Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Gather Proxy.exe

Overview

General Information

Sample name:Gather Proxy.exe
Analysis ID:1657814
MD5:069b11c376f369b78405a9a5dde9a8ff
SHA1:4386206efbbfd4f4f7ccc73e759859aab92f3717
SHA256:1654cf30246bc73a4477199121487dcc123b3414569daf33cd2bb48faabcf211
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Gather Proxy.exe (PID: 7100 cmdline: "C:\Users\user\Desktop\Gather Proxy.exe" MD5: 069B11C376F369B78405A9A5DDE9A8FF)
    • conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Spreading
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Gather Proxy.exeAvira: detected
Source: Gather Proxy.exeVirustotal: Detection: 53%Perma Link
Source: Gather Proxy.exeReversingLabs: Detection: 67%
Source: Gather Proxy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Gather Proxy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F0D387 FindFirstFileExW,0_2_00F0D387
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EF72900_2_00EF7290
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFF8D00_2_00EFF8D0
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EF11F00_2_00EF11F0
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EF9A000_2_00EF9A00
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EF12000_2_00EF1200
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F05BA00_2_00F05BA0
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F0FE7A0_2_00F0FE7A
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EF5E500_2_00EF5E50
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F0B6350_2_00F0B635
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F047DA0_2_00F047DA
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F117300_2_00F11730
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: String function: 00EFE980 appears 37 times
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: String function: 00EFDFEF appears 69 times
Source: Gather Proxy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@2/0@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: Gather Proxy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Gather Proxy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Gather Proxy.exeVirustotal: Detection: 53%
Source: Gather Proxy.exeReversingLabs: Detection: 67%
Source: unknownProcess created: C:\Users\user\Desktop\Gather Proxy.exe "C:\Users\user\Desktop\Gather Proxy.exe"
Source: C:\Users\user\Desktop\Gather Proxy.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gather Proxy.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Gather Proxy.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Gather Proxy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Gather Proxy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Gather Proxy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Gather Proxy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Gather Proxy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Gather Proxy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Gather Proxy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Gather Proxy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFE27F push ecx; ret 0_2_00EFE292
Source: C:\Users\user\Desktop\Gather Proxy.exeAPI coverage: 8.0 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F0D387 FindFirstFileExW,0_2_00F0D387
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F02693 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F02693
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F0E563 GetProcessHeap,0_2_00F0E563
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFE911 SetUnhandledExceptionFilter,0_2_00EFE911
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFE5A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00EFE5A8
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00F02693 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F02693
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFE7B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EFE7B5
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFE32C cpuid 0_2_00EFE32C
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: EnumSystemLocalesW,0_2_00F098C8
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetLocaleInfoW,0_2_00F10A34
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00F103C4
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00F10B5D
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetLocaleInfoW,0_2_00F10C63
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetLocaleInfoW,0_2_00F09DF4
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00F10D39
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: EnumSystemLocalesW,0_2_00F106BB
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: EnumSystemLocalesW,0_2_00F10670
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00F107E1
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: EnumSystemLocalesW,0_2_00F10756
Source: C:\Users\user\Desktop\Gather Proxy.exeCode function: 0_2_00EFE9CA GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00EFE9CA

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1657814 Sample: Gather Proxy.exe Startdate: 06/04/2025 Architecture: WINDOWS Score: 56 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 6 Gather Proxy.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Gather Proxy.exe53%VirustotalBrowse
Gather Proxy.exe68%ReversingLabsWin32.Trojan.Generic
Gather Proxy.exe100%AviraTR/Agent.qobiv

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1657814
Start date and time:2025-04-06 16:59:49 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 57s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Gather Proxy.exe
Detection:MAL
Classification:mal56.winEXE@2/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 95%
  • Number of executed functions: 6
  • Number of non-executed functions: 53
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):6.460534403029675
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:Gather Proxy.exe
File size:228'864 bytes
MD5:069b11c376f369b78405a9a5dde9a8ff
SHA1:4386206efbbfd4f4f7ccc73e759859aab92f3717
SHA256:1654cf30246bc73a4477199121487dcc123b3414569daf33cd2bb48faabcf211
SHA512:47d913dfb389501650c47db4f87b95345c0dcd73d31d04df10fd913307c1a4a497a89dbaa218fce56ecf8de1a0fde14695e342e52d70c61b28268153d470726e
SSDEEP:6144:r/TUkZHwn9hvjiaeFHDi+DZUdHDgKhrokzAcq7o:kCQnrleFHDHCDroxcq7o
TLSH:24248C5278908432C472257645F49FB55B7DBD300BA7A9CB67D02F7E8F302C29A35A3A
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.QdV.QdV.QdV...U.ZdV...S..dV...R.CdV...U.DdV...S..dV...R.FdV...P.PdV...W.TdV.QdW..dV..._.UdV.....PdV.Qd..PdV...T.PdV.RichQdV

File Icon

Icon Hash:1371ec6d6d697117

Static PE Info

General

Entrypoint:0x40e275
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x676C74CF [Wed Dec 25 21:10:39 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:953ddbeaf8260a562016edb32b006967
Instruction
call 00007F000D44DAA2h
jmp 00007F000D44D179h
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00435040h]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00435040h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], esp
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
int3
int3
int3
int3
push ecx
lea ecx, dword ptr [esp+08h]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp 00007F000D44DB1Fh
push ecx
lea ecx, dword ptr [esp+08h]
sub ecx, eax
and ecx, 07h
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp 00007F000D44DB09h
push ebp
mov ebp, esp
and dword ptr [004361ECh], 00000000h
sub esp, 24h
or dword ptr [00005090h], 00000000h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x33d900x3c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x1995.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x390000x1f90.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x316600x38.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x315a00x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x290000x130.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x278780x27a00ac1682853c1c01c77160b10e76ac8601False0.5291120366719243data6.591705975417202IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x290000xb4800xb600b923f788ef79541fe928a13415dd0c14False0.4256953983516483data4.845223256538989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x350000x1d700x10009a7ebc694441867b6ebfc58ef01a69d7False0.197021484375DOS executable (block device driver \377\377\377\377)3.142633741511124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x370000x19950x1a00480e84a3ac9317044ad21164d2a40237False0.3245192307692308data4.459724118784914IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x390000x1f900x20009fbf475a55674ccf753e0e36e8c4a022False0.7396240234375data6.542737702860855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x371600x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.41312056737588654
RT_ICON0x375c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2732176360225141
RT_GROUP_ICON0x386700x22data0.9411764705882353
RT_VERSION0x386940x184MS Windows COFF Alpha object fileEnglishUnited States0.6030927835051546
RT_MANIFEST0x388180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
DLLImport
KERNEL32.dllMultiByteToWideChar, LoadLibraryExA, CreateFileW, CloseHandle, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapAlloc, HeapFree, GetFileType, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, SetFilePointerEx, HeapSize, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, WriteConsoleW
VERSION.dllVerQueryValueW
DescriptionData
FileVersion4.1.0.1
LegalCopyright2024-2025. Unauthorized use is prohibited
Translation0x0409 0x04b0

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

0246s020406080100

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:11:00:43
Start date:06/04/2025
Path:C:\Users\user\Desktop\Gather Proxy.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\Gather Proxy.exe"
Imagebase:0xef0000
File size:228'864 bytes
MD5 hash:069B11C376F369B78405A9A5DDE9A8FF
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:1
Start time:11:00:43
Start date:06/04/2025
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff642da0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:2.7%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:18.1%
Total number of Nodes:1703
Total number of Limit Nodes:22
Show Legend
Hide Nodes/Edges
execution_graph 17808 efe0f3 17809 efe0ff __FrameHandler3::FrameUnwindToState 17808->17809 17834 efde14 17809->17834 17811 efe106 17812 efe25f 17811->17812 17821 efe130 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock __purecall 17811->17821 17993 efe7b5 IsProcessorFeaturePresent 17812->17993 17814 efe266 17972 f06bab 17814->17972 17819 efe14f 17820 efe1d0 17845 f07172 17820->17845 17821->17819 17821->17820 17975 f06b85 17821->17975 17824 efe1d6 17849 ef36e0 17824->17849 17826 efe1ed 17982 efe8cf GetModuleHandleW 17826->17982 17829 efe1fb 17830 efe204 17829->17830 17984 f06b60 17829->17984 17987 efdf85 17830->17987 17835 efde1d 17834->17835 18000 efe32c IsProcessorFeaturePresent 17835->18000 17839 efde2e 17840 efde32 17839->17840 18010 f075c8 17839->18010 17840->17811 17843 efde49 17843->17811 17846 f07180 17845->17846 17847 f0717b 17845->17847 17846->17824 18082 f06ecc 17847->18082 17850 ef3716 17849->17850 17968 ef3cf5 error_info_injector 17850->17968 18737 ef4e30 17850->18737 17852 ef4e30 41 API calls 17854 ef409d 17852->17854 17853 ef3747 18753 ef5610 17853->18753 17856 ef5610 44 API calls 17854->17856 17858 ef40b5 17856->17858 17860 ef5190 41 API calls 17858->17860 17863 ef40c6 error_info_injector 17860->17863 17861 ef4b32 18938 f0289f 17861->18938 17864 ef4e30 41 API calls 17863->17864 17869 ef419a 17864->17869 17865 ef376d error_info_injector 17865->17861 18780 ef7290 17865->18780 17866 ef3817 17872 ef5190 41 API calls 17866->17872 17866->17968 17868 ef4b37 18943 ef11f0 17868->18943 17871 ef8550 45 API calls 17869->17871 17879 ef41b5 error_info_injector 17871->17879 17873 ef383f 17872->17873 17875 ef5190 41 API calls 17873->17875 17874 ef4b3c 17876 f0289f 39 API calls 17874->17876 17877 ef385a 17875->17877 17878 ef4b41 17876->17878 17880 ef5190 41 API calls 17877->17880 17881 ef11f0 41 API calls 17878->17881 17884 ef4e30 41 API calls 17879->17884 17971 ef4737 error_info_injector 17879->17971 17882 ef3872 17880->17882 17883 ef4b46 17881->17883 17885 ef5190 41 API calls 17882->17885 17886 f0289f 39 API calls 17883->17886 17887 ef42a7 17884->17887 17897 ef388d 17885->17897 17890 ef4b4b 17886->17890 17891 ef5610 44 API calls 17887->17891 17888 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 17892 ef4b2e 17888->17892 17889 ef4ac3 error_info_injector 17889->17888 17893 ef11f0 41 API calls 17890->17893 17894 ef42bf 17891->17894 17892->17826 17895 ef4b50 17893->17895 17896 ef5190 41 API calls 17894->17896 17898 f0289f 39 API calls 17895->17898 17907 ef42d0 error_info_injector 17896->17907 17897->17868 18827 ef5080 17897->18827 17900 ef4b6e 17898->17900 17902 ef11f0 41 API calls 17900->17902 17901 ef38ef 17914 ef3927 _Yarn error_info_injector 17901->17914 18840 ef4f20 17901->18840 17903 ef4b73 17902->17903 17905 f0289f 39 API calls 17903->17905 17906 ef4b78 17905->17906 17908 ef11f0 41 API calls 17906->17908 17909 ef5190 41 API calls 17907->17909 17907->17971 17910 ef4b7d 17908->17910 17911 ef439c 17909->17911 17913 f0289f 39 API calls 17910->17913 17916 ef5190 41 API calls 17911->17916 17912 ef4b91 17920 f0289f 39 API calls 17912->17920 17918 ef4b82 17913->17918 17914->17874 17914->17878 17915 ef5080 41 API calls 17914->17915 17919 ef3a50 17915->17919 17917 ef43b7 17916->17917 17921 ef5190 41 API calls 17917->17921 17922 ef11f0 41 API calls 17918->17922 17926 ef4f20 41 API calls 17919->17926 17935 ef3a82 _Yarn error_info_injector 17919->17935 17931 ef4b96 17920->17931 17923 ef43cf 17921->17923 17924 ef4b87 17922->17924 17927 ef5190 41 API calls 17923->17927 17928 f0289f 39 API calls 17924->17928 17925 ef4bc9 error_info_injector 17925->17826 17926->17935 17929 ef43ea 17927->17929 17930 ef4b8c 17928->17930 18914 ef57d0 17929->18914 17934 f0289f 39 API calls 17930->17934 17931->17925 17933 f0289f 39 API calls 17931->17933 17937 ef4bf0 17933->17937 17934->17912 17935->17883 17935->17890 17938 ef5080 41 API calls 17935->17938 17936 ef4400 17939 ef5190 41 API calls 17936->17939 17940 ef3b9b 17938->17940 17941 ef441e 17939->17941 18855 ef4d80 17940->18855 17941->17900 17944 ef5080 41 API calls 17941->17944 17943 ef3bb1 17945 ef4d80 41 API calls 17943->17945 17946 ef4476 17944->17946 17948 ef3bc9 error_info_injector 17945->17948 17947 ef4d80 41 API calls 17946->17947 17949 ef448f error_info_injector 17947->17949 17948->17895 17951 ef5190 41 API calls 17948->17951 17949->17903 17949->17906 17950 ef5080 41 API calls 17949->17950 17952 ef4534 17950->17952 17953 ef3c9e 17951->17953 17954 ef4d80 41 API calls 17952->17954 18859 ef8130 17953->18859 17961 ef4550 error_info_injector 17954->17961 17957 ef5190 41 API calls 17958 ef3cd7 17957->17958 18887 ef8550 17958->18887 17959 ef5080 41 API calls 17962 ef45fe 17959->17962 17961->17910 17961->17918 17961->17959 17963 ef4d80 41 API calls 17962->17963 17964 ef4617 17963->17964 17965 ef4d80 41 API calls 17964->17965 17966 ef4632 error_info_injector 17965->17966 17966->17924 17967 ef8130 49 API calls 17966->17967 17969 ef471d 17967->17969 17968->17852 17968->17971 17970 ef8550 45 API calls 17969->17970 17970->17971 17971->17861 17971->17889 17971->17912 17971->17930 19561 f069df 17972->19561 17976 f08eb4 __FrameHandler3::FrameUnwindToState 17975->17976 17977 f06b9b std::_Lockit::_Lockit 17975->17977 17978 f093e0 __Getctype 39 API calls 17976->17978 17977->17820 17979 f08ec5 17978->17979 17980 f060fe __purecall 39 API calls 17979->17980 17981 f08eef 17980->17981 17983 efe1f7 17982->17983 17983->17814 17983->17829 17985 f069df __purecall 21 API calls 17984->17985 17986 f06b6b 17985->17986 17986->17830 17988 efdf91 17987->17988 17992 efdfa7 17988->17992 19634 f075da 17988->19634 17990 efdf9f 17991 f01018 ___scrt_uninitialize_crt 7 API calls 17990->17991 17991->17992 17992->17819 17994 efe7cb __purecall 17993->17994 17995 efe876 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17994->17995 17996 efe8ba __purecall 17995->17996 17996->17814 17997 f06b6f 17998 f069df __purecall 21 API calls 17997->17998 17999 efe274 17998->17999 18001 efde29 18000->18001 18002 f00ff9 18001->18002 18019 f0210c 18002->18019 18005 f01002 18005->17839 18007 f0100a 18008 f01015 18007->18008 18033 f02148 18007->18033 18008->17839 18073 f0e57e 18010->18073 18013 f01018 18014 f01021 18013->18014 18015 f0102b 18013->18015 18016 f01330 ___vcrt_uninitialize_ptd 6 API calls 18014->18016 18015->17840 18017 f01026 18016->18017 18018 f02148 ___vcrt_uninitialize_locks DeleteCriticalSection 18017->18018 18018->18015 18020 f02115 18019->18020 18022 f0213e 18020->18022 18023 f00ffe 18020->18023 18037 f024c1 18020->18037 18024 f02148 ___vcrt_uninitialize_locks DeleteCriticalSection 18022->18024 18023->18005 18025 f012fd 18023->18025 18024->18023 18054 f023d2 18025->18054 18028 f01312 18028->18007 18031 f0132d 18031->18007 18034 f02172 18033->18034 18035 f02153 18033->18035 18034->18005 18036 f0215d DeleteCriticalSection 18035->18036 18036->18034 18036->18036 18042 f022e7 18037->18042 18040 f024f9 InitializeCriticalSectionAndSpinCount 18041 f024e4 18040->18041 18041->18020 18043 f02304 18042->18043 18046 f02308 18042->18046 18043->18040 18043->18041 18045 f02370 GetProcAddress 18045->18043 18046->18043 18046->18045 18047 f02361 18046->18047 18049 f02387 LoadLibraryExW 18046->18049 18047->18045 18048 f02369 FreeLibrary 18047->18048 18048->18045 18050 f023ce 18049->18050 18051 f0239e GetLastError 18049->18051 18050->18046 18051->18050 18052 f023a9 ___vcrt_FlsSetValue 18051->18052 18052->18050 18053 f023bf LoadLibraryExW 18052->18053 18053->18046 18055 f022e7 ___vcrt_FlsSetValue 5 API calls 18054->18055 18056 f023ec 18055->18056 18057 f02405 TlsAlloc 18056->18057 18058 f01307 18056->18058 18058->18028 18059 f02483 18058->18059 18060 f022e7 ___vcrt_FlsSetValue 5 API calls 18059->18060 18061 f0249d 18060->18061 18062 f024b8 TlsSetValue 18061->18062 18063 f01320 18061->18063 18062->18063 18063->18031 18064 f01330 18063->18064 18065 f01340 18064->18065 18066 f0133a 18064->18066 18065->18028 18068 f0240d 18066->18068 18069 f022e7 ___vcrt_FlsSetValue 5 API calls 18068->18069 18070 f02427 18069->18070 18071 f02433 18070->18071 18072 f0243f TlsFree 18070->18072 18071->18065 18072->18071 18074 f0e58e 18073->18074 18075 efde3b 18073->18075 18074->18075 18077 f0b154 18074->18077 18075->17843 18075->18013 18078 f0b15b 18077->18078 18079 f0b19e GetStdHandle 18078->18079 18080 f0b200 18078->18080 18081 f0b1b1 GetFileType 18078->18081 18079->18078 18080->18074 18081->18078 18083 f06eeb 18082->18083 18084 f06ed5 18082->18084 18083->17846 18084->18083 18088 f06ef8 18084->18088 18086 f06ee2 18086->18083 18105 f07063 18086->18105 18089 f06f01 18088->18089 18090 f06f04 18088->18090 18089->18086 18113 f0ddcd 18090->18113 18095 f06f21 18146 f06f52 18095->18146 18096 f06f15 18140 f0a0a8 18096->18140 18101 f0a0a8 ___free_lconv_mon 14 API calls 18102 f06f45 18101->18102 18103 f0a0a8 ___free_lconv_mon 14 API calls 18102->18103 18104 f06f4b 18103->18104 18104->18086 18106 f070d4 18105->18106 18111 f07072 18105->18111 18106->18083 18107 f0ce83 WideCharToMultiByte std::_Locinfo::_Locinfo_dtor 18107->18111 18108 f0a04b __Getctype 14 API calls 18108->18111 18109 f070d8 18110 f0a0a8 ___free_lconv_mon 14 API calls 18109->18110 18110->18106 18111->18106 18111->18107 18111->18108 18111->18109 18112 f0a0a8 ___free_lconv_mon 14 API calls 18111->18112 18112->18111 18114 f06f0a 18113->18114 18115 f0ddd6 18113->18115 18119 f0e0cc GetEnvironmentStringsW 18114->18119 18168 f0949b 18115->18168 18120 f0e0e4 18119->18120 18133 f06f0f 18119->18133 18121 f0ce83 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 18120->18121 18122 f0e101 18121->18122 18123 f0e116 18122->18123 18124 f0e10b FreeEnvironmentStringsW 18122->18124 18125 f0a0e2 __strnicoll 15 API calls 18123->18125 18124->18133 18126 f0e11d 18125->18126 18127 f0e125 18126->18127 18128 f0e136 18126->18128 18129 f0a0a8 ___free_lconv_mon 14 API calls 18127->18129 18130 f0ce83 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 18128->18130 18131 f0e12a FreeEnvironmentStringsW 18129->18131 18132 f0e146 18130->18132 18131->18133 18134 f0e155 18132->18134 18135 f0e14d 18132->18135 18133->18095 18133->18096 18136 f0a0a8 ___free_lconv_mon 14 API calls 18134->18136 18137 f0a0a8 ___free_lconv_mon 14 API calls 18135->18137 18138 f0e153 FreeEnvironmentStringsW 18136->18138 18137->18138 18138->18133 18141 f0a0b3 HeapFree 18140->18141 18145 f06f1b 18140->18145 18142 f0a0c8 GetLastError 18141->18142 18141->18145 18143 f0a0d5 __dosmaperr 18142->18143 18144 f029c0 __dosmaperr 12 API calls 18143->18144 18144->18145 18145->18086 18147 f06f67 18146->18147 18148 f0a04b __Getctype 14 API calls 18147->18148 18149 f06f8e 18148->18149 18150 f06f96 18149->18150 18159 f06fa0 18149->18159 18151 f0a0a8 ___free_lconv_mon 14 API calls 18150->18151 18167 f06f28 18151->18167 18152 f06ffd 18153 f0a0a8 ___free_lconv_mon 14 API calls 18152->18153 18153->18167 18154 f0a04b __Getctype 14 API calls 18154->18159 18155 f0700c 18727 f07034 18155->18727 18159->18152 18159->18154 18159->18155 18161 f07027 18159->18161 18163 f0a0a8 ___free_lconv_mon 14 API calls 18159->18163 18718 f08f4f 18159->18718 18160 f0a0a8 ___free_lconv_mon 14 API calls 18162 f07019 18160->18162 18733 f028bc IsProcessorFeaturePresent 18161->18733 18165 f0a0a8 ___free_lconv_mon 14 API calls 18162->18165 18163->18159 18165->18167 18166 f07033 18167->18101 18169 f094a6 18168->18169 18170 f094ac 18168->18170 18216 f09d73 18169->18216 18174 f094b2 18170->18174 18221 f09db2 18170->18221 18192 f094b7 18174->18192 18238 f060fe 18174->18238 18177 f094d6 18179 f094f3 18177->18179 18180 f094de 18177->18180 18182 f09db2 __Getctype 6 API calls 18179->18182 18181 f09db2 __Getctype 6 API calls 18180->18181 18184 f094ea 18181->18184 18183 f094ff 18182->18183 18185 f09512 18183->18185 18186 f09503 18183->18186 18189 f0a0a8 ___free_lconv_mon 14 API calls 18184->18189 18233 f0920e 18185->18233 18187 f09db2 __Getctype 6 API calls 18186->18187 18187->18184 18189->18174 18191 f0a0a8 ___free_lconv_mon 14 API calls 18191->18192 18193 f0dbd8 18192->18193 18521 f0dd2d 18193->18521 18199 f0dc2c 18200 f0dc42 18199->18200 18201 f0dc34 18199->18201 18546 f0de28 18200->18546 18202 f0a0a8 ___free_lconv_mon 14 API calls 18201->18202 18204 f0dc1b 18202->18204 18204->18114 18206 f0dc7a 18207 f029c0 __dosmaperr 14 API calls 18206->18207 18208 f0dc7f 18207->18208 18210 f0a0a8 ___free_lconv_mon 14 API calls 18208->18210 18209 f0dcc1 18215 f0dd0a 18209->18215 18557 f0d851 18209->18557 18210->18204 18211 f0dc95 18211->18209 18212 f0a0a8 ___free_lconv_mon 14 API calls 18211->18212 18212->18209 18214 f0a0a8 ___free_lconv_mon 14 API calls 18214->18204 18215->18214 18249 f09b60 18216->18249 18219 f09d98 18219->18170 18220 f09daa TlsGetValue 18222 f09b60 std::_Lockit::_Lockit 5 API calls 18221->18222 18223 f09dce 18222->18223 18224 f094c6 18223->18224 18225 f09dec TlsSetValue 18223->18225 18224->18174 18226 f0a04b 18224->18226 18231 f0a058 __Getctype 18226->18231 18227 f0a098 18267 f029c0 18227->18267 18228 f0a083 HeapAlloc 18229 f0a096 18228->18229 18228->18231 18229->18177 18231->18227 18231->18228 18264 f066c2 18231->18264 18304 f090a2 18233->18304 18406 f0cafa 18238->18406 18241 f0610e 18243 f06118 IsProcessorFeaturePresent 18241->18243 18244 f06137 18241->18244 18245 f06124 18243->18245 18246 f06b6f __purecall 21 API calls 18244->18246 18436 f02693 18245->18436 18248 f06141 18246->18248 18250 f09b90 18249->18250 18255 f09b8c 18249->18255 18250->18255 18256 f09a95 18250->18256 18253 f09baa GetProcAddress 18254 f09bba std::_Lockit::_Lockit 18253->18254 18253->18255 18254->18255 18255->18219 18255->18220 18262 f09aa6 ___vcrt_FlsSetValue 18256->18262 18257 f09b3c 18257->18253 18257->18255 18258 f09ac4 LoadLibraryExW 18259 f09b43 18258->18259 18260 f09adf GetLastError 18258->18260 18259->18257 18261 f09b55 FreeLibrary 18259->18261 18260->18262 18261->18257 18262->18257 18262->18258 18263 f09b12 LoadLibraryExW 18262->18263 18263->18259 18263->18262 18270 f066ee 18264->18270 18281 f09531 GetLastError 18267->18281 18269 f029c5 18269->18229 18271 f066fa __FrameHandler3::FrameUnwindToState 18270->18271 18276 f05197 EnterCriticalSection 18271->18276 18273 f06705 __purecall 18277 f0673c 18273->18277 18276->18273 18280 f051df LeaveCriticalSection 18277->18280 18279 f066cd 18279->18231 18280->18279 18282 f0954d 18281->18282 18283 f09547 18281->18283 18285 f09db2 __Getctype 6 API calls 18282->18285 18287 f09551 SetLastError 18282->18287 18284 f09d73 __Getctype 6 API calls 18283->18284 18284->18282 18286 f09569 18285->18286 18286->18287 18288 f0a04b __Getctype 12 API calls 18286->18288 18287->18269 18290 f0957e 18288->18290 18291 f09586 18290->18291 18292 f09597 18290->18292 18293 f09db2 __Getctype 6 API calls 18291->18293 18294 f09db2 __Getctype 6 API calls 18292->18294 18302 f09594 18293->18302 18295 f095a3 18294->18295 18296 f095a7 18295->18296 18297 f095be 18295->18297 18298 f09db2 __Getctype 6 API calls 18296->18298 18300 f0920e __Getctype 12 API calls 18297->18300 18298->18302 18299 f0a0a8 ___free_lconv_mon 12 API calls 18299->18287 18301 f095c9 18300->18301 18303 f0a0a8 ___free_lconv_mon 12 API calls 18301->18303 18302->18299 18303->18287 18305 f090ae __FrameHandler3::FrameUnwindToState 18304->18305 18318 f05197 EnterCriticalSection 18305->18318 18307 f090b8 18319 f090e8 18307->18319 18310 f091b4 18311 f091c0 __FrameHandler3::FrameUnwindToState 18310->18311 18323 f05197 EnterCriticalSection 18311->18323 18313 f091ca 18324 f09395 18313->18324 18315 f091e2 18328 f09202 18315->18328 18318->18307 18322 f051df LeaveCriticalSection 18319->18322 18321 f090d6 18321->18310 18322->18321 18323->18313 18325 f093cb __Getctype 18324->18325 18326 f093a4 __Getctype 18324->18326 18325->18315 18326->18325 18331 f0f9b0 18326->18331 18405 f051df LeaveCriticalSection 18328->18405 18330 f091f0 18330->18191 18332 f0fa30 18331->18332 18335 f0f9c6 18331->18335 18333 f0fa7e 18332->18333 18336 f0a0a8 ___free_lconv_mon 14 API calls 18332->18336 18399 f0fb21 18333->18399 18335->18332 18337 f0f9f9 18335->18337 18342 f0a0a8 ___free_lconv_mon 14 API calls 18335->18342 18338 f0fa52 18336->18338 18339 f0fa1b 18337->18339 18347 f0a0a8 ___free_lconv_mon 14 API calls 18337->18347 18340 f0a0a8 ___free_lconv_mon 14 API calls 18338->18340 18341 f0a0a8 ___free_lconv_mon 14 API calls 18339->18341 18343 f0fa65 18340->18343 18344 f0fa25 18341->18344 18346 f0f9ee 18342->18346 18348 f0a0a8 ___free_lconv_mon 14 API calls 18343->18348 18349 f0a0a8 ___free_lconv_mon 14 API calls 18344->18349 18345 f0faec 18350 f0a0a8 ___free_lconv_mon 14 API calls 18345->18350 18359 f0ecb4 18346->18359 18352 f0fa10 18347->18352 18353 f0fa73 18348->18353 18349->18332 18354 f0faf2 18350->18354 18387 f0f113 18352->18387 18357 f0a0a8 ___free_lconv_mon 14 API calls 18353->18357 18354->18325 18355 f0fa8c 18355->18345 18358 f0a0a8 14 API calls ___free_lconv_mon 18355->18358 18357->18333 18358->18355 18360 f0ecc5 18359->18360 18386 f0edae 18359->18386 18361 f0ecd6 18360->18361 18362 f0a0a8 ___free_lconv_mon 14 API calls 18360->18362 18363 f0ece8 18361->18363 18364 f0a0a8 ___free_lconv_mon 14 API calls 18361->18364 18362->18361 18365 f0ecfa 18363->18365 18366 f0a0a8 ___free_lconv_mon 14 API calls 18363->18366 18364->18363 18367 f0a0a8 ___free_lconv_mon 14 API calls 18365->18367 18369 f0ed0c 18365->18369 18366->18365 18367->18369 18368 f0a0a8 ___free_lconv_mon 14 API calls 18370 f0ed1e 18368->18370 18369->18368 18369->18370 18371 f0a0a8 ___free_lconv_mon 14 API calls 18370->18371 18373 f0ed30 18370->18373 18371->18373 18372 f0ed42 18375 f0ed54 18372->18375 18377 f0a0a8 ___free_lconv_mon 14 API calls 18372->18377 18373->18372 18374 f0a0a8 ___free_lconv_mon 14 API calls 18373->18374 18374->18372 18376 f0ed66 18375->18376 18378 f0a0a8 ___free_lconv_mon 14 API calls 18375->18378 18379 f0ed78 18376->18379 18380 f0a0a8 ___free_lconv_mon 14 API calls 18376->18380 18377->18375 18378->18376 18381 f0ed8a 18379->18381 18382 f0a0a8 ___free_lconv_mon 14 API calls 18379->18382 18380->18379 18383 f0ed9c 18381->18383 18384 f0a0a8 ___free_lconv_mon 14 API calls 18381->18384 18382->18381 18385 f0a0a8 ___free_lconv_mon 14 API calls 18383->18385 18383->18386 18384->18383 18385->18386 18386->18337 18388 f0f120 18387->18388 18398 f0f178 18387->18398 18389 f0a0a8 ___free_lconv_mon 14 API calls 18388->18389 18392 f0f130 18388->18392 18389->18392 18390 f0a0a8 ___free_lconv_mon 14 API calls 18391 f0f142 18390->18391 18393 f0a0a8 ___free_lconv_mon 14 API calls 18391->18393 18394 f0f154 18391->18394 18392->18390 18392->18391 18393->18394 18395 f0f166 18394->18395 18396 f0a0a8 ___free_lconv_mon 14 API calls 18394->18396 18397 f0a0a8 ___free_lconv_mon 14 API calls 18395->18397 18395->18398 18396->18395 18397->18398 18398->18339 18400 f0fb2e 18399->18400 18404 f0fb4d 18399->18404 18401 f0f63a __Getctype 14 API calls 18400->18401 18400->18404 18402 f0fb47 18401->18402 18403 f0a0a8 ___free_lconv_mon 14 API calls 18402->18403 18403->18404 18404->18355 18405->18330 18442 f0ca28 18406->18442 18409 f0cb3f 18412 f0cb4b __FrameHandler3::FrameUnwindToState 18409->18412 18410 f09531 __dosmaperr 14 API calls 18418 f0cb7c __purecall 18410->18418 18411 f0cb9b 18414 f029c0 __dosmaperr 14 API calls 18411->18414 18412->18410 18412->18411 18413 f0cbad __purecall 18412->18413 18412->18418 18415 f0cbe3 __purecall 18413->18415 18456 f05197 EnterCriticalSection 18413->18456 18416 f0cba0 18414->18416 18421 f0cc20 18415->18421 18422 f0cd1d 18415->18422 18432 f0cc4e 18415->18432 18453 f0288f 18416->18453 18418->18411 18418->18413 18435 f0cb85 18418->18435 18421->18432 18457 f093e0 GetLastError 18421->18457 18424 f0cd28 18422->18424 18488 f051df LeaveCriticalSection 18422->18488 18426 f06b6f __purecall 21 API calls 18424->18426 18428 f0cd30 18426->18428 18429 f093e0 __Getctype 39 API calls 18433 f0cca3 18429->18433 18431 f093e0 __Getctype 39 API calls 18431->18432 18484 f0ccc9 18432->18484 18434 f093e0 __Getctype 39 API calls 18433->18434 18433->18435 18434->18435 18435->18241 18437 f026af __purecall 18436->18437 18438 f026db IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18437->18438 18440 f027ac __purecall 18438->18440 18513 efdd60 18440->18513 18441 f027ca 18441->18244 18443 f0ca34 __FrameHandler3::FrameUnwindToState 18442->18443 18448 f05197 EnterCriticalSection 18443->18448 18445 f0ca42 18449 f0ca84 18445->18449 18448->18445 18452 f051df LeaveCriticalSection 18449->18452 18451 f06103 18451->18241 18451->18409 18452->18451 18489 f027db 18453->18489 18456->18415 18458 f093f6 18457->18458 18461 f093fc 18457->18461 18460 f09d73 __Getctype 6 API calls 18458->18460 18459 f09db2 __Getctype 6 API calls 18462 f09418 18459->18462 18460->18461 18461->18459 18481 f09400 SetLastError 18461->18481 18464 f0a04b __Getctype 14 API calls 18462->18464 18462->18481 18465 f0942d 18464->18465 18468 f09435 18465->18468 18469 f09446 18465->18469 18466 f09490 18466->18431 18467 f09495 18470 f060fe __purecall 37 API calls 18467->18470 18471 f09db2 __Getctype 6 API calls 18468->18471 18472 f09db2 __Getctype 6 API calls 18469->18472 18473 f0949a 18470->18473 18474 f09443 18471->18474 18475 f09452 18472->18475 18479 f0a0a8 ___free_lconv_mon 14 API calls 18474->18479 18476 f09456 18475->18476 18477 f0946d 18475->18477 18478 f09db2 __Getctype 6 API calls 18476->18478 18480 f0920e __Getctype 14 API calls 18477->18480 18478->18474 18479->18481 18482 f09478 18480->18482 18481->18466 18481->18467 18483 f0a0a8 ___free_lconv_mon 14 API calls 18482->18483 18483->18481 18485 f0cc95 18484->18485 18486 f0cccd 18484->18486 18485->18429 18485->18433 18485->18435 18512 f051df LeaveCriticalSection 18486->18512 18488->18424 18490 f027ed __strnicoll 18489->18490 18495 f02812 18490->18495 18492 f02805 18506 f025cb 18492->18506 18496 f02822 18495->18496 18498 f02829 18495->18498 18497 f02630 __strnicoll 16 API calls 18496->18497 18497->18498 18499 f02837 18498->18499 18500 f02607 __strnicoll GetLastError SetLastError 18498->18500 18499->18492 18501 f0285e 18500->18501 18501->18499 18502 f028bc __Getctype 11 API calls 18501->18502 18503 f0288e 18502->18503 18504 f027db __strnicoll 39 API calls 18503->18504 18505 f0289b 18504->18505 18505->18492 18507 f025d7 18506->18507 18508 f02676 __strnicoll 39 API calls 18507->18508 18509 f025ee 18507->18509 18508->18509 18510 f02676 __strnicoll 39 API calls 18509->18510 18511 f02601 18509->18511 18510->18511 18511->18435 18512->18485 18514 efdd69 IsProcessorFeaturePresent 18513->18514 18515 efdd68 18513->18515 18517 efe5e5 18514->18517 18515->18441 18520 efe5a8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18517->18520 18519 efe6c8 18519->18441 18520->18519 18522 f0dd39 __FrameHandler3::FrameUnwindToState 18521->18522 18524 f0dd53 18522->18524 18565 f05197 EnterCriticalSection 18522->18565 18525 f0dc02 18524->18525 18528 f060fe __purecall 39 API calls 18524->18528 18532 f0d95f 18525->18532 18526 f0dd8f 18566 f0ddac 18526->18566 18529 f0ddcc 18528->18529 18530 f0dd63 18530->18526 18531 f0a0a8 ___free_lconv_mon 14 API calls 18530->18531 18531->18526 18570 f05b11 18532->18570 18535 f0d980 GetOEMCP 18537 f0d9a9 18535->18537 18536 f0d992 18536->18537 18538 f0d997 GetACP 18536->18538 18537->18204 18539 f0a0e2 18537->18539 18538->18537 18540 f0a120 18539->18540 18541 f0a0f0 __Getctype 18539->18541 18542 f029c0 __dosmaperr 14 API calls 18540->18542 18541->18540 18543 f0a10b HeapAlloc 18541->18543 18545 f066c2 std::_Facet_Register 2 API calls 18541->18545 18544 f0a11e 18542->18544 18543->18541 18543->18544 18544->18199 18545->18541 18547 f0d95f 41 API calls 18546->18547 18549 f0de48 18547->18549 18548 f0dea0 __purecall 18612 f0da33 18548->18612 18549->18548 18551 f0de85 IsValidCodePage 18549->18551 18556 f0df4d 18549->18556 18550 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18552 f0dc6f 18550->18552 18553 f0de97 18551->18553 18551->18556 18552->18206 18552->18211 18553->18548 18554 f0dec0 GetCPInfo 18553->18554 18554->18548 18554->18556 18556->18550 18558 f0d85d __FrameHandler3::FrameUnwindToState 18557->18558 18692 f05197 EnterCriticalSection 18558->18692 18560 f0d867 18693 f0d89e 18560->18693 18565->18530 18569 f051df LeaveCriticalSection 18566->18569 18568 f0ddb3 18568->18524 18569->18568 18571 f05b28 18570->18571 18572 f05b2f 18570->18572 18571->18535 18571->18536 18572->18571 18573 f093e0 __Getctype 39 API calls 18572->18573 18574 f05b50 18573->18574 18578 f097ff 18574->18578 18579 f09812 18578->18579 18580 f05b66 18578->18580 18579->18580 18586 f0fbfc 18579->18586 18582 f0985d 18580->18582 18583 f09870 18582->18583 18584 f09885 18582->18584 18583->18584 18607 f0de15 18583->18607 18584->18571 18587 f0fc08 __FrameHandler3::FrameUnwindToState 18586->18587 18588 f093e0 __Getctype 39 API calls 18587->18588 18589 f0fc11 18588->18589 18596 f0fc57 18589->18596 18599 f05197 EnterCriticalSection 18589->18599 18591 f0fc2f 18600 f0fc7d 18591->18600 18596->18580 18597 f060fe __purecall 39 API calls 18598 f0fc7c 18597->18598 18599->18591 18601 f0fc40 18600->18601 18602 f0fc8b __Getctype 18600->18602 18604 f0fc5c 18601->18604 18602->18601 18603 f0f9b0 __Getctype 14 API calls 18602->18603 18603->18601 18605 f051df std::_Lockit::~_Lockit LeaveCriticalSection 18604->18605 18606 f0fc53 18605->18606 18606->18596 18606->18597 18608 f093e0 __Getctype 39 API calls 18607->18608 18609 f0de1a 18608->18609 18610 f0dd2d __strnicoll 39 API calls 18609->18610 18611 f0de25 18610->18611 18611->18584 18613 f0da5b GetCPInfo 18612->18613 18622 f0db24 18612->18622 18619 f0da73 18613->18619 18613->18622 18614 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18616 f0dbd6 18614->18616 18616->18556 18623 f0c5a6 18619->18623 18621 f0c896 43 API calls 18621->18622 18622->18614 18624 f05b11 __strnicoll 39 API calls 18623->18624 18625 f0c5c6 18624->18625 18643 f0cdc9 18625->18643 18627 f0c682 18629 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18627->18629 18628 f0c67a 18646 efdd42 18628->18646 18633 f0c6a5 18629->18633 18630 f0c5f3 18630->18627 18630->18628 18632 f0a0e2 __strnicoll 15 API calls 18630->18632 18634 f0c618 __alloca_probe_16 __purecall 18630->18634 18632->18634 18638 f0c896 18633->18638 18634->18628 18635 f0cdc9 __strnicoll MultiByteToWideChar 18634->18635 18636 f0c661 18635->18636 18636->18628 18637 f0c668 GetStringTypeW 18636->18637 18637->18628 18639 f05b11 __strnicoll 39 API calls 18638->18639 18640 f0c8a9 18639->18640 18655 f0c6a7 18640->18655 18650 f0cd31 18643->18650 18647 efdd5d 18646->18647 18648 efdd4c 18646->18648 18647->18627 18648->18647 18652 f05041 18648->18652 18651 f0cd42 MultiByteToWideChar 18650->18651 18651->18630 18653 f0a0a8 ___free_lconv_mon 14 API calls 18652->18653 18654 f05059 18653->18654 18654->18647 18656 f0c6c2 __strnicoll 18655->18656 18657 f0cdc9 __strnicoll MultiByteToWideChar 18656->18657 18662 f0c706 18657->18662 18658 f0c881 18659 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18658->18659 18661 f0c894 18659->18661 18660 f0c7d4 18664 efdd42 __freea 14 API calls 18660->18664 18661->18621 18662->18658 18662->18660 18663 f0a0e2 __strnicoll 15 API calls 18662->18663 18665 f0c72c __alloca_probe_16 18662->18665 18663->18665 18664->18658 18665->18660 18666 f0cdc9 __strnicoll MultiByteToWideChar 18665->18666 18667 f0c775 18666->18667 18667->18660 18683 f09f31 18667->18683 18670 f0c7e3 18672 f0c86c 18670->18672 18673 f0a0e2 __strnicoll 15 API calls 18670->18673 18676 f0c7f5 __alloca_probe_16 18670->18676 18671 f0c7ab 18671->18660 18675 f09f31 std::_Locinfo::_Locinfo_dtor 6 API calls 18671->18675 18674 efdd42 __freea 14 API calls 18672->18674 18673->18676 18674->18660 18675->18660 18676->18672 18677 f09f31 std::_Locinfo::_Locinfo_dtor 6 API calls 18676->18677 18678 f0c838 18677->18678 18678->18672 18689 f0ce83 18678->18689 18680 f0c852 18680->18672 18681 f0c85b 18680->18681 18682 efdd42 __freea 14 API calls 18681->18682 18682->18660 18684 f09a61 std::_Lockit::_Lockit 5 API calls 18683->18684 18685 f09f3c 18684->18685 18686 f09f8e __strnicoll 5 API calls 18685->18686 18687 f09f42 18685->18687 18688 f09f82 LCMapStringW 18686->18688 18687->18660 18687->18670 18687->18671 18688->18687 18690 f0ce96 std::_Locinfo::_Locinfo_dtor 18689->18690 18691 f0ced4 WideCharToMultiByte 18690->18691 18691->18680 18692->18560 18703 f0604b 18693->18703 18695 f0d8c0 18696 f0604b 39 API calls 18695->18696 18698 f0d8df 18696->18698 18697 f0d874 18700 f0d892 18697->18700 18698->18697 18699 f0a0a8 ___free_lconv_mon 14 API calls 18698->18699 18699->18697 18717 f051df LeaveCriticalSection 18700->18717 18702 f0d880 18702->18215 18704 f0605c 18703->18704 18713 f06058 _Yarn 18703->18713 18705 f06063 18704->18705 18709 f06076 __purecall 18704->18709 18706 f029c0 __dosmaperr 14 API calls 18705->18706 18707 f06068 18706->18707 18708 f0288f __strnicoll 39 API calls 18707->18708 18708->18713 18710 f060a4 18709->18710 18711 f060ad 18709->18711 18709->18713 18712 f029c0 __dosmaperr 14 API calls 18710->18712 18711->18713 18715 f029c0 __dosmaperr 14 API calls 18711->18715 18714 f060a9 18712->18714 18713->18695 18716 f0288f __strnicoll 39 API calls 18714->18716 18715->18714 18716->18713 18717->18702 18719 f08f5d 18718->18719 18720 f08f6b 18718->18720 18719->18720 18725 f08f83 18719->18725 18721 f029c0 __dosmaperr 14 API calls 18720->18721 18722 f08f73 18721->18722 18723 f0288f __strnicoll 39 API calls 18722->18723 18724 f08f7d 18723->18724 18724->18159 18725->18724 18726 f029c0 __dosmaperr 14 API calls 18725->18726 18726->18722 18728 f07041 18727->18728 18732 f07012 18727->18732 18729 f07058 18728->18729 18730 f0a0a8 ___free_lconv_mon 14 API calls 18728->18730 18731 f0a0a8 ___free_lconv_mon 14 API calls 18729->18731 18730->18728 18731->18732 18732->18160 18734 f028c8 18733->18734 18735 f02693 __purecall 8 API calls 18734->18735 18736 f028dd GetCurrentProcess TerminateProcess 18735->18736 18736->18166 18738 ef4f01 18737->18738 18739 ef4e50 18737->18739 18740 ef11f0 41 API calls 18738->18740 18741 ef4e55 _Yarn 18739->18741 18742 ef4e84 18739->18742 18745 ef4ebf 18739->18745 18746 ef4ec8 18739->18746 18743 ef4f06 18740->18743 18741->17853 19202 efdd6e 18742->19202 19213 ef1150 18743->19213 18745->18742 18745->18743 18750 efdd6e std::_Facet_Register 41 API calls 18746->18750 18752 ef4ea0 _Yarn 18746->18752 18748 ef4e97 18749 f0289f 39 API calls 18748->18749 18748->18752 18751 ef4f10 18749->18751 18750->18752 18752->17853 19237 ef5bd0 18753->19237 18755 ef569a 18756 ef5bd0 41 API calls 18755->18756 18757 ef56ac 18756->18757 19254 ef5270 18757->19254 18759 ef56b8 18761 f029c0 __dosmaperr 14 API calls 18759->18761 18769 ef57b2 18759->18769 18770 ef57bc 18759->18770 18775 ef5735 18759->18775 19289 f033bf 18759->19289 19295 ef6400 18759->19295 18761->18759 18762 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18764 ef375c 18762->18764 18763 ef5749 18765 ef57ad 18763->18765 18766 ef5785 error_info_injector 18763->18766 18776 ef5190 18764->18776 18768 f0289f 39 API calls 18765->18768 18766->18762 18768->18769 19328 efd1e8 18769->19328 19333 efd1a8 18770->19333 18775->18766 19310 ef5e50 18775->19310 18777 ef520d 18776->18777 18778 ef5259 18776->18778 18777->18778 19478 ef5ec0 18777->19478 18778->17865 18781 ef72e9 MultiByteToWideChar 18780->18781 18782 ef72e7 18780->18782 18783 ef7317 18781->18783 18782->18781 18784 ef7327 MultiByteToWideChar 18783->18784 19492 ef59a0 18784->19492 18786 ef737d GetFileVersionInfoSizeA 18789 ef739e 18786->18789 18810 ef7397 std::ios_base::_Ios_base_dtor error_info_injector 18786->18810 18787 ef7349 18787->18786 18788 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18792 ef7e26 18788->18792 18795 ef5190 41 API calls 18789->18795 18789->18810 18790 ef7e2c 18793 f0289f 39 API calls 18790->18793 18791 ef7c49 error_info_injector 18791->18788 18792->17866 18794 ef7e31 18793->18794 18796 f0289f 39 API calls 18794->18796 18797 ef73ed MultiByteToWideChar 18795->18797 18798 ef7e36 18796->18798 19508 efe025 18797->19508 19509 ef8e80 18798->19509 18802 ef7e8a std::ios_base::_Ios_base_dtor 18802->17866 18810->18790 18810->18791 18828 ef50c4 18827->18828 18832 ef50ef _Yarn 18827->18832 18829 ef50d1 18828->18829 18830 ef511d 18828->18830 18831 ef5114 18828->18831 18833 efdd6e std::_Facet_Register 41 API calls 18829->18833 18830->18832 18837 efdd6e std::_Facet_Register 41 API calls 18830->18837 18831->18829 18834 ef516e 18831->18834 18832->17901 18835 ef50e4 18833->18835 18836 ef1150 Concurrency::cancel_current_task 41 API calls 18834->18836 18835->18832 18838 f0289f 39 API calls 18835->18838 18836->18835 18837->18832 18839 ef5178 18838->18839 18841 ef506b 18840->18841 18842 ef4f4a 18840->18842 18843 ef11f0 41 API calls 18841->18843 18845 ef4fac 18842->18845 18846 ef4fb9 18842->18846 18848 ef4f60 18842->18848 18844 ef5070 18843->18844 18847 ef1150 Concurrency::cancel_current_task 41 API calls 18844->18847 18845->18844 18845->18848 18850 efdd6e std::_Facet_Register 41 API calls 18846->18850 18853 ef4f70 _Yarn 18846->18853 18847->18853 18849 efdd6e std::_Facet_Register 41 API calls 18848->18849 18849->18853 18850->18853 18851 f0289f 39 API calls 18852 ef507a 18851->18852 18853->18851 18854 ef5029 _Yarn error_info_injector 18853->18854 18854->17914 18856 ef4d9b 18855->18856 18857 ef4daf _Yarn 18856->18857 18858 ef4f20 41 API calls 18856->18858 18857->17943 18858->18857 18860 ef818c MultiByteToWideChar 18859->18860 18861 ef818a 18859->18861 18862 ef81b5 18860->18862 18861->18860 18863 ef81c3 MultiByteToWideChar 18862->18863 18864 ef59a0 41 API calls 18863->18864 18866 ef81e2 18864->18866 18865 ef8216 MultiByteToWideChar 18867 ef823b 18865->18867 18866->18865 18868 ef8249 MultiByteToWideChar 18867->18868 18869 ef59a0 41 API calls 18868->18869 18871 ef8263 18869->18871 18870 ef828f MultiByteToWideChar 18872 ef82b4 18870->18872 18871->18870 18873 ef82c2 MultiByteToWideChar 18872->18873 18874 ef59a0 41 API calls 18873->18874 18876 ef82da 18874->18876 18875 ef8309 MultiByteToWideChar 18877 ef8331 18875->18877 18876->18875 18878 ef833f MultiByteToWideChar 18877->18878 18879 ef59a0 41 API calls 18878->18879 18880 ef835a error_info_injector 18879->18880 18881 ef8544 18880->18881 18883 ef851a error_info_injector 18880->18883 18882 f0289f 39 API calls 18881->18882 18885 ef8549 18882->18885 18884 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18883->18884 18886 ef3cc0 18884->18886 18886->17957 18888 ef88aa 18887->18888 18889 ef85a2 18887->18889 18890 ef11f0 41 API calls 18888->18890 18892 ef5080 41 API calls 18889->18892 18891 ef88af 18890->18891 18893 f0289f 39 API calls 18891->18893 18894 ef85bf 18892->18894 18895 ef88b4 18893->18895 18896 ef4d80 41 API calls 18894->18896 18897 f0289f 39 API calls 18895->18897 18898 ef85d2 18896->18898 18909 ef88b9 18897->18909 18898->18891 18899 ef860d MultiByteToWideChar 18898->18899 18901 ef8603 error_info_injector 18898->18901 19514 efe025 18899->19514 18901->18899 18909->17968 19515 f03405 GetSystemTimeAsFileTime 18914->19515 18916 ef581a 19517 f02911 18916->19517 18919 ef5bd0 41 API calls 18920 ef5833 18919->18920 19520 ef5ad0 18920->19520 18922 ef5848 18923 ef5bd0 41 API calls 18922->18923 18925 ef585b 18923->18925 18929 ef5895 error_info_injector 18925->18929 19536 f028f0 18925->19536 18926 ef58ea error_info_injector 18927 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 18926->18927 18930 ef590f 18927->18930 18928 ef5913 18931 f0289f 39 API calls 18928->18931 18929->18926 18929->18928 18930->17936 18932 ef5918 18931->18932 18933 ef5e50 41 API calls 18932->18933 18935 ef596c error_info_injector 18932->18935 18934 ef5933 18933->18934 18934->18935 18936 f0289f 39 API calls 18934->18936 18935->17936 18937 ef5994 18936->18937 18939 f027db __strnicoll 39 API calls 18938->18939 18940 f028ae 18939->18940 18941 f028bc __Getctype 11 API calls 18940->18941 18942 f028bb 18941->18942 18944 efd1c8 41 API calls 18943->18944 18945 ef11fa 18944->18945 18946 efdd6e std::_Facet_Register 41 API calls 18945->18946 18947 ef1232 18946->18947 19539 ef4c00 18947->19539 18949 ef1264 18950 efdd6e std::_Facet_Register 41 API calls 18949->18950 18951 ef1274 18950->18951 18952 ef4c00 41 API calls 18951->18952 18953 ef12b4 18952->18953 18954 efdd6e std::_Facet_Register 41 API calls 18953->18954 18955 ef12c5 18954->18955 18956 ef4c00 41 API calls 18955->18956 18957 ef1314 18956->18957 18958 efdd6e std::_Facet_Register 41 API calls 18957->18958 18959 ef1325 18958->18959 18960 ef4c00 41 API calls 18959->18960 18961 ef137b 18960->18961 18962 efdd6e std::_Facet_Register 41 API calls 18961->18962 18963 ef138c 18962->18963 18964 ef4c00 41 API calls 18963->18964 18965 ef13df 18964->18965 18966 efdd6e std::_Facet_Register 41 API calls 18965->18966 18967 ef13f0 18966->18967 18968 ef4c00 41 API calls 18967->18968 18969 ef1446 18968->18969 18970 efdd6e std::_Facet_Register 41 API calls 18969->18970 18971 ef1457 18970->18971 18972 ef4c00 41 API calls 18971->18972 18973 ef14aa 18972->18973 18974 efdd6e std::_Facet_Register 41 API calls 18973->18974 18975 ef14bb 18974->18975 18976 ef4c00 41 API calls 18975->18976 18977 ef1518 18976->18977 18978 efdd6e std::_Facet_Register 41 API calls 18977->18978 18979 ef1529 18978->18979 18980 ef4c00 41 API calls 18979->18980 18981 ef15a0 18980->18981 18982 efdd6e std::_Facet_Register 41 API calls 18981->18982 18983 ef15b1 18982->18983 18984 ef4c00 41 API calls 18983->18984 18985 ef15ee 18984->18985 18986 efdd6e std::_Facet_Register 41 API calls 18985->18986 18987 ef15ff 18986->18987 18988 ef4c00 41 API calls 18987->18988 18989 ef1652 18988->18989 18990 efdd6e std::_Facet_Register 41 API calls 18989->18990 18991 ef1663 18990->18991 18992 ef4c00 41 API calls 18991->18992 18993 ef16a7 18992->18993 18994 efdd6e std::_Facet_Register 41 API calls 18993->18994 18995 ef16b8 18994->18995 18996 ef4c00 41 API calls 18995->18996 18997 ef170e 18996->18997 18998 efdd6e std::_Facet_Register 41 API calls 18997->18998 18999 ef171f 18998->18999 19000 ef4c00 41 API calls 18999->19000 19001 ef1787 19000->19001 19002 efdd6e std::_Facet_Register 41 API calls 19001->19002 19003 ef1798 19002->19003 19004 ef4c00 41 API calls 19003->19004 19005 ef17e3 19004->19005 19006 efdd6e std::_Facet_Register 41 API calls 19005->19006 19007 ef17f4 19006->19007 19008 ef4c00 41 API calls 19007->19008 19009 ef183c 19008->19009 19010 efdd6e std::_Facet_Register 41 API calls 19009->19010 19011 ef184d 19010->19011 19012 ef4c00 41 API calls 19011->19012 19013 ef1895 19012->19013 19014 efdd6e std::_Facet_Register 41 API calls 19013->19014 19015 ef18a6 19014->19015 19016 ef4c00 41 API calls 19015->19016 19017 ef18f8 19016->19017 19018 efdd6e std::_Facet_Register 41 API calls 19017->19018 19019 ef1909 19018->19019 19020 ef4c00 41 API calls 19019->19020 19021 ef1963 19020->19021 19022 efdd6e std::_Facet_Register 41 API calls 19021->19022 19023 ef1974 19022->19023 19024 ef4c00 41 API calls 19023->19024 19025 ef19c6 19024->19025 19026 efdd6e std::_Facet_Register 41 API calls 19025->19026 19027 ef19d7 19026->19027 19028 ef4c00 41 API calls 19027->19028 19029 ef1a1f 19028->19029 19030 efdd6e std::_Facet_Register 41 API calls 19029->19030 19031 ef1a30 19030->19031 19032 ef4c00 41 API calls 19031->19032 19033 ef1a78 19032->19033 19034 efdd6e std::_Facet_Register 41 API calls 19033->19034 19035 ef1a89 19034->19035 19036 ef4c00 41 API calls 19035->19036 19037 ef1adf 19036->19037 19038 efdd6e std::_Facet_Register 41 API calls 19037->19038 19039 ef1af0 19038->19039 19040 ef4c00 41 API calls 19039->19040 19041 ef1b42 19040->19041 19042 efdd6e std::_Facet_Register 41 API calls 19041->19042 19043 ef1b53 19042->19043 19044 ef4c00 41 API calls 19043->19044 19045 ef1ba2 19044->19045 19046 efdd6e std::_Facet_Register 41 API calls 19045->19046 19047 ef1bb3 19046->19047 19048 ef4c00 41 API calls 19047->19048 19049 ef1bfb 19048->19049 19050 efdd6e std::_Facet_Register 41 API calls 19049->19050 19051 ef1c0c 19050->19051 19052 ef4c00 41 API calls 19051->19052 19053 ef1c62 19052->19053 19054 efdd6e std::_Facet_Register 41 API calls 19053->19054 19055 ef1c73 19054->19055 19056 ef4c00 41 API calls 19055->19056 19057 ef1cbb 19056->19057 19058 efdd6e std::_Facet_Register 41 API calls 19057->19058 19059 ef1ccc 19058->19059 19060 ef4c00 41 API calls 19059->19060 19061 ef1d2d 19060->19061 19062 efdd6e std::_Facet_Register 41 API calls 19061->19062 19063 ef1d3e 19062->19063 19064 ef4c00 41 API calls 19063->19064 19065 ef1d85 19064->19065 19066 efdd6e std::_Facet_Register 41 API calls 19065->19066 19067 ef1d96 19066->19067 19068 ef4c00 41 API calls 19067->19068 19069 ef1df4 19068->19069 19070 efdd6e std::_Facet_Register 41 API calls 19069->19070 19071 ef1e05 19070->19071 19072 ef4c00 41 API calls 19071->19072 19073 ef1e3e 19072->19073 19074 efdd6e std::_Facet_Register 41 API calls 19073->19074 19075 ef1e4f 19074->19075 19076 ef4c00 41 API calls 19075->19076 19077 ef1e9e 19076->19077 19078 efdd6e std::_Facet_Register 41 API calls 19077->19078 19079 ef1eb2 19078->19079 19080 ef4c00 41 API calls 19079->19080 19081 ef1f05 19080->19081 19082 efdd6e std::_Facet_Register 41 API calls 19081->19082 19083 ef1f19 19082->19083 19084 ef4c00 41 API calls 19083->19084 19085 ef1f61 19084->19085 19086 efdd6e std::_Facet_Register 41 API calls 19085->19086 19087 ef1f75 19086->19087 19088 ef4c00 41 API calls 19087->19088 19089 ef1fb2 19088->19089 19090 efdd6e std::_Facet_Register 41 API calls 19089->19090 19091 ef1fc6 19090->19091 19092 ef4c00 41 API calls 19091->19092 19093 ef2019 19092->19093 19094 efdd6e std::_Facet_Register 41 API calls 19093->19094 19095 ef202d 19094->19095 19096 ef4c00 41 API calls 19095->19096 19097 ef2095 19096->19097 19098 efdd6e std::_Facet_Register 41 API calls 19097->19098 19099 ef20a9 19098->19099 19100 ef4c00 41 API calls 19099->19100 19101 ef20f0 19100->19101 19102 efdd6e std::_Facet_Register 41 API calls 19101->19102 19103 ef2104 19102->19103 19104 ef4c00 41 API calls 19103->19104 19105 ef215a 19104->19105 19106 efdd6e std::_Facet_Register 41 API calls 19105->19106 19107 ef216e 19106->19107 19108 ef4c00 41 API calls 19107->19108 19109 ef21e1 19108->19109 19110 efdd6e std::_Facet_Register 41 API calls 19109->19110 19111 ef21f5 19110->19111 19112 ef4c00 41 API calls 19111->19112 19113 ef225d 19112->19113 19114 efdd6e std::_Facet_Register 41 API calls 19113->19114 19115 ef2271 19114->19115 19116 ef4c00 41 API calls 19115->19116 19117 ef22cf 19116->19117 19118 efdd6e std::_Facet_Register 41 API calls 19117->19118 19119 ef22e3 19118->19119 19120 ef4c00 41 API calls 19119->19120 19121 ef2332 19120->19121 19122 efdd6e std::_Facet_Register 41 API calls 19121->19122 19123 ef2346 19122->19123 19124 ef4c00 41 API calls 19123->19124 19125 ef239c 19124->19125 19126 efdd6e std::_Facet_Register 41 API calls 19125->19126 19127 ef23b0 19126->19127 19128 ef4c00 41 API calls 19127->19128 19129 ef23e5 19128->19129 19130 efdd6e std::_Facet_Register 41 API calls 19129->19130 19131 ef23f9 19130->19131 19132 ef4c00 41 API calls 19131->19132 19133 ef2444 19132->19133 19134 efdd6e std::_Facet_Register 41 API calls 19133->19134 19135 ef2458 19134->19135 19136 ef4c00 41 API calls 19135->19136 19137 ef2498 19136->19137 19138 efdd6e std::_Facet_Register 41 API calls 19137->19138 19139 ef24ac 19138->19139 19140 ef4c00 41 API calls 19139->19140 19141 ef24ec 19140->19141 19142 efdd6e std::_Facet_Register 41 API calls 19141->19142 19143 ef2500 19142->19143 19144 ef4c00 41 API calls 19143->19144 19145 ef254b 19144->19145 19146 efdd6e std::_Facet_Register 41 API calls 19145->19146 19147 ef255f 19146->19147 19148 ef4c00 41 API calls 19147->19148 19149 ef25a7 19148->19149 19150 efdd6e std::_Facet_Register 41 API calls 19149->19150 19151 ef25bb 19150->19151 19152 ef4c00 41 API calls 19151->19152 19153 ef25f8 19152->19153 19154 efdd6e std::_Facet_Register 41 API calls 19153->19154 19155 ef260c 19154->19155 19156 ef4c00 41 API calls 19155->19156 19157 ef2649 19156->19157 19158 efdd6e std::_Facet_Register 41 API calls 19157->19158 19159 ef265d 19158->19159 19160 ef4c00 41 API calls 19159->19160 19161 ef26a5 19160->19161 19162 efdd6e std::_Facet_Register 41 API calls 19161->19162 19163 ef26b9 19162->19163 19164 ef4c00 41 API calls 19163->19164 19165 ef26eb 19164->19165 19166 efdd6e std::_Facet_Register 41 API calls 19165->19166 19167 ef26ff 19166->19167 19168 ef4c00 41 API calls 19167->19168 19169 ef2776 19168->19169 19170 efdd6e std::_Facet_Register 41 API calls 19169->19170 19171 ef278a 19170->19171 19172 ef4c00 41 API calls 19171->19172 19173 ef27eb 19172->19173 19174 efdd6e std::_Facet_Register 41 API calls 19173->19174 19175 ef27ff 19174->19175 19176 ef4c00 41 API calls 19175->19176 19177 ef2855 19176->19177 19178 efdd6e std::_Facet_Register 41 API calls 19177->19178 19179 ef2869 19178->19179 19180 ef4c00 41 API calls 19179->19180 19181 ef28ad 19180->19181 19182 efdd6e std::_Facet_Register 41 API calls 19181->19182 19183 ef28c1 19182->19183 19184 ef4c00 41 API calls 19183->19184 19185 ef2901 19184->19185 19186 efdd6e std::_Facet_Register 41 API calls 19185->19186 19187 ef2915 19186->19187 19188 ef4c00 41 API calls 19187->19188 19189 ef2955 19188->19189 19190 efdd6e std::_Facet_Register 41 API calls 19189->19190 19191 ef2969 19190->19191 19192 ef4c00 41 API calls 19191->19192 19193 ef299e 19192->19193 19194 efdd6e std::_Facet_Register 41 API calls 19193->19194 19195 ef29b2 19194->19195 19196 ef4c00 41 API calls 19195->19196 19197 ef29e7 19196->19197 19198 efdd6e std::_Facet_Register 41 API calls 19197->19198 19199 ef29fb 19198->19199 19200 ef4c00 41 API calls 19199->19200 19201 ef2b05 19200->19201 19201->17874 19205 efdd73 19202->19205 19204 efdd8d 19204->18748 19205->19204 19206 f066c2 std::_Facet_Register 2 API calls 19205->19206 19207 ef1150 Concurrency::cancel_current_task 19205->19207 19230 f0520d 19205->19230 19206->19205 19208 efdd99 19207->19208 19219 eff16d 19207->19219 19208->19208 19210 ef116c 19222 efef0a 19210->19222 19214 ef115e Concurrency::cancel_current_task 19213->19214 19215 eff16d Concurrency::cancel_current_task RaiseException 19214->19215 19216 ef116c 19215->19216 19217 efef0a ___std_exception_copy 40 API calls 19216->19217 19218 ef1193 19217->19218 19218->18748 19220 eff1b4 RaiseException 19219->19220 19221 eff187 19219->19221 19220->19210 19221->19220 19223 efef17 19222->19223 19229 ef1193 19222->19229 19224 f0520d ___std_exception_copy 15 API calls 19223->19224 19223->19229 19225 efef34 19224->19225 19226 efef44 19225->19226 19228 f08f4f ___std_exception_copy 39 API calls 19225->19228 19227 f05041 __freea 14 API calls 19226->19227 19227->19229 19228->19226 19229->18748 19235 f0a0e2 __Getctype 19230->19235 19231 f0a120 19232 f029c0 __dosmaperr 14 API calls 19231->19232 19234 f0a11e 19232->19234 19233 f0a10b HeapAlloc 19233->19234 19233->19235 19234->19205 19235->19231 19235->19233 19236 f066c2 std::_Facet_Register 2 API calls 19235->19236 19236->19235 19238 ef5bfb 19237->19238 19239 ef5c0f 19238->19239 19240 ef5cb4 19238->19240 19241 ef5c14 19239->19241 19245 ef5c77 19239->19245 19248 ef5c3c 19239->19248 19249 ef5c80 19239->19249 19242 ef11f0 41 API calls 19240->19242 19241->18755 19243 ef5cb9 19242->19243 19244 ef1150 Concurrency::cancel_current_task 41 API calls 19243->19244 19247 ef5c4f 19244->19247 19245->19243 19245->19248 19246 efdd6e std::_Facet_Register 41 API calls 19246->19247 19251 f0289f 39 API calls 19247->19251 19253 ef5c58 _Yarn 19247->19253 19248->19246 19250 efdd6e std::_Facet_Register 41 API calls 19249->19250 19249->19253 19250->19253 19252 ef5cc3 19251->19252 19253->18755 19256 ef557c error_info_injector 19254->19256 19266 ef52e4 error_info_injector 19254->19266 19255 ef55e4 error_info_injector 19255->18759 19256->19255 19258 f0289f 39 API calls 19256->19258 19257 ef4e30 41 API calls 19257->19266 19260 ef5606 19258->19260 19259 ef5bd0 41 API calls 19259->19266 19359 ef5e40 19260->19359 19266->19256 19266->19257 19266->19259 19266->19260 19271 ef61e0 41 API calls 19266->19271 19338 ef6000 19266->19338 19344 ef5d10 19266->19344 19271->19266 19290 f033d2 __strnicoll 19289->19290 19378 f02a22 19290->19378 19292 f033f3 19293 f025cb __strnicoll 39 API calls 19292->19293 19294 f03400 19293->19294 19294->18759 19296 ef654c 19295->19296 19297 ef642c 19295->19297 19298 ef5180 41 API calls 19296->19298 19299 ef6547 19297->19299 19302 ef6497 19297->19302 19303 ef6470 19297->19303 19308 ef6481 _Yarn 19298->19308 19300 ef1150 Concurrency::cancel_current_task 41 API calls 19299->19300 19300->19296 19301 f0289f 39 API calls 19304 ef6556 19301->19304 19307 efdd6e std::_Facet_Register 41 API calls 19302->19307 19302->19308 19303->19299 19305 ef647b 19303->19305 19306 efdd6e std::_Facet_Register 41 API calls 19305->19306 19306->19308 19307->19308 19308->19301 19309 ef651e error_info_injector 19308->19309 19309->18759 19311 ef5ea7 19310->19311 19312 ef5e5d error_info_injector 19310->19312 19311->18763 19312->19311 19313 f0289f 39 API calls 19312->19313 19314 ef5eb0 19313->19314 19315 ef5fed 19314->19315 19316 ef5ee5 19314->19316 19317 ef11f0 41 API calls 19315->19317 19318 ef5f53 19316->19318 19320 ef5efa 19316->19320 19323 ef5f0a _Yarn 19317->19323 19318->19323 19324 efdd6e std::_Facet_Register 41 API calls 19318->19324 19319 ef1150 Concurrency::cancel_current_task 41 API calls 19326 ef5f79 _Yarn 19319->19326 19321 efdd6e std::_Facet_Register 41 API calls 19320->19321 19320->19323 19321->19323 19322 f0289f 39 API calls 19325 ef5ffc 19322->19325 19323->18763 19323->19319 19323->19326 19324->19323 19326->19322 19327 ef5faf error_info_injector 19326->19327 19327->18763 19472 efd120 19328->19472 19331 eff16d Concurrency::cancel_current_task RaiseException 19332 efd207 19331->19332 19475 efd091 19333->19475 19336 eff16d Concurrency::cancel_current_task RaiseException 19337 efd1c7 19336->19337 19339 ef61d4 19338->19339 19362 ef5180 19339->19362 19348 ef5d2e _Yarn 19344->19348 19349 ef5d54 19344->19349 19345 ef5e34 19346 ef11f0 41 API calls 19345->19346 19347 ef5e39 19346->19347 19350 ef1150 Concurrency::cancel_current_task 41 API calls 19347->19350 19348->19266 19349->19345 19351 ef5d8f 19349->19351 19352 ef5dc3 19349->19352 19354 ef5e3e 19350->19354 19351->19347 19353 efdd6e std::_Facet_Register 41 API calls 19351->19353 19355 efdd6e std::_Facet_Register 41 API calls 19352->19355 19357 ef5daf _Yarn 19352->19357 19353->19357 19355->19357 19356 f0289f 39 API calls 19356->19345 19357->19356 19358 ef5e16 error_info_injector 19357->19358 19358->19266 19360 efd1e8 41 API calls 19359->19360 19361 ef5e4a 19360->19361 19365 efd1c8 19362->19365 19370 efd0cb 19365->19370 19368 eff16d Concurrency::cancel_current_task RaiseException 19369 efd1e7 19368->19369 19373 ef6640 19370->19373 19374 efef0a ___std_exception_copy 40 API calls 19373->19374 19375 ef6677 19374->19375 19376 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 19375->19376 19377 ef6687 19376->19377 19377->19368 19392 f0332b 19378->19392 19380 f02a7c 19386 f02aa0 19380->19386 19399 f032d0 19380->19399 19381 f02a34 19381->19380 19382 f02a49 19381->19382 19391 f02a64 std::_Locinfo::_Locinfo_dtor 19381->19391 19384 f02812 __strnicoll 39 API calls 19382->19384 19384->19391 19388 f02ac4 19386->19388 19406 f03368 19386->19406 19387 f02b4c 19389 f03277 39 API calls 19387->19389 19388->19387 19413 f03277 19388->19413 19389->19391 19391->19292 19393 f03330 19392->19393 19394 f03343 19392->19394 19395 f029c0 __dosmaperr 14 API calls 19393->19395 19394->19381 19396 f03335 19395->19396 19397 f0288f __strnicoll 39 API calls 19396->19397 19398 f03340 19397->19398 19398->19381 19419 f02676 19399->19419 19407 f03374 19406->19407 19410 f0338a 19406->19410 19460 f054a5 19407->19460 19409 f0339a 19409->19386 19410->19409 19465 f09734 19410->19465 19411 f0337f std::_Locinfo::_Locinfo_dtor 19411->19386 19414 f03288 19413->19414 19415 f0329c 19413->19415 19414->19415 19416 f029c0 __dosmaperr 14 API calls 19414->19416 19415->19387 19417 f03291 19416->19417 19418 f0288f __strnicoll 39 API calls 19417->19418 19418->19415 19420 f02680 19419->19420 19421 f02689 19419->19421 19434 f02630 GetLastError 19420->19434 19426 f0982c 19421->19426 19423 f02685 19423->19421 19424 f060fe __purecall 39 API calls 19423->19424 19425 f02692 19424->19425 19427 f09843 19426->19427 19428 f032fd 19426->19428 19427->19428 19429 f0fbfc __Getctype 39 API calls 19427->19429 19430 f0988a 19428->19430 19429->19428 19431 f098a1 19430->19431 19432 f0330a 19430->19432 19431->19432 19433 f0de15 __strnicoll 39 API calls 19431->19433 19432->19386 19433->19432 19435 f02649 19434->19435 19438 f095e2 19435->19438 19439 f095f5 19438->19439 19440 f095fb 19438->19440 19441 f09d73 __Getctype 6 API calls 19439->19441 19442 f09db2 __Getctype 6 API calls 19440->19442 19444 f02661 SetLastError 19440->19444 19441->19440 19443 f09615 19442->19443 19443->19444 19445 f0a04b __Getctype 14 API calls 19443->19445 19444->19423 19446 f09625 19445->19446 19447 f09642 19446->19447 19448 f0962d 19446->19448 19450 f09db2 __Getctype 6 API calls 19447->19450 19449 f09db2 __Getctype 6 API calls 19448->19449 19451 f09639 19449->19451 19452 f0964e 19450->19452 19455 f0a0a8 ___free_lconv_mon 14 API calls 19451->19455 19453 f09661 19452->19453 19454 f09652 19452->19454 19457 f0920e __Getctype 14 API calls 19453->19457 19456 f09db2 __Getctype 6 API calls 19454->19456 19455->19444 19456->19451 19458 f0966c 19457->19458 19459 f0a0a8 ___free_lconv_mon 14 API calls 19458->19459 19459->19444 19461 f093e0 __Getctype 39 API calls 19460->19461 19462 f054b0 19461->19462 19463 f097ff __Getctype 39 API calls 19462->19463 19464 f054c0 19463->19464 19464->19411 19466 f05b11 __strnicoll 39 API calls 19465->19466 19467 f09751 19466->19467 19468 f0c5a6 std::_Locinfo::_Locinfo_dtor 42 API calls 19467->19468 19469 f09761 19467->19469 19468->19469 19470 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 19469->19470 19471 f097fd 19470->19471 19471->19409 19473 ef6640 std::invalid_argument::invalid_argument 40 API calls 19472->19473 19474 efd132 19473->19474 19474->19331 19476 ef6640 std::invalid_argument::invalid_argument 40 API calls 19475->19476 19477 efd0a3 19476->19477 19477->19336 19479 ef5fed 19478->19479 19480 ef5ee5 19478->19480 19481 ef11f0 41 API calls 19479->19481 19482 ef5f53 19480->19482 19484 ef5efa 19480->19484 19490 ef5f0a _Yarn 19481->19490 19487 efdd6e std::_Facet_Register 41 API calls 19482->19487 19482->19490 19483 ef1150 Concurrency::cancel_current_task 41 API calls 19489 ef5f79 _Yarn 19483->19489 19485 efdd6e std::_Facet_Register 41 API calls 19484->19485 19484->19490 19485->19490 19486 f0289f 39 API calls 19488 ef5ffc 19486->19488 19487->19490 19489->19486 19491 ef5faf error_info_injector 19489->19491 19490->18777 19490->19483 19490->19489 19491->18777 19494 ef59d0 19492->19494 19493 ef5ab7 19496 ef11f0 41 API calls 19493->19496 19494->19493 19495 ef59f0 _Yarn 19494->19495 19498 ef5a25 19494->19498 19500 ef5ab2 19494->19500 19504 ef5a74 19494->19504 19495->18787 19497 ef5a62 19496->19497 19499 f0289f 39 API calls 19497->19499 19507 ef5a69 _Yarn 19497->19507 19498->19500 19501 ef5a5c 19498->19501 19502 ef5ac1 19499->19502 19503 ef1150 Concurrency::cancel_current_task 41 API calls 19500->19503 19505 efdd6e std::_Facet_Register 41 API calls 19501->19505 19503->19493 19506 efdd6e std::_Facet_Register 41 API calls 19504->19506 19504->19507 19505->19497 19506->19507 19507->18787 19510 ef8eca error_info_injector 19509->19510 19511 ef8e8f 19509->19511 19510->18802 19511->19510 19512 f0289f 39 API calls 19511->19512 19513 ef8f4e 19512->19513 19513->18802 19516 f0343e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19515->19516 19516->18916 19518 f093e0 __Getctype 39 API calls 19517->19518 19519 ef5820 19518->19519 19519->18919 19521 ef5afc 19520->19521 19522 ef5bb7 19520->19522 19523 ef5b01 __purecall 19521->19523 19525 ef5b36 19521->19525 19528 ef5b7a 19521->19528 19529 ef5b71 19521->19529 19524 ef11f0 41 API calls 19522->19524 19523->18922 19526 ef5bbc 19524->19526 19530 efdd6e std::_Facet_Register 41 API calls 19525->19530 19527 ef1150 Concurrency::cancel_current_task 41 API calls 19526->19527 19531 ef5b49 19527->19531 19532 efdd6e std::_Facet_Register 41 API calls 19528->19532 19534 ef5b52 __purecall 19528->19534 19529->19525 19529->19526 19530->19531 19533 f0289f 39 API calls 19531->19533 19531->19534 19532->19534 19535 ef5bc6 19533->19535 19534->18922 19537 f093e0 __Getctype 39 API calls 19536->19537 19538 f028f5 19537->19538 19538->18925 19540 ef4c34 19539->19540 19548 ef4c5e _Yarn 19539->19548 19541 ef4c3b 19540->19541 19542 ef4cb1 19540->19542 19544 ef4c6c 19541->19544 19545 ef4c4a 19541->19545 19543 ef5180 41 API calls 19542->19543 19546 ef4cb6 19543->19546 19544->19548 19551 efdd6e std::_Facet_Register 41 API calls 19544->19551 19545->19546 19547 ef4c51 19545->19547 19549 ef1150 Concurrency::cancel_current_task 41 API calls 19546->19549 19550 efdd6e std::_Facet_Register 41 API calls 19547->19550 19548->18949 19552 ef4c57 19549->19552 19550->19552 19551->19548 19552->19548 19553 f0289f 39 API calls 19552->19553 19555 ef4cc0 19553->19555 19554 ef4cfc error_info_injector 19554->18949 19555->19554 19556 f0289f 39 API calls 19555->19556 19558 ef4d22 19556->19558 19557 ef4d56 error_info_injector 19557->18949 19558->19557 19559 f0289f 39 API calls 19558->19559 19560 ef4d7a 19559->19560 19562 f06a0c 19561->19562 19563 f06a1e 19561->19563 19564 efe8cf __purecall GetModuleHandleW 19562->19564 19573 f0688b 19563->19573 19566 f06a11 19564->19566 19566->19563 19588 f06ac0 GetModuleHandleExW 19566->19588 19568 efe26c 19568->17997 19571 f06a70 19574 f06897 __FrameHandler3::FrameUnwindToState 19573->19574 19594 f05197 EnterCriticalSection 19574->19594 19576 f068a1 19595 f068f7 19576->19595 19578 f068ae 19599 f068cc 19578->19599 19581 f06a76 19624 f06aa7 19581->19624 19583 f06a80 19584 f06a94 19583->19584 19585 f06a84 GetCurrentProcess TerminateProcess 19583->19585 19586 f06ac0 __purecall 3 API calls 19584->19586 19585->19584 19587 f06a9c ExitProcess 19586->19587 19589 f06b20 19588->19589 19590 f06aff GetProcAddress 19588->19590 19592 f06b26 FreeLibrary 19589->19592 19593 f06a1d 19589->19593 19590->19589 19591 f06b13 19590->19591 19591->19589 19592->19593 19593->19563 19594->19576 19597 f06903 __FrameHandler3::FrameUnwindToState __purecall 19595->19597 19596 f06967 __purecall 19596->19578 19597->19596 19602 f07433 19597->19602 19623 f051df LeaveCriticalSection 19599->19623 19601 f068ba 19601->19568 19601->19581 19603 f0743f __EH_prolog3 19602->19603 19606 f0718b 19603->19606 19605 f07466 __purecall 19605->19596 19607 f07197 __FrameHandler3::FrameUnwindToState 19606->19607 19614 f05197 EnterCriticalSection 19607->19614 19609 f071a5 19615 f07343 19609->19615 19614->19609 19616 f07362 19615->19616 19617 f071b2 19615->19617 19616->19617 19618 f0a0a8 ___free_lconv_mon 14 API calls 19616->19618 19619 f071da 19617->19619 19618->19617 19622 f051df LeaveCriticalSection 19619->19622 19621 f071c3 19621->19605 19622->19621 19623->19601 19627 f0d105 19624->19627 19626 f06aac __purecall 19626->19583 19628 f0d114 __purecall 19627->19628 19629 f0d121 19628->19629 19631 f09be5 19628->19631 19629->19626 19632 f09b60 std::_Lockit::_Lockit 5 API calls 19631->19632 19633 f09c01 19632->19633 19633->19629 19635 f075e5 19634->19635 19638 f075f7 ___scrt_uninitialize_crt 19634->19638 19636 f075f3 19635->19636 19639 f0e8be 19635->19639 19636->17990 19638->17990 19642 f0e74f 19639->19642 19645 f0e6a3 19642->19645 19646 f0e6af __FrameHandler3::FrameUnwindToState 19645->19646 19653 f05197 EnterCriticalSection 19646->19653 19648 f0e725 19662 f0e743 19648->19662 19649 f0e6b9 ___scrt_uninitialize_crt 19649->19648 19654 f0e617 19649->19654 19653->19649 19655 f0e623 __FrameHandler3::FrameUnwindToState 19654->19655 19665 f0b061 EnterCriticalSection 19655->19665 19657 f0e62d ___scrt_uninitialize_crt 19658 f0e666 19657->19658 19666 f0e859 19657->19666 19679 f0e697 19658->19679 19781 f051df LeaveCriticalSection 19662->19781 19664 f0e731 19664->19636 19665->19657 19667 f0e86e __strnicoll 19666->19667 19668 f0e880 19667->19668 19669 f0e875 19667->19669 19682 f0e7f0 19668->19682 19670 f0e74f ___scrt_uninitialize_crt 68 API calls 19669->19670 19678 f0e87b 19670->19678 19673 f025cb __strnicoll 39 API calls 19675 f0e8b8 19673->19675 19675->19658 19676 f0e8a1 19695 f140fe 19676->19695 19678->19673 19780 f0b075 LeaveCriticalSection 19679->19780 19681 f0e685 19681->19649 19683 f0e809 19682->19683 19687 f0e830 19682->19687 19684 f0af26 ___scrt_uninitialize_crt 39 API calls 19683->19684 19683->19687 19685 f0e825 19684->19685 19706 f1491d 19685->19706 19687->19678 19688 f0af26 19687->19688 19689 f0af32 19688->19689 19690 f0af47 19688->19690 19691 f029c0 __dosmaperr 14 API calls 19689->19691 19690->19676 19692 f0af37 19691->19692 19693 f0288f __strnicoll 39 API calls 19692->19693 19694 f0af42 19693->19694 19694->19676 19696 f1410f 19695->19696 19698 f1411c 19695->19698 19697 f029c0 __dosmaperr 14 API calls 19696->19697 19705 f14114 19697->19705 19699 f14165 19698->19699 19701 f14143 19698->19701 19700 f029c0 __dosmaperr 14 API calls 19699->19700 19702 f1416a 19700->19702 19747 f1405c 19701->19747 19704 f0288f __strnicoll 39 API calls 19702->19704 19704->19705 19705->19678 19708 f14929 __FrameHandler3::FrameUnwindToState 19706->19708 19707 f1496a 19709 f02812 __strnicoll 39 API calls 19707->19709 19708->19707 19710 f149b0 19708->19710 19716 f14931 19708->19716 19709->19716 19717 f0eb5d EnterCriticalSection 19710->19717 19712 f149b6 19713 f149d4 19712->19713 19718 f14a2e 19712->19718 19744 f14a26 19713->19744 19716->19687 19717->19712 19719 f14a56 19718->19719 19743 f14a79 ___scrt_uninitialize_crt 19718->19743 19720 f14a5a 19719->19720 19722 f14ab5 19719->19722 19721 f02812 __strnicoll 39 API calls 19720->19721 19721->19743 19723 f14ad3 19722->19723 19724 f155bc ___scrt_uninitialize_crt 41 API calls 19722->19724 19725 f145aa ___scrt_uninitialize_crt 40 API calls 19723->19725 19724->19723 19726 f14ae5 19725->19726 19727 f14b32 19726->19727 19728 f14aeb 19726->19728 19731 f14b46 19727->19731 19732 f14b9b WriteFile 19727->19732 19729 f14af3 19728->19729 19730 f14b1a 19728->19730 19737 f14542 ___scrt_uninitialize_crt 6 API calls 19729->19737 19729->19743 19733 f1417b ___scrt_uninitialize_crt 45 API calls 19730->19733 19735 f14b87 19731->19735 19736 f14b4e 19731->19736 19734 f14bbd GetLastError 19732->19734 19732->19743 19733->19743 19734->19743 19738 f14627 ___scrt_uninitialize_crt 7 API calls 19735->19738 19739 f14b73 19736->19739 19741 f14b53 19736->19741 19737->19743 19738->19743 19740 f147eb ___scrt_uninitialize_crt 8 API calls 19739->19740 19740->19743 19742 f14702 ___scrt_uninitialize_crt 7 API calls 19741->19742 19741->19743 19742->19743 19743->19713 19745 f0eb80 ___scrt_uninitialize_crt LeaveCriticalSection 19744->19745 19746 f14a2c 19745->19746 19746->19716 19748 f14068 __FrameHandler3::FrameUnwindToState 19747->19748 19760 f0eb5d EnterCriticalSection 19748->19760 19750 f14077 19751 f140bc 19750->19751 19761 f0ec34 19750->19761 19752 f029c0 __dosmaperr 14 API calls 19751->19752 19754 f140c3 19752->19754 19777 f140f2 19754->19777 19755 f140a3 FlushFileBuffers 19755->19754 19756 f140af GetLastError 19755->19756 19774 f029ad 19756->19774 19760->19750 19762 f0ec41 19761->19762 19763 f0ec56 19761->19763 19764 f029ad __dosmaperr 14 API calls 19762->19764 19766 f029ad __dosmaperr 14 API calls 19763->19766 19768 f0ec7b 19763->19768 19765 f0ec46 19764->19765 19767 f029c0 __dosmaperr 14 API calls 19765->19767 19769 f0ec86 19766->19769 19770 f0ec4e 19767->19770 19768->19755 19771 f029c0 __dosmaperr 14 API calls 19769->19771 19770->19755 19772 f0ec8e 19771->19772 19773 f0288f __strnicoll 39 API calls 19772->19773 19773->19770 19775 f09531 __dosmaperr 14 API calls 19774->19775 19776 f029b2 19775->19776 19776->19751 19778 f0eb80 ___scrt_uninitialize_crt LeaveCriticalSection 19777->19778 19779 f140db 19778->19779 19779->19705 19780->19681 19781->19664 19782 efbfe0 19783 ef5190 41 API calls 19782->19783 19788 efc050 error_info_injector 19783->19788 19784 efc0e5 error_info_injector 19785 ef5190 41 API calls 19784->19785 19787 efc0fd 19785->19787 19786 efcfd6 19789 f0289f 39 API calls 19786->19789 19791 ef4f20 41 API calls 19787->19791 19793 efc12c _Yarn 19787->19793 19788->19784 19788->19786 19790 efd05d 19789->19790 19792 efc169 LoadLibraryExA 19791->19792 19794 efc1c1 error_info_injector 19792->19794 19793->19792 19795 ef5190 41 API calls 19794->19795 19797 efc245 19795->19797 19796 ef5190 41 API calls 19799 efc32c error_info_injector 19796->19799 19797->19796 19798 ef5190 41 API calls 19801 efc387 error_info_injector 19798->19801 19799->19798 19800 ef5190 41 API calls 19803 efc3e2 error_info_injector 19800->19803 19801->19800 19802 ef5190 41 API calls 19805 efc43d error_info_injector 19802->19805 19803->19802 19804 ef5190 41 API calls 19807 efc498 error_info_injector 19804->19807 19805->19804 19806 ef5190 41 API calls 19809 efc4f3 error_info_injector 19806->19809 19807->19806 19808 ef5190 41 API calls 19810 efc54e error_info_injector 19808->19810 19809->19808 19811 ef5190 41 API calls 19810->19811 19813 efc5a9 error_info_injector 19811->19813 19812 ef5190 41 API calls 19815 efc604 error_info_injector 19812->19815 19813->19812 19814 ef5190 41 API calls 19816 efc65f error_info_injector 19814->19816 19815->19814 19817 ef5190 41 API calls 19816->19817 19818 efc6ba error_info_injector 19817->19818 19819 ef5190 41 API calls 19818->19819 19820 efc715 19819->19820 19821 ef4f20 41 API calls 19820->19821 19823 efc744 _Yarn 19820->19823 19822 efc781 LoadLibraryA 19821->19822 19825 efc7dc error_info_injector 19822->19825 19823->19822 19824 ef5190 41 API calls 19828 efc860 error_info_injector 19824->19828 19825->19824 19826 ef5190 41 API calls 19827 efc8bb 19826->19827 19829 ef4f20 41 API calls 19827->19829 19831 efc8ea _Yarn 19827->19831 19828->19826 19830 efc927 LoadLibraryA 19829->19830 19832 efc982 error_info_injector 19830->19832 19831->19830 19833 ef5190 41 API calls 19832->19833 19835 efca09 error_info_injector 19833->19835 19834 ef5190 41 API calls 19837 efca67 error_info_injector 19834->19837 19835->19834 19836 ef5190 41 API calls 19840 efcac5 error_info_injector 19836->19840 19837->19836 19838 ef5190 41 API calls 19839 efcb23 19838->19839 19841 ef4f20 41 API calls 19839->19841 19843 efcb52 _Yarn 19839->19843 19840->19838 19842 efcb8f LoadLibraryA 19841->19842 19845 efcbea error_info_injector 19842->19845 19843->19842 19844 ef5190 41 API calls 19847 efcc71 error_info_injector 19844->19847 19845->19844 19846 ef5190 41 API calls 19848 efcccf error_info_injector 19846->19848 19847->19846 19849 ef5190 41 API calls 19848->19849 19850 efcd2d 19849->19850 19851 ef4f20 41 API calls 19850->19851 19853 efcd5c _Yarn error_info_injector 19850->19853 19851->19853 19852 ef5190 41 API calls 19855 efce7b error_info_injector 19852->19855 19853->19852 19854 ef5190 41 API calls 19857 efced9 error_info_injector 19854->19857 19855->19854 19856 ef5190 41 API calls 19860 efcf37 error_info_injector 19856->19860 19857->19856 19858 efdd60 __ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z 5 API calls 19859 efcfd0 19858->19859 19860->19858

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 0 ef7290-ef72e5 1 ef72e9-ef7323 MultiByteToWideChar call efe025 0->1 2 ef72e7 0->2 5 ef7327-ef7379 MultiByteToWideChar call ef59a0 call efe020 1->5 6 ef7325 1->6 2->1 11 ef737d-ef7395 GetFileVersionInfoSizeA 5->11 12 ef737b 5->12 6->5 13 ef739e-ef73cc call efe025 11->13 14 ef7397-ef7399 11->14 12->11 29 ef73ce-ef73d0 13->29 30 ef73d5-ef7496 call ef5190 MultiByteToWideChar call efe025 MultiByteToWideChar call ef59a0 call efe020 VerQueryValueW 13->30 15 ef7c0b-ef7c14 14->15 18 ef7e0d-ef7e29 call efdd60 15->18 19 ef7c1a-ef7c2f 15->19 20 ef7c35-ef7c43 19->20 21 ef7e03-ef7e0a call efdfef 19->21 25 ef7e2c call f0289f 20->25 26 ef7c49 20->26 21->18 32 ef7e31-ef7ec9 call f0289f call ef8e80 call efd683 25->32 26->21 33 ef7c00-ef7c08 call efe020 29->33 50 ef749f-ef74e4 call ef5190 * 2 30->50 51 ef7498-ef749a 30->51 33->15 67 ef74ea 50->67 68 ef7ab1 50->68 52 ef7b5d-ef7b66 51->52 55 ef7b9d-ef7bc0 52->55 56 ef7b68-ef7b7d 52->56 57 ef7bee-ef7bfc 55->57 58 ef7bc2-ef7bce 55->58 60 ef7b7f-ef7b8d 56->60 61 ef7b93-ef7b9a call efdfef 56->61 57->33 62 ef7be4-ef7beb call efdfef 58->62 63 ef7bd0-ef7bde 58->63 60->25 60->61 61->55 62->57 63->25 63->62 71 ef74f0-ef76c0 call eff770 call ef9210 call efbd70 call efd73e call ef9500 call efd73e call ef9500 call efbd70 67->71 72 ef7ab3-ef7abc 68->72 103 ef76e7-ef76ea 71->103 104 ef76c2-ef76cc 71->104 74 ef7abe-ef7acd 72->74 75 ef7aed-ef7b11 72->75 79 ef7acf-ef7add 74->79 80 ef7ae3-ef7aea call efdfef 74->80 76 ef7b13-ef7b22 75->76 77 ef7b42-ef7b56 75->77 82 ef7b38-ef7b3f call efdfef 76->82 83 ef7b24-ef7b32 76->83 77->52 79->25 79->80 80->75 82->77 83->25 83->82 106 ef770e-ef7714 103->106 107 ef76ec-ef76f6 103->107 104->103 105 ef76ce-ef76e5 104->105 108 ef771a-ef771c 105->108 106->108 107->106 109 ef76f8-ef770c 107->109 110 ef771e-ef7731 call ef5d10 108->110 111 ef7733 108->111 109->108 113 ef7739-ef7806 MultiByteToWideChar call efe025 MultiByteToWideChar call ef59a0 call efe020 110->113 111->113 122 ef780c-ef78bf call ef5190 MultiByteToWideChar call efe025 MultiByteToWideChar call ef59a0 call efe020 113->122 123 ef7980-ef798a 113->123 148 ef78c0-ef78c6 122->148 124 ef79be-ef79dc 123->124 125 ef798c-ef799e 123->125 127 ef79de-ef79ea 124->127 128 ef7a0a-ef7aab call ef8e80 call efd683 124->128 129 ef79b4-ef79bb call efdfef 125->129 130 ef79a0-ef79ae 125->130 133 ef79ec-ef79fa 127->133 134 ef7a00-ef7a07 call efdfef 127->134 128->68 128->71 129->124 130->32 130->129 133->32 133->134 134->128 149 ef78c8-ef78cb 148->149 150 ef78e6-ef78e8 148->150 151 ef78cd-ef78d5 149->151 152 ef78e2-ef78e4 149->152 153 ef78eb-ef78ed 150->153 151->150 154 ef78d7-ef78e0 151->154 152->153 155 ef7c4e-ef7c55 153->155 156 ef78f3-ef78fa 153->156 154->148 154->152 157 ef7c57-ef7c66 155->157 158 ef7c86-ef7ca7 155->158 159 ef78fc-ef790b 156->159 160 ef792b-ef794c 156->160 165 ef7c7c-ef7c83 call efdfef 157->165 166 ef7c68-ef7c76 157->166 161 ef7ca9-ef7cb5 158->161 162 ef7cd5-ef7cf1 158->162 167 ef790d-ef791b 159->167 168 ef7921-ef7928 call efdfef 159->168 163 ef794e-ef795a 160->163 164 ef797a 160->164 171 ef7ccb-ef7cd2 call efdfef 161->171 172 ef7cb7-ef7cc5 161->172 175 ef7d25-ef7d43 162->175 176 ef7cf3-ef7d05 162->176 173 ef795c-ef796a 163->173 174 ef7970-ef7977 call efdfef 163->174 164->123 165->158 166->32 166->165 167->32 167->168 168->160 171->162 172->32 172->171 173->32 173->174 174->164 177 ef7d45-ef7d51 175->177 178 ef7d71-ef7dfe call ef8e80 call efd683 175->178 183 ef7d1b-ef7d22 call efdfef 176->183 184 ef7d07-ef7d15 176->184 185 ef7d67-ef7d6e call efdfef 177->185 186 ef7d53-ef7d61 177->186 178->72 183->175 184->32 184->183 185->178 186->32 186->185
APIs
  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,4179717F,00000001,00000000), ref: 00EF72F9
  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,?), ref: 00EF7339
  • GetFileVersionInfoSizeA.KERNELBASE(00000000,00000000,0000002C), ref: 00EF738B
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00EF7410
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00EF7447
  • VerQueryValueW.VERSION(0000002C,?,?,00000000,00000000), ref: 00EF748E
  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00EF7DF1
  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00EF7EB1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ByteCharMultiWide$Ios_base_dtorstd::ios_base::_$FileInfoQuerySizeValueVersion
  • String ID: 0
  • API String ID: 3394069020-4108050209
  • Opcode ID: 69c4ecc452b645454e90a31c1f09997697948bca7e8c0d2715ec7b6c8aa63759
  • Instruction ID: a64958ed59befdb7f9c8f10e1d09e2c80bfe4797e1b4520cde8a49c933956c55
  • Opcode Fuzzy Hash: 69c4ecc452b645454e90a31c1f09997697948bca7e8c0d2715ec7b6c8aa63759
  • Instruction Fuzzy Hash: F472BD71A04218DFDB25DB64CC99BEEBBB1FF48304F144298E549AB291D771AE84CF90

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 197 f09a95-f09aa1 198 f09b33-f09b36 197->198 199 f09aa6-f09ab7 198->199 200 f09b3c 198->200 202 f09ac4-f09add LoadLibraryExW 199->202 203 f09ab9-f09abc 199->203 201 f09b3e-f09b42 200->201 206 f09b43-f09b53 202->206 207 f09adf-f09ae8 GetLastError 202->207 204 f09ac2 203->204 205 f09b5c-f09b5e 203->205 209 f09b30 204->209 205->201 206->205 208 f09b55-f09b56 FreeLibrary 206->208 210 f09b21-f09b2e 207->210 211 f09aea-f09afc call f09068 207->211 208->205 209->198 210->209 211->210 214 f09afe-f09b10 call f09068 211->214 214->210 217 f09b12-f09b1f LoadLibraryExW 214->217 217->206 217->210
APIs
  • FreeLibrary.KERNEL32(00000000,?,00F09BA4,?,?,00000000,?,?,?,00F09DCE,00000022,FlsSetValue,00F1CDE8,00F1CDF0,?), ref: 00F09B56
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: FreeLibrary
  • String ID: api-ms-$ext-ms-
  • API String ID: 3664257935-537541572
  • Opcode ID: b251b9b28f3c8f18291700fc96e2d3afd7130455e2301b585698d0c0cdb2551e
  • Instruction ID: 7bd20d8ba604ebf3bff09243cea8dde96ca31cbe5127283412eef17da75f7e45
  • Opcode Fuzzy Hash: b251b9b28f3c8f18291700fc96e2d3afd7130455e2301b585698d0c0cdb2551e
  • Instruction Fuzzy Hash: 7D21D5B2E09214ABCB219B74AC51B9A3768DF85770F154110ED19A72D2E7B0EE01F6E0
APIs
  • LoadLibraryExA.KERNEL32(?,00000000,00000000,?,00000000,00000000,?,4179717F,?,00000000), ref: 00EFC1B0
  • LoadLibraryA.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000), ref: 00EFC7CB
  • LoadLibraryA.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000), ref: 00EFC971
  • LoadLibraryA.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000), ref: 00EFCBD9
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: LibraryLoad
  • String ID:
  • API String ID: 1029625771-0
  • Opcode ID: d3b26fa807eb3fc3c6d07c63621bb1b119336ade1f16f5c178cd01d69daf6368
  • Instruction ID: 0451790e1c3f1bdf939aa95603421afa680e26ee41b6db8d09793261d5dee1dc
  • Opcode Fuzzy Hash: d3b26fa807eb3fc3c6d07c63621bb1b119336ade1f16f5c178cd01d69daf6368
  • Instruction Fuzzy Hash: F4C2BE71A0064C9FCB08DFA8DD84BBDBBB1FF45304F249258E115AB762D770AA91DB90

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1013 f06a76-f06a82 call f06aa7 1016 f06a94-f06aa0 call f06ac0 ExitProcess 1013->1016 1017 f06a84-f06a8e GetCurrentProcess TerminateProcess 1013->1017 1017->1016
APIs
  • GetCurrentProcess.KERNEL32(?,?,00F06A70,00000016,00F02692,?,?,4179717F,00F02692,?), ref: 00F06A87
  • TerminateProcess.KERNEL32(00000000,?,00F06A70,00000016,00F02692,?,?,4179717F,00F02692,?), ref: 00F06A8E
  • ExitProcess.KERNEL32 ref: 00F06AA0
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: ec4027ae823a8b0371a9e315ec17a25d51aa3e869ff76c72671bfba46777bfd6
  • Instruction ID: 5635c60fba7459ccced427e3e76b2fc9ca5fe6e8766157e4f939308ab0b8d67a
  • Opcode Fuzzy Hash: ec4027ae823a8b0371a9e315ec17a25d51aa3e869ff76c72671bfba46777bfd6
  • Instruction Fuzzy Hash: 69D06C31504208ABCF017F70DC1988D3F6AAA48351B56C010B90DAA0A2CBBE99A6BA90

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1020 f0b154-f0b159 1021 f0b15b-f0b173 1020->1021 1022 f0b181-f0b18a 1021->1022 1023 f0b175-f0b179 1021->1023 1025 f0b19c 1022->1025 1026 f0b18c-f0b18f 1022->1026 1023->1022 1024 f0b17b-f0b17f 1023->1024 1027 f0b1f6-f0b1fa 1024->1027 1030 f0b19e-f0b1ab GetStdHandle 1025->1030 1028 f0b191-f0b196 1026->1028 1029 f0b198-f0b19a 1026->1029 1027->1021 1031 f0b200-f0b203 1027->1031 1028->1030 1029->1030 1032 f0b1d8-f0b1ea 1030->1032 1033 f0b1ad-f0b1af 1030->1033 1032->1027 1034 f0b1ec-f0b1ef 1032->1034 1033->1032 1035 f0b1b1-f0b1ba GetFileType 1033->1035 1034->1027 1035->1032 1036 f0b1bc-f0b1c5 1035->1036 1037 f0b1c7-f0b1cb 1036->1037 1038 f0b1cd-f0b1d0 1036->1038 1037->1027 1038->1027 1039 f0b1d2-f0b1d6 1038->1039 1039->1027
APIs
  • GetStdHandle.KERNEL32(000000F6), ref: 00F0B1A0
  • GetFileType.KERNELBASE(00000000), ref: 00F0B1B2
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: FileHandleType
  • String ID:
  • API String ID: 3000768030-0
  • Opcode ID: 37903d56d4d109c46f7751db083ef28b908cfdf1b1c10df659abc2fc974bbd32
  • Instruction ID: 1f3780902acd45856e32b45000bb91b3e3b5e8f46ac4e6bb4b72474e515707f9
  • Opcode Fuzzy Hash: 37903d56d4d109c46f7751db083ef28b908cfdf1b1c10df659abc2fc974bbd32
  • Instruction Fuzzy Hash: 8911C872A047929AC7304E3F8CE86227A95AB56335B38071ED8BAC65F1C730D986F241

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1040 f09b60-f09b8a 1041 f09b90-f09b92 1040->1041 1042 f09b8c-f09b8e 1040->1042 1044 f09b94-f09b96 1041->1044 1045 f09b98-f09b9f call f09a95 1041->1045 1043 f09be1-f09be4 1042->1043 1044->1043 1047 f09ba4-f09ba8 1045->1047 1048 f09bc7-f09bde 1047->1048 1049 f09baa-f09bb8 GetProcAddress 1047->1049 1051 f09be0 1048->1051 1049->1048 1050 f09bba-f09bc5 call f068d8 1049->1050 1050->1051 1051->1043
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: bf0948426b07759248b61c719fc33865d95c31777e25ad74c7f29d8ba69f4bdc
  • Instruction ID: accbeb124c3d1ccf3eb7822267e61d716a6fe1e7f1e70483cae950bfde4014d6
  • Opcode Fuzzy Hash: bf0948426b07759248b61c719fc33865d95c31777e25ad74c7f29d8ba69f4bdc
  • Instruction Fuzzy Hash: 1301F5B36182295BDB12CA68FC91E6A33AABBC17307644024F904DB1D5EA70D901F790

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: __floor_pentium4
  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
  • API String ID: 4168288129-2761157908
  • Opcode ID: c47c9db5e941c82e9480f88586642692c53fa8aee1161bff8dd811ee3386cd09
  • Instruction ID: 4e74aa5c1897e431ba32f961869fcdb00aadc28f6266e985230b6a7665f68dff
  • Opcode Fuzzy Hash: c47c9db5e941c82e9480f88586642692c53fa8aee1161bff8dd811ee3386cd09
  • Instruction Fuzzy Hash: 60D22672E082298BDB64CE68DC407EAB7B5FB44315F1441EAD40DE7240EB78AED5AF41
APIs
  • GetLocaleInfoW.KERNEL32(00000000,2000000B,00F10E6F,00000002,00000000,?,?,?,00F10E6F,?,00000000), ref: 00F10BF6
  • GetLocaleInfoW.KERNEL32(00000000,20001004,00F10E6F,00000002,00000000,?,?,?,00F10E6F,?,00000000), ref: 00F10C1F
  • GetACP.KERNEL32(?,?,00F10E6F,?,00000000), ref: 00F10C34
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: InfoLocale
  • String ID: ACP$OCP
  • API String ID: 2299586839-711371036
  • Opcode ID: 05909091ac179081669e65faef474bca7d7b6197c4911df8b6914d2e9612932a
  • Instruction ID: e92a74e6b29373cfa8447e1e7fc8a737f63af7a37f5a17bb386cc0bd65223983
  • Opcode Fuzzy Hash: 05909091ac179081669e65faef474bca7d7b6197c4911df8b6914d2e9612932a
  • Instruction Fuzzy Hash: FC21A432E04105AADB34CB14C901BD772A6EFA4B79B568564E906DB104EFB2DDC1F790
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: Concurrency::cancel_current_taskstd::invalid_argument::invalid_argument
  • String ID: +$6$?$p$string too long
  • API String ID: 740074529-1688724251
  • Opcode ID: 913459d5cb122c376be0fd5f83cda3c824150cf928db1ca692b91e09f4625410
  • Instruction ID: 1795313b3c0cf87bf59f5cd2b112babecd3b55743b0ebb43286020e4481797e3
  • Opcode Fuzzy Hash: 913459d5cb122c376be0fd5f83cda3c824150cf928db1ca692b91e09f4625410
  • Instruction Fuzzy Hash: D9F20470C04B4DDAEB11DFA8D9457EEFBB0BF69318F11A309E9547A1A1EB7026C58B40
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00F10E41
  • IsValidCodePage.KERNEL32(00000000), ref: 00F10E7F
  • IsValidLocale.KERNEL32(?,00000001), ref: 00F10E92
  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F10EDA
  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F10EF5
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
  • String ID:
  • API String ID: 415426439-0
  • Opcode ID: a4f8fcb8505c3ad0811d82a62a262f24a2eec1cee590e7d7e119821dec2536af
  • Instruction ID: 34e8dd6ba2b42706e203619e4b7a0424f26db04b294556b3f62d3171d2f67977
  • Opcode Fuzzy Hash: a4f8fcb8505c3ad0811d82a62a262f24a2eec1cee590e7d7e119821dec2536af
  • Instruction Fuzzy Hash: 91517F72E00209ABDF20DFA5DC41AEA77B8EF48710F044469E514E7191EFF499C5EBA1
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • GetACP.KERNEL32(?,?,?,?,?,?,00F07EF8,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F10483
  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F07EF8,?,?,?,00000055,?,-00000050,?,?), ref: 00F104BA
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00F1061D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast$CodeInfoLocalePageValid
  • String ID: utf8
  • API String ID: 607553120-905460609
  • Opcode ID: dfa389aa5bc574b8a247d17b49a9f55525cb57277fa07367172ba667f65b74f8
  • Instruction ID: 8e4f1c8fa2f7554def61b3478beb601721e55ac15d0781c5022f223bf5ee3bc7
  • Opcode Fuzzy Hash: dfa389aa5bc574b8a247d17b49a9f55525cb57277fa07367172ba667f65b74f8
  • Instruction Fuzzy Hash: 9171D971A04305AADB24AB74CC86BEB73A9EF48710F144429F615D71C1FEF4E9C4BA91
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 39e41c954c2eeea8c1e5d4450aca18b344d45dcc35cc1e37f72be339193c7984
  • Instruction ID: 8a4cfb6367202a459fcb21d42cec1cb98bdd926f405eec117b8e8045dee561e6
  • Opcode Fuzzy Hash: 39e41c954c2eeea8c1e5d4450aca18b344d45dcc35cc1e37f72be339193c7984
  • Instruction Fuzzy Hash: 4E024D71E016199BDF14CFA8C8806AEFBF1FF48724F248269D519E7380D775AA419F90
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: Concurrency::cancel_current_task
  • String ID: +$6$?$p
  • API String ID: 118556049-1124119104
  • Opcode ID: 13b64170e87c7df120f1fce070ad746c9996797b3fdbd67294691036bdcc4f27
  • Instruction ID: eadaa4afc79fd45f9b8fe847e71c7f5eadb33f4739acb283a987af948dd4d378
  • Opcode Fuzzy Hash: 13b64170e87c7df120f1fce070ad746c9996797b3fdbd67294691036bdcc4f27
  • Instruction Fuzzy Hash: 29F20470C04B4DDAEB11DFA8D9457EEFBB0BF69318F11A309E9547A1A1EB7026C58B40
APIs
  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00EFE7C1
  • IsDebuggerPresent.KERNEL32 ref: 00EFE88D
  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EFE8A6
  • UnhandledExceptionFilter.KERNEL32(?), ref: 00EFE8B0
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
  • String ID:
  • API String ID: 254469556-0
  • Opcode ID: 18da11cc359befcd8e4b86af68fea7a3885bfcd5b33126598cc7dc991df4a4c7
  • Instruction ID: 0ada9afafdff9fc3b1c0a33b53e3bc276fede07230ba07956e976ec57d24298e
  • Opcode Fuzzy Hash: 18da11cc359befcd8e4b86af68fea7a3885bfcd5b33126598cc7dc991df4a4c7
  • Instruction Fuzzy Hash: E031F875D0521C9BDF20EF64D9497CDBBB8AF08300F1041EAE50CAB250E7B1AB849F85
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 20b88c611e2415a9169925f123be92149e2409bcae848d993454ff19361937b4
  • Instruction ID: da0c772ae939df639dd1582d98fca980295fbed257657e65dafc9780b5fbfdf2
  • Opcode Fuzzy Hash: 20b88c611e2415a9169925f123be92149e2409bcae848d993454ff19361937b4
  • Instruction Fuzzy Hash: 6702C672A005099FCB18DF6CC991ABEB7E5EF94300F14926DEA05EB346D731EA15C790
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F10835
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F1087F
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F10945
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: InfoLocale$ErrorLast
  • String ID:
  • API String ID: 661929714-0
  • Opcode ID: 18b2ed7aebac999339fc8450601bda6f3b0fdd0c6f6c8dc9bb4c81bc9b135348
  • Instruction ID: b157a929a41a8ed87677972e399dd78f2f46bbf98001a8edf9778572ed92c0b5
  • Opcode Fuzzy Hash: 18b2ed7aebac999339fc8450601bda6f3b0fdd0c6f6c8dc9bb4c81bc9b135348
  • Instruction Fuzzy Hash: 7B61967191420B9FEB289F24CC92BFA77A8FF04721F104165E905D6286EBB8D9D1FB50
APIs
  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00F0278B
  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00F02795
  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00F027A2
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$DebuggerPresent
  • String ID:
  • API String ID: 3906539128-0
  • Opcode ID: 6799b598c1ba18b9ab0f1a70ddb39242927ffb7c879887a4eb8f0cd5005c68a7
  • Instruction ID: 304a735262623e1990dd66cb1100c6e1717b28913754b30c119bdaba3d44a4ea
  • Opcode Fuzzy Hash: 6799b598c1ba18b9ab0f1a70ddb39242927ffb7c879887a4eb8f0cd5005c68a7
  • Instruction Fuzzy Hash: 0131C07591122C9BCB61DF24DC887DCBBB8AF08310F5041EAE418A72A0EB709B859F94
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID: %$+
  • API String ID: 0-2626897407
  • Opcode ID: 58b9a55059d020dcec05c96b1f475aa886c2e97bda752db387c9f44de7d400e5
  • Instruction ID: 5a3b8dcf3ec39ffae2175d85c841abecba2e73a54881710a182126cb7e8c4b7a
  • Opcode Fuzzy Hash: 58b9a55059d020dcec05c96b1f475aa886c2e97bda752db387c9f44de7d400e5
  • Instruction Fuzzy Hash: 3C02DD72D1021D9BCB14DFA8DC41BBEBBB5FF88300F144229FA55BB242E734A9059B91
APIs
  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F0B630,?,?,00000008,?,?,00F16C45,00000000), ref: 00F0B862
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ExceptionRaise
  • String ID:
  • API String ID: 3997070919-0
  • Opcode ID: 976dbd3bcad3b1d71430c98a494e56cbd699bb4315bb140312ff0d132e5e3122
  • Instruction ID: 4417e1b0dfb134aa4b0324ea904bcb0ff90b651262f98d615899ddb516cfe961
  • Opcode Fuzzy Hash: 976dbd3bcad3b1d71430c98a494e56cbd699bb4315bb140312ff0d132e5e3122
  • Instruction Fuzzy Hash: 88B14D36610609DFD719CF28C48AB647BE0FF45365F298698E899CF2E1C335D992EB40
APIs
  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EFE342
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: FeaturePresentProcessor
  • String ID:
  • API String ID: 2325560087-0
  • Opcode ID: 15e72c0d90d1f16acbf6b33769e5d9bac0c68f60ac0b1566559764a43f8a47d8
  • Instruction ID: fa78b5eaadf563298d4bc92218a3cd21646a1a4e7c5d7c1e3bdbb015b9e3ed07
  • Opcode Fuzzy Hash: 15e72c0d90d1f16acbf6b33769e5d9bac0c68f60ac0b1566559764a43f8a47d8
  • Instruction Fuzzy Hash: 54519E71900219CBDB29CF58D8957BABBF0FB44B08F14906AD614EB360D374E901CF90
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 17066b73601abc94b5e7b1c8f26d48154772966fa5cb8c9111e1b8e87502e8a2
  • Instruction ID: 0e8f02dbc9798487837b0e7961c707b3e08ec6d38f900b827c60e00360489554
  • Opcode Fuzzy Hash: 17066b73601abc94b5e7b1c8f26d48154772966fa5cb8c9111e1b8e87502e8a2
  • Instruction Fuzzy Hash: F441C2B5C0421CAFDF20DFA8CC89AAABBB9AF45314F1442DDE40DD3241DA349E85AF50
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F10A88
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast$InfoLocale
  • String ID:
  • API String ID: 3736152602-0
  • Opcode ID: e045fce4403b31bca2bdd72763a302635ca2d10a201cd0edbdbfb804e82be68b
  • Instruction ID: d590e8d148533220778dd0332cf457e3e67721b66ca4dad13340b4bcd42468b0
  • Opcode Fuzzy Hash: e045fce4403b31bca2bdd72763a302635ca2d10a201cd0edbdbfb804e82be68b
  • Instruction Fuzzy Hash: E2218672A142069BDB28EB24DC51AFB77ACEF44715B10406AF901D6181EFB9DDC1FB50
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID: 0
  • API String ID: 0-4108050209
  • Opcode ID: 6e14cd30e216967328073fdb0e2ff6b720a928dfad1c04fab952d06fe7bbc28b
  • Instruction ID: 077a7c93ff29e163b3a9b4817b4b4ba2224dea5194ebbc4445936969304cf9e8
  • Opcode Fuzzy Hash: 6e14cd30e216967328073fdb0e2ff6b720a928dfad1c04fab952d06fe7bbc28b
  • Instruction Fuzzy Hash: FCC1CEF0A00686CEDB28CF68C98467ABBF1BF45320F148A19D69297AD1C334BD45FB50
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • EnumSystemLocalesW.KERNEL32(00F107E1,00000001,00000000,?,-00000050,?,00F10E15,00000000,?,?,?,00000055,?), ref: 00F1072D
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem
  • String ID:
  • API String ID: 2417226690-0
  • Opcode ID: 4d94f0b17f5726cfe895f88ed011c1db22b94101dd9e19a24380048161d8ad41
  • Instruction ID: c25b549c772554e532b170aaaf2c1eb8a699583d4823bb0058c2f878bafcb46e
  • Opcode Fuzzy Hash: 4d94f0b17f5726cfe895f88ed011c1db22b94101dd9e19a24380048161d8ad41
  • Instruction Fuzzy Hash: 8C11293B6043055FDB189F38D8A15FAB791FF84368B15442CE94747A80DBB5B982EB40
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F109FD,00000000,00000000,?), ref: 00F10C8F
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast$InfoLocale
  • String ID:
  • API String ID: 3736152602-0
  • Opcode ID: 587b67263fd684ebce23e0b59dd3e63bed8dde53a9f54820eaabaa642f4f175a
  • Instruction ID: fdd28c7fce4cf590a3861c22153b6f31717900a9885cdd7cd3456f9101fdfd99
  • Opcode Fuzzy Hash: 587b67263fd684ebce23e0b59dd3e63bed8dde53a9f54820eaabaa642f4f175a
  • Instruction Fuzzy Hash: 0701D632A04112BBDB185A24CC457FA7768EF40764F154528AD02A31C0EEB4FDC1EFD0
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • EnumSystemLocalesW.KERNEL32(00F10A34,00000001,?,?,-00000050,?,00F10DDD,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00F107A0
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem
  • String ID:
  • API String ID: 2417226690-0
  • Opcode ID: f1cdd0bc242fd4aa7accebac0dd4be016f319f2988c5b960e3ca04ff3dc836bb
  • Instruction ID: 3ba4c69a1a14164e896975a929c75c5d1fe8882cdcbedc6446555e0d1791d6e8
  • Opcode Fuzzy Hash: f1cdd0bc242fd4aa7accebac0dd4be016f319f2988c5b960e3ca04ff3dc836bb
  • Instruction Fuzzy Hash: 64F0F6366043045FDB245F35DC81ABA7B95EF803A8F05842DF9054B6C0DAF5ACC2EA90
APIs
    • Part of subcall function 00F05197: EnterCriticalSection.KERNEL32(?,?,00F06705,00000000,00F23808,0000000C,00F066CD,?,?,00F0A07E,?,?,00F0957E,00000001,00000364,?), ref: 00F051A6
  • EnumSystemLocalesW.KERNEL32(00F098BB,00000001,00F23A30,0000000C,00F09CF0,00000000), ref: 00F09900
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: CriticalEnterEnumLocalesSectionSystem
  • String ID:
  • API String ID: 1272433827-0
  • Opcode ID: 35b8eb8b925548368857af5070285c38ae91603ed520517394e26971f146f62c
  • Instruction ID: a179d3e69aee957a871c8cfbb4bcc05012e413efd42bc04774d683dd0b92c4ed
  • Opcode Fuzzy Hash: 35b8eb8b925548368857af5070285c38ae91603ed520517394e26971f146f62c
  • Instruction Fuzzy Hash: 1FF03C76A04218DFD710DF58E802B9DB7F0EB05720F00806AF411EB2E1DBB95901AF90
APIs
    • Part of subcall function 00F093E0: GetLastError.KERNEL32(00000000,?,00F0CD05), ref: 00F093E4
    • Part of subcall function 00F093E0: SetLastError.KERNEL32(00000000,00000000,?,00000003,000000FF), ref: 00F09486
  • EnumSystemLocalesW.KERNEL32(00F105C9,00000001,?,?,?,00F10E37,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F106A7
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem
  • String ID:
  • API String ID: 2417226690-0
  • Opcode ID: 92c88532cafa9a7b39eec5a2d0c1ccf48c2863cab9613e87ff08a7d200366652
  • Instruction ID: fe06dd107f4459deaff74cdbffaa69767d3ea5dbed120d7560053d65f2eac17f
  • Opcode Fuzzy Hash: 92c88532cafa9a7b39eec5a2d0c1ccf48c2863cab9613e87ff08a7d200366652
  • Instruction Fuzzy Hash: 22F0EC3670020597CB049F35DC55AAA7F55EFC1764B0B4059FA058B691C6B5DCC2E790
APIs
  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00F08A6E,?,20001004,00000000,00000002,?,?,00F08060), ref: 00F09E28
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: InfoLocale
  • String ID:
  • API String ID: 2299586839-0
  • Opcode ID: 8aa13f74ee5ad663affc02262151cb32b3c66a20d0173d11ba13dabdcd518c51
  • Instruction ID: 46b120547e52c1b4294a7002334551dad4b32a810ef0844946d18ceb77991c41
  • Opcode Fuzzy Hash: 8aa13f74ee5ad663affc02262151cb32b3c66a20d0173d11ba13dabdcd518c51
  • Instruction Fuzzy Hash: 03E04F3250812CBBCF126F60DC05E9E3E26EF44760F054015FC05661A2DBB58D20FAE1
APIs
  • SetUnhandledExceptionFilter.KERNEL32(Function_0000E91D,00EFE0E6), ref: 00EFE916
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: 40f57f3391ca67dd3501f2bf189c08efec6dcf52803f35666c6b60be9a48fa76
  • Instruction ID: b9841525c54ac37349fe61160358dadeaba4bf4a55c363b1467dd1a73b606de1
  • Opcode Fuzzy Hash: 40f57f3391ca67dd3501f2bf189c08efec6dcf52803f35666c6b60be9a48fa76
  • Instruction Fuzzy Hash:
APIs
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: HeapProcess
  • String ID:
  • API String ID: 54951025-0
  • Opcode ID: ffae91204d4380064ad878811ad963e87cf5f65813d834286ad8d66f9939b5c3
  • Instruction ID: c91489428cd355464a45a30b17825cd9a39e9dd2c15518300debfd291b87ed06
  • Opcode Fuzzy Hash: ffae91204d4380064ad878811ad963e87cf5f65813d834286ad8d66f9939b5c3
  • Instruction Fuzzy Hash: 48A012303401058F47104F306A082093598A6045D130540145004C4060EB214440A600
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast
  • String ID:
  • API String ID: 1452528299-0
  • Opcode ID: a724d27c81a8e3bdb32226b140e1232de695da4e1824219880ab62b67ee22c98
  • Instruction ID: 095c789412eb0a149faa9bab1f69caa2e3c9f4effa85c9f1481388d95f02b4d5
  • Opcode Fuzzy Hash: a724d27c81a8e3bdb32226b140e1232de695da4e1824219880ab62b67ee22c98
  • Instruction Fuzzy Hash: B4B129759007069BCB389B24CC92BFBB3A9EF44314F14452DE983D6580EAB9A9C5F710
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction ID: 93a69038b34c363ca48e3566408c962f90ca02a9524cf2f511cbda1487d406e5
  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction Fuzzy Hash: 7D117D7720018A63D6048AFED4B47B7E395EFC532872C737AD3816B768D2A2E9419900
APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00EFBB49
  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EFBB95
  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00EFBC6D
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00EFBD02
  • Concurrency::cancel_current_task.LIBCPMT ref: 00EFBD27
  • Concurrency::cancel_current_task.LIBCPMT ref: 00EFBD2C
  • Concurrency::cancel_current_task.LIBCPMT ref: 00EFBD31
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: std::_$Concurrency::cancel_current_task$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
  • String ID: bad locale name$false$true
  • API String ID: 3559308103-1062449267
  • Opcode ID: 14708bb126471e4fc4c4ad294df74bd1a8b8a6aff8326339f8810cffe74b9856
  • Instruction ID: 939e5cafa0d5523b8738d557c1dd43ef19fd9c5fad81b12945bd0272d2596082
  • Opcode Fuzzy Hash: 14708bb126471e4fc4c4ad294df74bd1a8b8a6aff8326339f8810cffe74b9856
  • Instruction Fuzzy Hash: 4771B0B0D003099BEB20DFA4DD05BAEBBF4AF44704F044419E904B7381EBB9DA44DBA2
APIs
  • type_info::operator==.LIBVCRUNTIME ref: 00F016C1
  • ___TypeMatch.LIBVCRUNTIME ref: 00F017CF
  • _UnwindNestedFrames.LIBCMT ref: 00F01921
  • CallUnexpected.LIBVCRUNTIME ref: 00F0193C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
  • String ID: csm$csm$csm
  • API String ID: 2751267872-393685449
  • Opcode ID: c21d03513b1f10860f9d5e26f8a1c0189e1f624b9c0e4247b3a6ed8f15a85267
  • Instruction ID: 67badcc808a38cc62502b5877d5de351931f0f5e4953907ae3edfeee362c33ff
  • Opcode Fuzzy Hash: c21d03513b1f10860f9d5e26f8a1c0189e1f624b9c0e4247b3a6ed8f15a85267
  • Instruction Fuzzy Hash: F6B15972C00209EFCF29DFA4D9819AEB7B5BF14320F14815AE8116B292D735EA51FF91
APIs
  • GetCPInfo.KERNEL32(01580C88,01580C88,?,7FFFFFFF,?,00F15ACA,01580C88,01580C88,?,01580C88,?,?,?,?,01580C88,?), ref: 00F158A0
  • __alloca_probe_16.LIBCMT ref: 00F1595B
  • __alloca_probe_16.LIBCMT ref: 00F159EA
  • __freea.LIBCMT ref: 00F15A35
  • __freea.LIBCMT ref: 00F15A3B
  • __freea.LIBCMT ref: 00F15A71
  • __freea.LIBCMT ref: 00F15A77
  • __freea.LIBCMT ref: 00F15A87
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: __freea$__alloca_probe_16$Info
  • String ID:
  • API String ID: 127012223-0
  • Opcode ID: 1640288c5433a3bda0317c91fa2442573793e919ab1749446b2c52f461ca5fc2
  • Instruction ID: 491e0528d3cbfe033b2115f99b39628f38a464d2f9fdec8c5a9fb82f11cb6819
  • Opcode Fuzzy Hash: 1640288c5433a3bda0317c91fa2442573793e919ab1749446b2c52f461ca5fc2
  • Instruction Fuzzy Hash: AC71D832D44619DFDF219A548C81BFE7BBA9FC5B30F280255E904AB181E739DD80B751
APIs
  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001,?,00000000,00F209F0,00000000,?,bad locale name), ref: 00EFDBBF
  • __alloca_probe_16.LIBCMT ref: 00EFDBEB
  • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000,?,00000000,00F209F0,00000000,?,bad locale name), ref: 00EFDC2A
  • LCMapStringEx.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00F209F0,00000000,?,bad locale name), ref: 00EFDC47
  • LCMapStringEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00F209F0,00000000,?,bad locale name), ref: 00EFDC86
  • __alloca_probe_16.LIBCMT ref: 00EFDCA3
  • LCMapStringEx.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00F209F0,00000000,?,bad locale name), ref: 00EFDCE5
  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,?,00000000,00F209F0,00000000,?,bad locale name), ref: 00EFDD08
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ByteCharMultiStringWide$__alloca_probe_16
  • String ID:
  • API String ID: 2040435927-0
  • Opcode ID: 384563aeade69ba4e45e98b1f73b586a76d8b0e961abacab9ee421aa2b22f7f4
  • Instruction ID: 175691450021b5df999c8c5d04cb42d722acba8262489e98fbe5d0dfa7897dc2
  • Opcode Fuzzy Hash: 384563aeade69ba4e45e98b1f73b586a76d8b0e961abacab9ee421aa2b22f7f4
  • Instruction Fuzzy Hash: 91518C7290421EABEF209FA0CC45FBA7FAAEF44744F165529FA14B7190D7758C10DBA0
APIs
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: _strrchr
  • String ID:
  • API String ID: 3213747228-0
  • Opcode ID: 8cf8a4e958fb70e6082188ae241c71b2402ecdd8f41b759cb994da111dd573f6
  • Instruction ID: 62b641ad1b94d87f529f19640e2d5a89664c271465c59131da0c7106e2e86f70
  • Opcode Fuzzy Hash: 8cf8a4e958fb70e6082188ae241c71b2402ecdd8f41b759cb994da111dd573f6
  • Instruction Fuzzy Hash: 5CB14836E003559FDB11CF68CC81BFE7BA5EF55320F184165E904AB2C2D275A941F7A2
APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00EF6D93
  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EF6DDF
  • __Getctype.LIBCPMT ref: 00EF6DF8
  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00EF6E14
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00EF6EA9
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
  • String ID: bad locale name
  • API String ID: 1840309910-1405518554
  • Opcode ID: d95d01f87744767cb8b955abe6ca4092def95db2aaa2c85130c4b5873362cbc5
  • Instruction ID: c08ac203b5044dc1d67d93cccf2d5fec16795245b32e903b7fea31d076063d0c
  • Opcode Fuzzy Hash: d95d01f87744767cb8b955abe6ca4092def95db2aaa2c85130c4b5873362cbc5
  • Instruction Fuzzy Hash: 505181B6D0424C9BEF10EFA4DC45BAEBBB8AF14704F144129E904BB281E775EA44DB91
APIs
  • _ValidateLocalCookies.LIBCMT ref: 00F010A7
  • ___except_validate_context_record.LIBVCRUNTIME ref: 00F010AF
  • _ValidateLocalCookies.LIBCMT ref: 00F01138
  • __IsNonwritableInCurrentImage.LIBCMT ref: 00F01163
  • _ValidateLocalCookies.LIBCMT ref: 00F011B8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
  • String ID: csm
  • API String ID: 1170836740-1018135373
  • Opcode ID: 968ed58aa8b6b42eb432dc45b012a43ee49edd5c8397c3baba6279187c9e247f
  • Instruction ID: f00c06fe16436f047e08856706264ae02804d1c729494965f51d29991c029a41
  • Opcode Fuzzy Hash: 968ed58aa8b6b42eb432dc45b012a43ee49edd5c8397c3baba6279187c9e247f
  • Instruction Fuzzy Hash: 0E41AE34E00218ABCF14DFA8CC84A9EBBB9BF05324F148155E914AB3D2D735EA51FB91
APIs
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,4179717F,?,?), ref: 00EF8196
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00EF81D5
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 00EF8220
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00EF8255
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 00EF8299
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00EF82CC
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 00EF8313
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00EF834C
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ByteCharMultiWide
  • String ID:
  • API String ID: 626452242-0
  • Opcode ID: ab0f9e7a3bdc5cfc7ab5cbfc05e81a6a3e0a5921f90b46baa9e01586412952d8
  • Instruction ID: 6198a4615dc8db1a29580448c9da74b71d313a6a3d712e198adb114b11b650ee
  • Opcode Fuzzy Hash: ab0f9e7a3bdc5cfc7ab5cbfc05e81a6a3e0a5921f90b46baa9e01586412952d8
  • Instruction Fuzzy Hash: C7D17C71A00218AFDB28DFA4CC95BAEBBB5FF48304F204129E615BB291DB71AD41DF51
APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00EFB6D6
  • std::_Lockit::_Lockit.LIBCPMT ref: 00EFB6F9
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00EFB719
  • std::_Facet_Register.LIBCPMT ref: 00EFB78B
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00EFB7A3
  • Concurrency::cancel_current_task.LIBCPMT ref: 00EFB7C6
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
  • String ID:
  • API String ID: 2081738530-0
  • Opcode ID: 5afc21b5bae9d74040ce35b5296043080487e329b81989b65cf0874afbb14697
  • Instruction ID: 9e729e34dbbde535b6084ec6e8071cc4a5a86bb2e3da13f24e57d1feb3e48e8c
  • Opcode Fuzzy Hash: 5afc21b5bae9d74040ce35b5296043080487e329b81989b65cf0874afbb14697
  • Instruction Fuzzy Hash: 98416B7190025E8FCB21EF54C881ABEBBB5FB84724F14425AEA15B72A1E730AD41CB91
APIs
  • GetLastError.KERNEL32(?,?,00F0122B,00EFF138,00EFE961), ref: 00F01242
  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F01250
  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F01269
  • SetLastError.KERNEL32(00000000,00F0122B,00EFF138,00EFE961), ref: 00F012BB
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLastValue___vcrt_
  • String ID:
  • API String ID: 3852720340-0
  • Opcode ID: 7171ba32859582d726b5b8c7034d0a12013d8f9b02d97da3bb67b1abd350be56
  • Instruction ID: 5fe85b93f5fdc271538924c3985cee08d730b52e25e45d69cbc60888aa6e1395
  • Opcode Fuzzy Hash: 7171ba32859582d726b5b8c7034d0a12013d8f9b02d97da3bb67b1abd350be56
  • Instruction Fuzzy Hash: 79014732609B135EE7346B747CE9A6B3B46FB01B713200329F921C10E2EF610C0171D1
APIs
  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,4179717F,?,?,00000000,00F185EE,000000FF,?,00F06A9C,?,?,00F06A70,00000016), ref: 00F06AF5
  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F06B07
  • FreeLibrary.KERNEL32(00000000,?,00000000,00F185EE,000000FF,?,00F06A9C,?,?,00F06A70,00000016), ref: 00F06B29
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: 7805c383e62aeb7f3e96b1d30d551c2d83f9bc4161dbd3ac2554ccb8c2aaee1f
  • Instruction ID: b792dec3128d6f2185f95556d6110a076281191aa84f99c56f792d8da3be6e1c
  • Opcode Fuzzy Hash: 7805c383e62aeb7f3e96b1d30d551c2d83f9bc4161dbd3ac2554ccb8c2aaee1f
  • Instruction Fuzzy Hash: EC018471954619EFDB119B50CC15FEEBBB8FB48B24F014125E811E22D0DBB4D900EA80
APIs
  • __alloca_probe_16.LIBCMT ref: 00F0C72C
  • __alloca_probe_16.LIBCMT ref: 00F0C7F5
  • __freea.LIBCMT ref: 00F0C85C
    • Part of subcall function 00F0A0E2: HeapAlloc.KERNEL32(00000000,?,?,?,00EFEF34,?,?,?,?,?,00EF10C3,?,?), ref: 00F0A114
  • __freea.LIBCMT ref: 00F0C86F
  • __freea.LIBCMT ref: 00F0C87C
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: __freea$__alloca_probe_16$AllocHeap
  • String ID:
  • API String ID: 1096550386-0
  • Opcode ID: f8a09368d351a0d00685ef0f8fc0463a1d16b69f6cdf2eedeffaac5c63e0cf6c
  • Instruction ID: 8ff1a7bb11e38e8238679abcc736266331be8cf7bf31f98398f6dc4ff53b07d7
  • Opcode Fuzzy Hash: f8a09368d351a0d00685ef0f8fc0463a1d16b69f6cdf2eedeffaac5c63e0cf6c
  • Instruction Fuzzy Hash: 9651C272A00206ABEB215F65CC81EBF3AEAEF85720F158729FD04D6191E775CC50B6E4
APIs
  • __EH_prolog3.LIBCMT ref: 00EFD43F
  • std::_Lockit::_Lockit.LIBCPMT ref: 00EFD44A
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00EFD4B8
    • Part of subcall function 00EFD59B: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00EFD5B3
  • std::locale::_Setgloballocale.LIBCPMT ref: 00EFD465
  • _Yarn.LIBCPMT ref: 00EFD47B
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
  • String ID:
  • API String ID: 1088826258-0
  • Opcode ID: 2200d7d5f1cd6a6aec0bc000eb7b59aff2b7a2a33ee45d26558d2744b54d6c76
  • Instruction ID: a7daa20c14424543b208a18ebb77ae9d6e88477f97d2653a4647e71509b43c21
  • Opcode Fuzzy Hash: 2200d7d5f1cd6a6aec0bc000eb7b59aff2b7a2a33ee45d26558d2744b54d6c76
  • Instruction Fuzzy Hash: F101BC75A091199BE706EF20CC559BC7BB3FF84350B045008EA1267391EF74AA42EBC2
APIs
  • ___std_exception_copy.LIBVCRUNTIME ref: 00EF71EF
    • Part of subcall function 00EFF16D: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EF116C,?,?,?,?,00EF116C,?,00F23C94), ref: 00EFF1CD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ExceptionRaise___std_exception_copy
  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
  • API String ID: 3109751735-1866435925
  • Opcode ID: 557857338e790413f691012ec52b2ce02b6f3796fff41e1cdc77e36dbe2acfbd
  • Instruction ID: 8991e2772f0409628c7d5c42ae182ff5047bd55cceecfa6264dd014698fd0a12
  • Opcode Fuzzy Hash: 557857338e790413f691012ec52b2ce02b6f3796fff41e1cdc77e36dbe2acfbd
  • Instruction Fuzzy Hash: D711E4B390470C6BC710DF58D801BE6B3E8AF44310F54852AFA98E7242FB70E949CBA1
APIs
  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00F02338,00000000,?,00F26558,?,?,?,00F024DB,00000004,InitializeCriticalSectionEx,00F1AB70,InitializeCriticalSectionEx), ref: 00F02394
  • GetLastError.KERNEL32(?,00F02338,00000000,?,00F26558,?,?,?,00F024DB,00000004,InitializeCriticalSectionEx,00F1AB70,InitializeCriticalSectionEx,00000000,?,00F02122), ref: 00F0239E
  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00F023C6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: LibraryLoad$ErrorLast
  • String ID: api-ms-
  • API String ID: 3177248105-2084034818
  • Opcode ID: 424d27a267178f2a7f7de092b8cbffafb3be4dc2a5d78604efb9b835e356031c
  • Instruction ID: d9c06dc364982486435ce264ecdf7b8eeec8aeb9796758478281921b9ac36b6b
  • Opcode Fuzzy Hash: 424d27a267178f2a7f7de092b8cbffafb3be4dc2a5d78604efb9b835e356031c
  • Instruction Fuzzy Hash: 89E01230644208F6DB111B70EC1AB983B5A9B00B64F104020F90CA40E1D7A59954B6A5
APIs
  • GetConsoleOutputCP.KERNEL32(4179717F,00000000,00000000,?), ref: 00F141DE
    • Part of subcall function 00F0CE83: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F0C852,?,00000000,-00000008), ref: 00F0CEE4
  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F14430
  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F14476
  • GetLastError.KERNEL32 ref: 00F14519
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
  • String ID:
  • API String ID: 2112829910-0
  • Opcode ID: 14de2404d506f0d1440ec406a3de6015729bc77eb2c9179008093006b236837a
  • Instruction ID: 534cdd21aeefc40cf9d9ee1425d89248c2b049c051a6382895ac74d37a423411
  • Opcode Fuzzy Hash: 14de2404d506f0d1440ec406a3de6015729bc77eb2c9179008093006b236837a
  • Instruction Fuzzy Hash: 90D16BB5D042589FCF15CFE8D890AEDBBB5FF48310F28416AE925EB351D630A982DB50
APIs
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: AdjustPointer
  • String ID:
  • API String ID: 1740715915-0
  • Opcode ID: 7e6009ec590c222611cc00ea6450dc3764aec331a286f81f529705939bc087b2
  • Instruction ID: 640a37033cd71a0b2d6a2138ec3eb319694a6faffb7065db62e28ac9fc4ab67d
  • Opcode Fuzzy Hash: 7e6009ec590c222611cc00ea6450dc3764aec331a286f81f529705939bc087b2
  • Instruction Fuzzy Hash: 3851CE7AA04206AFDB29CF50D841BBAB3A4FF01720F24452DE941966F1D735ED41FB90
APIs
    • Part of subcall function 00F0CE83: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F0C852,?,00000000,-00000008), ref: 00F0CEE4
  • GetLastError.KERNEL32 ref: 00F0D1A8
  • __dosmaperr.LIBCMT ref: 00F0D1AF
  • GetLastError.KERNEL32(?,?,?,?), ref: 00F0D1E9
  • __dosmaperr.LIBCMT ref: 00F0D1F0
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
  • String ID:
  • API String ID: 1913693674-0
  • Opcode ID: bcf8c01252a580fb6a1115bc7ec2f7b636ce883ca6692e168de79c489d489062
  • Instruction ID: 8f76d07f1ac7b8b8c76a6933935877e3d568585df44f2a0d095a2ec75afbeb50
  • Opcode Fuzzy Hash: bcf8c01252a580fb6a1115bc7ec2f7b636ce883ca6692e168de79c489d489062
  • Instruction Fuzzy Hash: BA21A471A00205AFDB20AFB5CC9496BB7AEFF043747108519F869972D1DB35EC50BBA0
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 7267509823f3ff7ebe1a7e876671b39ba8e4e5f2ca0138b8478b31e88524125e
  • Instruction ID: 04229845bffe6e5a5998fcc2c64c638c455b1f8e4a0754f9448a3c8c0b9d1782
  • Opcode Fuzzy Hash: 7267509823f3ff7ebe1a7e876671b39ba8e4e5f2ca0138b8478b31e88524125e
  • Instruction Fuzzy Hash: 0021AC72A0020AAFCF20AFB1DC4496B77A9EF40378B114929F959D72D0D734EC20B7A0
APIs
  • GetEnvironmentStringsW.KERNEL32 ref: 00F0E0D4
    • Part of subcall function 00F0CE83: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F0C852,?,00000000,-00000008), ref: 00F0CEE4
  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F0E10C
  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F0E12C
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
  • String ID:
  • API String ID: 158306478-0
  • Opcode ID: e6c4f83820005afb9a06ab72c103bdef3fb96b4a3f3388cb090bc934235777c5
  • Instruction ID: 04b88ed82de2218c2e028d41d3e0f750efc210924ee71e339febdd773a10c3e4
  • Opcode Fuzzy Hash: e6c4f83820005afb9a06ab72c103bdef3fb96b4a3f3388cb090bc934235777c5
  • Instruction Fuzzy Hash: EA11C4B2905619BFEB2527719C8ACAF7A6CDF993A47114425F90191181FA748E04B1B1
APIs
  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00F15AFD,00000000,00000001,00000000,?,?,00F1456D,?,00000000,00000000), ref: 00F169AD
  • GetLastError.KERNEL32(?,00F15AFD,00000000,00000001,00000000,?,?,00F1456D,?,00000000,00000000,?,?,?,00F14B10,00000000), ref: 00F169B9
    • Part of subcall function 00F1697F: CloseHandle.KERNEL32(FFFFFFFE,00F169C9,?,00F15AFD,00000000,00000001,00000000,?,?,00F1456D,?,00000000,00000000,?,?), ref: 00F1698F
  • ___initconout.LIBCMT ref: 00F169C9
    • Part of subcall function 00F16941: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F16970,00F15AEA,?,?,00F1456D,?,00000000,00000000,?), ref: 00F16954
  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00F15AFD,00000000,00000001,00000000,?,?,00F1456D,?,00000000,00000000,?), ref: 00F169DE
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
  • String ID:
  • API String ID: 2744216297-0
  • Opcode ID: 17ad2a41e9be441431561482bb21c2719c3bafca3ffb091cd57d95bd02bbdc1e
  • Instruction ID: 12f0b5cae8655451c2358f16f690a086e3218125828033f8fe8b46c5f56fbd4c
  • Opcode Fuzzy Hash: 17ad2a41e9be441431561482bb21c2719c3bafca3ffb091cd57d95bd02bbdc1e
  • Instruction Fuzzy Hash: A1F01C3650412DBBCF222F95DC4AAD93F66FB087B1B414210FA1995120C6328860FFD0
APIs
Strings
  • bad locale name, xrefs: 00EFB23A
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: _strcspn
  • String ID: bad locale name
  • API String ID: 3709121408-1405518554
  • Opcode ID: 6453cbede0b2ee36074408382a4173c7b54e5de893f5199c825267e84c4d5bb8
  • Instruction ID: 16b54e1e497399a843fbf8048a56af88e6d05c6d698b4f6bf0cb06dc4268d8d1
  • Opcode Fuzzy Hash: 6453cbede0b2ee36074408382a4173c7b54e5de893f5199c825267e84c4d5bb8
  • Instruction Fuzzy Hash: 1CE18DB5A0024D9FDF04CFA8C884AFEBBB9FF48304F148169E915AB352D734A945DB91
APIs
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?), ref: 00EF8638
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00EF8674
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,00000000), ref: 00EF86B8
  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00000000), ref: 00EF86EB
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ByteCharMultiWide
  • String ID:
  • API String ID: 626452242-0
  • Opcode ID: fb53eb47859016aee7435b5981baa7a5166a4646295f4ab72b900de38c93cd57
  • Instruction ID: b5bd878c37d5fe83a59166ee2fc54737e12655ee3161ab18608822b524b427c4
  • Opcode Fuzzy Hash: fb53eb47859016aee7435b5981baa7a5166a4646295f4ab72b900de38c93cd57
  • Instruction Fuzzy Hash: 6DF1FF71A002089FCB18DF68C985BBEBBF1FF89314F145258EA55AB291CB70AC41CB51
APIs
  • ___std_exception_copy.LIBVCRUNTIME ref: 00EF71EF
    • Part of subcall function 00EFF16D: RaiseException.KERNEL32(E06D7363,00000001,00000003,00EF116C,?,?,?,?,00EF116C,?,00F23C94), ref: 00EFF1CD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: ExceptionRaise___std_exception_copy
  • String ID: ios_base::badbit set$ios_base::failbit set
  • API String ID: 3109751735-1240500531
  • Opcode ID: bcf5a729b3f1297076b456bb168da4f3ed4ec2d5c931b04ccd993a954610fd2b
  • Instruction ID: ae42347aba36953be780add2196b4f14b96c42aca55d13887bac8bc3df8c6bf5
  • Opcode Fuzzy Hash: bcf5a729b3f1297076b456bb168da4f3ed4ec2d5c931b04ccd993a954610fd2b
  • Instruction Fuzzy Hash: 8351F8B291420CABC714DF58DC41BBAF7F8EF45310F14822AFA55A7781E770A945CBA1
APIs
  • Concurrency::cancel_current_task.LIBCPMT ref: 00EF5E39
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: Concurrency::cancel_current_task
  • String ID: c$c
  • API String ID: 118556049-3934566722
  • Opcode ID: 3ff6f3bc8dce4274845227a39e3a2700d499e13f6d463e536c63c7f86d0fa061
  • Instruction ID: 88b258f6599091a43ede357a0942921a15b61566438b5819407b2bae83c412b0
  • Opcode Fuzzy Hash: 3ff6f3bc8dce4274845227a39e3a2700d499e13f6d463e536c63c7f86d0fa061
  • Instruction Fuzzy Hash: EF314673A0190C9BC7249E68D884A7EB7E9EF55360F24137AE725EB381D7329E408791
APIs
  • EncodePointer.KERNEL32(00000000,?), ref: 00F0196C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.853190863.0000000000EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
  • Associated: 00000000.00000002.853169855.0000000000EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853217491.0000000000F19000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853236657.0000000000F25000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.853250912.0000000000F27000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_ef0000_Gather Proxy.jbxd
Similarity
  • API ID: EncodePointer
  • String ID: MOC$RCC
  • API String ID: 2118026453-2084237596
  • Opcode ID: e6470041768846034959f89f2ca7959bebf2f7df17e93cf50330615525cc04c6
  • Instruction ID: f57ad9b51f0cc5743643b21dd5a51d52720e0527ceed21555c7fdfb28da4f435
  • Opcode Fuzzy Hash: e6470041768846034959f89f2ca7959bebf2f7df17e93cf50330615525cc04c6
  • Instruction Fuzzy Hash: 14417B32E00109EFCF15CF98DD81AEEBBB5BF49314F154159F904A72A1D3399950EB50