Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report anchorAsjuster_x64.exe

Overview

General Information

Sample Name:anchorAsjuster_x64.exe
Analysis ID:381815
MD5:9fbc3d560d075f33a15aa67ae74ac6ef
SHA1:a298c6f5f8902fb581a1b5b922f95b362747f9a7
SHA256:3ab8a1ee10bd1b720e1c8a8795e78cdc09fec73a6bb91526c0ccd2dc2cfbc28d
Infos:

Most interesting Screenshot:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Startup

  • System is w10x64
  • anchorAsjuster_x64.exe (PID: 6848 cmdline: 'C:\Users\user\Desktop\anchorAsjuster_x64.exe' MD5: 9FBC3D560D075F33A15AA67AE74AC6EF)
    • conhost.exe (PID: 6860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: anchorAsjuster_x64.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FBCE8 FindFirstFileExA,0_2_00007FF7FE6FBCE8
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6F36940_2_00007FF7FE6F3694
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6F9F6C0_2_00007FF7FE6F9F6C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6F410C0_2_00007FF7FE6F410C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FD8E80_2_00007FF7FE6FD8E8
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6EF8C00_2_00007FF7FE6EF8C0
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FED700_2_00007FF7FE6FED70
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6EFDDA0_2_00007FF7FE6EFDDA
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE70062C0_2_00007FF7FE70062C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6EEE9C0_2_00007FF7FE6EEE9C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E23780_2_00007FF7FE6E2378
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6ED4140_2_00007FF7FE6ED414
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E5BF00_2_00007FF7FE6E5BF0
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6F43F00_2_00007FF7FE6F43F0
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6EF4780_2_00007FF7FE6EF478
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FB1840_2_00007FF7FE6FB184
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE7011C00_2_00007FF7FE7011C0
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6ED1980_2_00007FF7FE6ED198
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FBADC0_2_00007FF7FE6FBADC
Source: classification engineClassification label: clean4.winEXE@2/1@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6860:120:WilError_01
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\anchorAsjuster_x64.exe 'C:\Users\user\Desktop\anchorAsjuster_x64.exe'
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: anchorAsjuster_x64.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: anchorAsjuster_x64.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: anchorAsjuster_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: anchorAsjuster_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: anchorAsjuster_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: anchorAsjuster_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: anchorAsjuster_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: anchorAsjuster_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: anchorAsjuster_x64.exeStatic PE information: section name: .table
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E5BF0 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7FE6E5BF0
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeAPI coverage: 8.2 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FBCE8 FindFirstFileExA,0_2_00007FF7FE6FBCE8
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E6F90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FE6E6F90
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6F9DA4 GetProcessHeap,0_2_00007FF7FE6F9DA4
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E6B1C SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF7FE6E6B1C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E6F90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FE6E6F90
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6EA524 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7FE6EA524
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E7174 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7FE6E7174
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E712C SetUnhandledExceptionFilter,0_2_00007FF7FE6E712C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6FB5C0 cpuid 0_2_00007FF7FE6FB5C0
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: EnumSystemLocalesW,0_2_00007FF7FE6FF7A4
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7FE6FF83C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: EnumSystemLocalesW,0_2_00007FF7FE6F589C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7FE6FFDB4
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: GetLocaleInfoW,0_2_00007FF7FE6F5E28
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: EnumSystemLocalesW,0_2_00007FF7FE6FF6D4
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF7FE6FFBCC
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: TranslateName,TranslateName,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,0_2_00007FF7FE6FF3C8
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: GetLocaleInfoW,0_2_00007FF7FE6FFC7C
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: GetLocaleInfoW,0_2_00007FF7FE6FFA80
Source: C:\Users\user\Desktop\anchorAsjuster_x64.exeCode function: 0_2_00007FF7FE6E7410 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7FE6E7410

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationApplication Shimming1Process Injection1Process Injection1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1RootkitLSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery22Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 381815 Sample: anchorAsjuster_x64.exe Startdate: 05/04/2021 Architecture: WINDOWS Score: 4 5 anchorAsjuster_x64.exe 1 2->5         started        process3 7 conhost.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
anchorAsjuster_x64.exe0%VirustotalBrowse
anchorAsjuster_x64.exe0%MetadefenderBrowse
anchorAsjuster_x64.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:31.0.0 Emerald
Analysis ID:381815
Start date:05.04.2021
Start time:07:43:06
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 10m 42s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:anchorAsjuster_x64.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:33
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean4.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 99.8% (good quality ratio 89.1%)
  • Quality average: 66.7%
  • Quality standard deviation: 32.4%
HCA Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe, wuapihost.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv
Process:C:\Users\user\Desktop\anchorAsjuster_x64.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):187
Entropy (8bit):4.545348375410866
Encrypted:false
SSDEEP:3:DKRiarkqIW6ASHXKmNFdQIRWE9bG7B0QnVfLNs2FpEfagI7K3Zd1iLGzu:UiavIf2mNF4PnVfLNNqaN7K3HgLGC
MD5:BAED04BFD3B79BC98853D251DBA62A67
SHA1:5498DCB595F174BB218818DCB52ABCDA3708C4C0
SHA-256:8C0065330440AED0572ACE8B2280C3AD791BDAECBB7365500BD920D4DA76E67E
SHA-512:2852D4B7C28FAF760D649B2656D6BAE801F2DFD31A92FF746700223945BA68DE43A89CB6EB74C39F1F6ADDC53E459EF46D305A0E27EFA396891A39C918B5A986
Malicious:false
Reputation:low
Preview: using:..anchorAdjuster* --source=<source file> --target=<target file> --domain=<domain name> --period=<recurrence interval, minutes, default value 15> -guid --count=<count of instances>..

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.213531483690189
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:anchorAsjuster_x64.exe
File size:251904
MD5:9fbc3d560d075f33a15aa67ae74ac6ef
SHA1:a298c6f5f8902fb581a1b5b922f95b362747f9a7
SHA256:3ab8a1ee10bd1b720e1c8a8795e78cdc09fec73a6bb91526c0ccd2dc2cfbc28d
SHA512:9a931c1097f1dab9c9cdad72d4e6bfee5de0fceb42ba2abf8e0465e14a9f70398859ac04fe6f95da29f12b9141064e3bf266466c88fb5d124a3c9712f0f8226b
SSDEEP:6144:Hd4lhu6GoFmaVZtN2TsiLgTU/vvst+/VbuohslJ89:4h/xxVLgTs0Eo1
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gLt.#-..#-..#-......)-.......-......:-...s..+-......&-..#-..F-...s...-...s...-...s.."-...s.."-...s.."-..Rich#-..........PE..d..

File Icon

Icon Hash:00828e8e8686b000

Static PE Info

General

Entrypoint:0x140006cb0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:0x5FB663CB [Thu Nov 19 12:23:39 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:9859b7a32d1227be2ca925c81ae9265e

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F02D8B15D4Ch
dec eax
add esp, 28h
jmp 00007F02D8B1546Bh
int3
int3
dec eax
jmp dword ptr [000205EDh]
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 10h
dec esp
mov dword ptr [esp], edx
dec esp
mov dword ptr [esp+08h], ebx
dec ebp
xor ebx, ebx
dec esp
lea edx, dword ptr [esp+18h]
dec esp
sub edx, eax
dec ebp
cmovb edx, ebx
dec esp
mov ebx, dword ptr [00000010h]
dec ebp
cmp edx, ebx
jnc 00007F02D8B1560Ah
inc cx
and edx, 8D4DF000h
wait
add al, dh

Rich Headers

Programming Language:
  • [C++] VS2015 UPD3.1 build 24215
  • [LNK] VS2015 UPD3.1 build 24215
  • [RES] VS2015 UPD3 build 24213

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x3aa540x3c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x288.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3f0000x201c.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x450000xc9c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x371300x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x371e80x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x371500x94.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x270000x2b8.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x241e40x24200False0.565541198097data6.49668233417IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.table0x260000x100x200False0.056640625ASCII text, with no line terminators0.325622324313IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0x270000x1437a0x14400False0.454005111883data5.10892339018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x3c0000x2a440x1200False0.183376736111DOS executable (block device driver)2.91992785428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata0x3f0000x201c0x2200False0.465303308824data5.15876908171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids0x420000x25c0x400False0.3408203125data2.58710213479IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls0x430000x90x200False0.033203125data0.0203931352361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc0x440000x2880x400False0.33203125data3.84963157688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x450000xc9c0xe00False0.394810267857data5.25273619363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountry
RT_MANIFEST0x440600x224XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminatorsEnglishUnited States

Imports

DLLImport
ole32.dllCoInitialize, CoCreateGuid, CoUninitialize
KERNEL32.dllGetLastError, HeapSize, WriteConsoleW, CreateFileW, GetTickCount, WideCharToMultiByte, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, MultiByteToWideChar, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, CompareStringW, LCMapStringW, GetLocaleInfoW, GetStringTypeW, GetCPInfo, CloseHandle, SetEvent, ResetEvent, WaitForSingleObjectEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetEndOfFile, FreeLibrary, LoadLibraryExW, HeapAlloc, HeapFree, HeapReAlloc, ExitProcess, GetModuleHandleExW, GetModuleFileNameA, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, GetACP, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, ReadFile, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleCP, FlushFileBuffers, GetProcessHeap, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetStdHandle

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: anchorAsjuster_x64.exe PID: 6848 Parent PID: 5916

General

Start time:07:43:50
Start date:05/04/2021
Path:C:\Users\user\Desktop\anchorAsjuster_x64.exe
Wow64 process (32bit):false
Commandline:'C:\Users\user\Desktop\anchorAsjuster_x64.exe'
Imagebase:0x7ff7fe6e0000
File size:251904 bytes
MD5 hash:9FBC3D560D075F33A15AA67AE74AC6EF
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Chronological Activities

Analysis Process: conhost.exe PID: 6860 Parent PID: 6848

General

Start time:07:43:51
Start date:05/04/2021
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff724c50000
File size:625664 bytes
MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

Chronological Activities

Disassembly

Code Analysis

Reset < >

    Analysis Process: anchorAsjuster_x64.exe PID: 6848 Parent PID: 5916 anchorAsjuster_x64.exeCOMMON

    Execution Graph

    Execution Coverage:4.4%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:9.5%
    Total number of Nodes:1809
    Total number of Limit Nodes:44

    Graph

    execution_graph 17308 7ff7fe6e4888 17309 7ff7fe6e48cd 17308->17309 17310 7ff7fe6e48a4 17308->17310 17310->17309 17312 7ff7fe6ee49c 17310->17312 17313 7ff7fe6ee4b3 17312->17313 17314 7ff7fe6ee4ba 17312->17314 17320 7ff7fe6ee3b8 17313->17320 17328 7ff7fe6eb5cc EnterCriticalSection 17314->17328 17329 7ff7fe6eeb20 EnterCriticalSection 17320->17329 15831 7ff7fe704f73 15832 7ff7fe704f85 15831->15832 15833 7ff7fe704f8f 15831->15833 15835 7ff7fe6eeb74 LeaveCriticalSection 15832->15835 17367 7ff7fe6f7e70 17368 7ff7fe6f7e99 17367->17368 17372 7ff7fe6f7eb1 17367->17372 17369 7ff7fe6ea860 fread_s 15 API calls 17368->17369 17371 7ff7fe6f7e9e 17369->17371 17370 7ff7fe6f7f2c 17373 7ff7fe6ea860 fread_s 15 API calls 17370->17373 17374 7ff7fe6ea880 memcpy_s 15 API calls 17371->17374 17372->17370 17375 7ff7fe6f7ee4 17372->17375 17376 7ff7fe6f7f31 17373->17376 17390 7ff7fe6f7ea6 17374->17390 17391 7ff7fe6fd470 EnterCriticalSection 17375->17391 17378 7ff7fe6ea880 memcpy_s 15 API calls 17376->17378 17380 7ff7fe6f7f39 17378->17380 17383 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 17380->17383 17383->17390 16371 7ff7fe6f535c 16372 7ff7fe6f5361 16371->16372 16373 7ff7fe6f5376 16371->16373 16377 7ff7fe6f537c 16372->16377 16378 7ff7fe6f53be 16377->16378 16379 7ff7fe6f53c6 16377->16379 16380 7ff7fe6ef79c __free_lconv_num 15 API calls 16378->16380 16381 7ff7fe6ef79c __free_lconv_num 15 API calls 16379->16381 16380->16379 16382 7ff7fe6f53d3 16381->16382 16383 7ff7fe6ef79c __free_lconv_num 15 API calls 16382->16383 16384 7ff7fe6f53e0 16383->16384 16385 7ff7fe6ef79c __free_lconv_num 15 API calls 16384->16385 16386 7ff7fe6f53ed 16385->16386 16387 7ff7fe6ef79c __free_lconv_num 15 API calls 16386->16387 16388 7ff7fe6f53fa 16387->16388 16389 7ff7fe6ef79c __free_lconv_num 15 API calls 16388->16389 16390 7ff7fe6f5407 16389->16390 16391 7ff7fe6ef79c __free_lconv_num 15 API calls 16390->16391 16392 7ff7fe6f5414 16391->16392 16393 7ff7fe6ef79c __free_lconv_num 15 API calls 16392->16393 16394 7ff7fe6f5421 16393->16394 16395 7ff7fe6ef79c __free_lconv_num 15 API calls 16394->16395 16396 7ff7fe6f5431 16395->16396 16397 7ff7fe6ef79c __free_lconv_num 15 API calls 16396->16397 16398 7ff7fe6f5441 16397->16398 16403 7ff7fe6f5164 16398->16403 16417 7ff7fe6eeb20 EnterCriticalSection 16403->16417 16419 7ff7fe6e4558 16420 7ff7fe6e4575 16419->16420 16422 7ff7fe6e458b 16420->16422 16423 7ff7fe6eea78 16420->16423 16424 7ff7fe6eeaad 16423->16424 16425 7ff7fe6eea98 16423->16425 16435 7ff7fe6eb5cc EnterCriticalSection 16424->16435 16427 7ff7fe6ea880 memcpy_s 15 API calls 16425->16427 16429 7ff7fe6eea9d 16427->16429 16430 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16429->16430 16432 7ff7fe6eeaa8 16430->16432 16432->16422 17411 7ff7fe704e53 17414 7ff7fe6eeb74 LeaveCriticalSection 17411->17414 16444 7ff7fe6f6d44 16445 7ff7fe6f6d70 16444->16445 16446 7ff7fe6f6d5a 16444->16446 16456 7ff7fe6eb5cc EnterCriticalSection 16445->16456 16448 7ff7fe6ea880 memcpy_s 15 API calls 16446->16448 16450 7ff7fe6f6d5f 16448->16450 16452 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16450->16452 16454 7ff7fe6f6d6a 16452->16454 17499 7ff7fe6f2c40 17500 7ff7fe6f50dc FindHandlerForForeignException 35 API calls 17499->17500 17501 7ff7fe6f2c45 17500->17501 17513 7ff7fe6eeb74 LeaveCriticalSection 17501->17513 17503 7ff7fe6f2c50 17504 7ff7fe6f2c5c 17503->17504 17506 7ff7fe6f2c78 17503->17506 17514 7ff7fe6f6260 17506->17514 17509 7ff7fe6f2cb1 17511 7ff7fe6f2cc4 3 API calls 17509->17511 17510 7ff7fe6f2ca0 GetCurrentProcess TerminateProcess 17510->17509 17512 7ff7fe6f2cb8 ExitProcess 17511->17512 17515 7ff7fe6f627e 17514->17515 17517 7ff7fe6f2c85 17514->17517 17516 7ff7fe6f5934 __vcrt_uninitialize_ptd 5 API calls 17515->17516 17516->17517 17517->17509 17517->17510 13873 7ff7fe6e6b38 13894 7ff7fe6e6384 13873->13894 13877 7ff7fe6e6b84 13884 7ff7fe6e6bc6 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 13877->13884 13902 7ff7fe6f3bc4 13877->13902 13878 7ff7fe6e6b5f __scrt_acquire_startup_lock 13878->13877 13879 7ff7fe6e6f90 __scrt_fastfail 7 API calls 13878->13879 13879->13877 13882 7ff7fe6e6ba9 13885 7ff7fe6e6c33 13884->13885 13946 7ff7fe6f2d64 13884->13946 13910 7ff7fe6f348c 13885->13910 13892 7ff7fe6e6c5c 13951 7ff7fe6e655c 13892->13951 13895 7ff7fe6e63a6 __scrt_initialize_crt 13894->13895 13955 7ff7fe6e9aa0 13895->13955 13898 7ff7fe6e63af 13898->13878 13939 7ff7fe6e6f90 IsProcessorFeaturePresent 13898->13939 13904 7ff7fe6f3bdc 13902->13904 13903 7ff7fe6e6ba5 13903->13882 13906 7ff7fe6f3b4c 13903->13906 13904->13903 14042 7ff7fe6e6a50 13904->14042 13907 7ff7fe6f3ba7 13906->13907 13908 7ff7fe6f3b88 13906->13908 13907->13884 13908->13907 14477 7ff7fe6e6b1c 13908->14477 13911 7ff7fe6f349c 13910->13911 13912 7ff7fe6e6c48 13910->13912 14485 7ff7fe6f314c 13911->14485 13914 7ff7fe6e29bc 13912->13914 13915 7ff7fe6e2b60 GetTickCount 13914->13915 13918 7ff7fe6e2a23 13914->13918 14556 7ff7fe6ea8cc 13915->14556 13918->13915 13933 7ff7fe6eb3c8 39 API calls 13918->13933 13919 7ff7fe6e2c77 14559 7ff7fe6e1110 13919->14559 13922 7ff7fe6e1110 73 API calls 13928 7ff7fe6e2c50 13922->13928 13923 7ff7fe6e6a00 _handle_errorf 8 API calls 13924 7ff7fe6e2caf 13923->13924 13937 7ff7fe6e70d8 GetModuleHandleW 13924->13937 13925 7ff7fe6e2b88 strchr __lc_wcstolc 13926 7ff7fe6e2c52 13925->13926 13929 7ff7fe6e2bc7 _Yarn 13925->13929 13927 7ff7fe6e2378 117 API calls 13926->13927 13927->13928 13928->13923 14569 7ff7fe6ee1cc 13929->14569 13932 7ff7fe6ee1cc 31 API calls 13935 7ff7fe6e2bfd 13932->13935 13933->13918 13935->13928 14578 7ff7fe6e2d24 13935->14578 14582 7ff7fe6e2378 13935->14582 13938 7ff7fe6e70ec 13937->13938 13938->13892 13940 7ff7fe6e6fb5 __lc_wcstolc 13939->13940 13941 7ff7fe6e6fd1 RtlCaptureContext RtlLookupFunctionEntry 13940->13941 13942 7ff7fe6e7036 __lc_wcstolc 13941->13942 13943 7ff7fe6e6ffa RtlVirtualUnwind 13941->13943 13944 7ff7fe6e7068 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13942->13944 13943->13942 13945 7ff7fe6e70ba 13944->13945 13945->13878 13947 7ff7fe6f2da2 13946->13947 13948 7ff7fe6f2d90 13946->13948 15683 7ff7fe6f50dc 13947->15683 13948->13885 13952 7ff7fe6e656d __scrt_uninitialize_crt 13951->13952 13953 7ff7fe6e657f 13952->13953 13954 7ff7fe6e9ad4 __vcrt_uninitialize 8 API calls 13952->13954 13953->13882 13954->13953 13956 7ff7fe6e9aa9 __vcrt_initialize_pure_virtual_call_handler __vcrt_initialize_winapi_thunks 13955->13956 13975 7ff7fe6ea4a4 13956->13975 13959 7ff7fe6e63ab 13959->13898 13963 7ff7fe6f3a7c 13959->13963 13965 7ff7fe6fd088 13963->13965 13964 7ff7fe6e63b8 13964->13898 13967 7ff7fe6e9ad4 13964->13967 13965->13964 14026 7ff7fe6f6608 13965->14026 13968 7ff7fe6e9aed 13967->13968 13969 7ff7fe6e9adc 13967->13969 13968->13898 13970 7ff7fe6ea2a0 __vcrt_uninitialize_ptd 6 API calls 13969->13970 13971 7ff7fe6e9ae1 13970->13971 13972 7ff7fe6ea4ec __vcrt_uninitialize_locks DeleteCriticalSection 13971->13972 13973 7ff7fe6e9ae6 13972->13973 14038 7ff7fe6ea0e0 13973->14038 13976 7ff7fe6ea4ac 13975->13976 13978 7ff7fe6ea4dd 13976->13978 13979 7ff7fe6e9ab3 13976->13979 13992 7ff7fe6ea01c 13976->13992 13980 7ff7fe6ea4ec __vcrt_uninitialize_locks DeleteCriticalSection 13978->13980 13979->13959 13981 7ff7fe6ea260 13979->13981 13980->13979 14007 7ff7fe6e9eb8 13981->14007 13983 7ff7fe6ea270 13987 7ff7fe6e9ac0 13983->13987 14012 7ff7fe6e9fb4 13983->14012 13985 7ff7fe6ea28d 13985->13987 14017 7ff7fe6ea2a0 13985->14017 13987->13959 13988 7ff7fe6ea4ec 13987->13988 13989 7ff7fe6ea517 13988->13989 13990 7ff7fe6ea51b 13989->13990 13991 7ff7fe6ea4fa DeleteCriticalSection 13989->13991 13990->13959 13991->13989 13997 7ff7fe6e9cf0 13992->13997 13995 7ff7fe6ea073 InitializeCriticalSectionAndSpinCount 13996 7ff7fe6ea05f 13995->13996 13996->13976 13998 7ff7fe6e9d56 13997->13998 14004 7ff7fe6e9d51 13997->14004 13998->13995 13998->13996 13999 7ff7fe6e9e1e 13999->13998 14001 7ff7fe6e9e2d GetProcAddress 13999->14001 14000 7ff7fe6e9d89 LoadLibraryExW 14002 7ff7fe6e9daf GetLastError 14000->14002 14000->14004 14001->13998 14003 7ff7fe6e9e45 14001->14003 14002->14004 14005 7ff7fe6e9dba LoadLibraryExW 14002->14005 14003->13998 14004->13998 14004->13999 14004->14000 14006 7ff7fe6e9dfc FreeLibrary 14004->14006 14005->14004 14006->14004 14008 7ff7fe6e9cf0 try_get_function 5 API calls 14007->14008 14009 7ff7fe6e9ee4 14008->14009 14010 7ff7fe6e9efb TlsAlloc 14009->14010 14011 7ff7fe6e9eec 14009->14011 14010->14011 14011->13983 14013 7ff7fe6e9cf0 try_get_function 5 API calls 14012->14013 14014 7ff7fe6e9fe7 14013->14014 14015 7ff7fe6ea000 TlsSetValue 14014->14015 14016 7ff7fe6e9fef 14014->14016 14015->14016 14016->13985 14018 7ff7fe6ea2af 14017->14018 14019 7ff7fe6ea2b4 14017->14019 14021 7ff7fe6e9f0c 14018->14021 14019->13987 14022 7ff7fe6e9cf0 try_get_function 5 API calls 14021->14022 14023 7ff7fe6e9f37 14022->14023 14024 7ff7fe6e9f4d TlsFree 14023->14024 14025 7ff7fe6e9f3f 14023->14025 14024->14025 14025->14019 14037 7ff7fe6eeb20 EnterCriticalSection 14026->14037 14028 7ff7fe6f6618 14029 7ff7fe6fd3b8 32 API calls 14028->14029 14030 7ff7fe6f6621 14029->14030 14031 7ff7fe6f662f 14030->14031 14032 7ff7fe6f6420 34 API calls 14030->14032 14033 7ff7fe6eeb74 fflush LeaveCriticalSection 14031->14033 14034 7ff7fe6f662a 14032->14034 14035 7ff7fe6f663b 14033->14035 14036 7ff7fe6f650c GetStdHandle GetFileType 14034->14036 14035->13965 14036->14031 14039 7ff7fe6ea118 14038->14039 14040 7ff7fe6ea0e4 14038->14040 14039->13968 14040->14039 14041 7ff7fe6ea0fe FreeLibrary 14040->14041 14041->14040 14043 7ff7fe6e6a60 pre_c_initialization 14042->14043 14063 7ff7fe6f3c40 14043->14063 14045 7ff7fe6e6a6c pre_c_initialization 14069 7ff7fe6e63d0 14045->14069 14047 7ff7fe6e6a85 14048 7ff7fe6e6af5 14047->14048 14049 7ff7fe6e6a89 _RTC_Initialize 14047->14049 14050 7ff7fe6e6f90 __scrt_fastfail 7 API calls 14048->14050 14074 7ff7fe6e65d8 14049->14074 14051 7ff7fe6e6aff 14050->14051 14053 7ff7fe6e6f90 __scrt_fastfail 7 API calls 14051->14053 14055 7ff7fe6e6b0a __scrt_initialize_default_local_stdio_options 14053->14055 14054 7ff7fe6e6a9a pre_c_initialization 14077 7ff7fe6f2fd4 14054->14077 14055->13904 14058 7ff7fe6e6aaa 14104 7ff7fe6e74c8 InitializeSListHead 14058->14104 14064 7ff7fe6f3c51 14063->14064 14068 7ff7fe6f3c59 14064->14068 14105 7ff7fe6ea880 14064->14105 14068->14045 14070 7ff7fe6e648e 14069->14070 14073 7ff7fe6e63e8 __scrt_initialize_onexit_tables __scrt_acquire_startup_lock 14069->14073 14071 7ff7fe6e6f90 __scrt_fastfail 7 API calls 14070->14071 14072 7ff7fe6e6498 14071->14072 14073->14047 14224 7ff7fe6e6588 14074->14224 14076 7ff7fe6e65e1 14076->14054 14078 7ff7fe6f2ff2 14077->14078 14079 7ff7fe6f3008 14077->14079 14081 7ff7fe6ea880 memcpy_s 15 API calls 14078->14081 14239 7ff7fe6fc770 14079->14239 14083 7ff7fe6f2ff7 14081->14083 14085 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14083->14085 14084 7ff7fe6f303a 14243 7ff7fe6f2db4 14084->14243 14086 7ff7fe6e6aa6 14085->14086 14086->14051 14086->14058 14091 7ff7fe6f3093 14094 7ff7fe6f2db4 pre_c_initialization 35 API calls 14091->14094 14092 7ff7fe6f3082 14093 7ff7fe6ea880 memcpy_s 15 API calls 14092->14093 14103 7ff7fe6f3087 14093->14103 14095 7ff7fe6f30af 14094->14095 14097 7ff7fe6f30df 14095->14097 14098 7ff7fe6f30f8 14095->14098 14095->14103 14096 7ff7fe6ef79c __free_lconv_num 15 API calls 14096->14086 14099 7ff7fe6ef79c __free_lconv_num 15 API calls 14097->14099 14101 7ff7fe6ef79c __free_lconv_num 15 API calls 14098->14101 14100 7ff7fe6f30e8 14099->14100 14102 7ff7fe6ef79c __free_lconv_num 15 API calls 14100->14102 14101->14103 14102->14086 14103->14096 14111 7ff7fe6f5570 GetLastError 14105->14111 14108 7ff7fe6ea730 14191 7ff7fe6ea688 14108->14191 14112 7ff7fe6f5594 14111->14112 14113 7ff7fe6f5599 14111->14113 14130 7ff7fe6f5d68 14112->14130 14116 7ff7fe6f55e2 14113->14116 14135 7ff7fe6eebb0 14113->14135 14119 7ff7fe6f55f1 SetLastError 14116->14119 14120 7ff7fe6f55e7 SetLastError 14116->14120 14118 7ff7fe6f55b8 14142 7ff7fe6ef79c 14118->14142 14122 7ff7fe6ea889 14119->14122 14120->14122 14122->14108 14125 7ff7fe6f55d6 14153 7ff7fe6f528c 14125->14153 14126 7ff7fe6f55bf 14126->14120 14158 7ff7fe6f5934 14130->14158 14133 7ff7fe6f5daa TlsGetValue 14134 7ff7fe6f5d9b 14133->14134 14134->14113 14140 7ff7fe6eebc1 _Getctype 14135->14140 14136 7ff7fe6eec12 14139 7ff7fe6ea880 memcpy_s 14 API calls 14136->14139 14137 7ff7fe6eebf6 RtlAllocateHeap 14138 7ff7fe6eec10 14137->14138 14137->14140 14138->14118 14148 7ff7fe6f5dc0 14138->14148 14139->14138 14140->14136 14140->14137 14168 7ff7fe6f28fc 14140->14168 14143 7ff7fe6ef7a1 HeapFree 14142->14143 14147 7ff7fe6ef7d1 __free_lconv_num 14142->14147 14144 7ff7fe6ef7bc 14143->14144 14143->14147 14145 7ff7fe6ea880 memcpy_s 13 API calls 14144->14145 14146 7ff7fe6ef7c1 GetLastError 14145->14146 14146->14147 14147->14126 14149 7ff7fe6f5934 __vcrt_uninitialize_ptd 5 API calls 14148->14149 14150 7ff7fe6f5df3 14149->14150 14151 7ff7fe6f5e0d TlsSetValue 14150->14151 14152 7ff7fe6f55cf 14150->14152 14151->14152 14152->14118 14152->14125 14177 7ff7fe6f520c 14153->14177 14159 7ff7fe6f5995 14158->14159 14163 7ff7fe6f5990 14158->14163 14159->14133 14159->14134 14160 7ff7fe6f59bd LoadLibraryW 14161 7ff7fe6f59de GetLastError 14160->14161 14160->14163 14161->14163 14164 7ff7fe6f59e9 LoadLibraryExW 14161->14164 14162 7ff7fe6f5a50 GetProcAddress 14166 7ff7fe6f5a61 14162->14166 14163->14159 14163->14160 14165 7ff7fe6f5a42 14163->14165 14167 7ff7fe6f5a27 FreeLibrary 14163->14167 14164->14163 14165->14159 14165->14162 14166->14159 14167->14163 14171 7ff7fe6f293c 14168->14171 14176 7ff7fe6eeb20 EnterCriticalSection 14171->14176 14189 7ff7fe6eeb20 EnterCriticalSection 14177->14189 14192 7ff7fe6f5570 _invalid_parameter_noinfo_noreturn 15 API calls 14191->14192 14193 7ff7fe6ea6b2 14192->14193 14198 7ff7fe6ea780 14193->14198 14199 7ff7fe6ea78e 14198->14199 14202 7ff7fe6ea524 14199->14202 14203 7ff7fe6ea55e abort __lc_wcstolc 14202->14203 14204 7ff7fe6ea586 RtlCaptureContext RtlLookupFunctionEntry 14203->14204 14205 7ff7fe6ea5f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14204->14205 14206 7ff7fe6ea5c0 RtlVirtualUnwind 14204->14206 14207 7ff7fe6ea648 abort 14205->14207 14206->14205 14210 7ff7fe6e6a00 14207->14210 14211 7ff7fe6e6a0a 14210->14211 14212 7ff7fe6e6a16 GetCurrentProcess TerminateProcess 14211->14212 14213 7ff7fe6e71a8 IsProcessorFeaturePresent 14211->14213 14214 7ff7fe6e71bf 14213->14214 14219 7ff7fe6e739c RtlCaptureContext 14214->14219 14220 7ff7fe6e73b6 RtlLookupFunctionEntry 14219->14220 14221 7ff7fe6e71d2 14220->14221 14222 7ff7fe6e73cc RtlVirtualUnwind 14220->14222 14223 7ff7fe6e7174 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14221->14223 14222->14220 14222->14221 14225 7ff7fe6e65b7 14224->14225 14227 7ff7fe6e65ad _onexit 14224->14227 14228 7ff7fe6f38fc 14225->14228 14227->14076 14231 7ff7fe6f34b8 14228->14231 14238 7ff7fe6eeb20 EnterCriticalSection 14231->14238 14233 7ff7fe6f34d4 14234 7ff7fe6f3694 _onexit 34 API calls 14233->14234 14235 7ff7fe6f34dd 14234->14235 14236 7ff7fe6eeb74 fflush LeaveCriticalSection 14235->14236 14237 7ff7fe6f34e6 14236->14237 14237->14227 14240 7ff7fe6f300d GetModuleFileNameA 14239->14240 14241 7ff7fe6fc77d 14239->14241 14240->14084 14255 7ff7fe6fc5b8 14241->14255 14245 7ff7fe6f2df2 14243->14245 14247 7ff7fe6f2e58 14245->14247 14473 7ff7fe6f2724 14245->14473 14246 7ff7fe6f2f44 14249 7ff7fe6f2f70 14246->14249 14247->14246 14248 7ff7fe6f2724 pre_c_initialization 35 API calls 14247->14248 14248->14247 14250 7ff7fe6f2f8b 14249->14250 14251 7ff7fe6f2f8f 14249->14251 14250->14091 14250->14092 14251->14250 14252 7ff7fe6eebb0 _Getctype 15 API calls 14251->14252 14253 7ff7fe6f2fbe 14252->14253 14254 7ff7fe6ef79c __free_lconv_num 15 API calls 14253->14254 14254->14250 14275 7ff7fe6f54dc GetLastError 14255->14275 14257 7ff7fe6fc5d1 14295 7ff7fe6fc798 14257->14295 14262 7ff7fe6fc5f4 14262->14240 14264 7ff7fe6fc6a0 14266 7ff7fe6ef79c __free_lconv_num 15 API calls 14264->14266 14266->14262 14269 7ff7fe6fc69b 14270 7ff7fe6ea880 memcpy_s 15 API calls 14269->14270 14270->14264 14271 7ff7fe6fc6fd 14271->14264 14330 7ff7fe6fc074 14271->14330 14272 7ff7fe6fc6c0 pre_c_initialization 14272->14271 14273 7ff7fe6ef79c __free_lconv_num 15 API calls 14272->14273 14273->14271 14276 7ff7fe6f54fe 14275->14276 14277 7ff7fe6f54f9 14275->14277 14278 7ff7fe6eebb0 _Getctype 15 API calls 14276->14278 14281 7ff7fe6f5547 14276->14281 14279 7ff7fe6f5d68 _Getctype 6 API calls 14277->14279 14280 7ff7fe6f5515 14278->14280 14279->14276 14282 7ff7fe6f551d 14280->14282 14285 7ff7fe6f5dc0 _Getctype 6 API calls 14280->14285 14283 7ff7fe6f5562 SetLastError 14281->14283 14284 7ff7fe6f554c SetLastError 14281->14284 14287 7ff7fe6ef79c __free_lconv_num 15 API calls 14282->14287 14337 7ff7fe6ef72c 14283->14337 14284->14257 14288 7ff7fe6f5534 14285->14288 14290 7ff7fe6f5524 14287->14290 14288->14282 14291 7ff7fe6f553b 14288->14291 14290->14283 14292 7ff7fe6f528c _Getctype 15 API calls 14291->14292 14293 7ff7fe6f5540 14292->14293 14294 7ff7fe6ef79c __free_lconv_num 15 API calls 14293->14294 14294->14281 14296 7ff7fe6f54dc _Getctype 35 API calls 14295->14296 14297 7ff7fe6fc7a7 14296->14297 14299 7ff7fe6fc7c2 14297->14299 14381 7ff7fe6eeb20 EnterCriticalSection 14297->14381 14301 7ff7fe6fc5da 14299->14301 14303 7ff7fe6ef72c abort 35 API calls 14299->14303 14306 7ff7fe6fc2c4 14301->14306 14303->14301 14382 7ff7fe6eb30c 14306->14382 14309 7ff7fe6fc2f6 14311 7ff7fe6fc30b 14309->14311 14312 7ff7fe6fc2fb GetACP 14309->14312 14310 7ff7fe6fc2e4 GetOEMCP 14310->14311 14311->14262 14313 7ff7fe6ef7dc 14311->14313 14312->14311 14314 7ff7fe6ef827 14313->14314 14319 7ff7fe6ef7eb _Getctype 14313->14319 14316 7ff7fe6ea880 memcpy_s 15 API calls 14314->14316 14315 7ff7fe6ef80e RtlAllocateHeap 14317 7ff7fe6ef825 14315->14317 14315->14319 14316->14317 14317->14264 14320 7ff7fe6fc858 14317->14320 14318 7ff7fe6f28fc new 2 API calls 14318->14319 14319->14314 14319->14315 14319->14318 14321 7ff7fe6fc2c4 pre_c_initialization 37 API calls 14320->14321 14323 7ff7fe6fc885 14321->14323 14322 7ff7fe6fc88d pre_c_initialization 14325 7ff7fe6e6a00 _handle_errorf 8 API calls 14322->14325 14323->14322 14324 7ff7fe6fc8cf IsValidCodePage 14323->14324 14329 7ff7fe6fc8f5 __lc_wcstolc 14323->14329 14324->14322 14326 7ff7fe6fc8e0 GetCPInfo 14324->14326 14327 7ff7fe6fc694 14325->14327 14326->14322 14326->14329 14327->14269 14327->14272 14410 7ff7fe6fc3d4 GetCPInfo 14329->14410 14472 7ff7fe6eeb20 EnterCriticalSection 14330->14472 14346 7ff7fe6fae70 14337->14346 14372 7ff7fe6fae28 14346->14372 14377 7ff7fe6eeb20 EnterCriticalSection 14372->14377 14383 7ff7fe6eb322 14382->14383 14384 7ff7fe6eb327 14382->14384 14383->14309 14383->14310 14384->14383 14385 7ff7fe6f54dc _Getctype 35 API calls 14384->14385 14386 7ff7fe6eb344 14385->14386 14390 7ff7fe6f57f0 14386->14390 14391 7ff7fe6f5805 14390->14391 14392 7ff7fe6eb368 14390->14392 14391->14392 14398 7ff7fe6fea84 14391->14398 14394 7ff7fe6f5824 14392->14394 14395 7ff7fe6f584c 14394->14395 14396 7ff7fe6f5839 14394->14396 14395->14383 14396->14395 14397 7ff7fe6fc798 _mbstowcs_s_l 35 API calls 14396->14397 14397->14395 14399 7ff7fe6f54dc _Getctype 35 API calls 14398->14399 14400 7ff7fe6fea93 14399->14400 14408 7ff7fe6feae5 14400->14408 14409 7ff7fe6eeb20 EnterCriticalSection 14400->14409 14408->14392 14414 7ff7fe6fc41d 14410->14414 14419 7ff7fe6fc4fd 14410->14419 14413 7ff7fe6e6a00 _handle_errorf 8 API calls 14416 7ff7fe6fc5a1 14413->14416 14420 7ff7fe6fa134 14414->14420 14416->14322 14418 7ff7fe6fa644 pre_c_initialization 40 API calls 14418->14419 14419->14413 14421 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 14420->14421 14422 7ff7fe6fa176 MultiByteToWideChar 14421->14422 14424 7ff7fe6fa1b4 14422->14424 14425 7ff7fe6fa1bb 14422->14425 14427 7ff7fe6e6a00 _handle_errorf 8 API calls 14424->14427 14426 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 14425->14426 14428 7ff7fe6fa1e9 __crtLCMapStringA __lc_wcstolc 14425->14428 14426->14428 14429 7ff7fe6fa2cb 14427->14429 14430 7ff7fe6fa259 MultiByteToWideChar 14428->14430 14431 7ff7fe6fa294 14428->14431 14434 7ff7fe6fa644 14429->14434 14430->14431 14432 7ff7fe6fa27a GetStringTypeW 14430->14432 14431->14424 14433 7ff7fe6ef79c __free_lconv_num 15 API calls 14431->14433 14432->14431 14433->14424 14435 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 14434->14435 14436 7ff7fe6fa669 14435->14436 14439 7ff7fe6fa2e8 14436->14439 14440 7ff7fe6fa32a __crtLCMapStringA 14439->14440 14441 7ff7fe6fa34e MultiByteToWideChar 14440->14441 14442 7ff7fe6fa380 14441->14442 14443 7ff7fe6fa5f9 14441->14443 14446 7ff7fe6fa3b8 __crtLCMapStringA 14442->14446 14447 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 14442->14447 14444 7ff7fe6e6a00 _handle_errorf 8 API calls 14443->14444 14445 7ff7fe6fa607 14444->14445 14445->14418 14448 7ff7fe6fa41c MultiByteToWideChar 14446->14448 14458 7ff7fe6fa4cd 14446->14458 14447->14446 14449 7ff7fe6fa442 14448->14449 14448->14458 14466 7ff7fe6f60a0 14449->14466 14452 7ff7fe6ef79c __free_lconv_num 15 API calls 14452->14443 14453 7ff7fe6fa4dc 14455 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 14453->14455 14457 7ff7fe6fa507 __crtLCMapStringA 14453->14457 14454 7ff7fe6fa48a 14456 7ff7fe6f60a0 __crtLCMapStringW 6 API calls 14454->14456 14454->14458 14455->14457 14456->14458 14457->14458 14459 7ff7fe6f60a0 __crtLCMapStringW 6 API calls 14457->14459 14458->14443 14458->14452 14460 7ff7fe6fa59a 14459->14460 14461 7ff7fe6fa5d0 14460->14461 14462 7ff7fe6fa5c4 WideCharToMultiByte 14460->14462 14461->14458 14463 7ff7fe6ef79c __free_lconv_num 15 API calls 14461->14463 14462->14461 14464 7ff7fe6fa630 14462->14464 14463->14458 14464->14458 14465 7ff7fe6ef79c __free_lconv_num 15 API calls 14464->14465 14465->14458 14467 7ff7fe6f5934 __vcrt_uninitialize_ptd 5 API calls 14466->14467 14468 7ff7fe6f60e3 14467->14468 14469 7ff7fe6f6190 __crtLCMapStringW 5 API calls 14468->14469 14471 7ff7fe6f60eb 14468->14471 14470 7ff7fe6f614c LCMapStringW 14469->14470 14470->14471 14471->14453 14471->14454 14471->14458 14474 7ff7fe6f26ac 14473->14474 14475 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 14474->14475 14476 7ff7fe6f26d0 14475->14476 14476->14245 14484 7ff7fe6e712c SetUnhandledExceptionFilter 14477->14484 14486 7ff7fe6f3160 14485->14486 14487 7ff7fe6f3169 14485->14487 14486->14487 14491 7ff7fe6f3194 14486->14491 14487->13912 14492 7ff7fe6f31ad 14491->14492 14493 7ff7fe6f3172 14491->14493 14494 7ff7fe6fc770 pre_c_initialization 48 API calls 14492->14494 14493->14487 14503 7ff7fe6f3340 14493->14503 14495 7ff7fe6f31b2 14494->14495 14512 7ff7fe6fcb00 GetEnvironmentStringsW 14495->14512 14498 7ff7fe6f31bf 14500 7ff7fe6ef79c __free_lconv_num 15 API calls 14498->14500 14500->14493 14502 7ff7fe6ef79c __free_lconv_num 15 API calls 14502->14498 14505 7ff7fe6f335f 14503->14505 14511 7ff7fe6f3396 14503->14511 14504 7ff7fe6f3367 WideCharToMultiByte 14504->14505 14504->14511 14505->14487 14506 7ff7fe6eebb0 _Getctype 15 API calls 14506->14511 14507 7ff7fe6f3406 14509 7ff7fe6ef79c __free_lconv_num 15 API calls 14507->14509 14508 7ff7fe6f33ab WideCharToMultiByte 14508->14507 14508->14511 14509->14505 14510 7ff7fe6ef79c __free_lconv_num 15 API calls 14510->14511 14511->14504 14511->14505 14511->14506 14511->14507 14511->14508 14511->14510 14513 7ff7fe6fcb2e WideCharToMultiByte 14512->14513 14523 7ff7fe6fcbd2 14512->14523 14517 7ff7fe6fcb88 14513->14517 14513->14523 14515 7ff7fe6f31b7 14515->14498 14524 7ff7fe6f3200 14515->14524 14516 7ff7fe6fcbdc FreeEnvironmentStringsW 14516->14515 14518 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 14517->14518 14519 7ff7fe6fcb90 14518->14519 14520 7ff7fe6fcb98 WideCharToMultiByte 14519->14520 14521 7ff7fe6fcbbf 14519->14521 14520->14521 14522 7ff7fe6ef79c __free_lconv_num 15 API calls 14521->14522 14522->14523 14523->14515 14523->14516 14525 7ff7fe6f3221 14524->14525 14526 7ff7fe6eebb0 _Getctype 15 API calls 14525->14526 14536 7ff7fe6f324f 14526->14536 14527 7ff7fe6ef79c __free_lconv_num 15 API calls 14529 7ff7fe6f31cc 14527->14529 14528 7ff7fe6f32be 14528->14527 14529->14502 14530 7ff7fe6eebb0 _Getctype 15 API calls 14530->14536 14531 7ff7fe6f32af 14550 7ff7fe6f32fc 14531->14550 14535 7ff7fe6f32e6 14539 7ff7fe6ea780 __lc_wcstolc 16 API calls 14535->14539 14536->14528 14536->14530 14536->14531 14536->14535 14538 7ff7fe6ef79c __free_lconv_num 15 API calls 14536->14538 14541 7ff7fe6f5104 14536->14541 14537 7ff7fe6ef79c __free_lconv_num 15 API calls 14537->14528 14538->14536 14540 7ff7fe6f32f8 14539->14540 14542 7ff7fe6f511b 14541->14542 14543 7ff7fe6f5111 14541->14543 14544 7ff7fe6ea880 memcpy_s 15 API calls 14542->14544 14543->14542 14547 7ff7fe6f5136 14543->14547 14545 7ff7fe6f5122 14544->14545 14546 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14545->14546 14548 7ff7fe6f512e 14546->14548 14547->14548 14549 7ff7fe6ea880 memcpy_s 15 API calls 14547->14549 14548->14536 14549->14545 14551 7ff7fe6f32b7 14550->14551 14552 7ff7fe6f3301 14550->14552 14551->14537 14553 7ff7fe6f332a 14552->14553 14555 7ff7fe6ef79c __free_lconv_num 15 API calls 14552->14555 14554 7ff7fe6ef79c __free_lconv_num 15 API calls 14553->14554 14554->14551 14555->14552 14557 7ff7fe6f54dc _Getctype 35 API calls 14556->14557 14558 7ff7fe6e2b6d 14557->14558 14558->13919 14558->13925 14560 7ff7fe6e1143 14559->14560 14632 7ff7fe6e15e0 14560->14632 14564 7ff7fe6e12da 14565 7ff7fe6e12ee 14564->14565 14663 7ff7fe6e1c04 14564->14663 14565->13922 14566 7ff7fe6e1188 14566->14564 14640 7ff7fe6e2170 14566->14640 14570 7ff7fe6ee1e6 14569->14570 14573 7ff7fe6ee1dc 14569->14573 14571 7ff7fe6ea880 memcpy_s 15 API calls 14570->14571 14572 7ff7fe6ee1ed 14571->14572 14574 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14572->14574 14573->14570 14576 7ff7fe6ee218 14573->14576 14575 7ff7fe6e2bed 14574->14575 14575->13932 14576->14575 14577 7ff7fe6ea880 memcpy_s 15 API calls 14576->14577 14577->14572 14579 7ff7fe6e2d49 wprintf 14578->14579 14919 7ff7fe6ee168 14579->14919 15340 7ff7fe6e2cd0 14582->15340 14586 7ff7fe6e2793 14587 7ff7fe6e6a00 _handle_errorf 8 API calls 14586->14587 14588 7ff7fe6e27e9 14587->14588 14588->13935 14589 7ff7fe6e24d0 14589->14586 15354 7ff7fe6eb854 14589->15354 14591 7ff7fe6e2500 14591->14586 14592 7ff7fe6e2cd0 wprintf 70 API calls 14591->14592 14594 7ff7fe6e2530 14592->14594 14597 7ff7fe6e258b 14594->14597 15360 7ff7fe6ebb20 14594->15360 15363 7ff7fe6eb7fc 14594->15363 15369 7ff7fe6eb828 14594->15369 14597->14586 14602 7ff7fe6e25ce CoInitialize 14597->14602 14608 7ff7fe6e2637 std::_Locinfo::_Locinfo_ctor ctype 14597->14608 14598 7ff7fe6e2673 14599 7ff7fe6e2720 14598->14599 14600 7ff7fe6e27ae 14598->14600 14603 7ff7fe6eb6b4 98 API calls 14599->14603 14601 7ff7fe6e1110 73 API calls 14600->14601 14604 7ff7fe6e27c1 14601->14604 14605 7ff7fe6e25d9 CoCreateGuid 14602->14605 14606 7ff7fe6e273f 14603->14606 14607 7ff7fe6e1110 73 API calls 14604->14607 14605->14605 14609 7ff7fe6e25ec CoUninitialize 14605->14609 14610 7ff7fe6e2795 14606->14610 14611 7ff7fe6e2749 14606->14611 14613 7ff7fe6e27ce 14607->14613 14608->14598 14630 7ff7fe6e2697 _Yarn strchr 14608->14630 15375 7ff7fe6ea8a0 14608->15375 14624 7ff7fe6e2605 14609->14624 14614 7ff7fe6ea880 memcpy_s 15 API calls 14610->14614 14612 7ff7fe6ec0ac 60 API calls 14611->14612 14615 7ff7fe6e2759 14612->14615 14616 7ff7fe6e1110 73 API calls 14613->14616 14618 7ff7fe6e279a 14614->14618 14619 7ff7fe6e276f 14615->14619 14620 7ff7fe6e2761 14615->14620 14616->14586 14621 7ff7fe6e2cd0 wprintf 70 API calls 14618->14621 14623 7ff7fe6ea880 memcpy_s 15 API calls 14619->14623 14622 7ff7fe6e2cd0 wprintf 70 API calls 14620->14622 14621->14586 14625 7ff7fe6e276d 14622->14625 14626 7ff7fe6e2774 14623->14626 14627 7ff7fe6e2cd0 wprintf 70 API calls 14624->14627 15378 7ff7fe6eb790 14625->15378 14628 7ff7fe6e2cd0 wprintf 70 API calls 14626->14628 14627->14608 14628->14625 14631 7ff7fe6e2cd0 wprintf 70 API calls 14630->14631 14631->14598 14634 7ff7fe6e1612 14632->14634 14633 7ff7fe6e1180 14633->14566 14636 7ff7fe6e4da4 14633->14636 14634->14633 14667 7ff7fe6e2804 14634->14667 14637 7ff7fe6e4e4b 14636->14637 14638 7ff7fe6e4dcc _Yarn 14636->14638 14637->14566 14638->14637 14677 7ff7fe6e42f4 14638->14677 14641 7ff7fe6e2186 14640->14641 14642 7ff7fe6e219f 14640->14642 14643 7ff7fe6e218b 14641->14643 14645 7ff7fe6e907c _CxxThrowException 2 API calls 14641->14645 14642->14564 14644 7ff7fe6e2196 14643->14644 14863 7ff7fe6e1328 14643->14863 14648 7ff7fe6e1328 std::ios_base::_Init 43 API calls 14644->14648 14661 7ff7fe6e219a 14644->14661 14645->14643 14650 7ff7fe6e21f6 14648->14650 14653 7ff7fe6e16b8 std::ios_base::_Init 33 API calls 14650->14653 14651 7ff7fe6e1328 std::ios_base::_Init 43 API calls 14654 7ff7fe6e2238 14651->14654 14657 7ff7fe6e2217 14653->14657 14655 7ff7fe6e16b8 std::ios_base::_Init 33 API calls 14654->14655 14658 7ff7fe6e2259 14655->14658 14656 7ff7fe6e907c _CxxThrowException 2 API calls 14656->14644 14659 7ff7fe6e907c _CxxThrowException 2 API calls 14657->14659 14660 7ff7fe6e907c _CxxThrowException 2 API calls 14658->14660 14659->14661 14662 7ff7fe6e2274 14660->14662 14661->14651 14662->14564 14664 7ff7fe6e1c24 14663->14664 14666 7ff7fe6e1c60 14663->14666 14665 7ff7fe6e2170 std::ios_base::_Init 45 API calls 14664->14665 14664->14666 14665->14666 14666->14565 14668 7ff7fe6e2838 14667->14668 14673 7ff7fe6e289d 14667->14673 14669 7ff7fe6e15e0 45 API calls 14668->14669 14674 7ff7fe6e2845 14669->14674 14670 7ff7fe6e6a00 _handle_errorf 8 API calls 14671 7ff7fe6e28cb 14670->14671 14671->14633 14672 7ff7fe6e2889 14672->14673 14675 7ff7fe6e1c04 45 API calls 14672->14675 14673->14670 14674->14672 14676 7ff7fe6e2170 std::ios_base::_Init 45 API calls 14674->14676 14675->14673 14676->14672 14679 7ff7fe6e434a 14677->14679 14683 7ff7fe6e433b 14677->14683 14678 7ff7fe6e6a00 _handle_errorf 8 API calls 14680 7ff7fe6e4536 14678->14680 14681 7ff7fe6e43c3 14679->14681 14679->14683 14687 7ff7fe6e43de 14679->14687 14680->14638 14691 7ff7fe6ee640 14681->14691 14683->14678 14684 7ff7fe6e44e8 14684->14683 14729 7ff7fe6e1a94 14684->14729 14685 7ff7fe6e44ee 14685->14684 14688 7ff7fe6ee640 60 API calls 14685->14688 14687->14684 14687->14685 14710 7ff7fe6ec0ac 14687->14710 14719 7ff7fe6e4020 14687->14719 14688->14684 14692 7ff7fe6ee665 14691->14692 14693 7ff7fe6ee67d 14691->14693 14694 7ff7fe6ea880 memcpy_s 15 API calls 14692->14694 14749 7ff7fe6eb5cc EnterCriticalSection 14693->14749 14697 7ff7fe6ee66a 14694->14697 14696 7ff7fe6ee685 14698 7ff7fe6ee729 14696->14698 14700 7ff7fe6f6d1c ungetc 31 API calls 14696->14700 14699 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14697->14699 14701 7ff7fe6f8a80 58 API calls 14698->14701 14702 7ff7fe6ee739 14698->14702 14709 7ff7fe6ee675 14699->14709 14705 7ff7fe6ee69c 14700->14705 14701->14702 14703 7ff7fe6eb5d8 fflush LeaveCriticalSection 14702->14703 14703->14709 14704 7ff7fe6ee701 14706 7ff7fe6ea880 memcpy_s 15 API calls 14704->14706 14705->14698 14705->14704 14707 7ff7fe6ee706 14706->14707 14708 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14707->14708 14708->14709 14709->14683 14711 7ff7fe6ec0cc 14710->14711 14717 7ff7fe6ec0e6 14710->14717 14712 7ff7fe6ec0d6 14711->14712 14713 7ff7fe6ec0ee 14711->14713 14711->14717 14714 7ff7fe6ea880 memcpy_s 15 API calls 14712->14714 14750 7ff7fe6ebe6c 14713->14750 14716 7ff7fe6ec0db 14714->14716 14718 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14716->14718 14717->14687 14718->14717 14720 7ff7fe6e4103 14719->14720 14721 7ff7fe6e4050 14719->14721 14764 7ff7fe6e400c 14720->14764 14723 7ff7fe6e4108 14721->14723 14724 7ff7fe6e4067 14721->14724 14726 7ff7fe6e4075 __lc_wcstolc 14721->14726 14725 7ff7fe6e400c 33 API calls 14723->14725 14724->14726 14758 7ff7fe6e1978 14724->14758 14727 7ff7fe6e410e 14725->14727 14726->14687 14727->14687 14730 7ff7fe6e1adf 14729->14730 14731 7ff7fe6e1aa9 14729->14731 14732 7ff7fe6ea750 _invalid_parameter_noinfo_noreturn 31 API calls 14730->14732 14733 7ff7fe6e1abb 14731->14733 14734 7ff7fe6e1ad3 14731->14734 14735 7ff7fe6ea750 _invalid_parameter_noinfo_noreturn 31 API calls 14731->14735 14732->14731 14736 7ff7fe6e1ac4 14733->14736 14737 7ff7fe6ea750 _invalid_parameter_noinfo_noreturn 31 API calls 14733->14737 14734->14683 14735->14733 14738 7ff7fe6e1acd 14736->14738 14739 7ff7fe6ea750 _invalid_parameter_noinfo_noreturn 31 API calls 14736->14739 14737->14736 14738->14734 14740 7ff7fe6ea750 _invalid_parameter_noinfo_noreturn 31 API calls 14738->14740 14739->14738 14741 7ff7fe6e1afc std::_Deallocate 14740->14741 14830 7ff7fe6e1c68 14741->14830 14743 7ff7fe6e1b6f 14744 7ff7fe6e1a94 std::_Deallocate 33 API calls 14743->14744 14745 7ff7fe6e1b8e std::_Deallocate 14743->14745 14744->14745 14746 7ff7fe6e1bd4 14745->14746 14747 7ff7fe6e1a94 std::_Deallocate 33 API calls 14745->14747 14748 7ff7fe6e6a00 _handle_errorf 8 API calls 14746->14748 14747->14746 14748->14734 14757 7ff7fe6eb5cc EnterCriticalSection 14750->14757 14759 7ff7fe6e19b1 14758->14759 14776 7ff7fe6e188c 14759->14776 14761 7ff7fe6e1a94 std::_Deallocate 33 API calls 14763 7ff7fe6e1a50 14761->14763 14762 7ff7fe6e19f8 _Yarn 14762->14761 14762->14763 14763->14726 14818 7ff7fe6e2fb8 14764->14818 14777 7ff7fe6e189f 14776->14777 14778 7ff7fe6e1898 14776->14778 14779 7ff7fe6e18f2 14777->14779 14780 7ff7fe6e18ad 14777->14780 14778->14762 14800 7ff7fe6e2f98 14779->14800 14782 7ff7fe6e18e6 14780->14782 14785 7ff7fe6e18bf 14780->14785 14783 7ff7fe6e62f4 new 4 API calls 14782->14783 14793 7ff7fe6e18eb 14783->14793 14784 7ff7fe6e18f7 14787 7ff7fe6e2f98 Concurrency::cancel_current_task 2 API calls 14784->14787 14785->14784 14786 7ff7fe6e18c8 14785->14786 14794 7ff7fe6e62f4 14786->14794 14789 7ff7fe6e18d0 14787->14789 14789->14778 14804 7ff7fe6ea750 14789->14804 14790 7ff7fe6ea750 _invalid_parameter_noinfo_noreturn 31 API calls 14791 7ff7fe6e1909 14790->14791 14793->14778 14793->14790 14797 7ff7fe6e62ff _Yarn 14794->14797 14795 7ff7fe6e632a 14795->14789 14796 7ff7fe6f28fc new 2 API calls 14796->14797 14797->14795 14797->14796 14799 7ff7fe6e2f98 Concurrency::cancel_current_task 2 API calls 14797->14799 14809 7ff7fe6e6d94 14797->14809 14799->14797 14801 7ff7fe6e2fa6 std::bad_alloc::bad_alloc 14800->14801 14802 7ff7fe6e907c _CxxThrowException 2 API calls 14801->14802 14803 7ff7fe6e2fb7 14802->14803 14805 7ff7fe6ea688 _invalid_parameter_noinfo_noreturn 31 API calls 14804->14805 14806 7ff7fe6ea769 14805->14806 14807 7ff7fe6ea780 __lc_wcstolc 16 API calls 14806->14807 14808 7ff7fe6ea77e 14807->14808 14810 7ff7fe6e6da2 std::bad_alloc::bad_alloc 14809->14810 14813 7ff7fe6e907c 14810->14813 14812 7ff7fe6e6db3 14814 7ff7fe6e90ea RtlPcToFileHeader 14813->14814 14816 7ff7fe6e90c8 14813->14816 14815 7ff7fe6e912a RaiseException 14814->14815 14817 7ff7fe6e910f 14814->14817 14815->14812 14816->14814 14817->14815 14823 7ff7fe6e2e20 14818->14823 14821 7ff7fe6e907c _CxxThrowException 2 API calls 14822 7ff7fe6e2fda 14821->14822 14826 7ff7fe6e8fc4 14823->14826 14825 7ff7fe6e2e57 14825->14821 14827 7ff7fe6e901a _Yarn 14826->14827 14828 7ff7fe6e8fe5 _Yarn 14826->14828 14827->14825 14828->14827 14829 7ff7fe6f5104 __std_exception_copy 31 API calls 14828->14829 14829->14827 14831 7ff7fe6e1d5d 14830->14831 14832 7ff7fe6e1c9a 14830->14832 14855 7ff7fe6e2fdc 14831->14855 14834 7ff7fe6e1d69 14832->14834 14836 7ff7fe6e1cb7 14832->14836 14835 7ff7fe6e2fb8 std::_Deallocate 33 API calls 14834->14835 14837 7ff7fe6e1d76 14835->14837 14836->14837 14838 7ff7fe6e1cca 14836->14838 14841 7ff7fe6e1cd8 _Yarn 14836->14841 14839 7ff7fe6e2fb8 std::_Deallocate 33 API calls 14837->14839 14840 7ff7fe6e1978 std::_Deallocate 33 API calls 14838->14840 14838->14841 14849 7ff7fe6e1d83 14839->14849 14840->14841 14841->14743 14842 7ff7fe6e1df5 14843 7ff7fe6e1ea0 14842->14843 14844 7ff7fe6e1e08 14842->14844 14845 7ff7fe6e2fb8 std::_Deallocate 33 API calls 14843->14845 14846 7ff7fe6e1eac 14844->14846 14847 7ff7fe6e1e1b 14844->14847 14853 7ff7fe6e1df0 _Yarn 14844->14853 14845->14846 14848 7ff7fe6e2fb8 std::_Deallocate 33 API calls 14846->14848 14852 7ff7fe6e1978 std::_Deallocate 33 API calls 14847->14852 14847->14853 14851 7ff7fe6e1eb9 14848->14851 14849->14842 14850 7ff7fe6e1dcd 14849->14850 14854 7ff7fe6e1c68 std::_Deallocate 33 API calls 14850->14854 14852->14853 14853->14743 14854->14853 14860 7ff7fe6e2eec 14855->14860 14858 7ff7fe6e907c _CxxThrowException 2 API calls 14859 7ff7fe6e2ffe 14858->14859 14861 7ff7fe6e8fc4 __std_exception_copy 31 API calls 14860->14861 14862 7ff7fe6e2f23 14861->14862 14862->14858 14864 7ff7fe6e134f 14863->14864 14865 7ff7fe6e135b 14863->14865 14871 7ff7fe6e16b8 14864->14871 14879 7ff7fe6e6798 EnterCriticalSection 14865->14879 14874 7ff7fe6e16ed 14871->14874 14873 7ff7fe6e170a 14898 7ff7fe6e13a4 14873->14898 14887 7ff7fe6e1fe4 14874->14887 14877 7ff7fe6e1745 14877->14656 14878 7ff7fe6e1a94 std::_Deallocate 33 API calls 14878->14877 14880 7ff7fe6e67ae 14879->14880 14881 7ff7fe6e67b3 LeaveCriticalSection 14880->14881 14884 7ff7fe6e685c 14880->14884 14885 7ff7fe6e68b0 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 14884->14885 14886 7ff7fe6e6878 14884->14886 14885->14886 14886->14880 14888 7ff7fe6e204d 14887->14888 14892 7ff7fe6e2001 14887->14892 14889 7ff7fe6e20d7 14888->14889 14890 7ff7fe6e2057 14888->14890 14891 7ff7fe6e2fb8 std::_Deallocate 33 API calls 14889->14891 14894 7ff7fe6e1978 std::_Deallocate 33 API calls 14890->14894 14896 7ff7fe6e204b _Yarn 14890->14896 14893 7ff7fe6e20e3 14891->14893 14892->14888 14895 7ff7fe6e2028 14892->14895 14894->14896 14905 7ff7fe6e1ebc 14895->14905 14896->14873 14899 7ff7fe6e1ebc std::ios_base::_Init 33 API calls 14898->14899 14900 7ff7fe6e13de 14899->14900 14913 7ff7fe6e1570 14900->14913 14903 7ff7fe6e1424 14903->14877 14903->14878 14904 7ff7fe6e1a94 std::_Deallocate 33 API calls 14904->14903 14906 7ff7fe6e1fbd 14905->14906 14907 7ff7fe6e2fdc std::_Deallocate 33 API calls 14906->14907 14908 7ff7fe6e1fc9 14907->14908 14909 7ff7fe6e2fdc std::_Deallocate 33 API calls 14908->14909 14910 7ff7fe6e1fd6 14909->14910 14911 7ff7fe6e2fb8 std::_Deallocate 33 API calls 14910->14911 14912 7ff7fe6e1fe3 14911->14912 14914 7ff7fe6e1592 14913->14914 14915 7ff7fe6e8fc4 __std_exception_copy 31 API calls 14914->14915 14916 7ff7fe6e15c0 14915->14916 14917 7ff7fe6e6a00 _handle_errorf 8 API calls 14916->14917 14918 7ff7fe6e1406 14917->14918 14918->14903 14918->14904 14920 7ff7fe6ee176 14919->14920 14921 7ff7fe6ee1b2 14919->14921 14920->14921 14924 7ff7fe6ee180 14920->14924 14922 7ff7fe6ea880 memcpy_s 15 API calls 14921->14922 14923 7ff7fe6ee1aa 14922->14923 14926 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14923->14926 14930 7ff7fe6ec170 14924->14930 14928 7ff7fe6e2d65 14926->14928 14928->13935 14929 7ff7fe6ea880 memcpy_s 15 API calls 14929->14923 14931 7ff7fe6ec1c5 14930->14931 14932 7ff7fe6ec1ad 14930->14932 14931->14932 14933 7ff7fe6ec1cf 14931->14933 14934 7ff7fe6ea880 memcpy_s 15 API calls 14932->14934 14935 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 14933->14935 14936 7ff7fe6ec1b2 14934->14936 14939 7ff7fe6ec1e0 __lc_wcstolc 14935->14939 14937 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14936->14937 14946 7ff7fe6ec1bd 14937->14946 14938 7ff7fe6e6a00 _handle_errorf 8 API calls 14940 7ff7fe6ec2de 14938->14940 14947 7ff7fe6ec60c 14939->14947 14940->14928 14940->14929 14944 7ff7fe6ef79c __free_lconv_num 15 API calls 14944->14946 14946->14938 14948 7ff7fe6ea880 memcpy_s 15 API calls 14947->14948 14949 7ff7fe6ec24c 14948->14949 14950 7ff7fe6eca7c 14949->14950 14951 7ff7fe6ecab6 14950->14951 14952 7ff7fe6eca9e 14950->14952 14951->14952 14963 7ff7fe6ecabc 14951->14963 14953 7ff7fe6ea880 memcpy_s 15 API calls 14952->14953 14954 7ff7fe6ecaa3 14953->14954 14956 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14954->14956 14955 7ff7fe6ec255 14955->14944 14956->14955 14957 7ff7fe6ecc7a 14958 7ff7fe6ea880 memcpy_s 15 API calls 14957->14958 14959 7ff7fe6ecc7f 14958->14959 14960 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14959->14960 14960->14955 14963->14955 14963->14957 14966 7ff7fe6ed414 14963->14966 14982 7ff7fe6ed01c 14963->14982 15004 7ff7fe6ec7e8 14963->15004 15007 7ff7fe6ecd00 14963->15007 14967 7ff7fe6ed49b 14966->14967 14977 7ff7fe6ed43e 14966->14977 14968 7ff7fe6ed51f 14967->14968 14969 7ff7fe6ed4a0 14967->14969 15030 7ff7fe6ed710 14968->15030 14971 7ff7fe6ed505 14969->14971 14972 7ff7fe6ed4aa 14969->14972 15018 7ff7fe6edb80 14971->15018 14973 7ff7fe6ed528 14972->14973 14980 7ff7fe6ed48c wprintf 14972->14980 15024 7ff7fe6ed9e0 14972->15024 14973->14963 14977->14968 14977->14972 14977->14973 14978 7ff7fe6ed46e 14977->14978 14979 7ff7fe6ed47c 14977->14979 14977->14980 14978->14968 14978->14979 14978->14980 14979->14973 15014 7ff7fe6ed92c 14979->15014 14980->14973 15038 7ff7fe6ede50 14980->15038 14983 7ff7fe6ed027 14982->14983 14984 7ff7fe6ed040 14982->14984 14986 7ff7fe6ed49b 14983->14986 14994 7ff7fe6ed064 14983->14994 14999 7ff7fe6ed43e 14983->14999 14985 7ff7fe6ea880 memcpy_s 15 API calls 14984->14985 14984->14994 14987 7ff7fe6ed059 14985->14987 14988 7ff7fe6ed51f 14986->14988 14989 7ff7fe6ed4a0 14986->14989 14990 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 14987->14990 14991 7ff7fe6ed710 wprintf 44 API calls 14988->14991 14993 7ff7fe6ed505 14989->14993 14995 7ff7fe6ed4aa 14989->14995 14990->14994 15001 7ff7fe6ed48c wprintf 14991->15001 14992 7ff7fe6ed47c 14996 7ff7fe6ed92c wprintf 37 API calls 14992->14996 15003 7ff7fe6ed528 14992->15003 14997 7ff7fe6edb80 wprintf 31 API calls 14993->14997 14994->14963 14998 7ff7fe6ed9e0 wprintf 31 API calls 14995->14998 14995->15001 14995->15003 14996->15001 14997->15001 14998->15001 14999->14988 14999->14992 14999->14995 15000 7ff7fe6ed46e 14999->15000 14999->15001 14999->15003 15000->14988 15000->14992 15000->15001 15002 7ff7fe6ede50 37 API calls 15001->15002 15001->15003 15002->15003 15003->14963 15309 7ff7fe6f8c74 15004->15309 15334 7ff7fe6ece08 15007->15334 15010 7ff7fe6ea880 memcpy_s 15 API calls 15011 7ff7fe6ecd61 15010->15011 15012 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15011->15012 15013 7ff7fe6ecd14 15012->15013 15013->14963 15016 7ff7fe6ed948 wprintf 15014->15016 15015 7ff7fe6ed991 15015->14980 15016->15015 15044 7ff7fe6f8f78 15016->15044 15023 7ff7fe6edba8 wprintf 15018->15023 15019 7ff7fe6ea880 memcpy_s 15 API calls 15020 7ff7fe6edbb1 15019->15020 15021 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15020->15021 15022 7ff7fe6edbbc 15021->15022 15022->14980 15023->15019 15023->15022 15025 7ff7fe6eda01 15024->15025 15026 7ff7fe6ea880 memcpy_s 15 API calls 15025->15026 15029 7ff7fe6eda4c wprintf 15025->15029 15027 7ff7fe6eda41 15026->15027 15028 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15027->15028 15028->15029 15029->14980 15031 7ff7fe6ed728 15030->15031 15066 7ff7fe6ec318 15031->15066 15037 7ff7fe6ed863 15037->14980 15039 7ff7fe6ededd 15038->15039 15043 7ff7fe6ede77 15038->15043 15040 7ff7fe6e6a00 _handle_errorf 8 API calls 15039->15040 15042 7ff7fe6edf15 15040->15042 15041 7ff7fe6f8f78 wprintf 37 API calls 15041->15043 15042->14973 15043->15039 15043->15041 15047 7ff7fe6f8df4 15044->15047 15048 7ff7fe6f8e17 15047->15048 15049 7ff7fe6f8e4e 15048->15049 15050 7ff7fe6f8e3b 15048->15050 15060 7ff7fe6f8e1c 15048->15060 15052 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15049->15052 15051 7ff7fe6ea880 memcpy_s 15 API calls 15050->15051 15053 7ff7fe6f8e40 15051->15053 15054 7ff7fe6f8e60 15052->15054 15055 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15053->15055 15056 7ff7fe6f8e6f 15054->15056 15057 7ff7fe6f8ee8 WideCharToMultiByte 15054->15057 15055->15060 15058 7ff7fe6f8ecb __lc_wcstolc 15056->15058 15063 7ff7fe6f8e81 __lc_wcstolc 15056->15063 15059 7ff7fe6f8f3c GetLastError 15057->15059 15057->15063 15058->15060 15062 7ff7fe6ea880 memcpy_s 15 API calls 15058->15062 15059->15058 15059->15063 15060->15015 15061 7ff7fe6ea880 memcpy_s 15 API calls 15061->15060 15064 7ff7fe6f8f67 15062->15064 15063->15060 15063->15061 15065 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15064->15065 15065->15060 15067 7ff7fe6ec345 15066->15067 15068 7ff7fe6ec354 15066->15068 15069 7ff7fe6ea880 memcpy_s 15 API calls 15067->15069 15070 7ff7fe6ec34a 15068->15070 15071 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 15068->15071 15069->15070 15076 7ff7fe6f99c4 15070->15076 15072 7ff7fe6ec380 15071->15072 15073 7ff7fe6ec394 15072->15073 15074 7ff7fe6ef79c __free_lconv_num 15 API calls 15072->15074 15075 7ff7fe6ef79c __free_lconv_num 15 API calls 15073->15075 15074->15073 15075->15070 15077 7ff7fe6f99f1 15076->15077 15078 7ff7fe6f9a09 15076->15078 15079 7ff7fe6ea880 memcpy_s 15 API calls 15077->15079 15078->15077 15082 7ff7fe6f9a20 wprintf 15078->15082 15080 7ff7fe6f99f6 15079->15080 15081 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15080->15081 15091 7ff7fe6ed846 15081->15091 15086 7ff7fe6f9a74 15082->15086 15089 7ff7fe6f9a53 15082->15089 15083 7ff7fe6f9bb0 15083->15091 15227 7ff7fe6f8ff4 15083->15227 15085 7ff7fe6f9b77 15220 7ff7fe6f9354 15085->15220 15086->15083 15086->15085 15087 7ff7fe6f9aed 15086->15087 15090 7ff7fe6f9ab1 15086->15090 15094 7ff7fe6f9aa3 15086->15094 15151 7ff7fe7011c0 15087->15151 15108 7ff7fe6f9880 15089->15108 15141 7ff7fe6f9748 15090->15141 15091->15037 15101 7ff7fe6ec778 15091->15101 15094->15085 15097 7ff7fe6f9aac 15094->15097 15097->15087 15097->15090 15099 7ff7fe6f9b44 15099->15091 15217 7ff7fe6f9600 15099->15217 15278 7ff7fe6f28c8 15101->15278 15103 7ff7fe6ec7a4 15104 7ff7fe6f28c8 wprintf 43 API calls 15103->15104 15107 7ff7fe6ec7ac 15104->15107 15106 7ff7fe6ec790 15106->15103 15282 7ff7fe6eec58 15106->15282 15107->15037 15109 7ff7fe6f98ae 15108->15109 15111 7ff7fe6f98cc 15108->15111 15110 7ff7fe6e6a00 _handle_errorf 8 API calls 15109->15110 15112 7ff7fe6f98c3 15110->15112 15113 7ff7fe6f5104 __std_exception_copy 31 API calls 15111->15113 15112->15091 15114 7ff7fe6f99a4 15113->15114 15114->15109 15115 7ff7fe6f99ac 15114->15115 15116 7ff7fe6ea780 __lc_wcstolc 16 API calls 15115->15116 15118 7ff7fe6f99c1 15116->15118 15117 7ff7fe6f99f1 15119 7ff7fe6ea880 memcpy_s 15 API calls 15117->15119 15118->15117 15121 7ff7fe6f9a20 wprintf 15118->15121 15120 7ff7fe6f99f6 15119->15120 15122 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15120->15122 15127 7ff7fe6f9a74 15121->15127 15130 7ff7fe6f9a53 15121->15130 15123 7ff7fe6f9a02 15122->15123 15123->15091 15124 7ff7fe6f9bb0 15124->15123 15125 7ff7fe6f8ff4 wprintf 36 API calls 15124->15125 15125->15123 15126 7ff7fe6f9b77 15129 7ff7fe6f9354 wprintf 36 API calls 15126->15129 15127->15124 15127->15126 15128 7ff7fe6f9aed 15127->15128 15131 7ff7fe6f9ab1 15127->15131 15134 7ff7fe6f9aa3 15127->15134 15132 7ff7fe7011c0 wprintf 32 API calls 15128->15132 15129->15123 15133 7ff7fe6f9880 wprintf 36 API calls 15130->15133 15135 7ff7fe6f9748 wprintf 36 API calls 15131->15135 15136 7ff7fe6f9b17 15132->15136 15133->15123 15134->15126 15137 7ff7fe6f9aac 15134->15137 15135->15123 15138 7ff7fe701100 wprintf 31 API calls 15136->15138 15137->15128 15137->15131 15139 7ff7fe6f9b44 15138->15139 15139->15123 15140 7ff7fe6f9600 wprintf 35 API calls 15139->15140 15140->15123 15142 7ff7fe7011c0 wprintf 32 API calls 15141->15142 15143 7ff7fe6f978c 15142->15143 15144 7ff7fe701100 wprintf 31 API calls 15143->15144 15145 7ff7fe6f97c5 15144->15145 15146 7ff7fe6f97c9 15145->15146 15147 7ff7fe6f9827 15145->15147 15148 7ff7fe6f97eb 15145->15148 15146->15091 15237 7ff7fe6f9424 15147->15237 15150 7ff7fe6f9600 wprintf 35 API calls 15148->15150 15150->15146 15152 7ff7fe70120e wprintf fegetenv 15151->15152 15153 7ff7fe70127b 15152->15153 15156 7ff7fe7012a2 wprintf 15152->15156 15154 7ff7fe6f5104 __std_exception_copy 31 API calls 15153->15154 15155 7ff7fe701295 15154->15155 15157 7ff7fe70240e wprintf 15155->15157 15158 7ff7fe70129d 15155->15158 15159 7ff7fe7012c1 15156->15159 15160 7ff7fe702470 15156->15160 15167 7ff7fe6e6a00 _handle_errorf 8 API calls 15157->15167 15164 7ff7fe6ea780 __lc_wcstolc 16 API calls 15158->15164 15162 7ff7fe702451 15159->15162 15163 7ff7fe7012ca 15159->15163 15161 7ff7fe6f5104 __std_exception_copy 31 API calls 15160->15161 15166 7ff7fe702486 15161->15166 15165 7ff7fe6f5104 __std_exception_copy 31 API calls 15162->15165 15168 7ff7fe7012d3 15163->15168 15169 7ff7fe702432 15163->15169 15171 7ff7fe70242d 15164->15171 15172 7ff7fe702467 15165->15172 15166->15157 15173 7ff7fe702515 15166->15173 15174 7ff7fe6f9b17 15167->15174 15175 7ff7fe702413 15168->15175 15176 7ff7fe7012dc 15168->15176 15170 7ff7fe6f5104 __std_exception_copy 31 API calls 15169->15170 15178 7ff7fe702448 15170->15178 15183 7ff7fe6ea780 __lc_wcstolc 16 API calls 15171->15183 15172->15157 15179 7ff7fe70246b 15172->15179 15181 7ff7fe6ea780 __lc_wcstolc 16 API calls 15173->15181 15208 7ff7fe701100 15174->15208 15180 7ff7fe6f5104 __std_exception_copy 31 API calls 15175->15180 15250 7ff7fe703860 15176->15250 15178->15157 15182 7ff7fe70244c 15178->15182 15186 7ff7fe6ea780 __lc_wcstolc 16 API calls 15179->15186 15184 7ff7fe702429 15180->15184 15185 7ff7fe70252a 15181->15185 15187 7ff7fe6ea780 __lc_wcstolc 16 API calls 15182->15187 15183->15182 15184->15157 15184->15171 15186->15173 15187->15179 15188 7ff7fe70134e wprintf __lc_wcstolc 15189 7ff7fe6ea880 memcpy_s 15 API calls 15188->15189 15195 7ff7fe7013d8 _Yarn 15188->15195 15192 7ff7fe70187c 15189->15192 15190 7ff7fe702195 15268 7ff7fe6ef8c0 15190->15268 15191 7ff7fe70189c _Yarn __lc_wcstolc 15196 7ff7fe701c8a 15191->15196 15202 7ff7fe6ea880 15 API calls memcpy_s 15191->15202 15205 7ff7fe6ea730 31 API calls _invalid_parameter_noinfo 15191->15205 15193 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15192->15193 15193->15195 15195->15191 15199 7ff7fe701d5a _Yarn __lc_wcstolc 15195->15199 15196->15190 15196->15196 15259 7ff7fe70252c 15196->15259 15198 7ff7fe702244 15198->15198 15200 7ff7fe70252c memcpy_s 31 API calls 15198->15200 15207 7ff7fe70229c 15198->15207 15199->15190 15199->15196 15201 7ff7fe6ea880 15 API calls memcpy_s 15199->15201 15204 7ff7fe6ea730 31 API calls _invalid_parameter_noinfo 15199->15204 15200->15207 15201->15199 15202->15191 15203 7ff7fe6ef8c0 wprintf 31 API calls 15203->15207 15204->15199 15205->15191 15206 7ff7fe70252c memcpy_s 31 API calls 15206->15207 15207->15157 15207->15203 15207->15206 15209 7ff7fe701125 15208->15209 15210 7ff7fe70110d 15208->15210 15209->15210 15213 7ff7fe70113e 15209->15213 15211 7ff7fe6ea880 memcpy_s 15 API calls 15210->15211 15216 7ff7fe70111e _Yarn 15210->15216 15212 7ff7fe701112 15211->15212 15215 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15212->15215 15214 7ff7fe6ea880 memcpy_s 15 API calls 15213->15214 15214->15212 15215->15216 15216->15099 15218 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15217->15218 15219 7ff7fe6f9630 _Yarn __lc_wcstolc 15218->15219 15219->15091 15219->15219 15221 7ff7fe7011c0 wprintf 32 API calls 15220->15221 15222 7ff7fe6f9390 15221->15222 15223 7ff7fe701100 wprintf 31 API calls 15222->15223 15224 7ff7fe6f93c6 15223->15224 15225 7ff7fe6f93ca 15224->15225 15226 7ff7fe6f9424 wprintf 35 API calls 15224->15226 15225->15091 15226->15225 15228 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15227->15228 15229 7ff7fe6f9041 15228->15229 15230 7ff7fe6f9062 15229->15230 15231 7ff7fe6f904c 15229->15231 15233 7ff7fe6f9354 wprintf 36 API calls 15230->15233 15236 7ff7fe6f905d strrchr __lc_wcstolc 15230->15236 15232 7ff7fe6ea880 memcpy_s 15 API calls 15231->15232 15234 7ff7fe6f9051 15232->15234 15233->15236 15235 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15234->15235 15235->15236 15236->15091 15238 7ff7fe6f945b 15237->15238 15239 7ff7fe6f9489 15237->15239 15241 7ff7fe6ea880 memcpy_s 15 API calls 15238->15241 15240 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15239->15240 15245 7ff7fe6f949b _Yarn 15240->15245 15242 7ff7fe6f9460 15241->15242 15243 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15242->15243 15244 7ff7fe6f946c 15243->15244 15244->15146 15245->15245 15246 7ff7fe6f5104 __std_exception_copy 31 API calls 15245->15246 15249 7ff7fe6f953d _Yarn 15246->15249 15247 7ff7fe6ea780 __lc_wcstolc 16 API calls 15248 7ff7fe6f95fe 15247->15248 15249->15247 15251 7ff7fe703b60 15250->15251 15253 7ff7fe703877 15250->15253 15252 7ff7fe703b10 15257 7ff7fe704600 _log10_special 24 API calls 15252->15257 15258 7ff7fe703b06 15252->15258 15253->15252 15254 7ff7fe703af2 15253->15254 15255 7ff7fe7038df 15253->15255 15256 7ff7fe704600 _log10_special 24 API calls 15254->15256 15255->15188 15256->15258 15257->15258 15258->15188 15262 7ff7fe70254d __lc_wcstolc 15259->15262 15264 7ff7fe702549 _Yarn 15259->15264 15260 7ff7fe702552 15261 7ff7fe6ea880 memcpy_s 15 API calls 15260->15261 15263 7ff7fe702557 15261->15263 15262->15260 15262->15264 15265 7ff7fe70258d 15262->15265 15266 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15263->15266 15264->15190 15265->15264 15267 7ff7fe6ea880 memcpy_s 15 API calls 15265->15267 15266->15264 15267->15263 15269 7ff7fe6ef8e8 15268->15269 15277 7ff7fe6ef8dc 15268->15277 15270 7ff7fe6ef92f 15269->15270 15271 7ff7fe6ef957 15269->15271 15269->15277 15272 7ff7fe70252c memcpy_s 31 API calls 15270->15272 15273 7ff7fe6ef995 15271->15273 15274 7ff7fe6ef95c 15271->15274 15272->15277 15276 7ff7fe70252c memcpy_s 31 API calls 15273->15276 15275 7ff7fe70252c memcpy_s 31 API calls 15274->15275 15275->15277 15276->15277 15277->15198 15279 7ff7fe6f28d6 15278->15279 15280 7ff7fe6f28dd 15278->15280 15288 7ff7fe6f2788 15279->15288 15280->15106 15283 7ff7fe6eec93 15282->15283 15284 7ff7fe6eec6b 15282->15284 15283->15106 15285 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15284->15285 15286 7ff7fe6eec77 15285->15286 15286->15283 15300 7ff7fe6f56e0 15286->15300 15289 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15288->15289 15290 7ff7fe6f27a6 15289->15290 15291 7ff7fe6f27e6 15290->15291 15292 7ff7fe6f27ae 15290->15292 15293 7ff7fe6f280b 15291->15293 15295 7ff7fe6fba88 _mbstowcs_s_l 35 API calls 15291->15295 15294 7ff7fe6f2738 wprintf 39 API calls 15292->15294 15296 7ff7fe6ea880 memcpy_s 15 API calls 15293->15296 15297 7ff7fe6f280f 15293->15297 15299 7ff7fe6f27b9 15294->15299 15295->15293 15296->15297 15298 7ff7fe6fa644 pre_c_initialization 40 API calls 15297->15298 15298->15299 15299->15280 15301 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15300->15301 15302 7ff7fe6f571a 15301->15302 15303 7ff7fe6f5724 15302->15303 15304 7ff7fe6fba88 _mbstowcs_s_l 35 API calls 15302->15304 15306 7ff7fe6e6a00 _handle_errorf 8 API calls 15303->15306 15305 7ff7fe6f5746 15304->15305 15308 7ff7fe6fa134 _Tolower 39 API calls 15305->15308 15307 7ff7fe6f57d6 15306->15307 15307->15283 15308->15303 15310 7ff7fe6f8c8d ProcessCodePage 15309->15310 15313 7ff7fe6ea924 15310->15313 15314 7ff7fe6ea952 15313->15314 15315 7ff7fe6ea978 15313->15315 15316 7ff7fe6ea880 memcpy_s 15 API calls 15314->15316 15315->15314 15317 7ff7fe6ea986 15315->15317 15318 7ff7fe6ea957 15316->15318 15319 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 15317->15319 15320 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15318->15320 15322 7ff7fe6ea992 15319->15322 15333 7ff7fe6ea962 15320->15333 15321 7ff7fe6f56e0 _Tolower 39 API calls 15321->15322 15322->15321 15323 7ff7fe6ea9e8 15322->15323 15324 7ff7fe6eaa62 15323->15324 15325 7ff7fe6ea880 memcpy_s 15 API calls 15323->15325 15326 7ff7fe6ea880 memcpy_s 15 API calls 15324->15326 15329 7ff7fe6eab54 ProcessCodePage 15324->15329 15327 7ff7fe6eaa9a 15325->15327 15328 7ff7fe6eab49 15326->15328 15330 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15327->15330 15331 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15328->15331 15332 7ff7fe6ea880 memcpy_s 15 API calls 15329->15332 15329->15333 15330->15324 15331->15329 15332->15333 15333->14963 15335 7ff7fe6ecd10 15334->15335 15336 7ff7fe6ece2e 15334->15336 15335->15010 15335->15013 15336->15335 15337 7ff7fe6ea880 memcpy_s 15 API calls 15336->15337 15338 7ff7fe6ece87 15337->15338 15339 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15338->15339 15339->15335 15341 7ff7fe6e2cfb wprintf 15340->15341 15390 7ff7fe6ee0dc 15341->15390 15344 7ff7fe6eb6b4 15345 7ff7fe6eb6df 15344->15345 15346 7ff7fe6eb6ce 15344->15346 15407 7ff7fe6eb5e4 15345->15407 15348 7ff7fe6ea880 memcpy_s 15 API calls 15346->15348 15349 7ff7fe6eb6d3 15348->15349 15351 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15349->15351 15352 7ff7fe6eb6dd 15351->15352 15352->14589 15353 7ff7fe6ea880 memcpy_s 15 API calls 15353->15352 15355 7ff7fe6eb868 15354->15355 15356 7ff7fe6ea880 memcpy_s 15 API calls 15355->15356 15359 7ff7fe6eb878 15355->15359 15357 7ff7fe6eb86d 15356->15357 15358 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15357->15358 15358->15359 15359->14591 15668 7ff7fe6ebb40 15360->15668 15364 7ff7fe6eb805 15363->15364 15368 7ff7fe6eb815 15363->15368 15365 7ff7fe6ea880 memcpy_s 15 API calls 15364->15365 15366 7ff7fe6eb80a 15365->15366 15367 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15366->15367 15367->15368 15368->14594 15370 7ff7fe6eb841 15369->15370 15371 7ff7fe6eb831 15369->15371 15370->14594 15372 7ff7fe6ea880 memcpy_s 15 API calls 15371->15372 15373 7ff7fe6eb836 15372->15373 15374 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15373->15374 15374->15370 15376 7ff7fe6f54dc _Getctype 35 API calls 15375->15376 15377 7ff7fe6ea8a9 15376->15377 15377->14608 15379 7ff7fe6eb7ae 15378->15379 15380 7ff7fe6eb7c3 15378->15380 15381 7ff7fe6ea880 memcpy_s 15 API calls 15379->15381 15386 7ff7fe6eb7be 15380->15386 15682 7ff7fe6eb5cc EnterCriticalSection 15380->15682 15383 7ff7fe6eb7b3 15381->15383 15384 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15383->15384 15384->15386 15386->14586 15391 7ff7fe6ee102 15390->15391 15392 7ff7fe6ee117 15390->15392 15394 7ff7fe6ea880 memcpy_s 15 API calls 15391->15394 15392->15391 15393 7ff7fe6ee11c 15392->15393 15399 7ff7fe6ec130 15393->15399 15396 7ff7fe6ee107 15394->15396 15397 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15396->15397 15398 7ff7fe6e23c6 15397->15398 15398->15344 15406 7ff7fe6eb5cc EnterCriticalSection 15399->15406 15408 7ff7fe6eb61f 15407->15408 15409 7ff7fe6eb608 15407->15409 15408->15409 15412 7ff7fe6eb636 15408->15412 15410 7ff7fe6ea880 memcpy_s 15 API calls 15409->15410 15411 7ff7fe6eb60d 15410->15411 15415 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15411->15415 15413 7ff7fe6eb63b 15412->15413 15414 7ff7fe6eb648 15412->15414 15416 7ff7fe6ea880 memcpy_s 15 API calls 15413->15416 15426 7ff7fe6f6684 15414->15426 15418 7ff7fe6eb618 15415->15418 15416->15418 15418->15352 15418->15353 15439 7ff7fe6eeb20 EnterCriticalSection 15426->15439 15669 7ff7fe6ebb6a 15668->15669 15680 7ff7fe6ebb38 15668->15680 15670 7ff7fe6ebb9b 15669->15670 15672 7ff7fe6ebb79 __lc_wcstolc 15669->15672 15669->15680 15681 7ff7fe6eb5cc EnterCriticalSection 15670->15681 15673 7ff7fe6ea880 memcpy_s 15 API calls 15672->15673 15676 7ff7fe6ebb8e 15673->15676 15678 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 15676->15678 15678->15680 15680->14594 15684 7ff7fe6f54dc _Getctype 35 API calls 15683->15684 15685 7ff7fe6f50e7 15684->15685 15686 7ff7fe6ef72c abort 35 API calls 15685->15686 15687 7ff7fe6f5102 15686->15687 17543 7ff7fe6e4830 17544 7ff7fe6e4848 17543->17544 17548 7ff7fe6e4877 17543->17548 17549 7ff7fe6ee8c8 17544->17549 17547 7ff7fe6e3dc4 31 API calls 17547->17548 17550 7ff7fe6ee8e8 17549->17550 17552 7ff7fe6ee8fd 17549->17552 17551 7ff7fe6ea880 memcpy_s 15 API calls 17550->17551 17553 7ff7fe6ee8ed 17551->17553 17552->17550 17554 7ff7fe6ee923 17552->17554 17555 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 17553->17555 17558 7ff7fe6ee798 17554->17558 17557 7ff7fe6e4860 17555->17557 17557->17547 17557->17548 17565 7ff7fe6eb5cc EnterCriticalSection 17558->17565 16493 7ff7fe6eb528 16494 7ff7fe6eb533 16493->16494 16502 7ff7fe6f632c 16494->16502 16515 7ff7fe6eeb20 EnterCriticalSection 16502->16515 13849 7ff7fe6f2b0c 13850 7ff7fe6f2b32 GetModuleHandleW 13849->13850 13851 7ff7fe6f2b7c 13849->13851 13850->13851 13857 7ff7fe6f2b3f 13850->13857 13866 7ff7fe6eeb20 EnterCriticalSection 13851->13866 13853 7ff7fe6f2c2b 13854 7ff7fe6eeb74 fflush LeaveCriticalSection 13853->13854 13856 7ff7fe6f2c50 13854->13856 13855 7ff7fe6f2c00 13858 7ff7fe6f2c18 13855->13858 13862 7ff7fe6f3b4c 32 API calls 13855->13862 13859 7ff7fe6f2c5c 13856->13859 13864 7ff7fe6f2c78 11 API calls 13856->13864 13857->13851 13867 7ff7fe6f2cc4 GetModuleHandleExW 13857->13867 13863 7ff7fe6f3b4c 32 API calls 13858->13863 13860 7ff7fe6f3880 16 API calls 13860->13855 13862->13858 13863->13853 13864->13859 13865 7ff7fe6f2b86 13865->13853 13865->13855 13865->13860 13868 7ff7fe6f2d15 13867->13868 13869 7ff7fe6f2cee GetProcAddress 13867->13869 13871 7ff7fe6f2d25 13868->13871 13872 7ff7fe6f2d1f FreeLibrary 13868->13872 13869->13868 13870 7ff7fe6f2d08 13869->13870 13870->13868 13871->13851 13872->13871 16559 7ff7fe6fcc04 16560 7ff7fe6fcc28 16559->16560 16565 7ff7fe6fcc3c strchr 16559->16565 16561 7ff7fe6ea880 memcpy_s 15 API calls 16560->16561 16578 7ff7fe6fcc2d 16561->16578 16562 7ff7fe6fccaf 16563 7ff7fe6ea880 memcpy_s 15 API calls 16562->16563 16598 7ff7fe6fccb4 16563->16598 16564 7ff7fe6fcc7b 16567 7ff7fe6fcce8 16564->16567 16569 7ff7fe6fcca1 16564->16569 16572 7ff7fe6fcd3e 16564->16572 16565->16562 16565->16564 16605 7ff7fe6fcef4 16565->16605 16571 7ff7fe6eebb0 _Getctype 15 API calls 16567->16571 16567->16598 16568 7ff7fe6fcd8c 16574 7ff7fe6fcda9 16568->16574 16580 7ff7fe6fcdfb 16568->16580 16569->16562 16569->16572 16573 7ff7fe6fccfa 16571->16573 16572->16568 16572->16598 16623 7ff7fe70313c 16572->16623 16576 7ff7fe6ef79c __free_lconv_num 15 API calls 16573->16576 16577 7ff7fe6ef79c __free_lconv_num 15 API calls 16574->16577 16575 7ff7fe6ef79c __free_lconv_num 15 API calls 16575->16578 16579 7ff7fe6fcd08 16576->16579 16581 7ff7fe6fcdb2 16577->16581 16579->16572 16583 7ff7fe6eebb0 _Getctype 15 API calls 16579->16583 16579->16598 16582 7ff7fe6fcfe8 _onexit 34 API calls 16580->16582 16580->16598 16590 7ff7fe6fcdb7 16581->16590 16660 7ff7fe6fcfe8 16581->16660 16584 7ff7fe6fce36 16582->16584 16585 7ff7fe6fcd30 16583->16585 16586 7ff7fe6ef79c __free_lconv_num 15 API calls 16584->16586 16588 7ff7fe6ef79c __free_lconv_num 15 API calls 16585->16588 16586->16590 16588->16572 16589 7ff7fe6fcde3 16591 7ff7fe6ef79c __free_lconv_num 15 API calls 16589->16591 16590->16590 16592 7ff7fe6eebb0 _Getctype 15 API calls 16590->16592 16590->16598 16591->16590 16593 7ff7fe6fce80 16592->16593 16594 7ff7fe6fcec7 16593->16594 16595 7ff7fe6f5104 __std_exception_copy 31 API calls 16593->16595 16596 7ff7fe6ef79c __free_lconv_num 15 API calls 16594->16596 16597 7ff7fe6fce97 16595->16597 16596->16598 16599 7ff7fe6fcedc 16597->16599 16600 7ff7fe6fce9b SetEnvironmentVariableA 16597->16600 16598->16575 16602 7ff7fe6ea780 __lc_wcstolc 16 API calls 16599->16602 16600->16594 16601 7ff7fe6fcec2 16600->16601 16603 7ff7fe6ea880 memcpy_s 15 API calls 16601->16603 16604 7ff7fe6fcef0 16602->16604 16603->16594 16606 7ff7fe6fcf18 16605->16606 16614 7ff7fe6fcf11 16605->16614 16607 7ff7fe6eebb0 _Getctype 15 API calls 16606->16607 16608 7ff7fe6fcf3c 16607->16608 16609 7ff7fe6fcfbc 16608->16609 16621 7ff7fe6fcf44 16608->16621 16611 7ff7fe6ef72c abort 35 API calls 16609->16611 16610 7ff7fe6fcf9c 16613 7ff7fe6ef79c __free_lconv_num 15 API calls 16610->16613 16612 7ff7fe6fcfc1 16611->16612 16615 7ff7fe6ea780 __lc_wcstolc 16 API calls 16612->16615 16613->16614 16614->16564 16617 7ff7fe6fcfd7 16615->16617 16616 7ff7fe6eebb0 _Getctype 15 API calls 16616->16621 16619 7ff7fe6ef72c abort 35 API calls 16617->16619 16618 7ff7fe6ef79c __free_lconv_num 15 API calls 16618->16621 16620 7ff7fe6fcfdd 16619->16620 16621->16610 16621->16612 16621->16616 16621->16617 16621->16618 16622 7ff7fe6f5104 __std_exception_copy 31 API calls 16621->16622 16622->16621 16624 7ff7fe70314a 16623->16624 16630 7ff7fe700420 16623->16630 16626 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 16624->16626 16625 7ff7fe70045b 16632 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 16625->16632 16656 7ff7fe7004c6 16625->16656 16628 7ff7fe70317d 16626->16628 16627 7ff7fe700433 16629 7ff7fe6ea880 memcpy_s 15 API calls 16627->16629 16631 7ff7fe703182 16628->16631 16635 7ff7fe703193 16628->16635 16638 7ff7fe7031aa 16628->16638 16633 7ff7fe700438 16629->16633 16630->16625 16630->16627 16631->16572 16634 7ff7fe7004a2 16632->16634 16636 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16633->16636 16637 7ff7fe7004b6 16634->16637 16659 7ff7fe7004c8 16634->16659 16639 7ff7fe6ea880 memcpy_s 15 API calls 16635->16639 16640 7ff7fe700443 16636->16640 16641 7ff7fe6ea880 memcpy_s 15 API calls 16637->16641 16643 7ff7fe7031c6 16638->16643 16644 7ff7fe7031b4 16638->16644 16642 7ff7fe703198 16639->16642 16640->16572 16647 7ff7fe7004bb 16641->16647 16648 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16642->16648 16645 7ff7fe7031ee 16643->16645 16646 7ff7fe7031d7 16643->16646 16649 7ff7fe6ea880 memcpy_s 15 API calls 16644->16649 16680 7ff7fe704568 16645->16680 16669 7ff7fe700470 16646->16669 16652 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16647->16652 16648->16631 16653 7ff7fe7031b9 16649->16653 16652->16656 16654 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16653->16654 16654->16631 16656->16572 16657 7ff7fe6ea880 memcpy_s 15 API calls 16657->16631 16658 7ff7fe6f2788 43 API calls wprintf 16658->16659 16659->16656 16659->16658 16661 7ff7fe6fcff0 16660->16661 16662 7ff7fe6fd02f 16661->16662 16663 7ff7fe6fd020 16661->16663 16666 7ff7fe6fd039 16662->16666 16726 7ff7fe703254 16662->16726 16664 7ff7fe6ea880 memcpy_s 15 API calls 16663->16664 16668 7ff7fe6fd025 __lc_wcstolc 16664->16668 16714 7ff7fe6ef83c 16666->16714 16668->16589 16670 7ff7fe700496 16669->16670 16671 7ff7fe7004c6 16669->16671 16672 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 16670->16672 16671->16631 16674 7ff7fe7004a2 16672->16674 16673 7ff7fe7004b6 16675 7ff7fe6ea880 memcpy_s 15 API calls 16673->16675 16674->16673 16679 7ff7fe7004c8 16674->16679 16676 7ff7fe7004bb 16675->16676 16677 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16676->16677 16677->16671 16678 7ff7fe6f2788 43 API calls wprintf 16678->16679 16679->16671 16679->16678 16681 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 16680->16681 16682 7ff7fe70458d 16681->16682 16685 7ff7fe7041d4 16682->16685 16689 7ff7fe70421e __crtLCMapStringA 16685->16689 16686 7ff7fe6e6a00 _handle_errorf 8 API calls 16687 7ff7fe703215 16686->16687 16687->16631 16687->16657 16688 7ff7fe704317 MultiByteToWideChar 16691 7ff7fe704340 16688->16691 16699 7ff7fe70424c 16688->16699 16689->16688 16690 7ff7fe7042a3 GetCPInfo 16689->16690 16689->16699 16692 7ff7fe7042b4 16690->16692 16690->16699 16694 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 16691->16694 16696 7ff7fe704378 __crtLCMapStringA 16691->16696 16692->16688 16692->16699 16693 7ff7fe7043dc MultiByteToWideChar 16695 7ff7fe704402 MultiByteToWideChar 16693->16695 16698 7ff7fe70452d 16693->16698 16694->16696 16697 7ff7fe70442c 16695->16697 16695->16698 16696->16693 16696->16698 16702 7ff7fe70445a __crtLCMapStringA 16697->16702 16703 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 16697->16703 16698->16699 16700 7ff7fe6ef79c __free_lconv_num 15 API calls 16698->16700 16699->16686 16700->16699 16701 7ff7fe7044c1 MultiByteToWideChar 16704 7ff7fe7044e3 16701->16704 16706 7ff7fe704511 16701->16706 16702->16701 16702->16706 16703->16702 16708 7ff7fe6f5b20 16704->16708 16706->16698 16707 7ff7fe6ef79c __free_lconv_num 15 API calls 16706->16707 16707->16698 16709 7ff7fe6f5934 __vcrt_uninitialize_ptd 5 API calls 16708->16709 16710 7ff7fe6f5b63 16709->16710 16711 7ff7fe6f6190 __crtLCMapStringW 5 API calls 16710->16711 16712 7ff7fe6f5b6b 16710->16712 16713 7ff7fe6f5bcc CompareStringW 16711->16713 16712->16706 16713->16712 16715 7ff7fe6ef851 16714->16715 16716 7ff7fe6ef85b 16714->16716 16717 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 16715->16717 16718 7ff7fe6ef860 16716->16718 16724 7ff7fe6ef867 _Getctype 16716->16724 16722 7ff7fe6ef859 16717->16722 16719 7ff7fe6ef79c __free_lconv_num 15 API calls 16718->16719 16719->16722 16720 7ff7fe6ef8a6 16721 7ff7fe6ea880 memcpy_s 15 API calls 16720->16721 16721->16722 16722->16668 16723 7ff7fe6ef890 HeapReAlloc 16723->16722 16723->16724 16724->16720 16724->16723 16725 7ff7fe6f28fc new 2 API calls 16724->16725 16725->16724 16727 7ff7fe703276 HeapSize 16726->16727 16728 7ff7fe70325d 16726->16728 16729 7ff7fe6ea880 memcpy_s 15 API calls 16728->16729 16730 7ff7fe703262 16729->16730 16731 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16730->16731 16732 7ff7fe70326d 16731->16732 16732->16666 16733 7ff7fe6e1000 16736 7ff7fe6e3298 16733->16736 16737 7ff7fe6e32c4 16736->16737 16746 7ff7fe6e3eb0 16737->16746 16741 7ff7fe6e3326 16742 7ff7fe6e3341 16741->16742 16743 7ff7fe6e2170 std::ios_base::_Init 45 API calls 16741->16743 16744 7ff7fe6e1020 16742->16744 16757 7ff7fe6e5758 16742->16757 16743->16742 16747 7ff7fe6e2170 std::ios_base::_Init 45 API calls 16746->16747 16748 7ff7fe6e3efd 16747->16748 16749 7ff7fe6e62f4 new 4 API calls 16748->16749 16750 7ff7fe6e3f07 16749->16750 16752 7ff7fe6e3313 16750->16752 16762 7ff7fe6e5438 16750->16762 16753 7ff7fe6e4c44 16752->16753 16754 7ff7fe6e4c6c std::ios_base::getloc 16753->16754 16783 7ff7fe6e3160 16754->16783 16756 7ff7fe6e4c75 16756->16741 16758 7ff7fe6e4eb4 std::_Lockit::_Lockit EnterCriticalSection 16757->16758 16759 7ff7fe6e5770 16758->16759 16760 7ff7fe6e4f34 std::_Lockit::~_Lockit LeaveCriticalSection 16759->16760 16761 7ff7fe6e57c0 16760->16761 16761->16744 16763 7ff7fe6e4eb4 std::_Lockit::_Lockit EnterCriticalSection 16762->16763 16764 7ff7fe6e545e 16763->16764 16770 7ff7fe6e547d _Yarn 16764->16770 16771 7ff7fe6e562c 16764->16771 16766 7ff7fe6e4f34 std::_Lockit::~_Lockit LeaveCriticalSection 16768 7ff7fe6e54e1 16766->16768 16767 7ff7fe6e5472 16774 7ff7fe6e569c 16767->16774 16768->16752 16770->16766 16772 7ff7fe6e62f4 new 4 API calls 16771->16772 16773 7ff7fe6e5643 _Yarn 16772->16773 16773->16767 16775 7ff7fe6e56c1 16774->16775 16776 7ff7fe6e56ae 16774->16776 16775->16770 16778 7ff7fe6e589c 16776->16778 16779 7ff7fe6e58d3 16778->16779 16780 7ff7fe6e58ac EncodePointer 16778->16780 16781 7ff7fe6ef72c abort 35 API calls 16779->16781 16780->16775 16782 7ff7fe6e58d8 16781->16782 16784 7ff7fe6e4eb4 std::_Lockit::_Lockit EnterCriticalSection 16783->16784 16785 7ff7fe6e3185 16784->16785 16786 7ff7fe6e4eb4 std::_Lockit::_Lockit EnterCriticalSection 16785->16786 16791 7ff7fe6e31d4 16785->16791 16787 7ff7fe6e31aa 16786->16787 16789 7ff7fe6e4f34 std::_Lockit::~_Lockit LeaveCriticalSection 16787->16789 16788 7ff7fe6e4f34 std::_Lockit::~_Lockit LeaveCriticalSection 16790 7ff7fe6e3288 16788->16790 16789->16791 16790->16756 16797 7ff7fe6e3221 16791->16797 16798 7ff7fe6e3cd8 16791->16798 16793 7ff7fe6e3233 std::bad_alloc::bad_alloc 16794 7ff7fe6e3254 16793->16794 16795 7ff7fe6e907c _CxxThrowException 2 API calls 16793->16795 16808 7ff7fe6e53f8 16794->16808 16795->16794 16797->16788 16799 7ff7fe6e3d10 16798->16799 16800 7ff7fe6e3d9d 16798->16800 16799->16800 16801 7ff7fe6e62f4 new 4 API calls 16799->16801 16800->16793 16803 7ff7fe6e3d21 16801->16803 16802 7ff7fe6e3d77 16802->16800 16834 7ff7fe6e3664 16802->16834 16803->16802 16811 7ff7fe6e347c 16803->16811 16809 7ff7fe6e62f4 new 4 API calls 16808->16809 16810 7ff7fe6e540b 16809->16810 16810->16797 16812 7ff7fe6e4eb4 std::_Lockit::_Lockit EnterCriticalSection 16811->16812 16813 7ff7fe6e34a1 16812->16813 16814 7ff7fe6e34f7 16813->16814 16837 7ff7fe6e2f38 16813->16837 16840 7ff7fe6e559c 16814->16840 16819 7ff7fe6e907c _CxxThrowException 2 API calls 16819->16814 17018 7ff7fe6e5608 16834->17018 16836 7ff7fe6e367b _Yarn 16838 7ff7fe6e8fc4 __std_exception_copy 31 API calls 16837->16838 16839 7ff7fe6e2f6f 16838->16839 16839->16819 16845 7ff7fe6ef560 16840->16845 16842 7ff7fe6e55b5 _Yarn 16843 7ff7fe6ef560 std::_Locinfo::_Locinfo_ctor 73 API calls 16842->16843 16844 7ff7fe6e55de 16842->16844 16843->16844 16872 7ff7fe6ef478 16845->16872 16847 7ff7fe6ef584 16848 7ff7fe6f54dc _Getctype 35 API calls 16847->16848 16854 7ff7fe6ef58c 16847->16854 16849 7ff7fe6ef598 16848->16849 16919 7ff7fe6fad3c 16849->16919 16851 7ff7fe6ef6f9 16852 7ff7fe6ea780 __lc_wcstolc 16 API calls 16851->16852 16852->16854 16854->16842 16855 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 16856 7ff7fe6ef5ff 16855->16856 16856->16854 16857 7ff7fe6fad3c _wcstombs_s_l 40 API calls 16856->16857 16858 7ff7fe6ef62d 16857->16858 16859 7ff7fe6ef6e4 16858->16859 16860 7ff7fe6ef63f 16858->16860 16861 7ff7fe6ea780 __lc_wcstolc 16 API calls 16859->16861 16862 7ff7fe6ef643 16860->16862 16863 7ff7fe6ef650 16860->16863 16861->16851 16864 7ff7fe6ef79c __free_lconv_num 15 API calls 16862->16864 16933 7ff7fe6eeb20 EnterCriticalSection 16863->16933 16864->16854 16873 7ff7fe6ef4b2 16872->16873 16874 7ff7fe6ef498 16872->16874 16946 7ff7fe6fa9e8 16873->16946 16934 7ff7fe6f4854 16874->16934 16878 7ff7fe6ef547 16879 7ff7fe6ea780 __lc_wcstolc 16 API calls 16878->16879 16880 7ff7fe6ef55c 16879->16880 16883 7ff7fe6ef478 std::_Locinfo::_Locinfo_ctor 73 API calls 16880->16883 16881 7ff7fe6eebb0 _Getctype 15 API calls 16882 7ff7fe6ef4e6 16881->16882 16884 7ff7fe6ef520 16882->16884 16885 7ff7fe6fa9e8 _Wcsftime 39 API calls 16882->16885 16886 7ff7fe6ef584 16883->16886 16887 7ff7fe6ef79c __free_lconv_num 15 API calls 16884->16887 16888 7ff7fe6ef506 16885->16888 16892 7ff7fe6f54dc _Getctype 35 API calls 16886->16892 16901 7ff7fe6ef58c 16886->16901 16889 7ff7fe6ef49d 16887->16889 16890 7ff7fe6ef516 16888->16890 16891 7ff7fe6ef50a 16888->16891 16889->16847 16894 7ff7fe6f4854 std::_Locinfo::_Locinfo_ctor 64 API calls 16890->16894 16891->16884 16893 7ff7fe6ef514 16891->16893 16895 7ff7fe6ef598 16892->16895 16897 7ff7fe6ea780 __lc_wcstolc 16 API calls 16893->16897 16894->16884 16896 7ff7fe6fad3c _wcstombs_s_l 40 API calls 16895->16896 16900 7ff7fe6ef5db 16896->16900 16897->16878 16898 7ff7fe6ef6f9 16899 7ff7fe6ea780 __lc_wcstolc 16 API calls 16898->16899 16899->16901 16900->16898 16900->16901 16902 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 16900->16902 16901->16847 16903 7ff7fe6ef5ff 16902->16903 16903->16901 16904 7ff7fe6fad3c _wcstombs_s_l 40 API calls 16903->16904 16905 7ff7fe6ef62d 16904->16905 16906 7ff7fe6ef6e4 16905->16906 16907 7ff7fe6ef63f 16905->16907 16908 7ff7fe6ea780 __lc_wcstolc 16 API calls 16906->16908 16909 7ff7fe6ef643 16907->16909 16910 7ff7fe6ef650 16907->16910 16908->16898 16911 7ff7fe6ef79c __free_lconv_num 15 API calls 16909->16911 16949 7ff7fe6eeb20 EnterCriticalSection 16910->16949 16911->16901 16922 7ff7fe6fad65 16919->16922 16920 7ff7fe6fadbb 16921 7ff7fe6ea880 memcpy_s 15 API calls 16920->16921 16932 7ff7fe6fadc0 16921->16932 16922->16920 16923 7ff7fe6fad8f 16922->16923 16974 7ff7fe6faa08 16923->16974 16924 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16930 7ff7fe6ef5db 16924->16930 16927 7ff7fe6fada5 16929 7ff7fe6ea880 memcpy_s 15 API calls 16927->16929 16928 7ff7fe6fadd0 16928->16930 16931 7ff7fe6ea880 memcpy_s 15 API calls 16928->16931 16929->16930 16930->16851 16930->16854 16930->16855 16931->16932 16932->16924 16935 7ff7fe6f4874 16934->16935 16936 7ff7fe6f4888 16934->16936 16938 7ff7fe6ea880 memcpy_s 15 API calls 16935->16938 16937 7ff7fe6f54dc _Getctype 35 API calls 16936->16937 16939 7ff7fe6f488d 16937->16939 16940 7ff7fe6f4879 16938->16940 16941 7ff7fe6fea84 _Getctype 35 API calls 16939->16941 16942 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16940->16942 16943 7ff7fe6f4896 16941->16943 16944 7ff7fe6f4884 16942->16944 16950 7ff7fe6f3d98 16943->16950 16944->16889 16953 7ff7fe6fa8b8 16946->16953 16951 7ff7fe6f3f00 std::_Locinfo::_Locinfo_ctor 64 API calls 16950->16951 16952 7ff7fe6f3dad 16951->16952 16952->16944 16954 7ff7fe6fa8e8 16953->16954 16955 7ff7fe6fa90a 16954->16955 16956 7ff7fe6fa8ed 16954->16956 16959 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 16955->16959 16957 7ff7fe6ea880 memcpy_s 15 API calls 16956->16957 16958 7ff7fe6fa8f9 16957->16958 16960 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16958->16960 16961 7ff7fe6fa928 16959->16961 16970 7ff7fe6ef4cd 16960->16970 16962 7ff7fe6fa940 16961->16962 16963 7ff7fe6fa94c 16961->16963 16964 7ff7fe6ea880 memcpy_s 15 API calls 16962->16964 16965 7ff7fe6fa6dc _mbstowcs_s_l 39 API calls 16963->16965 16973 7ff7fe6fa945 16964->16973 16966 7ff7fe6fa95c 16965->16966 16967 7ff7fe6fa974 16966->16967 16968 7ff7fe6fa962 16966->16968 16967->16970 16972 7ff7fe6ea880 memcpy_s 15 API calls 16967->16972 16971 7ff7fe6ea880 memcpy_s 15 API calls 16968->16971 16969 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16969->16970 16970->16878 16970->16881 16971->16970 16972->16973 16973->16969 16975 7ff7fe6faa48 16974->16975 16976 7ff7fe6faa72 16975->16976 16977 7ff7fe6faa59 16975->16977 16989 7ff7fe6faa4d 16975->16989 16979 7ff7fe6eb30c _mbstowcs_s_l 35 API calls 16976->16979 16978 7ff7fe6ea880 memcpy_s 15 API calls 16977->16978 16981 7ff7fe6faa5e 16978->16981 16980 7ff7fe6faa7e 16979->16980 16983 7ff7fe6fac6c 16980->16983 16984 7ff7fe6faa87 16980->16984 16985 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 16981->16985 16982 7ff7fe6e6a00 _handle_errorf 8 API calls 16986 7ff7fe6fad1f 16982->16986 16987 7ff7fe6facb2 WideCharToMultiByte 16983->16987 16996 7ff7fe6fac79 16983->16996 16990 7ff7fe6fab5b WideCharToMultiByte 16984->16990 16994 7ff7fe6faa94 16984->16994 16999 7ff7fe6faae1 WideCharToMultiByte 16984->16999 16985->16989 16986->16927 16986->16928 16988 7ff7fe6fab8e 16987->16988 16988->16989 16991 7ff7fe6ea880 memcpy_s 15 API calls 16988->16991 16989->16982 16990->16988 16992 7ff7fe6faba1 16990->16992 16991->16989 16992->16988 16995 7ff7fe6fabab GetLastError 16992->16995 16994->16989 16997 7ff7fe6ea880 memcpy_s 15 API calls 16994->16997 16995->16988 17001 7ff7fe6fabba 16995->17001 16996->16989 16998 7ff7fe6ea880 memcpy_s 15 API calls 16996->16998 16997->16989 16998->16989 16999->16994 17000 7ff7fe6fabc7 WideCharToMultiByte 17000->16988 17000->17001 17001->16988 17001->16989 17001->17000 17019 7ff7fe6e5613 17018->17019 17020 7ff7fe6e5627 17018->17020 17021 7ff7fe6ef560 std::_Locinfo::_Locinfo_ctor 73 API calls 17019->17021 17020->16836 17021->17020 17732 7ff7fe6e48e8 17733 7ff7fe6e4933 17732->17733 17735 7ff7fe6e49a3 17733->17735 17736 7ff7fe6e49c5 17733->17736 17740 7ff7fe6e4943 17733->17740 17734 7ff7fe6e6a00 _handle_errorf 8 API calls 17738 7ff7fe6e4b5d 17734->17738 17753 7ff7fe6ee524 17735->17753 17737 7ff7fe6ee524 33 API calls 17736->17737 17750 7ff7fe6e49e1 17737->17750 17740->17734 17741 7ff7fe6e4020 33 API calls 17741->17750 17742 7ff7fe6e1a94 std::_Deallocate 33 API calls 17742->17740 17743 7ff7fe6e4af3 17746 7ff7fe6e4ad0 17743->17746 17747 7ff7fe6eea78 ungetc 34 API calls 17743->17747 17745 7ff7fe6e4abd 17745->17746 17749 7ff7fe6ea880 memcpy_s 15 API calls 17745->17749 17746->17740 17746->17742 17747->17743 17748 7ff7fe6ee524 33 API calls 17748->17750 17751 7ff7fe6e4adf 17749->17751 17750->17741 17750->17743 17750->17745 17750->17746 17750->17748 17772 7ff7fe6e22dc 17750->17772 17752 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 17751->17752 17752->17746 17754 7ff7fe6ee55f 17753->17754 17755 7ff7fe6ee547 17753->17755 17777 7ff7fe6eb5cc EnterCriticalSection 17754->17777 17756 7ff7fe6ea880 memcpy_s 15 API calls 17755->17756 17758 7ff7fe6ee54c 17756->17758 17760 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 17758->17760 17771 7ff7fe6ee557 17760->17771 17771->17740 17773 7ff7fe6e236a 17772->17773 17776 7ff7fe6e22f2 _Yarn 17772->17776 17774 7ff7fe6e2fdc std::_Deallocate 33 API calls 17773->17774 17775 7ff7fe6e2376 17774->17775 17776->17750 17120 7ff7fe6ebbe8 17121 7ff7fe6ebc1e 17120->17121 17122 7ff7fe6ebc09 17120->17122 17121->17122 17124 7ff7fe6ebc23 17121->17124 17123 7ff7fe6ea880 memcpy_s 15 API calls 17122->17123 17125 7ff7fe6ebc0e 17123->17125 17133 7ff7fe6eb5cc EnterCriticalSection 17124->17133 17127 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 17125->17127 17129 7ff7fe6ebc19 17127->17129 17169 7ff7fe6e3fd0 17170 7ff7fe6e3fe5 17169->17170 17171 7ff7fe6e3fe0 17169->17171 17173 7ff7fe6eb5cc EnterCriticalSection 17171->17173 17990 7ff7fe6f7cc0 17991 7ff7fe6f7ce0 17990->17991 17995 7ff7fe6f7d08 17990->17995 17992 7ff7fe6ea880 memcpy_s 15 API calls 17991->17992 17993 7ff7fe6f7ce5 17992->17993 17994 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 17993->17994 18004 7ff7fe6f7cf0 17994->18004 17996 7ff7fe6f7d57 17995->17996 17995->18004 18010 7ff7fe6f9d40 17995->18010 18015 7ff7fe6f6d1c 17996->18015 18002 7ff7fe6f6d1c ungetc 31 API calls 18003 7ff7fe6f7dbf 18002->18003 18003->18004 18005 7ff7fe6f6d1c ungetc 31 API calls 18003->18005 18006 7ff7fe6f7dcd 18005->18006 18006->18004 18007 7ff7fe6f6d1c ungetc 31 API calls 18006->18007 18008 7ff7fe6f7dde 18007->18008 18009 7ff7fe6f6d1c ungetc 31 API calls 18008->18009 18009->18004 18011 7ff7fe6ef7dc __crtLCMapStringA 16 API calls 18010->18011 18012 7ff7fe6f9d59 18011->18012 18013 7ff7fe6ef79c __free_lconv_num 15 API calls 18012->18013 18014 7ff7fe6f9d64 18013->18014 18014->17996 18016 7ff7fe6f6d25 18015->18016 18018 7ff7fe6f6d35 18015->18018 18017 7ff7fe6ea880 memcpy_s 15 API calls 18016->18017 18019 7ff7fe6f6d2a 18017->18019 18021 7ff7fe6f7740 18018->18021 18020 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 18019->18020 18020->18018 18022 7ff7fe6f7764 18021->18022 18023 7ff7fe6f777c 18021->18023 18024 7ff7fe6ea860 fread_s 15 API calls 18022->18024 18025 7ff7fe6f7829 18023->18025 18030 7ff7fe6f77b8 18023->18030 18026 7ff7fe6f7769 18024->18026 18027 7ff7fe6ea860 fread_s 15 API calls 18025->18027 18029 7ff7fe6ea880 memcpy_s 15 API calls 18026->18029 18028 7ff7fe6f782e 18027->18028 18031 7ff7fe6ea880 memcpy_s 15 API calls 18028->18031 18049 7ff7fe6f7771 18029->18049 18032 7ff7fe6f77dd 18030->18032 18033 7ff7fe6f77c8 18030->18033 18035 7ff7fe6f77d5 18031->18035 18050 7ff7fe6fd470 EnterCriticalSection 18032->18050 18036 7ff7fe6ea860 fread_s 15 API calls 18033->18036 18041 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 18035->18041 18038 7ff7fe6f77cd 18036->18038 18042 7ff7fe6ea880 memcpy_s 15 API calls 18038->18042 18041->18049 18042->18035 18049->18002 18049->18004 18099 7ff7fe6f9cac 18100 7ff7fe6f9cbc 18099->18100 18101 7ff7fe6f9cc9 18099->18101 18102 7ff7fe6ea880 memcpy_s 15 API calls 18100->18102 18103 7ff7fe6f9d25 18101->18103 18105 7ff7fe6f9cf8 18101->18105 18107 7ff7fe6f9cc1 18102->18107 18104 7ff7fe6ea880 memcpy_s 15 API calls 18103->18104 18106 7ff7fe6f9d2a 18104->18106 18110 7ff7fe6f9c20 18105->18110 18109 7ff7fe6ea730 _invalid_parameter_noinfo 31 API calls 18106->18109 18109->18107 18123 7ff7fe6fd470 EnterCriticalSection 18110->18123

    Executed Functions

    Function 00007FF7FE6E6B1C, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
    • String ID:
    • API String ID: 59578552-0
    • Opcode ID: 159eb25e2cbf39c461c3f6ecaf588293ec2cf8291aefdc939d2844f42b6c6860
    • Instruction ID: bdb6f5e04cbe581a6710ff05079da9c339702b03afacaa2e21573d7742b15651
    • Opcode Fuzzy Hash: 159eb25e2cbf39c461c3f6ecaf588293ec2cf8291aefdc939d2844f42b6c6860
    • Instruction Fuzzy Hash: 68E0B620E1E24A81EB1937658C460BCB5925FC6320FE14235E139422C2DD5E28965AF6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F3694, Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID: @
    • API String ID: 0-2766056989
    • Opcode ID: 495459152d8e14109708215dc7ee05e4bbcec53fa4a59622d9b0a4d49fceb096
    • Instruction ID: b2ff16f71c5381f551923a2031094ccdc548436592766d293f7c62e41364bd29
    • Opcode Fuzzy Hash: 495459152d8e14109708215dc7ee05e4bbcec53fa4a59622d9b0a4d49fceb096
    • Instruction Fuzzy Hash: 2341C772714B4885EF04DF29E9152A9B7A2F788FD4B999036DE2D8B794EE3CD045C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E29BC, Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 193stringCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff7fe6e29bc-7ff7fe6e2a1d 1 7ff7fe6e2a23-7ff7fe6e2a3b call 7ff7fe6ee260 0->1 2 7ff7fe6e2b60-7ff7fe6e2b70 GetTickCount call 7ff7fe6ea8cc 0->2 7 7ff7fe6e2a3d-7ff7fe6e2a45 1->7 8 7ff7fe6e2a4a-7ff7fe6e2a62 call 7ff7fe6ee260 1->8 9 7ff7fe6e2b76-7ff7fe6e2b79 2->9 10 7ff7fe6e2c77-7ff7fe6e2c98 call 7ff7fe6e1110 * 2 2->10 12 7ff7fe6e2b19-7ff7fe6e2b1f 7->12 20 7ff7fe6e2a64-7ff7fe6e2a6c 8->20 21 7ff7fe6e2a71-7ff7fe6e2a89 call 7ff7fe6ee260 8->21 9->10 14 7ff7fe6e2b7f-7ff7fe6e2b82 9->14 23 7ff7fe6e2c9d-7ff7fe6e2ccf call 7ff7fe6e6a00 10->23 18 7ff7fe6e2b52-7ff7fe6e2b5a 12->18 14->10 17 7ff7fe6e2b88-7ff7fe6e2bc1 call 7ff7fe6e9900 * 2 call 7ff7fe6e8f38 14->17 37 7ff7fe6e2c52-7ff7fe6e2c75 call 7ff7fe6e2378 17->37 38 7ff7fe6e2bc7-7ff7fe6e2c03 call 7ff7fe6e8b00 call 7ff7fe6ee1cc * 2 17->38 18->1 18->2 20->12 30 7ff7fe6e2a8b-7ff7fe6e2a93 21->30 31 7ff7fe6e2a98-7ff7fe6e2ab4 call 7ff7fe6ee260 21->31 30->12 39 7ff7fe6e2ab6-7ff7fe6e2ac3 call 7ff7fe6eb3c8 31->39 40 7ff7fe6e2ac5-7ff7fe6e2add call 7ff7fe6ee260 31->40 37->23 38->23 62 7ff7fe6e2c09-7ff7fe6e2c0e 38->62 39->12 50 7ff7fe6e2aef-7ff7fe6e2b03 call 7ff7fe6ee260 40->50 51 7ff7fe6e2adf-7ff7fe6e2aed call 7ff7fe6eb3c8 40->51 59 7ff7fe6e2b05-7ff7fe6e2b15 call 7ff7fe6eb3c8 50->59 60 7ff7fe6e2b21-7ff7fe6e2b2f 50->60 51->12 59->12 61 7ff7fe6e2b35-7ff7fe6e2b3f 60->61 64 7ff7fe6e2b41-7ff7fe6e2b46 61->64 65 7ff7fe6e2b48-7ff7fe6e2b4e 61->65 66 7ff7fe6e2c12-7ff7fe6e2c4e call 7ff7fe6e2d24 call 7ff7fe6e2378 62->66 64->61 64->65 65->18 72 7ff7fe6e2c50 66->72 72->23
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: CountTickstrchr
    • String ID: --count=$--domain=$--lasthope=$--period=$--source=$--target=$-guid$anchorAdjuster* --source=<source file> --target=<target file> --domain=<domain name> --period=<recurrence interval, minutes, default value 15> -guid --count=<count of instances>$d$using:
    • API String ID: 1893270519-3487731759
    • Opcode ID: fade20d14169afba7397ea3c7ac73c2f98e331ecb78b4ec49484030b262b6cfc
    • Instruction ID: c45fb070c15f73f17a357a70a458144931de838f4bffc2710720c4c570c2a34a
    • Opcode Fuzzy Hash: fade20d14169afba7397ea3c7ac73c2f98e331ecb78b4ec49484030b262b6cfc
    • Instruction Fuzzy Hash: 5581C461B2864A81E720BF16E8402BAB253FFC4788F800435EE6E476D5EE3DE50487B5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E6B38, Relevance: 13.6, APIs: 9, Instructions: 92COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled__scrt_fastfail__scrt_is_nonwritable_in_current_image$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__vcrt_initialize
    • String ID:
    • API String ID: 18626834-0
    • Opcode ID: c727223c7c0e2d7c3fb50e86c9fc76fd75c7e5b2ca5edfc4096e583f0baa3e2d
    • Instruction ID: 6e4ae06a5cd8f37d0bd53e86d3a73d6dc907467447283f85d92c51d0ca9016e0
    • Opcode Fuzzy Hash: c727223c7c0e2d7c3fb50e86c9fc76fd75c7e5b2ca5edfc4096e583f0baa3e2d
    • Instruction Fuzzy Hash: 28311B21A0C24B41FB14BB21D4163BDB252AFD5B88FC44034DA6D0B6D7DE2EE40587FA
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F8698, Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 132 7ff7fe6f8698-7ff7fe6f86bd 133 7ff7fe6f86c6-7ff7fe6f86c9 132->133 134 7ff7fe6f86bf-7ff7fe6f86c1 132->134 136 7ff7fe6f86cb-7ff7fe6f86e5 call 7ff7fe6ea860 call 7ff7fe6ea880 call 7ff7fe6ea730 133->136 137 7ff7fe6f86ea-7ff7fe6f8715 133->137 135 7ff7fe6f8961-7ff7fe6f8978 134->135 136->135 138 7ff7fe6f8720-7ff7fe6f8726 137->138 139 7ff7fe6f8717-7ff7fe6f871e 137->139 141 7ff7fe6f8736-7ff7fe6f8744 call 7ff7fe701044 138->141 142 7ff7fe6f8728-7ff7fe6f8731 call 7ff7fe6f8004 138->142 139->136 139->138 150 7ff7fe6f884b-7ff7fe6f885c 141->150 151 7ff7fe6f874a-7ff7fe6f875b 141->151 142->141 153 7ff7fe6f885e-7ff7fe6f8863 150->153 154 7ff7fe6f88ab-7ff7fe6f88d0 WriteFile 150->154 151->150 155 7ff7fe6f8761-7ff7fe6f8774 call 7ff7fe6f54dc 151->155 158 7ff7fe6f8865-7ff7fe6f8868 153->158 159 7ff7fe6f8897-7ff7fe6f88a4 call 7ff7fe6f8214 153->159 156 7ff7fe6f88d2-7ff7fe6f88d8 GetLastError 154->156 157 7ff7fe6f88db 154->157 171 7ff7fe6f8776-7ff7fe6f8786 155->171 172 7ff7fe6f878c-7ff7fe6f87a8 GetConsoleMode 155->172 156->157 161 7ff7fe6f88de 157->161 162 7ff7fe6f8883-7ff7fe6f8895 call 7ff7fe6f8438 158->162 163 7ff7fe6f886a-7ff7fe6f886d 158->163 170 7ff7fe6f88a9 159->170 166 7ff7fe6f88e3 161->166 173 7ff7fe6f883f-7ff7fe6f8846 162->173 167 7ff7fe6f886f-7ff7fe6f8881 call 7ff7fe6f831c 163->167 168 7ff7fe6f88e8-7ff7fe6f88f2 163->168 166->168 167->173 175 7ff7fe6f88f4-7ff7fe6f88f9 168->175 176 7ff7fe6f895c-7ff7fe6f895f 168->176 170->173 171->150 171->172 172->150 174 7ff7fe6f87ae-7ff7fe6f87b0 172->174 173->166 179 7ff7fe6f87b2-7ff7fe6f87b7 174->179 180 7ff7fe6f882d-7ff7fe6f883a call 7ff7fe6f800c 174->180 181 7ff7fe6f88fb-7ff7fe6f88fe 175->181 182 7ff7fe6f8928-7ff7fe6f8939 175->182 176->135 179->168 185 7ff7fe6f87bd-7ff7fe6f87cf 179->185 180->173 188 7ff7fe6f8900-7ff7fe6f8910 call 7ff7fe6ea880 call 7ff7fe6ea860 181->188 189 7ff7fe6f891b-7ff7fe6f8923 call 7ff7fe6ea810 181->189 186 7ff7fe6f8944-7ff7fe6f8954 call 7ff7fe6ea880 call 7ff7fe6ea860 182->186 187 7ff7fe6f893b-7ff7fe6f893e 182->187 185->161 190 7ff7fe6f87d5-7ff7fe6f87e6 call 7ff7fe7010a4 185->190 186->176 187->134 187->186 188->189 189->182 201 7ff7fe6f881b-7ff7fe6f8821 GetLastError 190->201 202 7ff7fe6f87e8-7ff7fe6f87f3 190->202 207 7ff7fe6f8824-7ff7fe6f8828 201->207 205 7ff7fe6f87f5-7ff7fe6f8807 call 7ff7fe7010a4 202->205 206 7ff7fe6f8810-7ff7fe6f8817 202->206 205->201 211 7ff7fe6f8809-7ff7fe6f880e 205->211 206->207 209 7ff7fe6f8819 206->209 207->161 209->190 211->206
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: fd95fa4c40e317e7e346000eb48cd411282434af6e6a88d47c0d43e9e537f49e
    • Instruction ID: 30c1a290ba6ba5546f2f65ab8f87fb4a639ced0e3c3ef27de21e326d489f2d1d
    • Opcode Fuzzy Hash: fd95fa4c40e317e7e346000eb48cd411282434af6e6a88d47c0d43e9e537f49e
    • Instruction Fuzzy Hash: DC81A322E1869A85F750BB65D8406BDB6A2BBC47A8F804175DE3E136D5EF3CD402D3B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F5934, Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: AddressProc
    • String ID:
    • API String ID: 190572456-0
    • Opcode ID: f63fca2c52a6ce74f8536f3d751d68a3d372941bc66a1312dadced8dd29aafa6
    • Instruction ID: d8318df177b747456a74192b3b7dd1a788a1600e375cc1d732e640e9031f3093
    • Opcode Fuzzy Hash: f63fca2c52a6ce74f8536f3d751d68a3d372941bc66a1312dadced8dd29aafa6
    • Instruction Fuzzy Hash: 08410821B0A68651FB15BB51E844675B396BFD8BA0F994535DD3D4B7C4FE3CEC0082A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F650C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID: @
    • API String ID: 3000768030-2766056989
    • Opcode ID: 7e99853ccf123c9b3ef95bf79d6f646c56918e65f57f940ccd8c991fbe2184da
    • Instruction ID: 412e6f20f82ccc2046ea5beeaf6b2184dba0f9e416badb99093baeeddbd98045
    • Opcode Fuzzy Hash: 7e99853ccf123c9b3ef95bf79d6f646c56918e65f57f940ccd8c991fbe2184da
    • Instruction Fuzzy Hash: DF21A232A0878641EB609B28949013CB66AEBD5775F681335D67F167DDDE3CD881C3E0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F2C78, Relevance: 4.5, APIs: 3, Instructions: 19COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 257d08f874acdffc154caf510c442649b6ec70d0579bcd948740e2a49a55064e
    • Instruction ID: 7676c1a6c3492e22438750242d35d7a00830e7d6607768f4aeb430d88e6d4cf2
    • Opcode Fuzzy Hash: 257d08f874acdffc154caf510c442649b6ec70d0579bcd948740e2a49a55064e
    • Instruction Fuzzy Hash: 02E09A30A0978942EB54BB219D8527972536FCCB45F405478DD2A063D6EE7DA44986F0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EE640, Relevance: 3.1, APIs: 2, Instructions: 82COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: a71be569c3a767861cc1254fb292b1edeb05b760f8d20c45b091ef51da319c00
    • Instruction ID: b86df3169d1c31aada48eae52daf79ec73eb936cfbf38a135e44b6df8450757f
    • Opcode Fuzzy Hash: a71be569c3a767861cc1254fb292b1edeb05b760f8d20c45b091ef51da319c00
    • Instruction Fuzzy Hash: 0631F372A0864A82EF18BB20D850179B763AFD47D4FD84131EA3E472C1DF6EE401C2A7
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F8214, Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 301 7ff7fe6f8214-7ff7fe6f827d call 7ff7fe6e6ce0 304 7ff7fe6f827f 301->304 305 7ff7fe6f82ee-7ff7fe6f8318 call 7ff7fe6e6a00 301->305 307 7ff7fe6f8284-7ff7fe6f8287 304->307 309 7ff7fe6f82ad-7ff7fe6f82d2 WriteFile 307->309 310 7ff7fe6f8289-7ff7fe6f8290 307->310 313 7ff7fe6f82e6-7ff7fe6f82ec GetLastError 309->313 314 7ff7fe6f82d4-7ff7fe6f82dd 309->314 311 7ff7fe6f8292-7ff7fe6f8298 310->311 312 7ff7fe6f829b-7ff7fe6f82ab 310->312 311->312 312->307 312->309 313->305 314->305 315 7ff7fe6f82df-7ff7fe6f82e2 314->315 315->304 316 7ff7fe6f82e4 315->316 316->305
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: a725ebd09deba37474db4c153e3535457a2e46ad4c509344615a2649c9ccd658
    • Instruction ID: 5ba97e2eb928e701f52eee97b53ccb1d4c27498568a029e2ca46bc1b8a1f5f16
    • Opcode Fuzzy Hash: a725ebd09deba37474db4c153e3535457a2e46ad4c509344615a2649c9ccd658
    • Instruction Fuzzy Hash: E331D732A18A8586E710AF25E4443A9B761F788784F848031EF6D87795EF3CD505DBA4
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E42F4, Relevance: 1.7, APIs: 1, Instructions: 163COMMON
    Download Yara Rule

    Control-flow Graph

    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a96bd36c65253213ad1d07e261f8b18e410cffb1edd54ff0e3da5cf0f683fdb8
    • Instruction ID: a5c7c302e347aef3db8a7dd9b8be4a15c973880a5d77e3f4f8ebcac5c999a23d
    • Opcode Fuzzy Hash: a96bd36c65253213ad1d07e261f8b18e410cffb1edd54ff0e3da5cf0f683fdb8
    • Instruction Fuzzy Hash: 0C61CF62B04A8AD9EB50EF65C0502ADB3A6FB88788F808432DE1D537C9DF39C945C395
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F2B0C, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: 9feacc6298cae4d7de8ea306e0f3647fcb7a771910baedead047ab25fcac7573
    • Instruction ID: 81da37883283e007602d26e53352cd8361d98b112f605dbc7e3cae7d6e84db00
    • Opcode Fuzzy Hash: 9feacc6298cae4d7de8ea306e0f3647fcb7a771910baedead047ab25fcac7573
    • Instruction Fuzzy Hash: D241A221E0968682FB64BB14D850179F266BFD8B48F804439DA3D476E5EF7DE84087F0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F85AC, Relevance: 1.6, APIs: 1, Instructions: 68COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d82b6fecb4a822c338aa247da3441fec8b235b63d4424682bb0735f9d224ef51
    • Instruction ID: 6b7c008c64bb7301c4b9ed2715414152a3ca4503c1d4dc7ee6a06cb4d911b837
    • Opcode Fuzzy Hash: d82b6fecb4a822c338aa247da3441fec8b235b63d4424682bb0735f9d224ef51
    • Instruction Fuzzy Hash: 13219F22E1828A46E7457F26AC45269B662ABC07A4F864534E93D073C2DE7CE44187E5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FD3B8, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 2f696ebc7c3673e3f6253bd44d1b20d5d9b33c7624da8f7b7f76de14cd177dcf
    • Instruction ID: 2f84a42a204bcf366772ecb211439b89c4969b561d31a952ed438595dc2a710e
    • Opcode Fuzzy Hash: 2f696ebc7c3673e3f6253bd44d1b20d5d9b33c7624da8f7b7f76de14cd177dcf
    • Instruction Fuzzy Hash: BB113A2291C6C682E710BB14E840279B2A6FBD4390FC50535EABD476D6EF3CF44187E2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EEBB0, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 03571549b0c6561bd0dc7d176b1fce8719eacd9a75a5e42c512c10ed516a919a
    • Instruction ID: 50422c3ec45140e878b65d881844e65d2eec0ae30e3a27ac8e69df1c5145b8c2
    • Opcode Fuzzy Hash: 03571549b0c6561bd0dc7d176b1fce8719eacd9a75a5e42c512c10ed516a919a
    • Instruction Fuzzy Hash: FBF06214B0A20F40FF5877A19D113B5A2925FC8B50FCC0431D93E463D1ED5DE48552FA
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EF7DC, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: a238cd8cb2d1ae0599397dce83b864478c7c9058b4e4a55bea63dfeb286417c1
    • Instruction ID: d3ba6e32b622f3b7690f4edc8c5da67746c187e0dc5bcdc63411962e987b2ca3
    • Opcode Fuzzy Hash: a238cd8cb2d1ae0599397dce83b864478c7c9058b4e4a55bea63dfeb286417c1
    • Instruction Fuzzy Hash: DFF0FE11F0A24B46FB547662A85167AB3A25FC8770FC85630D93E462C1EE2EA44181F6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE705184, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: DecodePointer
    • String ID:
    • API String ID: 3527080286-0
    • Opcode ID: e3709c2417da4e9d55945c5d4d2b7fe6f3bad68f4440f6c8e6a1f80209b50f9b
    • Instruction ID: 258c47244b415de836608852270c7c1eb66272c29cbe5e1eb69b91de1e00266a
    • Opcode Fuzzy Hash: e3709c2417da4e9d55945c5d4d2b7fe6f3bad68f4440f6c8e6a1f80209b50f9b
    • Instruction Fuzzy Hash: 34E0A524A1AB0681EB25A755E804038A252AF9D774B940B34CABE063E0EF2DA15682B5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E65D8, Relevance: 1.5, APIs: 1, Instructions: 8COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _onexit
    • String ID:
    • API String ID: 572287377-0
    • Opcode ID: 912773467d3b3c5d449051a259f23f146562a37bc44ecb42320ce9d65bd6821d
    • Instruction ID: 484cbe64c7800d0a59fb25e90339e3cca23bb1fbc65a0ba4e7cea1ef60fbba27
    • Opcode Fuzzy Hash: 912773467d3b3c5d449051a259f23f146562a37bc44ecb42320ce9d65bd6821d
    • Instruction Fuzzy Hash: 9EA01214FB100F40560432754846078004047E4310FC01631C008C06D2CC0C00E60511
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EF83C, Relevance: 1.3, APIs: 1, Instructions: 41COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: f13d37a55545c32cedde36c89744dd33cdc27e4eff961be9276492c0e6bdb340
    • Instruction ID: f3f250842c227dc1ac12f03dd5e4511573efbc082da5f97149a8e8d53d5cf4c7
    • Opcode Fuzzy Hash: f13d37a55545c32cedde36c89744dd33cdc27e4eff961be9276492c0e6bdb340
    • Instruction Fuzzy Hash: 14017544E1D64B43FF547661990057AF3A25FD47F4FC84530D93D462C5ED2DA40042FA
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF7FE6E2378, Relevance: 94.8, APIs: 13, Strings: 41, Instructions: 273stringCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: wprintf$_invalid_parameter_noinfo$CreateGuidInitializeUninitialize_fread_nolockfgetposfread_sstrchr
    • String ID: " ?$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$BBBB$OK$domain: shift 0x%08X(%i)$error create file "%s", code %i$error write file, written %i bytes, need write %i bytes, error code %i$guid: %s, shift 0x%08X(%i)$source file size %i$target file "%s"$wrong source file "
    • API String ID: 3927150608-2147001208
    • Opcode ID: 0eaabf706547943d22fa53fe9489f85c24fbdede133bdb6a47aa138fba1b5a1d
    • Instruction ID: d03d1a46556e12bde59e2ef82bbc6c49eb6f86e985de483ba802583e50c4a5e3
    • Opcode Fuzzy Hash: 0eaabf706547943d22fa53fe9489f85c24fbdede133bdb6a47aa138fba1b5a1d
    • Instruction Fuzzy Hash: 84C1BF72A0864686EB10AF62D5012AEB762FBC47C8F804035DF6D1BAD9DF3DD44187B9
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE7011C0, Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 281475176-2761157908
    • Opcode ID: 24ac0e55ccb3c70edea2f2b109bb6c74940edac041908d0fcfa2b5c05d47bc3b
    • Instruction ID: b74bfc0891e2f7e42778b81279646653002f63ef787cea60720e9e575a7e1d0e
    • Opcode Fuzzy Hash: 24ac0e55ccb3c70edea2f2b109bb6c74940edac041908d0fcfa2b5c05d47bc3b
    • Instruction Fuzzy Hash: B2B20772A081828AE765EE65DC406FDB7A1FBC8388F905135DB2957BC5DF38E504CBA0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FFDB4, Relevance: 10.7, APIs: 7, Instructions: 174COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLastLocale$CodeInfoPageValid$DefaultEnumLocalesProcessSystemUserabort
    • String ID:
    • API String ID: 3941709727-0
    • Opcode ID: 5d05a7679e14fa28f14d2d93893ecbc405274aae1529ff2a09b83f8aeccd37a7
    • Instruction ID: 8208532dc93412b85651145bd6581e25dbba5ae154b311069cde5c17dfece24b
    • Opcode Fuzzy Hash: 5d05a7679e14fa28f14d2d93893ecbc405274aae1529ff2a09b83f8aeccd37a7
    • Instruction Fuzzy Hash: 08715B22F1568699FB10AB60D8506BCB3A2BF88748F844436CA3D537D5EF3DA945C3B1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FF3C8, Relevance: 9.2, APIs: 6, Instructions: 208COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLastNameTranslatewcschr$CodePageValidabort
    • String ID:
    • API String ID: 4237316620-0
    • Opcode ID: 4a6e07ca00f5c181f52c63925a49e96984c4b320c75d473365034e83502df7b2
    • Instruction ID: 5d5b1dee0962a594f2b61df5025a75810320d69cff5e9732e51bd605a78c4f6e
    • Opcode Fuzzy Hash: 4a6e07ca00f5c181f52c63925a49e96984c4b320c75d473365034e83502df7b2
    • Instruction Fuzzy Hash: 3C817332A0878A85EB20BF21D5112A9B396FBC4B84F844135DA7D477C6EF3CE552C7A1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EA524, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 76662f45ab0d999c1615af95dbd631d0d7018e156f7da61ec783956ef3c2a8ee
    • Instruction ID: 51194282c2f62d445af3c3f5aea0a538a803e085b6163521e13710b0c064d940
    • Opcode Fuzzy Hash: 76662f45ab0d999c1615af95dbd631d0d7018e156f7da61ec783956ef3c2a8ee
    • Instruction Fuzzy Hash: F6316D32608B8186DB60EF25E8402AEB3A1FBC9754F940136EAAD43BD5DF3CC145CB90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EF478, Relevance: 6.2, APIs: 4, Instructions: 191COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: Wcsftime$_invalid_parameter_noinfo
    • String ID:
    • API String ID: 4239037671-0
    • Opcode ID: 5391c54f9391c5f4f0bc94dbcbeecf14428612a6a7ba88fec843e763a89e5dc0
    • Instruction ID: 212c610721989bf113e70b0e475f23edcd09028a142d121e3fed98d22448d96e
    • Opcode Fuzzy Hash: 5391c54f9391c5f4f0bc94dbcbeecf14428612a6a7ba88fec843e763a89e5dc0
    • Instruction Fuzzy Hash: 69712932A1878643EB24AB35A04137AB392FFC4794F944236EEBD43AD6DF3DD0018659
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FBADC, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7FE6FBB0C
      • Part of subcall function 00007FF7FE6EA780: GetCurrentProcess.KERNEL32(00007FF7FE6FD039), ref: 00007FF7FE6EA7AD
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: CurrentProcess_invalid_parameter_noinfo
    • String ID: *?$.
    • API String ID: 2518042432-3972193922
    • Opcode ID: 3725f18c3e09b3dedfd56ad382ccaa99fd3e04cfa4d10f67cf0d463e89ee3f67
    • Instruction ID: 7dea254a0c7cbc34d61f9ac71d9f89c771425022e98e55c52e4b05b7809f3c28
    • Opcode Fuzzy Hash: 3725f18c3e09b3dedfd56ad382ccaa99fd3e04cfa4d10f67cf0d463e89ee3f67
    • Instruction Fuzzy Hash: 8D51C562B14A9985EF10EF6598104BDB7A6FB88BD8B844531DE3D17BC9EF3CD0418360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EF8C0, Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 6068f228392bbde87faaf1bb2c3f41345029cc326c5add4b2fbc48b6656e6d30
    • Instruction ID: b4f9d9c48d31db00ff17752e11d86273f7854570f6a70c4562c87c78fd89b164
    • Opcode Fuzzy Hash: 6068f228392bbde87faaf1bb2c3f41345029cc326c5add4b2fbc48b6656e6d30
    • Instruction Fuzzy Hash: E3D1D232B1868A87DB34DF15E18466AB7A2FBC8784F548134CB5E57BC4DA3DE841CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FF83C, Relevance: 4.7, APIs: 3, Instructions: 165COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FE6F54DC: GetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F54E6
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F5564
      • Part of subcall function 00007FF7FE6F54DC: abort.LIBCMT ref: 00007FF7FE6F556A
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F554E
    • GetLocaleInfoW.KERNEL32 ref: 00007FF7FE6FF8A9
    • GetLocaleInfoW.KERNEL32 ref: 00007FF7FE6FF8FB
    • GetLocaleInfoW.KERNEL32 ref: 00007FF7FE6FF9C0
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorInfoLastLocale$abort
    • String ID:
    • API String ID: 1112924360-0
    • Opcode ID: 64853bf7e2c86e5d7c90ab52e67232536f8263b239761c29a833a1e9e99bde33
    • Instruction ID: e7194dc974ba7a0f57a43ff232d5fd428ad3d81bc9c5bb36570ed7109fda498b
    • Opcode Fuzzy Hash: 64853bf7e2c86e5d7c90ab52e67232536f8263b239761c29a833a1e9e99bde33
    • Instruction Fuzzy Hash: 5961A172A0868A96EB30AF15E541279B3A3FB84744F848135C7BD836D5EF3CE451C7A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FBCE8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID: .
    • API String ID: 0-248832578
    • Opcode ID: 9c0b4f624a2424d573f2a4644f38db5a2d65d39e0f04b82793c13f2e50a6d786
    • Instruction ID: 6dc46f837df1a0add18d6cfb4c3d64f574217cd5096805cbfcb7270ffbd22789
    • Opcode Fuzzy Hash: 9c0b4f624a2424d573f2a4644f38db5a2d65d39e0f04b82793c13f2e50a6d786
    • Instruction Fuzzy Hash: C031E822B146D545E720AE22D8157BABA92ABC8BE4F948331EE7C07BC5DE3CD5058344
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F5E28, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: GetLocaleInfoEx
    • API String ID: 2299586839-2904428671
    • Opcode ID: b7d08f78f528423dfcb768b2b42ef841cd564c6fb600a9670f01a76029085116
    • Instruction ID: d0f824017a872a2b35f7a9ffa03fbe601f4a9ae079ea7e07027cf470ebfa0a6a
    • Opcode Fuzzy Hash: b7d08f78f528423dfcb768b2b42ef841cd564c6fb600a9670f01a76029085116
    • Instruction Fuzzy Hash: 17019621B04B8581E704AB56A8000A9B7A5ABC8FD0B844136DE2D537A5DE3CD94183A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F43F0, Relevance: 3.3, APIs: 2, Instructions: 288COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: NameTranslate$CodePageValid__lc_wcstolc
    • String ID:
    • API String ID: 1519730825-0
    • Opcode ID: 09b881e24a0124f1539d90a42e71456a2bf02c99a24c152b11166297dcebc328
    • Instruction ID: 60f0afb558c7203b7cfa4e70db77763177324d7d9cc493c391d14c62792b8b3e
    • Opcode Fuzzy Hash: 09b881e24a0124f1539d90a42e71456a2bf02c99a24c152b11166297dcebc328
    • Instruction Fuzzy Hash: 61B1E472A087DA41EB64EB6695117BAB6A3FBC5784F804035EE7D43EC5EF3CE1018690
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FB184, Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 2d42aaa0dc037b263a5f8bd83070e6257a882c6a2e415b908038bead6dbbba0e
    • Instruction ID: bc3140736a8391b8842efb8cf2f3e291fee6ab4dfb9982a4325ba9c163f027b5
    • Opcode Fuzzy Hash: 2d42aaa0dc037b263a5f8bd83070e6257a882c6a2e415b908038bead6dbbba0e
    • Instruction Fuzzy Hash: 4AB17B73604B888BEB15DF29C84636CBBA1F788B48F588821DB7D877A8DB39D451C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EEE9C, Relevance: 1.8, APIs: 1, Instructions: 339COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorFreeHeapInfoLast
    • String ID:
    • API String ID: 1648928578-0
    • Opcode ID: 86dc87f05313872d6ef83cca71d06855ca776dc1e51ea117e108957a95b2c796
    • Instruction ID: e6770a2d54afc644632e6a7c04b31ba028972e103f3a0bf1758ea3c14c1d0963
    • Opcode Fuzzy Hash: 86dc87f05313872d6ef83cca71d06855ca776dc1e51ea117e108957a95b2c796
    • Instruction Fuzzy Hash: F202BF32A08BC586E711DF3894052FDB3A5FB98748F819235EF9C86296EF39E181C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FD8E8, Relevance: 1.8, APIs: 1, Instructions: 338COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7fcbf20d4f0bf067d05a5202d50d09d66d3483df6e7c3dc2ffc0ba1f10391a3c
    • Instruction ID: 99c048baf3755475951a9b412ed3eb02429c9501a83449b76bda41fe1a38ca00
    • Opcode Fuzzy Hash: 7fcbf20d4f0bf067d05a5202d50d09d66d3483df6e7c3dc2ffc0ba1f10391a3c
    • Instruction Fuzzy Hash: 18E18232A04B8585EB10EBA1E4406EE77A9FB95788F814631DFAD537D6EF38D244C390
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE70062C, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo
    • String ID:
    • API String ID: 474895018-0
    • Opcode ID: b835f74d8c8f40226b9b703131785c3597d634ab092b780ca59af1818bd6004b
    • Instruction ID: 859a5ffcc17fa67d44d5e7b42ccebf032ea5f657300baa8def1a5a55c6673b3d
    • Opcode Fuzzy Hash: b835f74d8c8f40226b9b703131785c3597d634ab092b780ca59af1818bd6004b
    • Instruction Fuzzy Hash: 0F71E922E0868246FB64A929DC40679E293BFC8374F940A34DB7D466D9DF7DF84187B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FFA80, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FE6F54DC: GetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F54E6
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F5564
      • Part of subcall function 00007FF7FE6F54DC: abort.LIBCMT ref: 00007FF7FE6F556A
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F554E
    • GetLocaleInfoW.KERNEL32 ref: 00007FF7FE6FFAE9
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLast$InfoLocaleabort
    • String ID:
    • API String ID: 3293382891-0
    • Opcode ID: d21d62257fd27cd6f6ead1db77854c0e3a4a789e41723b507cd43fb17ce120d8
    • Instruction ID: f0c9b2a98e71e33c1e37be155a910ede828196fffa5f4aa3d8fdb86cbd5aa4c7
    • Opcode Fuzzy Hash: d21d62257fd27cd6f6ead1db77854c0e3a4a789e41723b507cd43fb17ce120d8
    • Instruction Fuzzy Hash: BA219132A0868A86EB20EF11E5513A9B3A2FBC8784F808035D77D836D5EF3CE554C790
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FF6D4, Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FE6F54DC: GetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F54E6
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F5564
      • Part of subcall function 00007FF7FE6F54DC: abort.LIBCMT ref: 00007FF7FE6F556A
    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7FE6FFEB7,?,?,?,00000000,00000001,00000000,?,00007FF7FE6F4595), ref: 00007FF7FE6FF772
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystemabort
    • String ID:
    • API String ID: 2459050469-0
    • Opcode ID: 5bce3e16c0335674342c04b0145e2936ad842f828c13a709e5e7f5d989e0980d
    • Instruction ID: 01f852e5b0842414f2732e6789334cf0dde841639717747ed1ff518369f547f0
    • Opcode Fuzzy Hash: 5bce3e16c0335674342c04b0145e2936ad842f828c13a709e5e7f5d989e0980d
    • Instruction Fuzzy Hash: 1511EB67E0868985EB549F25E4402A8FBA1F7D0FA0F844135D639433D4EE78D5D1C790
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FFC7C, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FE6F54DC: GetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F54E6
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F5564
      • Part of subcall function 00007FF7FE6F54DC: abort.LIBCMT ref: 00007FF7FE6F556A
    • GetLocaleInfoW.KERNEL32(?,?,?,00007FF7FE6FFA3C), ref: 00007FF7FE6FFCB3
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLast$InfoLocaleabort
    • String ID:
    • API String ID: 3293382891-0
    • Opcode ID: 04d682cb2008d4e24ccdba713d077b9a68f06b6cc7c400ff78ff1d4dc4bbe719
    • Instruction ID: 4cf377fd030b158f09fe35679bf1752d8d196d47734d3117ee1ba98c71cdd7ab
    • Opcode Fuzzy Hash: 04d682cb2008d4e24ccdba713d077b9a68f06b6cc7c400ff78ff1d4dc4bbe719
    • Instruction Fuzzy Hash: 9311CA32A185EA82E7647B11A04067AB352FBC4754FA05631DE7E477C5EE39D88187A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FF7A4, Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7FE6F54DC: GetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F54E6
      • Part of subcall function 00007FF7FE6F54DC: SetLastError.KERNEL32(?,?,?,00007FF7FE6EB344,?,?,?,00007FF7FE6EC6D1), ref: 00007FF7FE6F5564
      • Part of subcall function 00007FF7FE6F54DC: abort.LIBCMT ref: 00007FF7FE6F556A
    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7FE6FFE73,?,?,?,00000000,00000001,00000000,?,00007FF7FE6F4595), ref: 00007FF7FE6FF824
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystemabort
    • String ID:
    • API String ID: 2459050469-0
    • Opcode ID: 9831cadc67901be87db63930c5d7cffa9d3afe162e365fb9e64c8ca607be4b3d
    • Instruction ID: b08e378da247241a965a83b6b61dcb0e5041da2e82de1cff6980cc02ef21a5b7
    • Opcode Fuzzy Hash: 9831cadc67901be87db63930c5d7cffa9d3afe162e365fb9e64c8ca607be4b3d
    • Instruction Fuzzy Hash: 8D01F962F082C946E7106F25E8407B9F7A2EB80B64FC19231D638432C4EF689481C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F589C, Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7FE6F5CA1,?,?,?,?,?,?,00000000,00007FF7FE6FECA6), ref: 00007FF7FE6F58F0
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: EnumLocalesSystem
    • String ID:
    • API String ID: 2099609381-0
    • Opcode ID: b54175c0ae6588dfff99f81a058ddd15eca637263f6170948a960b0f527f492f
    • Instruction ID: 07a0b0e1128c7a08613d01e129ff47f0f51947194e1e7143de0cc1a3a0a29191
    • Opcode Fuzzy Hash: b54175c0ae6588dfff99f81a058ddd15eca637263f6170948a960b0f527f492f
    • Instruction Fuzzy Hash: BF01C472B14B4583E704DB25EC400A9B362F7CCB80B448136EA5D877A8DF3CD8518390
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6ED414, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: 1da25a436641ffdaaa5332239eaef1689e64a4c63fcedabc066eff3563ac9ae9
    • Instruction ID: a0c6ba50e9dd7478210fe51398dd9c4faff1a40a04c11707444517ea7b98df84
    • Opcode Fuzzy Hash: 1da25a436641ffdaaa5332239eaef1689e64a4c63fcedabc066eff3563ac9ae9
    • Instruction Fuzzy Hash: EB71F851A0C68B46FB64AA35404027DF7A29BC174CF941531DD2C8B6D7CE2FE84987EB
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6ED198, Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: 57773de01bccddd33972bb7aba26c8b13c5a1234f29c8d174926197d7e406daa
    • Instruction ID: b3cd59fd531b09290dc88561a2f69582edf7b4c43b451d029edb6c564040080d
    • Opcode Fuzzy Hash: 57773de01bccddd33972bb7aba26c8b13c5a1234f29c8d174926197d7e406daa
    • Instruction Fuzzy Hash: F471D821A0C24A4AFB68AA35404027DF793DFD2744F941535DE288B6D5CE3FEC4687AB
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F9F6C, Relevance: 1.4, APIs: 1, Instructions: 137COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorHeapLast$AllocateFree_invalid_parameter_noinfo
    • String ID:
    • API String ID: 3806578645-0
    • Opcode ID: e934392d6bcc54cee49789a6c09898018760e102a2ef6601351ef8b227c3f7a9
    • Instruction ID: 0b76e0138d4eff4cd2d0621ed34a89f10b11785e181ba4f3abf2c4654cc1af8b
    • Opcode Fuzzy Hash: e934392d6bcc54cee49789a6c09898018760e102a2ef6601351ef8b227c3f7a9
    • Instruction Fuzzy Hash: 5C41E421F0968B41EB20BA26786177AF682AFC47C4F844535EE7E477C5FE3DE40142A4
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F9DA4, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 28cb9544bf14eeb21071fcf7dd54e0b3d477cda592650f1a000c34684372a440
    • Instruction ID: 76dbd3a3de2aa71c49d5b2ef9a4b0a27a799a8664a08ea1f9c5f2b34553cd65b
    • Opcode Fuzzy Hash: 28cb9544bf14eeb21071fcf7dd54e0b3d477cda592650f1a000c34684372a440
    • Instruction Fuzzy Hash: 8DB09220E07B02C6EB083B11AC4221862A4BF9C710FC45078C22C41360DF6C20A647B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EFDDA, Relevance: .5, Instructions: 535COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 90f50ed185b1410141001d1256e3ba9dabdecc2524991e5c76c2614713671394
    • Instruction ID: ec9a50fc0ae20cd942d0cabe29a28d7417db9dae4e4cdc54d134b1553c8877dd
    • Opcode Fuzzy Hash: 90f50ed185b1410141001d1256e3ba9dabdecc2524991e5c76c2614713671394
    • Instruction Fuzzy Hash: 63426221929E4688E793AF35EC11535B729FFD93C0F809733E92E666D4DF2CA44246B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FED70, Relevance: .3, Instructions: 329COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLast$abort
    • String ID:
    • API String ID: 1447195878-0
    • Opcode ID: bcfd70041c73d7935904fd4fdd596137f718f99dfcfb54f5a1415d36565c5cbe
    • Instruction ID: fdd819fc13543c9e72c4078fbaf599bc2c687ee95795e57b088970a1e66a408c
    • Opcode Fuzzy Hash: bcfd70041c73d7935904fd4fdd596137f718f99dfcfb54f5a1415d36565c5cbe
    • Instruction Fuzzy Hash: F3C1C632A186DA41E764FF21D8116BAB753EBC4B98F804131DE7943AC9EF3CE55187A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FB5C0, Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 29bbc79e574e84b392b246cd6699b7abbf5323aaa95dfd338c73e9b7c350b287
    • Instruction ID: 37c7f88485988d2d92ebae60a9f604f03467f7e9f8c2f327a21381a67892b0df
    • Opcode Fuzzy Hash: 29bbc79e574e84b392b246cd6699b7abbf5323aaa95dfd338c73e9b7c350b287
    • Instruction Fuzzy Hash: 0BF0C271B192958EEBE89F28E84262DB7D0E74C390F908039D69C83B44D63C81609FA4
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E712C, Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5d9137be30ca762c515b27eb6a4003b00807810aa1c88afda74bd61cd8db352f
    • Instruction ID: 6e8f6599d6f818b745142cb6288e7636f9280ebe5f9f6d339946e41081b5e6b5
    • Opcode Fuzzy Hash: 5d9137be30ca762c515b27eb6a4003b00807810aa1c88afda74bd61cd8db352f
    • Instruction Fuzzy Hash: 6BA0012190E906E0E704AB00EC58460A221ABD9300B854131C16D450E09F2DA41183A5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F9880, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
    • API String ID: 3215553584-2617248754
    • Opcode ID: 621f7c38c05972134e20e5dd54a4157b30d26810895ff4e4dd1d06f7fdd2e535
    • Instruction ID: bcdc059c19ea5a8fa9a3ea19179397eb0a5d24da8ae536708e411404f8a740db
    • Opcode Fuzzy Hash: 621f7c38c05972134e20e5dd54a4157b30d26810895ff4e4dd1d06f7fdd2e535
    • Instruction Fuzzy Hash: B041CF72A09B8989E704DF64E8417ED73A5FB48398F814536EE6C07B99EE3CD025C390
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE700C54, Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
    • String ID:
    • API String ID: 1330151763-0
    • Opcode ID: 07c87b0e914a2fb98f6e026bb06df96fe4a127e2d411886919b1d3098c328c8c
    • Instruction ID: 8750913ed41d05ba7444e8ab46de9cf6ce316aeb898f134fe7c8cab7bf5fb590
    • Opcode Fuzzy Hash: 07c87b0e914a2fb98f6e026bb06df96fe4a127e2d411886919b1d3098c328c8c
    • Instruction Fuzzy Hash: 02C1D033B18A468AEB50AB64D8503AD7762E7887A8F414635DF3E577D9CF38E015C3A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E3028, Relevance: 12.1, APIs: 8, Instructions: 84COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 3381189198-0
    • Opcode ID: a3e398a192c544bcf7aa698f88f046e3f40437f6836fc58a8a8267729689b771
    • Instruction ID: d76d407a3cc0f7c0c96c4f6c0ef7692f0e7a4f83d6ec2e694444d43a966c8ba6
    • Opcode Fuzzy Hash: a3e398a192c544bcf7aa698f88f046e3f40437f6836fc58a8a8267729689b771
    • Instruction Fuzzy Hash: 66315E21A4DA4681EB11AB25D5400B9F362EFD4BE4F980231D67D077E9CF2DE442C7A6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E3160, Relevance: 12.1, APIs: 8, Instructions: 84COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowctypestd::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 3407776516-0
    • Opcode ID: decb80e405cbae5fe1879ff8e2001fa6b7108771bd9d88fcbf89a1bdebcadd0b
    • Instruction ID: d5ee7ef4cdb90d8c7c68fc9a511fd9e3750625ecc66d2a122a0b97efdd4021a4
    • Opcode Fuzzy Hash: decb80e405cbae5fe1879ff8e2001fa6b7108771bd9d88fcbf89a1bdebcadd0b
    • Instruction Fuzzy Hash: FD313E21A4CB4681EB15BB25D5400B9B362EBD4BE0F980231DA7D036E9DE2DE842C7A5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F7858, Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 399ed0f814fc6bba712557e4b6ddd87f34d4c4d53dd3710662006a788d3cf252
    • Instruction ID: eb908d682b2181e637a2fc80f73e116a88f69784e32ed6d654d171c9de6247c6
    • Opcode Fuzzy Hash: 399ed0f814fc6bba712557e4b6ddd87f34d4c4d53dd3710662006a788d3cf252
    • Instruction Fuzzy Hash: 12C10426A2D6CA45EB61AF14940027ABB63BFC1B90F864134EA7E033D5DF3DE44183E5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E2170, Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 72COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ExceptionThrow
    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 432778473-1866435925
    • Opcode ID: 5494c9595a8e6530fee949300e5293447ae4c170e5c66bbfcc8c263e8da6cfb1
    • Instruction ID: 8cebfc8254cbad23c4f2a4031bff89acd99dc4b1a753666b76b8fb7a6abe20a2
    • Opcode Fuzzy Hash: 5494c9595a8e6530fee949300e5293447ae4c170e5c66bbfcc8c263e8da6cfb1
    • Instruction Fuzzy Hash: 06313062E05B1A98FB00FBA4E8410EC7371BF94318FD00136DA5D279D9EF399556C390
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FAA08, Relevance: 9.2, APIs: 6, Instructions: 223COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: ae4dc5ab1dc0e9134f76bde21df7ab4744a3ef4efc259b3fc9e090e4a2d278b6
    • Instruction ID: 63e23f28935ee3e42f66dc1973b1e4e1e001b6a51a00e857e7b5f142752a8082
    • Opcode Fuzzy Hash: ae4dc5ab1dc0e9134f76bde21df7ab4744a3ef4efc259b3fc9e090e4a2d278b6
    • Instruction Fuzzy Hash: 8A919432A096D986FB60AB119440279B6A6BF84BA4F944235DE7D076D4FF3CD486C3B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6E188C, Relevance: 9.0, APIs: 6, Instructions: 43COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn$ExceptionThrowstd::bad_alloc::bad_alloc
    • String ID:
    • API String ID: 2825306756-0
    • Opcode ID: 28bbfb1be02d542ebacf3b19222a74f9398d47626543ea032c1e7c9ebfd48b94
    • Instruction ID: 9a768276c2858c69010104042aec22d1d95d91b6e4a175e686a84e811cfca770
    • Opcode Fuzzy Hash: 28bbfb1be02d542ebacf3b19222a74f9398d47626543ea032c1e7c9ebfd48b94
    • Instruction Fuzzy Hash: D701F614E1A60F09FF2CB2A544152BAB1934FD5374FE00B72D63D017D2ED5E694162EA
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F2CC4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: f1be5df30555893e54c542df797027a03ddf9dd6fdbabe88f71ae3b4706f5321
    • Instruction ID: 5a284e29bdb059edc3c7149ec6d0bcde8f843e67964c2d226949fcebb1212472
    • Opcode Fuzzy Hash: f1be5df30555893e54c542df797027a03ddf9dd6fdbabe88f71ae3b4706f5321
    • Instruction Fuzzy Hash: 60F04421A1974691EF45AB11F890279A361AFCCB90F881139EA2F466E4DF3CD4848770
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE7041D4, Relevance: 7.8, APIs: 5, Instructions: 265COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6d246371e59d778666016ed12019df7df57383548cc464478e3f87e27cd87e76
    • Instruction ID: d8efc8e3137a9d918626d1a0927052f9290fca8932441f4bb4833ebcd51a90ec
    • Opcode Fuzzy Hash: 6d246371e59d778666016ed12019df7df57383548cc464478e3f87e27cd87e76
    • Instruction Fuzzy Hash: 6BA1E462B0978246EB20AA62D8103BDE691AFC87A4FC44635DB7D477C5EF7CD44483B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F800C, Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
    • String ID:
    • API String ID: 3659116390-0
    • Opcode ID: d57330dd6350b4712869357c23d41393f3fa72bb58bfac2c5f7fd052ef84af7e
    • Instruction ID: bfb34cb1f18ead6ad9ce70e1f25404807318485ed29179739ad005d676147543
    • Opcode Fuzzy Hash: d57330dd6350b4712869357c23d41393f3fa72bb58bfac2c5f7fd052ef84af7e
    • Instruction Fuzzy Hash: 8B51F632B14A9685E710DB65E8443ACB772FB88798F448235DE6E47BD8DF38E141C760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FA6DC, Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 8a37e831644ee33ea1f564136319b7d885d67e8178be3949b1c02c9981534d04
    • Instruction ID: 56960a3ad8158300f0c490a2bd25fe3aa80d52615698ddeac56b8ba546523e34
    • Opcode Fuzzy Hash: 8a37e831644ee33ea1f564136319b7d885d67e8178be3949b1c02c9981534d04
    • Instruction Fuzzy Hash: 1351A422A0C7C585E764AB119440579FBA6EFC4BB0F994235DA7D076D0EE7CE442C3A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE703410, Relevance: 7.6, APIs: 5, Instructions: 72COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ByteCharErrorLastMultiWide$AllocateHeap_invalid_parameter_noinfo
    • String ID:
    • API String ID: 1500607604-0
    • Opcode ID: ff58d773185b4df460b58ef6c3fa682540996f8bf41ee4a67c4972ad629606b5
    • Instruction ID: 765037e380c0fed465df9e57eccc0ca8b63b621edff2c0c100f2d87381f32278
    • Opcode Fuzzy Hash: ff58d773185b4df460b58ef6c3fa682540996f8bf41ee4a67c4972ad629606b5
    • Instruction Fuzzy Hash: 8021C421A09B4241EB25BF62BC0013AE796AFC8BA0F844634EE7D477D5DF3CE40242B0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE7027D8, Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: 18c091fff185a02c6b0f9dcafe86012acda0c8a3f3905ffffcfb0eaf2df4b852
    • Instruction ID: cb5881d4bb305d8c33cc2435313acccd5094104e4b1d1cd0fcccfaf6a99d3a2d
    • Opcode Fuzzy Hash: 18c091fff185a02c6b0f9dcafe86012acda0c8a3f3905ffffcfb0eaf2df4b852
    • Instruction Fuzzy Hash: 2C11C12BE1CA8705F758B5A5E84637AD9426FCC3A0F844234EB7E065D7DF1CA44042F5
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F6810, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 197COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: bf2b8c16eadd9d5db84e603cc91450b30a88a0842af54cad9983de0b64117b2d
    • Instruction ID: 59fd4ff944bcc92018887e658571c6fb301f74a982d160fb9695245abc91e245
    • Opcode Fuzzy Hash: bf2b8c16eadd9d5db84e603cc91450b30a88a0842af54cad9983de0b64117b2d
    • Instruction Fuzzy Hash: 8C71B372D0C2CB45FB656E24865433CFBDAEF91748F84A134C63A465D5EB2DA81093E3
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6EC86C, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: $*
    • API String ID: 3215553584-3982473090
    • Opcode ID: 23d9b31577de7f2a86e552a4b12be4897c7d88f11550b486e18f67c3137794f9
    • Instruction ID: ed77763510bdf16c2f170852f9d59a68c5dbdc1537f082c3f25d6dfb48cc22f2
    • Opcode Fuzzy Hash: 23d9b31577de7f2a86e552a4b12be4897c7d88f11550b486e18f67c3137794f9
    • Instruction Fuzzy Hash: 6B61FD3291C2C986F768AE39805437CBBA2FB81B08F941135D66A521C5CF2ED441C7AB
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F8438, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ByteCharErrorFileLastMultiWideWrite
    • String ID: U
    • API String ID: 2456169464-4171548499
    • Opcode ID: 034f733c7c169919fd78daaf25f8cd59d38ee1893bcac3a6967da1b0a74d948d
    • Instruction ID: 2c27ba4acb2db326c8ac0fb9f29c4ee32cc1d8df800411deb696ba1fe79fe27e
    • Opcode Fuzzy Hash: 034f733c7c169919fd78daaf25f8cd59d38ee1893bcac3a6967da1b0a74d948d
    • Instruction Fuzzy Hash: 1E41A222B1968582DB60AF25E8453BAB7A1FB88794F808031EE5D877D4EF3CD405C7A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE7008C0, Relevance: 6.2, APIs: 4, Instructions: 160COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$_get_daylight
    • String ID:
    • API String ID: 72036449-0
    • Opcode ID: 4f29ab0b7ae97194a582883ddba2c3802a8675c08871253ff472d340cc7ca090
    • Instruction ID: 67b9c0f2c937f8141c3fa2b0615a530af07b43ac44104fceec4b4d8a0576d108
    • Opcode Fuzzy Hash: 4f29ab0b7ae97194a582883ddba2c3802a8675c08871253ff472d340cc7ca090
    • Instruction Fuzzy Hash: 9B51B072D1C64686F765B928CC0537AE592ABC9334F994834DBA9462D9CF2CF84086F2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F8DF4, Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
    • String ID:
    • API String ID: 4141327611-0
    • Opcode ID: 3b4ce5be346d9fefcd45327643f26a8dca00848a0727ff22629e1f0a54d34f79
    • Instruction ID: 8b0149b8ba1f2dfd48149c1c4d7d7236331b69771c68efeb6a98e0e2ff07160d
    • Opcode Fuzzy Hash: 3b4ce5be346d9fefcd45327643f26a8dca00848a0727ff22629e1f0a54d34f79
    • Instruction Fuzzy Hash: CE41D422E0D78A86FB65AB10D450379F6A2EFC4B90F944170DABC07AD5EF3CD84197A1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FCB00, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
    Download Yara Rule
    APIs
    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7FE6F31B7,?,?,00000000,00007FF7FE6F3172,?,?,00000000,00007FF7FE6F34A1), ref: 00007FF7FE6FCB19
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7FE6F31B7,?,?,00000000,00007FF7FE6F3172,?,?,00000000,00007FF7FE6F34A1), ref: 00007FF7FE6FCB7B
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7FE6F31B7,?,?,00000000,00007FF7FE6F3172,?,?,00000000,00007FF7FE6F34A1), ref: 00007FF7FE6FCBB5
    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7FE6F31B7,?,?,00000000,00007FF7FE6F3172,?,?,00000000,00007FF7FE6F34A1), ref: 00007FF7FE6FCBDF
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ByteCharEnvironmentMultiStringsWide$Free
    • String ID:
    • API String ID: 1557788787-0
    • Opcode ID: a9bea5402cd1f14d8878be8d3d82df4723dbd0ea76f45f1e698c4fb268765643
    • Instruction ID: f14ef4eef882319859c56cc0ccf4eeed03ab1b3431e8311c70ce3218e053ddf6
    • Opcode Fuzzy Hash: a9bea5402cd1f14d8878be8d3d82df4723dbd0ea76f45f1e698c4fb268765643
    • Instruction Fuzzy Hash: 0A216125E197D581EB20AF12B440029F7A5EBC8BD0B984234DEAE63BD8DF3CE4528755
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F54DC, Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: ErrorLast$abort
    • String ID:
    • API String ID: 1447195878-0
    • Opcode ID: 1317ccaa99e41bd68a19f88fb0a1cac3767944e40dac533040339ab513557f2b
    • Instruction ID: c1bf7efb3fe4f5622be68683c561fb8d4da6660dc55b368802ffcbb6a859e94a
    • Opcode Fuzzy Hash: 1317ccaa99e41bd68a19f88fb0a1cac3767944e40dac533040339ab513557f2b
    • Instruction Fuzzy Hash: CC018C20B0938B42FB987760A55523CB1835FC8791F944638D93E06BD7EE2CEC0042B1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F8FF4, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: gfffffff
    • API String ID: 3215553584-1523873471
    • Opcode ID: d2963831934c30ccb4cfcb4f0bf33f4b1da78e88b74f01f9e8dbc79468fd3ddc
    • Instruction ID: d436fe77c900b10f043afa728e616af4771da7137d058c0b36d3dd9946e5bd98
    • Opcode Fuzzy Hash: d2963831934c30ccb4cfcb4f0bf33f4b1da78e88b74f01f9e8dbc79468fd3ddc
    • Instruction Fuzzy Hash: 97914863A093CA46EB219F6995443ACBB56ABA67C0F448131CABD073E9EE3DE111C351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F9424, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: e+000$gfff
    • API String ID: 3215553584-3030954782
    • Opcode ID: 99f65d63c4fee04bbf4b03e11efa300556e8319af9f1dac972224b273c518fa0
    • Instruction ID: 5f1b366081aa787b3a404a14c7ed04c7205c33d36d5ac41d6b3fb59892eda354
    • Opcode Fuzzy Hash: 99f65d63c4fee04bbf4b03e11efa300556e8319af9f1dac972224b273c518fa0
    • Instruction Fuzzy Hash: BF514B62B187C546EB259F359841369BB92EBD0B90F888231C7BC87BEADE2DD444C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6F2FD4, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: FileModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\anchorAsjuster_x64.exe
    • API String ID: 3307058713-760163324
    • Opcode ID: 2d4c4b1f5580e3aa0e2996ef6e66e21aff2f71a5fa00ad03c85682e0b499f597
    • Instruction ID: 452bb1d1bf5220de7264dbb291d756e0a851a5c96d5f2f2fdd73e6e858a79bb3
    • Opcode Fuzzy Hash: 2d4c4b1f5580e3aa0e2996ef6e66e21aff2f71a5fa00ad03c85682e0b499f597
    • Instruction Fuzzy Hash: FD418336A08A9685EB14EF25E8400BCB7A5FFC47D4B854036E96D477C5EE3DE44183A0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FB754, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _handle_errorf
    • String ID: "$powf
    • API String ID: 2315412904-603753351
    • Opcode ID: b2af2f20b014646dacddcfc01c9e05fdd9c1dd23ac71afa094eaf007085ec443
    • Instruction ID: 6444b5bd0c3085ec25129c8351534de5670f0e20c1531fa97d0c4356976c1aae
    • Opcode Fuzzy Hash: b2af2f20b014646dacddcfc01c9e05fdd9c1dd23ac71afa094eaf007085ec443
    • Instruction Fuzzy Hash: CA416173D28684DAE370CF22E0807AABBA0F7D9358F101325F769029D9DB7DC5509B50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FB630, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID: _handle_error
    • String ID: "$pow
    • API String ID: 1757819995-713443511
    • Opcode ID: b62c5f13f2b0d528926c9eafe068bc8a0b6b1a509fd00555c16b37540bfbf9e9
    • Instruction ID: 782c7ced6adda5f7566653baa1d69f6d7d6ef7569decc95784e26d3e3e16a4be
    • Opcode Fuzzy Hash: b62c5f13f2b0d528926c9eafe068bc8a0b6b1a509fd00555c16b37540bfbf9e9
    • Instruction Fuzzy Hash: 49316F76D1CAC886D760DF10E44076AFAA1FBDE344F602326F79906A94EB7DD0819F10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7FE6FF210, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetACP.KERNEL32(?,?,000000A0,00007FF7FE6FF4AE,?,?,?,?,?,00007FF7FE6F459C), ref: 00007FF7FE6FF2AE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.640581092.00007FF7FE6E1000.00000020.00020000.sdmp, Offset: 00007FF7FE6E0000, based on PE: true
    • Associated: 00000000.00000002.640577824.00007FF7FE6E0000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640597465.00007FF7FE707000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640607514.00007FF7FE71C000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.640611275.00007FF7FE71F000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640617317.00007FF7FE722000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.640620880.00007FF7FE724000.00000002.00020000.sdmp Download File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7fe6e0000_anchorAsjuster_x64.jbxd
    Similarity
    • API ID:
    • String ID: ACP$OCP
    • API String ID: 0-711371036
    • Opcode ID: 4113e7883a2318e83645ecbe440b6e2a187b727b4ac3f9e966a918965728443c
    • Instruction ID: 9a3d9c11c913fd2d62d6e28a01e8af52f0f83315d2cbca0278cb02ce0856add6
    • Opcode Fuzzy Hash: 4113e7883a2318e83645ecbe440b6e2a187b727b4ac3f9e966a918965728443c
    • Instruction Fuzzy Hash: E0115425A1C6C751FBA4FB91A9805BAF361AFC8780FC44431EE7D426C5EF6CE941C6A0
    Uniqueness

    Uniqueness Score: -1.00%