Create Interactive Tour

Windows Analysis Report Acunetix Crack hide01.ir.exe

Overview

General Information

Sample Name:Acunetix Crack hide01.ir.exe
Analysis ID:469084
MD5:2294bc48d9d14eff3f54c36eeae6ba3b
SHA1:11fb9d30f4fb8300d2528acd1dd3dc341120797c
SHA256:ca7c0c41f92205ac6c8718d021ae53f070a504ba9afc5086426dfbcc8b53f29e
Infos:

Most interesting Screenshot:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Uses 32bit PE files
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Uses code obfuscation techniques (call, push, ret)
Contains functionality to query CPU information (cpuid)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Found large amount of non-executed APIs
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Acunetix Crack hide01.ir.exe (PID: 6600 cmdline: 'C:\Users\user\Desktop\Acunetix Crack hide01.ir.exe' MD5: 2294BC48D9D14EFF3F54C36EEAE6BA3B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: Acunetix Crack hide01.ir.exeVirustotal: Detection: 17%Perma Link
Source: Acunetix Crack hide01.ir.exeReversingLabs: Detection: 17%
Machine Learning detection for sample
Source: Acunetix Crack hide01.ir.exeJoe Sandbox ML: detected
Source: Acunetix Crack hide01.ir.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
Source: Acunetix Crack hide01.ir.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\pentest\Acunetix\Code Virtualizer 2.2.2.0\Crack auto-Pente3ter12\Release\testHarness.pdb11- source: Acunetix Crack hide01.ir.exe
Source: Binary string: c:\gitlab-runner\builds\38aa7087\0\wvs\wvs-desktop\build\temp\scanner-ng\full\bin\wvsc.pdb source: Acunetix Crack hide01.ir.exe
Source: Binary string: D:\pentest\Acunetix\Code Virtualizer 2.2.2.0\Crack auto-Pente3ter12\Release\testHarness.pdb source: Acunetix Crack hide01.ir.exe
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://bxss.me/
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://bxss.me/AcuMonitorAcuSensorlicenceproxyEnabledscanSchemesDetectedDuringLoginenvLogLevelDebugL
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://s.symcd.com06
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/http://schemas.xmlsoap.org/wsdl/soap/%s:%s=
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/type
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdlxhtmlsoapyaml?sdl?htmlhtml(fragment)xmljsonjavascriptstylesheetfeedzi
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://testphp.vulnweb.com
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.acunetix.com/wvs/disc.htm
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.acunetix.com/wvs/disc.htmAcunetix-User-agreement
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.erpx.com/
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.google.com/bot.html)
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.google.com/bot.html)x
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.winimage.com/zLibDll
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: http://www.winimage.com/zLibDllr
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://bxss.me/ng/register
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://bxss.me/ng/registerlicense_info.jsonwa_data.datoffline-activation-certificate.key-----BEGIN
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://erp.acunetix.com/api/key/activate?readonly=false
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://erp.acunetix.com/webactivation/webactivation.asmx
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://erp.acunetix.com/webactivation/webactivation.asmxhttps://erp.acunetix.com/api/key/activate?r
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://www.google.com/search?hl=en&q=testing
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: https://www.google.com/search?hl=en&q=testingimportOnly:
Source: Acunetix Crack hide01.ir.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
Source: Acunetix Crack hide01.ir.exe, 00000002.00000000.218152106.000000000040E000.00000080.00020000.sdmpBinary or memory string: OriginalFilenamePente3ter12.EXEP vs Acunetix Crack hide01.ir.exe
Source: Acunetix Crack hide01.ir.exe, 00000002.00000002.494691689.00000000015F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Acunetix Crack hide01.ir.exe
Source: Acunetix Crack hide01.ir.exeBinary or memory string: OriginalFilenamePente3ter12.EXEP vs Acunetix Crack hide01.ir.exe
Source: Acunetix Crack hide01.ir.exeStatic PE information: Resource name: RB1 type: PE32+ executable (console) x86-64, for MS Windows
Source: Acunetix Crack hide01.ir.exeVirustotal: Detection: 17%
Source: Acunetix Crack hide01.ir.exeReversingLabs: Detection: 17%
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00401C70 FindResourceA,LoadResource,LockResource,SizeofResource,?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z,?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z,_invalid_parameter_noinfo_noreturn,2_2_00401C70
Source: Acunetix Crack hide01.ir.exeBinary or memory string: .vbproj
Source: Acunetix Crack hide01.ir.exeBinary or memory string: .csproj
Source: Acunetix Crack hide01.ir.exeBinary or memory string: Ignoring imported url [?]. Reason: [Maximum content-length Exceeded]Imported Url is not in scope: [?]Imported Url is not valid: [?]. isValid:[?], isExcluded:[?], isFiltered:[?], canHaveInputs:[?], target:[?]Pushed HTTP Request from importer, url: ?:?Pushed HTTP Request from importer, url: ?Imported Url is not valid: [?]. Protocol not supported for importImported Url is not valid: [?] Reason: [Url is malormed]Importing Burp Items file: ?Burp Items import failed: Not a burp item file. Error: [?]Done importing Burp Items file: [?], Requests Parsed: [?], Requests Accepted: [?]Importing csproj file: ? csproj import failed: Not a csproj file. Error: [?]Done importing csproj file: [?], Requests Parsed: [?], Requests Accepted: [?]Done importing Postman Collection file: [?], Requests Parsed: [?], Requests Accepted: [?]Postman Collection import failed: Postman Collection import failed: [?]graphql_endpoint=Importing Burp State file: ?Burp State import failed: Not a Burp State file.Done importing Burp State file: [?], Requests Parsed: [?], Requests Accepted: [?]Importing Har file: ?Har import failed: Not a Har file. Error: [?]Done importing Har file: [?], Requests Parsed: [?], Requests Accepted: [?]Importing Fiddler file: ?Fiddler import failed: Not a Fiddler file. Error: [?]Done importing Fiddler file: [?], Requests Parsed: [?], Requests Accepted: [?]Importing Selenium file: ?Done importing Selenium file: ?Selenium import failedError executing selenium file. Reason : ExitCode [?], ?Importing Business logic file: ?Done importing Business Logic file: ?Business Logic import failedError executing Business Logic file. Reason : ExitCode [?], ?Pushing imported updates.graphql.blr.data.txt.yaml.yml.json.wsdl.wadl.html.side.burp.har.saz.xml.csproj.vbproj? is not a valid import file. Trying to Auto Detect.Auto Detect import failed. File not supported: ?The File does not exist at the specified path: [?]The file was not imported. Maximum File Size of 100MB Exceeded [?]File Import Failed. Maximum File Size of 100MB ExceededText File import failed: Failed to open fileUnable to read file: ?Importing text file: ?Done importing Text file: [?], Requests Parsed: [?], Requests Accepted: [?]Importing Swagger file: ?Done importing Swagger v3 file: ?Not a valid Swagger 3 import file. Trying Swagger 2Done importing Swagger v2 file: ?Not a valid Swagger import file. Trying Swagger GraphQlSwagger Import FailedError importing Swagger file. Reason : ExitCode [?]Importing Wadl file: ?Done importing Wadl file: ?WADL import failedError importing Wadl file. Reason : ExitCode [?], ?Importing GraphQl Schema file: ?Importing GraphQl Json file: ?Done importing GraphQl file: ?GraphQl import failed. Only Json format is accepted for GraphQl SchemaError importing GraphQl file. Reason : ExitCode [?], ?GraphQl import failedImporting Wsdl file: ?Done importing Wsdl file: ?WSDL import failed.Error importing Wsdl file. Reason : ExitCode [?], ?Importing Burp Project file: ?Burp Project import failed.Bu
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: <InstallationDirectory>%s</InstallationDirectory>
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: ui-explorer-start.js
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: no javascript found on ?hash ?already analyzed ?DeepScan session ? for ? messageexplorer-readyjs sink dom-xss-reload-initialization.jsURL with payload: ?__proto__[crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA1&__proto__[crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA2&__proto__.crVsaSZqMnW4EqBoI22emA=crVsaSZqMnW4EqBoI22emA3&constructor.prototype[crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA4&constructor.prototype.crVsaSZqMnW4EqBoI22emA=crVsaSZqMnW4EqBoI22emA5&constructor[prototype][crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA6__proto__[crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA7&__proto__[crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA8&__proto__.crVsaSZqMnW4EqBoI22emA=crVsaSZqMnW4EqBoI22emA9&constructor.prototype[crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA10&constructor.prototype.crVsaSZqMnW4EqBoI22emA=crVsaSZqMnW4EqBoI22emA11&constructor[prototype][crVsaSZqMnW4EqBoI22emA]=crVsaSZqMnW4EqBoI22emA12prototype-pollution-check.jsDeepScan session ? donesetTypeFromString failed : Form Input Kind not recognized: ?DeepScan session ? for ? navigation completeui-explorer-start.jsui-explorerDeepScan session ? initialized on ?ui-explorer-domxss-initialization.jsui-explorer-initialization.jsjavascript:domxssExecutionSink(1,"'\"><xsstag>()locxss")wvstest=#
Source: Acunetix Crack hide01.ir.exeString found in binary or memory: /load <filename>
Source: classification engineClassification label: mal52.winEXE@1/0@0/0
Source: Acunetix Crack hide01.ir.exe, 00000002.00000000.218152106.000000000040E000.00000080.00020000.sdmpBinary or memory string: SELECT * FROM vulnerabilities WHERE subject = ?SELECT id, name FROM operations ORDER BY idSELECT id, source, input, sink, tag, progress FROM reflections ORDER BY idATTACH ? AS sourceDETACH sourceINSERT INTO acumonitor (id, variation, input, data) VALUES (?, ?, ?, ?)BEGIN TRANSACTION;INSERT INTO targets SELECT * FROM source.targetsINSERT INTO locations SELECT * FROM source.locationsINSERT INTO schemes SELECT * FROM source.schemesINSERT INTO variations SELECT * FROM source.variationsINSERT INTO operations SELECT * FROM source.operationsINSERT INTO acumonitor SELECT * FROM source.acumonitorINSERT INTO reflections SELECT * FROM source.reflectionsINSERT INTO vulnerabilities SELECT * FROM source.vulnerabilitiesINSERT INTO counters SELECT * FROM source.countersINSERT INTO scan_data SELECT * FROM source.scan_dataCOMMIT TRANSACTION;INSERT INTO scan_data (id, data) values (?, ?)SELECT data FROM scan_data WHERE id = ?INSERT INTO operations (id, name) VALUES (?, ?)INSERT INTO targets (id, url, base, data) VALUES (?, ?, ?, ?)UPDATE targets SET data = ? WHERE id = ?UPDATE targets SET progress = ? WHERE id = ?INSERT INTO locations (id, target, path, data, origin) VALUES (?, ?, ?, ?, ?)UPDATE locations SET data = ? WHERE id = ?UPDATE locations SET progress = ? WHERE id = ?INSERT INTO schemes(id, location, data, origin) VALUES (?, ?, ?, ?)UPDATE schemes SET progress = ? WHERE id = ?INSERT INTO variations(id, scheme, vals, data, origin) VALUES (?, ?, ?, ?, ?)UPDATE variations SET data = ? WHERE id = ? AND scheme = ?UPDATE variations SET progress = ? WHERE id = ?INSERT INTO reflections (id, source, input, sink, tag) VALUES (?, ?, ?, ?, ?)UPDATE reflections SET progress = ? WHERE id = ?INSERT INTO vulnerabilities (id, location, operation, subject, data) VALUES (?, ?, ?, ?, ?)BEGINCOMMITROLLBACKloaderskip loading operations for pre-seedfailed to load operationfailed to load target idfailed to load root location idfailed to load root pathlocationDatalocationProgressexpecting root locationfailed to load target urlfailed to load target basetargetDatafailed to load target targetDatatargetProgressfailed to load target targetProgressfailed to load targetfailed to load location idexpected targetloriginfailed to load locationschemeDataschemeProgresssoriginexpected locationfailed to load schemevariationDatavalsvariationProgressvoriginfailed to load variationskip loading reflections for pre-seedsourceprogressunable to load reflectionskip counter loading for pre-seed and incrementalunable to load countersubjectunable to load vulnerabilityskip direct loading for pre-seederror while loading: ?[?] state data is emptyload error code: ?x
Source: Acunetix Crack hide01.ir.exe, 00000002.00000000.218152106.000000000040E000.00000080.00020000.sdmpBinary or memory string: SELECT id, object, name, value FROM counters;
Source: Acunetix Crack hide01.ir.exe, 00000002.00000000.218152106.000000000040E000.00000080.00020000.sdmpBinary or memory string: INSERT INTO counters (id, object, name, value) values (?, ?, ?, ?)SELECT id, object, name, value FROM counters;
Source: Acunetix Crack hide01.ir.exeStatic file information: File size 12203008 > 1048576
Source: Acunetix Crack hide01.ir.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xb96e00
Source: Acunetix Crack hide01.ir.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Acunetix Crack hide01.ir.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\pentest\Acunetix\Code Virtualizer 2.2.2.0\Crack auto-Pente3ter12\Release\testHarness.pdb11- source: Acunetix Crack hide01.ir.exe
Source: Binary string: c:\gitlab-runner\builds\38aa7087\0\wvs\wvs-desktop\build\temp\scanner-ng\full\bin\wvsc.pdb source: Acunetix Crack hide01.ir.exe
Source: Binary string: D:\pentest\Acunetix\Code Virtualizer 2.2.2.0\Crack auto-Pente3ter12\Release\testHarness.pdb source: Acunetix Crack hide01.ir.exe
Source: Acunetix Crack hide01.ir.exeStatic PE information: real checksum: 0xba39b5 should be:
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00405198 push ecx; ret 2_2_004051AB
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_004052F4 push ecx; ret 2_2_00405306
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00403870 IsIconic,#890,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#1389,#10986,2_2_00403870
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeAPI coverage: 9.4 %
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00405827 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00405827
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00404405 OutputDebugStringA,GetLastError,2_2_00404405
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00401000 GetProcessHeap,2_2_00401000
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_004059BD SetUnhandledExceptionFilter,2_2_004059BD
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00405827 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00405827
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00405518 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00405518
Source: Acunetix Crack hide01.ir.exe, 00000002.00000002.494788218.00000000019C0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: Acunetix Crack hide01.ir.exe, 00000002.00000002.494788218.00000000019C0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: Acunetix Crack hide01.ir.exe, 00000002.00000002.494788218.00000000019C0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: Acunetix Crack hide01.ir.exe, 00000002.00000002.494788218.00000000019C0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00405A2A cpuid 2_2_00405A2A
Source: C:\Users\user\Desktop\Acunetix Crack hide01.ir.exeCode function: 2_2_00405C0A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00405C0A

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection1Process Injection1OS Credential DumpingSystem Time Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemorySecurity Software Discovery3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 469084 Sample: Acunetix Crack hide01.ir.exe Startdate: 20/08/2021 Architecture: WINDOWS Score: 52 7 Multi AV Scanner detection for submitted file 2->7 9 Machine Learning detection for sample 2->9 5 Acunetix Crack hide01.ir.exe 2->5         started        process3

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand
SourceDetectionScannerLabelLink
Acunetix Crack hide01.ir.exe18%VirustotalBrowse
Acunetix Crack hide01.ir.exe18%ReversingLabsWin32.Malware.Xpirat
Acunetix Crack hide01.ir.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://bxss.me/AcuMonitorAcuSensorlicenceproxyEnabledscanSchemesDetectedDuringLoginenvLogLevelDebugL0%Avira URL Cloudsafe
http://www.erpx.com/0%VirustotalBrowse
http://www.erpx.com/0%Avira URL Cloudsafe
https://bxss.me/ng/registerlicense_info.jsonwa_data.datoffline-activation-certificate.key-----BEGIN0%Avira URL Cloudsafe
http://bxss.me/0%Avira URL Cloudsafe
https://bxss.me/ng/register0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://schemas.xmlsoap.org/wsdl/soap12/http://schemas.xmlsoap.org/wsdl/soap/%s:%s=Acunetix Crack hide01.ir.exefalse
    high
    http://www.acunetix.com/wvs/disc.htmAcunetix Crack hide01.ir.exefalse
      high
      http://www.google.com/bot.html)Acunetix Crack hide01.ir.exefalse
        high
        http://bxss.me/AcuMonitorAcuSensorlicenceproxyEnabledscanSchemesDetectedDuringLoginenvLogLevelDebugLAcunetix Crack hide01.ir.exefalse
        • Avira URL Cloud: safe
        unknown
        http://testphp.vulnweb.comAcunetix Crack hide01.ir.exefalse
          high
          http://schemas.xmlsoap.org/soap/envelope/Acunetix Crack hide01.ir.exefalse
            high
            http://schemas.xmlsoap.org/wsdlxhtmlsoapyaml?sdl?htmlhtml(fragment)xmljsonjavascriptstylesheetfeedziAcunetix Crack hide01.ir.exefalse
              high
              https://erp.acunetix.com/webactivation/webactivation.asmxAcunetix Crack hide01.ir.exefalse
                high
                http://www.google.com/bot.html)xAcunetix Crack hide01.ir.exefalse
                  high
                  https://www.google.com/search?hl=en&q=testingAcunetix Crack hide01.ir.exefalse
                    high
                    http://www.erpx.com/Acunetix Crack hide01.ir.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    unknown
                    http://schemas.xmlsoap.org/wsdl/typeAcunetix Crack hide01.ir.exefalse
                      high
                      http://schemas.xmlsoap.org/wsdl/soap/Acunetix Crack hide01.ir.exefalse
                        high
                        http://www.acunetix.com/wvs/disc.htmAcunetix-User-agreementAcunetix Crack hide01.ir.exefalse
                          high
                          http://www.winimage.com/zLibDllrAcunetix Crack hide01.ir.exefalse
                            high
                            https://bxss.me/ng/registerlicense_info.jsonwa_data.datoffline-activation-certificate.key-----BEGINAcunetix Crack hide01.ir.exefalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.google.com/search?hl=en&q=testingimportOnly:Acunetix Crack hide01.ir.exefalse
                              high
                              http://schemas.xmlsoap.org/wsdl/soap12/Acunetix Crack hide01.ir.exefalse
                                high
                                http://bxss.me/Acunetix Crack hide01.ir.exefalse
                                • Avira URL Cloud: safe
                                unknown
                                https://erp.acunetix.com/webactivation/webactivation.asmxhttps://erp.acunetix.com/api/key/activate?rAcunetix Crack hide01.ir.exefalse
                                  high
                                  http://schemas.xmlsoap.org/wsdl/Acunetix Crack hide01.ir.exefalse
                                    high
                                    http://schemas.xmlsoap.org/wsdlAcunetix Crack hide01.ir.exefalse
                                      high
                                      http://www.winimage.com/zLibDllAcunetix Crack hide01.ir.exefalse
                                        high
                                        https://erp.acunetix.com/api/key/activate?readonly=falseAcunetix Crack hide01.ir.exefalse
                                          high
                                          https://bxss.me/ng/registerAcunetix Crack hide01.ir.exefalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          No contacted IP infos

                                          General Information

                                          Joe Sandbox Version:33.0.0 White Diamond
                                          Analysis ID:469084
                                          Start date:20.08.2021
                                          Start time:21:47:04
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 5m 13s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:Acunetix Crack hide01.ir.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:29
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal52.winEXE@1/0@0/0
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HDC Information:Failed
                                          HCA Information:Failed
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe
                                          Warnings:
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                          • Not all processes where analyzed, report is missing behavior information
                                          No simulations
                                          No context
                                          No context
                                          No context
                                          No context
                                          No context
                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):6.474735988287635
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:Acunetix Crack hide01.ir.exe
                                          File size:12203008
                                          MD5:2294bc48d9d14eff3f54c36eeae6ba3b
                                          SHA1:11fb9d30f4fb8300d2528acd1dd3dc341120797c
                                          SHA256:ca7c0c41f92205ac6c8718d021ae53f070a504ba9afc5086426dfbcc8b53f29e
                                          SHA512:bb3007d0e0a106de63121df7f2e6afa29a5fca097c17877bfa4b08cf672916cd86f35220ff00efcfa62e29f8a0d560b2bc46eacf28af360b97bea9f3c8b2f81d
                                          SSDEEP:98304:xmgmWDfo0LwxzEXAz4kC36BREBETITIJiW1jsCKIRGMc:xmgmWDPUwQzC31BErJi4GMc
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*}\mD.\mD.\mD.U...PmD...E/ZmD...@/QmD...G/_mD...A/|mD.\mE.{lD...E/[mD...A/XmD.....]mD.\m..]mD...F/]mD.Rich\mD................

                                          File Icon

                                          Icon Hash:001e1b333b1b2e00

                                          General

                                          Entrypoint:0x405037
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x611BB753 [Tue Aug 17 13:19:15 2021 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:6
                                          OS Version Minor:0
                                          File Version Major:6
                                          File Version Minor:0
                                          Subsystem Version Major:6
                                          Subsystem Version Minor:0
                                          Import Hash:63f856a2f4d43067338acb3fa97d73ea
                                          Instruction
                                          call 00007FAF88B6EC80h
                                          jmp 00007FAF88B6DE9Ah
                                          jmp 00007FAF88B6E065h
                                          push 0000000Ch
                                          push 0040B808h
                                          call 00007FAF88B6E2C3h
                                          mov byte ptr [ebp-19h], 00000000h
                                          mov ebx, dword ptr [ebp+0Ch]
                                          mov eax, ebx
                                          mov edi, dword ptr [ebp+10h]
                                          imul eax, edi
                                          mov esi, dword ptr [ebp+08h]
                                          add esi, eax
                                          mov dword ptr [ebp+08h], esi
                                          and dword ptr [ebp-04h], 00000000h
                                          mov eax, edi
                                          dec edi
                                          mov dword ptr [ebp+10h], edi
                                          test eax, eax
                                          je 00007FAF88B6E077h
                                          sub esi, ebx
                                          mov dword ptr [ebp+08h], esi
                                          mov ecx, dword ptr [ebp+14h]
                                          call dword ptr [004074CCh]
                                          mov ecx, esi
                                          call dword ptr [ebp+14h]
                                          jmp 00007FAF88B6E043h
                                          mov al, 01h
                                          mov byte ptr [ebp-19h], al
                                          mov dword ptr [ebp-04h], FFFFFFFEh
                                          call 00007FAF88B6E083h
                                          mov ecx, dword ptr [ebp-10h]
                                          mov dword ptr fs:[00000000h], ecx
                                          pop ecx
                                          pop edi
                                          pop esi
                                          pop ebx
                                          leave
                                          retn 0010h
                                          mov edi, dword ptr [ebp+10h]
                                          mov ebx, dword ptr [ebp+0Ch]
                                          mov esi, dword ptr [ebp+08h]
                                          mov al, byte ptr [ebp-19h]
                                          test al, al
                                          jne 00007FAF88B6E06Dh
                                          push dword ptr [ebp+14h]
                                          push edi
                                          push ebx
                                          push esi
                                          call 00007FAF88B6E095h
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          mov esi, dword ptr [ebp+08h]
                                          push edi
                                          mov edi, dword ptr [esi]
                                          cmp dword ptr [edi], E06D7363h
                                          je 00007FAF88B6E068h
                                          pop edi
                                          xor eax, eax
                                          pop esi
                                          pop ebp
                                          ret
                                          call 00007FAF88B6F4B3h
                                          mov dword ptr [eax], edi
                                          mov esi, dword ptr [esi+04h]
                                          call 00007FAF88B6F4AFh
                                          mov dword ptr [eax], esi
                                          call 00007FAF88B6F5AAh
                                          int3
                                          push 00000018h
                                          push 0000B828h
                                          Programming Language:
                                          • [IMP] VS2008 SP1 build 30729
                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb8780x104.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000xb47ff0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xa59c0x54.rdata
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0xa6c80x18.rdata
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa5f00x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x70000x4cc.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x5ddb0x5e00False0.529005984043data6.36112900705IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rdata0x70000x5d900x5e00False0.394406582447data4.7749682156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0xd0000x9b40x600False0.21484375data3.34268100655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .rsrc0xe0000xc4e0000xb96e00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          NameRVASizeTypeLanguageCountry
                                          RB10x100200xb45ad8PE32+ executable (console) x86-64, for MS WindowsEnglishGreat Britain
                                          RB20xb55af80x280ASCII text, with very long lines, with no line terminatorsEnglishGreat Britain
                                          RT_ICON0xe7080x18fdPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                          RT_DIALOG0xe2900x11adataEnglishUnited States
                                          RT_DIALOG0xe3b00x82dataEnglishUnited States
                                          RT_STRING0xb55d780x4adataEnglishUnited States
                                          RT_GROUP_ICON0x100080x14dataEnglishUnited States
                                          RT_VERSION0xe4380x2ccdataEnglishUnited States
                                          RT_MANIFEST0xb55dc80x224XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminatorsEnglishUnited States
                                          DLLImport
                                          mfc140.dll
                                          KERNEL32.dllOutputDebugStringW, GetModuleFileNameA, LoadResource, LockResource, SizeofResource, FindResourceA, DecodePointer, RaiseException, GetLastError, HeapDestroy, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, InitializeCriticalSectionEx, DeleteCriticalSection, OutputDebugStringA, SetLastError, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, GetModuleHandleA, LoadLibraryW, CloseHandle, EnterCriticalSection, LeaveCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetProcAddress, GetModuleHandleW
                                          USER32.dllGetSystemMenu, EnableWindow, DrawIcon, GetClientRect, LoadIconW, SendMessageA, GetSystemMetrics, IsIconic, AppendMenuA, UnregisterClassA
                                          OLEAUT32.dllSysFreeString
                                          MSVCP140.dll??Bid@locale@std@@QAEIXZ, ?_Xout_of_range@std@@YAXPBD@Z, ?_Xlength_error@std@@YAXPBD@Z, ??1_Lockit@std@@QAE@XZ, ??0_Lockit@std@@QAE@H@Z, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ, ?always_noconv@codecvt_base@std@@QBE_NXZ, ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ, ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ, ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ, ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
                                          VCRUNTIME140.dll__std_terminate, __std_exception_copy, __std_exception_destroy, _CxxThrowException, __CxxFrameHandler3, memcpy, memmove, memset, __current_exception, __current_exception_context, _except_handler4_common, __std_type_info_destroy_list
                                          api-ms-win-crt-runtime-l1-1-0.dll_errno, _invalid_parameter_noinfo, _controlfp_s, terminate, _seh_filter_dll, _register_thread_local_exe_atexit_callback, system, _configure_narrow_argv, _exit, exit, _initterm_e, _initterm, _get_narrow_winmain_command_line, _c_exit, _set_app_type, _seh_filter_exe, _cexit, _crt_at_quick_exit, _crt_atexit, _execute_onexit_table, _register_onexit_function, _initialize_onexit_table, _initialize_narrow_environment, _invalid_parameter_noinfo_noreturn
                                          api-ms-win-crt-stdio-l1-1-0.dll__p__commode, ungetc, setvbuf, fwrite, _fseeki64, fsetpos, fread, fputc, fgetpos, fgetc, fflush, fclose, _get_stream_buffer_pointers, _set_fmode
                                          api-ms-win-crt-filesystem-l1-1-0.dll_unlock_file, _lock_file
                                          api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, _recalloc
                                          api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                          api-ms-win-crt-locale-l1-1-0.dll_setmbcp, _configthreadlocale
                                          DescriptionData
                                          LegalCopyrightCopyright (C) 2003
                                          InternalNamePente3ter12
                                          FileVersion1, 0, 0, 1
                                          ProductNamePente3ter12 Application
                                          ProductVersion1, 0, 0, 1
                                          FileDescriptionPente3ter12 MFC Application
                                          OriginalFilenamePente3ter12.EXE
                                          Translation0x0409 0x04b0
                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishGreat Britain
                                          EnglishUnited States

                                          Network Behavior

                                          No network behavior found

                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          050100s020406080100

                                          Click to jump to process

                                          Memory Usage

                                          050100s0.0010203040MB

                                          Click to jump to process

                                          System Behavior

                                          Start time:21:47:59
                                          Start date:20/08/2021
                                          Path:C:\Users\user\Desktop\Acunetix Crack hide01.ir.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\Acunetix Crack hide01.ir.exe'
                                          Imagebase:0x400000
                                          File size:12203008 bytes
                                          MD5 hash:2294BC48D9D14EFF3F54C36EEAE6BA3B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low

                                          Disassembly

                                          Code Analysis

                                          Execution Graph

                                          Execution Coverage

                                          Dynamic/Packed Code Coverage

                                          Signature Coverage

                                          Execution Coverage:4.9%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:6.6%
                                          Total number of Nodes:809
                                          Total number of Limit Nodes:8

                                          Graph

                                          Show Legend
                                          Hide Nodes/Edges
                                          execution_graph 2628 403540 2629 403d18 #3159 2628->2629 2631 404b45 2633 404b4d ___scrt_release_startup_lock 2631->2633 2632 404b6a _seh_filter_dll 2633->2632 2634 406748 2635 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2634->2635 2636 406759 2635->2636 2637 406d49 2638 406d55 __EH_prolog3 2637->2638 2641 404264 2638->2641 2640 406d63 2642 4042c0 2641->2642 2643 404270 2641->2643 2642->2640 2644 4042b2 DeleteCriticalSection 2643->2644 2645 40428b DecodePointer 2643->2645 2646 4042b1 2643->2646 2644->2642 2645->2643 2646->2644 2095 40124b 2100 403ec2 2095->2100 2098 404d92 2 API calls 2099 40125f 2098->2099 2105 403fab memset 2100->2105 2102 403eca 2106 404212 InitializeCriticalSectionAndSpinCount 2102->2106 2105->2102 2107 404221 GetLastError 2106->2107 2108 401255 2106->2108 2107->2108 2108->2098 2110 401850 2111 4018a6 2110->2111 2112 4018d2 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE 2111->2112 2114 4022a0 2111->2114 2115 4022c8 2114->2115 2116 4022aa 2114->2116 2118 4022ca ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 2115->2118 2120 401e60 2116->2120 2118->2112 2119 4022af fclose 2119->2115 2119->2118 2121 401f1c 2120->2121 2122 401e7d 2120->2122 2123 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2121->2123 2122->2121 2124 401e87 2122->2124 2125 401f29 2123->2125 2126 401e94 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD 2124->2126 2127 401f0a 2124->2127 2125->2119 2128 401ed1 2126->2128 2129 401eb2 2126->2129 2130 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2127->2130 2134 401ef3 2128->2134 2135 401edf fwrite 2128->2135 2129->2128 2131 401eb7 2129->2131 2132 401f18 2130->2132 2131->2127 2133 401ebc 2131->2133 2132->2119 2136 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2133->2136 2137 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2134->2137 2135->2127 2135->2134 2138 401ecd 2136->2138 2139 401f06 2137->2139 2138->2119 2139->2119 2647 403150 2648 403170 2647->2648 2649 403162 2647->2649 2651 40317e 2648->2651 2653 4047b3 #1509 2648->2653 2649->2648 2650 403169 HeapDestroy 2649->2650 2650->2648 2653->2651 2654 401150 InitializeCriticalSectionEx 2655 401163 GetLastError 2654->2655 2657 40116d 2654->2657 2655->2657 2656 404d92 2 API calls 2658 401194 2656->2658 2657->2656 2659 403950 2660 403985 #458 #4084 #1109 2659->2660 2661 4039cc #3825 2659->2661 2662 402750 2663 402762 2662->2663 2664 401e60 7 API calls 2663->2664 2668 4027c6 2663->2668 2665 40278d 2664->2665 2666 40279f _fseeki64 2665->2666 2667 4027b2 fgetpos 2665->2667 2665->2668 2666->2667 2666->2668 2667->2668 2140 406456 #1507 2141 406469 2140->2141 1995 404e5a 1999 4059bd SetUnhandledExceptionFilter 1995->1999 1997 404e5f 1998 404e64 _set_new_mode 1997->1998 1999->1997 2143 403260 #1468 2144 403272 2143->2144 2145 403286 2143->2145 2144->2145 2146 403276 #1509 2144->2146 2147 401261 2152 403f39 2147->2152 2150 404d92 2 API calls 2151 401275 2150->2151 2157 403fc2 memset 2152->2157 2154 403f48 2158 404118 2154->2158 2157->2154 2159 404122 2158->2159 2160 40126b 2158->2160 2159->2160 2161 404212 2 API calls 2159->2161 2160->2150 2161->2160 2672 401961 __std_exception_destroy 2677 403f67 memset 2678 405368 2681 4066b1 2678->2681 2682 405376 _except_handler4_common 2681->2682 2000 404e6c 2029 405c57 2000->2029 2002 404e71 ___scrt_is_nonwritable_in_current_image 2033 404ba9 2002->2033 2004 404e89 2005 404fdc 2004->2005 2009 404eb3 2004->2009 2041 405827 IsProcessorFeaturePresent 2005->2041 2007 404fe3 exit 2008 404fe9 _exit 2007->2008 2010 405941 2 API calls 2008->2010 2011 404eb7 _initterm_e 2009->2011 2017 404f00 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 2009->2017 2012 404ff8 _get_narrow_winmain_command_line 2010->2012 2013 404ed2 2011->2013 2014 404ee3 _initterm 2011->2014 2015 406684 #2407 2012->2015 2014->2017 2016 40500e 2015->2016 2018 404f54 2017->2018 2021 404f4c _register_thread_local_exe_atexit_callback 2017->2021 2037 405941 memset GetStartupInfoW 2018->2037 2021->2018 2030 405c6d 2029->2030 2032 405c76 2030->2032 2045 405c0a GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2030->2045 2032->2002 2034 404bb2 2033->2034 2046 405a2a IsProcessorFeaturePresent 2034->2046 2036 404bbe ___scrt_uninitialize_crt 2036->2004 2038 404f59 _get_narrow_winmain_command_line 2037->2038 2039 406684 2038->2039 2040 406699 #2407 2039->2040 2042 40583c ___scrt_fastfail 2041->2042 2043 405848 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2042->2043 2044 405932 ___scrt_fastfail 2043->2044 2044->2007 2045->2032 2047 405a4d 2046->2047 2047->2036 2683 404d6f 2684 404d81 _register_onexit_function 2683->2684 2685 404d7b _crt_at_quick_exit 2683->2685 1971 403870 IsIconic 1972 403894 7 API calls 1971->1972 1973 40391b #10986 1971->1973 1974 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 1972->1974 1978 4047c1 1973->1978 1976 403917 1974->1976 1977 40392d 1979 4047ca 1978->1979 1980 4047cc IsProcessorFeaturePresent 1978->1980 1979->1977 1982 405554 1980->1982 1985 405518 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 1982->1985 1984 405637 1984->1977 1985->1984 2165 401c70 2186 402050 2165->2186 2167 401ce3 FindResourceA LoadResource LockResource SizeofResource 2168 4014a0 2167->2168 2169 401d38 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J 2168->2169 2170 4022a0 9 API calls 2169->2170 2171 401d57 2170->2171 2172 401d75 2171->2172 2173 401d5b ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N 2171->2173 2203 4019f0 2172->2203 2173->2172 2175 401d80 2176 401db1 2175->2176 2177 401e2e _invalid_parameter_noinfo_noreturn 2175->2177 2207 4047b3 #1509 2175->2207 2176->2177 2183 401df3 2176->2183 2208 4047b3 #1509 2176->2208 2180 401e34 2177->2180 2209 4047b3 #1509 2180->2209 2181 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2182 401e55 2181->2182 2183->2177 2183->2180 2185 401e3b 2183->2185 2185->2181 2187 402072 memmove 2186->2187 2188 40209f 2186->2188 2187->2167 2190 4021a1 2188->2190 2193 4020ae 2188->2193 2238 401fc0 ?_Xlength_error@std@@YAXPBD 2190->2238 2192 4021a6 2210 401ff0 2193->2210 2195 4020f5 2196 402174 memcpy memcpy 2195->2196 2197 402115 memcpy memcpy 2195->2197 2196->2167 2198 402142 2197->2198 2199 402152 2197->2199 2198->2199 2200 40216e _invalid_parameter_noinfo_noreturn 2198->2200 2237 4047b3 #1509 2199->2237 2200->2196 2202 40215b 2202->2167 2204 401a46 2203->2204 2205 401a72 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE 2204->2205 2206 4022a0 9 API calls 2204->2206 2205->2175 2206->2205 2207->2176 2208->2183 2209->2185 2211 402026 2210->2211 2212 401ffd 2210->2212 2215 402037 2211->2215 2216 40202a #1507 2211->2216 2213 402004 #1507 2212->2213 2214 40203d 2212->2214 2218 402020 _invalid_parameter_noinfo_noreturn 2213->2218 2219 402013 2213->2219 2239 401f70 2214->2239 2215->2195 2216->2195 2218->2211 2219->2195 2221 40209f 2224 4021a1 2221->2224 2225 4020ae 2221->2225 2223 402072 memmove 2223->2195 2247 401fc0 ?_Xlength_error@std@@YAXPBD 2224->2247 2228 401ff0 5 API calls 2225->2228 2227 4021a6 2229 4020f5 2228->2229 2230 402174 memcpy memcpy 2229->2230 2231 402115 memcpy memcpy 2229->2231 2230->2195 2232 402142 2231->2232 2233 402152 2231->2233 2232->2233 2234 40216e _invalid_parameter_noinfo_noreturn 2232->2234 2246 4047b3 #1509 2233->2246 2234->2230 2236 40215b 2236->2195 2237->2202 2238->2192 2248 401720 2239->2248 2241 401f7e _CxxThrowException 2242 401f90 2241->2242 2243 401f9e _CxxThrowException 2242->2243 2244 401fb7 _unlock_file 2243->2244 2245 401fbf 2243->2245 2244->2245 2245->2221 2245->2223 2246->2236 2247->2227 2248->2241 2690 402d70 2691 402d82 2690->2691 2692 402d9a ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J 2691->2692 2693 402dad 2691->2693 2694 402d88 2691->2694 2695 402dc2 memcpy 2693->2695 2696 402deb 2693->2696 2695->2696 2697 406770 2698 40678c 2697->2698 2699 40677c ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE 2697->2699 2699->2698 2249 401277 2252 40665c #2241 2249->2252 2253 406674 _setmbcp 2252->2253 2254 401283 2252->2254 2253->2254 2701 404b79 2702 404b7e ___scrt_release_startup_lock 2701->2702 2703 404b82 _execute_onexit_table 2702->2703 2704 404b8e 2702->2704 2255 403400 #458 2256 401000 2257 40102c 2256->2257 2258 40101d 2256->2258 2271 40492f EnterCriticalSection 2257->2271 2260 40492f 6 API calls 2258->2260 2270 40102b 2258->2270 2262 401081 2260->2262 2261 401036 2261->2258 2263 401042 GetProcessHeap 2261->2263 2265 404d92 2 API calls 2262->2265 2262->2270 2264 404d92 2 API calls 2263->2264 2266 401068 2264->2266 2268 4010da 2265->2268 2276 4048e5 EnterCriticalSection LeaveCriticalSection 2266->2276 2269 4048e5 5 API calls 2268->2269 2269->2270 2275 404943 2271->2275 2272 404948 LeaveCriticalSection 2272->2261 2275->2272 2281 4049cf 2275->2281 2277 40498d 2276->2277 2278 404998 RtlWakeAllConditionVariable 2277->2278 2279 4049a9 SetEvent ResetEvent 2277->2279 2278->2258 2279->2258 2282 4049f6 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 2281->2282 2283 4049dd SleepConditionVariableCS 2281->2283 2284 404a1a 2282->2284 2283->2284 2284->2275 2286 402a00 2287 402a39 2286->2287 2289 402a91 fgetc 2287->2289 2290 402aa8 fgetc 2287->2290 2300 402a45 2287->2300 2288 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2291 402d0e 2288->2291 2289->2300 2294 402c6c 2290->2294 2296 402ad9 2290->2296 2292 402bd2 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD 2292->2294 2292->2296 2293 402d12 2310 401fc0 ?_Xlength_error@std@@YAXPBD 2293->2310 2295 402cea 2294->2295 2299 402c95 _invalid_parameter_noinfo_noreturn 2294->2299 2294->2300 2303 402cb7 ungetc 2294->2303 2309 4047b3 #1509 2295->2309 2296->2292 2296->2293 2296->2294 2296->2299 2301 402c1e memmove fgetc 2296->2301 2302 401ff0 14 API calls 2296->2302 2304 402bb4 memcpy 2296->2304 2305 402b6e memcpy 2296->2305 2308 4047b3 #1509 2296->2308 2299->2294 2300->2288 2301->2294 2301->2296 2302->2296 2303->2294 2304->2296 2305->2296 2306 402d17 2308->2296 2309->2300 2310->2306 2706 401900 2707 40192f 2706->2707 2708 40190b 2706->2708 2709 401926 2708->2709 2710 401945 _invalid_parameter_noinfo_noreturn 2708->2710 2713 4047b3 #1509 2709->2713 2712 401956 2710->2712 2713->2707 2714 402900 2715 402912 2714->2715 2716 4029c3 2715->2716 2717 40292d setvbuf 2715->2717 2717->2716 2718 402942 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 2717->2718 2719 402958 _get_stream_buffer_pointers 2718->2719 2720 40299e 2718->2720 2719->2720 2721 402300 GetModuleFileNameA 2722 402380 2721->2722 2722->2722 2742 4021b0 2722->2742 2724 4024cc _CxxThrowException 2758 4013b0 ??0_Lockit@std@@QAE@H ??Bid@locale@std@ 2724->2758 2726 402398 2726->2724 2728 4023d9 2726->2728 2727 4024ff ?always_noconv@codecvt_base@std@ 2729 402510 2727->2729 2730 40251d ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 2727->2730 2731 4021b0 17 API calls 2728->2731 2735 402410 2731->2735 2732 402473 2733 402446 2732->2733 2737 4024a5 2732->2737 2739 40249f _invalid_parameter_noinfo_noreturn 2732->2739 2734 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2733->2734 2738 4024c8 2734->2738 2735->2732 2735->2733 2736 40243d 2735->2736 2735->2739 2756 4047b3 #1509 2736->2756 2757 4047b3 #1509 2737->2757 2739->2737 2743 4021c6 memmove 2742->2743 2744 4021ee 2742->2744 2743->2726 2745 402298 2744->2745 2749 401ff0 14 API calls 2744->2749 2771 401fc0 ?_Xlength_error@std@@YAXPBD 2745->2771 2748 40229d 2750 402237 memcpy 2749->2750 2751 402282 2750->2751 2752 40225c 2750->2752 2751->2726 2753 402279 2752->2753 2754 402292 _invalid_parameter_noinfo_noreturn 2752->2754 2770 4047b3 #1509 2753->2770 2754->2745 2756->2733 2757->2733 2759 401417 2758->2759 2760 401470 ??1_Lockit@std@@QAE 2759->2760 2761 40143a ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@ 2759->2761 2760->2727 2761->2760 2762 40148d 2761->2762 2772 401f90 2762->2772 2766 401578 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH 2767 40165d ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N 2766->2767 2768 401597 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ _get_stream_buffer_pointers ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2 2766->2768 2767->2727 2769 4013b0 2 API calls 2768->2769 2769->2767 2770->2751 2771->2748 2777 401780 2772->2777 2774 401f9e _CxxThrowException 2775 401fb7 _unlock_file 2774->2775 2776 401492 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 2774->2776 2775->2776 2776->2766 2776->2767 2777->2774 2778 406d0a 2779 406d16 __EH_prolog3 2778->2779 2780 404264 ~refcount_ptr 2 API calls 2779->2780 2781 406d24 2780->2781 2782 404b0b 2783 404be2 8 API calls 2782->2783 2784 404b12 2783->2784 2314 40640d 2316 406410 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 2314->2316 2315 406432 2316->2315 2318 4047b3 #1509 2316->2318 2318->2316 1986 403310 #2200 1989 403420 #458 #2241 #2210 LoadIconW 1986->1989 1988 403352 #4084 #1109 1989->1988 2324 405010 _set_app_type 2785 405713 IsProcessorFeaturePresent 2786 405727 2785->2786 2789 405518 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2786->2789 2788 405825 2789->2788 2330 405019 2333 405ca5 2330->2333 2332 40501f __p__commode 2333->2332 2334 404a1d 2337 405bfa 2334->2337 2336 404a22 _configure_narrow_argv 2337->2336 2338 406a20 #1044 2790 406b20 2791 406bb0 2790->2791 2793 406b55 2790->2793 2792 406b9b DeleteCriticalSection 2792->2791 2793->2792 2794 406b7f DecodePointer 2793->2794 2794->2793 2342 401224 2347 405f0e 2342->2347 2345 404d92 2 API calls 2346 401238 2345->2346 2355 405f71 memset 2347->2355 2349 405f16 2350 404212 2 API calls 2349->2350 2351 405f3d 2350->2351 2352 405f41 IsDebuggerPresent 2351->2352 2353 40122e 2351->2353 2352->2353 2354 405f4b OutputDebugStringW 2352->2354 2353->2345 2354->2353 2355->2349 2356 40502a 2359 405ca8 2356->2359 2358 40502f _set_fmode 2359->2358 2360 40402b 2363 40413e 2360->2363 2364 40403a 2363->2364 2368 404149 2363->2368 2365 40417b 2387 40423a 2365->2387 2368->2364 2368->2365 2371 404063 2368->2371 2380 404524 2368->2380 2372 40406d 2371->2372 2373 404072 2372->2373 2390 403210 RaiseException 2372->2390 2373->2368 2375 404087 2376 4040e4 SysFreeString 2375->2376 2379 4040bb 2375->2379 2377 4040f0 2376->2377 2376->2379 2391 4047b3 #1509 2377->2391 2379->2368 2382 404530 ___scrt_is_nonwritable_in_current_image 2380->2382 2381 404557 UnregisterClassA 2401 40458f 2381->2401 2382->2381 2392 404405 2382->2392 2385 404578 2385->2368 2388 404242 free 2387->2388 2389 404183 DeleteCriticalSection 2387->2389 2388->2389 2389->2364 2390->2375 2391->2379 2393 404424 2392->2393 2394 404414 OutputDebugStringA 2392->2394 2395 404435 2393->2395 2400 40444b 2393->2400 2409 4045e7 2393->2409 2394->2393 2399 404450 GetLastError 2395->2399 2431 4042ee 2395->2431 2399->2400 2400->2381 2400->2385 2402 404598 2401->2402 2403 4045cd 2402->2403 2404 4045ac GetLastError 2402->2404 2405 4045b6 2402->2405 2403->2385 2404->2405 2406 404376 GetProcAddress 2405->2406 2407 4045c2 2406->2407 2407->2403 2408 4045c6 SetLastError 2407->2408 2408->2403 2411 4045f6 2409->2411 2410 40478f 2410->2395 2411->2410 2435 4044d2 2411->2435 2414 40470f 2414->2410 2416 4042ee GetProcAddress 2414->2416 2418 404751 2416->2418 2418->2410 2447 4043b9 2418->2447 2421 404783 2451 4047a6 2421->2451 2422 40477c LoadLibraryW 2422->2421 2424 404684 GetModuleFileNameW 2424->2410 2425 4046a5 2424->2425 2426 4046b6 2425->2426 2427 4046a9 SetLastError 2425->2427 2443 404331 2426->2443 2427->2410 2430 404702 GetLastError 2430->2414 2432 404310 2431->2432 2433 4042fc 2431->2433 2432->2399 2432->2400 2434 404480 GetProcAddress 2433->2434 2434->2432 2436 4044f4 2435->2436 2437 4044e0 2435->2437 2436->2410 2436->2414 2439 404480 2436->2439 2438 404480 GetProcAddress 2437->2438 2438->2436 2440 4044aa GetProcAddress 2439->2440 2442 404490 2439->2442 2441 4044b6 2440->2441 2441->2410 2441->2424 2442->2440 2442->2441 2444 40433f 2443->2444 2446 404353 2443->2446 2445 404480 GetProcAddress 2444->2445 2445->2446 2446->2414 2446->2430 2448 4043db 2447->2448 2449 4043c7 2447->2449 2448->2421 2448->2422 2450 404480 GetProcAddress 2449->2450 2450->2448 2454 404376 2451->2454 2455 404398 2454->2455 2456 404384 2454->2456 2455->2410 2457 404480 GetProcAddress 2456->2457 2457->2455 2798 403f2d 2801 4041a0 2798->2801 2802 4041a9 GetProcessHeap 2801->2802 2804 4041d7 2801->2804 2803 404d92 2 API calls 2802->2803 2803->2804 2805 404d92 2 API calls 2804->2805 2806 403f35 2804->2806 2805->2806 2464 403230 #993 2458 402830 2459 402851 2458->2459 2460 40286e 2458->2460 2461 401e60 7 API calls 2459->2461 2462 402856 2461->2462 2462->2460 2463 40285a fsetpos 2462->2463 2463->2460 2815 403530 EnableWindow 2816 403130 HeapSize 2817 402530 2818 402560 2817->2818 2819 40254c 2817->2819 2821 402590 2818->2821 2823 402574 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 2818->2823 2820 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2819->2820 2822 40255a 2820->2822 2824 40268a 2821->2824 2829 4025c0 fputc 2821->2829 2830 4025ed ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD 2821->2830 2826 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2823->2826 2825 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2824->2825 2827 40269a 2825->2827 2828 40258a 2826->2828 2832 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2829->2832 2830->2824 2831 402616 2830->2831 2834 40264b 2831->2834 2835 40261b 2831->2835 2833 4025e7 2832->2833 2837 402655 fwrite 2834->2837 2838 402669 2834->2838 2835->2824 2836 402620 2835->2836 2846 401380 fputc 2836->2846 2837->2824 2837->2838 2838->2824 2840 402675 2838->2840 2842 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2840->2842 2841 40262b 2843 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2841->2843 2844 402684 2842->2844 2845 402645 2843->2845 2846->2841 2847 401f30 2848 401f37 _lock_file 2847->2848 2849 401f3f 2847->2849 2848->2849 2850 406730 ??1_Lockit@std@@QAE 2468 406434 2469 40643f std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 2468->2469 2470 40644d 2469->2470 2472 4047b3 #1509 2469->2472 2472->2470 2473 405037 2474 405c57 ___security_init_cookie 4 API calls 2473->2474 2475 40503c 2474->2475 2475->2475 2476 405639 2479 405645 IsProcessorFeaturePresent 2476->2479 2480 405659 2479->2480 2483 405518 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2480->2483 2482 405643 2483->2482 2484 40123a 2485 404d92 2 API calls 2484->2485 2486 401244 2485->2486 2487 405cc0 __std_type_info_destroy_list 2488 4048c1 EnterCriticalSection LeaveCriticalSection 2489 40498d 2488->2489 2490 404998 RtlWakeAllConditionVariable 2489->2490 2491 4049a9 SetEvent ResetEvent 2489->2491 2854 4049c3 LeaveCriticalSection 2493 4042c4 2494 40413e 15 API calls 2493->2494 2495 4042cf 2494->2495 2859 4011c7 2860 403ec2 3 API calls 2859->2860 2861 4011d1 2860->2861 2862 404d92 2 API calls 2861->2862 2863 4011db 2862->2863 2496 4044c8 GetModuleHandleA 2497 4050cb 2498 4050e3 __current_exception __current_exception_context terminate 2497->2498 2499 4050dd 2497->2499 2864 4059cc 2865 405a03 2864->2865 2867 4059de 2864->2867 2866 405a0b __current_exception __current_exception_context terminate 2867->2865 2867->2866 2868 4045ce 2869 404480 GetProcAddress 2868->2869 2870 4045e3 2869->2870 2500 4030d0 2501 4030e6 2500->2501 2502 4030da HeapFree 2500->2502 2502->2501 2503 4042d0 DeleteCriticalSection 2871 4029d0 2872 4029d9 2871->2872 2873 4029f5 2871->2873 2872->2873 2874 4029e5 fflush 2872->2874 2874->2873 2875 4017d0 2876 401802 2875->2876 2877 40182d ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE 2876->2877 2878 4022a0 9 API calls 2876->2878 2878->2877 2879 406bd0 2880 406c7d 2879->2880 2882 406bea 2879->2882 2882->2880 2883 406cac 2882->2883 2884 406c16 UnregisterClassA 2882->2884 2885 406c2d DeleteCriticalSection 2882->2885 2890 403210 RaiseException 2883->2890 2884->2882 2884->2885 2885->2880 2887 406cb8 2888 406ce3 2887->2888 2889 406cdc HeapDestroy 2887->2889 2889->2888 2890->2887 2507 405eda 2508 405efa 2507->2508 2509 405eef EnterCriticalSection 2507->2509 2509->2508 2510 4012e0 2511 401f70 Concurrency::cancel_current_task 2510->2511 2512 4012f1 #1507 2510->2512 2515 401f7e _CxxThrowException 2511->2515 2513 401300 2512->2513 2514 40130b _invalid_parameter_noinfo_noreturn 2512->2514 2514->2511 2516 401f90 2515->2516 2517 401f9e _CxxThrowException 2516->2517 2518 401fb7 _unlock_file 2517->2518 2519 401fbf 2517->2519 2518->2519 2521 404ae0 2522 404ae5 ___scrt_release_startup_lock 2521->2522 2523 404af0 2522->2523 2524 404ae9 2522->2524 2526 404af5 _configure_narrow_argv 2523->2526 2525 405a2a IsProcessorFeaturePresent 2524->2525 2527 404aee 2525->2527 2528 404b00 2526->2528 2529 404b03 _initialize_narrow_environment 2526->2529 2529->2527 2909 4061ef EnterCriticalSection 2910 40623a LeaveCriticalSection 2909->2910 2912 40620f 2909->2912 2913 40622f 2912->2913 2914 40622d 2912->2914 2916 405fce 2912->2916 2921 4061a1 2913->2921 2914->2910 2917 405fd8 2916->2917 2919 405fdd 2917->2919 2925 403210 RaiseException 2917->2925 2919->2912 2920 405ff2 2922 4061d6 2921->2922 2923 4061af 2921->2923 2922->2914 2923->2922 2926 406267 2923->2926 2925->2920 2927 406272 2926->2927 2928 4062ac 2926->2928 2929 406278 _errno 2927->2929 2931 40628f 2927->2931 2936 4060a8 2928->2936 2930 40627f _invalid_parameter_noinfo 2929->2930 2930->2928 2933 406294 _errno 2931->2933 2934 40629d memmove 2931->2934 2933->2930 2934->2928 2937 4060c6 2936->2937 2940 4060b2 2936->2940 2937->2922 2939 4060e2 2940->2937 2941 4060e3 2940->2941 2948 403210 RaiseException 2941->2948 2943 406103 EnterCriticalSection 2944 406126 LeaveCriticalSection 2943->2944 2945 40611d 2943->2945 2944->2939 2945->2944 2947 405fce RaiseException 2945->2947 2947->2944 2948->2943 2539 4030f0 2540 403105 2539->2540 2541 4030fa 2539->2541 2542 403118 HeapReAlloc 2540->2542 2543 40310c 2540->2543 2544 4010f0 InitializeCriticalSectionEx 2545 401103 GetLastError 2544->2545 2546 40112c 2544->2546 2548 40110d 2545->2548 2547 404d92 2 API calls 2546->2547 2549 401140 2547->2549 2548->2546 2550 401119 2548->2550 2551 404d92 2 API calls 2550->2551 2552 40112a 2551->2552 2949 4031f0 InitializeCriticalSectionEx 2950 403ff2 2951 404264 ~refcount_ptr 2 API calls 2950->2951 2952 404019 2951->2952 2048 4047fc 2059 404823 InitializeCriticalSectionAndSpinCount GetModuleHandleW 2048->2059 2050 404801 2070 404be2 2050->2070 2052 404808 2053 40481b 2052->2053 2054 40480d 2052->2054 2056 405827 ___scrt_fastfail 6 API calls 2053->2056 2080 404d92 2054->2080 2058 404822 2056->2058 2060 404846 GetModuleHandleW 2059->2060 2061 404857 GetProcAddress GetProcAddress 2059->2061 2060->2061 2062 40489d 2060->2062 2063 404875 2061->2063 2064 404887 CreateEventW 2061->2064 2066 405827 ___scrt_fastfail 6 API calls 2062->2066 2063->2064 2065 404879 2063->2065 2064->2062 2064->2065 2065->2050 2067 4048a4 DeleteCriticalSection 2066->2067 2068 4048c0 2067->2068 2069 4048b9 CloseHandle 2067->2069 2068->2050 2069->2068 2071 404bf2 2070->2071 2072 404bee 2070->2072 2073 404bff ___scrt_release_startup_lock 2071->2073 2074 404c61 2071->2074 2072->2052 2077 404c0c _initialize_onexit_table 2073->2077 2078 404c2a 2073->2078 2075 405827 ___scrt_fastfail 6 API calls 2074->2075 2076 404c68 2075->2076 2077->2078 2079 404c1b _initialize_onexit_table 2077->2079 2078->2052 2079->2078 2083 404d42 2080->2083 2084 404d51 _crt_atexit 2083->2084 2085 404d58 _register_onexit_function 2083->2085 2086 404817 2084->2086 2085->2086 2961 401b80 2962 401b92 2961->2962 2963 401b9a 2961->2963 2965 4047b3 #1509 2962->2965 2965->2963 2966 404981 EnterCriticalSection 2564 40688a 2565 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2564->2565 2566 40689e 2565->2566 2567 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 2566->2567 2568 4068a8 2567->2568 2967 40678d ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE 1990 403790 #10421 GetSystemMenu #4869 1991 403821 SendMessageA SendMessageA 1990->1991 1992 4037d4 #316 #8426 1990->1992 1993 403818 #1044 1992->1993 1994 4037f8 AppendMenuA AppendMenuA 1992->1994 1993->1991 1994->1993 2569 401290 2570 4012c8 2569->2570 2571 40129d 2569->2571 2572 401f70 Concurrency::cancel_current_task 2571->2572 2573 4012a8 #1507 2571->2573 2576 401f7e _CxxThrowException 2572->2576 2574 4012c2 _invalid_parameter_noinfo_noreturn 2573->2574 2575 4012b7 2573->2575 2574->2570 2577 401f90 2576->2577 2578 401f9e _CxxThrowException 2577->2578 2579 401fb7 _unlock_file 2578->2579 2580 401fbf 2578->2580 2579->2580 2969 403192 2970 4031ba 2969->2970 2971 4031ac 2969->2971 2971->2970 2972 4031b3 HeapDestroy 2971->2972 2972->2970 2976 405f94 2977 405fa9 2976->2977 2978 405f9d LeaveCriticalSection 2976->2978 2978->2977 2979 404f97 _seh_filter_exe 2980 406799 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE 2584 4016a0 __std_exception_copy 2585 4026a0 2586 4026b3 2585->2586 2587 4026f3 ungetc 2586->2587 2588 4026c7 2586->2588 2587->2588 2589 402ea0 2590 402ec5 2589->2590 2591 402eaf ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J 2589->2591 2592 402f66 2590->2592 2593 402f41 2590->2593 2594 402f17 memcpy 2590->2594 2593->2592 2595 402f53 fwrite 2593->2595 2594->2592 2594->2593 2595->2592 2985 4011a0 #993 2986 404d92 2 API calls 2985->2986 2987 4011c0 2986->2987 2596 401aa3 2597 401b50 2596->2597 2598 4019f0 12 API calls 2597->2598 2599 401b5e 2598->2599 2600 401b6f 2599->2600 2602 4047b3 #1509 2599->2602 2602->2600 2989 404da7 _set_app_type 3013 405ca8 2989->3013 2991 404db4 _set_fmode 3014 405ca5 2991->3014 2993 404dbf __p__commode 2994 404be2 8 API calls 2993->2994 2997 404dcf __RTC_Initialize 2994->2997 2995 405827 ___scrt_fastfail 6 API calls 2996 404e51 2995->2996 2998 404d92 2 API calls 2997->2998 3011 404e3b 2997->3011 2999 404de8 2998->2999 3000 404ded _configure_narrow_argv 2999->3000 3001 404df9 3000->3001 3000->3011 3015 405cb4 InitializeSListHead 3001->3015 3003 404dfe 3004 404e12 3003->3004 3005 404e07 __setusermatherr 3003->3005 3016 405ccf _controlfp_s 3004->3016 3005->3004 3007 404e21 3008 404e26 _configthreadlocale 3007->3008 3009 404e32 3008->3009 3010 404e36 _initialize_narrow_environment 3009->3010 3009->3011 3010->3011 3011->2995 3012 404e49 3011->3012 3013->2991 3014->2993 3015->3003 3017 405ce7 3016->3017 3018 405ce8 3016->3018 3017->3007 3019 405827 ___scrt_fastfail 6 API calls 3018->3019 3020 405cef 3019->3020 3021 404fab 3032 40597a GetModuleHandleW 3021->3032 3024 404fb7 3026 404fbd _c_exit 3024->3026 3028 404fc2 3024->3028 3025 404fe9 _exit 3027 405941 2 API calls 3025->3027 3026->3028 3029 404ff8 _get_narrow_winmain_command_line 3027->3029 3030 406684 #2407 3029->3030 3031 40500e 3030->3031 3033 404fb3 3032->3033 3033->3024 3033->3025 3034 405fab 3035 406184 3034->3035 3036 406197 3035->3036 3037 40618c free 3035->3037 3037->3036 3038 4051ad 3039 4047c1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 3038->3039 3040 4051b8 3039->3040 3040->3040 2603 4030b0 HeapAlloc 2604 4034b0 #1109 2605 4034c2 2604->2605 2606 4034d6 2604->2606 2605->2606 2607 4034c6 #1509 2605->2607 2608 401ab0 2609 401ae9 2608->2609 2610 401b14 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE 2609->2610 2613 4022a0 9 API calls 2609->2613 2611 401b22 2610->2611 2612 401b2a 2610->2612 2615 4047b3 #1509 2611->2615 2613->2610 2615->2612 3042 401bb0 __std_exception_destroy 3043 401bce 3042->3043 3045 401bd6 3042->3045 3046 4047b3 #1509 3043->3046 3046->3045 3047 405fb0 DeleteCriticalSection 3048 406184 3047->3048 3049 406197 3048->3049 3050 40618c free 3048->3050 3050->3049 2616 4062b8 2617 4062c3 2616->2617 2618 4062ff 2616->2618 2619 4062c9 _errno 2617->2619 2621 4062e2 2617->2621 2620 4062d0 _invalid_parameter_noinfo 2619->2620 2620->2618 2622 4062f0 memmove 2621->2622 2623 4062e7 _errno 2621->2623 2622->2618 2623->2620 2627 4044be GetModuleHandleW

                                          Executed Functions

                                          Control-flow Graph

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: MetricsSystem$#10986#1389#890ClientDrawIconIconicMessageRectSend
                                          • String ID:
                                          • API String ID: 2720873900-0
                                          • Opcode ID: eb1ba14b2b3c25c6411a88392428986b9504ceeb116aaa075cef2a86f6cb3ec2
                                          • Instruction ID: 5fbd10595e9f302a5ea278b534e07bc0b0a0ac655db298f03f51462b35883581
                                          • Opcode Fuzzy Hash: eb1ba14b2b3c25c6411a88392428986b9504ceeb116aaa075cef2a86f6cb3ec2
                                          • Instruction Fuzzy Hash: 1C219331A00209ABCF00DFB9DE49AAE7F79EF48711F140279F909BB291DA30AD10CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 82 4059bd-4059c8 SetUnhandledExceptionFilter
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNELBASE(004059CC,00404E5F), ref: 004059C2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 0690d0c42bad7ef8455ef3a3f1e4083816929df63e6129eb85b2375e9e303b53
                                          • Instruction ID: 8ccf0d54636d9a418f19b370bd956dbc75fe3d2af771c8c52dddb1caa8f40343
                                          • Opcode Fuzzy Hash: 0690d0c42bad7ef8455ef3a3f1e4083816929df63e6129eb85b2375e9e303b53
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0040D5D8,00000FA0,?,?,00404801), ref: 0040482F
                                          • GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,00404801), ref: 0040483A
                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00404801), ref: 0040484B
                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0040485D
                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0040486B
                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00404801), ref: 0040488E
                                          • ___scrt_fastfail.LIBCMT ref: 0040489F
                                          • DeleteCriticalSection.KERNEL32(0040D5D8,00000007,?,?,00404801), ref: 004048AA
                                          • CloseHandle.KERNEL32(00000000,?,?,00404801), ref: 004048BA
                                          Strings
                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00404835
                                          • kernel32.dll, xrefs: 00404846
                                          • SleepConditionVariableCS, xrefs: 00404857
                                          • WakeAllConditionVariable, xrefs: 00404863
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                          • API String ID: 3578986977-3242537097
                                          • Opcode ID: 009a58c96eb2fce8b805c660f3732a794719423489fac010815a1558162b82d9
                                          • Instruction ID: fa0d6dccac49b94f0612fb643aa22b788ed0ec8a6492434cb27b820dc4b8bcc4
                                          • Opcode Fuzzy Hash: 009a58c96eb2fce8b805c660f3732a794719423489fac010815a1558162b82d9
                                          • Instruction Fuzzy Hash: DA01B5B6E44311BFD6202BA4AE0DF173A989B80B44F144636FD05F62D0DB7C9804867E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • ___security_init_cookie.LIBCMT ref: 00404E6C
                                            • Part of subcall function 00405C57: ___get_entropy.LIBCMT ref: 00405C71
                                          • _initterm_e.API-MS-WIN-CRT-RUNTIME-L1-1-0(004074FC,0040750C,0040B7E8,00000014), ref: 00404EC7
                                          • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0(004074D4,004074F8,0040B7E8,00000014), ref: 00404EED
                                          • ___scrt_release_startup_lock.LIBCMT ref: 00404F08
                                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00404F1C
                                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00404F42
                                          • _register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,0040B7E8,00000014), ref: 00404F4E
                                          • _get_narrow_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0(0040B7E8,00000014), ref: 00404F5C
                                          • _cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00400000,00000000,00000000,00000000,0040B7E8,00000014), ref: 00404F7D
                                          • ___scrt_uninitialize_crt.LIBCMT ref: 00404F85
                                          • ___scrt_fastfail.LIBCMT ref: 00404FDE
                                          • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000007,0040B7E8,00000014), ref: 00404FE4
                                          • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000007,0040B7E8,00000014), ref: 00404FEC
                                          • _get_narrow_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000007,0040B7E8,00000014), ref: 00404FFB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: ___scrt_is_nonwritable_in_current_image_get_narrow_winmain_command_line$___get_entropy___scrt_fastfail___scrt_release_startup_lock___scrt_uninitialize_crt___security_init_cookie_cexit_exit_initterm_initterm_e_register_thread_local_exe_atexit_callbackexit
                                          • String ID:
                                          • API String ID: 4166439046-0
                                          • Opcode ID: 2f7ada767efe17366c8cf64d946b964c49e5330e1dbe4fd81687b979e92daa01
                                          • Instruction ID: 00189c90895c262b3b3cbdeeda64969c3a7d952cb92ac10e33478fa2db970769
                                          • Opcode Fuzzy Hash: 2f7ada767efe17366c8cf64d946b964c49e5330e1dbe4fd81687b979e92daa01
                                          • Instruction Fuzzy Hash: D2310BB16486526AEB247776AC02B9F2750CFC172CF21043FFA417B2C2CE3E49419A6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • #10421.MFC140(76CED5C8,?,?,?,?,?,00406A2E,000000FF), ref: 004037B8
                                          • GetSystemMenu.USER32(?,00000000,76CED5C8,?,?,?,?,?,00406A2E,000000FF), ref: 004037C2
                                          • #4869.MFC140(00000000,?,?,?,?,?,00406A2E,000000FF), ref: 004037C9
                                          • #316.MFC140(00000000,?,?,?,?,?,00406A2E,000000FF), ref: 004037D7
                                          • #8426.MFC140(00000065,?,?,?,?,?,00406A2E,000000FF), ref: 004037E9
                                          • AppendMenuA.USER32 ref: 0040380A
                                          • AppendMenuA.USER32 ref: 00403816
                                          • #1044.MFC140(?,?,?,?,?,00406A2E,000000FF), ref: 0040381B
                                          • SendMessageA.USER32(?,00000080,00000001,?), ref: 00403837
                                          • SendMessageA.USER32(?,00000080,00000000,?), ref: 00403849
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: Menu$AppendMessageSend$#10421#1044#316#4869#8426System
                                          • String ID:
                                          • API String ID: 4049145640-0
                                          • Opcode ID: 6f79f96a7491734976c94ece805835435975763102389942edbe09276b883059
                                          • Instruction ID: 079111bf623b5eeef453859221d2f371226850e2a9917a5d9357c540bb4c3fe3
                                          • Opcode Fuzzy Hash: 6f79f96a7491734976c94ece805835435975763102389942edbe09276b883059
                                          • Instruction Fuzzy Hash: 9221C032A44204BFEB109F90CC45F99BB78FB08710F00853AFA057A2E0DBB57810CB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 78 403420-403494 #458 #2241 #2210 LoadIconW
                                          APIs
                                          • #458.MFC140(00000066,R3@,76CED5C8,?,?,00000000,004069BD,000000FF,?,00403352,00000000), ref: 0040344E
                                          • #2241.MFC140(00000066,R3@,76CED5C8,?,?,00000000,004069BD,000000FF,?,00403352,00000000), ref: 00403460
                                          • #2210.MFC140(00000085,0000000E,00000085,00000066,R3@,76CED5C8,?,?,00000000,004069BD,000000FF,?,00403352,00000000), ref: 00403471
                                          • LoadIconW.USER32 ref: 00403477
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: #2210#2241#458IconLoad
                                          • String ID: R3@
                                          • API String ID: 2622852959-315492204
                                          • Opcode ID: 761b6bea45f29bcb4ccbd9651b03cbd6e0103ac337c7a65ebcffed57348f92af
                                          • Instruction ID: b8b14889086f8257d626bd17db73b5404e5db48ae2447d000089df0f29e59e48
                                          • Opcode Fuzzy Hash: 761b6bea45f29bcb4ccbd9651b03cbd6e0103ac337c7a65ebcffed57348f92af
                                          • Instruction Fuzzy Hash: 2DF0AF71A44608ABD3109F94DC06F5ABBACEB08B15F00862FB954B73C0DBB965008B94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 79 403310-403385 #2200 call 403420 #4084 #1109
                                          APIs
                                          • #2200.MFC140(00000000,76CED5C8), ref: 0040333D
                                            • Part of subcall function 00403420: #458.MFC140(00000066,R3@,76CED5C8,?,?,00000000,004069BD,000000FF,?,00403352,00000000), ref: 0040344E
                                            • Part of subcall function 00403420: #2241.MFC140(00000066,R3@,76CED5C8,?,?,00000000,004069BD,000000FF,?,00403352,00000000), ref: 00403460
                                            • Part of subcall function 00403420: #2210.MFC140(00000085,0000000E,00000085,00000066,R3@,76CED5C8,?,?,00000000,004069BD,000000FF,?,00403352,00000000), ref: 00403471
                                            • Part of subcall function 00403420: LoadIconW.USER32 ref: 00403477
                                          • #4084.MFC140(00000000), ref: 00403364
                                          • #1109.MFC140(00000000), ref: 0040336F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: #1109#2200#2210#2241#4084#458IconLoad
                                          • String ID:
                                          • API String ID: 3009388206-0
                                          • Opcode ID: adef47e73c76ab32542d62da0d3532ff4955c47dfb2c30ebe12426a92339de13
                                          • Instruction ID: 44264528bc0f685e49f789450068982745c97a64ebc0e510cf24ffe32982a299
                                          • Opcode Fuzzy Hash: adef47e73c76ab32542d62da0d3532ff4955c47dfb2c30ebe12426a92339de13
                                          • Instruction Fuzzy Hash: FAF0C271A042089BD710EF65DC02F99B7F8FB08714F0006BFE819E36C0EB786A088A95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00402050: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,76CED5C8), ref: 00402088
                                          • FindResourceA.KERNEL32(00000000,?,?), ref: 00401CF6
                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00401D01
                                          • LockResource.KERNEL32(00000000), ref: 00401D08
                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00401D13
                                          • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z.MSVCP140(00000000,00000000,00000000,?,00000020,00000040,00000001), ref: 00401D46
                                            • Part of subcall function 004022A0: fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,0040182D), ref: 004022BB
                                            • Part of subcall function 004022A0: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140(?,?,0040182D), ref: 004022D4
                                          • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000), ref: 00401D6F
                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00401E2E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: Resource$D@std@@@std@@U?$char_traits@$?setstate@?$basic_ios@?write@?$basic_ostream@FindInit@?$basic_streambuf@LoadLockSizeofV12@_invalid_parameter_noinfo_noreturnfclosememmove
                                          • String ID: C:\
                                          • API String ID: 281878356-3404278061
                                          • Opcode ID: bf398f5bccf1d08e6f1f255adcc462aedfb55227184751227cfbf8d3aa6d25e6
                                          • Instruction ID: 7cce860eb5be294cbbe3584ab9d3d784a75c8f1ad27e28044307057db2431415
                                          • Opcode Fuzzy Hash: bf398f5bccf1d08e6f1f255adcc462aedfb55227184751227cfbf8d3aa6d25e6
                                          • Instruction Fuzzy Hash: 5951E571A001089FDB14CF64CE49BDE7BB5EF49314F10426AF809B72D1D778AA84CBA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,?,00404553,00000000,0040B708,00000010,00404175,?,?,00000000,?,?,?,?,0040403A), ref: 00404419
                                          • GetLastError.KERNEL32(?,?,?,00404553,00000000,0040B708,00000010,00404175,?,?,00000000,?,?,?,?,0040403A), ref: 00404450
                                          Strings
                                          • IsolationAware function called after IsolationAwareCleanup, xrefs: 00404414
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: DebugErrorLastOutputString
                                          • String ID: IsolationAware function called after IsolationAwareCleanup
                                          • API String ID: 4132100945-2690750368
                                          • Opcode ID: ea2f8ab615f3e80e8f15516194b9abe19ac08b8cbd1bff14fb1cd1ace7ca6ac1
                                          • Instruction ID: b4c1bb5ce236ad722e8c50a69ac6766b4325d44b142f360f85e60610428d55b4
                                          • Opcode Fuzzy Hash: ea2f8ab615f3e80e8f15516194b9abe19ac08b8cbd1bff14fb1cd1ace7ca6ac1
                                          • Instruction Fuzzy Hash: 90F0AFF9A002305ACB282BA9AE00B2B32849B85749314013BFF40F27E4D73CDC42869E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • GetProcessHeap.KERNEL32 ref: 00401042
                                            • Part of subcall function 0040492F: EnterCriticalSection.KERNEL32(0040D5D8,?,?,?,00401036,0040D434), ref: 0040493A
                                            • Part of subcall function 0040492F: LeaveCriticalSection.KERNEL32(0040D5D8,?,?,?,00401036,0040D434), ref: 00404977
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterHeapLeaveProcess
                                          • String ID: 0w@$dv@
                                          • API String ID: 3078152068-351066985
                                          • Opcode ID: 872e02a61cf688d45b5221cc7c14aec81dc5dd2c62fbddb51d8b0d663f92773d
                                          • Instruction ID: 702fd375abf220a371556405939efc25721b2baf8906ad6a0f8b2c13bfad67ae
                                          • Opcode Fuzzy Hash: 872e02a61cf688d45b5221cc7c14aec81dc5dd2c62fbddb51d8b0d663f92773d
                                          • Instruction Fuzzy Hash: 5A113DB5D002409AD310AFE8AE45B4537A0A744318F90453AE549762E3C37C348C9B5E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00405A40
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: FeaturePresentProcessor
                                          • String ID:
                                          • API String ID: 2325560087-0
                                          • Opcode ID: a06f782cee42f12e66af35e798fd2eb90a388e01467f37b7fd56b4fd8e9ce002
                                          • Instruction ID: f7b94a20982afbff8bc935b367182443e7f17a4d37bc880a104faf3fbf144273
                                          • Opcode Fuzzy Hash: a06f782cee42f12e66af35e798fd2eb90a388e01467f37b7fd56b4fd8e9ce002
                                          • Instruction Fuzzy Hash: 4C5138B1E016058BDB24CFA8E981BABBBF0FB48314F24853AD405FB391D378A9458F54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,76CED5C8), ref: 004013DD
                                          • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 004013F8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: ??0_Bid@locale@std@@Lockit@std@@
                                          • String ID:
                                          • API String ID: 1071990091-0
                                          • Opcode ID: 296f95ebfa1ab5e639ce94ac063085f1326cc7b3c81a955799a0bdbcba84c475
                                          • Instruction ID: 9f385fd40af4a97e3445bb3c835d074aa9af66cb4dda9d9418d0b258aeeae61f
                                          • Opcode Fuzzy Hash: 296f95ebfa1ab5e639ce94ac063085f1326cc7b3c81a955799a0bdbcba84c475
                                          • Instruction Fuzzy Hash: 66716E74A04259EFD710CF68DD48B9ABBF8FB08314F00812AE819A7790D775B914CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 130 4045e7-404604 call 405310 133 40460a-404611 130->133 134 40478f-404791 130->134 133->134 136 404617-404636 call 4044d2 133->136 135 404792-4047a3 134->135 136->135 139 40463c-404644 136->139 140 40464a-404662 call 404480 139->140 141 40473f-404753 call 4042ee 139->141 140->135 146 404668-40467e 140->146 141->134 147 404755-40477a call 4043b9 141->147 146->135 155 404684-40469f GetModuleFileNameW 146->155 151 404783-40478a call 4047a6 147->151 152 40477c-40477d LoadLibraryW 147->152 151->134 152->151 155->135 156 4046a5-4046a7 155->156 157 4046b6-404700 call 404331 156->157 158 4046a9-4046b1 SetLastError 156->158 161 404702-40470d GetLastError 157->161 162 404735 157->162 158->135 163 40472d-40472f 161->163 164 40470f-404714 161->164 162->141 163->162 164->163 165 404716-40471b 164->165 165->163 166 40471d-404722 165->166 166->163 167 404724-404727 166->167 167->163 168 404729-40472b 167->168 168->135 168->163
                                          APIs
                                          • LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 0040477D
                                            • Part of subcall function 00404480: GetProcAddress.KERNEL32(00000000,?), ref: 004044AE
                                          • GetModuleFileNameW.KERNEL32(?,?,00000105,?,00404553,00000000,0040B708,00000010,00404175,?,?,00000000), ref: 00404697
                                          • SetLastError.KERNEL32(0000006F,?,00404553,00000000,0040B708,00000010,00404175,?,?,00000000,?,?,?,?,0040403A), ref: 004046AB
                                          • GetLastError.KERNEL32(00000020), ref: 00404702
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
                                          • String ID: $@$Comctl32.dll$GetModuleHandleExW
                                          • API String ID: 3640817601-4183358198
                                          • Opcode ID: 5a671efeb1c8f117f751d67e49d8edc4844b14dc6b364c93802a5c490592107c
                                          • Instruction ID: a474dc96c9e399332fd4083144230c206b9ce65b8d0a97a140d610ff77e426c6
                                          • Opcode Fuzzy Hash: 5a671efeb1c8f117f751d67e49d8edc4844b14dc6b364c93802a5c490592107c
                                          • Instruction Fuzzy Hash: 9841A8B1D002146ADB309B549D88B9F77B8AB85754F1006BBEA04F32D0D77C8D84CF59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 169 402a00-402a37 170 402a39-402a43 169->170 171 402a5c-402a60 169->171 170->171 172 402a45-402a57 170->172 173 402a62-402a65 171->173 174 402a6a-402a72 171->174 175 402cf6-402d11 call 4047c1 172->175 173->175 176 402a74-402a86 174->176 177 402a88-402a8f 174->177 176->177 179 402a91-402a9e fgetc 177->179 180 402aa8-402ad3 fgetc 177->180 179->173 184 402aa0-402aa3 179->184 181 402ad9 180->181 182 402c6c 180->182 185 402ae0-402aeb 181->185 186 402c6f-402c75 182->186 184->175 187 402b0d-402b17 185->187 188 402aed-402b08 185->188 189 402cf4 186->189 190 402c77-402c83 186->190 192 402d12-402d2a call 401fc0 187->192 193 402b1d-402b29 187->193 191 402bd2-402c08 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z 188->191 189->175 194 402c85-402c93 190->194 195 402cea-402cf1 call 4047b3 190->195 191->182 196 402c0a-402c0d 191->196 213 402d3c-402d49 192->213 214 402d2c-402d35 192->214 197 402b32-402b3f 193->197 198 402b2b-402b30 193->198 194->195 201 402c95 _invalid_parameter_noinfo_noreturn 194->201 195->189 202 402c13-402c1c 196->202 203 402cd5-402cd8 196->203 206 402b41-402b46 197->206 207 402b48-402b4d 197->207 204 402b50-402b6c call 401ff0 198->204 209 402c9b-402caf 201->209 202->209 211 402c1e-402c66 memmove fgetc 202->211 203->182 210 402cda-402ce8 203->210 222 402bb4-402bc7 memcpy 204->222 223 402b6e-402b90 memcpy 204->223 206->204 207->204 215 402cb1 209->215 216 402ccf-402cd3 209->216 210->186 211->182 211->185 224 402d50-402d5c 213->224 225 402d4b-402d4f 213->225 214->213 217 402d37-402d3b 214->217 218 402cb7-402cc8 ungetc 215->218 216->186 218->216 220 402cca-402ccd 218->220 220->218 226 402bcc-402bcf 222->226 227 402b92-402ba0 223->227 228 402ba8-402bb2 call 4047b3 223->228 226->191 227->201 230 402ba6 227->230 228->226 230->228
                                          APIs
                                          • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 00402A92
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: fgetc
                                          • String ID:
                                          • API String ID: 2807381905-0
                                          • Opcode ID: 6f228bc06f1c14b0f8de99a2320280913c5655277722f2b30b1922661266494e
                                          • Instruction ID: 9601eb3dbfd03ee1b9ada04b16206df185dddb366346a135616a59366fe3b972
                                          • Opcode Fuzzy Hash: 6f228bc06f1c14b0f8de99a2320280913c5655277722f2b30b1922661266494e
                                          • Instruction Fuzzy Hash: 59B1B071A041199FCB14CF68D988AAEBBF5FF49320F24027AE811B77C1D774A945CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000002), ref: 00404DAA
                                          • _set_fmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000002), ref: 00404DB5
                                          • __p__commode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000002), ref: 00404DC1
                                          • __RTC_Initialize.LIBCMT ref: 00404DD9
                                          • _configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00405D63), ref: 00404DEE
                                            • Part of subcall function 00405CB4: InitializeSListHead.KERNEL32(0040D950,00404DFE), ref: 00405CB9
                                          • __setusermatherr.API-MS-WIN-CRT-MATH-L1-1-0(00405CA2), ref: 00404E0C
                                          • _configthreadlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(00000000), ref: 00404E27
                                          • _initialize_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00404E36
                                          • ___scrt_fastfail.LIBCMT ref: 00404E4C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: Initialize$HeadList___scrt_fastfail__p__commode__setusermatherr_configthreadlocale_configure_narrow_argv_initialize_narrow_environment_set_app_type_set_fmode
                                          • String ID:
                                          • API String ID: 1979175733-0
                                          • Opcode ID: 75aeec16b8e52dc9d572db6a0a6a1aa8adbbf0139afbc467bcd3594819351d00
                                          • Instruction ID: d6c04ffa53518ceee4b6dc3108ae12f59da7186c211293852a44e303f4199d9e
                                          • Opcode Fuzzy Hash: 75aeec16b8e52dc9d572db6a0a6a1aa8adbbf0139afbc467bcd3594819351d00
                                          • Instruction Fuzzy Hash: D8014BA0549F1224E92037F3590BA1F1648DF9076CF15487FBA06BA2C3DD3D84101DBE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 276 402050-402070 277 402072-40207d 276->277 278 40209f-4020a8 276->278 279 402081-40209c memmove 277->279 280 40207f 277->280 281 4021a1-4021a6 call 401fc0 278->281 282 4020ae-4020ba 278->282 280->279 284 4020c3-4020d4 282->284 285 4020bc-4020c1 282->285 288 4020d6-4020db 284->288 289 4020dd-4020e4 284->289 287 4020e7-402113 call 401ff0 285->287 292 402174-40219e memcpy * 2 287->292 293 402115-402140 memcpy * 2 287->293 288->287 289->287 294 402142-402150 293->294 295 402154-40216b call 4047b3 293->295 296 402152 294->296 297 40216e _invalid_parameter_noinfo_noreturn 294->297 296->295 297->292
                                          APIs
                                          • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,76CED5C8), ref: 00402088
                                          • memcpy.VCRUNTIME140(00000000,?,76CED5C8,?,?,?,?,?,76CED5C8), ref: 0040211C
                                          • memcpy.VCRUNTIME140(76CED5C8,?,76CED5C8,00000000,?,76CED5C8,?,?,?,?,?,76CED5C8), ref: 00402128
                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,76CED5C8), ref: 0040216E
                                          • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,76CED5C8), ref: 00402177
                                          • memcpy.VCRUNTIME140(76CED5C8,?,76CED5C8,00000000,?,?,?,?,?,?,?,76CED5C8), ref: 00402183
                                            • Part of subcall function 00401FC0: ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(string too long,004021A6,?,?,?,?,76CED5C8), ref: 00401FC5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: memcpy$Xlength_error@std@@_invalid_parameter_noinfo_noreturnmemmove
                                          • String ID:
                                          • API String ID: 1596515511-0
                                          • Opcode ID: f5d6533d689418250c540b82f30421e7b975e69949b98c868ab937d0586d25e4
                                          • Instruction ID: 8800d74b18acca607fb57ee351a0fe67b8754418196dda8e51bdb0d8b3f51382
                                          • Opcode Fuzzy Hash: f5d6533d689418250c540b82f30421e7b975e69949b98c868ab937d0586d25e4
                                          • Instruction Fuzzy Hash: 9D41E131A00105AFCB04DF68DD809AEBBE5FF45324B10823AF929EB3C1D7759A50CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 300 402300-40237f GetModuleFileNameA 301 402380-402385 300->301 301->301 302 402387-40239e call 4021b0 301->302 305 4023a0 302->305 306 4023a2-4023a7 302->306 305->306 307 4024cc-40250e _CxxThrowException call 4013b0 ?always_noconv@codecvt_base@std@@QBE_NXZ 306->307 308 4023ad-4023bd 306->308 315 402510-40251a 307->315 316 40251d-40252b ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ 307->316 310 4023ce-4023d3 308->310 311 4023bf 308->311 310->307 314 4023d9-4023ff 310->314 313 4023c0-4023c2 311->313 313->307 317 4023c8-4023cc 313->317 318 402401 314->318 319 402403-402418 call 4021b0 314->319 317->310 317->313 318->319 322 402473-40247c 319->322 323 40241a-402420 319->323 326 40247e-40248d 322->326 327 4024af-4024cb call 4047c1 322->327 324 402422-40242b 323->324 325 402449-402471 323->325 329 40242d-40243b 324->329 330 40243f-402446 call 4047b3 324->330 325->327 331 4024a5-4024ac call 4047b3 326->331 332 40248f-40249d 326->332 334 40243d 329->334 335 40249f _invalid_parameter_noinfo_noreturn 329->335 330->325 331->327 332->331 332->335 334->330 335->331
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000080,76CED5C8), ref: 00402370
                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 0040249F
                                          • _CxxThrowException.VCRUNTIME140(?,0040B580,?,?), ref: 004024E2
                                          • ?always_noconv@codecvt_base@std@@QBE_NXZ.MSVCP140 ref: 00402506
                                          • ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140 ref: 00402522
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: ?always_noconv@codecvt_base@std@@D@std@@@std@@ExceptionFileInit@?$basic_streambuf@ModuleNameThrowU?$char_traits@_invalid_parameter_noinfo_noreturn
                                          • String ID:
                                          • API String ID: 1357239006-0
                                          • Opcode ID: 582945e6ccd164591dc722e0c025d6c01199bc59634c3eb7d007d5d8e3d719e6
                                          • Instruction ID: 89360add78631064236c5621999381dd7af68d131450b2a034a89cebbb7cc7a3
                                          • Opcode Fuzzy Hash: 582945e6ccd164591dc722e0c025d6c01199bc59634c3eb7d007d5d8e3d719e6
                                          • Instruction Fuzzy Hash: 95512971A003149FDB24CF28CE487AEB7B5EF41314F1046BEE449A76C1D7B969848B59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 340 401ff0-401ffb 341 402026-402028 340->341 342 401ffd-402002 340->342 345 402037-40203a 341->345 346 40202a-402034 #1507 341->346 343 402004-402011 #1507 342->343 344 40203d-402070 call 401f70 342->344 348 402020 _invalid_parameter_noinfo_noreturn 343->348 349 402013-40201d 343->349 352 402072-40207d 344->352 353 40209f-4020a8 344->353 348->341 354 402081-40209c memmove 352->354 355 40207f 352->355 356 4021a1-4021a6 call 401fc0 353->356 357 4020ae-4020ba 353->357 355->354 359 4020c3-4020d4 357->359 360 4020bc-4020c1 357->360 363 4020d6-4020db 359->363 364 4020dd-4020e4 359->364 362 4020e7-402113 call 401ff0 360->362 367 402174-40219e memcpy * 2 362->367 368 402115-402140 memcpy * 2 362->368 363->362 364->362 369 402142-402150 368->369 370 402154-40216b call 4047b3 368->370 371 402152 369->371 372 40216e _invalid_parameter_noinfo_noreturn 369->372 371->370 372->367
                                          APIs
                                          • #1507.MFC140(?,?,00402237,?,?,?,76CED5C8,?,?,?,?,?,?,76CED5C8), ref: 00402005
                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,76CED5C8), ref: 00402020
                                          • #1507.MFC140(?,?,00402237,?,?,?,76CED5C8,?,?,?,?,?,?,76CED5C8), ref: 0040202B
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0040203D
                                          • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,76CED5C8), ref: 00402088
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: #1507$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemmove
                                          • String ID:
                                          • API String ID: 3314831366-0
                                          • Opcode ID: 5dd3f1d7f91ea868b2ab01af634cd7844cc850710782b667fe6afde8f020c51d
                                          • Instruction ID: 8ff8a419df328b6e8f28fb5bf92be58b3c21c9c36001ca60734f6db7f430bbf2
                                          • Opcode Fuzzy Hash: 5dd3f1d7f91ea868b2ab01af634cd7844cc850710782b667fe6afde8f020c51d
                                          • Instruction Fuzzy Hash: D71134B26002055BC304EF69998596BB7EDFF64350B04413BF908D3381E776E960C7A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • EnterCriticalSection.KERNEL32(0040D5D8,?,?,004010E4,0040D454,00406CF0), ref: 004048EF
                                          • LeaveCriticalSection.KERNEL32(0040D5D8,?,?,004010E4,0040D454,00406CF0), ref: 00404922
                                          • RtlWakeAllConditionVariable.NTDLL ref: 004049A5
                                          • SetEvent.KERNEL32(?,004010E4,0040D454,00406CF0), ref: 004049AF
                                          • ResetEvent.KERNEL32(?,004010E4,0040D454,00406CF0), ref: 004049BB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                          • String ID:
                                          • API String ID: 3916383385-0
                                          • Opcode ID: 02ac452349478c4edba7286862b605d6c85ae9ca0b0218b55139462369eac16e
                                          • Instruction ID: 5bf1989dc4960a8e929aa9b10a6cdb4e9a743c9bf7077c5a194ddc00a49b4a07
                                          • Opcode Fuzzy Hash: 02ac452349478c4edba7286862b605d6c85ae9ca0b0218b55139462369eac16e
                                          • Instruction Fuzzy Hash: 92016D71D08210EFC7149FA8FF589957BA4EB49305B01417AE906B3360CB346805CBAD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00401A75
                                          • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00401A7E
                                          • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00401A86
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: D@std@@@std@@U?$char_traits@$??1?$basic_ios@??1?$basic_ostream@??1?$basic_streambuf@
                                          • String ID: u@
                                          • API String ID: 4286870943-3232061631
                                          • Opcode ID: 38fbf6dd3820c6004570a926cc1590d489922457f0c04c628dcf238e63d43236
                                          • Instruction ID: be6ec9498c582d4ce4f56c3367e3081e5c75a789a5e6bab6361a2bea6fb0195f
                                          • Opcode Fuzzy Hash: 38fbf6dd3820c6004570a926cc1590d489922457f0c04c628dcf238e63d43236
                                          • Instruction Fuzzy Hash: BB216A71A08246DFC705CF19D988BA9FBF8FB49318F00817AE4069B7A0D735AA55CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __current_exception.VCRUNTIME140 ref: 00405A0B
                                          • __current_exception_context.VCRUNTIME140 ref: 00405A15
                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00405A1C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: __current_exception__current_exception_contextterminate
                                          • String ID: csm
                                          • API String ID: 2542180945-1018135373
                                          • Opcode ID: 0753420919c2c0fb32d4f66998104de059ade96f0b680c36001fe9a8586f38c7
                                          • Instruction ID: cac591ad5daa88a400c5004e4e43d748e74f6760ef75d0f6f583501014eccde5
                                          • Opcode Fuzzy Hash: 0753420919c2c0fb32d4f66998104de059ade96f0b680c36001fe9a8586f38c7
                                          • Instruction Fuzzy Hash: 4DF082321106145BCB305E2AA58401FB76CEE10721395593BD446AB790C778EDA2CEE9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __current_exception.VCRUNTIME140 ref: 004050E3
                                          • __current_exception_context.VCRUNTIME140 ref: 004050ED
                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004050F4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: __current_exception__current_exception_contextterminate
                                          • String ID: csm
                                          • API String ID: 2542180945-1018135373
                                          • Opcode ID: de051b424fda549c14f0ce6aa89fb4a645a5271ff2a46f3bd2661cf3eb5ef4fa
                                          • Instruction ID: 93893149e76fe953d4ea84258e0fdb5db2cd4e79f615aa28cc3460995c3691ab
                                          • Opcode Fuzzy Hash: de051b424fda549c14f0ce6aa89fb4a645a5271ff2a46f3bd2661cf3eb5ef4fa
                                          • Instruction Fuzzy Hash: B6D01237000124AFC7106F5EE80144AF7A8EE41764356087BE545BB351D779BD518BD9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __current_exception.VCRUNTIME140 ref: 0040516D
                                          • __current_exception_context.VCRUNTIME140 ref: 0040517D
                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00405184
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: __current_exception__current_exception_contextterminate
                                          • String ID: csm
                                          • API String ID: 2542180945-1018135373
                                          • Opcode ID: 901249c606907c37b1c63c4668dea5ecae2ec847036bdd3e6e1058bda3c111b5
                                          • Instruction ID: 1886ac1bfe01b7ac3a520cd837536b6c73715b1b668ed8f9ebeec016bcddf319
                                          • Opcode Fuzzy Hash: 901249c606907c37b1c63c4668dea5ecae2ec847036bdd3e6e1058bda3c111b5
                                          • Instruction Fuzzy Hash: FDF09B78E002298FCF04DF98D580AAEBBB0BF08300F46406AE411BB361D739AC01CF69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 00402574
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: D@std@@@std@@Pninc@?$basic_streambuf@U?$char_traits@
                                          • String ID:
                                          • API String ID: 3551493264-0
                                          • Opcode ID: 3e0223457f730b4c8263063a676c3cf5b5591f122a6e42ff448dd77a26bc58c7
                                          • Instruction ID: b082947e9a1f1e19557febf33bc929f26b6717c26e95599b6cbb4882937c9df5
                                          • Opcode Fuzzy Hash: 3e0223457f730b4c8263063a676c3cf5b5591f122a6e42ff448dd77a26bc58c7
                                          • Instruction Fuzzy Hash: B241B4726001089FCB10CF68D9859AEB7F8FB59324B10467FE906E32C0DA32A914CB68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • #1507.MFC140(?), ref: 004012F2
                                          • _CxxThrowException.VCRUNTIME140(?,0040B4D4), ref: 00401F87
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: #1507ExceptionThrow
                                          • String ID:
                                          • API String ID: 1627329046-0
                                          • Opcode ID: fa60f47fc453cb9deed5e9705b3535e2289bb70d3d6063c9f9470dd8f5b36b41
                                          • Instruction ID: 77513c2eb3f98250a62c2cbd38b5cb95951dae4e72942f051908b7c53326245f
                                          • Opcode Fuzzy Hash: fa60f47fc453cb9deed5e9705b3535e2289bb70d3d6063c9f9470dd8f5b36b41
                                          • Instruction Fuzzy Hash: 7F01D47880420C67CB18BBE1DC4694D73ACD904304B10097ABA11AB6D1EB38FA098699
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: #1109#3825#4084#458
                                          • String ID:
                                          • API String ID: 1685927354-0
                                          • Opcode ID: 8aa5585db6299c7a8fd377e1dc6e590ebe50718507c2cd57f0900ea9acb4d751
                                          • Instruction ID: eb9777ed581faf91c6bc695fb6ecf7ff249bc1ee74810e39b686856a6e18d09f
                                          • Opcode Fuzzy Hash: 8aa5585db6299c7a8fd377e1dc6e590ebe50718507c2cd57f0900ea9acb4d751
                                          • Instruction Fuzzy Hash: 4E01D4329082489BD720EF54D942B58BB74EB05B04F0041BEE815B37C1DB385B088A09
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,004061D6,?,?,?,?), ref: 00406278
                                          • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,004061D6,?,?,?,?), ref: 00406282
                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,004061D6,?,?,?,?), ref: 00406294
                                          • memmove.VCRUNTIME140(00000000,00000000,?,?,?,004061D6,?,?,?,?), ref: 004062A4
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: _errno$_invalid_parameter_noinfomemmove
                                          • String ID:
                                          • API String ID: 351588475-0
                                          • Opcode ID: 3f0c572c7a5bca3d88bd1c535934515f25c028cade13dd16a0aa196fc1efbbb2
                                          • Instruction ID: 44de71d197a6177a043eab511639f78734aa58b1e1e32468475165b3b0ffcb43
                                          • Opcode Fuzzy Hash: 3f0c572c7a5bca3d88bd1c535934515f25c028cade13dd16a0aa196fc1efbbb2
                                          • Instruction Fuzzy Hash: 86F0EC31100209AACF207E959C02BAA37989F12748F02447FFD0A751C0D6BE99B086AE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • SleepConditionVariableCS.KERNELBASE(?,00404954,00000064), ref: 004049F2
                                          • LeaveCriticalSection.KERNEL32(0040D5D8,?,?,00404954,00000064,?,?,?,00401036,0040D434), ref: 004049FC
                                          • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00404954,00000064,?,?,?,00401036,0040D434), ref: 00404A0D
                                          • EnterCriticalSection.KERNEL32(0040D5D8,?,00404954,00000064,?,?,?,00401036,0040D434), ref: 00404A14
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                          • String ID:
                                          • API String ID: 3269011525-0
                                          • Opcode ID: aac76832f278c41e36e1bd0708d2e9a6feab16dd80efd0ad3eeb88c6dac21a3b
                                          • Instruction ID: 6894afe452066c765e5fbcc4f7b67d2d5ab3cf497b63880f9a07193dff676751
                                          • Opcode Fuzzy Hash: aac76832f278c41e36e1bd0708d2e9a6feab16dd80efd0ad3eeb88c6dac21a3b
                                          • Instruction Fuzzy Hash: BCE01232D85224BBC7211FA4ED09B9A3E18EB44755B144132FE0A762A08B7569059BEE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 004018D5
                                          • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 004018DE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: D@std@@@std@@U?$char_traits@$??1?$basic_ostream@??1?$basic_streambuf@
                                          • String ID: u@
                                          • API String ID: 3334500376-3232061631
                                          • Opcode ID: c26c5bcb1c803613ac77b4818a7b541712bcc05b5d7a02826e837822c770d6dd
                                          • Instruction ID: 0055e0aecb8a9c5efe488676205c14a64d7030a3a532f5b63063095c85ffdd70
                                          • Opcode Fuzzy Hash: c26c5bcb1c803613ac77b4818a7b541712bcc05b5d7a02826e837822c770d6dd
                                          • Instruction Fuzzy Hash: C2215B71A08246DFC705CF1AD988B99FBF4FB09314F00857AE406977A0D734AA59CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                            • Part of subcall function 00405F71: memset.VCRUNTIME140(0040D97C,00000000,00000018,?,0040D968,00405F16,?,0040122E), ref: 00405F7E
                                            • Part of subcall function 00404212: InitializeCriticalSectionAndSpinCount.KERNEL32(0040D014,00000000,0040D004,00403EEA,?,?,?,004011D1), ref: 00404217
                                            • Part of subcall function 00404212: GetLastError.KERNEL32(?,?,?,004011D1), ref: 00404221
                                          • IsDebuggerPresent.KERNEL32(?,?,?,0040122E), ref: 00405F41
                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040122E), ref: 00405F50
                                          Strings
                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00405F4B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.486685777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000002.00000002.486609754.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486708298.0000000000407000.00000002.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486727011.000000000040D000.00000004.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.486744341.000000000040E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494058817.0000000000E0E000.00000080.00020000.sdmp Download File
                                          • Associated: 00000002.00000002.494140713.0000000000EA7000.00000080.00020000.sdmp Download File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Acunetix Crack hide01.jbxd
                                          Similarity
                                          • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinStringmemset
                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                          • API String ID: 1128651283-631824599
                                          • Opcode ID: 09b98f2a66a8116fc8d041532293f655b3223c58a7a65d2d1bc52e57bade6276
                                          • Instruction ID: c60acafd1d41fba1e8a16909252f1ea16ae21f51fa1dcca947c2c73742b8b893
                                          • Opcode Fuzzy Hash: 09b98f2a66a8116fc8d041532293f655b3223c58a7a65d2d1bc52e57bade6276
                                          • Instruction Fuzzy Hash: A3E0ED706047118BD360AF65E9047437AE4AB14748F10897EE996F76D0D7BCE448CFAA
                                          Uniqueness

                                          Uniqueness Score: -1.00%