 363 7ff78705c48a-7ff78705c491 361->363 364 7ff78705c4cd-7ff78705c4d8 363->364 365 7ff78705c493-7ff78705c497 363->365 364->360 366 7ff78705c499-7ff78705c4a0 365->366 367 7ff78705c4b3 365->367 366->367 368 7ff78705c4a2-7ff78705c4a6 366->368 369 7ff78705c4b9-7ff78705c4c9 367->369 368->367 370 7ff78705c4a8-7ff78705c4b1 368->370 369->363 371 7ff78705c4cb 369->371 370->369 371->360
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 700fa2322a5b373321a2e7ed848750029968f91a5ee85a64e34c26a04be16f04
      • Instruction ID: 953c739816eaa142abdc48d0419455619b4a90f73a18ea594e5f0353fc2b1e2c
      • Opcode Fuzzy Hash: 700fa2322a5b373321a2e7ed848750029968f91a5ee85a64e34c26a04be16f04
      • Instruction Fuzzy Hash: 03C1D322A48B8781EB51AB5494446BEB751FF81B80FE54131DA4FD7391CE7CE846C722
      Function 00007FF78704C17C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
      • String ID:
      • API String ID: 1452418845-0
      • Opcode ID: 3d27f789a7b910ea95b37f95ae633beb093259f17e851dcbb1d336e671b45e8f
      • Instruction ID: 08de5949a6dcf264b2a920875914720258ee204d0a231893a93c5f17cd342b13
      • Opcode Fuzzy Hash: 3d27f789a7b910ea95b37f95ae633beb093259f17e851dcbb1d336e671b45e8f
      • Instruction Fuzzy Hash: 65311B51A8D64241FA14BBA4D5133BAA391BF5174CFF45035D90FD72D7DEACA406C232
      Function 00007FF787042B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message$ByteCharMultiWide
      • String ID: Fatal error detected
      • API String ID: 1878133881-4025702859
      • Opcode ID: 851903317bfc7efaf1ad6cdea84b2df33a0253a3527f03e892242bbcad957f63
      • Instruction ID: 55b93c58b5cb9f7a242eea41d082bdf402684c9f1579ff2926faba1a77e9da46
      • Opcode Fuzzy Hash: 851903317bfc7efaf1ad6cdea84b2df33a0253a3527f03e892242bbcad957f63
      • Instruction Fuzzy Hash: 8921767276868191E620E710E4516EAB364FF84788FD05135D64EC7A65DF3CD206C750
      Function 00007FF78705A0C0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Process$CurrentExitTerminate
      • String ID:
      • API String ID: 1703294689-0
      • Opcode ID: bc294a5152b5297a0dc7ed9991a70bb9c76c91c314002c4bf8d40204f2aa0a87
      • Instruction ID: 724bd2dc36269c1c7b15a5ed2fc8e3e487ee87141b1d224f2436a35882051908
      • Opcode Fuzzy Hash: bc294a5152b5297a0dc7ed9991a70bb9c76c91c314002c4bf8d40204f2aa0a87
      • Instruction Fuzzy Hash: 4DD09ED0B9C70642EA543B715C69078A7567F88705FF0A838D94BE6393CD2DA84FD360
      Function 00007FF78705037C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 456 7ff78705037c-7ff7870503a9 457 7ff7870503ab-7ff7870503ae 456->457 458 7ff7870503c5 456->458 457->458 459 7ff7870503b0-7ff7870503b3 457->459 460 7ff7870503c7-7ff7870503db 458->460 461 7ff7870503dc-7ff7870503df 459->461 462 7ff7870503b5-7ff7870503ba call 7ff7870555c4 459->462 464 7ff7870503ef-7ff7870503f3 461->464 465 7ff7870503e1-7ff7870503ed 461->465 473 7ff7870503c0 call 7ff78705afa4 462->473 468 7ff787050407-7ff78705040a 464->468 469 7ff7870503f5-7ff7870503ff call 7ff78704d1e0 464->469 465->464 467 7ff78705041a-7ff787050423 465->467 471 7ff78705042a 467->471 472 7ff787050425-7ff787050428 467->472 468->462 470 7ff78705040c-7ff787050418 468->470 469->468 470->462 470->467 475 7ff78705042f-7ff78705044e 471->475 472->475 473->458 478 7ff787050454-7ff787050462 475->478 479 7ff787050595-7ff787050598 475->479 480 7ff7870504da-7ff7870504df 478->480 481 7ff787050464-7ff78705046b 478->481 479->460 483 7ff78705054c-7ff78705054f call 7ff78705c56c 480->483 484 7ff7870504e1-7ff7870504ed 480->484 481->480 482 7ff78705046d 481->482 486 7ff787050473-7ff78705047d 482->486 487 7ff7870505c0 482->487 491 7ff787050554-7ff787050557 483->491 488 7ff7870504f9-7ff7870504ff 484->488 489 7ff7870504ef-7ff7870504f6 484->489 492 7ff78705059d-7ff7870505a1 486->492 493 7ff787050483-7ff787050489 486->493 490 7ff7870505c5-7ff7870505d0 487->490 488->492 494 7ff787050505-7ff787050522 call 7ff78705ab14 call 7ff78705c11c 488->494 489->488 490->460 491->490 495 7ff787050559-7ff78705055c 491->495 498 7ff7870505a3-7ff7870505ab call 7ff78704d1e0 492->498 499 7ff7870505b0-7ff7870505bb call 7ff7870555c4 492->499 496 7ff78705048b-7ff78705048e 493->496 497 7ff7870504c1-7ff7870504d5 493->497 517 7ff787050527-7ff787050529 494->517 495->492 501 7ff78705055e-7ff787050575 495->501 503 7ff7870504ac-7ff7870504b7 call 7ff7870555c4 call 7ff78705afa4 496->503 504 7ff787050490-7ff787050496 496->504 502 7ff78705057c-7ff787050587 497->502 498->499 499->473 501->502 502->478 509 7ff78705058d 502->509 523 7ff7870504bc 503->523 510 7ff787050498-7ff7870504a0 call 7ff78704cb40 504->510 511 7ff7870504a2-7ff7870504a7 call 7ff78704d1e0 504->511 509->479 510->523 511->503 518 7ff7870505d5-7ff7870505da 517->518 519 7ff78705052f 517->519 518->490 519->487 522 7ff787050535-7ff78705054a 519->522 522->502 523->497
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
      • Instruction ID: 686d04abfdde6ceb0bbbb67d61c967f0d21b1981254c83f185b1c063569ae4f6
      • Opcode Fuzzy Hash: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
      • Instruction Fuzzy Hash: 8E51F661B49642C6FB24AA35950067EE681BF44BA4FF44634DE7EE77C5CE3CE442CA20
      Function 00007FF78705C7F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ErrorFileLastPointer
      • String ID:
      • API String ID: 2976181284-0
      • Opcode ID: 1615d75b8a55ba2077c919f2c6a9a881aeaa4cd5e18bf0385e0e14deb18ebfea
      • Instruction ID: 2465418667f61c8fce77bd4d7eaad9500e107088328156a18f62896e0a6121ac
      • Opcode Fuzzy Hash: 1615d75b8a55ba2077c919f2c6a9a881aeaa4cd5e18bf0385e0e14deb18ebfea
      • Instruction Fuzzy Hash: 0F119061B08B8281EA10AB25A84407AA761FB44BF4FE44331EE7ED77D9CE78D052C740
      Function 00007FF78705B21C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • CloseHandle.KERNELBASE(?,?,?,00007FF78705B099,?,?,00000000,00007FF78705B14E), ref: 00007FF78705B28A
      • GetLastError.KERNEL32(?,?,?,00007FF78705B099,?,?,00000000,00007FF78705B14E), ref: 00007FF78705B294
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CloseErrorHandleLast
      • String ID:
      • API String ID: 918212764-0
      • Opcode ID: 5686df961ce5be01fcc4af8e545b06247c6cca85e683b4a0316bb757e052fe91
      • Instruction ID: 26029d7d0193eb3407fbe5a876f03d193aac8056de3048e1238d1f8cfa7ce583
      • Opcode Fuzzy Hash: 5686df961ce5be01fcc4af8e545b06247c6cca85e683b4a0316bb757e052fe91
      • Instruction Fuzzy Hash: 7721C520B5868201FE90BB60949027D9682BF84798FF44634DA2FD73D5CE2CF443D231
      Function 00007FF78705C56C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 6b5c5ab8eeff71e39afe9fda2295d49407cb2b42678b128b0c7397afbf7fbff2
      • Instruction ID: dbed931ac5b27bef16a868b32aed30170545e76c3aba4117f19337e784e714aa
      • Opcode Fuzzy Hash: 6b5c5ab8eeff71e39afe9fda2295d49407cb2b42678b128b0c7397afbf7fbff2
      • Instruction Fuzzy Hash: E741E37294824283EA24EA19A55017AB7A1FB55B85FE01231D78FD3691CF3CE543C7B2
      Function 00007FF7870482C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _fread_nolock
      • String ID:
      • API String ID: 840049012-0
      • Opcode ID: 775812263eca2c32790788e7de421684f94aa67458782be604b6f84100317f81
      • Instruction ID: d1c7c65f4c5910df54645b97a17ad122337fdb6f399c589f6269cbe61c74ae58
      • Opcode Fuzzy Hash: 775812263eca2c32790788e7de421684f94aa67458782be604b6f84100317f81
      • Instruction Fuzzy Hash: 1221D622B4865285FA50BB2268453BAE651BF45BD9FE85830EE4E977C6DE7CE403C310
      Function 00007FF78705BFFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 991c086762b97ce1bf58a0820ab8ed553d2cc556ed1ebb985c1376564fde346c
      • Instruction ID: 2c33a59c2b3419a1f7eadab4fe839f4bc3bc95a2ae2203aa295176e1ec11354f
      • Opcode Fuzzy Hash: 991c086762b97ce1bf58a0820ab8ed553d2cc556ed1ebb985c1376564fde346c
      • Instruction Fuzzy Hash: 0931A121A48A4286F751BF558841379A651BF44B91FE10235EA5EE73D2CEBCE843C732
      Function 00007FF787059FF1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: HandleModule$AddressFreeLibraryProc
      • String ID:
      • API String ID: 3947729631-0
      • Opcode ID: 0855724a644142b9d5d18c3619865a8123e2457de56b2178a4ec6799866f0427
      • Instruction ID: 343e9897e8cda4c12a16270fd7a6399e2ea60d5877a3d693aa29ee9ce94c62ca
      • Opcode Fuzzy Hash: 0855724a644142b9d5d18c3619865a8123e2457de56b2178a4ec6799866f0427
      • Instruction Fuzzy Hash: D7218D72A187458AEB24AF74C4402BC7BA0FB0471CFA41635D61ED7AC5DF38D556CB60
      Function 00007FF7870565A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
      • Instruction ID: 86333c81a2720194ff11f8b696703fde16d0120a0769e7442dba36b56bc8dc37
      • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
      • Instruction Fuzzy Hash: B3116F61E9C64181EA61FF519410279E265BF86F84FE44431EA8EE768ADF7CE442CB20
      Function 00007FF787066DAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 513e03f871098e076a65fb8bab8bb253d597a6200523e68a4e261718b8ca4e46
      • Instruction ID: 185317e7fb50501033d11a07a5ddf375dd8894a93db76d716986f41af8bff772
      • Opcode Fuzzy Hash: 513e03f871098e076a65fb8bab8bb253d597a6200523e68a4e261718b8ca4e46
      • Instruction Fuzzy Hash: F221AF32B08B8186DB61AF18D450369B6A0FB85B54FA48234EB5FC66D9DF3DD812CB10
      Function 00007FF7870505FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
      • Instruction ID: f829599f7b9f271867e772e7996b8b199598b3d51056c2ec03e1363b8fbff244
      • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
      • Instruction Fuzzy Hash: 2001A561B4874181EA04EB62590006DE695BF85FE4FF84631DEADE7BD6CE3CD502C710

      Non-executed Functions

      Function 00007FF787046F00 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: AddressProc
      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
      • API String ID: 190572456-2208601799
      • Opcode ID: 08011e4291223f8c8b87355f84bdba84e3d11561fc99f88d49761070ad3606f6
      • Instruction ID: 3f08869d2d8a0c597fe22b5a2a3582063d2b3275859694fb039eb9c2792c8de3
      • Opcode Fuzzy Hash: 08011e4291223f8c8b87355f84bdba84e3d11561fc99f88d49761070ad3606f6
      • Instruction Fuzzy Hash: E1E1B860A9EB0791FE19FB05A861174A7A1BF05788BF49535C84FC63A4FF7CB54AC220
      Function 00007FF787041F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
      • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
      • API String ID: 2446303242-1601438679
      • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
      • Instruction ID: 514ec63550fae6678f96f2b2742df2da0621f5db8654624612fe8e03e16f027c
      • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
      • Instruction Fuzzy Hash: CBA18A76308B8587E7149F11E4547AAB770F788B88FA08129DB9E83B24CF7DE165CB50
      Function 00007FF78706481C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
      • API String ID: 808467561-2761157908
      • Opcode ID: 1922c43916b7ae2b1956b00aa5dfceaf9999fbe18ebc65017c42f663bf9222a2
      • Instruction ID: 7e91458003c7901f4de8f18b2a496846d457dab485da76c36f4c2ed32dfc069a
      • Opcode Fuzzy Hash: 1922c43916b7ae2b1956b00aa5dfceaf9999fbe18ebc65017c42f663bf9222a2
      • Instruction Fuzzy Hash: FAB2D772B583828BE764DE64D4507FDB7A1FB44348FA09135DA4EDBA84DB38E602CB50
      Function 00007FF787048570 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(00000000,00007FF787042A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787048597
      • FormatMessageW.KERNEL32 ref: 00007FF7870485C6
      • WideCharToMultiByte.KERNEL32 ref: 00007FF78704861C
        • Part of subcall function 00007FF7870429E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7870488F2,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787042A14
        • Part of subcall function 00007FF7870429E0: MessageBoxW.USER32 ref: 00007FF787042AF0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ErrorLastMessage$ByteCharFormatMultiWide
      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
      • API String ID: 2920928814-2573406579
      • Opcode ID: f8b909e9681ff6aa95198e912ee695dc1f7db9a724790c30e57e4941c2966439
      • Instruction ID: 81cc746562b1433efe16381586b7754901b870d1c751c1641585ec8c6c671d5a
      • Opcode Fuzzy Hash: f8b909e9681ff6aa95198e912ee695dc1f7db9a724790c30e57e4941c2966439
      • Instruction Fuzzy Hash: 35216D71B4CB4692EA60BB11E89127AA361BF88788FE44035D64EC66A4EF3CD546C720
      Function 00007FF787047960 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
      Download Yara Rule
      APIs
      • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF78704154F), ref: 00007FF7870479F7
        • Part of subcall function 00007FF787047B70: GetEnvironmentVariableW.KERNEL32(00007FF787043A1F), ref: 00007FF787047BAA
        • Part of subcall function 00007FF787047B70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF787047BC7
        • Part of subcall function 00007FF787057EEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF787057F05
      • SetEnvironmentVariableW.KERNEL32 ref: 00007FF787047AB1
        • Part of subcall function 00007FF787042B30: MessageBoxW.USER32 ref: 00007FF787042C05
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
      • API String ID: 3752271684-1116378104
      • Opcode ID: 959ec632602e32b9f4aface6cbaef3761ff97cf9d17901cd6379361e10be984f
      • Instruction ID: 9d2d792c3fba03b2466b1daf6323230b7073acd491974f6be5e46aad618c6e9d
      • Opcode Fuzzy Hash: 959ec632602e32b9f4aface6cbaef3761ff97cf9d17901cd6379361e10be984f
      • Instruction Fuzzy Hash: 56515B51B9D60245FE14F62698222BAD241BF88BC4FE86430ED0FDB797ED2CE503C260
      Function 00007FF78704C67C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
      • String ID:
      • API String ID: 3140674995-0
      • Opcode ID: be1c9f70274c1bfa0c57ec5397cb0351ad5ab78a1ed88338b70abc701b0ce300
      • Instruction ID: ebc2d8da656a92a3ed804de8642b3e9a70fd6c8c4d4dec016e4b2dd532acd87e
      • Opcode Fuzzy Hash: be1c9f70274c1bfa0c57ec5397cb0351ad5ab78a1ed88338b70abc701b0ce300
      • Instruction Fuzzy Hash: 233162B2749B8196EB609F60E8503EE7365FB44748F94403ADA4E87B94DF38D649C710
      Function 00007FF787066470 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
      Download Yara Rule
      APIs
      • _get_daylight.LIBCMT ref: 00007FF7870664B5
        • Part of subcall function 00007FF787065E08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF787065E1C
        • Part of subcall function 00007FF78705B00C: HeapFree.KERNEL32(?,?,?,00007FF787063492,?,?,?,00007FF7870634CF,?,?,00000000,00007FF787063995,?,?,00000000,00007FF7870638C7), ref: 00007FF78705B022
        • Part of subcall function 00007FF78705B00C: GetLastError.KERNEL32(?,?,?,00007FF787063492,?,?,?,00007FF7870634CF,?,?,00000000,00007FF787063995,?,?,00000000,00007FF7870638C7), ref: 00007FF78705B02C
        • Part of subcall function 00007FF78705AFC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF78705AFA3,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705AFCD
        • Part of subcall function 00007FF78705AFC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF78705AFA3,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705AFF2
      • _get_daylight.LIBCMT ref: 00007FF7870664A4
        • Part of subcall function 00007FF787065E68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF787065E7C
      • _get_daylight.LIBCMT ref: 00007FF78706671A
      • _get_daylight.LIBCMT ref: 00007FF78706672B
      • _get_daylight.LIBCMT ref: 00007FF78706673C
      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78706697C), ref: 00007FF787066763
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
      • String ID:
      • API String ID: 4070488512-0
      • Opcode ID: bbcac37ccba8d4fb81487e2dc58aab96d0fddb0f5958181c110f5c0263e0c824
      • Instruction ID: 5e340f2fa1cc2f603d7722b83772cfbbca3eae9ea7b1ac3a979e0de6d6d50d01
      • Opcode Fuzzy Hash: bbcac37ccba8d4fb81487e2dc58aab96d0fddb0f5958181c110f5c0263e0c824
      • Instruction Fuzzy Hash: A0D19D26F5824286E720FF25D8611B9A761FF45798FE08139EA4FC7A95DE3CE442C360
      Function 00007FF78705ACD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
      • String ID:
      • API String ID: 1239891234-0
      • Opcode ID: 008726ea591ffa8193f39527e8fee48c852db3d8167e5981d4ed2afc12fe266b
      • Instruction ID: fb8e45be4f533376faa05d4c2850ba29e162d072a77561f2d6a48c77f4cad578
      • Opcode Fuzzy Hash: 008726ea591ffa8193f39527e8fee48c852db3d8167e5981d4ed2afc12fe266b
      • Instruction Fuzzy Hash: 0A31A672648B8196DB60DF24E8402AEB7A0FB84758FA04135EE8EC7B64DF3CC546CB10
      Function 00007FF787061FE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: FileFindFirst_invalid_parameter_noinfo
      • String ID:
      • API String ID: 2227656907-0
      • Opcode ID: 524e51f0921ab816a8e947fcf7c0d96cffb913f518e40e1861c067ce2dfcbe45
      • Instruction ID: ef61c1f257dcb994fe2e17b4e17e32ae2440dd704fd65177ac0c4b713846aad7
      • Opcode Fuzzy Hash: 524e51f0921ab816a8e947fcf7c0d96cffb913f518e40e1861c067ce2dfcbe45
      • Instruction Fuzzy Hash: F9B1D662B5879641EA60BB21D8241B9A391FB54BE4FE49131DE5FC7B85DF3CE482C310
      Function 00007FF7870666EC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
      Download Yara Rule
      APIs
      • _get_daylight.LIBCMT ref: 00007FF78706671A
        • Part of subcall function 00007FF787065E68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF787065E7C
      • _get_daylight.LIBCMT ref: 00007FF78706672B
        • Part of subcall function 00007FF787065E08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF787065E1C
      • _get_daylight.LIBCMT ref: 00007FF78706673C
        • Part of subcall function 00007FF787065E38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF787065E4C
        • Part of subcall function 00007FF78705B00C: HeapFree.KERNEL32(?,?,?,00007FF787063492,?,?,?,00007FF7870634CF,?,?,00000000,00007FF787063995,?,?,00000000,00007FF7870638C7), ref: 00007FF78705B022
        • Part of subcall function 00007FF78705B00C: GetLastError.KERNEL32(?,?,?,00007FF787063492,?,?,?,00007FF7870634CF,?,?,00000000,00007FF787063995,?,?,00000000,00007FF7870638C7), ref: 00007FF78705B02C
      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF78706697C), ref: 00007FF787066763
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
      • String ID:
      • API String ID: 3458911817-0
      • Opcode ID: 111214f05bee2973e4e588afc78e556d255684e42b25d281897c943451d46a64
      • Instruction ID: f29a4aaf77c360720e912d3fc93fc4d6298116569404634eefc907560aed867e
      • Opcode Fuzzy Hash: 111214f05bee2973e4e588afc78e556d255684e42b25d281897c943451d46a64
      • Instruction Fuzzy Hash: E8512C32B5864286E720FF21D8A15A9A760FF49784FE08139EA4FC7695DF3CE452C760
      Function 00007FF78704C560 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
      • String ID:
      • API String ID: 2933794660-0
      • Opcode ID: b9418945c21ca9359366919164a8697e450450899f1773ca7228eb8eaa6a9b3b
      • Instruction ID: 6af3ebb5753c6aaf98c4eb1c58bc17fe03f023a4182fed973b658e1edce7d763
      • Opcode Fuzzy Hash: b9418945c21ca9359366919164a8697e450450899f1773ca7228eb8eaa6a9b3b
      • Instruction Fuzzy Hash: FB117062B54F0689EB00EF60E8542BD73A4FB18758F940E31DA6ECA7A4DF78D195C390
      Function 00007FF787064380 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: memcpy_s
      • String ID:
      • API String ID: 1502251526-0
      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
      • Instruction ID: d69929eb0f1c2ea96ebe763afdeefebac63be8288a2457cbbf8acc12ab256b51
      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
      • Instruction Fuzzy Hash: CBC10472B5838687E724DF19A05466AF791F784B84F94C134EB4B8BB44DB3DEA06CB00
      Function 00007FF78706A0F8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ExceptionRaise_clrfp
      • String ID:
      • API String ID: 15204871-0
      • Opcode ID: 9ceb1b6cde6f3b2eda1c2fc70bd7e1e7d126a653b4f6510e73c9dfb920cedcd9
      • Instruction ID: c801cc9f6d92f7c77e74e6a53aba0e3e846b12ba97000cad7d11a2a8a285e7e4
      • Opcode Fuzzy Hash: 9ceb1b6cde6f3b2eda1c2fc70bd7e1e7d126a653b4f6510e73c9dfb920cedcd9
      • Instruction Fuzzy Hash: 4AB16CB3648B858BEB15EF29C8563697BA0F784B48F24C821DB5E837A4CF39D452D710
      Function 00007FF787048B00 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Find$CloseFileFirst
      • String ID:
      • API String ID: 2295610775-0
      • Opcode ID: 8cbeafd55435480eb4b41ebb52a05d3ef2c4ced4829aa63b63a0783ab33de0ca
      • Instruction ID: f385992220c3b8105267b6c59a44f922fdf58ad7956076fa3e3d4bba76460399
      • Opcode Fuzzy Hash: 8cbeafd55435480eb4b41ebb52a05d3ef2c4ced4829aa63b63a0783ab33de0ca
      • Instruction Fuzzy Hash: E6F0F9726183418AF7609F60E485365F390BB4472CF904735D56E867D4DF3CD009CA10
      Function 00007FF787053BE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID: $
      • API String ID: 0-227171996
      • Opcode ID: c4872f1e0598d0dbbdaab36ff9640d642bec52225eb732dc17c9982f250c6bea
      • Instruction ID: 60987b8aa1283aeff9a5c6d9b9433b20ec659d567e555e2fe91b47dcf97b2e12
      • Opcode Fuzzy Hash: c4872f1e0598d0dbbdaab36ff9640d642bec52225eb732dc17c9982f250c6bea
      • Instruction Fuzzy Hash: 07E1B032A4864682EB68AA29905017DE7B0FF45B4CFF45235DA0FE7694DF39E853C720
      Function 00007FF78705E5B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID: e+000$gfff
      • API String ID: 0-3030954782
      • Opcode ID: dcea56467776434e5e52420c9f77f7819282e5f197dea1188040280776680b59
      • Instruction ID: 48aa6e0eef32663f287d4041752899b6a0f0d0687202f615fc3ecc40c101638a
      • Opcode Fuzzy Hash: dcea56467776434e5e52420c9f77f7819282e5f197dea1188040280776680b59
      • Instruction Fuzzy Hash: 90515762B1C2C546E724DA359802769EB91F744BD4FD88232CBADCBAD5DE3DD002C710
      Function 00007FF787061038 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CurrentFeaturePresentProcessProcessor
      • String ID:
      • API String ID: 1010374628-0
      • Opcode ID: 97f539a7fe7fc551e0c66836eb46f4a9937a07ec542780b0bb5d867a01fb23bb
      • Instruction ID: 8d3b2ec05783141509b238b2a48a69c78c62de55b30caf29a5abb9e33eca0b82
      • Opcode Fuzzy Hash: 97f539a7fe7fc551e0c66836eb46f4a9937a07ec542780b0bb5d867a01fb23bb
      • Instruction Fuzzy Hash: DF029E21B8974681FA61BB919824279E690BF41BA1FF48635DD6FC67D2DE7CE403C320
      Function 00007FF78705E11C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID: gfffffff
      • API String ID: 0-1523873471
      • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
      • Instruction ID: d909d2bfc417f24a6d736c236b8cef7b0bc03303fb4a52d641fa077906183d7c
      • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
      • Instruction Fuzzy Hash: 8DA15762A087C586EB21DF25A0017ADBB91FB50B84FA48031DE8EDB7A5DE3DD502C711
      Function 00007FF7870587D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: TMP
      • API String ID: 3215553584-3125297090
      • Opcode ID: 7780e97ada7a9ff30298cfab53455dab2563e18515febd93890c54f10b8bac38
      • Instruction ID: 28544a4ebd4ff7f047346818a71da9bfdb54a0b6795a70d87ab3fe9cd17d1330
      • Opcode Fuzzy Hash: 7780e97ada7a9ff30298cfab53455dab2563e18515febd93890c54f10b8bac38
      • Instruction Fuzzy Hash: AA51AC11B8860281FA64BB26595157AE291BF44BD4FE84035CE6FE77D6EE3DF403E220
      Function 00007FF787063BF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: HeapProcess
      • String ID:
      • API String ID: 54951025-0
      • Opcode ID: 7569e3696a4862237eb2d75a5d3254d27d2728382b8d3a4fb7a9071d2e6cb06f
      • Instruction ID: ffdfbc013dd793879d5e88b64deca6fbf3bffe9b4b5cc34f06b0e55360e64ffd
      • Opcode Fuzzy Hash: 7569e3696a4862237eb2d75a5d3254d27d2728382b8d3a4fb7a9071d2e6cb06f
      • Instruction Fuzzy Hash: 5AB09260F97B46C2EB483B116C9621462A5BF48701FF48038C10EC1320DE3C20B68720
      Function 00007FF7870537E0 Relevance: .3, Instructions: 327COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e1b45cc5b539c2f4a44f5a431b63c23698d5cd8cc6c74fd81da4f2666c4fe2f5
      • Instruction ID: 3a20227e49c887ded89cf21ba493ed220c6d56fc479b27d49bb9474f5bd79ee7
      • Opcode Fuzzy Hash: e1b45cc5b539c2f4a44f5a431b63c23698d5cd8cc6c74fd81da4f2666c4fe2f5
      • Instruction Fuzzy Hash: 37D1E566A4864682FB68AA25805027DF7A0FB05B4CFF41239DE0FE7694CF39D856C360
      Function 00007FF7870490D0 Relevance: .3, Instructions: 287COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 84ec6a3f320757ef13b53a77f9400a9296092c401b576f7c6112a1c9e532824b
      • Instruction ID: 03b38a660830657b4701542ccca93085f7a8978040c37f828a92c51b59d09de0
      • Opcode Fuzzy Hash: 84ec6a3f320757ef13b53a77f9400a9296092c401b576f7c6112a1c9e532824b
      • Instruction Fuzzy Hash: 96C1B1722141E04BD2C9EB29E45957A73E1F78834DBE4443AEB8B97B89C63CE415D720
      Function 00007FF787052E50 Relevance: .2, Instructions: 241COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4004e6f7831e6380f0c7a9c187e4f56c2fba6a50471e57e5591c0e9cd6f9eb67
      • Instruction ID: 36deb974e6c8b4420d51863f3e5d9d7ca5745bbe425a096e38fb9bc50ea4422e
      • Opcode Fuzzy Hash: 4004e6f7831e6380f0c7a9c187e4f56c2fba6a50471e57e5591c0e9cd6f9eb67
      • Instruction Fuzzy Hash: 23B1887294878585EB64AF39D05023DBBA0FB49B4CFE81135DA4EE7395CF29D482C724
      Function 00007FF78705EC30 Relevance: .2, Instructions: 198COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 84378e74e3abe4b2e50357a3cae6d1c9f133da408f6cd3af500eca0aac5fc0e9
      • Instruction ID: 0a844154082efac6843eefa7646e127ff7d1296dda41ef6ebd26a58e066174f4
      • Opcode Fuzzy Hash: 84378e74e3abe4b2e50357a3cae6d1c9f133da408f6cd3af500eca0aac5fc0e9
      • Instruction Fuzzy Hash: CC811372A4C38146EB74DB19904237AAA91FB45794FE44235DACEDBBA9CF3DD402CB10
      Function 00007FF787066E70 Relevance: .2, Instructions: 183COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 970fa9c1e70947ae83e04df9520a0fb1810d06995f6d4a160b1c2f03216b318c
      • Instruction ID: 1f966678c63d31efdb560a5c0f4d4522f08f2dce2226cd51fe3ee2ac16e70fa7
      • Opcode Fuzzy Hash: 970fa9c1e70947ae83e04df9520a0fb1810d06995f6d4a160b1c2f03216b318c
      • Instruction Fuzzy Hash: E761EA62F5C34286F765BA288874739E681BF41760FB88639D61FC76D1DE7DE802C620
      Function 00007FF787051F94 Relevance: .1, Instructions: 146COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
      • Instruction ID: ef67f4f4b441bc49944396b66738c231272f3085db1198fa8f8848b82c7d2d78
      • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
      • Instruction Fuzzy Hash: 8B51E4B6A5865186E7249B28C440239B3A0FF54B68FF45131CE4EE77A5CF3AE893C750
      Function 00007FF787051B84 Relevance: .1, Instructions: 146COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
      • Instruction ID: db65baf54ae279375e35f7d668dd4b43b72be074183642541288bdca1c9166ac
      • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
      • Instruction Fuzzy Hash: CD518376A5865182E7249B29D04423CB7A0FB49B69FF44131CE4EE77D4CB3AE843C760
      Function 00007FF7870523A4 Relevance: .1, Instructions: 146COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
      • Instruction ID: f455511a341ca1e7f9cd7057769fb8115ad61ca8ddc0e6370d87b3977610f8b7
      • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
      • Instruction Fuzzy Hash: 9D51A4B6A5865182E7249B29D044238B7A0FF54B68FF44131DE4EE7794CB7AE8C3CB50
      Function 00007FF787051D90 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
      • Instruction ID: 2da91e0ff0a8988d016513ee288833a09fbc0bf8d69f75652480e20c95c09478
      • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
      • Instruction Fuzzy Hash: 27519076A5865186E7249B29C044338B7A1FB48B5DFF44131CE4EE7794CB3AE883C790
      Function 00007FF787051980 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
      • Instruction ID: 527ba47de606590d5865f65531a2819abba13e2d0cc6b2e4a88fe7af9e981fe0
      • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
      • Instruction Fuzzy Hash: 3D51CF36A58A5182E7259B29C040238B7A1FB44B59FF44131CE4EE77A4DF3AEC83C750
      Function 00007FF7870521A0 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
      • Instruction ID: cdd55183b9c8f05cbddbaf6ed7041ddb32aed2841511eb16ed51dba09af47cf0
      • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
      • Instruction Fuzzy Hash: E25190B6A5865185E7249B29C04023CB7A0FF58B58FF84131CE4EE7798CB3AE893C750
      Function 00007FF787056030 Relevance: .1, Instructions: 138COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
      • Instruction ID: 04f2f3868b52e2f94a6c42cacbdaa82512e367d6a2f4acb704fba4f52d06935b
      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
      • Instruction Fuzzy Hash: 1F417152DD964A04F9A5991805146B9E680BF23FA0DF863B4DD9BF73D3CD0E698BC220
      Function 00007FF78705A530 Relevance: .1, Instructions: 126COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ErrorFreeHeapLast
      • String ID:
      • API String ID: 485612231-0
      • Opcode ID: 7207d2828b21fefb3f30a877494a06cb20516b4d86b30a5eda9c739e5360529e
      • Instruction ID: c351152003b3cc82dbb5504ba943803640afebe10c774c35630a53697304a5fb
      • Opcode Fuzzy Hash: 7207d2828b21fefb3f30a877494a06cb20516b4d86b30a5eda9c739e5360529e
      • Instruction Fuzzy Hash: 24411562B18A5881FF14DF2AD924169B391B748FD0B989032DE0EDBB68DE3DD482C350
      Function 00007FF787057D98 Relevance: .1, Instructions: 98COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9a995e5fc84bafd528f225b35c170f98e6cc3b92f214e8a834a3db34d2346d02
      • Instruction ID: f3f6dbc7c14fa17223959e490a70c3e8559ce3bf2076e8113202c54cc8da7d7d
      • Opcode Fuzzy Hash: 9a995e5fc84bafd528f225b35c170f98e6cc3b92f214e8a834a3db34d2346d02
      • Instruction Fuzzy Hash: 3F31B332B58B4281E764EF25644013EA6D5BB84B90FA85238EA5EE3BD6DF3CD402D714
      Function 00007FF787069F40 Relevance: .0, Instructions: 32COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d9053913a188439c949862f5252d0d96588d6a3198c5220388b8f4d277b857ee
      • Instruction ID: 5f78039fd7df482c486b0c2cc2dda80eeab43d241f7fa3d2d24ff180f06f7c5d
      • Opcode Fuzzy Hash: d9053913a188439c949862f5252d0d96588d6a3198c5220388b8f4d277b857ee
      • Instruction Fuzzy Hash: 12F068717682558ADB949F29E80262977D0FB483C1FD0803DE58DC3F04D63C9052CF14
      Function 00007FF78704C860 Relevance: .0, Instructions: 2COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: cfc8547ea6af2cfbec2828df990cd3d0a6205bb3f5e3ae253026f3a9dd74dc92
      • Instruction ID: 66014a8015977c60aff5065bd10bc20e044b3e57ba3d76271d93476e570d086b
      • Opcode Fuzzy Hash: cfc8547ea6af2cfbec2828df990cd3d0a6205bb3f5e3ae253026f3a9dd74dc92
      • Instruction Fuzzy Hash: 7FA001A1A89902E1E644AB50A861071A261BB51308BF04035D40EC51A0EF2CE543C221
      Function 00007FF7870451F0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: AddressProc
      • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
      • API String ID: 190572456-4266016200
      • Opcode ID: f2f88704c5d1e061734efcee993fe9c6dd7b1185595c7391647c05c7e9d36fbf
      • Instruction ID: ac3b685d3c66b35f40626eb50fb285860dc1ee6b5efefc90d13a9a03beee75c8
      • Opcode Fuzzy Hash: f2f88704c5d1e061734efcee993fe9c6dd7b1185595c7391647c05c7e9d36fbf
      • Instruction Fuzzy Hash: 52129764BCAB0390FA15FB04EC61175A7A1BF05798BF49436C84FC62A4EF7CB54AC221
      Function 00007FF787041710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message
      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
      • API String ID: 2030045667-3833288071
      • Opcode ID: 71416f08d0115de5e9be55a7f71c4a67e8cf22d25efc3be865573d17d420391b
      • Instruction ID: 6cab75308c08d4461ed46226ca9ee82ff7d1c77ec29b4da1652fbc80a9380db8
      • Opcode Fuzzy Hash: 71416f08d0115de5e9be55a7f71c4a67e8cf22d25efc3be865573d17d420391b
      • Instruction Fuzzy Hash: 41519161B8864385EA10FB25E8512B9E391BF44B98FF44435DE0EC7696EF3CE546C720
      Function 00007FF7870412B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message_fread_nolock
      • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
      • API String ID: 3065259568-2316137593
      • Opcode ID: fe5706f6e31b9bb9e24bd14d35a9aad1094ff34984450d040fa2bf53573d028d
      • Instruction ID: 7084ccd087eb73e59b60e5425c2c061704983d9f19431dc708db3f7c3cdfa345
      • Opcode Fuzzy Hash: fe5706f6e31b9bb9e24bd14d35a9aad1094ff34984450d040fa2bf53573d028d
      • Instruction Fuzzy Hash: E0519461B8968345EA20B721A4522BAA394BF447C8FF04031EE5FC7A86EE7CE543C750
      Function 00007FF7870423F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
      • String ID: P%
      • API String ID: 2147705588-2959514604
      • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
      • Instruction ID: 1abd27f8a47f5b6f8b5dd79974f6fe1177ff143419abd8d1171560012716352b
      • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
      • Instruction Fuzzy Hash: CC51F8666147A186D634AF26A0181BAF7A1FB98B65F104121EBCFC3694DF7CD086DB20
      Function 00007FF7870568A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: -$:$f$p$p
      • API String ID: 3215553584-2013873522
      • Opcode ID: 17c3eaeb34264a701bb66d7ce4ab8a897af2982fe98c3a48157bd34433a5c608
      • Instruction ID: f6ecf11980ffac16c734cea0f38c942f97061c107c91f26183ef0d88c9335073
      • Opcode Fuzzy Hash: 17c3eaeb34264a701bb66d7ce4ab8a897af2982fe98c3a48157bd34433a5c608
      • Instruction Fuzzy Hash: AF12B462E4C14386FB20BA14D1542B9F6A1FB42B54FE44435E68BE76C4DF3DE882DB24
      Function 00007FF787051208 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: f$f$p$p$f
      • API String ID: 3215553584-1325933183
      • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
      • Instruction ID: 35e6e167adde4fc5caa96c41d9dcf29b6d8d9b3d32315f1060566de577a325ed
      • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
      • Instruction Fuzzy Hash: 50129172E4C14386FB20BB14D0546B9F262FB40756FE84135E69BE66C4DB7CE886CB21
      Function 00007FF7870415A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message
      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
      • API String ID: 2030045667-3659356012
      • Opcode ID: 805e2a61b0ec11e1e273d69fb2577a02836caa060e39109d3b34f2006f9c3b9a
      • Instruction ID: 934083da33ccc1fc7033de12101979525cb3bd7123f03e890c4719cfb8486b60
      • Opcode Fuzzy Hash: 805e2a61b0ec11e1e273d69fb2577a02836caa060e39109d3b34f2006f9c3b9a
      • Instruction Fuzzy Hash: 7D316F61B8864295EA20BB51A4115BAE391BF04BD8FF84031DE4FD7A55EE3CE543C720
      Function 00007FF787048090 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
      • String ID: CreateProcessW$Error creating child process!
      • API String ID: 2895956056-3524285272
      • Opcode ID: 08988cee581fa2f1300347ff32b1d9c8d82b1f49edf068ad7517d4b354b7a22a
      • Instruction ID: 001c138eafcd4d5d0239172db5daa8f1536a19e16c9f5e1de644c0f586bb1fb4
      • Opcode Fuzzy Hash: 08988cee581fa2f1300347ff32b1d9c8d82b1f49edf068ad7517d4b354b7a22a
      • Instruction Fuzzy Hash: 6D418471A48B8681DA20EB24E4552AAF361FF94364FA00735E6AEC77D5DF7CD045CB10
      Function 00007FF78704EC00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
      • String ID: csm$csm$csm
      • API String ID: 849930591-393685449
      • Opcode ID: 5b2106ab85fd7efcab108e3077ecf48f9db79865e243ba23a6eb4b146be1c4dd
      • Instruction ID: 4eb87ca77c2b810db6cdde83f4af445e311166ac414ccf1f784a75c0fd59ac48
      • Opcode Fuzzy Hash: 5b2106ab85fd7efcab108e3077ecf48f9db79865e243ba23a6eb4b146be1c4dd
      • Instruction Fuzzy Hash: 4DE1A372A4874186EB20AF65D4422ADB7A0FB4479CFA40535EE4ED7B96CF38E182C750
      Function 00007FF787041050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message
      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
      • API String ID: 2030045667-2813020118
      • Opcode ID: 55ccc0727fab39dc9bb8f633fc671205a05622b8bc078318a810c7f653032360
      • Instruction ID: 49daf224633b1ad1a05b6e756c1ff7f49a5badb5336ee59c50f4f0472af1643e
      • Opcode Fuzzy Hash: 55ccc0727fab39dc9bb8f633fc671205a05622b8bc078318a810c7f653032360
      • Instruction Fuzzy Hash: D151E162B49A8281EA20BB11E4513BAE391FF84798FE44131EE4FC7795EE3CE556C710
      Function 00007FF78705F2D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FreeLibrary.KERNEL32(?,?,?,00007FF78705F66A,?,?,-00000018,00007FF78705B417,?,?,?,00007FF78705B30E,?,?,?,00007FF787056552), ref: 00007FF78705F44C
      • GetProcAddress.KERNEL32(?,?,?,00007FF78705F66A,?,?,-00000018,00007FF78705B417,?,?,?,00007FF78705B30E,?,?,?,00007FF787056552), ref: 00007FF78705F458
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: AddressFreeLibraryProc
      • String ID: api-ms-$ext-ms-
      • API String ID: 3013587201-537541572
      • Opcode ID: d9a2a87bd09a281b138f83e486683d1d3e88d7d7cd724ecba9763c018ac5b270
      • Instruction ID: 0749daf315a17f4fc6329acd60d625b83dae9f650c205f209c5c135bd3201b51
      • Opcode Fuzzy Hash: d9a2a87bd09a281b138f83e486683d1d3e88d7d7cd724ecba9763c018ac5b270
      • Instruction Fuzzy Hash: F941E261B99A4241FB15EB16A804575A391BF44BE0FF84635DD1EEB784DE3CF48BC220
      Function 00007FF7870487B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
      Download Yara Rule
      APIs
      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787048847
      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF78704889E
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ByteCharMultiWide
      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
      • API String ID: 626452242-27947307
      • Opcode ID: cebc729a5b9297ab91709ea31429c1993552edd1e928e0a6d012630ecbb99c6d
      • Instruction ID: 89ed03ffa73ed652faadaba44ac3f555295e6c30e1ec90860ebd49448876e064
      • Opcode Fuzzy Hash: cebc729a5b9297ab91709ea31429c1993552edd1e928e0a6d012630ecbb99c6d
      • Instruction Fuzzy Hash: D7419232A4CB8282E660EF15B88117AF7A1FB84794FA44535DA8EC7B94DF3CE446D710
      Function 00007FF787048CF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
      Download Yara Rule
      APIs
      • WideCharToMultiByte.KERNEL32(?,00007FF7870439EA), ref: 00007FF787048D31
        • Part of subcall function 00007FF7870429E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7870488F2,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787042A14
        • Part of subcall function 00007FF7870429E0: MessageBoxW.USER32 ref: 00007FF787042AF0
      • WideCharToMultiByte.KERNEL32(?,00007FF7870439EA), ref: 00007FF787048DA5
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ByteCharMultiWide$ErrorLastMessage
      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
      • API String ID: 3723044601-27947307
      • Opcode ID: e6417f1fd93d5a3f3fa94280b6e7ffe8603b6bf672e9512117038c3495c1cbe3
      • Instruction ID: 2b0abc61ec07a2fc61d2ec810f4b4f735d9d3767509ef53ffb402004262990c7
      • Opcode Fuzzy Hash: e6417f1fd93d5a3f3fa94280b6e7ffe8603b6bf672e9512117038c3495c1cbe3
      • Instruction Fuzzy Hash: AB218921B4DB4695EA10FF12A851068B761BB94B84FA48535CA4EC7794EF3CE542C310
      Function 00007FF7870475B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo$_fread_nolock
      • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
      • API String ID: 3231891352-3501660386
      • Opcode ID: 09136e9433c03fe3f7d45f26f8c4a6b4af7ddc229976618ec4ccfee91dd6a0ed
      • Instruction ID: 222a3407fd18095f9db04d5610e1b6a065798c5bce3ee42427c0ae88471ac0dc
      • Opcode Fuzzy Hash: 09136e9433c03fe3f7d45f26f8c4a6b4af7ddc229976618ec4ccfee91dd6a0ed
      • Instruction Fuzzy Hash: CC518E60A8D64345FA20B72599122B9E291BF847D8FF85031E91FC66D7EE2CE403C360
      Function 00007FF78704DEB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • LoadLibraryExW.KERNEL32(?,?,?,00007FF78704E16A,?,?,?,00007FF78704DE5C,?,?,00000001,00007FF78704DA79), ref: 00007FF78704DF3D
      • GetLastError.KERNEL32(?,?,?,00007FF78704E16A,?,?,?,00007FF78704DE5C,?,?,00000001,00007FF78704DA79), ref: 00007FF78704DF4B
      • LoadLibraryExW.KERNEL32(?,?,?,00007FF78704E16A,?,?,?,00007FF78704DE5C,?,?,00000001,00007FF78704DA79), ref: 00007FF78704DF75
      • FreeLibrary.KERNEL32(?,?,?,00007FF78704E16A,?,?,?,00007FF78704DE5C,?,?,00000001,00007FF78704DA79), ref: 00007FF78704DFBB
      • GetProcAddress.KERNEL32(?,?,?,00007FF78704E16A,?,?,?,00007FF78704DE5C,?,?,00000001,00007FF78704DA79), ref: 00007FF78704DFC7
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Library$Load$AddressErrorFreeLastProc
      • String ID: api-ms-
      • API String ID: 2559590344-2084034818
      • Opcode ID: 9872d352a920fe7d45116cdfab482bad5ae926fb7a0a3cc3bdcd692ff81b7137
      • Instruction ID: c07bdf4b7c8176df76be10e8db34eae89f7d4e34a7ce30649fbba579ed4f0213
      • Opcode Fuzzy Hash: 9872d352a920fe7d45116cdfab482bad5ae926fb7a0a3cc3bdcd692ff81b7137
      • Instruction Fuzzy Hash: CB31CE61A5E74690EA21BB02A801674A3D4BF48BA8FB90534DE1FDA794DF3CE042C320
      Function 00007FF787047430 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF787048BE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF787042ABB), ref: 00007FF787048C1A
      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7870479B1,00000000,?,00000000,00000000,?,00007FF78704154F), ref: 00007FF78704748F
        • Part of subcall function 00007FF787042B30: MessageBoxW.USER32 ref: 00007FF787042C05
      Strings
      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF787047466
      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7870474A3
      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7870474EA
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
      • API String ID: 1662231829-3498232454
      • Opcode ID: a6769069b43094e92c25388bb7d575f5882588fe847eb7774431a04802112af4
      • Instruction ID: edcc2116df662cfb14954fe3cbca1065bda49ed78b198a3f7a459584095d76e1
      • Opcode Fuzzy Hash: a6769069b43094e92c25388bb7d575f5882588fe847eb7774431a04802112af4
      • Instruction Fuzzy Hash: DE318451B9C78241FA20F721A5623BA9251BF987C8FE85431DA4FC6696EE6CE106C620
      Function 00007FF787048BE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF787042ABB), ref: 00007FF787048C1A
        • Part of subcall function 00007FF7870429E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7870488F2,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787042A14
        • Part of subcall function 00007FF7870429E0: MessageBoxW.USER32 ref: 00007FF787042AF0
      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF787042ABB), ref: 00007FF787048CA0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ByteCharMultiWide$ErrorLastMessage
      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
      • API String ID: 3723044601-876015163
      • Opcode ID: 09c1cb52e29b37b13c815ee5671634a1c58a10b3f0e15c01f1b1ef5aa1f1899b
      • Instruction ID: f0ebbd10492cff714b98ca3243f1d9e50f9ee9c1d1b212923894f797d3e5c44f
      • Opcode Fuzzy Hash: 09c1cb52e29b37b13c815ee5671634a1c58a10b3f0e15c01f1b1ef5aa1f1899b
      • Instruction Fuzzy Hash: 89215066B4CA4681EA50EB16F851069E361BB887C8FA84531DB4DC3BA9EE2DD542C710
      Function 00007FF787048660 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
      • String ID:
      • API String ID: 995526605-0
      • Opcode ID: 33ba570f6722ec1355749e7399f5cd2e29d667ed8d9e30a05122691428ccf913
      • Instruction ID: b74bce88c92ae8aacabd4ac151e66ed274497892519aee02456cf386b38265ea
      • Opcode Fuzzy Hash: 33ba570f6722ec1355749e7399f5cd2e29d667ed8d9e30a05122691428ccf913
      • Instruction Fuzzy Hash: 3821843174874242EA10AB55E49112AF7A0FF857E8FB04631DAAEC3BE4DF6CE446C720
      Function 00007FF78705B810 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Value$ErrorLast
      • String ID:
      • API String ID: 2506987500-0
      • Opcode ID: 139d7bc547cb1cb8962b7901dc7ecb8c361af24a82b12e2272b260804a9b77c7
      • Instruction ID: a14396f23c80eea598e87838d4c3f3f8eff5696f964fb1c60ac1a8d871e96349
      • Opcode Fuzzy Hash: 139d7bc547cb1cb8962b7901dc7ecb8c361af24a82b12e2272b260804a9b77c7
      • Instruction Fuzzy Hash: 19213924E8924241FA687B615652139E2827F447B8FF45738E93FEA7D6DE2CB403C320
      Function 00007FF7870686BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
      • String ID: CONOUT$
      • API String ID: 3230265001-3130406586
      • Opcode ID: dc1a3cb66a96e2c92b05876df44f34e6b44b08b84d7dcdae92150d4fed606b6a
      • Instruction ID: 973c1e1a38c19d0b3f4afbc968480fa287bc9bed74c4cbcf0c4ab8d978c132c6
      • Opcode Fuzzy Hash: dc1a3cb66a96e2c92b05876df44f34e6b44b08b84d7dcdae92150d4fed606b6a
      • Instruction Fuzzy Hash: 22119661B58B4186E750AB42E864329B7A0FB88FE8FA44234D95FC77A4DF3CD445C750
      Function 00007FF787048980 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 59COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF787048660: GetCurrentProcess.KERNEL32 ref: 00007FF787048680
        • Part of subcall function 00007FF787048660: OpenProcessToken.ADVAPI32 ref: 00007FF787048691
        • Part of subcall function 00007FF787048660: GetTokenInformation.ADVAPI32 ref: 00007FF7870486B6
        • Part of subcall function 00007FF787048660: GetLastError.KERNEL32 ref: 00007FF7870486C0
        • Part of subcall function 00007FF787048660: GetTokenInformation.ADVAPI32 ref: 00007FF787048700
        • Part of subcall function 00007FF787048660: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF78704871C
        • Part of subcall function 00007FF787048660: CloseHandle.KERNEL32 ref: 00007FF787048734
      • LocalFree.KERNEL32(00000000,00007FF787043B6E), ref: 00007FF787048A0C
      • LocalFree.KERNEL32 ref: 00007FF787048A15
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PATH_MAX!
      • API String ID: 6828938-1817031585
      • Opcode ID: 205b7d1dfb2922ffea14e43b9fff2feb2a6941106c301a2985194d40b60a609a
      • Instruction ID: 215eb794ef5c3e60ac827038152f6b4692947e01ea741d2419de4f647af3cbc8
      • Opcode Fuzzy Hash: 205b7d1dfb2922ffea14e43b9fff2feb2a6941106c301a2985194d40b60a609a
      • Instruction Fuzzy Hash: B6218E21A8C78A91FA14BB20E4962F9A361BF54788FE44531E90FD77D2DE3CE546C260
      Function 00007FF78705B988 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,?,00007FF7870555CD,?,?,?,?,00007FF78705F2BF,?,?,00000000,00007FF78705BAA6,?,?,?), ref: 00007FF78705B997
      • FlsSetValue.KERNEL32(?,?,?,00007FF7870555CD,?,?,?,?,00007FF78705F2BF,?,?,00000000,00007FF78705BAA6,?,?,?), ref: 00007FF78705B9CD
      • FlsSetValue.KERNEL32(?,?,?,00007FF7870555CD,?,?,?,?,00007FF78705F2BF,?,?,00000000,00007FF78705BAA6,?,?,?), ref: 00007FF78705B9FA
      • FlsSetValue.KERNEL32(?,?,?,00007FF7870555CD,?,?,?,?,00007FF78705F2BF,?,?,00000000,00007FF78705BAA6,?,?,?), ref: 00007FF78705BA0B
      • FlsSetValue.KERNEL32(?,?,?,00007FF7870555CD,?,?,?,?,00007FF78705F2BF,?,?,00000000,00007FF78705BAA6,?,?,?), ref: 00007FF78705BA1C
      • SetLastError.KERNEL32(?,?,?,00007FF7870555CD,?,?,?,?,00007FF78705F2BF,?,?,00000000,00007FF78705BAA6,?,?,?), ref: 00007FF78705BA37
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Value$ErrorLast
      • String ID:
      • API String ID: 2506987500-0
      • Opcode ID: 312b5f2dcd4511434fc9e888aff7e7a4818cf3686b871577b38ae952f3f4b727
      • Instruction ID: 72c3124ddf8c65e66eee4ed08f9cb973de0be08dbb6730c52a3af1499557c393
      • Opcode Fuzzy Hash: 312b5f2dcd4511434fc9e888aff7e7a4818cf3686b871577b38ae952f3f4b727
      • Instruction Fuzzy Hash: 5F114D24A8964242FA557B315655139E2927F447B4FF44734D83FE67D6DE2CB403C220
      Function 00007FF78704D878 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
      • String ID: csm$f
      • API String ID: 2395640692-629598281
      • Opcode ID: 693f609b9fae876419381cc446d630854629708ee6e32f1efd9795666748e69d
      • Instruction ID: c9c2345f784b8284402b48542b1985f7c125edc23a5b6fd8d1fa4c61c84b7575
      • Opcode Fuzzy Hash: 693f609b9fae876419381cc446d630854629708ee6e32f1efd9795666748e69d
      • Instruction Fuzzy Hash: A851B132B5D60686D714EF15E405A29B795FB80B8CFA08174DB4F87748DF78E842C724
      Function 00007FF787042600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
      • String ID: Unhandled exception in script
      • API String ID: 3081866767-2699770090
      • Opcode ID: a12303a3c26076ce2175f5d492329d921759a703778d83afdb375b2ac0be3d2c
      • Instruction ID: 14c148cd19061d00335e973dd00ff133d4a79151ffbde3986cb0083485b03fbf
      • Opcode Fuzzy Hash: a12303a3c26076ce2175f5d492329d921759a703778d83afdb375b2ac0be3d2c
      • Instruction Fuzzy Hash: EA314E72659A8285EB20EB21E8551F9A360FF88788FA40135EA4ECBB59DF3CD146C710
      Function 00007FF7870429E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7870488F2,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787042A14
        • Part of subcall function 00007FF787048570: GetLastError.KERNEL32(00000000,00007FF787042A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787048597
        • Part of subcall function 00007FF787048570: FormatMessageW.KERNEL32 ref: 00007FF7870485C6
        • Part of subcall function 00007FF787048BE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF787042ABB), ref: 00007FF787048C1A
      • MessageBoxW.USER32 ref: 00007FF787042AF0
      • MessageBoxA.USER32 ref: 00007FF787042B0C
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message$ErrorLast$ByteCharFormatMultiWide
      • String ID: %s%s: %s$Fatal error detected
      • API String ID: 2806210788-2410924014
      • Opcode ID: 17bde7baa48798fc9044701dc9e2f5590094afa9c40027f5b89001a931553ba1
      • Instruction ID: a014dadbde3fe6e777d3dfdca4cf0a3caef1b544e245d93e588001b55f225989
      • Opcode Fuzzy Hash: 17bde7baa48798fc9044701dc9e2f5590094afa9c40027f5b89001a931553ba1
      • Instruction Fuzzy Hash: 2831547276868191E630BB10E4516EAB364FF847C8F904036EA8E86A99DF3CD746CB50
      Function 00007FF78705A118 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: AddressFreeHandleLibraryModuleProc
      • String ID: CorExitProcess$mscoree.dll
      • API String ID: 4061214504-1276376045
      • Opcode ID: 6d37f3dc48988a17a5a16ca308b3de1e776b5d3bd2cbadce22e8a62f3d793b7e
      • Instruction ID: 68f004facb1f64c48226c475bac6b3d63adaa97b613769e13870029968df266b
      • Opcode Fuzzy Hash: 6d37f3dc48988a17a5a16ca308b3de1e776b5d3bd2cbadce22e8a62f3d793b7e
      • Instruction Fuzzy Hash: 67F04FA1B4970291EB10AB24E854379A760FF887A5FF45235C56FCA2E4CF3CD486C364
      Function 00007FF787069D40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _set_statfp
      • String ID:
      • API String ID: 1156100317-0
      • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
      • Instruction ID: 4f17307572dd77b04819ce8da0f928d6af164a69b088a251309892b1c243a307
      • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
      • Instruction Fuzzy Hash: E3118666FACB0341F69431A8D46E37690407FA5374FA48639E76F86AD6CE6C6843D120
      Function 00007FF78705BA50 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FlsGetValue.KERNEL32(?,?,?,00007FF78705AC67,?,?,00000000,00007FF78705AF02,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705BA6F
      • FlsSetValue.KERNEL32(?,?,?,00007FF78705AC67,?,?,00000000,00007FF78705AF02,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705BA8E
      • FlsSetValue.KERNEL32(?,?,?,00007FF78705AC67,?,?,00000000,00007FF78705AF02,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705BAB6
      • FlsSetValue.KERNEL32(?,?,?,00007FF78705AC67,?,?,00000000,00007FF78705AF02,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705BAC7
      • FlsSetValue.KERNEL32(?,?,?,00007FF78705AC67,?,?,00000000,00007FF78705AF02,?,?,?,?,?,00007FF7870531CC), ref: 00007FF78705BAD8
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Value
      • String ID:
      • API String ID: 3702945584-0
      • Opcode ID: f70ee7c89560e3a3f945a0093c6d62eaa63281c746b4319ca03f88377ac2e8f0
      • Instruction ID: 3d66e0708884dad32471475fe43868b40e119c7a0912c7e1a0e7c730bdc0971c
      • Opcode Fuzzy Hash: f70ee7c89560e3a3f945a0093c6d62eaa63281c746b4319ca03f88377ac2e8f0
      • Instruction Fuzzy Hash: B6116D24E8924241FA59BB35955127A92917F443B4FF45334E83FE67E6DE2CB403C220
      Function 00007FF78705B8E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Value
      • String ID:
      • API String ID: 3702945584-0
      • Opcode ID: 3273ad673f3a21db5857e5805e11896850ae06cc08c5864d6916b14b2a868b9d
      • Instruction ID: 11069803a8db8c8d439d1ccecbe281c0b7a95e0c6ae10aed3a2dd07de5fa2e80
      • Opcode Fuzzy Hash: 3273ad673f3a21db5857e5805e11896850ae06cc08c5864d6916b14b2a868b9d
      • Instruction Fuzzy Hash: 1C11F764E8920741FA687A3154622BA92817F45378EF81734E93FEA3E2DD2DB443C231
      Function 00007FF7870565B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: verbose
      • API String ID: 3215553584-579935070
      • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
      • Instruction ID: 8d0d0fb9e0f2e69c8f2b54588df0c74e80535f3e245f86a32e8b46d3c14178da
      • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
      • Instruction Fuzzy Hash: A991C032E48A4A81E721AA25D45077DB7A1BB02F54FE44236DA5FE73D5DE3CE846C320
      Function 00007FF7870606A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: UTF-16LEUNICODE$UTF-8$ccs
      • API String ID: 3215553584-1196891531
      • Opcode ID: 8562a2ddaa4935eebf24a1799f06cf0f98d553335d1454eb5137ecb29e0aa9bc
      • Instruction ID: 4f79049a80fb6667169e9591839a32d011316a4351cf9c96b228e656b1be953d
      • Opcode Fuzzy Hash: 8562a2ddaa4935eebf24a1799f06cf0f98d553335d1454eb5137ecb29e0aa9bc
      • Instruction Fuzzy Hash: A381A472FCC30289FB64AE258130A78A690FB11B44FF5C035DA9BD7295DA2DE903D761
      Function 00007FF78704F0D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CallEncodePointerTranslator
      • String ID: MOC$RCC
      • API String ID: 3544855599-2084237596
      • Opcode ID: 93df84ad8f7e49cea4bf2fe45b974ce3ad7a793f20ece70ff6f590e0afe80a83
      • Instruction ID: c603ade787927d79dc127d5c1354413d7cab3f04b718ea448ef62351c3c025d6
      • Opcode Fuzzy Hash: 93df84ad8f7e49cea4bf2fe45b974ce3ad7a793f20ece70ff6f590e0afe80a83
      • Instruction Fuzzy Hash: 80618E36A08B458AE710EF65D4413ADB7A0FB44B8CF684225EF4E57BA5CF78E146C710
      Function 00007FF78704F434 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
      • String ID: csm$csm
      • API String ID: 3896166516-3733052814
      • Opcode ID: bb0dbae594e6361f888f3677e997f8fccf17b68f1c0f59f7e08c923b6417c7cb
      • Instruction ID: 8b300c3ee5211f2345ccce90b2b4cc94ee5322e631f8cb6e4d06c8dbe88a7727
      • Opcode Fuzzy Hash: bb0dbae594e6361f888f3677e997f8fccf17b68f1c0f59f7e08c923b6417c7cb
      • Instruction Fuzzy Hash: 8E51B17294824286EB64AF159146368B7A1FB54B8CFA84135DB8EC7BD5CF3CF452CB10
      Function 00007FF787042890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message$ByteCharMultiWide
      • String ID: %s%s: %s$Fatal error detected
      • API String ID: 1878133881-2410924014
      • Opcode ID: 6a476509950944f0bc5995eed920a659af08b50e3adf8d3da3d7a8787779b220
      • Instruction ID: 7a3cd5dc70273c504e15c903c00f0d6f3a9d7782710b9d4a5010444a859d2758
      • Opcode Fuzzy Hash: 6a476509950944f0bc5995eed920a659af08b50e3adf8d3da3d7a8787779b220
      • Instruction Fuzzy Hash: 90314472768A8191E620F710E4516EAA364FF847C8FD04136E68EC7A99DF3CD746CB50
      Function 00007FF787043ED0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
      Download Yara Rule
      APIs
      • GetModuleFileNameW.KERNEL32(?,00007FF7870439EA), ref: 00007FF787043F01
        • Part of subcall function 00007FF7870429E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7870488F2,?,?,?,?,?,?,?,?,?,?,?,00007FF78704101D), ref: 00007FF787042A14
        • Part of subcall function 00007FF7870429E0: MessageBoxW.USER32 ref: 00007FF787042AF0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ErrorFileLastMessageModuleName
      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
      • API String ID: 2581892565-1977442011
      • Opcode ID: c9992ac3e2ed13633c6ba0b01859201a2f46c5392c0b9f9a2e333adda7e2bc80
      • Instruction ID: 340179a183696405aed77e8331b42152a729115be9443a6f3cd41abb265c4639
      • Opcode Fuzzy Hash: c9992ac3e2ed13633c6ba0b01859201a2f46c5392c0b9f9a2e333adda7e2bc80
      • Instruction Fuzzy Hash: F3017121B9D74280FE60B720D8563B6D291BF5878CFE01431D94FC6692EE2CE146C720
      Function 00007FF78705CC60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: FileWrite$ConsoleErrorLastOutput
      • String ID:
      • API String ID: 2718003287-0
      • Opcode ID: ac6203f977c47ba8bc2a8f0cb0d6a0086fe2a36fe5d42d2389b6d07504d3a7ef
      • Instruction ID: afa55c529ca550285ccb7d665d9dfa507d76efa7f8bf621da27a352b8ffed931
      • Opcode Fuzzy Hash: ac6203f977c47ba8bc2a8f0cb0d6a0086fe2a36fe5d42d2389b6d07504d3a7ef
      • Instruction Fuzzy Hash: 89D10532B18B8589E710EF65D4402ADB7B1FB45798BA44236CE5EE7B99DE38D407C320
      Function 00007FF78705D620 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
      Download Yara Rule
      APIs
      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF78705D60B), ref: 00007FF78705D73C
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF78705D60B), ref: 00007FF78705D7C7
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ConsoleErrorLastMode
      • String ID:
      • API String ID: 953036326-0
      • Opcode ID: fbcfe551b9719c6229bed95fc105e51a183c6d2ac5964edc4a317e2464c7d24a
      • Instruction ID: 3765a0a5f80e3534242bed732f390cf31ca85895ffacaab9227ac9072f7b93cc
      • Opcode Fuzzy Hash: fbcfe551b9719c6229bed95fc105e51a183c6d2ac5964edc4a317e2464c7d24a
      • Instruction Fuzzy Hash: 68919462E4C65A85F750EF6594802BDABA0FB44B88FF44136DE4FE6685DE38D483C320
      Function 00007FF78705FDEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _get_daylight$_isindst
      • String ID:
      • API String ID: 4170891091-0
      • Opcode ID: e30f49420ffe1712ec5869c52a61b1ecc0c505d60627fe33813fae1700624dd7
      • Instruction ID: 640bc2e99a690a5884239d9e72f306a79bc49336483fc838e1188e88b5d0d267
      • Opcode Fuzzy Hash: e30f49420ffe1712ec5869c52a61b1ecc0c505d60627fe33813fae1700624dd7
      • Instruction Fuzzy Hash: 9A51D172F442118AEB18EB6499556BCA7A1BF01358FE04235EE1FE6BE5DB3CA403C710
      Function 00007FF787055954 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
      • String ID:
      • API String ID: 2780335769-0
      • Opcode ID: 7cecb9a12d6adc5d813f4c9389116544f81f9d0d17ef3f6385b803a39347ee18
      • Instruction ID: d55b0f5dca8569ad442dc5a520846084c372f49c8e69f9d617806649b6344264
      • Opcode Fuzzy Hash: 7cecb9a12d6adc5d813f4c9389116544f81f9d0d17ef3f6385b803a39347ee18
      • Instruction Fuzzy Hash: 70516122A54A4189FB10EF61D4903BD77A2BF48B58FA48534DE4ED7689DF38D442C720
      Function 00007FF787055800 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
      • String ID:
      • API String ID: 1279662727-0
      • Opcode ID: b420e0b7dfce32a53a9c2cc964ca12eee711143eb7a99abbae090e51473720b6
      • Instruction ID: 3875d3835441e1cd73feae168fdfabdb03152de21b6a3d5356cae140b341e1c8
      • Opcode Fuzzy Hash: b420e0b7dfce32a53a9c2cc964ca12eee711143eb7a99abbae090e51473720b6
      • Instruction Fuzzy Hash: 7541B462D58B8283E710EB209510379A361FF94764FA08335E69DE7AD1DF6CA5A2C720
      Function 00007FF787042330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: LongWindow$DialogInvalidateRect
      • String ID:
      • API String ID: 1956198572-0
      • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
      • Instruction ID: 60f16d8806d1e3a4379a7d93dda077eff6c8490dbdeeb6cb93f9b4450815f575
      • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
      • Instruction Fuzzy Hash: B711A961F5825242F654AB6AF545279A2A1FF84B85FE4C030DA4A86B9ECD2CD4C2C610
      Function 00007FF78706638C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: _get_daylight$_invalid_parameter_noinfo
      • String ID: ?
      • API String ID: 1286766494-1684325040
      • Opcode ID: befcc0e810349c4ed10c4da0c5a0000f7d95c3550f016c8dbfb5e48fc73a8369
      • Instruction ID: 60b438c199ea9f8718d445208576b20cf9f306c846cdd225cc2c2f7ca4611d82
      • Opcode Fuzzy Hash: befcc0e810349c4ed10c4da0c5a0000f7d95c3550f016c8dbfb5e48fc73a8369
      • Instruction Fuzzy Hash: 3641F622F4838242FB64AB25A4613799A60FF817A4FB48235EF5F86AD5DE7CD442C710
      Function 00007FF7870596A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
      Download Yara Rule
      APIs
      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7870596D6
        • Part of subcall function 00007FF78705B00C: HeapFree.KERNEL32(?,?,?,00007FF787063492,?,?,?,00007FF7870634CF,?,?,00000000,00007FF787063995,?,?,00000000,00007FF7870638C7), ref: 00007FF78705B022
        • Part of subcall function 00007FF78705B00C: GetLastError.KERNEL32(?,?,?,00007FF787063492,?,?,?,00007FF7870634CF,?,?,00000000,00007FF787063995,?,?,00000000,00007FF7870638C7), ref: 00007FF78705B02C
      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF78704C0E5), ref: 00007FF7870596F4
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
      • String ID: C:\Users\user\Desktop\G6xnfES308.exe
      • API String ID: 3580290477-1140060590
      • Opcode ID: cbff3703d0eb5d814c918169503ff03d4f262caf6a9cc0de81f89f8799812d0b
      • Instruction ID: b05e1396dcf33cdb03f2b71990ae390fb843fb3d0500c863ad399472f00fc0e3
      • Opcode Fuzzy Hash: cbff3703d0eb5d814c918169503ff03d4f262caf6a9cc0de81f89f8799812d0b
      • Instruction Fuzzy Hash: 55418176A98B1286EB54FF6198500B9A794FF44794BF44036EA4FD3B85DE3DE482C320
      Function 00007FF78705D2F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ErrorFileLastWrite
      • String ID: U
      • API String ID: 442123175-4171548499
      • Opcode ID: 58f62ff0c7f7b6be9e4ecb54e809448fa16189ed2b231f8d6d1ca058d2495b08
      • Instruction ID: 88a4729119370f13bce08cdf1ab2620825598083c8fe908bf9c12ff31b0ce1d4
      • Opcode Fuzzy Hash: 58f62ff0c7f7b6be9e4ecb54e809448fa16189ed2b231f8d6d1ca058d2495b08
      • Instruction Fuzzy Hash: D741B362B19B4582EB20AF25E4843A9A760FB84794FE04032EE4ED7798DF7CD442CB50
      Function 00007FF78705FA18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: CurrentDirectory
      • String ID: :
      • API String ID: 1611563598-336475711
      • Opcode ID: c120b864dc14cbd6235dd72bea219c1032bae1501d376cd0c3e10e350c6f3e5b
      • Instruction ID: 054cdb4955284e2c1cc18aa39aa761b15c651177745a07ced24feae70ad742a3
      • Opcode Fuzzy Hash: c120b864dc14cbd6235dd72bea219c1032bae1501d376cd0c3e10e350c6f3e5b
      • Instruction Fuzzy Hash: 8221E6B2B4868181FB20AB11D04426EB3B1FB84B48FE54135DA4ED7784DF7CE946C761
      Function 00007FF787042C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: Message$ByteCharMultiWide
      • String ID: Error detected
      • API String ID: 1878133881-3513342764
      • Opcode ID: 6f9a1586ca547a3c2f77bf815536a5540435ab6ab19a441e761cc5e7daea12c4
      • Instruction ID: b849417f784ff0835041365c5ec136d00aba656cbac1e83f23e586489e41d887
      • Opcode Fuzzy Hash: 6f9a1586ca547a3c2f77bf815536a5540435ab6ab19a441e761cc5e7daea12c4
      • Instruction Fuzzy Hash: 2021367276868591EB20E710F4916EAB364FF84788FE05135E68EC7AA5DF3CD206C760
      Function 00007FF78704FF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: ExceptionFileHeaderRaise
      • String ID: csm
      • API String ID: 2573137834-1018135373
      • Opcode ID: 5da07f41cc1f2f0249302dc9aa2704e59a17d1d76e31cb25285a30e0af08f503
      • Instruction ID: 39bdb73fc4a319e8d298c368fedc0871eb8f39c84f8f741c1c6ace1d68fb6860
      • Opcode Fuzzy Hash: 5da07f41cc1f2f0249302dc9aa2704e59a17d1d76e31cb25285a30e0af08f503
      • Instruction Fuzzy Hash: D5113332618B4182DB519F15F450259B7E5FB88B88F684234DE8D87764DF3CD552C700
      Function 00007FF78706051C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2184363066.00007FF787041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF787040000, based on PE: true
      • Associated: 00000000.00000002.2184348939.00007FF787040000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184386615.00007FF78706B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF78707E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184436289.00007FF787080000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2184469018.00007FF787082000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff787040000_G6xnfES308.jbxd
      Similarity
      • API ID: DriveType_invalid_parameter_noinfo
      • String ID: :
      • API String ID: 2595371189-336475711
      • Opcode ID: 0484c027a31e3174e61c97ce986110c8cc183ac5b324247cdaa72bb813f071bc
      • Instruction ID: d23b0c3e12cf76ee3231e3f6baa211e5e474b8631a12e2b54c81e04fd14b2b0f
      • Opcode Fuzzy Hash: 0484c027a31e3174e61c97ce986110c8cc183ac5b324247cdaa72bb813f071bc
      • Instruction Fuzzy Hash: EA017C61AA874286FB21BF60947167EA3A0FF44708FE04035D55EC6695DE2CE546CA24