Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1fi2LiofgW.exe

Overview

General Information

Sample name:1fi2LiofgW.exe
renamed because original name is a hash value
Original sample name:0d85f603e33a017ed5067d14eb13954a.exe
Analysis ID:1581222
MD5:0d85f603e33a017ed5067d14eb13954a
SHA1:8d317b1fc2bd28e333ffad3c6fc6b881f2e92939
SHA256:79033b26b6d11e41e284d9c2702ebb58d32bf044e26fd27e14095f861465f8db
Tags:exeuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • 1fi2LiofgW.exe (PID: 7580 cmdline: "C:\Users\user\Desktop\1fi2LiofgW.exe" MD5: 0D85F603E33A017ED5067D14EB13954A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 1fi2LiofgW.exeReversingLabs: Detection: 21%
Source: 1fi2LiofgW.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91285A0 FindFirstFileExW,FindClose,0_2_00007FF6E91285A0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91279B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6E91279B0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9140B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6E9140B84
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9145C740_2_00007FF6E9145C74
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91210000_2_00007FF6E9121000
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9130A600_2_00007FF6E9130A60
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9148A380_2_00007FF6E9148A38
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9137AAC0_2_00007FF6E9137AAC
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91312800_2_00007FF6E9131280
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9128B200_2_00007FF6E9128B20
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91391B00_2_00007FF6E91391B0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E914518C0_2_00007FF6E914518C
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E913D2000_2_00007FF6E913D200
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9130C640_2_00007FF6E9130C64
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91314840_2_00007FF6E9131484
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9132CC40_2_00007FF6E9132CC4
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9140B840_2_00007FF6E9140B84
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E913FBD80_2_00007FF6E913FBD8
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91373F40_2_00007FF6E91373F4
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91433BC0_2_00007FF6E91433BC
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9130E700_2_00007FF6E9130E70
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9142F200_2_00007FF6E9142F20
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91457280_2_00007FF6E9145728
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9131F300_2_00007FF6E9131F30
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E913FBD80_2_00007FF6E913FBD8
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9144F100_2_00007FF6E9144F10
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E913CD6C0_2_00007FF6E913CD6C
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91295FB0_2_00007FF6E91295FB
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91310740_2_00007FF6E9131074
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91350400_2_00007FF6E9135040
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E913D8800_2_00007FF6E913D880
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91328C00_2_00007FF6E91328C0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E912979B0_2_00007FF6E912979B
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9129FCD0_2_00007FF6E9129FCD
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: String function: 00007FF6E91225F0 appears 50 times
Source: classification engineClassification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91229E0 GetLastError,FormatMessageW,MessageBoxW,0_2_00007FF6E91229E0
Source: 1fi2LiofgW.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\1fi2LiofgW.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 1fi2LiofgW.exeReversingLabs: Detection: 21%
Source: C:\Users\user\Desktop\1fi2LiofgW.exeFile read: C:\Users\user\Desktop\1fi2LiofgW.exeJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\1fi2LiofgW.exeSection loaded: wintypes.dllJump to behavior
Source: 1fi2LiofgW.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 1fi2LiofgW.exeStatic file information: File size 9696768 > 1048576
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 1fi2LiofgW.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: 1fi2LiofgW.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 1fi2LiofgW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 1fi2LiofgW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 1fi2LiofgW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 1fi2LiofgW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 1fi2LiofgW.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: 1fi2LiofgW.exeStatic PE information: real checksum: 0x1847e96 should be: 0x947f94
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9126EA0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6E9126EA0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17552
Source: C:\Users\user\Desktop\1fi2LiofgW.exeAPI coverage: 6.4 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91285A0 FindFirstFileExW,FindClose,0_2_00007FF6E91285A0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E91279B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6E91279B0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9140B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6E9140B84
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E912C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E912C44C
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9142790 GetProcessHeap,0_2_00007FF6E9142790
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E912C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E912C44C
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E912BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6E912BBC0
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E912C62C SetUnhandledExceptionFilter,0_2_00007FF6E912C62C
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9139924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E9139924
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E9148880 cpuid 0_2_00007FF6E9148880
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E912C330 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6E912C330
Source: C:\Users\user\Desktop\1fi2LiofgW.exeCode function: 0_2_00007FF6E914518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6E914518C

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
1fi2LiofgW.exe21%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1581222
    Start date and time:2024-12-27 08:46:00 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 14s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:2
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:1fi2LiofgW.exe
    renamed because original name is a hash value
    Original Sample Name:0d85f603e33a017ed5067d14eb13954a.exe
    Detection:MAL
    Classification:mal48.winEXE@1/0@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 98%
    • Number of executed functions: 20
    • Number of non-executed functions: 83
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe
    • Excluded IPs from analysis (whitelisted): 13.107.246.63
    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
    • Report size getting too big, too many NtSetInformationFile calls found.
    • VT rate limit hit for: 1fi2LiofgW.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    s-part-0035.t-0009.t-msedge.netzi042476Iv.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    54861 Proforma Invoice AMC2273745.xlam.xlsxGet hashmaliciousUnknownBrowse
    • 13.107.246.63
    TAX INVOICE - NBO2506000632.xlam.xlsxGet hashmaliciousUnknownBrowse
    • 13.107.246.63
    installer.batGet hashmaliciousVidarBrowse
    • 13.107.246.63
    din.exeGet hashmaliciousVidarBrowse
    • 13.107.246.63
    lem.exeGet hashmaliciousVidarBrowse
    • 13.107.246.63
    atw3.dllGet hashmaliciousGozi, UrsnifBrowse
    • 13.107.246.63
    WRD1792.docx.docGet hashmaliciousDynamerBrowse
    • 13.107.246.63
    0zBsv1tnt4.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32+ executable (GUI) x86-64, for MS Windows
    Entropy (8bit):7.99292771027448
    TrID:
    • Win64 Executable GUI (202006/5) 92.65%
    • Win64 Executable (generic) (12005/4) 5.51%
    • Generic Win/DOS Executable (2004/3) 0.92%
    • DOS Executable Generic (2002/1) 0.92%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:1fi2LiofgW.exe
    File size:9'696'768 bytes
    MD5:0d85f603e33a017ed5067d14eb13954a
    SHA1:8d317b1fc2bd28e333ffad3c6fc6b881f2e92939
    SHA256:79033b26b6d11e41e284d9c2702ebb58d32bf044e26fd27e14095f861465f8db
    SHA512:f97f505d93e119bbdc7bf806bbd9530da2a77fae8c48e23135b7fe67a0e2f55497d198b45a11905f0855a3f27d7633ba8c779746e46c5a7353679074431c9ead
    SSDEEP:196608:P/EkQuj27vgKaVx0sKYu/PaQts8v1kZ5R8yqEDPzMV:nEkQnvgKeQtss27CyDe
    TLSH:52A63347139209A2EA50513E400186295732BC41377CF7FB5B38F9791FBFEAEAA65B01
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc.....[hc...`.Qhc...g.Ihc...f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d..

    File Icon

    Icon Hash:44b27170b2706807

    Static PE Info

    General

    Entrypoint:0x14000c0d0
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Time Stamp:0x66B0ECA1 [Mon Aug 5 15:15:45 2024 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:456e8615ad4320c9f54e50319a19df9c

    Entrypoint Preview

    Instruction
    dec eax
    sub esp, 28h
    call 00007FCA655BCB0Ch
    dec eax
    add esp, 28h
    jmp 00007FCA655BC72Fh
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    dec eax
    sub esp, 28h
    call 00007FCA655BCED8h
    test eax, eax
    je 00007FCA655BC8D3h
    dec eax
    mov eax, dword ptr [00000030h]
    dec eax
    mov ecx, dword ptr [eax+08h]
    jmp 00007FCA655BC8B7h
    dec eax
    cmp ecx, eax
    je 00007FCA655BC8C6h
    xor eax, eax
    dec eax
    cmpxchg dword ptr [0003843Ch], ecx
    jne 00007FCA655BC8A0h
    xor al, al
    dec eax
    add esp, 28h
    ret
    mov al, 01h
    jmp 00007FCA655BC8A9h
    int3
    int3
    int3
    dec eax
    sub esp, 28h
    test ecx, ecx
    jne 00007FCA655BC8B9h
    mov byte ptr [00038425h], 00000001h
    call 00007FCA655BC005h
    call 00007FCA655BD2F0h
    test al, al
    jne 00007FCA655BC8B6h
    xor al, al
    jmp 00007FCA655BC8C6h
    call 00007FCA655C9DFFh
    test al, al
    jne 00007FCA655BC8BBh
    xor ecx, ecx
    call 00007FCA655BD300h
    jmp 00007FCA655BC89Ch
    mov al, 01h
    dec eax
    add esp, 28h
    ret
    int3
    int3
    inc eax
    push ebx
    dec eax
    sub esp, 20h
    cmp byte ptr [000383ECh], 00000000h
    mov ebx, ecx
    jne 00007FCA655BC919h
    cmp ecx, 01h
    jnbe 00007FCA655BC91Ch
    call 00007FCA655BCE4Eh
    test eax, eax
    je 00007FCA655BC8DAh
    test ebx, ebx
    jne 00007FCA655BC8D6h
    dec eax
    lea ecx, dword ptr [000383D6h]
    call 00007FCA655C9BF2h

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x3c76c0x78.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000xce34.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x2208.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x768.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x39dc00x1c.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39c800x140.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x450.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x292100x29400aca64598002ecff9eefbc96554edf015False0.5511067708333334data6.4784482217419175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x2b0000x126420x1280066146420f548cf2acca472542a84c0d8False0.5245460304054054data5.750861752432239IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x3e0000x73d80xe00d0a288978c66419b180b35f625b6dce7False0.13532366071428573data1.8378139998458343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .pdata0x460000x22080x240074cf3ea22e0a1756984435d6f80f7da5False0.4671223958333333data5.259201915045256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0x490000xce340xd000d717912eb54292316bc235b3159acb50False0.042367788461538464data3.816041843179243IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0x560000x7680x80071de9271648326ec88350e903470cf3eFalse0.5576171875data5.283119454571673IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_ICON0x490e80xc828Device independent bitmap graphic, 128 x 256 x 24, image size 512000.02777127244340359
    RT_GROUP_ICON0x559100x14data1.15
    RT_MANIFEST0x559240x50dXML 1.0 document, ASCII text0.4694508894044857

    Imports

    DLLImport
    USER32.dllCreateWindowExW, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
    COMCTL32.dll
    KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, FormatMessageW, GetModuleFileNameW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, GetEnvironmentStringsW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, WaitForSingleObject, Sleep, GetCurrentProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, IsProcessorFeaturePresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 27, 2024 08:46:50.520677090 CET1.1.1.1192.168.2.90xffa2No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
    Dec 27, 2024 08:46:50.520677090 CET1.1.1.1192.168.2.90xffa2No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:02:46:53
    Start date:27/12/2024
    Path:C:\Users\user\Desktop\1fi2LiofgW.exe
    Wow64 process (32bit):false
    Commandline:"C:\Users\user\Desktop\1fi2LiofgW.exe"
    Imagebase:0x7ff6e9120000
    File size:9'696'768 bytes
    MD5 hash:0D85F603E33A017ED5067D14EB13954A
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:5.2%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:19.6%
      Total number of Nodes:2000
      Total number of Limit Nodes:25
      execution_graph 19303 7ff6e913fbd8 19304 7ff6e913fbfc 19303->19304 19308 7ff6e913fc0c 19303->19308 19305 7ff6e91343f4 _get_daylight 11 API calls 19304->19305 19306 7ff6e913fc01 19305->19306 19307 7ff6e913feec 19309 7ff6e91343f4 _get_daylight 11 API calls 19307->19309 19308->19307 19310 7ff6e913fc2e 19308->19310 19311 7ff6e913fef1 19309->19311 19312 7ff6e913fc4f 19310->19312 19434 7ff6e9140294 19310->19434 19314 7ff6e9139c58 __free_lconv_num 11 API calls 19311->19314 19315 7ff6e913fcc1 19312->19315 19316 7ff6e913fcb5 19312->19316 19317 7ff6e913fc75 19312->19317 19314->19306 19319 7ff6e913dea8 _get_daylight 11 API calls 19315->19319 19332 7ff6e913fc84 19315->19332 19329 7ff6e913fd6e 19316->19329 19316->19332 19455 7ff6e914643c 19316->19455 19449 7ff6e91389d8 19317->19449 19321 7ff6e913fcd7 19319->19321 19324 7ff6e9139c58 __free_lconv_num 11 API calls 19321->19324 19323 7ff6e9139c58 __free_lconv_num 11 API calls 19323->19306 19330 7ff6e913fce5 19324->19330 19325 7ff6e913fc7f 19331 7ff6e91343f4 _get_daylight 11 API calls 19325->19331 19326 7ff6e913fddd 19326->19332 19336 7ff6e91426ec 40 API calls 19326->19336 19327 7ff6e913fd8b 19333 7ff6e9139c58 __free_lconv_num 11 API calls 19327->19333 19328 7ff6e913fc9d 19328->19316 19334 7ff6e9140294 45 API calls 19328->19334 19329->19326 19329->19327 19330->19316 19330->19332 19337 7ff6e913dea8 _get_daylight 11 API calls 19330->19337 19331->19332 19332->19323 19335 7ff6e913fd94 19333->19335 19334->19316 19343 7ff6e913fd99 19335->19343 19491 7ff6e91426ec 19335->19491 19338 7ff6e913fe1a 19336->19338 19341 7ff6e913fd07 19337->19341 19339 7ff6e9139c58 __free_lconv_num 11 API calls 19338->19339 19342 7ff6e913fe24 19339->19342 19346 7ff6e9139c58 __free_lconv_num 11 API calls 19341->19346 19342->19332 19342->19343 19344 7ff6e913fee0 19343->19344 19349 7ff6e913dea8 _get_daylight 11 API calls 19343->19349 19348 7ff6e9139c58 __free_lconv_num 11 API calls 19344->19348 19345 7ff6e913fdc5 19347 7ff6e9139c58 __free_lconv_num 11 API calls 19345->19347 19346->19316 19347->19343 19348->19306 19350 7ff6e913fe68 19349->19350 19351 7ff6e913fe79 19350->19351 19352 7ff6e913fe70 19350->19352 19354 7ff6e91397b4 __std_exception_copy 37 API calls 19351->19354 19353 7ff6e9139c58 __free_lconv_num 11 API calls 19352->19353 19355 7ff6e913fe77 19353->19355 19356 7ff6e913fe88 19354->19356 19361 7ff6e9139c58 __free_lconv_num 11 API calls 19355->19361 19357 7ff6e913ff1b 19356->19357 19358 7ff6e913fe90 19356->19358 19360 7ff6e9139c10 _isindst 17 API calls 19357->19360 19500 7ff6e9146554 19358->19500 19363 7ff6e913ff2f 19360->19363 19361->19306 19366 7ff6e913ff58 19363->19366 19373 7ff6e913ff68 19363->19373 19364 7ff6e913fed8 19369 7ff6e9139c58 __free_lconv_num 11 API calls 19364->19369 19365 7ff6e913feb7 19367 7ff6e91343f4 _get_daylight 11 API calls 19365->19367 19368 7ff6e91343f4 _get_daylight 11 API calls 19366->19368 19370 7ff6e913febc 19367->19370 19391 7ff6e913ff5d 19368->19391 19369->19344 19371 7ff6e9139c58 __free_lconv_num 11 API calls 19370->19371 19371->19355 19372 7ff6e914024b 19375 7ff6e91343f4 _get_daylight 11 API calls 19372->19375 19373->19372 19374 7ff6e913ff8a 19373->19374 19376 7ff6e913ffa7 19374->19376 19519 7ff6e914037c 19374->19519 19377 7ff6e9140250 19375->19377 19380 7ff6e914001b 19376->19380 19382 7ff6e913ffcf 19376->19382 19386 7ff6e914000f 19376->19386 19379 7ff6e9139c58 __free_lconv_num 11 API calls 19377->19379 19379->19391 19384 7ff6e9140043 19380->19384 19387 7ff6e913dea8 _get_daylight 11 API calls 19380->19387 19403 7ff6e913ffde 19380->19403 19381 7ff6e91400ce 19396 7ff6e91400eb 19381->19396 19404 7ff6e914013e 19381->19404 19534 7ff6e9138a14 19382->19534 19384->19386 19389 7ff6e913dea8 _get_daylight 11 API calls 19384->19389 19384->19403 19386->19381 19386->19403 19540 7ff6e91462fc 19386->19540 19392 7ff6e9140035 19387->19392 19395 7ff6e9140065 19389->19395 19390 7ff6e9139c58 __free_lconv_num 11 API calls 19390->19391 19399 7ff6e9139c58 __free_lconv_num 11 API calls 19392->19399 19393 7ff6e913ffd9 19400 7ff6e91343f4 _get_daylight 11 API calls 19393->19400 19394 7ff6e913fff7 19394->19386 19402 7ff6e914037c 45 API calls 19394->19402 19397 7ff6e9139c58 __free_lconv_num 11 API calls 19395->19397 19398 7ff6e9139c58 __free_lconv_num 11 API calls 19396->19398 19397->19386 19401 7ff6e91400f4 19398->19401 19399->19384 19400->19403 19408 7ff6e91426ec 40 API calls 19401->19408 19410 7ff6e91400fa 19401->19410 19402->19386 19403->19390 19404->19403 19405 7ff6e91426ec 40 API calls 19404->19405 19406 7ff6e914017c 19405->19406 19407 7ff6e9139c58 __free_lconv_num 11 API calls 19406->19407 19409 7ff6e9140186 19407->19409 19412 7ff6e9140126 19408->19412 19409->19403 19409->19410 19411 7ff6e914023f 19410->19411 19415 7ff6e913dea8 _get_daylight 11 API calls 19410->19415 19414 7ff6e9139c58 __free_lconv_num 11 API calls 19411->19414 19413 7ff6e9139c58 __free_lconv_num 11 API calls 19412->19413 19413->19410 19414->19391 19416 7ff6e91401cb 19415->19416 19417 7ff6e91401dc 19416->19417 19418 7ff6e91401d3 19416->19418 19419 7ff6e913f784 37 API calls 19417->19419 19420 7ff6e9139c58 __free_lconv_num 11 API calls 19418->19420 19421 7ff6e91401ea 19419->19421 19422 7ff6e91401da 19420->19422 19423 7ff6e914027f 19421->19423 19424 7ff6e91401f2 SetEnvironmentVariableW 19421->19424 19428 7ff6e9139c58 __free_lconv_num 11 API calls 19422->19428 19427 7ff6e9139c10 _isindst 17 API calls 19423->19427 19425 7ff6e9140237 19424->19425 19426 7ff6e9140216 19424->19426 19431 7ff6e9139c58 __free_lconv_num 11 API calls 19425->19431 19429 7ff6e91343f4 _get_daylight 11 API calls 19426->19429 19430 7ff6e9140293 19427->19430 19428->19391 19432 7ff6e914021b 19429->19432 19431->19411 19433 7ff6e9139c58 __free_lconv_num 11 API calls 19432->19433 19433->19422 19435 7ff6e91402c9 19434->19435 19441 7ff6e91402b1 19434->19441 19436 7ff6e913dea8 _get_daylight 11 API calls 19435->19436 19444 7ff6e91402ed 19436->19444 19437 7ff6e914034e 19440 7ff6e9139c58 __free_lconv_num 11 API calls 19437->19440 19438 7ff6e9139814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19439 7ff6e9140378 19438->19439 19440->19441 19441->19312 19442 7ff6e913dea8 _get_daylight 11 API calls 19442->19444 19443 7ff6e9139c58 __free_lconv_num 11 API calls 19443->19444 19444->19437 19444->19442 19444->19443 19445 7ff6e91397b4 __std_exception_copy 37 API calls 19444->19445 19446 7ff6e914035d 19444->19446 19448 7ff6e9140372 19444->19448 19445->19444 19447 7ff6e9139c10 _isindst 17 API calls 19446->19447 19447->19448 19448->19438 19450 7ff6e91389e8 19449->19450 19451 7ff6e91389f1 19449->19451 19450->19451 19564 7ff6e91384b0 19450->19564 19451->19325 19451->19328 19456 7ff6e9146449 19455->19456 19457 7ff6e9145564 19455->19457 19459 7ff6e9134178 45 API calls 19456->19459 19458 7ff6e9145571 19457->19458 19466 7ff6e91455a7 19457->19466 19462 7ff6e91343f4 _get_daylight 11 API calls 19458->19462 19478 7ff6e9145518 19458->19478 19460 7ff6e914647d 19459->19460 19463 7ff6e9146482 19460->19463 19468 7ff6e9146493 19460->19468 19471 7ff6e91464aa 19460->19471 19461 7ff6e91455d1 19464 7ff6e91343f4 _get_daylight 11 API calls 19461->19464 19465 7ff6e914557b 19462->19465 19463->19316 19469 7ff6e91455d6 19464->19469 19470 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19465->19470 19466->19461 19467 7ff6e91455f6 19466->19467 19477 7ff6e9134178 45 API calls 19467->19477 19481 7ff6e91455e1 19467->19481 19473 7ff6e91343f4 _get_daylight 11 API calls 19468->19473 19472 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19469->19472 19474 7ff6e9145586 19470->19474 19475 7ff6e91464c6 19471->19475 19476 7ff6e91464b4 19471->19476 19472->19481 19479 7ff6e9146498 19473->19479 19474->19316 19482 7ff6e91464d7 19475->19482 19483 7ff6e91464ee 19475->19483 19480 7ff6e91343f4 _get_daylight 11 API calls 19476->19480 19477->19481 19478->19316 19484 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19479->19484 19485 7ff6e91464b9 19480->19485 19481->19316 19781 7ff6e91455b4 19482->19781 19790 7ff6e914825c 19483->19790 19484->19463 19488 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19485->19488 19488->19463 19490 7ff6e91343f4 _get_daylight 11 API calls 19490->19463 19492 7ff6e914272b 19491->19492 19493 7ff6e914270e 19491->19493 19495 7ff6e9142735 19492->19495 19830 7ff6e9146f48 19492->19830 19493->19492 19494 7ff6e914271c 19493->19494 19496 7ff6e91343f4 _get_daylight 11 API calls 19494->19496 19837 7ff6e9146f84 19495->19837 19499 7ff6e9142721 __scrt_get_show_window_mode 19496->19499 19499->19345 19501 7ff6e9134178 45 API calls 19500->19501 19502 7ff6e91465ba 19501->19502 19503 7ff6e91465c8 19502->19503 19849 7ff6e913e234 19502->19849 19852 7ff6e91347bc 19503->19852 19507 7ff6e91466b4 19509 7ff6e91466c5 19507->19509 19511 7ff6e9139c58 __free_lconv_num 11 API calls 19507->19511 19508 7ff6e9134178 45 API calls 19510 7ff6e9146637 19508->19510 19512 7ff6e913feb3 19509->19512 19514 7ff6e9139c58 __free_lconv_num 11 API calls 19509->19514 19513 7ff6e913e234 5 API calls 19510->19513 19517 7ff6e9146640 19510->19517 19511->19509 19512->19364 19512->19365 19513->19517 19514->19512 19515 7ff6e91347bc 14 API calls 19516 7ff6e914669b 19515->19516 19516->19507 19518 7ff6e91466a3 SetEnvironmentVariableW 19516->19518 19517->19515 19518->19507 19520 7ff6e91403bc 19519->19520 19521 7ff6e914039f 19519->19521 19522 7ff6e913dea8 _get_daylight 11 API calls 19520->19522 19521->19376 19527 7ff6e91403e0 19522->19527 19523 7ff6e9140441 19525 7ff6e9139c58 __free_lconv_num 11 API calls 19523->19525 19524 7ff6e9139814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19526 7ff6e914046a 19524->19526 19525->19521 19527->19523 19528 7ff6e913dea8 _get_daylight 11 API calls 19527->19528 19529 7ff6e9139c58 __free_lconv_num 11 API calls 19527->19529 19530 7ff6e913f784 37 API calls 19527->19530 19531 7ff6e9140450 19527->19531 19533 7ff6e9140464 19527->19533 19528->19527 19529->19527 19530->19527 19532 7ff6e9139c10 _isindst 17 API calls 19531->19532 19532->19533 19533->19524 19535 7ff6e9138a2d 19534->19535 19536 7ff6e9138a24 19534->19536 19535->19393 19535->19394 19536->19535 19874 7ff6e9138524 19536->19874 19541 7ff6e9146309 19540->19541 19545 7ff6e9146336 19540->19545 19542 7ff6e914630e 19541->19542 19541->19545 19543 7ff6e91343f4 _get_daylight 11 API calls 19542->19543 19546 7ff6e9146313 19543->19546 19544 7ff6e914637a 19547 7ff6e91343f4 _get_daylight 11 API calls 19544->19547 19545->19544 19548 7ff6e9146399 19545->19548 19562 7ff6e914636e __crtLCMapStringW 19545->19562 19549 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19546->19549 19550 7ff6e914637f 19547->19550 19551 7ff6e91463b5 19548->19551 19552 7ff6e91463a3 19548->19552 19553 7ff6e914631e 19549->19553 19556 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19550->19556 19555 7ff6e9134178 45 API calls 19551->19555 19554 7ff6e91343f4 _get_daylight 11 API calls 19552->19554 19553->19386 19557 7ff6e91463a8 19554->19557 19558 7ff6e91463c2 19555->19558 19556->19562 19559 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19557->19559 19558->19562 19921 7ff6e9147e18 19558->19921 19559->19562 19562->19386 19563 7ff6e91343f4 _get_daylight 11 API calls 19563->19562 19565 7ff6e91384c9 19564->19565 19574 7ff6e91384c5 19564->19574 19587 7ff6e9141900 19565->19587 19570 7ff6e91384e7 19613 7ff6e9138594 19570->19613 19571 7ff6e91384db 19572 7ff6e9139c58 __free_lconv_num 11 API calls 19571->19572 19572->19574 19574->19451 19579 7ff6e9138804 19574->19579 19576 7ff6e9139c58 __free_lconv_num 11 API calls 19577 7ff6e913850e 19576->19577 19578 7ff6e9139c58 __free_lconv_num 11 API calls 19577->19578 19578->19574 19580 7ff6e913882d 19579->19580 19585 7ff6e9138846 19579->19585 19580->19451 19581 7ff6e913faf8 WideCharToMultiByte 19581->19585 19582 7ff6e913dea8 _get_daylight 11 API calls 19582->19585 19583 7ff6e91388d6 19584 7ff6e9139c58 __free_lconv_num 11 API calls 19583->19584 19584->19580 19585->19580 19585->19581 19585->19582 19585->19583 19586 7ff6e9139c58 __free_lconv_num 11 API calls 19585->19586 19586->19585 19588 7ff6e914190d 19587->19588 19592 7ff6e91384ce 19587->19592 19632 7ff6e913a534 19588->19632 19593 7ff6e9141c3c GetEnvironmentStringsW 19592->19593 19594 7ff6e9141c6c 19593->19594 19595 7ff6e91384d3 19593->19595 19596 7ff6e913faf8 WideCharToMultiByte 19594->19596 19595->19570 19595->19571 19597 7ff6e9141cbd 19596->19597 19598 7ff6e9141cc4 FreeEnvironmentStringsW 19597->19598 19599 7ff6e913c90c _fread_nolock 12 API calls 19597->19599 19598->19595 19600 7ff6e9141cd7 19599->19600 19601 7ff6e9141ce8 19600->19601 19602 7ff6e9141cdf 19600->19602 19604 7ff6e913faf8 WideCharToMultiByte 19601->19604 19603 7ff6e9139c58 __free_lconv_num 11 API calls 19602->19603 19605 7ff6e9141ce6 19603->19605 19606 7ff6e9141d0b 19604->19606 19605->19598 19607 7ff6e9141d19 19606->19607 19608 7ff6e9141d0f 19606->19608 19610 7ff6e9139c58 __free_lconv_num 11 API calls 19607->19610 19609 7ff6e9139c58 __free_lconv_num 11 API calls 19608->19609 19611 7ff6e9141d17 FreeEnvironmentStringsW 19609->19611 19610->19611 19611->19595 19614 7ff6e91385b9 19613->19614 19615 7ff6e913dea8 _get_daylight 11 API calls 19614->19615 19626 7ff6e91385ef 19615->19626 19616 7ff6e91385f7 19617 7ff6e9139c58 __free_lconv_num 11 API calls 19616->19617 19618 7ff6e91384ef 19617->19618 19618->19576 19619 7ff6e913866a 19620 7ff6e9139c58 __free_lconv_num 11 API calls 19619->19620 19620->19618 19621 7ff6e913dea8 _get_daylight 11 API calls 19621->19626 19622 7ff6e9138659 19623 7ff6e91387c0 11 API calls 19622->19623 19625 7ff6e9138661 19623->19625 19624 7ff6e91397b4 __std_exception_copy 37 API calls 19624->19626 19628 7ff6e9139c58 __free_lconv_num 11 API calls 19625->19628 19626->19616 19626->19619 19626->19621 19626->19622 19626->19624 19627 7ff6e913868f 19626->19627 19629 7ff6e9139c58 __free_lconv_num 11 API calls 19626->19629 19630 7ff6e9139c10 _isindst 17 API calls 19627->19630 19628->19616 19629->19626 19631 7ff6e91386a2 19630->19631 19633 7ff6e913a560 FlsSetValue 19632->19633 19634 7ff6e913a545 FlsGetValue 19632->19634 19635 7ff6e913a56d 19633->19635 19636 7ff6e913a552 19633->19636 19634->19636 19637 7ff6e913a55a 19634->19637 19639 7ff6e913dea8 _get_daylight 11 API calls 19635->19639 19638 7ff6e9139814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19636->19638 19640 7ff6e913a558 19636->19640 19637->19633 19641 7ff6e913a5d5 19638->19641 19642 7ff6e913a57c 19639->19642 19652 7ff6e91415d4 19640->19652 19643 7ff6e913a59a FlsSetValue 19642->19643 19644 7ff6e913a58a FlsSetValue 19642->19644 19646 7ff6e913a5b8 19643->19646 19647 7ff6e913a5a6 FlsSetValue 19643->19647 19645 7ff6e913a593 19644->19645 19648 7ff6e9139c58 __free_lconv_num 11 API calls 19645->19648 19649 7ff6e913a204 _get_daylight 11 API calls 19646->19649 19647->19645 19648->19636 19650 7ff6e913a5c0 19649->19650 19651 7ff6e9139c58 __free_lconv_num 11 API calls 19650->19651 19651->19640 19675 7ff6e9141844 19652->19675 19654 7ff6e9141609 19690 7ff6e91412d4 19654->19690 19657 7ff6e9141626 19657->19592 19658 7ff6e913c90c _fread_nolock 12 API calls 19659 7ff6e9141637 19658->19659 19660 7ff6e914163f 19659->19660 19662 7ff6e914164e 19659->19662 19661 7ff6e9139c58 __free_lconv_num 11 API calls 19660->19661 19661->19657 19662->19662 19697 7ff6e914197c 19662->19697 19665 7ff6e914174a 19666 7ff6e91343f4 _get_daylight 11 API calls 19665->19666 19668 7ff6e914174f 19666->19668 19667 7ff6e91417a5 19671 7ff6e914180c 19667->19671 19708 7ff6e9141104 19667->19708 19669 7ff6e9139c58 __free_lconv_num 11 API calls 19668->19669 19669->19657 19670 7ff6e9141764 19670->19667 19672 7ff6e9139c58 __free_lconv_num 11 API calls 19670->19672 19674 7ff6e9139c58 __free_lconv_num 11 API calls 19671->19674 19672->19667 19674->19657 19676 7ff6e9141867 19675->19676 19677 7ff6e9141871 19676->19677 19723 7ff6e913f5e8 EnterCriticalSection 19676->19723 19680 7ff6e91418e3 19677->19680 19682 7ff6e9139814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19677->19682 19680->19654 19683 7ff6e91418fb 19682->19683 19685 7ff6e9141952 19683->19685 19687 7ff6e913a534 50 API calls 19683->19687 19685->19654 19688 7ff6e914193c 19687->19688 19689 7ff6e91415d4 65 API calls 19688->19689 19689->19685 19691 7ff6e9134178 45 API calls 19690->19691 19692 7ff6e91412e8 19691->19692 19693 7ff6e9141306 19692->19693 19694 7ff6e91412f4 GetOEMCP 19692->19694 19695 7ff6e914130b GetACP 19693->19695 19696 7ff6e914131b 19693->19696 19694->19696 19695->19696 19696->19657 19696->19658 19698 7ff6e91412d4 47 API calls 19697->19698 19700 7ff6e91419a9 19698->19700 19699 7ff6e9141aff 19702 7ff6e912b870 _log10_special 8 API calls 19699->19702 19700->19699 19701 7ff6e91419e6 IsValidCodePage 19700->19701 19707 7ff6e9141a00 __scrt_get_show_window_mode 19700->19707 19701->19699 19704 7ff6e91419f7 19701->19704 19703 7ff6e9141741 19702->19703 19703->19665 19703->19670 19705 7ff6e9141a26 GetCPInfo 19704->19705 19704->19707 19705->19699 19705->19707 19724 7ff6e91413ec 19707->19724 19780 7ff6e913f5e8 EnterCriticalSection 19708->19780 19725 7ff6e9141429 GetCPInfo 19724->19725 19734 7ff6e914151f 19724->19734 19730 7ff6e914143c 19725->19730 19725->19734 19726 7ff6e912b870 _log10_special 8 API calls 19728 7ff6e91415be 19726->19728 19727 7ff6e9142150 48 API calls 19729 7ff6e91414b3 19727->19729 19728->19699 19735 7ff6e9146e94 19729->19735 19730->19727 19733 7ff6e9146e94 54 API calls 19733->19734 19734->19726 19736 7ff6e9134178 45 API calls 19735->19736 19737 7ff6e9146eb9 19736->19737 19740 7ff6e9146b60 19737->19740 19741 7ff6e9146ba1 19740->19741 19742 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19741->19742 19745 7ff6e9146beb 19742->19745 19743 7ff6e9146e69 19744 7ff6e912b870 _log10_special 8 API calls 19743->19744 19746 7ff6e91414e6 19744->19746 19745->19743 19747 7ff6e913c90c _fread_nolock 12 API calls 19745->19747 19748 7ff6e9146d21 19745->19748 19750 7ff6e9146c23 19745->19750 19746->19733 19747->19750 19748->19743 19749 7ff6e9139c58 __free_lconv_num 11 API calls 19748->19749 19749->19743 19750->19748 19751 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19750->19751 19752 7ff6e9146c96 19751->19752 19752->19748 19771 7ff6e913e3f4 19752->19771 19755 7ff6e9146ce1 19755->19748 19757 7ff6e913e3f4 __crtLCMapStringW 6 API calls 19755->19757 19756 7ff6e9146d32 19758 7ff6e913c90c _fread_nolock 12 API calls 19756->19758 19759 7ff6e9146e04 19756->19759 19761 7ff6e9146d50 19756->19761 19757->19748 19758->19761 19759->19748 19760 7ff6e9139c58 __free_lconv_num 11 API calls 19759->19760 19760->19748 19761->19748 19762 7ff6e913e3f4 __crtLCMapStringW 6 API calls 19761->19762 19763 7ff6e9146dd0 19762->19763 19763->19759 19764 7ff6e9146e06 19763->19764 19765 7ff6e9146df0 19763->19765 19767 7ff6e913faf8 WideCharToMultiByte 19764->19767 19766 7ff6e913faf8 WideCharToMultiByte 19765->19766 19768 7ff6e9146dfe 19766->19768 19767->19768 19768->19759 19769 7ff6e9146e1e 19768->19769 19769->19748 19770 7ff6e9139c58 __free_lconv_num 11 API calls 19769->19770 19770->19748 19772 7ff6e913e020 __crtLCMapStringW 5 API calls 19771->19772 19773 7ff6e913e432 19772->19773 19774 7ff6e913e43a 19773->19774 19777 7ff6e913e4e0 19773->19777 19774->19748 19774->19755 19774->19756 19776 7ff6e913e4a3 LCMapStringW 19776->19774 19778 7ff6e913e020 __crtLCMapStringW 5 API calls 19777->19778 19779 7ff6e913e50e __crtLCMapStringW 19778->19779 19779->19776 19782 7ff6e91455e8 19781->19782 19783 7ff6e91455d1 19781->19783 19782->19783 19785 7ff6e91455f6 19782->19785 19784 7ff6e91343f4 _get_daylight 11 API calls 19783->19784 19786 7ff6e91455d6 19784->19786 19788 7ff6e9134178 45 API calls 19785->19788 19789 7ff6e91455e1 19785->19789 19787 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19786->19787 19787->19789 19788->19789 19789->19463 19791 7ff6e9134178 45 API calls 19790->19791 19792 7ff6e9148281 19791->19792 19795 7ff6e9147ed8 19792->19795 19797 7ff6e9147f26 19795->19797 19796 7ff6e912b870 _log10_special 8 API calls 19798 7ff6e9146515 19796->19798 19799 7ff6e9147fad 19797->19799 19801 7ff6e9147f98 GetCPInfo 19797->19801 19805 7ff6e9147fb1 19797->19805 19798->19463 19798->19490 19800 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19799->19800 19799->19805 19802 7ff6e9148045 19800->19802 19801->19799 19801->19805 19803 7ff6e913c90c _fread_nolock 12 API calls 19802->19803 19804 7ff6e914807c 19802->19804 19802->19805 19803->19804 19804->19805 19806 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19804->19806 19805->19796 19807 7ff6e91480ea 19806->19807 19808 7ff6e91481cc 19807->19808 19809 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19807->19809 19808->19805 19810 7ff6e9139c58 __free_lconv_num 11 API calls 19808->19810 19811 7ff6e9148110 19809->19811 19810->19805 19811->19808 19812 7ff6e913c90c _fread_nolock 12 API calls 19811->19812 19813 7ff6e914813d 19811->19813 19812->19813 19813->19808 19814 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19813->19814 19815 7ff6e91481b4 19814->19815 19816 7ff6e91481ba 19815->19816 19817 7ff6e91481d4 19815->19817 19816->19808 19819 7ff6e9139c58 __free_lconv_num 11 API calls 19816->19819 19824 7ff6e913e278 19817->19824 19819->19808 19821 7ff6e9148213 19821->19805 19823 7ff6e9139c58 __free_lconv_num 11 API calls 19821->19823 19822 7ff6e9139c58 __free_lconv_num 11 API calls 19822->19821 19823->19805 19825 7ff6e913e020 __crtLCMapStringW 5 API calls 19824->19825 19826 7ff6e913e2b6 19825->19826 19827 7ff6e913e2be 19826->19827 19828 7ff6e913e4e0 __crtLCMapStringW 5 API calls 19826->19828 19827->19821 19827->19822 19829 7ff6e913e327 CompareStringW 19828->19829 19829->19827 19831 7ff6e9146f6a HeapSize 19830->19831 19832 7ff6e9146f51 19830->19832 19833 7ff6e91343f4 _get_daylight 11 API calls 19832->19833 19834 7ff6e9146f56 19833->19834 19835 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 19834->19835 19836 7ff6e9146f61 19835->19836 19836->19495 19838 7ff6e9146f99 19837->19838 19839 7ff6e9146fa3 19837->19839 19840 7ff6e913c90c _fread_nolock 12 API calls 19838->19840 19841 7ff6e9146fa8 19839->19841 19848 7ff6e9146faf _get_daylight 19839->19848 19846 7ff6e9146fa1 19840->19846 19844 7ff6e9139c58 __free_lconv_num 11 API calls 19841->19844 19842 7ff6e9146fb5 19845 7ff6e91343f4 _get_daylight 11 API calls 19842->19845 19843 7ff6e9146fe2 HeapReAlloc 19843->19846 19843->19848 19844->19846 19845->19846 19846->19499 19847 7ff6e91428a0 _get_daylight 2 API calls 19847->19848 19848->19842 19848->19843 19848->19847 19850 7ff6e913e020 __crtLCMapStringW 5 API calls 19849->19850 19851 7ff6e913e254 19850->19851 19851->19503 19853 7ff6e91347e6 19852->19853 19854 7ff6e913480a 19852->19854 19858 7ff6e9139c58 __free_lconv_num 11 API calls 19853->19858 19861 7ff6e91347f5 19853->19861 19855 7ff6e913480f 19854->19855 19856 7ff6e9134864 19854->19856 19859 7ff6e9134824 19855->19859 19855->19861 19862 7ff6e9139c58 __free_lconv_num 11 API calls 19855->19862 19857 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19856->19857 19869 7ff6e9134880 19857->19869 19858->19861 19863 7ff6e913c90c _fread_nolock 12 API calls 19859->19863 19860 7ff6e9134887 GetLastError 19864 7ff6e9134368 _fread_nolock 11 API calls 19860->19864 19861->19507 19861->19508 19862->19859 19863->19861 19867 7ff6e9134894 19864->19867 19865 7ff6e91348c2 19865->19861 19866 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 19865->19866 19871 7ff6e9134906 19866->19871 19872 7ff6e91343f4 _get_daylight 11 API calls 19867->19872 19868 7ff6e91348b5 19870 7ff6e913c90c _fread_nolock 12 API calls 19868->19870 19869->19860 19869->19865 19869->19868 19873 7ff6e9139c58 __free_lconv_num 11 API calls 19869->19873 19870->19865 19871->19860 19871->19861 19872->19861 19873->19868 19875 7ff6e913853d 19874->19875 19882 7ff6e9138539 19874->19882 19895 7ff6e9141d4c GetEnvironmentStringsW 19875->19895 19878 7ff6e9138556 19902 7ff6e91386a4 19878->19902 19879 7ff6e913854a 19880 7ff6e9139c58 __free_lconv_num 11 API calls 19879->19880 19880->19882 19882->19535 19887 7ff6e91388e4 19882->19887 19884 7ff6e9139c58 __free_lconv_num 11 API calls 19885 7ff6e913857d 19884->19885 19886 7ff6e9139c58 __free_lconv_num 11 API calls 19885->19886 19886->19882 19888 7ff6e9138907 19887->19888 19893 7ff6e913891e 19887->19893 19888->19535 19889 7ff6e913ebb0 MultiByteToWideChar _fread_nolock 19889->19893 19890 7ff6e913dea8 _get_daylight 11 API calls 19890->19893 19891 7ff6e9138992 19892 7ff6e9139c58 __free_lconv_num 11 API calls 19891->19892 19892->19888 19893->19888 19893->19889 19893->19890 19893->19891 19894 7ff6e9139c58 __free_lconv_num 11 API calls 19893->19894 19894->19893 19896 7ff6e9138542 19895->19896 19897 7ff6e9141d70 19895->19897 19896->19878 19896->19879 19898 7ff6e913c90c _fread_nolock 12 API calls 19897->19898 19899 7ff6e9141da7 memcpy_s 19898->19899 19900 7ff6e9139c58 __free_lconv_num 11 API calls 19899->19900 19901 7ff6e9141dc7 FreeEnvironmentStringsW 19900->19901 19901->19896 19903 7ff6e91386cc 19902->19903 19904 7ff6e913dea8 _get_daylight 11 API calls 19903->19904 19915 7ff6e9138707 19904->19915 19905 7ff6e913870f 19906 7ff6e9139c58 __free_lconv_num 11 API calls 19905->19906 19907 7ff6e913855e 19906->19907 19907->19884 19908 7ff6e9138789 19909 7ff6e9139c58 __free_lconv_num 11 API calls 19908->19909 19909->19907 19910 7ff6e913dea8 _get_daylight 11 API calls 19910->19915 19911 7ff6e9138778 19912 7ff6e91387c0 11 API calls 19911->19912 19914 7ff6e9138780 19912->19914 19913 7ff6e913f784 37 API calls 19913->19915 19917 7ff6e9139c58 __free_lconv_num 11 API calls 19914->19917 19915->19905 19915->19908 19915->19910 19915->19911 19915->19913 19916 7ff6e91387ac 19915->19916 19918 7ff6e9139c58 __free_lconv_num 11 API calls 19915->19918 19919 7ff6e9139c10 _isindst 17 API calls 19916->19919 19917->19905 19918->19915 19920 7ff6e91387be 19919->19920 19922 7ff6e9147e41 __crtLCMapStringW 19921->19922 19923 7ff6e91463fe 19922->19923 19924 7ff6e913e278 6 API calls 19922->19924 19923->19562 19923->19563 19924->19923 15967 7ff6e912bf5c 15988 7ff6e912c12c 15967->15988 15970 7ff6e912c0a8 16115 7ff6e912c44c IsProcessorFeaturePresent 15970->16115 15971 7ff6e912bf78 __scrt_acquire_startup_lock 15973 7ff6e912c0b2 15971->15973 15978 7ff6e912bf96 __scrt_release_startup_lock 15971->15978 15974 7ff6e912c44c 7 API calls 15973->15974 15976 7ff6e912c0bd __FrameHandler3::FrameUnwindToEmptyState 15974->15976 15975 7ff6e912bfbb 15977 7ff6e912c041 15994 7ff6e912c594 15977->15994 15978->15975 15978->15977 16104 7ff6e9138e44 15978->16104 15980 7ff6e912c046 15997 7ff6e9121000 15980->15997 15985 7ff6e912c069 15985->15976 16111 7ff6e912c2b0 15985->16111 15989 7ff6e912c134 15988->15989 15990 7ff6e912c140 __scrt_dllmain_crt_thread_attach 15989->15990 15991 7ff6e912bf70 15990->15991 15992 7ff6e912c14d 15990->15992 15991->15970 15991->15971 15992->15991 16122 7ff6e912cba8 15992->16122 16149 7ff6e91497e0 15994->16149 15998 7ff6e9121009 15997->15998 16151 7ff6e9134794 15998->16151 16000 7ff6e912352b 16158 7ff6e91233e0 16000->16158 16004 7ff6e912b870 _log10_special 8 API calls 16006 7ff6e912372a 16004->16006 16109 7ff6e912c5d8 GetModuleHandleW 16006->16109 16007 7ff6e9123736 16220 7ff6e9123f70 16007->16220 16008 7ff6e912356c 16254 7ff6e9121bf0 16008->16254 16012 7ff6e9123785 16243 7ff6e91225f0 16012->16243 16016 7ff6e912365f __vcrt_freefls 16023 7ff6e9123844 16016->16023 16026 7ff6e9127e10 14 API calls 16016->16026 16017 7ff6e9123538 16017->16004 16018 7ff6e9123778 16019 7ff6e912377d 16018->16019 16020 7ff6e912379f 16018->16020 16239 7ff6e912f36c 16019->16239 16022 7ff6e9121bf0 49 API calls 16020->16022 16024 7ff6e91237be 16022->16024 16325 7ff6e9123e90 16023->16325 16034 7ff6e91218f0 115 API calls 16024->16034 16025 7ff6e9123588 16258 7ff6e9127e10 16025->16258 16028 7ff6e91236ae 16026->16028 16271 7ff6e9127f80 16028->16271 16029 7ff6e9123852 16031 7ff6e9123871 16029->16031 16032 7ff6e9123865 16029->16032 16033 7ff6e9121bf0 49 API calls 16031->16033 16328 7ff6e9123fe0 16032->16328 16051 7ff6e9123805 __vcrt_freefls 16033->16051 16037 7ff6e91237df 16034->16037 16035 7ff6e91236bd 16038 7ff6e912380f 16035->16038 16042 7ff6e91236cf 16035->16042 16037->16025 16041 7ff6e91237ef 16037->16041 16276 7ff6e9128400 16038->16276 16046 7ff6e91225f0 53 API calls 16041->16046 16043 7ff6e9121bf0 49 API calls 16042->16043 16047 7ff6e91236f1 16043->16047 16045 7ff6e912389e SetDllDirectoryW 16053 7ff6e91238c3 16045->16053 16046->16017 16050 7ff6e91236fc 16047->16050 16047->16051 16054 7ff6e91225f0 53 API calls 16050->16054 16331 7ff6e91286b0 16051->16331 16056 7ff6e9123a50 16053->16056 16336 7ff6e9126560 16053->16336 16054->16017 16058 7ff6e9123a5a PostMessageW GetMessageW 16056->16058 16059 7ff6e9123a7d 16056->16059 16058->16059 16431 7ff6e9123080 16059->16431 16062 7ff6e91238ea 16064 7ff6e9123947 16062->16064 16065 7ff6e9123901 16062->16065 16356 7ff6e91265a0 16062->16356 16064->16056 16070 7ff6e912395c 16064->16070 16079 7ff6e9123905 16065->16079 16377 7ff6e9126970 16065->16377 16411 7ff6e91230e0 16070->16411 16074 7ff6e9126780 FreeLibrary 16077 7ff6e9123aa3 16074->16077 16078 7ff6e912396c 16430 7ff6e91283e0 LocalFree 16078->16430 16079->16064 16393 7ff6e9122870 16079->16393 16105 7ff6e9138e7c 16104->16105 16106 7ff6e9138e5b 16104->16106 16107 7ff6e91396e8 45 API calls 16105->16107 16106->15977 16108 7ff6e9138e81 16107->16108 16110 7ff6e912c5e9 16109->16110 16110->15985 16113 7ff6e912c2c1 16111->16113 16112 7ff6e912c080 16112->15975 16113->16112 16114 7ff6e912cba8 7 API calls 16113->16114 16114->16112 16116 7ff6e912c472 _isindst __scrt_get_show_window_mode 16115->16116 16117 7ff6e912c491 RtlCaptureContext RtlLookupFunctionEntry 16116->16117 16118 7ff6e912c4f6 __scrt_get_show_window_mode 16117->16118 16119 7ff6e912c4ba RtlVirtualUnwind 16117->16119 16120 7ff6e912c528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16118->16120 16119->16118 16121 7ff6e912c576 _isindst 16120->16121 16121->15973 16123 7ff6e912cbba 16122->16123 16124 7ff6e912cbb0 16122->16124 16123->15991 16128 7ff6e912cf44 16124->16128 16129 7ff6e912cbb5 16128->16129 16130 7ff6e912cf53 16128->16130 16132 7ff6e912cfb0 16129->16132 16136 7ff6e912d180 16130->16136 16133 7ff6e912cfdb 16132->16133 16134 7ff6e912cfbe DeleteCriticalSection 16133->16134 16135 7ff6e912cfdf 16133->16135 16134->16133 16135->16123 16140 7ff6e912cfe8 16136->16140 16141 7ff6e912d0d2 TlsFree 16140->16141 16147 7ff6e912d02c __vcrt_InitializeCriticalSectionEx 16140->16147 16142 7ff6e912d05a LoadLibraryExW 16144 7ff6e912d0f9 16142->16144 16145 7ff6e912d07b GetLastError 16142->16145 16143 7ff6e912d119 GetProcAddress 16143->16141 16144->16143 16146 7ff6e912d110 FreeLibrary 16144->16146 16145->16147 16146->16143 16147->16141 16147->16142 16147->16143 16148 7ff6e912d09d LoadLibraryExW 16147->16148 16148->16144 16148->16147 16150 7ff6e912c5ab GetStartupInfoW 16149->16150 16150->15980 16152 7ff6e913e790 16151->16152 16153 7ff6e913e7e3 16152->16153 16155 7ff6e913e836 16152->16155 16154 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16153->16154 16157 7ff6e913e80c 16154->16157 16444 7ff6e913e668 16155->16444 16157->16000 16452 7ff6e912bb70 16158->16452 16161 7ff6e9123438 16454 7ff6e91285a0 FindFirstFileExW 16161->16454 16162 7ff6e912341b 16459 7ff6e91229e0 16162->16459 16166 7ff6e912344b 16469 7ff6e9128620 CreateFileW 16166->16469 16167 7ff6e91234a5 16478 7ff6e9128760 16167->16478 16169 7ff6e912b870 _log10_special 8 API calls 16171 7ff6e91234dd 16169->16171 16171->16017 16180 7ff6e91218f0 16171->16180 16173 7ff6e91234b3 16174 7ff6e912342e 16173->16174 16178 7ff6e91226c0 49 API calls 16173->16178 16174->16169 16175 7ff6e912345c 16472 7ff6e91226c0 16175->16472 16176 7ff6e9123474 __vcrt_InitializeCriticalSectionEx 16176->16167 16178->16174 16181 7ff6e9123f70 108 API calls 16180->16181 16182 7ff6e9121925 16181->16182 16183 7ff6e9121bb6 16182->16183 16185 7ff6e91276a0 83 API calls 16182->16185 16184 7ff6e912b870 _log10_special 8 API calls 16183->16184 16186 7ff6e9121bd1 16184->16186 16187 7ff6e912196b 16185->16187 16186->16007 16186->16008 16219 7ff6e912199c 16187->16219 16858 7ff6e912f9f4 16187->16858 16188 7ff6e912f36c 74 API calls 16188->16183 16190 7ff6e9121985 16191 7ff6e9121989 16190->16191 16192 7ff6e91219a1 16190->16192 16862 7ff6e9122760 16191->16862 16879 7ff6e912f6bc 16192->16879 16196 7ff6e91219d7 16199 7ff6e9121a06 16196->16199 16200 7ff6e91219ee 16196->16200 16197 7ff6e91219bf 16198 7ff6e9122760 53 API calls 16197->16198 16198->16219 16202 7ff6e9121bf0 49 API calls 16199->16202 16201 7ff6e9122760 53 API calls 16200->16201 16201->16219 16203 7ff6e9121a1d 16202->16203 16204 7ff6e9121bf0 49 API calls 16203->16204 16205 7ff6e9121a68 16204->16205 16206 7ff6e912f9f4 73 API calls 16205->16206 16207 7ff6e9121a8c 16206->16207 16208 7ff6e9121ab9 16207->16208 16209 7ff6e9121aa1 16207->16209 16211 7ff6e912f6bc _fread_nolock 53 API calls 16208->16211 16210 7ff6e9122760 53 API calls 16209->16210 16210->16219 16212 7ff6e9121ace 16211->16212 16213 7ff6e9121aec 16212->16213 16214 7ff6e9121ad4 16212->16214 16882 7ff6e912f430 16213->16882 16215 7ff6e9122760 53 API calls 16214->16215 16215->16219 16218 7ff6e91225f0 53 API calls 16218->16219 16219->16188 16221 7ff6e9123f7c 16220->16221 16222 7ff6e91286b0 2 API calls 16221->16222 16223 7ff6e9123fa4 16222->16223 16224 7ff6e91286b0 2 API calls 16223->16224 16225 7ff6e9123fb7 16224->16225 17091 7ff6e91352a4 16225->17091 16228 7ff6e912b870 _log10_special 8 API calls 16229 7ff6e9123746 16228->16229 16229->16012 16230 7ff6e91276a0 16229->16230 16231 7ff6e91276c4 16230->16231 16232 7ff6e912779b __vcrt_freefls 16231->16232 16233 7ff6e912f9f4 73 API calls 16231->16233 16232->16018 16234 7ff6e91276e0 16233->16234 16234->16232 17507 7ff6e9136bd8 16234->17507 16236 7ff6e912f9f4 73 API calls 16238 7ff6e91276f5 16236->16238 16237 7ff6e912f6bc _fread_nolock 53 API calls 16237->16238 16238->16232 16238->16236 16238->16237 16240 7ff6e912f39c 16239->16240 17522 7ff6e912f148 16240->17522 16242 7ff6e912f3b5 16242->16012 16244 7ff6e912262a 16243->16244 16245 7ff6e9133ca4 49 API calls 16244->16245 16246 7ff6e9122652 16245->16246 16247 7ff6e91286b0 2 API calls 16246->16247 16248 7ff6e912266a 16247->16248 16249 7ff6e9122677 MessageBoxW 16248->16249 16250 7ff6e912268e MessageBoxA 16248->16250 16251 7ff6e91226a0 16249->16251 16250->16251 16252 7ff6e912b870 _log10_special 8 API calls 16251->16252 16253 7ff6e91226b0 16252->16253 16253->16017 16255 7ff6e9121c15 16254->16255 16256 7ff6e9133ca4 49 API calls 16255->16256 16257 7ff6e9121c38 16256->16257 16257->16025 16259 7ff6e9127e1a 16258->16259 16260 7ff6e91286b0 2 API calls 16259->16260 16261 7ff6e9127e39 GetEnvironmentVariableW 16260->16261 16262 7ff6e9127e56 ExpandEnvironmentStringsW 16261->16262 16263 7ff6e9127ea2 16261->16263 16262->16263 16265 7ff6e9127e78 16262->16265 16264 7ff6e912b870 _log10_special 8 API calls 16263->16264 16266 7ff6e9127eb4 16264->16266 16267 7ff6e9128760 2 API calls 16265->16267 16266->16016 16268 7ff6e9127e8a 16267->16268 16269 7ff6e912b870 _log10_special 8 API calls 16268->16269 16270 7ff6e9127e9a 16269->16270 16270->16016 16272 7ff6e91286b0 2 API calls 16271->16272 16273 7ff6e9127f94 16272->16273 17533 7ff6e9137548 16273->17533 16275 7ff6e9127fa6 __vcrt_freefls 16275->16035 16277 7ff6e9128415 16276->16277 17551 7ff6e9127b50 GetCurrentProcess OpenProcessToken 16277->17551 16280 7ff6e9127b50 7 API calls 16281 7ff6e9128441 16280->16281 16282 7ff6e912845a 16281->16282 16283 7ff6e9128474 16281->16283 16285 7ff6e9122590 48 API calls 16282->16285 16284 7ff6e9122590 48 API calls 16283->16284 16286 7ff6e9128487 LocalFree LocalFree 16284->16286 16287 7ff6e9128472 16285->16287 16288 7ff6e91284af 16286->16288 16289 7ff6e91284a3 16286->16289 16287->16286 16291 7ff6e912b870 _log10_special 8 API calls 16288->16291 17561 7ff6e9122940 16289->17561 16292 7ff6e9123814 16291->16292 16293 7ff6e9127c40 16292->16293 16294 7ff6e9127c58 16293->16294 16295 7ff6e9127cda GetTempPathW 16294->16295 16297 7ff6e9127e10 14 API calls 16294->16297 16296 7ff6e9127cef 16295->16296 17599 7ff6e9122530 16296->17599 16298 7ff6e9127c88 16297->16298 17567 7ff6e91277d0 16298->17567 16301 7ff6e9127d08 __vcrt_freefls 16314 7ff6e9127d45 __vcrt_freefls 16301->16314 17603 7ff6e9137e80 16301->17603 16326 7ff6e9121bf0 49 API calls 16325->16326 16327 7ff6e9123ead 16326->16327 16327->16029 16329 7ff6e9121bf0 49 API calls 16328->16329 16330 7ff6e9124010 16329->16330 16330->16051 16332 7ff6e91286f6 16331->16332 16333 7ff6e91286d2 MultiByteToWideChar 16331->16333 16334 7ff6e9128713 MultiByteToWideChar 16332->16334 16335 7ff6e912870c __vcrt_freefls 16332->16335 16333->16332 16333->16335 16334->16335 16335->16045 16337 7ff6e9126575 16336->16337 16338 7ff6e91238d5 16337->16338 16339 7ff6e9122760 53 API calls 16337->16339 16340 7ff6e9126b00 16338->16340 16339->16338 16341 7ff6e9126b4a __vcrt_freefls 16340->16341 16342 7ff6e9126b30 16340->16342 16341->16062 16342->16341 17837 7ff6e9121440 16342->17837 16344 7ff6e9126b54 16344->16341 16345 7ff6e9123fe0 49 API calls 16344->16345 16346 7ff6e9126b76 16345->16346 16347 7ff6e9126b7b 16346->16347 16348 7ff6e9123fe0 49 API calls 16346->16348 16349 7ff6e9122870 53 API calls 16347->16349 16350 7ff6e9126b9a 16348->16350 16349->16341 16350->16347 16351 7ff6e9123fe0 49 API calls 16350->16351 16352 7ff6e9126bb6 16351->16352 16352->16347 16353 7ff6e9126bbf 16352->16353 16354 7ff6e91225f0 53 API calls 16353->16354 16355 7ff6e9126c2f memcpy_s __vcrt_freefls 16353->16355 16354->16341 16355->16062 16363 7ff6e91265bc 16356->16363 16357 7ff6e912b870 _log10_special 8 API calls 16358 7ff6e91266f1 16357->16358 16358->16065 16360 7ff6e912675d 16361 7ff6e91225f0 53 API calls 16360->16361 16371 7ff6e91266df 16361->16371 16362 7ff6e9121bf0 49 API calls 16362->16363 16363->16360 16363->16362 16364 7ff6e912674a 16363->16364 16367 7ff6e912670d 16363->16367 16370 7ff6e9122870 53 API calls 16363->16370 16363->16371 16372 7ff6e9126737 16363->16372 16375 7ff6e9126720 16363->16375 17898 7ff6e91217e0 16363->17898 17902 7ff6e9123f10 16363->17902 17908 7ff6e9127530 16363->17908 17919 7ff6e91215c0 16363->17919 16366 7ff6e91225f0 53 API calls 16364->16366 16366->16371 16369 7ff6e91225f0 53 API calls 16367->16369 16369->16371 16370->16363 16371->16357 16373 7ff6e91225f0 53 API calls 16372->16373 16373->16371 16376 7ff6e91225f0 53 API calls 16375->16376 16376->16371 18011 7ff6e91281a0 16377->18011 16379 7ff6e9126989 16380 7ff6e91281a0 3 API calls 16379->16380 16382 7ff6e912699c 16380->16382 16381 7ff6e91269cf 16384 7ff6e91225f0 53 API calls 16381->16384 16382->16381 16383 7ff6e91269b4 16382->16383 18015 7ff6e9126ea0 GetProcAddress 16383->18015 16386 7ff6e9123916 16384->16386 16386->16079 16387 7ff6e9126cd0 16386->16387 16388 7ff6e9126ced 16387->16388 16389 7ff6e91225f0 53 API calls 16388->16389 16392 7ff6e9126d58 16388->16392 16390 7ff6e9126d40 16389->16390 16391 7ff6e9126780 FreeLibrary 16390->16391 16391->16392 16392->16079 16394 7ff6e91228aa 16393->16394 16395 7ff6e9133ca4 49 API calls 16394->16395 16396 7ff6e91228d2 16395->16396 16397 7ff6e91286b0 2 API calls 16396->16397 16398 7ff6e91228ea 16397->16398 16399 7ff6e91228f7 MessageBoxW 16398->16399 16400 7ff6e912290e MessageBoxA 16398->16400 16401 7ff6e9122920 16399->16401 16400->16401 16402 7ff6e912b870 _log10_special 8 API calls 16401->16402 16403 7ff6e9122930 16402->16403 16404 7ff6e9126780 16403->16404 16405 7ff6e91268d6 16404->16405 16410 7ff6e9126792 16404->16410 16405->16064 16406 7ff6e91268aa 16408 7ff6e91268c2 16406->16408 18079 7ff6e9128180 FreeLibrary 16406->18079 16408->16064 16410->16406 18078 7ff6e9128180 FreeLibrary 16410->18078 16427 7ff6e91230ee __scrt_get_show_window_mode 16411->16427 16412 7ff6e91232e7 16413 7ff6e912b870 _log10_special 8 API calls 16412->16413 16414 7ff6e912338e 16413->16414 16414->16017 16414->16078 16416 7ff6e9121bf0 49 API calls 16416->16427 16417 7ff6e9123309 16419 7ff6e91225f0 53 API calls 16417->16419 16418 7ff6e9123f10 10 API calls 16418->16427 16419->16412 16420 7ff6e9127530 52 API calls 16420->16427 16422 7ff6e91232e9 16423 7ff6e91225f0 53 API calls 16422->16423 16423->16412 16424 7ff6e9122870 53 API calls 16424->16427 16426 7ff6e91215c0 118 API calls 16426->16427 16427->16412 16427->16416 16427->16417 16427->16418 16427->16420 16427->16422 16427->16424 16427->16426 16428 7ff6e91232f7 16427->16428 18080 7ff6e91268e0 16427->18080 18084 7ff6e9123b40 16427->18084 18128 7ff6e9123e00 16427->18128 16429 7ff6e91225f0 53 API calls 16428->16429 16429->16412 18190 7ff6e9125af0 16431->18190 16435 7ff6e91230a1 16439 7ff6e91230b9 16435->16439 18260 7ff6e9125800 16435->18260 16440 7ff6e91233a0 16439->16440 16441 7ff6e91233ae 16440->16441 16442 7ff6e91233bf 16441->16442 18478 7ff6e9128180 FreeLibrary 16441->18478 16442->16074 16451 7ff6e913477c EnterCriticalSection 16444->16451 16453 7ff6e91233ec GetModuleFileNameW 16452->16453 16453->16161 16453->16162 16455 7ff6e91285f2 16454->16455 16456 7ff6e91285df FindClose 16454->16456 16457 7ff6e912b870 _log10_special 8 API calls 16455->16457 16456->16455 16458 7ff6e9123442 16457->16458 16458->16166 16458->16167 16460 7ff6e912bb70 16459->16460 16461 7ff6e91229fc GetLastError 16460->16461 16462 7ff6e9122a29 16461->16462 16483 7ff6e9133ef8 16462->16483 16467 7ff6e912b870 _log10_special 8 API calls 16468 7ff6e9122ae5 16467->16468 16468->16174 16470 7ff6e9123458 16469->16470 16471 7ff6e9128660 GetFinalPathNameByHandleW CloseHandle 16469->16471 16470->16175 16470->16176 16471->16470 16473 7ff6e91226fa 16472->16473 16474 7ff6e9133ef8 48 API calls 16473->16474 16475 7ff6e9122722 MessageBoxW 16474->16475 16476 7ff6e912b870 _log10_special 8 API calls 16475->16476 16477 7ff6e912274c 16476->16477 16477->16174 16479 7ff6e912878a WideCharToMultiByte 16478->16479 16480 7ff6e91287b5 16478->16480 16479->16480 16482 7ff6e91287cb __vcrt_freefls 16479->16482 16481 7ff6e91287d2 WideCharToMultiByte 16480->16481 16480->16482 16481->16482 16482->16173 16486 7ff6e9133f52 16483->16486 16484 7ff6e9133f77 16485 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16484->16485 16489 7ff6e9133fa1 16485->16489 16486->16484 16487 7ff6e9133fb3 16486->16487 16505 7ff6e91322b0 16487->16505 16492 7ff6e912b870 _log10_special 8 API calls 16489->16492 16490 7ff6e9134094 16491 7ff6e9139c58 __free_lconv_num 11 API calls 16490->16491 16491->16489 16494 7ff6e9122a54 FormatMessageW 16492->16494 16501 7ff6e9122590 16494->16501 16495 7ff6e9134069 16499 7ff6e9139c58 __free_lconv_num 11 API calls 16495->16499 16496 7ff6e91340ba 16496->16490 16498 7ff6e91340c4 16496->16498 16497 7ff6e9134060 16497->16490 16497->16495 16500 7ff6e9139c58 __free_lconv_num 11 API calls 16498->16500 16499->16489 16500->16489 16502 7ff6e91225b5 16501->16502 16503 7ff6e9133ef8 48 API calls 16502->16503 16504 7ff6e91225d8 MessageBoxW 16503->16504 16504->16467 16506 7ff6e91322ee 16505->16506 16507 7ff6e91322de 16505->16507 16508 7ff6e91322f7 16506->16508 16513 7ff6e9132325 16506->16513 16511 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16507->16511 16509 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16508->16509 16510 7ff6e913231d 16509->16510 16510->16490 16510->16495 16510->16496 16510->16497 16511->16510 16513->16507 16513->16510 16516 7ff6e9132cc4 16513->16516 16549 7ff6e9132710 16513->16549 16586 7ff6e9131ea0 16513->16586 16517 7ff6e9132d06 16516->16517 16518 7ff6e9132d77 16516->16518 16521 7ff6e9132d0c 16517->16521 16522 7ff6e9132da1 16517->16522 16519 7ff6e9132d7c 16518->16519 16520 7ff6e9132dd0 16518->16520 16525 7ff6e9132db1 16519->16525 16526 7ff6e9132d7e 16519->16526 16527 7ff6e9132de7 16520->16527 16529 7ff6e9132dda 16520->16529 16534 7ff6e9132ddf 16520->16534 16523 7ff6e9132d40 16521->16523 16524 7ff6e9132d11 16521->16524 16609 7ff6e9131074 16522->16609 16530 7ff6e9132d17 16523->16530 16523->16534 16524->16527 16524->16530 16616 7ff6e9130c64 16525->16616 16528 7ff6e9132d20 16526->16528 16538 7ff6e9132d8d 16526->16538 16623 7ff6e91339cc 16527->16623 16547 7ff6e9132e10 16528->16547 16589 7ff6e9133478 16528->16589 16529->16522 16529->16534 16530->16528 16537 7ff6e9132d52 16530->16537 16545 7ff6e9132d3b 16530->16545 16534->16547 16627 7ff6e9131484 16534->16627 16537->16547 16599 7ff6e91337b4 16537->16599 16538->16522 16539 7ff6e9132d92 16538->16539 16539->16547 16605 7ff6e9133878 16539->16605 16541 7ff6e912b870 _log10_special 8 API calls 16542 7ff6e913310a 16541->16542 16542->16513 16545->16547 16548 7ff6e9132ffc 16545->16548 16634 7ff6e9133ae0 16545->16634 16547->16541 16548->16547 16640 7ff6e913dd18 16548->16640 16550 7ff6e913271e 16549->16550 16551 7ff6e9132734 16549->16551 16553 7ff6e9132774 16550->16553 16554 7ff6e9132d06 16550->16554 16555 7ff6e9132d77 16550->16555 16552 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16551->16552 16551->16553 16552->16553 16553->16513 16558 7ff6e9132d0c 16554->16558 16559 7ff6e9132da1 16554->16559 16556 7ff6e9132d7c 16555->16556 16557 7ff6e9132dd0 16555->16557 16562 7ff6e9132db1 16556->16562 16563 7ff6e9132d7e 16556->16563 16564 7ff6e9132de7 16557->16564 16566 7ff6e9132dda 16557->16566 16571 7ff6e9132ddf 16557->16571 16560 7ff6e9132d40 16558->16560 16561 7ff6e9132d11 16558->16561 16568 7ff6e9131074 38 API calls 16559->16568 16567 7ff6e9132d17 16560->16567 16560->16571 16561->16564 16561->16567 16569 7ff6e9130c64 38 API calls 16562->16569 16565 7ff6e9132d20 16563->16565 16574 7ff6e9132d8d 16563->16574 16572 7ff6e91339cc 45 API calls 16564->16572 16570 7ff6e9133478 47 API calls 16565->16570 16584 7ff6e9132e10 16565->16584 16566->16559 16566->16571 16567->16565 16575 7ff6e9132d52 16567->16575 16581 7ff6e9132d3b 16567->16581 16568->16581 16569->16581 16570->16581 16573 7ff6e9131484 38 API calls 16571->16573 16571->16584 16572->16581 16573->16581 16574->16559 16576 7ff6e9132d92 16574->16576 16577 7ff6e91337b4 46 API calls 16575->16577 16575->16584 16579 7ff6e9133878 37 API calls 16576->16579 16576->16584 16577->16581 16578 7ff6e912b870 _log10_special 8 API calls 16580 7ff6e913310a 16578->16580 16579->16581 16580->16513 16582 7ff6e9133ae0 45 API calls 16581->16582 16581->16584 16585 7ff6e9132ffc 16581->16585 16582->16585 16583 7ff6e913dd18 46 API calls 16583->16585 16584->16578 16585->16583 16585->16584 16841 7ff6e91302e8 16586->16841 16590 7ff6e913349e 16589->16590 16652 7ff6e912fea0 16590->16652 16595 7ff6e91335e3 16597 7ff6e9133671 16595->16597 16598 7ff6e9133ae0 45 API calls 16595->16598 16596 7ff6e9133ae0 45 API calls 16596->16595 16597->16545 16597->16597 16598->16597 16602 7ff6e91337e9 16599->16602 16600 7ff6e913382e 16600->16545 16601 7ff6e9133807 16604 7ff6e913dd18 46 API calls 16601->16604 16602->16600 16602->16601 16603 7ff6e9133ae0 45 API calls 16602->16603 16603->16601 16604->16600 16608 7ff6e9133899 16605->16608 16606 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16607 7ff6e91338ca 16606->16607 16607->16545 16608->16606 16608->16607 16610 7ff6e91310a7 16609->16610 16611 7ff6e91310d6 16610->16611 16613 7ff6e9131193 16610->16613 16615 7ff6e9131113 16611->16615 16795 7ff6e912ff48 16611->16795 16614 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16613->16614 16614->16615 16615->16545 16617 7ff6e9130c97 16616->16617 16618 7ff6e9130cc6 16617->16618 16621 7ff6e9130d83 16617->16621 16619 7ff6e9130d03 16618->16619 16620 7ff6e912ff48 12 API calls 16618->16620 16619->16545 16620->16619 16622 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16621->16622 16622->16619 16624 7ff6e9133a0f 16623->16624 16626 7ff6e9133a13 __crtLCMapStringW 16624->16626 16803 7ff6e9133a68 16624->16803 16626->16545 16630 7ff6e91314b7 16627->16630 16628 7ff6e91314e6 16629 7ff6e912ff48 12 API calls 16628->16629 16633 7ff6e9131523 16628->16633 16629->16633 16630->16628 16631 7ff6e91315a3 16630->16631 16632 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16631->16632 16632->16633 16633->16545 16635 7ff6e9133af7 16634->16635 16807 7ff6e913ccc8 16635->16807 16641 7ff6e913dd57 16640->16641 16642 7ff6e913dd49 16640->16642 16641->16548 16642->16641 16643 7ff6e913dd77 16642->16643 16644 7ff6e9133ae0 45 API calls 16642->16644 16645 7ff6e913dd88 16643->16645 16646 7ff6e913ddaf 16643->16646 16644->16643 16831 7ff6e913f3b0 16645->16831 16646->16641 16648 7ff6e913ddd9 16646->16648 16649 7ff6e913de3a 16646->16649 16648->16641 16834 7ff6e913ebb0 16648->16834 16650 7ff6e913ebb0 _fread_nolock MultiByteToWideChar 16649->16650 16650->16641 16653 7ff6e912fec6 16652->16653 16654 7ff6e912fed7 16652->16654 16660 7ff6e913d880 16653->16660 16654->16653 16682 7ff6e913c90c 16654->16682 16657 7ff6e912ff18 16659 7ff6e9139c58 __free_lconv_num 11 API calls 16657->16659 16658 7ff6e9139c58 __free_lconv_num 11 API calls 16658->16657 16659->16653 16661 7ff6e913d89d 16660->16661 16662 7ff6e913d8d0 16660->16662 16663 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16661->16663 16662->16661 16664 7ff6e913d902 16662->16664 16675 7ff6e91335c1 16663->16675 16669 7ff6e913da15 16664->16669 16677 7ff6e913d94a 16664->16677 16665 7ff6e913db07 16722 7ff6e913cd6c 16665->16722 16667 7ff6e913dacd 16715 7ff6e913d104 16667->16715 16669->16665 16669->16667 16670 7ff6e913da9c 16669->16670 16671 7ff6e913da5f 16669->16671 16673 7ff6e913da55 16669->16673 16708 7ff6e913d3e4 16670->16708 16698 7ff6e913d614 16671->16698 16673->16667 16676 7ff6e913da5a 16673->16676 16675->16595 16675->16596 16676->16670 16676->16671 16677->16675 16689 7ff6e91397b4 16677->16689 16680 7ff6e9139c10 _isindst 17 API calls 16681 7ff6e913db64 16680->16681 16683 7ff6e913c957 16682->16683 16687 7ff6e913c91b _get_daylight 16682->16687 16685 7ff6e91343f4 _get_daylight 11 API calls 16683->16685 16684 7ff6e913c93e HeapAlloc 16686 7ff6e912ff04 16684->16686 16684->16687 16685->16686 16686->16657 16686->16658 16687->16683 16687->16684 16688 7ff6e91428a0 _get_daylight 2 API calls 16687->16688 16688->16687 16690 7ff6e91397cb 16689->16690 16691 7ff6e91397c1 16689->16691 16692 7ff6e91343f4 _get_daylight 11 API calls 16690->16692 16691->16690 16695 7ff6e91397e6 16691->16695 16697 7ff6e91397d2 16692->16697 16693 7ff6e91397de 16693->16675 16693->16680 16694 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 16694->16693 16695->16693 16696 7ff6e91343f4 _get_daylight 11 API calls 16695->16696 16696->16697 16697->16694 16731 7ff6e91433bc 16698->16731 16702 7ff6e913d6bc 16703 7ff6e913d6c0 16702->16703 16704 7ff6e913d711 16702->16704 16705 7ff6e913d6dc 16702->16705 16703->16675 16784 7ff6e913d200 16704->16784 16780 7ff6e913d4bc 16705->16780 16709 7ff6e91433bc 38 API calls 16708->16709 16710 7ff6e913d42e 16709->16710 16711 7ff6e9142e04 37 API calls 16710->16711 16712 7ff6e913d47e 16711->16712 16713 7ff6e913d482 16712->16713 16714 7ff6e913d4bc 45 API calls 16712->16714 16713->16675 16714->16713 16716 7ff6e91433bc 38 API calls 16715->16716 16717 7ff6e913d14f 16716->16717 16718 7ff6e9142e04 37 API calls 16717->16718 16719 7ff6e913d1a7 16718->16719 16720 7ff6e913d1ab 16719->16720 16721 7ff6e913d200 45 API calls 16719->16721 16720->16675 16721->16720 16723 7ff6e913cdb1 16722->16723 16724 7ff6e913cde4 16722->16724 16725 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16723->16725 16726 7ff6e913cdfc 16724->16726 16728 7ff6e913ce7d 16724->16728 16730 7ff6e913cddd __scrt_get_show_window_mode 16725->16730 16727 7ff6e913d104 46 API calls 16726->16727 16727->16730 16729 7ff6e9133ae0 45 API calls 16728->16729 16728->16730 16729->16730 16730->16675 16732 7ff6e914340f fegetenv 16731->16732 16733 7ff6e914713c 37 API calls 16732->16733 16737 7ff6e9143462 16733->16737 16734 7ff6e914348f 16739 7ff6e91397b4 __std_exception_copy 37 API calls 16734->16739 16735 7ff6e9143552 16736 7ff6e914713c 37 API calls 16735->16736 16738 7ff6e914357c 16736->16738 16737->16735 16740 7ff6e914347d 16737->16740 16741 7ff6e914352c 16737->16741 16742 7ff6e914713c 37 API calls 16738->16742 16743 7ff6e914350d 16739->16743 16740->16734 16740->16735 16744 7ff6e91397b4 __std_exception_copy 37 API calls 16741->16744 16745 7ff6e914358d 16742->16745 16746 7ff6e9144634 16743->16746 16750 7ff6e9143515 16743->16750 16744->16743 16748 7ff6e9147330 20 API calls 16745->16748 16747 7ff6e9139c10 _isindst 17 API calls 16746->16747 16749 7ff6e9144649 16747->16749 16760 7ff6e91435f6 __scrt_get_show_window_mode 16748->16760 16751 7ff6e912b870 _log10_special 8 API calls 16750->16751 16752 7ff6e913d661 16751->16752 16776 7ff6e9142e04 16752->16776 16753 7ff6e914399f __scrt_get_show_window_mode 16754 7ff6e9143cdf 16755 7ff6e9142f20 37 API calls 16754->16755 16765 7ff6e91443f7 16755->16765 16756 7ff6e9143c8b 16756->16754 16761 7ff6e914464c memcpy_s 37 API calls 16756->16761 16757 7ff6e9143a93 memcpy_s __scrt_get_show_window_mode 16757->16756 16771 7ff6e91343f4 11 API calls _get_daylight 16757->16771 16773 7ff6e9139bf0 37 API calls _invalid_parameter_noinfo 16757->16773 16758 7ff6e9144452 16762 7ff6e91445d8 16758->16762 16772 7ff6e9142f20 37 API calls 16758->16772 16774 7ff6e914464c memcpy_s 37 API calls 16758->16774 16759 7ff6e9143637 memcpy_s 16759->16757 16767 7ff6e9143f7b memcpy_s __scrt_get_show_window_mode 16759->16767 16760->16753 16760->16759 16763 7ff6e91343f4 _get_daylight 11 API calls 16760->16763 16761->16754 16770 7ff6e914713c 37 API calls 16762->16770 16764 7ff6e9143a70 16763->16764 16766 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 16764->16766 16765->16758 16768 7ff6e914464c memcpy_s 37 API calls 16765->16768 16766->16759 16767->16754 16767->16756 16769 7ff6e91343f4 11 API calls _get_daylight 16767->16769 16775 7ff6e9139bf0 37 API calls _invalid_parameter_noinfo 16767->16775 16768->16758 16769->16767 16770->16750 16771->16757 16772->16758 16773->16757 16774->16758 16775->16767 16777 7ff6e9142e23 16776->16777 16778 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16777->16778 16779 7ff6e9142e4e memcpy_s 16777->16779 16778->16779 16779->16702 16781 7ff6e913d4e8 memcpy_s 16780->16781 16782 7ff6e9133ae0 45 API calls 16781->16782 16783 7ff6e913d5a2 memcpy_s __scrt_get_show_window_mode 16781->16783 16782->16783 16783->16703 16785 7ff6e913d23b 16784->16785 16789 7ff6e913d288 memcpy_s 16784->16789 16786 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16785->16786 16787 7ff6e913d267 16786->16787 16787->16703 16788 7ff6e913d2f3 16790 7ff6e91397b4 __std_exception_copy 37 API calls 16788->16790 16789->16788 16791 7ff6e9133ae0 45 API calls 16789->16791 16794 7ff6e913d335 memcpy_s 16790->16794 16791->16788 16792 7ff6e9139c10 _isindst 17 API calls 16793 7ff6e913d3e0 16792->16793 16794->16792 16796 7ff6e912ff7f 16795->16796 16802 7ff6e912ff6e 16795->16802 16797 7ff6e913c90c _fread_nolock 12 API calls 16796->16797 16796->16802 16798 7ff6e912ffb0 16797->16798 16799 7ff6e9139c58 __free_lconv_num 11 API calls 16798->16799 16801 7ff6e912ffc4 16798->16801 16799->16801 16800 7ff6e9139c58 __free_lconv_num 11 API calls 16800->16802 16801->16800 16802->16615 16804 7ff6e9133a86 16803->16804 16805 7ff6e9133a8e 16803->16805 16806 7ff6e9133ae0 45 API calls 16804->16806 16805->16626 16806->16805 16808 7ff6e9133b1f 16807->16808 16809 7ff6e913cce1 16807->16809 16811 7ff6e913cd34 16808->16811 16809->16808 16815 7ff6e9142614 16809->16815 16812 7ff6e913cd4d 16811->16812 16813 7ff6e9133b2f 16811->16813 16812->16813 16828 7ff6e9141960 16812->16828 16813->16548 16816 7ff6e913a460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16815->16816 16817 7ff6e9142623 16816->16817 16818 7ff6e914266e 16817->16818 16827 7ff6e913f5e8 EnterCriticalSection 16817->16827 16818->16808 16829 7ff6e913a460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16828->16829 16830 7ff6e9141969 16829->16830 16837 7ff6e9146098 16831->16837 16836 7ff6e913ebb9 MultiByteToWideChar 16834->16836 16840 7ff6e91460fc 16837->16840 16838 7ff6e912b870 _log10_special 8 API calls 16839 7ff6e913f3cd 16838->16839 16839->16641 16840->16838 16842 7ff6e913031d 16841->16842 16843 7ff6e913032f 16841->16843 16844 7ff6e91343f4 _get_daylight 11 API calls 16842->16844 16846 7ff6e913033d 16843->16846 16850 7ff6e9130379 16843->16850 16845 7ff6e9130322 16844->16845 16847 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 16845->16847 16848 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16846->16848 16849 7ff6e913032d 16847->16849 16848->16849 16849->16513 16851 7ff6e91306f5 16850->16851 16853 7ff6e91343f4 _get_daylight 11 API calls 16850->16853 16851->16849 16852 7ff6e91343f4 _get_daylight 11 API calls 16851->16852 16854 7ff6e9130989 16852->16854 16855 7ff6e91306ea 16853->16855 16856 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 16854->16856 16857 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 16855->16857 16856->16849 16857->16851 16859 7ff6e912fa24 16858->16859 16888 7ff6e912f784 16859->16888 16861 7ff6e912fa3d 16861->16190 16863 7ff6e912277c 16862->16863 16864 7ff6e91343f4 _get_daylight 11 API calls 16863->16864 16865 7ff6e9122799 16864->16865 16900 7ff6e9133ca4 16865->16900 16870 7ff6e9121bf0 49 API calls 16871 7ff6e9122807 16870->16871 16872 7ff6e91286b0 2 API calls 16871->16872 16873 7ff6e912281f 16872->16873 16874 7ff6e912282c MessageBoxW 16873->16874 16875 7ff6e9122843 MessageBoxA 16873->16875 16876 7ff6e9122855 16874->16876 16875->16876 16877 7ff6e912b870 _log10_special 8 API calls 16876->16877 16878 7ff6e9122865 16877->16878 16878->16219 17077 7ff6e912f6dc 16879->17077 16883 7ff6e912f439 16882->16883 16887 7ff6e9121b06 16882->16887 16884 7ff6e91343f4 _get_daylight 11 API calls 16883->16884 16885 7ff6e912f43e 16884->16885 16886 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 16885->16886 16886->16887 16887->16218 16887->16219 16889 7ff6e912f7ee 16888->16889 16890 7ff6e912f7ae 16888->16890 16889->16890 16892 7ff6e912f7fa 16889->16892 16891 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16890->16891 16893 7ff6e912f7d5 16891->16893 16899 7ff6e913477c EnterCriticalSection 16892->16899 16893->16861 16901 7ff6e9133cfe 16900->16901 16902 7ff6e9133d23 16901->16902 16904 7ff6e9133d5f 16901->16904 16903 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16902->16903 16906 7ff6e9133d4d 16903->16906 16930 7ff6e9131f30 16904->16930 16907 7ff6e912b870 _log10_special 8 API calls 16906->16907 16909 7ff6e91227d8 16907->16909 16908 7ff6e9139c58 __free_lconv_num 11 API calls 16908->16906 16918 7ff6e9134480 16909->16918 16911 7ff6e9133e60 16913 7ff6e9133e3c 16911->16913 16914 7ff6e9133e6a 16911->16914 16912 7ff6e9133e08 16912->16913 16917 7ff6e9133e11 16912->16917 16913->16908 16916 7ff6e9139c58 __free_lconv_num 11 API calls 16914->16916 16915 7ff6e9139c58 __free_lconv_num 11 API calls 16915->16906 16916->16906 16917->16915 16919 7ff6e913a5d8 _get_daylight 11 API calls 16918->16919 16920 7ff6e9134497 16919->16920 16921 7ff6e91344d7 16920->16921 16922 7ff6e913dea8 _get_daylight 11 API calls 16920->16922 16927 7ff6e91227df 16920->16927 16921->16927 17068 7ff6e913df30 16921->17068 16923 7ff6e91344cc 16922->16923 16924 7ff6e9139c58 __free_lconv_num 11 API calls 16923->16924 16924->16921 16927->16870 16928 7ff6e9139c10 _isindst 17 API calls 16929 7ff6e913451c 16928->16929 16931 7ff6e9131f6e 16930->16931 16932 7ff6e9131f5e 16930->16932 16933 7ff6e9131f77 16931->16933 16940 7ff6e9131fa5 16931->16940 16936 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16932->16936 16934 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16933->16934 16935 7ff6e9131f9d 16934->16935 16935->16911 16935->16912 16935->16913 16935->16917 16936->16935 16937 7ff6e9133ae0 45 API calls 16937->16940 16939 7ff6e9132254 16942 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16939->16942 16940->16932 16940->16935 16940->16937 16940->16939 16944 7ff6e91328c0 16940->16944 16970 7ff6e9132588 16940->16970 17000 7ff6e9131e10 16940->17000 16942->16932 16945 7ff6e9132975 16944->16945 16946 7ff6e9132902 16944->16946 16949 7ff6e913297a 16945->16949 16950 7ff6e91329cf 16945->16950 16947 7ff6e9132908 16946->16947 16948 7ff6e913299f 16946->16948 16955 7ff6e913290d 16947->16955 16958 7ff6e91329de 16947->16958 17017 7ff6e9130e70 16948->17017 16951 7ff6e913297c 16949->16951 16952 7ff6e91329af 16949->16952 16950->16948 16950->16958 16968 7ff6e9132938 16950->16968 16954 7ff6e913291d 16951->16954 16961 7ff6e913298b 16951->16961 17024 7ff6e9130a60 16952->17024 16969 7ff6e9132a0d 16954->16969 17003 7ff6e9133224 16954->17003 16955->16954 16959 7ff6e9132950 16955->16959 16955->16968 16958->16969 17031 7ff6e9131280 16958->17031 16959->16969 17013 7ff6e91336e0 16959->17013 16961->16948 16963 7ff6e9132990 16961->16963 16965 7ff6e9133878 37 API calls 16963->16965 16963->16969 16964 7ff6e912b870 _log10_special 8 API calls 16966 7ff6e9132ca3 16964->16966 16965->16968 16966->16940 16968->16969 17038 7ff6e913db68 16968->17038 16969->16964 16971 7ff6e91325a9 16970->16971 16972 7ff6e9132593 16970->16972 16975 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 16971->16975 16976 7ff6e91325e7 16971->16976 16973 7ff6e9132975 16972->16973 16974 7ff6e9132902 16972->16974 16972->16976 16979 7ff6e913297a 16973->16979 16980 7ff6e91329cf 16973->16980 16977 7ff6e9132908 16974->16977 16978 7ff6e913299f 16974->16978 16975->16976 16976->16940 16987 7ff6e913290d 16977->16987 16989 7ff6e91329de 16977->16989 16983 7ff6e9130e70 38 API calls 16978->16983 16981 7ff6e913297c 16979->16981 16982 7ff6e91329af 16979->16982 16980->16978 16980->16989 16998 7ff6e9132938 16980->16998 16984 7ff6e913291d 16981->16984 16991 7ff6e913298b 16981->16991 16985 7ff6e9130a60 38 API calls 16982->16985 16983->16998 16986 7ff6e9133224 47 API calls 16984->16986 16999 7ff6e9132a0d 16984->16999 16985->16998 16986->16998 16987->16984 16988 7ff6e9132950 16987->16988 16987->16998 16992 7ff6e91336e0 47 API calls 16988->16992 16988->16999 16990 7ff6e9131280 38 API calls 16989->16990 16989->16999 16990->16998 16991->16978 16993 7ff6e9132990 16991->16993 16992->16998 16995 7ff6e9133878 37 API calls 16993->16995 16993->16999 16994 7ff6e912b870 _log10_special 8 API calls 16996 7ff6e9132ca3 16994->16996 16995->16998 16996->16940 16997 7ff6e913db68 47 API calls 16997->16998 16998->16997 16998->16999 16999->16994 17051 7ff6e9130034 17000->17051 17004 7ff6e9133246 17003->17004 17005 7ff6e912fea0 12 API calls 17004->17005 17006 7ff6e913328e 17005->17006 17007 7ff6e913d880 46 API calls 17006->17007 17008 7ff6e9133361 17007->17008 17009 7ff6e9133ae0 45 API calls 17008->17009 17010 7ff6e9133383 17008->17010 17009->17010 17010->17010 17011 7ff6e9133ae0 45 API calls 17010->17011 17012 7ff6e913340c 17010->17012 17011->17012 17012->16968 17014 7ff6e9133760 17013->17014 17015 7ff6e91336f8 17013->17015 17014->16968 17015->17014 17016 7ff6e913db68 47 API calls 17015->17016 17016->17014 17018 7ff6e9130ea3 17017->17018 17019 7ff6e9130ed2 17018->17019 17021 7ff6e9130f8f 17018->17021 17020 7ff6e912fea0 12 API calls 17019->17020 17023 7ff6e9130f0f 17019->17023 17020->17023 17022 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17021->17022 17022->17023 17023->16968 17025 7ff6e9130a93 17024->17025 17026 7ff6e9130ac2 17025->17026 17028 7ff6e9130b7f 17025->17028 17027 7ff6e912fea0 12 API calls 17026->17027 17030 7ff6e9130aff 17026->17030 17027->17030 17029 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17028->17029 17029->17030 17030->16968 17032 7ff6e91312b3 17031->17032 17033 7ff6e91312e2 17032->17033 17036 7ff6e913139f 17032->17036 17034 7ff6e913131f 17033->17034 17035 7ff6e912fea0 12 API calls 17033->17035 17034->16968 17035->17034 17037 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17036->17037 17037->17034 17039 7ff6e913db90 17038->17039 17040 7ff6e913dbd5 17039->17040 17041 7ff6e9133ae0 45 API calls 17039->17041 17042 7ff6e913db95 __scrt_get_show_window_mode 17039->17042 17044 7ff6e913dbbe __scrt_get_show_window_mode 17039->17044 17040->17042 17040->17044 17048 7ff6e913faf8 17040->17048 17041->17040 17042->16968 17043 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17043->17042 17044->17042 17044->17043 17050 7ff6e913fb1c WideCharToMultiByte 17048->17050 17052 7ff6e9130061 17051->17052 17053 7ff6e9130073 17051->17053 17054 7ff6e91343f4 _get_daylight 11 API calls 17052->17054 17056 7ff6e9130080 17053->17056 17059 7ff6e91300bd 17053->17059 17055 7ff6e9130066 17054->17055 17057 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17055->17057 17058 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17056->17058 17065 7ff6e9130071 17057->17065 17058->17065 17060 7ff6e9130166 17059->17060 17061 7ff6e91343f4 _get_daylight 11 API calls 17059->17061 17062 7ff6e91343f4 _get_daylight 11 API calls 17060->17062 17060->17065 17063 7ff6e913015b 17061->17063 17064 7ff6e9130210 17062->17064 17066 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17063->17066 17067 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17064->17067 17065->16940 17066->17060 17067->17065 17073 7ff6e913df4d 17068->17073 17069 7ff6e913df52 17070 7ff6e91344fd 17069->17070 17071 7ff6e91343f4 _get_daylight 11 API calls 17069->17071 17070->16927 17070->16928 17072 7ff6e913df5c 17071->17072 17074 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17072->17074 17073->17069 17073->17070 17075 7ff6e913df9c 17073->17075 17074->17070 17075->17070 17076 7ff6e91343f4 _get_daylight 11 API calls 17075->17076 17076->17072 17078 7ff6e91219b9 17077->17078 17079 7ff6e912f706 17077->17079 17078->16196 17078->16197 17079->17078 17080 7ff6e912f715 __scrt_get_show_window_mode 17079->17080 17081 7ff6e912f752 17079->17081 17084 7ff6e91343f4 _get_daylight 11 API calls 17080->17084 17090 7ff6e913477c EnterCriticalSection 17081->17090 17085 7ff6e912f72a 17084->17085 17087 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17085->17087 17087->17078 17092 7ff6e91351d8 17091->17092 17093 7ff6e91351fe 17092->17093 17096 7ff6e9135231 17092->17096 17094 7ff6e91343f4 _get_daylight 11 API calls 17093->17094 17095 7ff6e9135203 17094->17095 17097 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17095->17097 17098 7ff6e9135237 17096->17098 17099 7ff6e9135244 17096->17099 17109 7ff6e9123fc6 17097->17109 17101 7ff6e91343f4 _get_daylight 11 API calls 17098->17101 17110 7ff6e9139f38 17099->17110 17101->17109 17109->16228 17123 7ff6e913f5e8 EnterCriticalSection 17110->17123 17508 7ff6e9136c08 17507->17508 17511 7ff6e91366e4 17508->17511 17510 7ff6e9136c21 17510->16238 17512 7ff6e913672e 17511->17512 17513 7ff6e91366ff 17511->17513 17521 7ff6e913477c EnterCriticalSection 17512->17521 17514 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17513->17514 17520 7ff6e913671f 17514->17520 17520->17510 17523 7ff6e912f163 17522->17523 17526 7ff6e912f191 17522->17526 17524 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17523->17524 17525 7ff6e912f183 17524->17525 17525->16242 17526->17525 17532 7ff6e913477c EnterCriticalSection 17526->17532 17534 7ff6e9137568 17533->17534 17535 7ff6e9137555 17533->17535 17543 7ff6e91371cc 17534->17543 17536 7ff6e91343f4 _get_daylight 11 API calls 17535->17536 17538 7ff6e913755a 17536->17538 17539 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17538->17539 17541 7ff6e9137566 17539->17541 17541->16275 17550 7ff6e913f5e8 EnterCriticalSection 17543->17550 17552 7ff6e9127b91 GetTokenInformation 17551->17552 17553 7ff6e9127c13 __vcrt_freefls 17551->17553 17554 7ff6e9127bb2 GetLastError 17552->17554 17557 7ff6e9127bbd 17552->17557 17555 7ff6e9127c26 CloseHandle 17553->17555 17556 7ff6e9127c2c 17553->17556 17554->17553 17554->17557 17555->17556 17556->16280 17557->17553 17558 7ff6e9127bd9 GetTokenInformation 17557->17558 17558->17553 17559 7ff6e9127bfc 17558->17559 17559->17553 17560 7ff6e9127c06 ConvertSidToStringSidW 17559->17560 17560->17553 17562 7ff6e912297a 17561->17562 17563 7ff6e9133ef8 48 API calls 17562->17563 17564 7ff6e91229a2 MessageBoxW 17563->17564 17565 7ff6e912b870 _log10_special 8 API calls 17564->17565 17566 7ff6e91229cc 17565->17566 17566->16288 17568 7ff6e91277dc 17567->17568 17569 7ff6e91286b0 2 API calls 17568->17569 17570 7ff6e91277fb 17569->17570 17571 7ff6e9127816 ExpandEnvironmentStringsW 17570->17571 17572 7ff6e9127803 17570->17572 17574 7ff6e912783c __vcrt_freefls 17571->17574 17573 7ff6e91226c0 49 API calls 17572->17573 17598 7ff6e912780f __vcrt_freefls 17573->17598 17575 7ff6e9127840 17574->17575 17576 7ff6e9127853 17574->17576 17600 7ff6e9122555 17599->17600 17601 7ff6e9133ef8 48 API calls 17600->17601 17602 7ff6e9122574 17601->17602 17602->16301 17714 7ff6e9137aac 17603->17714 17838 7ff6e9123f70 108 API calls 17837->17838 17839 7ff6e9121463 17838->17839 17840 7ff6e912146b 17839->17840 17841 7ff6e912148c 17839->17841 17842 7ff6e91225f0 53 API calls 17840->17842 17843 7ff6e912f9f4 73 API calls 17841->17843 17845 7ff6e912147b 17842->17845 17844 7ff6e91214a1 17843->17844 17846 7ff6e91214c1 17844->17846 17847 7ff6e91214a5 17844->17847 17845->16344 17849 7ff6e91214f1 17846->17849 17850 7ff6e91214d1 17846->17850 17848 7ff6e9122760 53 API calls 17847->17848 17859 7ff6e91214bc __vcrt_freefls 17848->17859 17853 7ff6e91214f7 17849->17853 17854 7ff6e912150a 17849->17854 17851 7ff6e9122760 53 API calls 17850->17851 17851->17859 17852 7ff6e912f36c 74 API calls 17855 7ff6e9121584 17852->17855 17861 7ff6e91211f0 17853->17861 17857 7ff6e912f6bc _fread_nolock 53 API calls 17854->17857 17858 7ff6e9121596 17854->17858 17854->17859 17855->16344 17857->17854 17860 7ff6e9122760 53 API calls 17858->17860 17859->17852 17860->17859 17862 7ff6e9121248 17861->17862 17863 7ff6e9121277 17862->17863 17864 7ff6e912124f 17862->17864 17867 7ff6e91212ad 17863->17867 17868 7ff6e9121291 17863->17868 17865 7ff6e91225f0 53 API calls 17864->17865 17866 7ff6e9121262 17865->17866 17866->17859 17870 7ff6e91212bf 17867->17870 17874 7ff6e91212db memcpy_s 17867->17874 17869 7ff6e9122760 53 API calls 17868->17869 17873 7ff6e91212a8 __vcrt_freefls 17869->17873 17871 7ff6e9122760 53 API calls 17870->17871 17871->17873 17872 7ff6e912f6bc _fread_nolock 53 API calls 17872->17874 17873->17859 17874->17872 17874->17873 17877 7ff6e912139f 17874->17877 17878 7ff6e912f430 37 API calls 17874->17878 17879 7ff6e912fdfc 17874->17879 17875 7ff6e91225f0 53 API calls 17875->17873 17877->17875 17878->17874 17880 7ff6e912fe2c 17879->17880 17883 7ff6e912fb4c 17880->17883 17882 7ff6e912fe4a 17882->17874 17884 7ff6e912fb99 17883->17884 17885 7ff6e912fb6c 17883->17885 17884->17882 17885->17884 17886 7ff6e912fb76 17885->17886 17887 7ff6e912fba1 17885->17887 17888 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 17886->17888 17890 7ff6e912fa8c 17887->17890 17888->17884 17900 7ff6e9121875 17898->17900 17901 7ff6e9121805 17898->17901 17900->16363 17901->17900 17957 7ff6e9134250 17901->17957 17903 7ff6e9123f1a 17902->17903 17904 7ff6e91286b0 2 API calls 17903->17904 17905 7ff6e9123f3f 17904->17905 17906 7ff6e912b870 _log10_special 8 API calls 17905->17906 17907 7ff6e9123f67 17906->17907 17907->16363 17909 7ff6e912753e 17908->17909 17910 7ff6e9127662 17909->17910 17911 7ff6e9121bf0 49 API calls 17909->17911 17912 7ff6e912b870 _log10_special 8 API calls 17910->17912 17916 7ff6e91275c5 17911->17916 17913 7ff6e9127693 17912->17913 17913->16363 17914 7ff6e9121bf0 49 API calls 17914->17916 17915 7ff6e9123f10 10 API calls 17915->17916 17916->17910 17916->17914 17916->17915 17917 7ff6e91286b0 2 API calls 17916->17917 17918 7ff6e9127633 CreateDirectoryW 17917->17918 17918->17910 17918->17916 17920 7ff6e91215f7 17919->17920 17921 7ff6e91215d3 17919->17921 17922 7ff6e9123f70 108 API calls 17920->17922 17972 7ff6e9121050 17921->17972 17924 7ff6e912160b 17922->17924 17926 7ff6e912163b 17924->17926 17927 7ff6e9121613 17924->17927 17925 7ff6e91215d8 17928 7ff6e91215ee 17925->17928 17931 7ff6e91225f0 53 API calls 17925->17931 17930 7ff6e9123f70 108 API calls 17926->17930 17929 7ff6e9122760 53 API calls 17927->17929 17928->16363 17932 7ff6e912162a 17929->17932 17933 7ff6e912164f 17930->17933 17931->17928 17932->16363 17934 7ff6e9121657 17933->17934 17935 7ff6e9121671 17933->17935 17936 7ff6e91225f0 53 API calls 17934->17936 17937 7ff6e912f9f4 73 API calls 17935->17937 17938 7ff6e9121667 17936->17938 17939 7ff6e9121686 17937->17939 17944 7ff6e912f36c 74 API calls 17938->17944 17940 7ff6e91216ab 17939->17940 17941 7ff6e912168a 17939->17941 17943 7ff6e91216b1 17940->17943 17947 7ff6e91216c9 17940->17947 17942 7ff6e9122760 53 API calls 17941->17942 17951 7ff6e91216a1 __vcrt_freefls 17942->17951 17945 7ff6e91211f0 92 API calls 17943->17945 17946 7ff6e91217cd 17944->17946 17945->17951 17946->16363 17949 7ff6e91216eb 17947->17949 17955 7ff6e912170c 17947->17955 17948 7ff6e912f36c 74 API calls 17948->17938 17950 7ff6e9122760 53 API calls 17949->17950 17950->17951 17951->17948 17952 7ff6e912f6bc _fread_nolock 53 API calls 17952->17955 17953 7ff6e9121775 17956 7ff6e9122760 53 API calls 17953->17956 17954 7ff6e912fdfc 76 API calls 17954->17955 17955->17951 17955->17952 17955->17953 17955->17954 17956->17951 17958 7ff6e913425d 17957->17958 17961 7ff6e913428a 17957->17961 17959 7ff6e91343f4 _get_daylight 11 API calls 17958->17959 17969 7ff6e9134214 17958->17969 17963 7ff6e9134267 17959->17963 17960 7ff6e91342ad 17964 7ff6e91343f4 _get_daylight 11 API calls 17960->17964 17961->17960 17962 7ff6e91342c9 17961->17962 17965 7ff6e9134178 45 API calls 17962->17965 17966 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17963->17966 17967 7ff6e91342b2 17964->17967 17971 7ff6e91342bd 17965->17971 17968 7ff6e9134272 17966->17968 17970 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 17967->17970 17968->17901 17969->17901 17970->17971 17971->17901 17973 7ff6e9123f70 108 API calls 17972->17973 17974 7ff6e912108b 17973->17974 17975 7ff6e91210a8 17974->17975 17976 7ff6e9121093 17974->17976 17978 7ff6e912f9f4 73 API calls 17975->17978 17977 7ff6e91225f0 53 API calls 17976->17977 17983 7ff6e91210a3 __vcrt_freefls 17977->17983 17979 7ff6e91210bd 17978->17979 17980 7ff6e91210dd 17979->17980 17981 7ff6e91210c1 17979->17981 17984 7ff6e912110d 17980->17984 17985 7ff6e91210ed 17980->17985 17982 7ff6e9122760 53 API calls 17981->17982 17994 7ff6e91210d8 __vcrt_freefls 17982->17994 17983->17925 17988 7ff6e9121113 17984->17988 17991 7ff6e9121126 17984->17991 17986 7ff6e9122760 53 API calls 17985->17986 17986->17994 17987 7ff6e912f36c 74 API calls 17990 7ff6e9121194 17987->17990 17989 7ff6e91211f0 92 API calls 17988->17989 17989->17994 17990->17983 17997 7ff6e91240a0 17990->17997 17993 7ff6e912f6bc _fread_nolock 53 API calls 17991->17993 17991->17994 17995 7ff6e91211cc 17991->17995 17993->17991 17994->17987 17996 7ff6e9122760 53 API calls 17995->17996 17996->17994 17998 7ff6e91240b0 17997->17998 17999 7ff6e91286b0 2 API calls 17998->17999 18000 7ff6e91240db 17999->18000 18012 7ff6e91286b0 2 API calls 18011->18012 18013 7ff6e91281b4 LoadLibraryExW 18012->18013 18014 7ff6e91281d3 __vcrt_freefls 18013->18014 18014->16379 18016 7ff6e9126ec9 18015->18016 18017 7ff6e9126ef3 GetProcAddress 18015->18017 18020 7ff6e91229e0 51 API calls 18016->18020 18017->18016 18018 7ff6e9126f18 GetProcAddress 18017->18018 18018->18016 18019 7ff6e9126f3d GetProcAddress 18018->18019 18019->18016 18021 7ff6e9126f65 GetProcAddress 18019->18021 18022 7ff6e9126ee3 18020->18022 18021->18016 18023 7ff6e9126f8d GetProcAddress 18021->18023 18022->16386 18023->18016 18024 7ff6e9126fb5 GetProcAddress 18023->18024 18025 7ff6e9126fdd GetProcAddress 18024->18025 18026 7ff6e9126fd1 18024->18026 18026->18025 18078->16406 18079->16408 18081 7ff6e912694b 18080->18081 18083 7ff6e9126904 18080->18083 18081->16427 18082 7ff6e9134250 45 API calls 18082->18083 18083->18081 18083->18082 18085 7ff6e9123b51 18084->18085 18086 7ff6e9123e90 49 API calls 18085->18086 18087 7ff6e9123b8b 18086->18087 18088 7ff6e9123e90 49 API calls 18087->18088 18089 7ff6e9123b9b 18088->18089 18090 7ff6e9123bbd 18089->18090 18091 7ff6e9123bec 18089->18091 18131 7ff6e9123ac0 18090->18131 18093 7ff6e9123ac0 51 API calls 18091->18093 18094 7ff6e9123bea 18093->18094 18095 7ff6e9123c17 18094->18095 18096 7ff6e9123c4c 18094->18096 18138 7ff6e9127400 18095->18138 18098 7ff6e9123ac0 51 API calls 18096->18098 18100 7ff6e9123c70 18098->18100 18103 7ff6e9123ac0 51 API calls 18100->18103 18109 7ff6e9123cc2 18100->18109 18101 7ff6e9123d43 18106 7ff6e9123c99 18103->18106 18106->18109 18109->18101 18115 7ff6e9123d3c 18109->18115 18117 7ff6e9123cc7 18109->18117 18119 7ff6e9123d2b 18109->18119 18112 7ff6e9123d55 18115->18112 18115->18117 18120 7ff6e91225f0 53 API calls 18117->18120 18123 7ff6e91225f0 53 API calls 18119->18123 18123->18117 18129 7ff6e9121bf0 49 API calls 18128->18129 18130 7ff6e9123e24 18129->18130 18130->16427 18132 7ff6e9123ae6 18131->18132 18133 7ff6e9133ca4 49 API calls 18132->18133 18134 7ff6e9123b0c 18133->18134 18135 7ff6e9123b1d 18134->18135 18136 7ff6e9123f10 10 API calls 18134->18136 18135->18094 18137 7ff6e9123b2f 18136->18137 18137->18094 18139 7ff6e9127415 18138->18139 18140 7ff6e9123f70 108 API calls 18139->18140 18141 7ff6e912743b 18140->18141 18142 7ff6e9127462 18141->18142 18143 7ff6e9123f70 108 API calls 18141->18143 18191 7ff6e9125b05 18190->18191 18192 7ff6e9121bf0 49 API calls 18191->18192 18193 7ff6e9125b41 18192->18193 18194 7ff6e9125b4a 18193->18194 18195 7ff6e9125b6d 18193->18195 18196 7ff6e91225f0 53 API calls 18194->18196 18197 7ff6e9123fe0 49 API calls 18195->18197 18213 7ff6e9125b63 18196->18213 18198 7ff6e9125b85 18197->18198 18199 7ff6e9125ba3 18198->18199 18201 7ff6e91225f0 53 API calls 18198->18201 18202 7ff6e9123f10 10 API calls 18199->18202 18200 7ff6e912b870 _log10_special 8 API calls 18203 7ff6e912308e 18200->18203 18201->18199 18204 7ff6e9125bad 18202->18204 18203->16439 18221 7ff6e9125c80 18203->18221 18205 7ff6e9125bbb 18204->18205 18206 7ff6e91281a0 3 API calls 18204->18206 18207 7ff6e9123fe0 49 API calls 18205->18207 18206->18205 18208 7ff6e9125bd4 18207->18208 18209 7ff6e9125bf9 18208->18209 18210 7ff6e9125bd9 18208->18210 18212 7ff6e91281a0 3 API calls 18209->18212 18211 7ff6e91225f0 53 API calls 18210->18211 18211->18213 18214 7ff6e9125c06 18212->18214 18213->18200 18215 7ff6e9125c49 18214->18215 18216 7ff6e9125c12 18214->18216 18275 7ff6e91250b0 GetProcAddress 18215->18275 18218 7ff6e91286b0 2 API calls 18216->18218 18219 7ff6e9125c2a 18218->18219 18220 7ff6e91229e0 51 API calls 18219->18220 18220->18213 18360 7ff6e9124c80 18221->18360 18223 7ff6e9125cba 18224 7ff6e9125cd3 18223->18224 18225 7ff6e9125cc2 18223->18225 18367 7ff6e9124450 18224->18367 18226 7ff6e91225f0 53 API calls 18225->18226 18232 7ff6e9125cce 18226->18232 18229 7ff6e9125cdf 18231 7ff6e91225f0 53 API calls 18229->18231 18230 7ff6e9125cf0 18233 7ff6e9125cff 18230->18233 18234 7ff6e9125d10 18230->18234 18231->18232 18232->16435 18261 7ff6e9125820 18260->18261 18261->18261 18262 7ff6e9125849 18261->18262 18268 7ff6e9125860 __vcrt_freefls 18261->18268 18263 7ff6e91225f0 53 API calls 18262->18263 18265 7ff6e912596b 18266 7ff6e9121440 116 API calls 18266->18268 18267 7ff6e91225f0 53 API calls 18267->18268 18268->18265 18268->18266 18268->18267 18276 7ff6e91250f7 GetProcAddress 18275->18276 18277 7ff6e91250d2 18275->18277 18276->18277 18278 7ff6e912511c GetProcAddress 18276->18278 18279 7ff6e91229e0 51 API calls 18277->18279 18278->18277 18280 7ff6e9125141 GetProcAddress 18278->18280 18281 7ff6e91250ec 18279->18281 18280->18277 18281->18213 18362 7ff6e9124cac 18360->18362 18361 7ff6e9124cb4 18361->18223 18362->18361 18364 7ff6e9124e54 18362->18364 18398 7ff6e9135db4 18362->18398 18363 7ff6e9125017 __vcrt_freefls 18363->18223 18364->18363 18365 7ff6e9124180 47 API calls 18364->18365 18365->18364 18368 7ff6e9124480 18367->18368 18369 7ff6e912b870 _log10_special 8 API calls 18368->18369 18370 7ff6e91244ea 18369->18370 18370->18229 18370->18230 18399 7ff6e9135de4 18398->18399 18402 7ff6e91352b0 18399->18402 18401 7ff6e9135e14 18401->18362 18403 7ff6e91352e1 18402->18403 18404 7ff6e91352f3 18402->18404 18406 7ff6e91343f4 _get_daylight 11 API calls 18403->18406 18405 7ff6e913533d 18404->18405 18407 7ff6e9135300 18404->18407 18408 7ff6e9135358 18405->18408 18411 7ff6e9133ae0 45 API calls 18405->18411 18409 7ff6e91352e6 18406->18409 18410 7ff6e9139b24 _invalid_parameter_noinfo 37 API calls 18407->18410 18414 7ff6e913537a 18408->18414 18423 7ff6e9135d3c 18408->18423 18413 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 18409->18413 18415 7ff6e91352f1 18410->18415 18411->18408 18413->18415 18416 7ff6e913541b 18414->18416 18418 7ff6e91343f4 _get_daylight 11 API calls 18414->18418 18415->18401 18416->18415 18417 7ff6e91343f4 _get_daylight 11 API calls 18416->18417 18420 7ff6e9135410 18418->18420 18424 7ff6e9135d5f 18423->18424 18426 7ff6e9135d76 18423->18426 18429 7ff6e913f278 18424->18429 18427 7ff6e9135d64 18426->18427 18434 7ff6e913f2a8 18426->18434 18427->18408 18435 7ff6e9134178 45 API calls 18434->18435 18478->16442 18483 7ff6e9139060 18486 7ff6e9138fe4 18483->18486 18493 7ff6e913f5e8 EnterCriticalSection 18486->18493 19994 7ff6e913a2e0 19995 7ff6e913a2fa 19994->19995 19996 7ff6e913a2e5 19994->19996 20000 7ff6e913a300 19996->20000 20001 7ff6e913a34a 20000->20001 20002 7ff6e913a342 20000->20002 20004 7ff6e9139c58 __free_lconv_num 11 API calls 20001->20004 20003 7ff6e9139c58 __free_lconv_num 11 API calls 20002->20003 20003->20001 20005 7ff6e913a357 20004->20005 20006 7ff6e9139c58 __free_lconv_num 11 API calls 20005->20006 20007 7ff6e913a364 20006->20007 20008 7ff6e9139c58 __free_lconv_num 11 API calls 20007->20008 20009 7ff6e913a371 20008->20009 20010 7ff6e9139c58 __free_lconv_num 11 API calls 20009->20010 20011 7ff6e913a37e 20010->20011 20012 7ff6e9139c58 __free_lconv_num 11 API calls 20011->20012 20013 7ff6e913a38b 20012->20013 20014 7ff6e9139c58 __free_lconv_num 11 API calls 20013->20014 20015 7ff6e913a398 20014->20015 20016 7ff6e9139c58 __free_lconv_num 11 API calls 20015->20016 20017 7ff6e913a3a5 20016->20017 20018 7ff6e9139c58 __free_lconv_num 11 API calls 20017->20018 20019 7ff6e913a3b5 20018->20019 20020 7ff6e9139c58 __free_lconv_num 11 API calls 20019->20020 20021 7ff6e913a3c5 20020->20021 20026 7ff6e913a1a4 20021->20026 20040 7ff6e913f5e8 EnterCriticalSection 20026->20040 18540 7ff6e912be70 18541 7ff6e912be80 18540->18541 18557 7ff6e9138ec0 18541->18557 18543 7ff6e912be8c 18563 7ff6e912c168 18543->18563 18545 7ff6e912c44c 7 API calls 18547 7ff6e912bf25 18545->18547 18546 7ff6e912bea4 _RTC_Initialize 18555 7ff6e912bef9 18546->18555 18568 7ff6e912c318 18546->18568 18549 7ff6e912beb9 18571 7ff6e913832c 18549->18571 18555->18545 18556 7ff6e912bf15 18555->18556 18558 7ff6e9138ed1 18557->18558 18559 7ff6e9138ed9 18558->18559 18560 7ff6e91343f4 _get_daylight 11 API calls 18558->18560 18559->18543 18561 7ff6e9138ee8 18560->18561 18562 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 18561->18562 18562->18559 18564 7ff6e912c179 18563->18564 18565 7ff6e912c17e __scrt_release_startup_lock 18563->18565 18564->18565 18566 7ff6e912c44c 7 API calls 18564->18566 18565->18546 18567 7ff6e912c1f2 18566->18567 18596 7ff6e912c2dc 18568->18596 18570 7ff6e912c321 18570->18549 18572 7ff6e913834c 18571->18572 18585 7ff6e912bec5 18571->18585 18573 7ff6e913836a GetModuleFileNameW 18572->18573 18574 7ff6e9138354 18572->18574 18578 7ff6e9138395 18573->18578 18575 7ff6e91343f4 _get_daylight 11 API calls 18574->18575 18576 7ff6e9138359 18575->18576 18577 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 18576->18577 18577->18585 18611 7ff6e91382cc 18578->18611 18581 7ff6e91383dd 18582 7ff6e91343f4 _get_daylight 11 API calls 18581->18582 18583 7ff6e91383e2 18582->18583 18584 7ff6e9139c58 __free_lconv_num 11 API calls 18583->18584 18584->18585 18585->18555 18595 7ff6e912c3ec InitializeSListHead 18585->18595 18586 7ff6e9139c58 __free_lconv_num 11 API calls 18586->18585 18587 7ff6e91383f5 18588 7ff6e913845c 18587->18588 18589 7ff6e9138443 18587->18589 18593 7ff6e9138417 18587->18593 18591 7ff6e9139c58 __free_lconv_num 11 API calls 18588->18591 18590 7ff6e9139c58 __free_lconv_num 11 API calls 18589->18590 18592 7ff6e913844c 18590->18592 18591->18593 18594 7ff6e9139c58 __free_lconv_num 11 API calls 18592->18594 18593->18586 18594->18585 18597 7ff6e912c2f6 18596->18597 18599 7ff6e912c2ef 18596->18599 18600 7ff6e91394fc 18597->18600 18599->18570 18603 7ff6e9139138 18600->18603 18610 7ff6e913f5e8 EnterCriticalSection 18603->18610 18612 7ff6e91382e4 18611->18612 18613 7ff6e913831c 18611->18613 18612->18613 18614 7ff6e913dea8 _get_daylight 11 API calls 18612->18614 18613->18581 18613->18587 18615 7ff6e9138312 18614->18615 18616 7ff6e9139c58 __free_lconv_num 11 API calls 18615->18616 18616->18613 20059 7ff6e91409c0 20070 7ff6e91466f4 20059->20070 20071 7ff6e9146701 20070->20071 20072 7ff6e9139c58 __free_lconv_num 11 API calls 20071->20072 20073 7ff6e914671d 20071->20073 20072->20071 20074 7ff6e9139c58 __free_lconv_num 11 API calls 20073->20074 20075 7ff6e91409c9 20073->20075 20074->20073 20076 7ff6e913f5e8 EnterCriticalSection 20075->20076 18852 7ff6e913ec9c 18853 7ff6e913ee8e 18852->18853 18855 7ff6e913ecde _isindst 18852->18855 18854 7ff6e91343f4 _get_daylight 11 API calls 18853->18854 18872 7ff6e913ee7e 18854->18872 18855->18853 18858 7ff6e913ed5e _isindst 18855->18858 18856 7ff6e912b870 _log10_special 8 API calls 18857 7ff6e913eea9 18856->18857 18873 7ff6e91454a4 18858->18873 18863 7ff6e913eeba 18865 7ff6e9139c10 _isindst 17 API calls 18863->18865 18867 7ff6e913eece 18865->18867 18870 7ff6e913edbb 18870->18872 18897 7ff6e91454e8 18870->18897 18872->18856 18874 7ff6e91454b3 18873->18874 18877 7ff6e913ed7c 18873->18877 18904 7ff6e913f5e8 EnterCriticalSection 18874->18904 18879 7ff6e91448a8 18877->18879 18880 7ff6e91448b1 18879->18880 18884 7ff6e913ed91 18879->18884 18881 7ff6e91343f4 _get_daylight 11 API calls 18880->18881 18882 7ff6e91448b6 18881->18882 18883 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 18882->18883 18883->18884 18884->18863 18885 7ff6e91448d8 18884->18885 18886 7ff6e91448e1 18885->18886 18888 7ff6e913eda2 18885->18888 18887 7ff6e91343f4 _get_daylight 11 API calls 18886->18887 18889 7ff6e91448e6 18887->18889 18888->18863 18891 7ff6e9144908 18888->18891 18890 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 18889->18890 18890->18888 18892 7ff6e9144911 18891->18892 18896 7ff6e913edb3 18891->18896 18893 7ff6e91343f4 _get_daylight 11 API calls 18892->18893 18894 7ff6e9144916 18893->18894 18895 7ff6e9139bf0 _invalid_parameter_noinfo 37 API calls 18894->18895 18895->18896 18896->18863 18896->18870 18905 7ff6e913f5e8 EnterCriticalSection 18897->18905 20142 7ff6e9134720 20143 7ff6e913472b 20142->20143 20151 7ff6e913e5b4 20143->20151 20164 7ff6e913f5e8 EnterCriticalSection 20151->20164 20172 7ff6e913b830 20183 7ff6e913f5e8 EnterCriticalSection 20172->20183 15754 7ff6e9138c79 15766 7ff6e91396e8 15754->15766 15771 7ff6e913a460 GetLastError 15766->15771 15772 7ff6e913a4a1 FlsSetValue 15771->15772 15773 7ff6e913a484 FlsGetValue 15771->15773 15775 7ff6e913a491 SetLastError 15772->15775 15776 7ff6e913a4b3 15772->15776 15774 7ff6e913a49b 15773->15774 15773->15775 15774->15772 15779 7ff6e913a52d 15775->15779 15780 7ff6e91396f1 15775->15780 15802 7ff6e913dea8 15776->15802 15782 7ff6e9139814 __FrameHandler3::FrameUnwindToEmptyState 38 API calls 15779->15782 15793 7ff6e9139814 15780->15793 15781 7ff6e913a4c2 15783 7ff6e913a4e0 FlsSetValue 15781->15783 15784 7ff6e913a4d0 FlsSetValue 15781->15784 15787 7ff6e913a532 15782->15787 15785 7ff6e913a4ec FlsSetValue 15783->15785 15786 7ff6e913a4fe 15783->15786 15788 7ff6e913a4d9 15784->15788 15785->15788 15815 7ff6e913a204 15786->15815 15809 7ff6e9139c58 15788->15809 15863 7ff6e9142960 15793->15863 15807 7ff6e913deb9 _get_daylight 15802->15807 15803 7ff6e913df0a 15823 7ff6e91343f4 15803->15823 15804 7ff6e913deee HeapAlloc 15805 7ff6e913df08 15804->15805 15804->15807 15805->15781 15807->15803 15807->15804 15820 7ff6e91428a0 15807->15820 15810 7ff6e9139c5d HeapFree 15809->15810 15811 7ff6e9139c8c 15809->15811 15810->15811 15812 7ff6e9139c78 GetLastError 15810->15812 15811->15775 15813 7ff6e9139c85 __free_lconv_num 15812->15813 15814 7ff6e91343f4 _get_daylight 9 API calls 15813->15814 15814->15811 15849 7ff6e913a0dc 15815->15849 15826 7ff6e91428e0 15820->15826 15832 7ff6e913a5d8 GetLastError 15823->15832 15825 7ff6e91343fd 15825->15805 15831 7ff6e913f5e8 EnterCriticalSection 15826->15831 15833 7ff6e913a619 FlsSetValue 15832->15833 15838 7ff6e913a5fc 15832->15838 15834 7ff6e913a609 15833->15834 15835 7ff6e913a62b 15833->15835 15836 7ff6e913a685 SetLastError 15834->15836 15837 7ff6e913dea8 _get_daylight 5 API calls 15835->15837 15836->15825 15839 7ff6e913a63a 15837->15839 15838->15833 15838->15834 15840 7ff6e913a658 FlsSetValue 15839->15840 15841 7ff6e913a648 FlsSetValue 15839->15841 15842 7ff6e913a676 15840->15842 15843 7ff6e913a664 FlsSetValue 15840->15843 15844 7ff6e913a651 15841->15844 15845 7ff6e913a204 _get_daylight 5 API calls 15842->15845 15843->15844 15846 7ff6e9139c58 __free_lconv_num 5 API calls 15844->15846 15847 7ff6e913a67e 15845->15847 15846->15834 15848 7ff6e9139c58 __free_lconv_num 5 API calls 15847->15848 15848->15836 15861 7ff6e913f5e8 EnterCriticalSection 15849->15861 15897 7ff6e9142918 15863->15897 15902 7ff6e913f5e8 EnterCriticalSection 15897->15902 18479 7ff6e912fdfc 18480 7ff6e912fe2c 18479->18480 18481 7ff6e912fb4c 76 API calls 18480->18481 18482 7ff6e912fe4a 18481->18482 20280 7ff6e914a10e 20281 7ff6e914a11d 20280->20281 20282 7ff6e914a127 20280->20282 20284 7ff6e913f648 LeaveCriticalSection 20281->20284

      Executed Functions

      Function 00007FF6E9121000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 7ff6e9121000-7ff6e9123536 call 7ff6e912f138 call 7ff6e912f140 call 7ff6e912bb70 call 7ff6e9134700 call 7ff6e9134794 call 7ff6e91233e0 14 7ff6e9123538-7ff6e912353f 0->14 15 7ff6e9123544-7ff6e9123566 call 7ff6e91218f0 0->15 16 7ff6e912371a-7ff6e9123735 call 7ff6e912b870 14->16 21 7ff6e9123736-7ff6e912374c call 7ff6e9123f70 15->21 22 7ff6e912356c-7ff6e9123583 call 7ff6e9121bf0 15->22 29 7ff6e912374e-7ff6e912377b call 7ff6e91276a0 21->29 30 7ff6e9123785-7ff6e9123793 call 7ff6e91225f0 21->30 25 7ff6e9123588-7ff6e91235c1 22->25 27 7ff6e91235c7-7ff6e91235cb 25->27 28 7ff6e9123653-7ff6e912366d call 7ff6e9127e10 25->28 31 7ff6e9123638-7ff6e912364d call 7ff6e91218e0 27->31 32 7ff6e91235cd-7ff6e91235e5 call 7ff6e9134560 27->32 43 7ff6e912366f-7ff6e9123675 28->43 44 7ff6e9123695-7ff6e912369c 28->44 46 7ff6e912377d-7ff6e9123780 call 7ff6e912f36c 29->46 47 7ff6e912379f-7ff6e91237be call 7ff6e9121bf0 29->47 38 7ff6e9123798-7ff6e912379a 30->38 31->27 31->28 49 7ff6e91235e7-7ff6e91235eb 32->49 50 7ff6e91235f2-7ff6e912360a call 7ff6e9134560 32->50 45 7ff6e9123712 38->45 51 7ff6e9123677-7ff6e9123680 43->51 52 7ff6e9123682-7ff6e9123690 call 7ff6e913415c 43->52 54 7ff6e91236a2-7ff6e91236c0 call 7ff6e9127e10 call 7ff6e9127f80 44->54 55 7ff6e9123844-7ff6e9123863 call 7ff6e9123e90 44->55 45->16 46->30 61 7ff6e91237c1-7ff6e91237ca 47->61 49->50 66 7ff6e9123617-7ff6e912362f call 7ff6e9134560 50->66 67 7ff6e912360c-7ff6e9123610 50->67 51->52 52->44 80 7ff6e91236c6-7ff6e91236c9 54->80 81 7ff6e912380f-7ff6e912381e call 7ff6e9128400 54->81 69 7ff6e9123871-7ff6e9123882 call 7ff6e9121bf0 55->69 70 7ff6e9123865-7ff6e912386f call 7ff6e9123fe0 55->70 61->61 65 7ff6e91237cc-7ff6e91237e9 call 7ff6e91218f0 61->65 65->25 84 7ff6e91237ef-7ff6e9123800 call 7ff6e91225f0 65->84 66->31 85 7ff6e9123631 66->85 67->66 77 7ff6e9123887-7ff6e91238a1 call 7ff6e91286b0 69->77 70->77 94 7ff6e91238af-7ff6e91238c1 SetDllDirectoryW 77->94 95 7ff6e91238a3 77->95 80->81 86 7ff6e91236cf-7ff6e91236f6 call 7ff6e9121bf0 80->86 92 7ff6e912382c-7ff6e9123836 call 7ff6e9127c40 81->92 93 7ff6e9123820 81->93 84->45 85->31 97 7ff6e91236fc-7ff6e9123703 call 7ff6e91225f0 86->97 98 7ff6e9123805-7ff6e912380d call 7ff6e913415c 86->98 92->77 111 7ff6e9123838 92->111 93->92 100 7ff6e91238d0-7ff6e91238ec call 7ff6e9126560 call 7ff6e9126b00 94->100 101 7ff6e91238c3-7ff6e91238ca 94->101 95->94 108 7ff6e9123708-7ff6e912370a 97->108 98->77 118 7ff6e9123947-7ff6e912394a call 7ff6e9126510 100->118 119 7ff6e91238ee-7ff6e91238f4 100->119 101->100 104 7ff6e9123a50-7ff6e9123a58 101->104 109 7ff6e9123a5a-7ff6e9123a77 PostMessageW GetMessageW 104->109 110 7ff6e9123a7d-7ff6e9123aaf call 7ff6e91233d0 call 7ff6e9123080 call 7ff6e91233a0 call 7ff6e9126780 call 7ff6e9126510 104->110 108->45 109->110 111->55 125 7ff6e912394f-7ff6e9123956 118->125 120 7ff6e91238f6-7ff6e9123903 call 7ff6e91265a0 119->120 121 7ff6e912390e-7ff6e9123918 call 7ff6e9126970 119->121 120->121 132 7ff6e9123905-7ff6e912390c 120->132 134 7ff6e912391a-7ff6e9123921 121->134 135 7ff6e9123923-7ff6e9123931 call 7ff6e9126cd0 121->135 125->104 129 7ff6e912395c-7ff6e9123966 call 7ff6e91230e0 125->129 129->108 142 7ff6e912396c-7ff6e9123980 call 7ff6e91283e0 129->142 137 7ff6e912393a-7ff6e9123942 call 7ff6e9122870 call 7ff6e9126780 132->137 134->137 135->125 147 7ff6e9123933 135->147 137->118 151 7ff6e9123982-7ff6e912399f PostMessageW GetMessageW 142->151 152 7ff6e91239a5-7ff6e91239e8 call 7ff6e9127f20 call 7ff6e9127fc0 call 7ff6e9126780 call 7ff6e9126510 call 7ff6e9127ec0 142->152 147->137 151->152 163 7ff6e91239ea-7ff6e9123a00 call 7ff6e91281f0 call 7ff6e9127ec0 152->163 164 7ff6e9123a3d-7ff6e9123a4b call 7ff6e91218a0 152->164 163->164 171 7ff6e9123a02-7ff6e9123a10 163->171 164->108 172 7ff6e9123a31-7ff6e9123a38 call 7ff6e9122870 171->172 173 7ff6e9123a12-7ff6e9123a2c call 7ff6e91225f0 call 7ff6e91218a0 171->173 172->164 173->108
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: FileModuleName
      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
      • API String ID: 514040917-585287483
      • Opcode ID: ec9c6756989ef5fd9ea5977df3e9171bdd9129db5db0c6cc95fad3a29ce92e3f
      • Instruction ID: 3fbb25fdfdd975bca5c8ef5d1985caef85a14086cad3790b2e19eb8120948467
      • Opcode Fuzzy Hash: ec9c6756989ef5fd9ea5977df3e9171bdd9129db5db0c6cc95fad3a29ce92e3f
      • Instruction Fuzzy Hash: E2F19023B0C68291FA18EF21D5543F96261AF56B84F844032DE1DC36D6EF3EE556E30A
      Function 00007FF6E9145C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 245 7ff6e9145c74-7ff6e9145ce7 call 7ff6e91459a8 248 7ff6e9145ce9-7ff6e9145cf2 call 7ff6e91343d4 245->248 249 7ff6e9145d01-7ff6e9145d0b call 7ff6e9137830 245->249 256 7ff6e9145cf5-7ff6e9145cfc call 7ff6e91343f4 248->256 254 7ff6e9145d26-7ff6e9145d8f CreateFileW 249->254 255 7ff6e9145d0d-7ff6e9145d24 call 7ff6e91343d4 call 7ff6e91343f4 249->255 258 7ff6e9145e0c-7ff6e9145e17 GetFileType 254->258 259 7ff6e9145d91-7ff6e9145d97 254->259 255->256 272 7ff6e9146042-7ff6e9146062 256->272 265 7ff6e9145e19-7ff6e9145e54 GetLastError call 7ff6e9134368 CloseHandle 258->265 266 7ff6e9145e6a-7ff6e9145e71 258->266 262 7ff6e9145dd9-7ff6e9145e07 GetLastError call 7ff6e9134368 259->262 263 7ff6e9145d99-7ff6e9145d9d 259->263 262->256 263->262 270 7ff6e9145d9f-7ff6e9145dd7 CreateFileW 263->270 265->256 279 7ff6e9145e5a-7ff6e9145e65 call 7ff6e91343f4 265->279 268 7ff6e9145e79-7ff6e9145e7c 266->268 269 7ff6e9145e73-7ff6e9145e77 266->269 275 7ff6e9145e82-7ff6e9145ed7 call 7ff6e9137748 268->275 276 7ff6e9145e7e 268->276 269->275 270->258 270->262 284 7ff6e9145ed9-7ff6e9145ee5 call 7ff6e9145bb0 275->284 285 7ff6e9145ef6-7ff6e9145f27 call 7ff6e9145728 275->285 276->275 279->256 284->285 292 7ff6e9145ee7 284->292 290 7ff6e9145f29-7ff6e9145f2b 285->290 291 7ff6e9145f2d-7ff6e9145f6f 285->291 293 7ff6e9145ee9-7ff6e9145ef1 call 7ff6e9139dd0 290->293 294 7ff6e9145f91-7ff6e9145f9c 291->294 295 7ff6e9145f71-7ff6e9145f75 291->295 292->293 293->272 297 7ff6e9146040 294->297 298 7ff6e9145fa2-7ff6e9145fa6 294->298 295->294 296 7ff6e9145f77-7ff6e9145f8c 295->296 296->294 297->272 298->297 301 7ff6e9145fac-7ff6e9145ff1 CloseHandle CreateFileW 298->301 302 7ff6e9146026-7ff6e914603b 301->302 303 7ff6e9145ff3-7ff6e9146021 GetLastError call 7ff6e9134368 call 7ff6e9137970 301->303 302->297 303->302
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
      • String ID:
      • API String ID: 1617910340-0
      • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
      • Instruction ID: 5543846b9053a2525dbe9d10dee74c2ffd2ad5b6ab43ecca1171954e0b07d056
      • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
      • Instruction Fuzzy Hash: 0EC1AE37B28A4686EB10CF69C4907AC3771FB49BA8B011235DA2E977D5CF3AE452C705
      Function 00007FF6E91285A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Find$CloseFileFirst
      • String ID:
      • API String ID: 2295610775-0
      • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
      • Instruction ID: 60c9442fda6edfa452fe0b2455528178d2d86188e459c76f57f0df0e3ad2e1b6
      • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
      • Instruction Fuzzy Hash: 37F0C823A1C64186F7609F60B4483EA73A0BF45728F440335D96E826D4CF3DD0599A09
      Function 00007FF6E91218F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 179 7ff6e91218f0-7ff6e912192b call 7ff6e9123f70 182 7ff6e9121bc1-7ff6e9121be5 call 7ff6e912b870 179->182 183 7ff6e9121931-7ff6e9121971 call 7ff6e91276a0 179->183 188 7ff6e9121977-7ff6e9121987 call 7ff6e912f9f4 183->188 189 7ff6e9121bae-7ff6e9121bb1 call 7ff6e912f36c 183->189 194 7ff6e9121989-7ff6e912199c call 7ff6e9122760 188->194 195 7ff6e91219a1-7ff6e91219bd call 7ff6e912f6bc 188->195 192 7ff6e9121bb6-7ff6e9121bbe 189->192 192->182 194->189 200 7ff6e91219d7-7ff6e91219ec call 7ff6e9134154 195->200 201 7ff6e91219bf-7ff6e91219d2 call 7ff6e9122760 195->201 206 7ff6e9121a06-7ff6e9121a9f call 7ff6e9121bf0 * 2 call 7ff6e912f9f4 call 7ff6e9134170 200->206 207 7ff6e91219ee-7ff6e9121a01 call 7ff6e9122760 200->207 201->189 218 7ff6e9121ab9-7ff6e9121ad2 call 7ff6e912f6bc 206->218 219 7ff6e9121aa1-7ff6e9121ab4 call 7ff6e9122760 206->219 207->189 224 7ff6e9121aec-7ff6e9121b08 call 7ff6e912f430 218->224 225 7ff6e9121ad4-7ff6e9121ae7 call 7ff6e9122760 218->225 219->189 230 7ff6e9121b1b-7ff6e9121b29 224->230 231 7ff6e9121b0a-7ff6e9121b16 call 7ff6e91225f0 224->231 225->189 230->189 233 7ff6e9121b2f-7ff6e9121b3e 230->233 231->189 235 7ff6e9121b40-7ff6e9121b46 233->235 236 7ff6e9121b48-7ff6e9121b55 235->236 237 7ff6e9121b60-7ff6e9121b6f 235->237 238 7ff6e9121b71-7ff6e9121b7a 236->238 237->237 237->238 239 7ff6e9121b7c-7ff6e9121b7f 238->239 240 7ff6e9121b8f 238->240 239->240 241 7ff6e9121b81-7ff6e9121b84 239->241 242 7ff6e9121b91-7ff6e9121bac 240->242 241->240 243 7ff6e9121b86-7ff6e9121b89 241->243 242->189 242->235 243->240 244 7ff6e9121b8b-7ff6e9121b8d 243->244 244->242
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _fread_nolock$Message
      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
      • API String ID: 677216364-3497178890
      • Opcode ID: 13a0f64d29e36a252706f5b53b21b28111f50ffc545313b1ad9e8f0af8fc9de4
      • Instruction ID: 20a06976d6e0f6f18a37cac898949656659c4bb6d650f1d5dbfdb818c8d4bc54
      • Opcode Fuzzy Hash: 13a0f64d29e36a252706f5b53b21b28111f50ffc545313b1ad9e8f0af8fc9de4
      • Instruction Fuzzy Hash: 1071A133A0C68689EB20EF24E4503F923A1FF4A784F544035D98DC7799EE3EE5459B0A
      Function 00007FF6E913AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 308 7ff6e913ad6c-7ff6e913ad92 309 7ff6e913adad-7ff6e913adb1 308->309 310 7ff6e913ad94-7ff6e913ada8 call 7ff6e91343d4 call 7ff6e91343f4 308->310 311 7ff6e913b187-7ff6e913b193 call 7ff6e91343d4 call 7ff6e91343f4 309->311 312 7ff6e913adb7-7ff6e913adbe 309->312 324 7ff6e913b19e 310->324 331 7ff6e913b199 call 7ff6e9139bf0 311->331 312->311 315 7ff6e913adc4-7ff6e913adf2 312->315 315->311 318 7ff6e913adf8-7ff6e913adff 315->318 321 7ff6e913ae18-7ff6e913ae1b 318->321 322 7ff6e913ae01-7ff6e913ae13 call 7ff6e91343d4 call 7ff6e91343f4 318->322 327 7ff6e913ae21-7ff6e913ae27 321->327 328 7ff6e913b183-7ff6e913b185 321->328 322->331 329 7ff6e913b1a1-7ff6e913b1b8 324->329 327->328 332 7ff6e913ae2d-7ff6e913ae30 327->332 328->329 331->324 332->322 335 7ff6e913ae32-7ff6e913ae57 332->335 336 7ff6e913ae59-7ff6e913ae5b 335->336 337 7ff6e913ae8a-7ff6e913ae91 335->337 339 7ff6e913ae5d-7ff6e913ae64 336->339 340 7ff6e913ae82-7ff6e913ae88 336->340 341 7ff6e913ae66-7ff6e913ae7d call 7ff6e91343d4 call 7ff6e91343f4 call 7ff6e9139bf0 337->341 342 7ff6e913ae93-7ff6e913ae9f call 7ff6e913c90c 337->342 339->340 339->341 344 7ff6e913af08-7ff6e913af1f 340->344 373 7ff6e913b010 341->373 349 7ff6e913aea4-7ff6e913aebb call 7ff6e9139c58 * 2 342->349 347 7ff6e913af9a-7ff6e913afa4 call 7ff6e9142c2c 344->347 348 7ff6e913af21-7ff6e913af29 344->348 360 7ff6e913afaa-7ff6e913afbf 347->360 361 7ff6e913b02e 347->361 348->347 352 7ff6e913af2b-7ff6e913af2d 348->352 369 7ff6e913aed8-7ff6e913af03 call 7ff6e913b594 349->369 370 7ff6e913aebd-7ff6e913aed3 call 7ff6e91343f4 call 7ff6e91343d4 349->370 352->347 356 7ff6e913af2f-7ff6e913af45 352->356 356->347 362 7ff6e913af47-7ff6e913af53 356->362 360->361 366 7ff6e913afc1-7ff6e913afd3 GetConsoleMode 360->366 364 7ff6e913b033-7ff6e913b053 ReadFile 361->364 362->347 367 7ff6e913af55-7ff6e913af57 362->367 371 7ff6e913b059-7ff6e913b061 364->371 372 7ff6e913b14d-7ff6e913b156 GetLastError 364->372 366->361 374 7ff6e913afd5-7ff6e913afdd 366->374 367->347 368 7ff6e913af59-7ff6e913af71 367->368 368->347 375 7ff6e913af73-7ff6e913af7f 368->375 369->344 370->373 371->372 377 7ff6e913b067 371->377 380 7ff6e913b158-7ff6e913b16e call 7ff6e91343f4 call 7ff6e91343d4 372->380 381 7ff6e913b173-7ff6e913b176 372->381 382 7ff6e913b013-7ff6e913b01d call 7ff6e9139c58 373->382 374->364 379 7ff6e913afdf-7ff6e913b001 ReadConsoleW 374->379 375->347 384 7ff6e913af81-7ff6e913af83 375->384 388 7ff6e913b06e-7ff6e913b083 377->388 390 7ff6e913b003 GetLastError 379->390 391 7ff6e913b022-7ff6e913b02c 379->391 380->373 385 7ff6e913b009-7ff6e913b00b call 7ff6e9134368 381->385 386 7ff6e913b17c-7ff6e913b17e 381->386 382->329 384->347 394 7ff6e913af85-7ff6e913af95 384->394 385->373 386->382 388->382 396 7ff6e913b085-7ff6e913b090 388->396 390->385 391->388 394->347 401 7ff6e913b0b7-7ff6e913b0bf 396->401 402 7ff6e913b092-7ff6e913b0ab call 7ff6e913a984 396->402 405 7ff6e913b13b-7ff6e913b148 call 7ff6e913a7c4 401->405 406 7ff6e913b0c1-7ff6e913b0d3 401->406 408 7ff6e913b0b0-7ff6e913b0b2 402->408 405->408 409 7ff6e913b12e-7ff6e913b136 406->409 410 7ff6e913b0d5 406->410 408->382 409->382 412 7ff6e913b0da-7ff6e913b0e1 410->412 413 7ff6e913b11d-7ff6e913b128 412->413 414 7ff6e913b0e3-7ff6e913b0e7 412->414 413->409 415 7ff6e913b0e9-7ff6e913b0f0 414->415 416 7ff6e913b103 414->416 415->416 417 7ff6e913b0f2-7ff6e913b0f6 415->417 418 7ff6e913b109-7ff6e913b119 416->418 417->416 419 7ff6e913b0f8-7ff6e913b101 417->419 418->412 420 7ff6e913b11b 418->420 419->418 420->409
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 68a47ba86f230bb5d63a3bd262fc543bc7d5861b4e9f61d57eff9af495398285
      • Instruction ID: 94a94b7cc87061b62a86ed71fb26107f4ee75ebb704728b755cfbc9d8c5b155a
      • Opcode Fuzzy Hash: 68a47ba86f230bb5d63a3bd262fc543bc7d5861b4e9f61d57eff9af495398285
      • Instruction Fuzzy Hash: 28C1E323A0C686A1E660DF3594483FD3BB4FF91B80F160131DA5E83791DE7EE855830A
      Function 00007FF6E91233E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • GetModuleFileNameW.KERNEL32(?,00007FF6E9123534), ref: 00007FF6E9123411
        • Part of subcall function 00007FF6E91229E0: GetLastError.KERNEL32(?,?,?,00007FF6E912342E,?,00007FF6E9123534), ref: 00007FF6E9122A14
        • Part of subcall function 00007FF6E91229E0: FormatMessageW.KERNEL32(?,?,?,00007FF6E912342E), ref: 00007FF6E9122A7D
        • Part of subcall function 00007FF6E91229E0: MessageBoxW.USER32 ref: 00007FF6E9122ACF
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message$ErrorFileFormatLastModuleName
      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
      • API String ID: 517058245-2863816727
      • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
      • Instruction ID: dabae9fc2de49ad6c2dc478125e87b92e55b859e2b44f7a35cf8d3ba266dd82b
      • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
      • Instruction Fuzzy Hash: FB219223B0C68291FE26AF24E8153FA6250BF4A784F800532DA5DC75D5EE3EE106D70A
      Function 00007FF6E91225F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message$ByteCharMultiWide
      • String ID: Error$Error/warning (ANSI fallback)
      • API String ID: 1878133881-653037927
      • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
      • Instruction ID: d37c25e4d5e0d3dc2c50ef1bd7f5d862aec34397033415eb3949735feca3ee8a
      • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
      • Instruction Fuzzy Hash: 76118B73628A8581FA249F10F451BED3364FF48B88F901136DA5C87644DF3ED60ACB09
      Function 00007FF6E912BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
      • String ID:
      • API String ID: 3251591375-0
      • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
      • Instruction ID: ad97e1577449036e35cb59f8c3c83838538fc5c683c5c5bf3c554f97d4c4ed47
      • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
      • Instruction Fuzzy Hash: 73314927E4C64341FA25BF6494163FA2291AF46788F4400B5FA0EC72D3DE3FA905A65F
      Function 00007FF6E9138D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Process$CurrentExitTerminate
      • String ID:
      • API String ID: 1703294689-0
      • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
      • Instruction ID: 251f7384ff0893be073fc70fcf2d4da864bb500d9b8f338052363c7c57d9a4f8
      • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
      • Instruction Fuzzy Hash: D3D09E12F5960687EB547F716C5D3FD12215F5C705F152478D84BC6393CD2EA80E4A4A
      Function 00007FF6E912F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 527 7ff6e912f45c-7ff6e912f489 528 7ff6e912f48b-7ff6e912f48e 527->528 529 7ff6e912f4a5 527->529 528->529 530 7ff6e912f490-7ff6e912f493 528->530 531 7ff6e912f4a7-7ff6e912f4bb 529->531 532 7ff6e912f4bc-7ff6e912f4bf 530->532 533 7ff6e912f495-7ff6e912f49a call 7ff6e91343f4 530->533 535 7ff6e912f4c1-7ff6e912f4cd 532->535 536 7ff6e912f4cf-7ff6e912f4d3 532->536 544 7ff6e912f4a0 call 7ff6e9139bf0 533->544 535->536 538 7ff6e912f4fa-7ff6e912f503 535->538 539 7ff6e912f4e7-7ff6e912f4ea 536->539 540 7ff6e912f4d5-7ff6e912f4df call 7ff6e91497e0 536->540 542 7ff6e912f50a 538->542 543 7ff6e912f505-7ff6e912f508 538->543 539->533 541 7ff6e912f4ec-7ff6e912f4f8 539->541 540->539 541->533 541->538 546 7ff6e912f50f-7ff6e912f52e 542->546 543->546 544->529 549 7ff6e912f534-7ff6e912f542 546->549 550 7ff6e912f675-7ff6e912f678 546->550 551 7ff6e912f5ba-7ff6e912f5bf 549->551 552 7ff6e912f544-7ff6e912f54b 549->552 550->531 554 7ff6e912f62c-7ff6e912f62f call 7ff6e913b1bc 551->554 555 7ff6e912f5c1-7ff6e912f5cd 551->555 552->551 553 7ff6e912f54d 552->553 557 7ff6e912f6a0 553->557 558 7ff6e912f553-7ff6e912f55d 553->558 562 7ff6e912f634-7ff6e912f637 554->562 559 7ff6e912f5d9-7ff6e912f5df 555->559 560 7ff6e912f5cf-7ff6e912f5d6 555->560 561 7ff6e912f6a5-7ff6e912f6b0 557->561 563 7ff6e912f67d-7ff6e912f681 558->563 564 7ff6e912f563-7ff6e912f569 558->564 559->563 565 7ff6e912f5e5-7ff6e912f602 call 7ff6e913978c call 7ff6e913ad6c 559->565 560->559 561->531 562->561 566 7ff6e912f639-7ff6e912f63c 562->566 569 7ff6e912f690-7ff6e912f69b call 7ff6e91343f4 563->569 570 7ff6e912f683-7ff6e912f68b call 7ff6e91497e0 563->570 567 7ff6e912f56b-7ff6e912f56e 564->567 568 7ff6e912f5a1-7ff6e912f5b5 564->568 585 7ff6e912f607-7ff6e912f609 565->585 566->563 572 7ff6e912f63e-7ff6e912f655 566->572 574 7ff6e912f58c-7ff6e912f597 call 7ff6e91343f4 call 7ff6e9139bf0 567->574 575 7ff6e912f570-7ff6e912f576 567->575 573 7ff6e912f65c-7ff6e912f667 568->573 569->544 570->569 572->573 573->549 581 7ff6e912f66d 573->581 593 7ff6e912f59c 574->593 582 7ff6e912f578-7ff6e912f580 call 7ff6e9149140 575->582 583 7ff6e912f582-7ff6e912f587 call 7ff6e91497e0 575->583 581->550 582->593 583->574 589 7ff6e912f60f 585->589 590 7ff6e912f6b5-7ff6e912f6ba 585->590 589->557 594 7ff6e912f615-7ff6e912f62a 589->594 590->561 593->568 594->573
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
      • Instruction ID: 8d2e68b80aab4f757ae466348cbfca103c4000a2d8fb6be20698f532e334d9dd
      • Opcode Fuzzy Hash: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
      • Instruction Fuzzy Hash: 5B51F723B092C246FA28AE3694007FA6291FF47BB4F144734DD6D877D5CE3ED481A60A
      Function 00007FF6E913B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ErrorFileLastPointer
      • String ID:
      • API String ID: 2976181284-0
      • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
      • Instruction ID: 4879f91f8e41848f10b6aac4b3b898c4156492b843eb448d0f2695323bd3eaa3
      • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
      • Instruction Fuzzy Hash: 7211BF62B18A8181DA10CF25A8482B96361AF44BF4F584331EE7E877EADE3DD0518709
      Function 00007FF6E9139E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • CloseHandle.KERNELBASE(?,?,?,00007FF6E9139CE5,?,?,00000000,00007FF6E9139D9A), ref: 00007FF6E9139ED6
      • GetLastError.KERNEL32(?,?,?,00007FF6E9139CE5,?,?,00000000,00007FF6E9139D9A), ref: 00007FF6E9139EE0
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CloseErrorHandleLast
      • String ID:
      • API String ID: 918212764-0
      • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
      • Instruction ID: acf613137e6bbd57f77c48791d4bfb50fed78a904024dc09bd65c107c9b2907d
      • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
      • Instruction Fuzzy Hash: D221A423F1C68281FF50DF71A5883FD26A15F84BA0F1A4235D92EC73D2CE6EA441830A
      Function 00007FF6E913B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
      • Instruction ID: 7b7c67425e61d0fed183fc0bde65a048e77c50011f208cb14b5b8dff6205201d
      • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
      • Instruction Fuzzy Hash: 6241AF33A4820187EA24DE26A5493BD77B0EF56B80F150231DA9EC76D1DF3EE502C75A
      Function 00007FF6E91276A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _fread_nolock
      • String ID:
      • API String ID: 840049012-0
      • Opcode ID: 3d01016cc9a5f4d9cb71fb7abf1551689f881e3384e479ff43f26caf71626a79
      • Instruction ID: b639939db64826948491266bf980cd78ccda506bc6a6501f75904ca36e63d103
      • Opcode Fuzzy Hash: 3d01016cc9a5f4d9cb71fb7abf1551689f881e3384e479ff43f26caf71626a79
      • Instruction Fuzzy Hash: 2A219422B0875146FA10BE56A9083FAA691BF47BD4F884430EE0D87786DE7EF041D709
      Function 00007FF6E913AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
      • Instruction ID: d465d4727ce89c3d5a885839236c57e88faba70242a0dbd3f95cbd3fb11d9fa9
      • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
      • Instruction Fuzzy Hash: D1319C23A1865292E611DF3588493FD7674AF50BA1F420235DA6D833D2CEBEA441831A
      Function 00007FF6E9138C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: HandleModule$AddressFreeLibraryProc
      • String ID:
      • API String ID: 3947729631-0
      • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
      • Instruction ID: c95db6578b1277c94c142947f539c6f3f2af91e0e0a6edc9fb236c568a98a7b3
      • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
      • Instruction Fuzzy Hash: F6218932A156068AEB24DF74C4483EC33B0FF04358F45467AD62C86AC9EF39E484CB45
      Function 00007FF6E91352A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
      • Instruction ID: e085fde3e9dd35f737000a71c87da4f90464d842c0096a5c822e2996a75b30cc
      • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
      • Instruction Fuzzy Hash: CD119623A1C68181FA60DF6194043FEA6B4AF55F80F464031EA4DD7796CF3ED440874A
      Function 00007FF6E9145664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
      • Instruction ID: cfbf77d66eec9b2cd514abfeefcbc7ab769243ea8e17efd58ff96e2f438e9fae
      • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
      • Instruction Fuzzy Hash: 3321A73361868286DB618F28D4403BD76A1EF88B98F544234E65DCB6D9DF3ED411CF05
      Function 00007FF6E912F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
      • Instruction ID: f55fa50e02874d2561b42a705d6d5c2f23472505b409a36fd151f05f8c7faa3d
      • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
      • Instruction Fuzzy Hash: 31010822A087C240E900EF6258012F9A6A5FF57FE0F084230DE5C83BD6DE3ED0428305
      Function 00007FF6E913C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • HeapAlloc.KERNEL32(?,?,?,00007FF6E912FFB0,?,?,?,00007FF6E913161A,?,?,?,?,?,00007FF6E9132E09), ref: 00007FF6E913C94A
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: AllocHeap
      • String ID:
      • API String ID: 4292702814-0
      • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
      • Instruction ID: 844c4d725e84efb45c50056db443f30521c08a81dc0292d89846262aba880b02
      • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
      • Instruction Fuzzy Hash: 39F05813F1824784FE14AFB258193F912A05F99BA0F0B4630DC2EC62C2DE2EA481861B

      Non-executed Functions

      Function 00007FF6E9126EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: AddressProc
      • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
      • API String ID: 190572456-3427451314
      • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
      • Instruction ID: 1e7a7081ac91dd26dde2bf12a668a202fa7db208bca814946695ef036ebf854a
      • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
      • Instruction Fuzzy Hash: 02E1BB6AA1DB4390FE15EF15A8103F82365AF19795F841036C80EC72A4EF3EB54AD64B
      Function 00007FF6E91433BC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
      • API String ID: 808467561-2761157908
      • Opcode ID: 006b587dceb6a8e5448b800068f928c3aefb42c20130fc8eaa47f3b19415637c
      • Instruction ID: 3e46270a8935c51dbafef238f6986096da863c5114d37baec1e7db995a94d6d1
      • Opcode Fuzzy Hash: 006b587dceb6a8e5448b800068f928c3aefb42c20130fc8eaa47f3b19415637c
      • Instruction Fuzzy Hash: 10B2C073A182828AE7258E64D5407FD37A2FF5878CF505135DA0A97B84DF3AAA02CF45
      Function 00007FF6E91279B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
      Download Yara Rule
      APIs
      • FindFirstFileW.KERNEL32(?,00007FF6E9127EF9,00007FF6E91239E6), ref: 00007FF6E9127A1B
      • RemoveDirectoryW.KERNEL32(?,00007FF6E9127EF9,00007FF6E91239E6), ref: 00007FF6E9127A9E
      • DeleteFileW.KERNEL32(?,00007FF6E9127EF9,00007FF6E91239E6), ref: 00007FF6E9127ABD
      • FindNextFileW.KERNEL32(?,00007FF6E9127EF9,00007FF6E91239E6), ref: 00007FF6E9127ACB
      • FindClose.KERNEL32(?,00007FF6E9127EF9,00007FF6E91239E6), ref: 00007FF6E9127ADC
      • RemoveDirectoryW.KERNEL32(?,00007FF6E9127EF9,00007FF6E91239E6), ref: 00007FF6E9127AE5
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
      • String ID: %s\*
      • API String ID: 1057558799-766152087
      • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
      • Instruction ID: 3d84b7b7f79e2f315e449afa7cd98b484fa9a1f4b46e8e4d655a98224d03d193
      • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
      • Instruction Fuzzy Hash: 71418323A0C64291EA20AF24E4447FE6360FF99764F440632D55EC36C4DF3EE64A9B0A
      Function 00007FF6E9129FCD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
      • API String ID: 0-2665694366
      • Opcode ID: 7289e34dee421d23927a0f8f8a094fde9ef8b8d5e9feb20e52711e481e6fcba8
      • Instruction ID: 48944cf453cc0ce19a10167cdfeef86c3199e8098debcd0e72ba034e0dd47d22
      • Opcode Fuzzy Hash: 7289e34dee421d23927a0f8f8a094fde9ef8b8d5e9feb20e52711e481e6fcba8
      • Instruction Fuzzy Hash: D352E073A186A68BE7949F14C558BBE3BA9EF85340F014139E64A877C0DF3ED840DB45
      Function 00007FF6E912C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
      • String ID:
      • API String ID: 3140674995-0
      • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
      • Instruction ID: 1f62dc9675f082946408421ef1187b590d3e875cf2426d1abbfd2a57b228545a
      • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
      • Instruction Fuzzy Hash: D2314C73608B8186EB609F60E8807EE7360FB89748F44403ADB4E87B95DF39D549CB19
      Function 00007FF6E91229E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message$ErrorFormatLast
      • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
      • API String ID: 3971115935-1149178304
      • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
      • Instruction ID: 9296204f7f9fc91b02b92a6d0eee241de50fcfcb2cbdd9ea73282e989c2fe1eb
      • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
      • Instruction Fuzzy Hash: 52216B73608A8182E7209F51F4407EA73A4FF89788F400136EACD93A98DF3DD246CB49
      Function 00007FF6E9144F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
      Download Yara Rule
      APIs
      • _get_daylight.LIBCMT ref: 00007FF6E9144F55
        • Part of subcall function 00007FF6E91448A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E91448BC
        • Part of subcall function 00007FF6E9139C58: HeapFree.KERNEL32(?,?,?,00007FF6E9142032,?,?,?,00007FF6E914206F,?,?,00000000,00007FF6E9142535,?,?,?,00007FF6E9142467), ref: 00007FF6E9139C6E
        • Part of subcall function 00007FF6E9139C58: GetLastError.KERNEL32(?,?,?,00007FF6E9142032,?,?,?,00007FF6E914206F,?,?,00000000,00007FF6E9142535,?,?,?,00007FF6E9142467), ref: 00007FF6E9139C78
        • Part of subcall function 00007FF6E9139C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6E9139BEF,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E9139C19
        • Part of subcall function 00007FF6E9139C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6E9139BEF,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E9139C3E
      • _get_daylight.LIBCMT ref: 00007FF6E9144F44
        • Part of subcall function 00007FF6E9144908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E914491C
      • _get_daylight.LIBCMT ref: 00007FF6E91451BA
      • _get_daylight.LIBCMT ref: 00007FF6E91451CB
      • _get_daylight.LIBCMT ref: 00007FF6E91451DC
      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E914541C), ref: 00007FF6E9145203
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
      • String ID:
      • API String ID: 4070488512-0
      • Opcode ID: ec3da476d7abf2ffb0f6397319154e28f094a84f5b0708b50d9998a811af1003
      • Instruction ID: c88b161d5a633518f88377d0bb326363bef5cebe193f9d474e71f8b245d4c21d
      • Opcode Fuzzy Hash: ec3da476d7abf2ffb0f6397319154e28f094a84f5b0708b50d9998a811af1003
      • Instruction Fuzzy Hash: 95D1A037E1825286EB20DF26D4413FD63A1EF48B98F454135EA0D87686DF3EE442CB4A
      Function 00007FF6E9139924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
      • String ID:
      • API String ID: 1239891234-0
      • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
      • Instruction ID: 545c3ed7c4e85029e6605950830cdc1ab1088fe55312b13a8ace9d157e29d1b2
      • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
      • Instruction Fuzzy Hash: DE315B37618B8186DB20CF25E8407EE73A4FB88758F500135EA8D83B55DF39D156CB05
      Function 00007FF6E9140B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: FileFindFirst_invalid_parameter_noinfo
      • String ID:
      • API String ID: 2227656907-0
      • Opcode ID: 537ca4dcf685df196dbb745ebf7a8e3eb288cf6b089b90446fc853c3fde494ee
      • Instruction ID: 79a9bf8b4522020566ff963451a146a6f56f1cd4ee8cc2ce620253c2d275605b
      • Opcode Fuzzy Hash: 537ca4dcf685df196dbb745ebf7a8e3eb288cf6b089b90446fc853c3fde494ee
      • Instruction Fuzzy Hash: F0B1C7A3B1869681EB60DF2395047F96360EF48BE8F444135ED5D87B85DE3DE842CB06
      Function 00007FF6E914518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
      Download Yara Rule
      APIs
      • _get_daylight.LIBCMT ref: 00007FF6E91451BA
        • Part of subcall function 00007FF6E9144908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E914491C
      • _get_daylight.LIBCMT ref: 00007FF6E91451CB
        • Part of subcall function 00007FF6E91448A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E91448BC
      • _get_daylight.LIBCMT ref: 00007FF6E91451DC
        • Part of subcall function 00007FF6E91448D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E91448EC
        • Part of subcall function 00007FF6E9139C58: HeapFree.KERNEL32(?,?,?,00007FF6E9142032,?,?,?,00007FF6E914206F,?,?,00000000,00007FF6E9142535,?,?,?,00007FF6E9142467), ref: 00007FF6E9139C6E
        • Part of subcall function 00007FF6E9139C58: GetLastError.KERNEL32(?,?,?,00007FF6E9142032,?,?,?,00007FF6E914206F,?,?,00000000,00007FF6E9142535,?,?,?,00007FF6E9142467), ref: 00007FF6E9139C78
      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E914541C), ref: 00007FF6E9145203
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
      • String ID:
      • API String ID: 3458911817-0
      • Opcode ID: 246ddfbbe37c4787f9720b27dc9f743496b3bb1ed6dcb5155dd6029a6c9a153e
      • Instruction ID: f1982e2e1d59a206aad17a469baa7ddfd4910b9d54492d71893bc53cc2fbd3fd
      • Opcode Fuzzy Hash: 246ddfbbe37c4787f9720b27dc9f743496b3bb1ed6dcb5155dd6029a6c9a153e
      • Instruction Fuzzy Hash: 9E513033E1864286E720DF21E8817ED67A1BF48788F454139DA4DC7696DF3EE442CB4A
      Function 00007FF6E912C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
      • String ID:
      • API String ID: 2933794660-0
      • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
      • Instruction ID: e428ca4d1249f4676d84ba21f8b4de3dc2cb68394dd66b16510294e1e0e46132
      • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
      • Instruction Fuzzy Hash: FF111822B58B058AEB008F60E8553AD33A4FB59758F441E31EA6D86BA4DF7CE1998341
      Function 00007FF6E9142F20 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: memcpy_s
      • String ID:
      • API String ID: 1502251526-0
      • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
      • Instruction ID: 15bc2accf868aa980ea37368b57347dcea2f56724b17c413b254641fb3712d77
      • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
      • Instruction Fuzzy Hash: 6BC1B373B1868687E7248F55A1447AAB791FB98B88F448135DF4A87784DE3EE8038F44
      Function 00007FF6E912979B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID: $header crc mismatch$unknown header flags set
      • API String ID: 0-1127688429
      • Opcode ID: 6a55f11302ef793728786adf415505d571280719f8ef56880a9f0a37636d8ec0
      • Instruction ID: 754f68e6cd5d2c6cfb07c4e55ae21a6a4e0bbfbbf90df1080797227e12aeae54
      • Opcode Fuzzy Hash: 6a55f11302ef793728786adf415505d571280719f8ef56880a9f0a37636d8ec0
      • Instruction Fuzzy Hash: 0FF1B073A183C54BEBA5AF19C188BBA3AE9FF46740F054938DA4987390CF3AD540D749
      Function 00007FF6E9148A38 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ExceptionRaise_clrfp
      • String ID:
      • API String ID: 15204871-0
      • Opcode ID: 4367feba8b0fb5a89db2d79700bffb7903d016d74ce2a4ac284103265cf95646
      • Instruction ID: b64dc7ddbfef29fd71ae4648949afdcf50c8d98b4ba59454aca8a48275c6a686
      • Opcode Fuzzy Hash: 4367feba8b0fb5a89db2d79700bffb7903d016d74ce2a4ac284103265cf95646
      • Instruction Fuzzy Hash: 37B15B77605B898BE715CF29C8463A83BA0FB48B4CF148961DB6D837A4CF3AD452CB05
      Function 00007FF6E9132CC4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID: $
      • API String ID: 0-227171996
      • Opcode ID: 25965de2e6678be5c8c686b25b3b835ec4bf2bfab2b797158b347abdb642f747
      • Instruction ID: ab0a85793fe085e4972d3f7deabd0e892aa69a6bc17e4f7618153334be63a882
      • Opcode Fuzzy Hash: 25965de2e6678be5c8c686b25b3b835ec4bf2bfab2b797158b347abdb642f747
      • Instruction Fuzzy Hash: 62E1A133A0864281EB68DE3581582BD23B0FF45F48F664635DE4E87694DF2BE852C74B
      Function 00007FF6E91295FB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID: incorrect header check$invalid window size
      • API String ID: 0-900081337
      • Opcode ID: 226024973a440a2a6261c5f164d8bafa30541a105b972a390c392a8354fe07a0
      • Instruction ID: 656a841a36f627e5a94120f1d476af19494877637e4950c512278e0b4332dbac
      • Opcode Fuzzy Hash: 226024973a440a2a6261c5f164d8bafa30541a105b972a390c392a8354fe07a0
      • Instruction Fuzzy Hash: 5E91B373A182868BE7A49F18C548BBE3BADFF42350F114539DA5A876C0CF3AE540DB45
      Function 00007FF6E913D200 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID: e+000$gfff
      • API String ID: 0-3030954782
      • Opcode ID: 1324d18368fb7be0dec1b44ace24e6b174879433860390047f5d35653063db2a
      • Instruction ID: 6185f2e6995a7d4ff6ca96808f116b170f4948e36688ab4cab08ea9e605b55d0
      • Opcode Fuzzy Hash: 1324d18368fb7be0dec1b44ace24e6b174879433860390047f5d35653063db2a
      • Instruction Fuzzy Hash: E0515867B1C3C186E725CE3698097A96BA1FB44B94F499231CBA8C7AC1CF3ED445C706
      Function 00007FF6E913FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CurrentFeaturePresentProcessProcessor
      • String ID:
      • API String ID: 1010374628-0
      • Opcode ID: 5b606b63c70e86b5db4eecb07275e8e9c3e0e1f08e56a2b99ea5de7f73ebbe88
      • Instruction ID: 99ba76cb85751eadd3eb6ef258cf770e95729dae5d1cbf565a8c995a11ced318
      • Opcode Fuzzy Hash: 5b606b63c70e86b5db4eecb07275e8e9c3e0e1f08e56a2b99ea5de7f73ebbe88
      • Instruction Fuzzy Hash: ED02B123E1D68780FA54EF3294093F916A0AF0AB90F464539DD6DC73D2DE3FA841870A
      Function 00007FF6E913CD6C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID: gfffffff
      • API String ID: 0-1523873471
      • Opcode ID: ee332c23296b8dd3ed29fdb42bef122adb490463d0c8b601810d73b835641fc7
      • Instruction ID: 5f3cf25cc9b5c09a4bfe67873e4d964f0ba8306294c1dd36f2e98a460cbeca17
      • Opcode Fuzzy Hash: ee332c23296b8dd3ed29fdb42bef122adb490463d0c8b601810d73b835641fc7
      • Instruction Fuzzy Hash: 7EA13563B0878586EB21CF39A4047E97BA5EF54B84F068132DE8D87785DE3ED501C706
      Function 00007FF6E9137AAC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: TMP
      • API String ID: 3215553584-3125297090
      • Opcode ID: fa9fc3ba0f2a0ca574b62e3049f007bc07c74431d5877200bfd71a39e50ac507
      • Instruction ID: 137038616606193cbfcf1d8e81154ca95510bfc7be8c41097d4df682ef8b900e
      • Opcode Fuzzy Hash: fa9fc3ba0f2a0ca574b62e3049f007bc07c74431d5877200bfd71a39e50ac507
      • Instruction Fuzzy Hash: A1519F13B0874781FA64EE3799493FA52B1AF44B94F4A4434DE1EC77D5EE3EE442820A
      Function 00007FF6E9142790 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: HeapProcess
      • String ID:
      • API String ID: 54951025-0
      • Opcode ID: fe1a72d78314f5032ff6e3f3402ce84269ae1386cefa971ca0fc6f511f9bbc55
      • Instruction ID: f7efbd857131b624c798c0cafef732f50bae73f74b8ba3da4ad341c3bb23cd00
      • Opcode Fuzzy Hash: fe1a72d78314f5032ff6e3f3402ce84269ae1386cefa971ca0fc6f511f9bbc55
      • Instruction Fuzzy Hash: 5CB09231E27A86C2EA082F217C8635822A87F88B04FA48038C40EC1320DE3D20A68B06
      Function 00007FF6E91328C0 Relevance: .3, Instructions: 327COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b05403af9c31de739a9311cbf741df56ce5de8bb6a66a9cc9bcf40cf40427d0b
      • Instruction ID: de10b8facf9145441b398110ddf4a5205b3e39cf4fcc891f2cbf419ab4492c13
      • Opcode Fuzzy Hash: b05403af9c31de739a9311cbf741df56ce5de8bb6a66a9cc9bcf40cf40427d0b
      • Instruction Fuzzy Hash: 53D1C223A1865286EB78DE3984583BD37B0AF45B48F164A35CE0D87694DF3EE841C34B
      Function 00007FF6E9128B20 Relevance: .3, Instructions: 287COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b6de572fc7ea0867e481f021e98a3cee959a95ba6dd1d6718a656c0f39a4e480
      • Instruction ID: 88d5f719c73279516c4d588c04f4e616cf50985096de4a33ae6ff04c8b567935
      • Opcode Fuzzy Hash: b6de572fc7ea0867e481f021e98a3cee959a95ba6dd1d6718a656c0f39a4e480
      • Instruction Fuzzy Hash: 91C1C1732142F14FD288FB29E4599BA73D1FB99309BD4402AEB8747B85CA3CE414E791
      Function 00007FF6E9131F30 Relevance: .2, Instructions: 241COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 54646038064d7a6353eabae39e6447674b1691c16f4822fec46df2a19c6da082
      • Instruction ID: 35fb0496b6119c805db3f79525592c0d4e375640a5d400a5a9cd472bb32c92c5
      • Opcode Fuzzy Hash: 54646038064d7a6353eabae39e6447674b1691c16f4822fec46df2a19c6da082
      • Instruction Fuzzy Hash: 6EB15973A08A8585EB65DF39C4582AC3BB0EB49B48F264535CB4E87395CF3AE445C70A
      Function 00007FF6E913D880 Relevance: .2, Instructions: 198COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c5cf27518f3756e107451e616d5c43acfc5497bdc9406be32d6656a2e3ee85f8
      • Instruction ID: 2b44a039331a5f018c7da77a54a07e25052abd81a0e770610443c2ddc47ffdcb
      • Opcode Fuzzy Hash: c5cf27518f3756e107451e616d5c43acfc5497bdc9406be32d6656a2e3ee85f8
      • Instruction Fuzzy Hash: BF81E477A1C78146EB74CF3998483AA76A1FF46794F154235DA8D87B89CF3EE4008B05
      Function 00007FF6E9145728 Relevance: .2, Instructions: 183COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 7a9558e86fa8b462753dac68b64cf5067dc6b1cda5ab5f882eee36bb89ede29b
      • Instruction ID: d4c86f2c0393813374c7fff6d93ce10270e8b0ca9a8cbf36603beaf7b7fa89d0
      • Opcode Fuzzy Hash: 7a9558e86fa8b462753dac68b64cf5067dc6b1cda5ab5f882eee36bb89ede29b
      • Instruction Fuzzy Hash: 7961F523E0C28286FB64CE2984543FC6691AF48778F554239D65DC6AD5DE7FE8028F0A
      Function 00007FF6E9130C64 Relevance: .1, Instructions: 146COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
      • Instruction ID: bfbe3942a132a76d2d29d772e5680b62970262f597f28e31ef69367763d6a2bf
      • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
      • Instruction Fuzzy Hash: 5D516DB7A18A5186E724CF39C0483A927F0EF45B68F264139CA5D87795CF3BE842C749
      Function 00007FF6E9131484 Relevance: .1, Instructions: 146COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
      • Instruction ID: 73a8d35dac144e2c18e8a163d983c85f973adfca1adcc5409a9300a1b070b4e3
      • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
      • Instruction Fuzzy Hash: FD515F77A18651C6E724CF39C0483A827B0EF4AB68F294131DA4E97B94CF3BE842C745
      Function 00007FF6E9131074 Relevance: .1, Instructions: 146COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
      • Instruction ID: d41ea9c04fa31c2d7671e2c13b1cb500555ab590169ed9a470eb190c91c98dc8
      • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
      • Instruction Fuzzy Hash: 54513B77A18691C6E724CF39C0483B827B1EF49B68F264131CA4D97794CF6BE842C749
      Function 00007FF6E9130A60 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
      • Instruction ID: 7378c9b5e040026b129439881bff511a094d3537052d252243fbe8f39d6a7836
      • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
      • Instruction Fuzzy Hash: AE517DB7A2865186E724CF39D0483A837F1EF44B58F2A4139CA4C97798CF2BE842C745
      Function 00007FF6E9131280 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
      • Instruction ID: c702323e595ce0b4b89a3fef34197bb8cde07bc300544ea7408474dfa0eea84f
      • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
      • Instruction Fuzzy Hash: 7B513937A18651C6E725CF39C0483A827B1EF49B68F264131CE4D97BA8CF2BE852C745
      Function 00007FF6E9130E70 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
      • Instruction ID: e3895f48f2ff7fe94abaa8bcb179ff5f6a112f76e943762987b6570df42511bc
      • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
      • Instruction Fuzzy Hash: CF517AB7A18A5186E724CF39C0483AC27B1EF44B58F264139CA4C97795CF3BE842C749
      Function 00007FF6E9135040 Relevance: .1, Instructions: 138COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
      • Instruction ID: 090046dc36900367290887c19651bef2bea71e337676adc2d2f612a7c41bd55a
      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
      • Instruction Fuzzy Hash: 5341A453D4978A04E995CD38051C7FC26E0AF13FA0D6A52B4DDAED33C3CD2F69868246
      Function 00007FF6E91391B0 Relevance: .1, Instructions: 126COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ErrorFreeHeapLast
      • String ID:
      • API String ID: 485612231-0
      • Opcode ID: 4c2069438db7bd6821668209f3bed185f6ed925e7f6c63ba07488e81febeb59c
      • Instruction ID: 476be80c87385226dbe58a901f3a295eff48491c9f345c0d27eb5cb1a92b0172
      • Opcode Fuzzy Hash: 4c2069438db7bd6821668209f3bed185f6ed925e7f6c63ba07488e81febeb59c
      • Instruction Fuzzy Hash: 3941D563B18A5582EF08CF3AD9182A973A1BF48FD0B4A9436DE0DD7B58DE3DD0428305
      Function 00007FF6E91373F4 Relevance: .1, Instructions: 98COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 6955196b928ea369f318f1367a91d651b99cb7ed2675060227c8542cf7a82c4a
      • Instruction ID: 14bb6a561e5d602a13f22d10315ed88eb5a7da16dd00b9257fe8b25108478030
      • Opcode Fuzzy Hash: 6955196b928ea369f318f1367a91d651b99cb7ed2675060227c8542cf7a82c4a
      • Instruction Fuzzy Hash: 5B31B433718B8281E725DF3568442BE7AE5AF84B90F154238EA9D93BD5DF3DE0128709
      Function 00007FF6E9148880 Relevance: .0, Instructions: 32COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: b45f31a2a70b9ba878c3a12fffa6905b3575b51dadbfc3a0cbe7f45b87496cea
      • Instruction ID: 6032793356c420f9e1205fda48c88dce4be17573aa305acbabac83f621fd3e59
      • Opcode Fuzzy Hash: b45f31a2a70b9ba878c3a12fffa6905b3575b51dadbfc3a0cbe7f45b87496cea
      • Instruction Fuzzy Hash: F9F06272F282958EDBA48F29A80276D77D0FB08384F80803DE68DC3B04DA7D9061CF09
      Function 00007FF6E912C62C Relevance: .0, Instructions: 2COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
      • Instruction ID: 591a547cf513d429b41d0404a6c7901542da908d96d2a60877f3923cdac3a10d
      • Opcode Fuzzy Hash: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
      • Instruction Fuzzy Hash: E2A0022395DC26D0E6689F24F8507B97331FF65304B802071E10DC21A09F3EB401D75A
      Function 00007FF6E91250B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
      Download Yara Rule
      APIs
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E91250C0
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E9125101
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E9125126
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E912514B
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E9125173
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E912519B
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E91251C3
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E91251EB
      • GetProcAddress.KERNEL32(?,00007FF6E9125C57,?,00007FF6E912308E), ref: 00007FF6E9125213
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: AddressProc
      • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
      • API String ID: 190572456-2007157414
      • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
      • Instruction ID: 11c4bb499f891fa6062f2c8b9d3bb855099737fa42e2c751512b78dd847634c5
      • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
      • Instruction Fuzzy Hash: 7812D666D4EB0391FA15AF05A8503FC23A4AF0A759B941435C80ED23A4FF3EB54AD64F
      Function 00007FF6E91215C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message
      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
      • API String ID: 2030045667-1550345328
      • Opcode ID: 63e7821261bdbcd545cb89ff9d6ef705dc686717b2c5037f278b81823427e60c
      • Instruction ID: bc02b160c0c3d45ec77d1123573dd81b5ab6f287044274eb4d1f1553876956b1
      • Opcode Fuzzy Hash: 63e7821261bdbcd545cb89ff9d6ef705dc686717b2c5037f278b81823427e60c
      • Instruction Fuzzy Hash: 51518D63B0864392EA14AF25E8003F92360BF46B98F844131EE0DC7795EE3EE555A70A
      Function 00007FF6E91277D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF6E91286B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E9123FA4,00000000,00007FF6E9121925), ref: 00007FF6E91286E9
      • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6E9127C97,?,?,FFFFFFFF,00007FF6E9123834), ref: 00007FF6E912782C
        • Part of subcall function 00007FF6E91226C0: MessageBoxW.USER32 ref: 00007FF6E9122736
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
      • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
      • API String ID: 1662231829-930877121
      • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
      • Instruction ID: 1aaa6ffc2b111dfba3a346d910fc99e0ef082f5c23e4a7883559b8208e71758f
      • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
      • Instruction Fuzzy Hash: 7B41B023B1D74381FB10BF25E8513FA62A1AF86784F844431EA4EC3695EE3EF105974A
      Function 00007FF6E91220F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
      • String ID: P%
      • API String ID: 2147705588-2959514604
      • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
      • Instruction ID: f68be3945bb36af984ad78611505172d6db0afce667471a1732f0f85510f5cc3
      • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
      • Instruction Fuzzy Hash: A651F726604BA186D6389F22B4182BEB7A1FB98B65F044131EBDF83794DF3DD045DB14
      Function 00007FF6E91355A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: -$:$f$p$p
      • API String ID: 3215553584-2013873522
      • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
      • Instruction ID: 30230dbc22aed62cb07e18cfca632995410bce344821afc921bb77d25329c87f
      • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
      • Instruction Fuzzy Hash: 78129063A1824386FB20DE3590583FD76B6FF40B54F964035D69E866C8DF3EE5908B0A
      Function 00007FF6E91302E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: f$f$p$p$f
      • API String ID: 3215553584-1325933183
      • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
      • Instruction ID: 905d9d5c16d59b6c93ce8b35c884ead100ae1ad53dce2a63f0bbea43b28992f4
      • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
      • Instruction Fuzzy Hash: 0D1284A3E0D14386FB24DE24E0587FA76F1EF80754F864139D689865C4DF3EE9808B4A
      Function 00007FF6E9121050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message
      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
      • API String ID: 2030045667-3659356012
      • Opcode ID: eb8929c7a717523ea7c5dbdd2b8df762904df810c2407b2455a08332a40905b2
      • Instruction ID: e3c7703a352ff5e9b95f2c7cda6c3ef909eae0baf2e7e6908367dad8e1d3d262
      • Opcode Fuzzy Hash: eb8929c7a717523ea7c5dbdd2b8df762904df810c2407b2455a08332a40905b2
      • Instruction Fuzzy Hash: 0A418023B0864782EA24EF22A8407FA6391BF56BC4F444031DD4EC7795DE3EE445974A
      Function 00007FF6E9121440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message
      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
      • API String ID: 2030045667-3659356012
      • Opcode ID: ab735088dece392ba015fe9887ac25182eb0ff937d9945326d1deb4be678b5f1
      • Instruction ID: 98a10f8a32922f88a27802f0e361b1e85822559f0d5ec4ed37d74a1980105113
      • Opcode Fuzzy Hash: ab735088dece392ba015fe9887ac25182eb0ff937d9945326d1deb4be678b5f1
      • Instruction Fuzzy Hash: 65418423B0864785EA24EF15A8407F963A0FF1A7D4F544031DE4EC7A95EE3EE542970A
      Function 00007FF6E9127FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
      • String ID: CreateProcessW$Failed to create child process!
      • API String ID: 2895956056-699529898
      • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
      • Instruction ID: 939f96e202db8ced680f1de6b965e36bda23ae6eb16f7ea6bdbd3062e8cf78d5
      • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
      • Instruction Fuzzy Hash: DC412B32A08B8282DA20AF64F4453EE72A1FF89364F540335E6AD877D5DF7DD0458B05
      Function 00007FF6E912DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
      • String ID: csm$csm$csm
      • API String ID: 849930591-393685449
      • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
      • Instruction ID: 29b4786cc359ccba031182d52e25ba196cb4fd3633a816a483fc6aaa32bb7d04
      • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
      • Instruction Fuzzy Hash: 56D17C33A087418AEB20AF65D4403ED37A0FF56788F100135EA4D97B9ADF3AE481D74A
      Function 00007FF6E91211F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message
      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
      • API String ID: 2030045667-2813020118
      • Opcode ID: 5f86db0b88a8597635f99d5b4cac90fa4f731a3afe8888101c8cea5847f0d3ec
      • Instruction ID: 6923c529e5185f8d8c570fd367743ce6f600a5884005b158dd5bf7366744b5d2
      • Opcode Fuzzy Hash: 5f86db0b88a8597635f99d5b4cac90fa4f731a3afe8888101c8cea5847f0d3ec
      • Instruction Fuzzy Hash: C151F223B0868281EA24EF16A4403FA6291FF86798F544135ED4DC7BC5EF3EE542D70A
      Function 00007FF6E913E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FreeLibrary.KERNEL32(?,?,?,00007FF6E913E3BA,?,?,-00000018,00007FF6E913A063,?,?,?,00007FF6E9139F5A,?,?,?,00007FF6E913524E), ref: 00007FF6E913E19C
      • GetProcAddress.KERNEL32(?,?,?,00007FF6E913E3BA,?,?,-00000018,00007FF6E913A063,?,?,?,00007FF6E9139F5A,?,?,?,00007FF6E913524E), ref: 00007FF6E913E1A8
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: AddressFreeLibraryProc
      • String ID: api-ms-$ext-ms-
      • API String ID: 3013587201-537541572
      • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
      • Instruction ID: 0cb239f9aee264cfe3917462c39263b125bf20d361f09b8a0a2720a2a31d4097
      • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
      • Instruction Fuzzy Hash: 7941D423B1970292FB16CF26A8047F562A2BF55BA0F0A4135DD1EC7784EE3EE405830A
      Function 00007FF6E9127C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
      Download Yara Rule
      APIs
      • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF6E9123834), ref: 00007FF6E9127CE4
      • CreateDirectoryW.KERNEL32(?,?,FFFFFFFF,00007FF6E9123834), ref: 00007FF6E9127D2C
        • Part of subcall function 00007FF6E9127E10: GetEnvironmentVariableW.KERNEL32(00007FF6E912365F), ref: 00007FF6E9127E47
        • Part of subcall function 00007FF6E9127E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6E9127E69
        • Part of subcall function 00007FF6E9137548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E9137561
        • Part of subcall function 00007FF6E91226C0: MessageBoxW.USER32 ref: 00007FF6E9122736
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
      • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
      • API String ID: 740614611-1339014028
      • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
      • Instruction ID: ab927c636f0e5c3a970d49bd486f40007993dedfc0c680072ce1e88294295f82
      • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
      • Instruction Fuzzy Hash: F841BE13B09B4280EA24FF71A9553FA2261AF4A784F840031DD0ED77D6EE3EF505974A
      Function 00007FF6E912CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E912D29A,?,?,?,00007FF6E912CF8C,?,?,?,00007FF6E912CB89), ref: 00007FF6E912D06D
      • GetLastError.KERNEL32(?,?,?,00007FF6E912D29A,?,?,?,00007FF6E912CF8C,?,?,?,00007FF6E912CB89), ref: 00007FF6E912D07B
      • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E912D29A,?,?,?,00007FF6E912CF8C,?,?,?,00007FF6E912CB89), ref: 00007FF6E912D0A5
      • FreeLibrary.KERNEL32(?,?,?,00007FF6E912D29A,?,?,?,00007FF6E912CF8C,?,?,?,00007FF6E912CB89), ref: 00007FF6E912D113
      • GetProcAddress.KERNEL32(?,?,?,00007FF6E912D29A,?,?,?,00007FF6E912CF8C,?,?,?,00007FF6E912CB89), ref: 00007FF6E912D11F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Library$Load$AddressErrorFreeLastProc
      • String ID: api-ms-
      • API String ID: 2559590344-2084034818
      • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
      • Instruction ID: 1095655779e7ba7fd5d8df40363be1b187052228e8554b5fb1084ba0c7e328e6
      • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
      • Instruction Fuzzy Hash: A8318026A1AB4281EA11EF12A4007A923D4FF0ABA4F590535DD1D87394EE3EE446D70E
      Function 00007FF6E9127B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
      • String ID:
      • API String ID: 995526605-0
      • Opcode ID: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
      • Instruction ID: e27f09efe32a067d2c23f7073e877e25bb60dd53ff351e9cf30d2fa2edb2d462
      • Opcode Fuzzy Hash: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
      • Instruction Fuzzy Hash: E2212122A0CB4341EB209F65B4443AAA3A1EF867A4F140235DA7DC3BD4DF7DE4558B05
      Function 00007FF6E913A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Value$ErrorLast
      • String ID:
      • API String ID: 2506987500-0
      • Opcode ID: 4f1009f36f4b7e41e642a617816a0843c7a4fdcae41be86a1245b23186b7dd2e
      • Instruction ID: e0133b6ea1cb11280681aa877e5fa998347f69e49c5e8fbe54ed00608d2b16b1
      • Opcode Fuzzy Hash: 4f1009f36f4b7e41e642a617816a0843c7a4fdcae41be86a1245b23186b7dd2e
      • Instruction Fuzzy Hash: C6215922B4C24252FA55EB31564D3B931A25F487A0F0A0734E93ECBAD6DE2EA401470B
      Function 00007FF6E914707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
      • String ID: CONOUT$
      • API String ID: 3230265001-3130406586
      • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
      • Instruction ID: f06b9da81547a9250a2605eeb6a990356d7d4a87c58bd67fbff1c277e4920af5
      • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
      • Instruction Fuzzy Hash: ED118122A18B4186E7508F56F85436962A0FF8CFE8F000234EA1EC7794DF3DE405CB49
      Function 00007FF6E91281F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
      Download Yara Rule
      APIs
      • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF6E91239F2), ref: 00007FF6E912821D
      • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF6E91239F2), ref: 00007FF6E912827A
        • Part of subcall function 00007FF6E91286B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E9123FA4,00000000,00007FF6E9121925), ref: 00007FF6E91286E9
      • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6E91239F2), ref: 00007FF6E9128305
      • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6E91239F2), ref: 00007FF6E9128364
      • FreeLibrary.KERNEL32(?,00000000,?,00007FF6E91239F2), ref: 00007FF6E9128375
      • FreeLibrary.KERNEL32(?,00000000,?,00007FF6E91239F2), ref: 00007FF6E912838A
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
      • String ID:
      • API String ID: 3462794448-0
      • Opcode ID: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
      • Instruction ID: 97a0f51e3f36b238a70fc0e7152b123589a8ccd6e368a7740b07154bf7afd591
      • Opcode Fuzzy Hash: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
      • Instruction Fuzzy Hash: 07419E63B1968281EA30AF62A5003EA73A4FF86BC4F444135DF9D97789DE3DE401DB49
      Function 00007FF6E9128400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF6E9127B50: GetCurrentProcess.KERNEL32 ref: 00007FF6E9127B70
        • Part of subcall function 00007FF6E9127B50: OpenProcessToken.ADVAPI32 ref: 00007FF6E9127B83
        • Part of subcall function 00007FF6E9127B50: GetTokenInformation.ADVAPI32 ref: 00007FF6E9127BA8
        • Part of subcall function 00007FF6E9127B50: GetLastError.KERNEL32 ref: 00007FF6E9127BB2
        • Part of subcall function 00007FF6E9127B50: GetTokenInformation.ADVAPI32 ref: 00007FF6E9127BF2
        • Part of subcall function 00007FF6E9127B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E9127C0E
        • Part of subcall function 00007FF6E9127B50: CloseHandle.KERNEL32 ref: 00007FF6E9127C26
      • LocalFree.KERNEL32(?,00007FF6E9123814), ref: 00007FF6E912848C
      • LocalFree.KERNEL32(?,00007FF6E9123814), ref: 00007FF6E9128495
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
      • API String ID: 6828938-1529539262
      • Opcode ID: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
      • Instruction ID: f5e75bbb212f64e8631b04742fd46b14a898691de322615f5df3df8cbd7f974e
      • Opcode Fuzzy Hash: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
      • Instruction Fuzzy Hash: 7D215323A0874282FA14BF60E4153FA62A4FF8A780F844435EA4DC3796DF3EE445D746
      Function 00007FF6E913A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,?,00007FF6E91343FD,?,?,?,?,00007FF6E913979A,?,?,?,?,00007FF6E913649F), ref: 00007FF6E913A5E7
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91343FD,?,?,?,?,00007FF6E913979A,?,?,?,?,00007FF6E913649F), ref: 00007FF6E913A61D
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91343FD,?,?,?,?,00007FF6E913979A,?,?,?,?,00007FF6E913649F), ref: 00007FF6E913A64A
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91343FD,?,?,?,?,00007FF6E913979A,?,?,?,?,00007FF6E913649F), ref: 00007FF6E913A65B
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91343FD,?,?,?,?,00007FF6E913979A,?,?,?,?,00007FF6E913649F), ref: 00007FF6E913A66C
      • SetLastError.KERNEL32(?,?,?,00007FF6E91343FD,?,?,?,?,00007FF6E913979A,?,?,?,?,00007FF6E913649F), ref: 00007FF6E913A687
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Value$ErrorLast
      • String ID:
      • API String ID: 2506987500-0
      • Opcode ID: 5dcac91248c0014d458aec840eea87d8b317a92cf5de5997ea3edf93bd94a031
      • Instruction ID: bf38425e6f64c74b6150a187c26b36c19f804e895c284da0c277791e12b29edc
      • Opcode Fuzzy Hash: 5dcac91248c0014d458aec840eea87d8b317a92cf5de5997ea3edf93bd94a031
      • Instruction Fuzzy Hash: 10113862F4C24292FA54EF3156993B922A25F587A0F468734D83ECB6D6DE2EB401470B
      Function 00007FF6E9122300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
      • String ID: Unhandled exception in script
      • API String ID: 3081866767-2699770090
      • Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
      • Instruction ID: 5f10e9bf97ce5ae5e8ec4ae3f8538fe30ae8c643b1d0c0cd9ecc343b7245ab3d
      • Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
      • Instruction Fuzzy Hash: F0314E33A09A8289EB24EF61E8553F96360FF89798F440135EA4D87B59DF3DD105C706
      Function 00007FF6E9122760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message$ByteCharMultiWide
      • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
      • API String ID: 1878133881-640379615
      • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
      • Instruction ID: 8aa456cbdfec2f92b4ed804d92f0b71724a78ceef1f1cb8b11d6d00e8af4bf9f
      • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
      • Instruction Fuzzy Hash: 4A217173628A8581E620EF10F4517EA6364FF85788F400036EA8C83699DF3DD646CB49
      Function 00007FF6E9138DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: AddressFreeHandleLibraryModuleProc
      • String ID: CorExitProcess$mscoree.dll
      • API String ID: 4061214504-1276376045
      • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
      • Instruction ID: c95118b2942438b908e8a8050f86f7944aa9ddefd942988a5d0430b608040b56
      • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
      • Instruction Fuzzy Hash: 4DF06263B1970282EB108F64E4483FD5330AF49B65F540635C56EC62F4CF2ED04AC70A
      Function 00007FF6E9148678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _set_statfp
      • String ID:
      • API String ID: 1156100317-0
      • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
      • Instruction ID: 9fd0fb1090544565f15f63c872c39ebab23c54b083f05b3c10cb2c99cc97c12a
      • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
      • Instruction Fuzzy Hash: 20112377E1CA0301F2941D29D5653F401416F5E3BCF5806B0EA2E9A3D6CE2EA843890E
      Function 00007FF6E913A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FlsGetValue.KERNEL32(?,?,?,00007FF6E91398B3,?,?,00000000,00007FF6E9139B4E,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E913A6BF
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91398B3,?,?,00000000,00007FF6E9139B4E,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E913A6DE
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91398B3,?,?,00000000,00007FF6E9139B4E,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E913A706
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91398B3,?,?,00000000,00007FF6E9139B4E,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E913A717
      • FlsSetValue.KERNEL32(?,?,?,00007FF6E91398B3,?,?,00000000,00007FF6E9139B4E,?,?,?,?,?,00007FF6E9139ADA), ref: 00007FF6E913A728
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Value
      • String ID:
      • API String ID: 3702945584-0
      • Opcode ID: 25d361a094b2c99e262beff41eaee06ac9464b6f74968b1c14d3cfe42ff85be4
      • Instruction ID: 190b00c7dabe05868dc9e647b5862077bf1f0de425e16d072110ba26a07ffbdd
      • Opcode Fuzzy Hash: 25d361a094b2c99e262beff41eaee06ac9464b6f74968b1c14d3cfe42ff85be4
      • Instruction Fuzzy Hash: B3114222F0C24252FA58EB3556893F971715F583A0F464334D83ED66D6DE2FB441470B
      Function 00007FF6E913A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Value
      • String ID:
      • API String ID: 3702945584-0
      • Opcode ID: a853173f6999e7d5ef833d9e4f06cbd56a904a1eb1d6261c936ae8f95b9bedb9
      • Instruction ID: 01bb026fbc4997bf6354964c7bdefbe58ea19cbff2a9f3259984a3f9fa330abe
      • Opcode Fuzzy Hash: a853173f6999e7d5ef833d9e4f06cbd56a904a1eb1d6261c936ae8f95b9bedb9
      • Instruction Fuzzy Hash: F611E823E4C20752FA58EF3555593F932A24F59370E164734D93ECA6D2ED2FB441424B
      Function 00007FF6E91352B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: verbose
      • API String ID: 3215553584-579935070
      • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
      • Instruction ID: d67e81edd5d5edf14fd9be75cc2e31e023fe712838d2352b791b038a05d6a278
      • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
      • Instruction Fuzzy Hash: 4A91AF23A0CA4681E725CE35D4583BD36B1AF40F94F8A4136DA9E877D5EE3EE405830A
      Function 00007FF6E913EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: UTF-16LEUNICODE$UTF-8$ccs
      • API String ID: 3215553584-1196891531
      • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
      • Instruction ID: 98ae504c4e882027f6fe32be016b516714bb4ac94a299d1be6a7fc9647403eb5
      • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
      • Instruction Fuzzy Hash: 9E819E73E0C28395FB64EE39D1183F926B1AF11B44F568035DA0AD7395DE2FE885920B
      Function 00007FF6E912C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
      • String ID: csm
      • API String ID: 2395640692-1018135373
      • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
      • Instruction ID: 996bbf5850b090e861f2e459b720c95321ef42b381f324b5b03e210c93375f30
      • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
      • Instruction Fuzzy Hash: 5B519C33B196428ADB14EF15E844BB96791EF45B88F108170EB4E83788EF7EE841D709
      Function 00007FF6E912E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CallEncodePointerTranslator
      • String ID: MOC$RCC
      • API String ID: 3544855599-2084237596
      • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
      • Instruction ID: 63de3e25836c2c88daf22ca256a6e884cb79b176d4a4da2e30f0496569aaeece
      • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
      • Instruction Fuzzy Hash: 15617C3390CBC585DA21AF25E4407EAB7A0FB86798F044225EB9D83B95DF7DE190CB05
      Function 00007FF6E912E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
      • String ID: csm$csm
      • API String ID: 3896166516-3733052814
      • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
      • Instruction ID: c845ac556897b402bd69abbddd87fc89636d9b5f2a2bced331aee02178f2d2e9
      • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
      • Instruction Fuzzy Hash: 8951AE37A0C3428AEB64AF21D0483A877A0EF56B94F144135DA5D87BD5CF3EE450EB4A
      Function 00007FF6E9127530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
      Download Yara Rule
      APIs
      • CreateDirectoryW.KERNEL32(00000000,?,00007FF6E912324C,?,?,00007FF6E9123964), ref: 00007FF6E9127642
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CreateDirectory
      • String ID: %.*s$%s%c$\
      • API String ID: 4241100979-1685191245
      • Opcode ID: 1156698ca0d33aa8d2468b4f0fdefbfa17a3fd1640f2d1a941dba21d9585616c
      • Instruction ID: d8f0108e10685ef206590ff48d4245d846dda111d0a45c65b3294144a9b743e1
      • Opcode Fuzzy Hash: 1156698ca0d33aa8d2468b4f0fdefbfa17a3fd1640f2d1a941dba21d9585616c
      • Instruction Fuzzy Hash: F131D622B19AC149FA21AF25E4107EB6264FF45BE0F444231EE6DC37C9DE3DE2019705
      Function 00007FF6E9122870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: Message$ByteCharMultiWide
      • String ID: Error/warning (ANSI fallback)$Warning
      • API String ID: 1878133881-2698358428
      • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
      • Instruction ID: 9e046d37456d3a12c1e70b043ce2dbca257dfbff1ad384618c5fd955145ce9bc
      • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
      • Instruction Fuzzy Hash: EA118B73628A8581FA249F10F451BED3368FF48B88F901136DA9C87644DF3ED606CB09
      Function 00007FF6E913B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: FileWrite$ConsoleErrorLastOutput
      • String ID:
      • API String ID: 2718003287-0
      • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
      • Instruction ID: 551ab51b8368c7379f0ebd582f29295c2ece34c23f51462d4f5491bbb76eafcc
      • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
      • Instruction Fuzzy Hash: 71D1DC73B18A8189E720CF79D4442FC37B1EB44B98B154236CE6E97B99EE39D006C309
      Function 00007FF6E913C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
      Download Yara Rule
      APIs
      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E913C25B), ref: 00007FF6E913C38C
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E913C25B), ref: 00007FF6E913C417
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ConsoleErrorLastMode
      • String ID:
      • API String ID: 953036326-0
      • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
      • Instruction ID: aca418d8617bed22e98effee9270e77b1f800acd05575a2b1ff1d24a80aef059
      • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
      • Instruction Fuzzy Hash: 0891AF73F0865285F751CF7594883FD2BB0AF54B88F154139DE0EA6A85DE3AD442C70A
      Function 00007FF6E913EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _get_daylight$_isindst
      • String ID:
      • API String ID: 4170891091-0
      • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
      • Instruction ID: ed502c6bbe8d8e60ed2df9b26c7d04e2cdb19b1857ced57ef82ad6b13e60e502
      • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
      • Instruction Fuzzy Hash: BA51E573F082128BEB18DF749A497FC2BB1AF24758F510135DD1E92AE5DF3AA4028706
      Function 00007FF6E9134A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
      • String ID:
      • API String ID: 2780335769-0
      • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
      • Instruction ID: 4cdb147470e7e3161234bf11b4ba07b3325d54db7a5c7b48dd013f017ed2b11b
      • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
      • Instruction Fuzzy Hash: AA515623E086418AFB14DFB194583FD27B1AF48B98F128535DA4987B89DF39E481874A
      Function 00007FF6E9134938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
      • String ID:
      • API String ID: 1279662727-0
      • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
      • Instruction ID: 074b873ba83cddd6c46664a519ab5a037cd84ee1c405a00cbd58982baa84f243
      • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
      • Instruction Fuzzy Hash: 9B418D23E1878283E710CF3195443A97260FFA87A4F119334EA9983BD5DF6DA1A08709
      Function 00007FF6E9122030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: LongWindow$DialogInvalidateRect
      • String ID:
      • API String ID: 1956198572-0
      • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
      • Instruction ID: 36265b2c741b4707e461b838d2a0c16255c693c46d8243d2600276fc36122172
      • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
      • Instruction Fuzzy Hash: 6811E922F0814242FA58AF6AF5443FD1291EF89B90F888431DE4987B8DCD3ED4C1960E
      Function 00007FF6E9144E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: _get_daylight$_invalid_parameter_noinfo
      • String ID: ?
      • API String ID: 1286766494-1684325040
      • Opcode ID: 03a08327e3a10131aa5bb8fa3ef37a2eed6d70488736d84a243644e572cc7fb3
      • Instruction ID: 97e11e84b45b3bb769d452f473ecb9a75d035a63ea3ffc14a450be8778d2d246
      • Opcode Fuzzy Hash: 03a08327e3a10131aa5bb8fa3ef37a2eed6d70488736d84a243644e572cc7fb3
      • Instruction Fuzzy Hash: B4412813B1868242FB209F25D5053F966A1EF84BA8F104234EE5D86BD5DF3ED442CB0A
      Function 00007FF6E913832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
      Download Yara Rule
      APIs
      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E913835E
        • Part of subcall function 00007FF6E9139C58: HeapFree.KERNEL32(?,?,?,00007FF6E9142032,?,?,?,00007FF6E914206F,?,?,00000000,00007FF6E9142535,?,?,?,00007FF6E9142467), ref: 00007FF6E9139C6E
        • Part of subcall function 00007FF6E9139C58: GetLastError.KERNEL32(?,?,?,00007FF6E9142032,?,?,?,00007FF6E914206F,?,?,00000000,00007FF6E9142535,?,?,?,00007FF6E9142467), ref: 00007FF6E9139C78
      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6E912BEC5), ref: 00007FF6E913837C
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
      • String ID: C:\Users\user\Desktop\1fi2LiofgW.exe
      • API String ID: 3580290477-23558427
      • Opcode ID: 53ad205ea1c6cb2f7bb7661613e3da0ecc1c0905bf47b453e04b3a6da8a19941
      • Instruction ID: 113d090a6850eae37e0bd3b9c9fc29db155a1093a68808f05f7f4e3ba76616d0
      • Opcode Fuzzy Hash: 53ad205ea1c6cb2f7bb7661613e3da0ecc1c0905bf47b453e04b3a6da8a19941
      • Instruction Fuzzy Hash: E9419D33A08B52C5EB15DF36A4852FC23B4FF45794B564035EA4E83B86DE3EE481830A
      Function 00007FF6E913F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CurrentDirectory_invalid_parameter_noinfo
      • String ID: .$:
      • API String ID: 2020911589-4202072812
      • Opcode ID: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
      • Instruction ID: b4966ff43dd3f3d35506e7b07b8861e6b06e8048c19757f1ec329183906a8392
      • Opcode Fuzzy Hash: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
      • Instruction Fuzzy Hash: 77417123F0879298FB11EFB198553FC2674AF14358F560039EE4DA7B89DF3A9485830A
      Function 00007FF6E913BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ErrorFileLastWrite
      • String ID: U
      • API String ID: 442123175-4171548499
      • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
      • Instruction ID: d30cea4b3639ba5902fcac206a0e13b06938b8c7f190c1f811770c34d29a061b
      • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
      • Instruction Fuzzy Hash: E0418D23A18A8592EB20DF25E8483EA67A4FB98794F854031EE4DC7798EF3DD441CB45
      Function 00007FF6E913E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: CurrentDirectory
      • String ID: :
      • API String ID: 1611563598-336475711
      • Opcode ID: e37c33f8f2befd5fbd3c49cdc0b6d52123385b6fd944ea7372e41dd3f6ca63dc
      • Instruction ID: 6d9ae807c1ddff310f8b5d60be9ec407fa91786a0c4c0502ad194f287dcc3bb8
      • Opcode Fuzzy Hash: e37c33f8f2befd5fbd3c49cdc0b6d52123385b6fd944ea7372e41dd3f6ca63dc
      • Instruction Fuzzy Hash: 6B216F23B0C78282EB64DF2594483AD67B1FF98B84F464035DA8D83684DF7EE9458B46
      Function 00007FF6E912F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: ExceptionFileHeaderRaise
      • String ID: csm
      • API String ID: 2573137834-1018135373
      • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
      • Instruction ID: 65fa9809f4ff0147622cecf9eb89f52a6c1ce16bac807bdcd2fd1787a8f4ad2c
      • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
      • Instruction Fuzzy Hash: FF113736618B8482EB218F25F4402A9B7A5FF89B88F184230DB8D87768DF3DD5518B04
      Function 00007FF6E913FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1402711357.00007FF6E9121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E9120000, based on PE: true
      • Associated: 00000000.00000002.1402695099.00007FF6E9120000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402737364.00007FF6E914B000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E915E000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402759893.00007FF6E9164000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1402791210.00007FF6E9166000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6e9120000_1fi2LiofgW.jbxd
      Similarity
      • API ID: DriveType_invalid_parameter_noinfo
      • String ID: :
      • API String ID: 2595371189-336475711
      • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
      • Instruction ID: e68061acba0816f0e2637b784ad11b8885307e0f72ea8d81bead56bf113ab7af
      • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
      • Instruction Fuzzy Hash: F3017C23A2C28686FB20EF7094693FE76A0EF48708F410035D54DC2791DE3EE5448A1A