Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
iexplore.exe

Overview

General Information

Sample Name:iexplore.exe
Analysis ID:614265
MD5:cfe2e6942ac1b72981b3105e22d3224e
SHA1:8088e72e4ac09d5677fe4339f7823eeba445fb41
SHA256:3aa971f794df79ec6e7d22a4d3b4f3eac1dfe8a8192601445baeffdf994e23e2
Tags:exe
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

PE file contains strange resources
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Binary contains a suspicious time stamp
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to search for IE or Outlook window (often done to steal information)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • iexplore.exe (PID: 6340 cmdline: "C:\Users\user\Desktop\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection
  • Stealing of Sensitive Information

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: iexplore.exeStatic PE information: certificate valid
Source: iexplore.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: Binary string: iexplore.pdbUGP source: iexplore.exe
Source: Binary string: iexplore.pdb source: iexplore.exe
Source: iexplore.exe, 00000000.00000003.264135400.0000017EC2E31000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000000.00000002.266185408.0000017EC2E32000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000000.00000002.266100701.0000017EC2E0F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000000.00000003.265292136.0000017EC2E0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: iexplore.exe, 00000000.00000003.263423694.0000017EC2E3E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000000.00000003.265245559.0000017EC2E3E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000000.00000002.266203074.0000017EC2E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comted
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: iexplore.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\iexplore.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\iexplore.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Users\user\Desktop\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFE7AE82E40A504E27.TMPJump to behavior
Source: iexplore.exeString found in binary or memory: -startmanager
Source: iexplore.exeString found in binary or memory: kernelbase.dllRaiseFailFastExceptionwilonecore\internal\sdk\inc\wil\opensource\wil\resource.hWilError_03ntdll.dllRtlDisownModuleHeapAllocationRtlRegisterFeatureConfigurationChangeNotificationRtlUnregisterFeatureConfigurationChangeNotificationRtlNotifyFeatureUsageNtQueryWnfStateDataNtUpdateWnfStateDataRtlSubscribeWnfStateChangeNotificationRtlUnsubscribeWnfNotificationWaitForCompletiononecore\internal\sdk\inc\wil\Staging.hWilStaging_02SCODEF:CREDAT:-newtabIEFrame{28fb17e0-d393-439d-9a21-9474a070473a} -eval-new-nowaitkernel32.dllSetSearchPathModeInternet Explorer-ResetDestinationListResetDestinationList-embedding-startmanagerTerminateOnShutdownSoftware\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exeLocal\SM0:%d:%d:%hsm
Source: iexplore.exeString found in binary or memory: Application-Addon-Event-ProviderOPCOT
Source: classification engineClassification label: clean3.winEXE@1/2@0/0
Source: C:\Users\user\Desktop\iexplore.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: initial sampleStatic PE information: Valid certificate with Microsoft Issuer
Source: iexplore.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: iexplore.exeStatic PE information: certificate valid
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: iexplore.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: iexplore.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: iexplore.pdbUGP source: iexplore.exe
Source: Binary string: iexplore.pdb source: iexplore.exe
Source: iexplore.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: iexplore.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: iexplore.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: iexplore.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: iexplore.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: iexplore.exeStatic PE information: section name: .didat
Source: iexplore.exeStatic PE information: 0x84C9557A [Sun Aug 5 13:45:30 2040 UTC]
Source: C:\Users\user\Desktop\iexplore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: iexplore.exe, 00000000.00000002.265961834.0000017EC2DBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C16B0 InitializeCriticalSection,#798,CoCreateGuid,IsDebuggerPresent,#796,#797,#701,GetModuleHandleW,GetProcAddress,SetDllDirectoryW,SetErrorMode,GetCommandLineW,wcsncmp,LocalAlloc,StrStrIW,StrStrIW,StrStrIW,HeapSetInformation,#791,SetCurrentProcessExplicitAppUserModelID,StrStrIW,StrStrIW,FindWindowExW,GetWindowThreadProcessId,AllowSetForegroundWindow,StrStrIW,wcsncmp,iswspace,iswspace,iswspace,iswspace,wcsncmp,#796,StrStrIW,LocalFree,#650,#650,DeleteCriticalSection,RegGetValueW,GetCurrentProcess,TerminateProcess,0_2_00007FF7E18C16B0
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C422C GetProcessHeap,HeapAlloc,GetProcessHeap,0_2_00007FF7E18C422C
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C21C0 DelayLoadFailureHook,LdrResolveDelayLoadedAPI,0_2_00007FF7E18C21C0
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C2B90 SetUnhandledExceptionFilter,0_2_00007FF7E18C2B90
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C28C4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7E18C28C4
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C2D64 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,0_2_00007FF7E18C2D64
Source: C:\Users\user\Desktop\iexplore.exeCode function: 0_2_00007FF7E18C16B0 InitializeCriticalSection,#798,CoCreateGuid,IsDebuggerPresent,#796,#797,#701,GetModuleHandleW,GetProcAddress,SetDllDirectoryW,SetErrorMode,GetCommandLineW,wcsncmp,LocalAlloc,StrStrIW,StrStrIW,StrStrIW,HeapSetInformation,#791,SetCurrentProcessExplicitAppUserModelID,StrStrIW,StrStrIW,FindWindowExW,GetWindowThreadProcessId,AllowSetForegroundWindow,StrStrIW,wcsncmp,iswspace,iswspace,iswspace,iswspace,wcsncmp,#796,StrStrIW,LocalFree,#650,#650,DeleteCriticalSection,RegGetValueW,GetCurrentProcess,TerminateProcess,0_2_00007FF7E18C16B0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		Path InterceptionPath Interception1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Email Collection		Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Timestomp		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 614265 Sample: iexplore.exe Startdate: 23/04/2022 Architecture: WINDOWS Score: 3 4 iexplore.exe 3 59 2->4         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
iexplore.exe0%VirustotalBrowse
iexplore.exe0%MetadefenderBrowse
iexplore.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:614265
Start date and time: 23/04/202207:38:092022-04-23 07:38:09 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 2m 43s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:iexplore.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean3.winEXE@1/2@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 100% (good quality ratio 57.9%)
  • Quality average: 41%
  • Quality standard deviation: 40%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 6
  • Number of non-executed functions: 13
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Adjust boot time
  • Enable AMSI
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe
  • Excluded IPs from analysis (whitelisted): 20.82.209.183, 23.205.181.161
  • Excluded domains from analysis (whitelisted): e11290.dspg.akamaiedge.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, go.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, arc.trafficmanager.net, arc.msn.com
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27154F2B-C313-11EC-90EA-ECF4BB862DED}.dat

Download File
Process:C:\Users\user\Desktop\iexplore.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):5120
Entropy (8bit):2.0203607430207846
Encrypted:false
SSDEEP:24:roGo/QKX4EGo/uX4f4879lWLpza9lWLpz:roGo4KXZGomX6bCLpzjLpz
MD5:D2216E2EB2DBB310BFE9E603B8CE8B64
SHA1:74AD833EF3A79AA35B2F572CDAA9FD5825D4003D
SHA-256:300D44E01788BD5F3D63ACD5251D0C5EF5E7E5DD601915C3514E1F45E3E853B1
SHA-512:4F65983B8B73B26480BAD37B0D79D9E3A383302992AECA0CD06014D38ECC37F34240E6CCF3E23A409FFD0471C0FCB97928E1B838D704A91BAA1360F4D3826A09
Malicious:false
Reputation:low
Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................R..W................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t.......................................................................................................0.......O._.T.S.L.E.8.V.J.x.P.D.7.B.G.Q.6.u.z.0.u.4.Y.t.7.Q.=.=.........:.......................................

C:\Users\user\AppData\Local\Temp\~DFE7AE82E40A504E27.TMP

Download File
Process:C:\Users\user\Desktop\iexplore.exe
File Type:data
Category:dropped
Size (bytes):16384
Entropy (8bit):0.06972600651735868
Encrypted:false
SSDEEP:3:WmeXezollV//ll6hCu5lclllv/nt+lybltll1lRslkhlEkllLBeXexKwbXeZ:WBvP/KEu7UFAlkxDkf0
MD5:BBD536EB3B9A204AE4D772457A6366D2
SHA1:97B91D0C64EA22696DEE66E71ED535946588A000
SHA-256:DABA85F4E0B352E9F7A81B0B39ECAD28192ED0AA9BD0A2C0CDCFBAED564E4DAB
SHA-512:39C0FB42A5BAABF8DE02BBDEA7AC82BB7F1433EA2C0E202FEEEE9E9DC325B73351E1285C3BA4B5381AB9D35BC3F6830D5AC48C8CFEF3EC87BB59A243F6B7B8A8
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.499091086326622
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:iexplore.exe
File size:834512
MD5:cfe2e6942ac1b72981b3105e22d3224e
SHA1:8088e72e4ac09d5677fe4339f7823eeba445fb41
SHA256:3aa971f794df79ec6e7d22a4d3b4f3eac1dfe8a8192601445baeffdf994e23e2
SHA512:6685d24b4700c3f8c691412fe0dbbe2fd45067331d82cd5117b12544b94ab0311a2c92e4efc6f86f5e900be925329fffcbee778697d9b8dde7ee35a475a45da2
SSDEEP:24576:rVe+4lGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMM+:rVfMMHMMMvMMZMMMlmMMMiMMMYJMMHM7
TLSH:36056C42F7C8D495E0B706318933C7658672FC659E20866F3199771E2E723C36AB2E1B
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ea.....L...L...L.xdL...L.k.M...L.k.M...L.k.M...L.k.M...L...L...L.k.M...L.k.L...L.k.M...LRich...L................PE..d...zU.....

File Icon

Icon Hash:e1e8ccdecccdf136

Static PE Info

General

Entrypoint:0x140002870
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:0x84C9557A [Sun Aug 5 13:45:30 2040 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:10
OS Version Minor:0
File Version Major:10
File Version Minor:0
Subsystem Version Major:10
Subsystem Version Minor:0
Import Hash:7534c642bdcb1528e25e71d0ce72d8bb

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 9/2/2021 11:25:59 AM 9/1/2022 11:25:59 AM
Subject Chain
  • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:3
Thumbprint MD5:E73EC761B09149A464F35E6532127D08
Thumbprint SHA-1:44796EB5BD439B4BFB078E1DC2F8345AE313CBB1
Thumbprint SHA-256:DE1C6B5E2219ED317E08701A91F86D41BEFA9E055693FDE97BE0B3132DB6A52B
Serial:330000043A75E52F9E0B29981E00000000043A
Instruction
dec eax
sub esp, 28h
call 00007F63AD160D60h
dec eax
add esp, 28h
jmp 00007F63AD1605F3h
int3
int3
int3
int3
int3
int3
jmp dword ptr [00007C22h]
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
cmp ecx, dword ptr [0000A821h]
jne 00007F63AD160882h
dec eax
rol ecx, 10h
test cx, FFFFh
jne 00007F63AD160873h
ret
dec eax
ror ecx, 10h
jmp 00007F63AD1608B7h
int3
int3
int3
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0000796Bh]
dec eax
mov ecx, ebx
call dword ptr [0000796Ah]
call dword ptr [00007A0Ch]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00007A10h]
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 00000088h
dec eax
lea ecx, dword ptr [0000A8BDh]
call dword ptr [00007947h]
dec eax
mov eax, dword ptr [0000A9A8h]
dec eax
mov dword ptr [esp+48h], eax
inc ebp
xor eax, eax
dec eax
lea edx, dword ptr [esp+50h]
dec eax
mov ecx, dword ptr [esp+48h]
call dword ptr [00007920h]
Programming Language:
  • [IMP] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0xc1100xc8.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x100000xbd5a0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0xe0000x9fc.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0xc9a000x21d0.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000x7c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0xae800x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0xa1880x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa0600x118.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0xa1b00x3b0.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc0400x60.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x81040x8200False0.546664663462data6.06098689429IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0xa0000x2da20x2e00False0.425611413043data4.84762234939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0xd0000xb0c0x200False0.142578125data0.844606909688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata0xe0000x9fc0xa00False0.51015625data4.49694066781IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat0xf0000x380x200False0.06640625data0.345827309422IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc0x100000xbd5a00xbd600False0.621472772277data6.46724294448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0xce0000x7c0x200False0.23046875data1.44403813393IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
EDPENLIGHTENEDAPPINFOID0x2c4a00x2dataEnglishUnited States
EDPPERMISSIVEAPPINFOID0x2c4a80x2dataEnglishUnited States
MUI0xcd4480x158dataEnglishUnited States
WEVT_TEMPLATE0x131300x1936adataEnglishUnited States
RT_ICON0x2c4b00x668dataEnglishUnited States
RT_ICON0x2cb180x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4008635955, next used block 770286EnglishUnited States
RT_ICON0x2ce000x1e8dataEnglishUnited States
RT_ICON0x2cfe80x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x2d1100xea8dataEnglishUnited States
RT_ICON0x2dfb80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16182429, next used block 16773761EnglishUnited States
RT_ICON0x2e8600x6c8dataEnglishUnited States
RT_ICON0x2ef280x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x2f4900xcbf1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0x3c0880x25a8dataEnglishUnited States
RT_ICON0x3e6300x10a8dataEnglishUnited States
RT_ICON0x3f6d80x988dataEnglishUnited States
RT_ICON0x400600x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x405880x668dataEnglishUnited States
RT_ICON0x40bf00x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x40ed80x1e8dataEnglishUnited States
RT_ICON0x410c00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x411e80xea8dataEnglishUnited States
RT_ICON0x420900x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16251127, next used block 16185593EnglishUnited States
RT_ICON0x429380x6c8dataEnglishUnited States
RT_ICON0x430000x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x435680x97d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0x4cd400x25a8dataEnglishUnited States
RT_ICON0x4f2e80x10a8dataEnglishUnited States
RT_ICON0x503900x988dataEnglishUnited States
RT_ICON0x50d180x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x512400x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4160290815, next used block 0EnglishUnited States
RT_ICON0x515280x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
RT_ICON0x51dd00x10a8dataEnglishUnited States
RT_ICON0x52ea80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 32888EnglishUnited States
RT_ICON0x531a80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x534900x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x535b80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16120058, next used block 16120572EnglishUnited States
RT_ICON0x53e600x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x543c80x10a8dataEnglishUnited States
RT_ICON0x554700x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x559380x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 1953286086, next used block 128EnglishUnited States
RT_ICON0x55c200x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x55d480x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15265516, next used block 14937073EnglishUnited States
RT_ICON0x565f00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x56b580x10a8dataEnglishUnited States
RT_ICON0x57c000x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x580c80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4177497999, next used block 7374984EnglishUnited States
RT_ICON0x583b00x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
RT_ICON0x58c580x10a8dataEnglishUnited States
RT_ICON0x59d300x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4287627263, next used block 8947847EnglishUnited States
RT_ICON0x5a0180x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15724527, next used block 14870778EnglishUnited States
RT_ICON0x5a8c00x10a8dataEnglishUnited States
RT_ICON0x5b9980x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4177526783, next used block 15792376EnglishUnited States
RT_ICON0x5bc800x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5bda80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 14808529, next used block 15399129EnglishUnited States
RT_ICON0x5c6500x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5cbb80x10a8dataEnglishUnited States
RT_ICON0x5dc600x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5e1280x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 248, next used block 52302EnglishUnited States
RT_ICON0x5e4100x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5e5600x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5e6880x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5ebf00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5f0880x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5f1b00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5f7180x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5fbb00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x5fcd80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x602400x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x606d80x668dataEnglishUnited States
RT_ICON0x60d400x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x610280x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x611500xea8dataEnglishUnited States
RT_ICON0x61ff80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16251127, next used block 16185593EnglishUnited States
RT_ICON0x628a00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x62e080x25a8dataEnglishUnited States
RT_ICON0x653b00x10a8dataEnglishUnited States
RT_ICON0x664580x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x669480x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4177497999, next used block 7374984EnglishUnited States
RT_ICON0x66c300x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x66d580x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
RT_ICON0x676000x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x67b680x10a8dataEnglishUnited States
RT_ICON0x68c100x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x690d80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x693c00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x694e80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16709604, next used block 16118257EnglishUnited States
RT_ICON0x69d900x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6a2f80x10a8dataEnglishUnited States
RT_ICON0x6b3a00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6b8680x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x6bb500x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6bc780x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16709604, next used block 16118257EnglishUnited States
RT_ICON0x6c5200x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6ca880x10a8dataEnglishUnited States
RT_ICON0x6db300x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6dff80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x6e2e00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6e4080x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16709604, next used block 16118257EnglishUnited States
RT_ICON0x6ecb00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x6f2180x10a8dataEnglishUnited States
RT_ICON0x702c00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x707880x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3337062286, next used block 28791EnglishUnited States
RT_ICON0x70a700x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x70b980x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 13036186, next used block 16055484EnglishUnited States
RT_ICON0x714400x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x719a80x10a8dataEnglishUnited States
RT_ICON0x72a500x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x72f180x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 51, next used block 0EnglishUnited States
RT_ICON0x732000x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x733280x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
RT_ICON0x73bd00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x741380x10a8dataEnglishUnited States
RT_ICON0x751e00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x756a80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 16287887, next used block 0EnglishUnited States
RT_ICON0x759900x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16184819, next used block 16185078EnglishUnited States
RT_ICON0x762380x10a8dataEnglishUnited States
RT_ICON0x773100x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4294967295, next used block 7899271EnglishUnited States
RT_ICON0x775f80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
RT_ICON0x77ea00x10a8dataEnglishUnited States
RT_ICON0x78f780x668dataEnglishUnited States
RT_ICON0x795e00x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4160749567, next used block 8423559EnglishUnited States
RT_ICON0x798c80x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x799f00xea8dataEnglishUnited States
RT_ICON0x7a8980x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
RT_ICON0x7b1400x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x7b6a80x414cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0x7f7f80x25a8dataEnglishUnited States
RT_ICON0x81da00x10a8dataEnglishUnited States
RT_ICON0x82e480x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x833480x668dataEnglishUnited States
RT_ICON0x839b00x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4008635955, next used block 770286EnglishUnited States
RT_ICON0x83c980x1e8dataEnglishUnited States
RT_ICON0x83e800x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x83fa80xea8dataEnglishUnited States
RT_ICON0x84e500x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16182429, next used block 16773761EnglishUnited States
RT_ICON0x856f80x6c8dataEnglishUnited States
RT_ICON0x85dc00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x863280xcbf1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0x92f200x25a8dataEnglishUnited States
RT_ICON0x954c80x10a8dataEnglishUnited States
RT_ICON0x965700x988dataEnglishUnited States
RT_ICON0x96ef80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x974200x668dataEnglishUnited States
RT_ICON0x97a880x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0x97d700x1e8dataEnglishUnited States
RT_ICON0x97f580x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x980800xea8dataEnglishUnited States
RT_ICON0x98f280x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16251127, next used block 16185593EnglishUnited States
RT_ICON0x997d00x6c8dataEnglishUnited States
RT_ICON0x99e980x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x9a4000x97d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0xa3bd80x25a8dataEnglishUnited States
RT_ICON0xa61800x10a8dataEnglishUnited States
RT_ICON0xa72280x988dataEnglishUnited States
RT_ICON0xa7bb00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xa80d80x668dataEnglishUnited States
RT_ICON0xa87400x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4008635955, next used block 770286EnglishUnited States
RT_ICON0xa8a280x1e8dataEnglishUnited States
RT_ICON0xa8c100x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xa8d380xea8dataEnglishUnited States
RT_ICON0xa9be00x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16182429, next used block 16773761EnglishUnited States
RT_ICON0xaa4880x6c8dataEnglishUnited States
RT_ICON0xaab500x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xab0b80xcbf1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0xb7cb00x25a8dataEnglishUnited States
RT_ICON0xba2580x10a8dataEnglishUnited States
RT_ICON0xbb3000x988dataEnglishUnited States
RT_ICON0xbbc880x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xbc1b00x668dataEnglishUnited States
RT_ICON0xbc8180x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 3096152115, next used block 7829367EnglishUnited States
RT_ICON0xbcb000x1e8dataEnglishUnited States
RT_ICON0xbcce80x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xbce100xea8dataEnglishUnited States
RT_ICON0xbdcb80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16251127, next used block 16185593EnglishUnited States
RT_ICON0xbe5600x6c8dataEnglishUnited States
RT_ICON0xbec280x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0xbf1900x97d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
RT_ICON0xc89680x25a8dataEnglishUnited States
RT_ICON0xcaf100x10a8dataEnglishUnited States
RT_ICON0xcbfb80x988dataEnglishUnited States
RT_ICON0xcc9400x468GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_GROUP_ICON0xbc0f00xbcdataEnglishUnited States
RT_GROUP_ICON0x973600xbcdataEnglishUnited States
RT_GROUP_ICON0xccda80xbcdataEnglishUnited States
RT_GROUP_ICON0xa80180xbcdataEnglishUnited States
RT_GROUP_ICON0x404c80xbcdataEnglishUnited States
RT_GROUP_ICON0x511800xbcdataEnglishUnited States
RT_GROUP_ICON0x52e780x30dataEnglishUnited States
RT_GROUP_ICON0x531900x14dataEnglishUnited States
RT_GROUP_ICON0x580680x5adataEnglishUnited States
RT_GROUP_ICON0x558d80x5adataEnglishUnited States
RT_GROUP_ICON0x59d000x30dataEnglishUnited States
RT_GROUP_ICON0x5b9680x30dataEnglishUnited States
RT_GROUP_ICON0x5e5380x22dataEnglishUnited States
RT_GROUP_ICON0x5e0c80x5adataEnglishUnited States
RT_GROUP_ICON0x72eb80x5adataEnglishUnited States
RT_GROUP_ICON0x5f0580x30dataEnglishUnited States
RT_GROUP_ICON0x5fb800x30dataEnglishUnited States
RT_GROUP_ICON0x606a80x30dataEnglishUnited States
RT_GROUP_ICON0x756480x5adataEnglishUnited States
RT_GROUP_ICON0x668c00x84dataEnglishUnited States
RT_GROUP_ICON0x690780x5adataEnglishUnited States
RT_GROUP_ICON0x6b8080x5adataEnglishUnited States
RT_GROUP_ICON0x6df980x5adataEnglishUnited States
RT_GROUP_ICON0x707280x5adataEnglishUnited States
RT_GROUP_ICON0x772e00x30dataEnglishUnited States
RT_GROUP_ICON0x78f480x30dataEnglishUnited States
RT_GROUP_ICON0x832b00x92dataEnglishUnited States
RT_VERSION0xcce680x5e0dataEnglishUnited States
RT_MANIFEST0x129600x7c9XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
DLLImport
USER32.dllGetWindowThreadProcessId, AllowSetForegroundWindow, FindWindowExW, SendMessageTimeoutW, IsWindowVisible, SetUserObjectInformationW, IsWindowEnabled
msvcrt.dll_onexit, __dllonexit, _unlock, _lock, memset, _commode, __C_specific_handler, _vsnwprintf, memcpy_s, iswspace, ?terminate@@YAXXZ, _purecall, memmove_s, _fmode, _wcmdln, _initterm, __setusermatherr, _cexit, _exit, exit, __set_app_type, wcsncmp, free, _XcptFilter, _amsg_exit, __wgetmainargs, memcmp
KERNEL32.dllCreateThreadpoolTimer, ReleaseSRWLockShared, SetThreadpoolTimer, CloseHandle, HeapSetInformation, WaitForSingleObjectEx, DelayLoadFailureHook, ResolveDelayLoadedAPI, GetProcAddress, HeapAlloc, OpenSemaphoreW, IsDebuggerPresent, AcquireSRWLockExclusive, GetTickCount, GetSystemTimeAsFileTime, QueryPerformanceCounter, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, GetStartupInfoW, Sleep, CloseThreadpoolTimer, SetDllDirectoryW, DebugBreak, GetModuleHandleW, GetProcessHeap, GetCurrentProcessId, DeleteCriticalSection, AcquireSRWLockShared, LocalFree, GetModuleFileNameA, CreateSemaphoreExW, HeapFree, SetLastError, EnterCriticalSection, GetCommandLineW, GetCurrentProcess, ReleaseSemaphore, GetModuleHandleExW, TerminateProcess, LeaveCriticalSection, InitializeCriticalSection, SetErrorMode, InitializeCriticalSectionEx, WaitForThreadpoolTimerCallbacks, WaitForSingleObject, LocalAlloc, GetCurrentThreadId, ReleaseMutex, FormatMessageW, GetLastError, ReleaseSRWLockExclusive, OutputDebugStringW, CreateMutexExW
api-ms-win-downlevel-advapi32-l1-1-0.dllRegGetValueW, EventRegister, EventWriteTransfer, EventWriteEx, EventUnregister
api-ms-win-downlevel-shell32-l1-1-0.dllSetCurrentProcessExplicitAppUserModelID
ADVAPI32.dllEventSetInformation
iertutil.dll
api-ms-win-downlevel-shlwapi-l1-1-0.dllStrStrIW
api-ms-win-downlevel-ole32-l1-1-0.dllCoCreateGuid
DescriptionData
LegalCopyright Microsoft Corporation. All rights reserved.
InternalNameiexplore
FileVersion11.00.19041.1566 (WinBuild.160101.0800)
CompanyNameMicrosoft Corporation
ProductNameInternet Explorer
ProductVersion11.00.19041.1566
FileDescriptionInternet Explorer
OriginalFilenameIEXPLORE.EXE
LegalCopyright Microsoft Corporation. All rights reserved.
InternalNameiexplore
FileVersion11.00.19041.1566
CompanyNameMicrosoft Corporation
ProductNameInternet Explorer
ProductVersion11.00.19041.1566
FileDescriptionInternet Explorer
OriginalFilenameIEXPLORE.EXE
Translation0x0409 0x04b0

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

051015s020406080100

Click to jump to process

Memory Usage

051015sMB

Click to jump to process

System Behavior

General

Target ID:0
Start time:07:39:17
Start date:23/04/2022
Path:C:\Users\user\Desktop\iexplore.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\iexplore.exe"
Imagebase:0x7ff7e18c0000
File size:834512 bytes
MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:7.1%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:10.4%
Total number of Nodes:756
Total number of Limit Nodes:5
Show Legend
Hide Nodes/Edges
execution_graph 2241 7ff7e18c25b0 __wgetmainargs 2366 7ff7e18c56b0 2368 7ff7e18c56be 2366->2368 2367 7ff7e18c56fc 2368->2367 2370 7ff7e18c5424 2368->2370 2371 7ff7e18c542d EnterCriticalSection AcquireSRWLockExclusive 2370->2371 2376 7ff7e18c54ab 2370->2376 2372 7ff7e18c5478 2371->2372 2373 7ff7e18c5488 ReleaseSRWLockExclusive 2372->2373 2374 7ff7e18c5497 2372->2374 2373->2374 2375 7ff7e18c549c LeaveCriticalSection 2374->2375 2374->2376 2375->2376 2376->2367 2377 7ff7e18c2230 StrStrIW 2378 7ff7e18c226d 2377->2378 2378->2378 3000 7ff7e18c2870 3003 7ff7e18c2d64 3000->3003 3004 7ff7e18c2d90 6 API calls 3003->3004 3005 7ff7e18c2879 3003->3005 3004->3005 2379 7ff7e18c82b0 ReleaseMutex 2380 7ff7e18c82d3 2379->2380 2381 7ff7e18c82c4 2379->2381 2383 7ff7e18c8ec4 2381->2383 2386 7ff7e18c83f0 2383->2386 2385 7ff7e18c8ed7 2385->2380 2389 7ff7e18c7868 GetLastError 2386->2389 2388 7ff7e18c8422 2388->2385 2390 7ff7e18c788f 2389->2390 2390->2388 2391 7ff7e18c5134 2392 7ff7e18c5162 AcquireSRWLockExclusive 2391->2392 2393 7ff7e18c51a7 2391->2393 2399 7ff7e18c3970 2392->2399 2396 7ff7e18c5193 2396->2393 2397 7ff7e18c5198 ReleaseSRWLockExclusive 2396->2397 2397->2393 2400 7ff7e18c3988 2399->2400 2402 7ff7e18c399a 2399->2402 2411 7ff7e18c5f64 2400->2411 2403 7ff7e18c39cc 2402->2403 2416 7ff7e18c39e8 2402->2416 2403->2396 2407 7ff7e18c5270 2403->2407 2406 7ff7e18c39e8 13 API calls 2406->2403 2408 7ff7e18c529d 2407->2408 2410 7ff7e18c52d3 2408->2410 2450 7ff7e18c5afc 2408->2450 2410->2396 2412 7ff7e18c5f88 2411->2412 2415 7ff7e18c5faf 2411->2415 2429 7ff7e18c8ee4 2412->2429 2415->2402 2417 7ff7e18c3a15 2416->2417 2418 7ff7e18c3a85 2416->2418 2432 7ff7e18c5e40 2417->2432 2420 7ff7e18c28a0 7 API calls 2418->2420 2422 7ff7e18c39b5 2420->2422 2422->2403 2422->2406 2423 7ff7e18c3a41 GetLastError 2437 7ff7e18c54f4 2423->2437 2424 7ff7e18c3a65 2445 7ff7e18c5fe0 2424->2445 2430 7ff7e18c8ef4 GetModuleHandleW 2429->2430 2431 7ff7e18c5f8d GetProcAddress 2429->2431 2430->2431 2431->2415 2433 7ff7e18c3a39 2432->2433 2434 7ff7e18c5e5c 2432->2434 2433->2423 2433->2424 2435 7ff7e18c8ee4 GetModuleHandleW 2434->2435 2436 7ff7e18c5e61 GetProcAddress 2435->2436 2436->2433 2438 7ff7e18c5509 2437->2438 2441 7ff7e18c3a5c 2437->2441 2439 7ff7e18c8ee4 GetModuleHandleW 2438->2439 2440 7ff7e18c550e GetProcAddress 2439->2440 2440->2441 2442 7ff7e18c6efc 2441->2442 2443 7ff7e18c6f01 SetLastError 2442->2443 2444 7ff7e18c6f10 2442->2444 2443->2444 2444->2424 2446 7ff7e18c600c 2445->2446 2449 7ff7e18c6036 2445->2449 2447 7ff7e18c8ee4 GetModuleHandleW 2446->2447 2448 7ff7e18c6011 GetProcAddress 2447->2448 2448->2449 2449->2418 2455 7ff7e18c5acc 2450->2455 2452 7ff7e18c5b1c 2453 7ff7e18c5b20 memcpy_s 2452->2453 2454 7ff7e18c5b4d 2452->2454 2453->2454 2454->2410 2456 7ff7e18c5ae2 2455->2456 2457 7ff7e18c5ae6 2455->2457 2456->2452 2458 7ff7e18c5bd6 2457->2458 2464 7ff7e18c422c GetProcessHeap HeapAlloc 2457->2464 2458->2452 2461 7ff7e18c5ba5 memcpy_s 2461->2458 2462 7ff7e18c5bd1 2461->2462 2467 7ff7e18c7418 GetProcessHeap HeapFree 2462->2467 2465 7ff7e18c4268 GetProcessHeap 2464->2465 2466 7ff7e18c4287 2464->2466 2465->2466 2466->2458 2466->2461 3011 7ff7e18c2468 3012 7ff7e18c2478 3011->3012 3013 7ff7e18c821c 3011->3013 3014 7ff7e18c822e 3013->3014 3015 7ff7e18c59f4 WaitForSingleObjectEx 3013->3015 3016 7ff7e18c8249 3015->3016 3017 7ff7e18c828f 3016->3017 3024 7ff7e18c73b4 3016->3024 3025 7ff7e18c5c68 2 API calls 3024->3025 3026 7ff7e18c73c4 3025->3026 3027 7ff7e18c6ae7 _unlock 2468 7ff7e18c57ac 2469 7ff7e18c57c4 2468->2469 2470 7ff7e18c57ca memset 2468->2470 2469->2470 2471 7ff7e18c5809 2470->2471 2472 7ff7e18c55a0 2473 7ff7e18c55c0 2472->2473 2474 7ff7e18c55f7 2472->2474 2473->2474 2483 7ff7e18c55c9 2473->2483 2475 7ff7e18c5614 2474->2475 2476 7ff7e18c55fd 2474->2476 2477 7ff7e18c563d 2475->2477 2479 7ff7e18c5621 2475->2479 2504 7ff7e18c42e4 2476->2504 2532 7ff7e18c46bc 2477->2532 2518 7ff7e18c5d40 2479->2518 2487 7ff7e18c55f5 2483->2487 2489 7ff7e18c3840 2483->2489 2490 7ff7e18c385c 2489->2490 2496 7ff7e18c38d3 2489->2496 2491 7ff7e18c3887 AcquireSRWLockExclusive 2490->2491 2547 7ff7e18c35f0 GetCurrentProcessId 2490->2547 2493 7ff7e18c38b4 2491->2493 2495 7ff7e18c38c0 ReleaseSRWLockExclusive 2493->2495 2493->2496 2495->2496 2496->2487 2497 7ff7e18c40e4 AcquireSRWLockShared 2496->2497 2498 7ff7e18c4122 ReleaseSRWLockShared 2497->2498 2499 7ff7e18c4131 2497->2499 2498->2499 2500 7ff7e18c41e6 2499->2500 2501 7ff7e18c413c EnterCriticalSection AcquireSRWLockExclusive 2499->2501 2502 7ff7e18c41a9 ReleaseSRWLockExclusive 2499->2502 2503 7ff7e18c41ce LeaveCriticalSection 2499->2503 2500->2487 2501->2499 2502->2499 2503->2499 2505 7ff7e18c43ba 2504->2505 2506 7ff7e18c4318 2504->2506 2507 7ff7e18c28a0 7 API calls 2505->2507 2506->2505 2509 7ff7e18c4325 AcquireSRWLockExclusive 2506->2509 2508 7ff7e18c43c7 2507->2508 2508->2487 2510 7ff7e18c5afc 7 API calls 2509->2510 2511 7ff7e18c4361 2510->2511 2512 7ff7e18c43a6 2511->2512 2513 7ff7e18c4370 CreateThreadpoolTimer 2511->2513 2514 7ff7e18c4394 2511->2514 2512->2505 2515 7ff7e18c43ab ReleaseSRWLockExclusive 2512->2515 2654 7ff7e18c5c08 2513->2654 2660 7ff7e18c37f8 2514->2660 2515->2505 2519 7ff7e18c5d58 2518->2519 2520 7ff7e18c562b 2519->2520 2521 7ff7e18c8ee4 GetModuleHandleW 2519->2521 2520->2487 2523 7ff7e18c5db0 2520->2523 2522 7ff7e18c5d6e GetProcAddress 2521->2522 2522->2520 2664 7ff7e18c6280 memset 2523->2664 2526 7ff7e18c5e11 2528 7ff7e18c28a0 7 API calls 2526->2528 2530 7ff7e18c5e23 2528->2530 2530->2487 2533 7ff7e18c46e4 2532->2533 2534 7ff7e18c477c 2532->2534 2535 7ff7e18c3840 35 API calls 2533->2535 2534->2487 2536 7ff7e18c46e9 2535->2536 2536->2534 2693 7ff7e18c45ec 2536->2693 2538 7ff7e18c4702 2538->2534 2539 7ff7e18c470f AcquireSRWLockExclusive 2538->2539 2540 7ff7e18c4768 2539->2540 2541 7ff7e18c472c 2539->2541 2540->2534 2544 7ff7e18c476d ReleaseSRWLockExclusive 2540->2544 2542 7ff7e18c4732 CreateThreadpoolTimer 2541->2542 2543 7ff7e18c4756 2541->2543 2545 7ff7e18c5c08 5 API calls 2542->2545 2546 7ff7e18c37f8 SetThreadpoolTimer 2543->2546 2544->2534 2545->2543 2546->2540 2563 7ff7e18c8a6c 2547->2563 2552 7ff7e18c3697 2575 7ff7e18c59f4 WaitForSingleObjectEx 2552->2575 2553 7ff7e18c368e 2572 7ff7e18c78e0 2553->2572 2556 7ff7e18c36a6 2577 7ff7e18c8b9c 2556->2577 2558 7ff7e18c36bb 2559 7ff7e18c3693 2558->2559 2580 7ff7e18c3f94 2558->2580 2560 7ff7e18c28a0 7 API calls 2559->2560 2561 7ff7e18c3728 2560->2561 2561->2491 2564 7ff7e18c3657 CreateMutexExW 2563->2564 2565 7ff7e18c8a99 2563->2565 2567 7ff7e18c5c68 2564->2567 2589 7ff7e18c8b1c _vsnwprintf 2565->2589 2568 7ff7e18c5c80 GetLastError 2567->2568 2569 7ff7e18c3686 2567->2569 2570 7ff7e18c5cb5 2568->2570 2569->2552 2569->2553 2571 7ff7e18c6efc SetLastError 2570->2571 2571->2569 2573 7ff7e18c7868 GetLastError 2572->2573 2574 7ff7e18c78fa 2573->2574 2574->2559 2576 7ff7e18c5a22 2575->2576 2576->2556 2591 7ff7e18c8c10 2577->2591 2579 7ff7e18c8bbd 2579->2558 2581 7ff7e18c422c 3 API calls 2580->2581 2582 7ff7e18c3fc9 2581->2582 2584 7ff7e18c3fd1 2582->2584 2634 7ff7e18c7170 2582->2634 2584->2559 2587 7ff7e18c4015 2587->2584 2646 7ff7e18c7418 GetProcessHeap HeapFree 2587->2646 2590 7ff7e18c8b4f 2589->2590 2590->2564 2595 7ff7e18c8c51 2591->2595 2592 7ff7e18c8ccf OpenSemaphoreW 2593 7ff7e18c8d27 2592->2593 2594 7ff7e18c8cf9 GetLastError 2592->2594 2612 7ff7e18c7cb0 WaitForSingleObject 2593->2612 2596 7ff7e18c8d0e 2594->2596 2599 7ff7e18c8d20 2594->2599 2595->2592 2609 7ff7e18c85b8 2596->2609 2600 7ff7e18c28a0 7 API calls 2599->2600 2601 7ff7e18c8ea5 2600->2601 2601->2579 2602 7ff7e18c8d3c 2602->2599 2603 7ff7e18c8ddd OpenSemaphoreW 2602->2603 2604 7ff7e18c8e07 2603->2604 2605 7ff7e18c8e0b 2604->2605 2606 7ff7e18c8e2d 2604->2606 2608 7ff7e18c85b8 GetLastError 2605->2608 2607 7ff7e18c7cb0 9 API calls 2606->2607 2607->2599 2608->2599 2631 7ff7e18c8488 2609->2631 2611 7ff7e18c85cb 2611->2599 2613 7ff7e18c7cd3 2612->2613 2614 7ff7e18c7ce7 2612->2614 2615 7ff7e18c85b8 GetLastError 2613->2615 2616 7ff7e18c7d74 ReleaseSemaphore 2614->2616 2617 7ff7e18c7d09 ReleaseSemaphore 2614->2617 2630 7ff7e18c7ce2 2614->2630 2615->2630 2620 7ff7e18c7d90 2616->2620 2621 7ff7e18c7da4 2616->2621 2618 7ff7e18c7d21 2617->2618 2619 7ff7e18c7d35 ReleaseSemaphore 2617->2619 2622 7ff7e18c85b8 GetLastError 2618->2622 2623 7ff7e18c7d53 GetLastError 2619->2623 2619->2630 2624 7ff7e18c85b8 GetLastError 2620->2624 2625 7ff7e18c7db2 ReleaseSemaphore 2621->2625 2621->2630 2622->2630 2623->2630 2624->2630 2626 7ff7e18c7dcc GetLastError 2625->2626 2625->2630 2627 7ff7e18c7ddf WaitForSingleObject 2626->2627 2626->2630 2628 7ff7e18c7df5 2627->2628 2627->2630 2629 7ff7e18c85b8 GetLastError 2628->2629 2629->2630 2630->2602 2632 7ff7e18c7868 GetLastError 2631->2632 2633 7ff7e18c84ba 2632->2633 2633->2611 2636 7ff7e18c71a2 2634->2636 2647 7ff7e18c5a68 CreateSemaphoreExW 2636->2647 2638 7ff7e18c5a68 4 API calls 2641 7ff7e18c728b 2638->2641 2639 7ff7e18c28a0 7 API calls 2640 7ff7e18c400f 2639->2640 2640->2587 2642 7ff7e18c3168 memset 2640->2642 2641->2639 2643 7ff7e18c31b9 2642->2643 2653 7ff7e18c325c InitializeCriticalSectionEx 2643->2653 2645 7ff7e18c31c5 2645->2587 2648 7ff7e18c5a96 2647->2648 2649 7ff7e18c5aa3 2647->2649 2650 7ff7e18c5c68 2 API calls 2648->2650 2651 7ff7e18c78e0 GetLastError 2649->2651 2652 7ff7e18c5aa1 2650->2652 2651->2652 2652->2638 2652->2641 2653->2645 2655 7ff7e18c5c25 GetLastError 2654->2655 2656 7ff7e18c5c4c 2654->2656 2663 7ff7e18c37ac SetThreadpoolTimer WaitForThreadpoolTimerCallbacks CloseThreadpoolTimer 2655->2663 2656->2514 2661 7ff7e18c3833 2660->2661 2662 7ff7e18c3809 SetThreadpoolTimer 2660->2662 2661->2512 2662->2661 2665 7ff7e18c5e40 2 API calls 2664->2665 2671 7ff7e18c6320 2665->2671 2666 7ff7e18c63df 2667 7ff7e18c6540 2666->2667 2675 7ff7e18c63f1 2666->2675 2670 7ff7e18c6545 GetProcessHeap HeapFree 2667->2670 2677 7ff7e18c6486 2667->2677 2668 7ff7e18c637d GetProcessHeap HeapAlloc 2668->2671 2668->2677 2669 7ff7e18c635d GetProcessHeap HeapFree 2669->2668 2670->2677 2671->2666 2671->2668 2671->2669 2672 7ff7e18c5e40 2 API calls 2671->2672 2672->2671 2673 7ff7e18c28a0 7 API calls 2674 7ff7e18c5dec 2673->2674 2674->2526 2678 7ff7e18c608c 2674->2678 2676 7ff7e18c5e40 2 API calls 2675->2676 2675->2677 2676->2677 2677->2673 2683 7ff7e18c60b5 2678->2683 2679 7ff7e18c61fc 2680 7ff7e18c28a0 7 API calls 2679->2680 2681 7ff7e18c5e05 2680->2681 2685 7ff7e18c6238 2681->2685 2682 7ff7e18c5e40 2 API calls 2682->2683 2683->2679 2683->2682 2688 7ff7e18c5ec8 2683->2688 2686 7ff7e18c6272 2685->2686 2687 7ff7e18c6247 GetProcessHeap HeapFree 2685->2687 2686->2526 2687->2686 2689 7ff7e18c5f16 2688->2689 2690 7ff7e18c5eec 2688->2690 2689->2683 2691 7ff7e18c8ee4 GetModuleHandleW 2690->2691 2692 7ff7e18c5ef1 GetProcAddress 2691->2692 2692->2689 2694 7ff7e18c4698 2693->2694 2695 7ff7e18c4618 2693->2695 2712 7ff7e18c4820 2694->2712 2697 7ff7e18c4634 AcquireSRWLockExclusive 2695->2697 2698 7ff7e18c4630 2695->2698 2699 7ff7e18c4645 2697->2699 2698->2538 2700 7ff7e18c466f 2699->2700 2701 7ff7e18c465a 2699->2701 2709 7ff7e18c47e8 2700->2709 2706 7ff7e18c47b0 2701->2706 2704 7ff7e18c466b 2704->2698 2705 7ff7e18c4685 ReleaseSRWLockExclusive 2704->2705 2705->2698 2723 7ff7e18c488c 2706->2723 2710 7ff7e18c488c 14 API calls 2709->2710 2711 7ff7e18c4814 2710->2711 2711->2704 2812 7ff7e18c3298 2712->2812 2714 7ff7e18c4836 AcquireSRWLockExclusive 2814 7ff7e18c4e78 2714->2814 2717 7ff7e18c4866 2822 7ff7e18c44dc 2717->2822 2718 7ff7e18c4857 ReleaseSRWLockExclusive 2718->2717 2739 7ff7e18c4990 2723->2739 2726 7ff7e18c47d9 2726->2704 2727 7ff7e18c48e9 2730 7ff7e18c5acc 6 API calls 2727->2730 2728 7ff7e18c4948 2729 7ff7e18c4946 2728->2729 2731 7ff7e18c5acc 6 API calls 2728->2731 2732 7ff7e18c4990 8 API calls 2729->2732 2733 7ff7e18c4909 2730->2733 2731->2729 2732->2726 2734 7ff7e18c4933 2733->2734 2754 7ff7e18c4f54 2733->2754 2734->2729 2763 7ff7e18c7418 GetProcessHeap HeapFree 2734->2763 2741 7ff7e18c49ca 2739->2741 2753 7ff7e18c48cd 2739->2753 2742 7ff7e18c4afc 2741->2742 2745 7ff7e18c4a40 2741->2745 2764 7ff7e18c5060 2741->2764 2772 7ff7e18c43dc 2741->2772 2788 7ff7e18c3aac 2742->2788 2746 7ff7e18c4ac1 memmove_s 2745->2746 2745->2753 2747 7ff7e18c4aed 2746->2747 2748 7ff7e18c4b3b 2746->2748 2780 7ff7e18c5874 2747->2780 2749 7ff7e18c4afa 2748->2749 2802 7ff7e18c5548 2748->2802 2752 7ff7e18c5874 3 API calls 2749->2752 2752->2753 2753->2726 2753->2727 2753->2728 2755 7ff7e18c504f 2754->2755 2756 7ff7e18c4f83 2754->2756 2757 7ff7e18c4925 2756->2757 2810 7ff7e18c7418 GetProcessHeap HeapFree 2756->2810 2759 7ff7e18c3520 2757->2759 2760 7ff7e18c3540 2759->2760 2761 7ff7e18c353b 2759->2761 2760->2734 2811 7ff7e18c7418 GetProcessHeap HeapFree 2761->2811 2765 7ff7e18c50bd 2764->2765 2766 7ff7e18c508c 2764->2766 2769 7ff7e18c43dc 3 API calls 2765->2769 2771 7ff7e18c5108 2765->2771 2767 7ff7e18c50ab 2766->2767 2768 7ff7e18c5548 memcpy_s 2766->2768 2767->2741 2768->2767 2769->2765 2770 7ff7e18c5548 memcpy_s 2770->2767 2771->2770 2773 7ff7e18c4406 2772->2773 2775 7ff7e18c443b 2772->2775 2774 7ff7e18c4413 memcpy_s 2773->2774 2778 7ff7e18c44a1 2773->2778 2776 7ff7e18c4469 2774->2776 2775->2776 2777 7ff7e18c444f memcpy_s 2775->2777 2775->2778 2776->2778 2779 7ff7e18c4485 memcpy_s 2776->2779 2777->2776 2778->2741 2779->2778 2782 7ff7e18c5899 2780->2782 2781 7ff7e18c58ec 2783 7ff7e18c592b 2781->2783 2785 7ff7e18c591d 2781->2785 2786 7ff7e18c58fb memcpy_s 2781->2786 2782->2781 2782->2783 2784 7ff7e18c58da memcpy_s 2782->2784 2783->2749 2784->2781 2785->2783 2787 7ff7e18c592f memcpy_s 2785->2787 2786->2785 2787->2783 2789 7ff7e18c3b03 2788->2789 2795 7ff7e18c3b80 2788->2795 2790 7ff7e18c3b22 2789->2790 2792 7ff7e18c5548 memcpy_s 2789->2792 2806 7ff7e18c3d94 2790->2806 2791 7ff7e18c43dc 3 API calls 2791->2795 2792->2790 2795->2791 2796 7ff7e18c3bc7 2795->2796 2799 7ff7e18c3b6c 2795->2799 2800 7ff7e18c3beb 2795->2800 2797 7ff7e18c5548 memcpy_s 2796->2797 2797->2799 2798 7ff7e18c43dc 3 API calls 2798->2799 2799->2800 2801 7ff7e18c5548 memcpy_s 2799->2801 2800->2745 2801->2800 2803 7ff7e18c5590 2802->2803 2804 7ff7e18c5555 2802->2804 2803->2749 2804->2803 2805 7ff7e18c5580 memcpy_s 2804->2805 2805->2803 2807 7ff7e18c3b4b 2806->2807 2809 7ff7e18c3de2 2806->2809 2807->2798 2807->2800 2808 7ff7e18c43dc 3 API calls 2808->2809 2809->2807 2809->2808 2813 7ff7e18c32bb 2812->2813 2813->2714 2815 7ff7e18c4e9a 2814->2815 2816 7ff7e18c4e8e 2814->2816 2818 7ff7e18c4eb0 2815->2818 2819 7ff7e18c5308 2 API calls 2815->2819 2840 7ff7e18c5308 2816->2840 2820 7ff7e18c4852 2818->2820 2821 7ff7e18c5308 2 API calls 2818->2821 2819->2818 2820->2717 2820->2718 2821->2820 2823 7ff7e18c4532 2822->2823 2824 7ff7e18c4500 2822->2824 2826 7ff7e18c4b90 15 API calls 2823->2826 2827 7ff7e18c456b 2823->2827 2848 7ff7e18c4b90 2824->2848 2826->2827 2828 7ff7e18c45cb 2827->2828 2829 7ff7e18c4b90 15 API calls 2827->2829 2830 7ff7e18c28a0 7 API calls 2828->2830 2829->2828 2831 7ff7e18c45d7 2830->2831 2832 7ff7e18c34c8 2831->2832 2833 7ff7e18c34e5 2832->2833 2834 7ff7e18c34ea 2832->2834 2866 7ff7e18c7418 GetProcessHeap HeapFree 2833->2866 2836 7ff7e18c34fd 2834->2836 2867 7ff7e18c7418 GetProcessHeap HeapFree 2834->2867 2837 7ff7e18c3510 2836->2837 2868 7ff7e18c7418 GetProcessHeap HeapFree 2836->2868 2837->2698 2841 7ff7e18c3520 2 API calls 2840->2841 2842 7ff7e18c5364 2841->2842 2843 7ff7e18c3520 2 API calls 2842->2843 2844 7ff7e18c5386 2843->2844 2845 7ff7e18c5395 2844->2845 2847 7ff7e18c7418 GetProcessHeap HeapFree 2844->2847 2845->2815 2858 7ff7e18c4bae 2848->2858 2849 7ff7e18c5e40 2 API calls 2849->2858 2850 7ff7e18c4f54 2 API calls 2850->2858 2851 7ff7e18c4d48 2852 7ff7e18c4d5b 2851->2852 2865 7ff7e18c7418 GetProcessHeap HeapFree 2851->2865 2855 7ff7e18c28a0 7 API calls 2852->2855 2856 7ff7e18c4d6a 2855->2856 2856->2823 2858->2849 2858->2850 2858->2851 2858->2852 2859 7ff7e18c5ec8 GetProcAddress GetModuleHandleW 2858->2859 2860 7ff7e18c3c58 2858->2860 2864 7ff7e18c7418 GetProcessHeap HeapFree 2858->2864 2859->2858 2862 7ff7e18c3cbf 2860->2862 2861 7ff7e18c43dc memcpy_s memcpy_s memcpy_s 2861->2862 2862->2861 2863 7ff7e18c3d60 2862->2863 2863->2858 3028 7ff7e18c4ee0 3029 7ff7e18c4f03 3028->3029 3032 7ff7e18c4f2a 3028->3032 3030 7ff7e18c8ee4 GetModuleHandleW 3029->3030 3031 7ff7e18c4f08 GetProcAddress 3030->3031 3031->3032 3033 7ff7e18c2fe0 3036 7ff7e18c4208 3033->3036 3037 7ff7e18c4211 3036->3037 3038 7ff7e18c2fec 3036->3038 3039 7ff7e18c40e4 6 API calls 3037->3039 3039->3038 3040 7ff7e18c23e4 3041 7ff7e18c2406 3040->3041 3042 7ff7e18c240e GetProcessHeap HeapFree 3041->3042 3043 7ff7e18c244a 3041->3043 3042->3041 3042->3042 2874 7ff7e18c2819 2875 7ff7e18c2831 2874->2875 2876 7ff7e18c2828 _exit 2874->2876 2877 7ff7e18c2846 2875->2877 2878 7ff7e18c283a _cexit 2875->2878 2876->2875 2878->2877 2879 7ff7e18c24d0 2880 7ff7e18c24e2 2879->2880 2886 7ff7e18c2c18 GetModuleHandleW 2880->2886 2882 7ff7e18c2549 __set_app_type 2883 7ff7e18c2586 2882->2883 2884 7ff7e18c258f __setusermatherr 2883->2884 2885 7ff7e18c259c 2883->2885 2884->2885 2887 7ff7e18c2c2d 2886->2887 2887->2882 2888 7ff7e18c2b50 2889 7ff7e18c2b82 2888->2889 2890 7ff7e18c2b5f 2888->2890 2890->2889 2891 7ff7e18c2b7b ?terminate@ 2890->2891 2891->2889 2897 7ff7e18c3550 2898 7ff7e18c3569 2897->2898 2900 7ff7e18c3595 2897->2900 2899 7ff7e18c488c 14 API calls 2898->2899 2899->2900 3044 7ff7e18c7590 3045 7ff7e18c75a1 3044->3045 3047 7ff7e18c75bf 3044->3047 3048 7ff7e18c79e8 3045->3048 3049 7ff7e18c7a4a 3048->3049 3050 7ff7e18c7a1e GetModuleHandleExW 3048->3050 3051 7ff7e18c7a62 GetModuleFileNameA 3049->3051 3052 7ff7e18c7a3b 3049->3052 3050->3049 3050->3052 3051->3052 3053 7ff7e18c28a0 7 API calls 3052->3053 3054 7ff7e18c7ad9 3053->3054 3054->3047 3055 7ff7e18c7510 3063 7ff7e18c744c 3055->3063 3058 7ff7e18c7534 3059 7ff7e18c7563 3058->3059 3069 7ff7e18c7c54 3058->3069 3064 7ff7e18c7479 3063->3064 3068 7ff7e18c74a5 GetCurrentThreadId 3063->3068 3081 7ff7e18c7914 GetCurrentThreadId 3064->3081 3068->3058 3068->3059 3070 7ff7e18c7c62 3069->3070 3073 7ff7e18c7553 3069->3073 3087 7ff7e18c7aec 3070->3087 3073->3059 3075 7ff7e18c88a4 3073->3075 3076 7ff7e18c88c5 3075->3076 3080 7ff7e18c88da 3075->3080 3077 7ff7e18c898e 3076->3077 3079 7ff7e18c422c 3 API calls 3076->3079 3077->3059 3079->3080 3080->3077 3119 7ff7e18c8750 3080->3119 3082 7ff7e18c7483 3081->3082 3082->3068 3083 7ff7e18c7b50 3082->3083 3084 7ff7e18c7c34 3083->3084 3085 7ff7e18c7b7f 3083->3085 3084->3068 3085->3084 3085->3085 3086 7ff7e18c7c0d memcpy_s 3085->3086 3086->3084 3088 7ff7e18c7b1c 3087->3088 3089 7ff7e18c7b0a 3087->3089 3088->3073 3091 7ff7e18c7980 GetCurrentThreadId 3088->3091 3093 7ff7e18c6f18 GetCurrentProcessId 3089->3093 3092 7ff7e18c79be 3091->3092 3092->3073 3094 7ff7e18c8a6c _vsnwprintf 3093->3094 3095 7ff7e18c6f76 CreateMutexExW 3094->3095 3096 7ff7e18c5c68 2 API calls 3095->3096 3097 7ff7e18c6fa8 3096->3097 3098 7ff7e18c6fb0 3097->3098 3099 7ff7e18c6fb9 3097->3099 3100 7ff7e18c78e0 GetLastError 3098->3100 3101 7ff7e18c59f4 WaitForSingleObjectEx 3099->3101 3105 7ff7e18c6fb5 3100->3105 3102 7ff7e18c6fc8 3101->3102 3103 7ff7e18c8b9c 19 API calls 3102->3103 3104 7ff7e18c6fe0 3103->3104 3104->3105 3109 7ff7e18c3e60 3104->3109 3106 7ff7e18c28a0 7 API calls 3105->3106 3108 7ff7e18c703b 3106->3108 3108->3088 3110 7ff7e18c422c 3 API calls 3109->3110 3111 7ff7e18c3e8c 3110->3111 3112 7ff7e18c3e99 3111->3112 3113 7ff7e18c7170 11 API calls 3111->3113 3112->3105 3114 7ff7e18c3edb 3113->3114 3115 7ff7e18c3ef5 memset memset 3114->3115 3116 7ff7e18c3ee1 3114->3116 3115->3116 3116->3112 3118 7ff7e18c7418 GetProcessHeap HeapFree 3116->3118 3120 7ff7e18c87bf 3119->3120 3121 7ff7e18c422c 3 API calls 3120->3121 3126 7ff7e18c882a 3120->3126 3123 7ff7e18c87f9 3121->3123 3122 7ff7e18c8887 3122->3077 3125 7ff7e18c8801 GetProcessHeap HeapFree 3123->3125 3123->3126 3125->3126 3126->3122 3132 7ff7e18c6d00 3126->3132 3127 7ff7e18c8853 3128 7ff7e18c6d00 memcpy_s 3127->3128 3129 7ff7e18c8865 3128->3129 3137 7ff7e18c6d8c 3129->3137 3131 7ff7e18c8877 memset 3131->3122 3133 7ff7e18c6d67 3132->3133 3134 7ff7e18c6d1a 3132->3134 3133->3127 3134->3133 3135 7ff7e18c6d38 memcpy_s 3134->3135 3136 7ff7e18c6d4f 3135->3136 3136->3127 3138 7ff7e18c6df4 3137->3138 3139 7ff7e18c6da6 3137->3139 3138->3131 3139->3138 3140 7ff7e18c6dc5 memcpy_s 3139->3140 3141 7ff7e18c6ddc 3140->3141 3141->3131 3142 7ff7e18c1590 3145 7ff7e18c2354 3142->3145 3144 7ff7e18c1599 3150 7ff7e18c325c InitializeCriticalSectionEx 3145->3150 3147 7ff7e18c23ae 3151 7ff7e18c325c InitializeCriticalSectionEx 3147->3151 3149 7ff7e18c23ba 3149->3144 3150->3147 3151->3149 2901 7ff7e18c12d4 EventRegister 2902 7ff7e18c1331 2901->2902 2903 7ff7e18c133e EventSetInformation 2901->2903 2904 7ff7e18c28a0 7 API calls 2902->2904 2903->2902 2905 7ff7e18c1370 2904->2905 2906 7ff7e18c7e48 2907 7ff7e18c7e9d 2906->2907 2908 7ff7e18c7f3d GetCurrentThreadId 2907->2908 2909 7ff7e18c7faf 2908->2909 2910 7ff7e18c80f5 2909->2910 2911 7ff7e18c8040 IsDebuggerPresent 2909->2911 2912 7ff7e18c8035 2909->2912 2911->2912 2913 7ff7e18c80b2 OutputDebugStringW 2912->2913 2915 7ff7e18c8050 2912->2915 2916 7ff7e18c75e0 2912->2916 2913->2915 2917 7ff7e18c7815 2916->2917 2920 7ff7e18c7610 2916->2920 2918 7ff7e18c28a0 7 API calls 2917->2918 2919 7ff7e18c7853 2918->2919 2919->2913 2920->2917 2921 7ff7e18c769a FormatMessageW 2920->2921 2922 7ff7e18c7713 2921->2922 2923 7ff7e18c76ee 2921->2923 2924 7ff7e18c8104 _vsnwprintf 2922->2924 2945 7ff7e18c8104 2923->2945 2926 7ff7e18c7711 2924->2926 2927 7ff7e18c774b GetCurrentThreadId 2926->2927 2928 7ff7e18c8104 _vsnwprintf 2926->2928 2929 7ff7e18c8104 _vsnwprintf 2927->2929 2930 7ff7e18c7748 2928->2930 2931 7ff7e18c7788 2929->2931 2930->2927 2931->2917 2932 7ff7e18c8104 _vsnwprintf 2931->2932 2933 7ff7e18c77bb 2932->2933 2934 7ff7e18c77d6 2933->2934 2935 7ff7e18c8104 _vsnwprintf 2933->2935 2936 7ff7e18c77f1 2934->2936 2937 7ff7e18c8104 _vsnwprintf 2934->2937 2935->2934 2938 7ff7e18c7801 2936->2938 2939 7ff7e18c7817 2936->2939 2937->2936 2940 7ff7e18c8104 _vsnwprintf 2938->2940 2941 7ff7e18c781f 2939->2941 2942 7ff7e18c782d 2939->2942 2940->2917 2943 7ff7e18c8104 _vsnwprintf 2941->2943 2944 7ff7e18c8104 _vsnwprintf 2942->2944 2943->2917 2944->2917 2946 7ff7e18c8134 2945->2946 2948 7ff7e18c8147 2945->2948 2947 7ff7e18c8b1c _vsnwprintf 2946->2947 2947->2948 2948->2926 2949 7ff7e18c51cc 2950 7ff7e18c5252 2949->2950 2951 7ff7e18c51f2 2949->2951 2952 7ff7e18c3840 35 API calls 2951->2952 2953 7ff7e18c51f7 2952->2953 2953->2950 2954 7ff7e18c51fb AcquireSRWLockExclusive 2953->2954 2960 7ff7e18c38f0 2954->2960 2957 7ff7e18c5270 7 API calls 2958 7ff7e18c522b 2957->2958 2958->2950 2959 7ff7e18c5243 ReleaseSRWLockExclusive 2958->2959 2959->2950 2961 7ff7e18c3957 2960->2961 2962 7ff7e18c390c 2960->2962 2961->2957 2962->2961 2963 7ff7e18c3913 AcquireSRWLockExclusive 2962->2963 2964 7ff7e18c5270 7 API calls 2963->2964 2965 7ff7e18c3943 2964->2965 2965->2961 2966 7ff7e18c3948 ReleaseSRWLockExclusive 2965->2966 2966->2961 2242 7ff7e18c2600 GetStartupInfoW 2243 7ff7e18c263f 2242->2243 2244 7ff7e18c2651 2243->2244 2245 7ff7e18c265a Sleep 2243->2245 2246 7ff7e18c2676 _amsg_exit 2244->2246 2247 7ff7e18c2684 2244->2247 2245->2243 2248 7ff7e18c26d7 2246->2248 2247->2248 2250 7ff7e18c26db 2247->2250 2258 7ff7e18c2b90 SetUnhandledExceptionFilter 2247->2258 2249 7ff7e18c26fa _initterm 2248->2249 2248->2250 2251 7ff7e18c2717 _IsNonwritableInCurrentImage 2248->2251 2249->2251 2251->2250 2259 7ff7e18c16b0 2251->2259 2254 7ff7e18c27e0 2254->2250 2256 7ff7e18c27e9 _cexit 2254->2256 2255 7ff7e18c27d8 exit 2255->2254 2256->2250 2258->2247 2337 7ff7e18c6780 2259->2337 2262 7ff7e18c16dd InitializeCriticalSection 2264 7ff7e18c1380 2262->2264 2265 7ff7e18c1710 #798 2264->2265 2266 7ff7e18c1724 CoCreateGuid 2265->2266 2267 7ff7e18c2088 2265->2267 2269 7ff7e18c1740 2266->2269 2268 7ff7e18c2090 DeleteCriticalSection 2267->2268 2344 7ff7e18c67c0 2268->2344 2340 7ff7e18c2f47 2269->2340 2273 7ff7e18c1758 IsDebuggerPresent 2278 7ff7e18c180e #797 2273->2278 2284 7ff7e18c17a8 2273->2284 2274 7ff7e18c20ad RegGetValueW 2275 7ff7e18c212a 2274->2275 2276 7ff7e18c210c GetCurrentProcess TerminateProcess 2274->2276 2275->2254 2275->2255 2276->2275 2279 7ff7e18c1fff #650 #650 2278->2279 2280 7ff7e18c1836 2278->2280 2287 7ff7e18c6ba0 10 API calls 2279->2287 2281 7ff7e18c1862 #701 2280->2281 2282 7ff7e18c1872 2280->2282 2281->2282 2285 7ff7e18c18e0 SetErrorMode GetCommandLineW wcsncmp 2281->2285 2282->2285 2286 7ff7e18c188f GetModuleHandleW 2282->2286 2284->2278 2290 7ff7e18c17c0 #796 2284->2290 2293 7ff7e18c1920 2285->2293 2288 7ff7e18c18a7 GetProcAddress 2286->2288 2289 7ff7e18c18cd SetDllDirectoryW 2286->2289 2287->2267 2288->2289 2291 7ff7e18c18c2 2288->2291 2289->2285 2292 7ff7e18c117c 9 API calls 2290->2292 2291->2289 2292->2278 2293->2293 2294 7ff7e18c19aa LocalAlloc 2293->2294 2295 7ff7e18c1b8f HeapSetInformation 2294->2295 2310 7ff7e18c19d7 2294->2310 2296 7ff7e18c2150 #701 GetCurrentProcess SetUserObjectInformationW 2295->2296 2297 7ff7e18c1bac #791 SetCurrentProcessExplicitAppUserModelID 2296->2297 2298 7ff7e18c1be0 2297->2298 2298->2298 2299 7ff7e18c1bea StrStrIW 2298->2299 2304 7ff7e18c1c7b 2299->2304 2305 7ff7e18c1c0a 2299->2305 2300 7ff7e18c1a52 StrStrIW 2301 7ff7e18c1ab2 StrStrIW 2300->2301 2300->2310 2302 7ff7e18c1b0f StrStrIW 2301->2302 2301->2310 2303 7ff7e18c1b88 2302->2303 2302->2310 2303->2295 2306 7ff7e18c1c96 StrStrIW 2304->2306 2305->2304 2311 7ff7e18c1c37 2305->2311 2307 7ff7e18c1dd9 wcsncmp 2306->2307 2327 7ff7e18c1cb8 2306->2327 2308 7ff7e18c1f20 2307->2308 2309 7ff7e18c1dfd iswspace 2307->2309 2308->2308 2318 7ff7e18c1f35 StrStrIW 2308->2318 2312 7ff7e18c1e15 2309->2312 2313 7ff7e18c1e33 iswspace 2309->2313 2310->2295 2310->2300 2310->2301 2310->2302 2310->2303 2314 7ff7e18c6c6c 10 API calls 2311->2314 2312->2313 2315 7ff7e18c1e1b iswspace 2312->2315 2316 7ff7e18c1e46 iswspace 2313->2316 2317 7ff7e18c1e5e wcsncmp 2313->2317 2331 7ff7e18c1c63 2314->2331 2315->2312 2315->2313 2316->2316 2316->2317 2317->2308 2325 7ff7e18c1e82 2317->2325 2319 7ff7e18c1f53 2318->2319 2319->2331 2332 7ff7e18c2f11 LdrResolveDelayLoadedAPI 2319->2332 2333 7ff7e18c2e86 LdrResolveDelayLoadedAPI 2319->2333 2334 7ff7e18c2f35 LdrResolveDelayLoadedAPI 2319->2334 2335 7ff7e18c2f23 LdrResolveDelayLoadedAPI 2319->2335 2320 7ff7e18c1cf0 FindWindowExW 2322 7ff7e18c1d45 2320->2322 2323 7ff7e18c1d13 GetWindowThreadProcessId AllowSetForegroundWindow 2320->2323 2321 7ff7e18c1fc6 LocalFree 2321->2268 2321->2279 2322->2307 2324 7ff7e18c1d43 StrStrIW 2322->2324 2326 7ff7e18c86c8 IsWindowEnabled IsWindowVisible SendMessageTimeoutW 2323->2326 2324->2331 2329 7ff7e18c1eb0 #796 2325->2329 2325->2331 2326->2327 2327->2307 2327->2320 2327->2324 2330 7ff7e18c1008 9 API calls 2329->2330 2330->2331 2331->2321 2332->2331 2333->2331 2334->2331 2335->2331 2338 7ff7e18c678f EventRegister 2337->2338 2339 7ff7e18c16cf 2337->2339 2338->2339 2339->2262 2348 7ff7e18c685c 2339->2348 2341 7ff7e18c2f53 2340->2341 2353 7ff7e18c21c0 LdrResolveDelayLoadedAPI 2341->2353 2343 7ff7e18c2f92 2345 7ff7e18c20a8 2344->2345 2346 7ff7e18c67d4 EventUnregister 2344->2346 2347 7ff7e18c138c EventUnregister 2345->2347 2346->2345 2354 7ff7e18c67f4 2348->2354 2350 7ff7e18c687e 2357 7ff7e18c28a0 2350->2357 2353->2343 2355 7ff7e18c680b EventWriteTransfer 2354->2355 2355->2350 2358 7ff7e18c28a9 2357->2358 2359 7ff7e18c28b4 2358->2359 2360 7ff7e18c2900 RtlCaptureContext RtlLookupFunctionEntry 2358->2360 2359->2262 2361 7ff7e18c2945 RtlVirtualUnwind 2360->2361 2362 7ff7e18c2987 2360->2362 2361->2362 2365 7ff7e18c28c4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2362->2365 2967 7ff7e18c3040 2968 7ff7e18c30a5 2967->2968 2969 7ff7e18c3057 AcquireSRWLockExclusive 2967->2969 2970 7ff7e18c307e 2969->2970 2973 7ff7e18c3086 2969->2973 2974 7ff7e18c6594 2970->2974 2972 7ff7e18c3096 ReleaseSRWLockExclusive 2972->2968 2973->2968 2973->2972 2975 7ff7e18c65bd 2974->2975 2976 7ff7e18c672e 2975->2976 2978 7ff7e18c5e40 2 API calls 2975->2978 2980 7ff7e18c5ec8 2 API calls 2975->2980 2977 7ff7e18c28a0 7 API calls 2976->2977 2979 7ff7e18c6744 2977->2979 2978->2975 2979->2973 2980->2975 2981 7ff7e18c30c0 2982 7ff7e18c30d2 AcquireSRWLockExclusive 2981->2982 2983 7ff7e18c310b 2981->2983 2984 7ff7e18c30ee ReleaseSRWLockExclusive 2982->2984 2985 7ff7e18c30fd 2982->2985 2984->2985 2985->2983 2986 7ff7e18c4820 17 API calls 2985->2986 2986->2983 2987 7ff7e18c35c0 2988 7ff7e18c35d8 2987->2988 2989 7ff7e18c35dd 2987->2989 2991 7ff7e18c24c4 2988->2991 2991->2989 2992 7ff7e18c2b3c free 2991->2992 2993 7ff7e18c5740 GetModuleHandleW GetProcAddress 2994 7ff7e18c5786 2993->2994 2995 7ff7e18c7140 CloseHandle 2996 7ff7e18c7163 2995->2996 2997 7ff7e18c7154 2995->2997 2998 7ff7e18c8ec4 GetLastError 2997->2998 2998->2996 3152 7ff7e18c2480 3153 7ff7e18c2489 3152->3153 3155 7ff7e18c24b5 3153->3155 3156 7ff7e18c33a0 3153->3156 3157 7ff7e18c5c08 5 API calls 3156->3157 3158 7ff7e18c33c0 3157->3158 3159 7ff7e18c5c08 5 API calls 3158->3159 3160 7ff7e18c33cb 3159->3160 3161 7ff7e18c33e4 3160->3161 3179 7ff7e18c7418 GetProcessHeap HeapFree 3160->3179 3180 7ff7e18c3490 3161->3180 3181 7ff7e18c34a7 3180->3181 3182 7ff7e18c34ac DeleteCriticalSection 3180->3182 3184 7ff7e18c7418 GetProcessHeap HeapFree 3181->3184 3185 7ff7e18c3000 3186 7ff7e18c3019 3185->3186 3187 7ff7e18c3009 3185->3187 3188 7ff7e18c40e4 6 API calls 3187->3188 3188->3186 2999 7ff7e18c6ac3 _XcptFilter 3189 7ff7e18c907d #597

Executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: Processiswspace$Windowwcsncmp$#650#796CriticalCurrentLocalSection$#701#791#797#798AddressAllocAllowCommandCreateDebuggerDeleteDirectoryErrorEventExplicitFindForegroundFreeGuidHandleHeapInformationInitializeLineModeModelModulePresentProcRegisterTerminateThreadUserValue
  • String ID: -ResetDestinationList$-embedding$-eval$-new$-newtab$-nowait$-startmanager$CREDAT:$IEFrame$Internet Explorer$Microsoft.InternetExplorer.Default$Microsoft.InternetExplorer.Preview$SCODEF:$SetSearchPathMode$Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe$TerminateOnShutdown$kernel32.dll${28fb17e0-d393-439d-9a21-9474a070473a}
  • API String ID: 1949848870-2116736064
  • Opcode ID: 0f0148360dc6c43878f7a9744ee8bffc50bf3aadc59eb82bce75812f3816197e
  • Instruction ID: 5ff545c2397966c7dee0f8739a7cdbaee7190182cd36aec11269242ee56845c4
  • Opcode Fuzzy Hash: 0f0148360dc6c43878f7a9744ee8bffc50bf3aadc59eb82bce75812f3816197e
  • Instruction Fuzzy Hash: 32524125A08742C6EB20AB14E4563B9F7A1FF45B64F848136CA4E03794EFBCE465C723
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 257 7ff7e18c21c0-7ff7e18c21fb LdrResolveDelayLoadedAPI
APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: DelayLoadedResolve
  • String ID:
  • API String ID: 841769287-0
  • Opcode ID: fd89166e9313d2547a46168cd6d01029742f4c44403c20cb216b718d438abc21
  • Instruction ID: b246d26f11217793982d662cb02fb06e10995eab87f2f5ae01ababbb5e678cb8
  • Opcode Fuzzy Hash: fd89166e9313d2547a46168cd6d01029742f4c44403c20cb216b718d438abc21
  • Instruction Fuzzy Hash: 65E0B674908B8286D710AB00EC02269FB60FB897A8FD04133D94D43320EF7C9164CB16
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 258 7ff7e18c2b90-7ff7e18c2ba7 SetUnhandledExceptionFilter
APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: f287afc6fd8ae868f8f6214d16c592652df8966cb88c41ca673cac106e70ef23
  • Instruction ID: 2e593d87ae9a303ef73ada8509dd57883967e5d424dae82707cc91c185dac935
  • Opcode Fuzzy Hash: f287afc6fd8ae868f8f6214d16c592652df8966cb88c41ca673cac106e70ef23
  • Instruction Fuzzy Hash: 51B09214E29512C1D708BB21DC9616093A1BB9C720FC00832C00E85160EEAC91ABC712
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 196 7ff7e18c2600-7ff7e18c263c GetStartupInfoW 197 7ff7e18c263f-7ff7e18c264a 196->197 198 7ff7e18c2667 197->198 199 7ff7e18c264c-7ff7e18c264f 197->199 202 7ff7e18c266c-7ff7e18c2674 198->202 200 7ff7e18c2651-7ff7e18c2658 199->200 201 7ff7e18c265a-7ff7e18c2665 Sleep 199->201 200->202 201->197 203 7ff7e18c2676-7ff7e18c2682 _amsg_exit 202->203 204 7ff7e18c2684-7ff7e18c268c 202->204 205 7ff7e18c26f0-7ff7e18c26f8 203->205 206 7ff7e18c26e5 204->206 207 7ff7e18c268e-7ff7e18c26aa 204->207 209 7ff7e18c26fa-7ff7e18c270d _initterm 205->209 210 7ff7e18c2717-7ff7e18c2719 205->210 208 7ff7e18c26eb 206->208 211 7ff7e18c26ae-7ff7e18c26b1 207->211 208->205 209->210 212 7ff7e18c2725-7ff7e18c272c 210->212 213 7ff7e18c271b-7ff7e18c271e 210->213 214 7ff7e18c26b3-7ff7e18c26b5 211->214 215 7ff7e18c26d7-7ff7e18c26d9 211->215 217 7ff7e18c2758-7ff7e18c2765 212->217 218 7ff7e18c272e-7ff7e18c273c call 7ff7e18c2cd0 212->218 213->212 216 7ff7e18c26db-7ff7e18c26e0 214->216 219 7ff7e18c26b7-7ff7e18c26ba 214->219 215->208 215->216 222 7ff7e18c2846-7ff7e18c2863 216->222 220 7ff7e18c2771-7ff7e18c2776 217->220 221 7ff7e18c2767-7ff7e18c276c 217->221 218->217 230 7ff7e18c273e-7ff7e18c274e 218->230 224 7ff7e18c26cc-7ff7e18c26d5 219->224 225 7ff7e18c26bc-7ff7e18c26c6 call 7ff7e18c2b90 219->225 226 7ff7e18c277a-7ff7e18c2781 220->226 221->222 224->211 231 7ff7e18c26c8 225->231 228 7ff7e18c2783-7ff7e18c2786 226->228 229 7ff7e18c27f7-7ff7e18c27fb 226->229 232 7ff7e18c2788-7ff7e18c278a 228->232 233 7ff7e18c278c-7ff7e18c2792 228->233 234 7ff7e18c27fd-7ff7e18c2807 229->234 235 7ff7e18c280b-7ff7e18c2814 229->235 230->217 231->224 232->229 232->233 236 7ff7e18c27a2-7ff7e18c27d6 call 7ff7e18c16b0 233->236 237 7ff7e18c2794-7ff7e18c27a0 233->237 234->235 235->222 235->226 240 7ff7e18c27e0-7ff7e18c27e7 236->240 241 7ff7e18c27d8-7ff7e18c27da exit 236->241 237->233 242 7ff7e18c27f5 240->242 243 7ff7e18c27e9-7ff7e18c27ef _cexit 240->243 241->240 242->222 243->242
APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
  • String ID:
  • API String ID: 642454821-0
  • Opcode ID: e734e849fc222a78f7db0f43c1a720059c7842eede69e40175245adcea5765f7
  • Instruction ID: 4816ca4221156a84ad9bd2b324fcb2ef2cb6f180d1b7da09995bf8e5afaafd3f
  • Opcode Fuzzy Hash: e734e849fc222a78f7db0f43c1a720059c7842eede69e40175245adcea5765f7
  • Instruction Fuzzy Hash: 8E613A31A0C70282EB64BB14E892739B2A2FB94760F944137D94D936D4DFBCE861C763
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 245 7ff7e18c2150-7ff7e18c2168 246 7ff7e18c216a-7ff7e18c2178 #701 245->246 247 7ff7e18c218b-7ff7e18c218d 245->247 248 7ff7e18c217a 246->248 249 7ff7e18c219d 246->249 247->249 250 7ff7e18c218f-7ff7e18c2197 247->250 253 7ff7e18c21a8-7ff7e18c21ad 248->253 254 7ff7e18c217c 248->254 252 7ff7e18c21a1-7ff7e18c21a6 249->252 250->249 251 7ff7e18c6b56-7ff7e18c6b88 GetCurrentProcess SetUserObjectInformationW 250->251 251->252 255 7ff7e18c217e-7ff7e18c2184 253->255 254->255 255->247
APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: #701
  • String ID:
  • API String ID: 1014962704-0
  • Opcode ID: 7a5347c738d304c9b440640a1c2f359192b4627c723dab30d68333a853e82a82
  • Instruction ID: 868fcee028cfaa4cbd4e7b084f9ffdf36f77a0f6c2b709291905bdc41111a539
  • Opcode Fuzzy Hash: 7a5347c738d304c9b440640a1c2f359192b4627c723dab30d68333a853e82a82
  • Instruction Fuzzy Hash: E9015E35A08742C7E324BF18A851374FAA1BBC8750F804137DA4D83290DBBCE524C663
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 256 7ff7e18c25b0-7ff7e18c25f8 __wgetmainargs
APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: __wgetmainargs
  • String ID:
  • API String ID: 1709950718-0
  • Opcode ID: ac8620aa60852997f68d015af7cd2ee7313d39221b728e796da7eb808a66c23c
  • Instruction ID: d00455d5feb78899f3a5186ecef6776c2562df334b2dc941b022199c8829708f
  • Opcode Fuzzy Hash: ac8620aa60852997f68d015af7cd2ee7313d39221b728e796da7eb808a66c23c
  • Instruction Fuzzy Hash: 1CE05974E08B43D5E700BB51B8626A1F7A1BBA4324BC04237C44C62220EFBCA165CBA3
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 4104442557-0
  • Opcode ID: 8e8f9e4056e2bbebc1ed311f54f3e1c5b6b820bcf261d82402f450724497577d
  • Instruction ID: f4e5978e25e607403d582e6ed938a5c6b35929ca8383e464caaadfea852490e6
  • Opcode Fuzzy Hash: 8e8f9e4056e2bbebc1ed311f54f3e1c5b6b820bcf261d82402f450724497577d
  • Instruction Fuzzy Hash: 56116322605F418AEB00EF70E85536873A4FB49768F800A32EA6D47754EFBCD5B5C752
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetProcessHeap.KERNEL32(?,?,?,00007FF7E18C5B9D,?,?,?,00007FF7E18C4953), ref: 00007FF7E18C423B
  • HeapAlloc.KERNEL32(?,?,?,00007FF7E18C5B9D,?,?,?,00007FF7E18C4953), ref: 00007FF7E18C424F
  • GetProcessHeap.KERNEL32(?,?,?,00007FF7E18C5B9D,?,?,?,00007FF7E18C4953), ref: 00007FF7E18C4268
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: Heap$Process$Alloc
  • String ID:
  • API String ID: 651230671-0
  • Opcode ID: 6c4630cb0f5c3c6e0ad4446469ac008e7e9d376c98fc29dae74cb438b0e3ae69
  • Instruction ID: ad28f4374353c90a2c4503f428a4b46a735c6932f4863be90335fc3ac2b51553
  • Opcode Fuzzy Hash: 6c4630cb0f5c3c6e0ad4446469ac008e7e9d376c98fc29dae74cb438b0e3ae69
  • Instruction Fuzzy Hash: 8CF0DA31A05B5182DB046B56B849379EBA2FB8DFA1F889136DA0E47320DF7CD4A5C612
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 287 7ff7e18c75e0-7ff7e18c760a 288 7ff7e18c7841-7ff7e18c785e call 7ff7e18c28a0 287->288 289 7ff7e18c7610-7ff7e18c7613 287->289 289->288 291 7ff7e18c7619-7ff7e18c7630 289->291 293 7ff7e18c7632-7ff7e18c7639 291->293 294 7ff7e18c7654-7ff7e18c7667 291->294 293->294 295 7ff7e18c763b-7ff7e18c764e 293->295 296 7ff7e18c7693 294->296 297 7ff7e18c7669-7ff7e18c766c 294->297 295->294 307 7ff7e18c7839 295->307 300 7ff7e18c769a-7ff7e18c76ec FormatMessageW 296->300 298 7ff7e18c768a-7ff7e18c7691 297->298 299 7ff7e18c766e-7ff7e18c7671 297->299 298->300 302 7ff7e18c7681-7ff7e18c7688 299->302 303 7ff7e18c7673-7ff7e18c7676 299->303 304 7ff7e18c7713-7ff7e18c7722 call 7ff7e18c8104 300->304 305 7ff7e18c76ee-7ff7e18c7711 call 7ff7e18c8104 300->305 302->300 303->300 308 7ff7e18c7678-7ff7e18c767f 303->308 311 7ff7e18c7727-7ff7e18c7734 304->311 305->311 307->288 308->300 312 7ff7e18c7736-7ff7e18c7748 call 7ff7e18c8104 311->312 313 7ff7e18c774b-7ff7e18c7795 GetCurrentThreadId call 7ff7e18c8104 311->313 312->313 318 7ff7e18c77a9-7ff7e18c77c2 call 7ff7e18c8104 313->318 319 7ff7e18c7797-7ff7e18c779c 313->319 323 7ff7e18c77d6-7ff7e18c77dd 318->323 324 7ff7e18c77c4-7ff7e18c77d1 call 7ff7e18c8104 318->324 319->318 320 7ff7e18c779e-7ff7e18c77a3 319->320 320->307 320->318 326 7ff7e18c77f1-7ff7e18c77ff 323->326 327 7ff7e18c77df-7ff7e18c77ec call 7ff7e18c8104 323->327 324->323 329 7ff7e18c7801-7ff7e18c7815 call 7ff7e18c8104 326->329 330 7ff7e18c7817-7ff7e18c781d 326->330 327->326 329->307 332 7ff7e18c781f-7ff7e18c782b call 7ff7e18c8104 330->332 333 7ff7e18c782d-7ff7e18c7834 call 7ff7e18c8104 330->333 332->307 333->307
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CurrentFormatMessageThread
  • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
  • API String ID: 2411632146-3173542853
  • Opcode ID: c305d1960df873b23188e55ad2329bcf09f9214f711e6ebf8f7b75fb575bf485
  • Instruction ID: c364da853b5b0d800e84ad22ad54f494375a7b0611fadd07f7544670cbc1f74e
  • Opcode Fuzzy Hash: c305d1960df873b23188e55ad2329bcf09f9214f711e6ebf8f7b75fb575bf485
  • Instruction Fuzzy Hash: AC617E61A08B8281EB64EF51A8567B6A3A0FF44BA8FC44137DA8D13754DFBCE461C713
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • WaitForSingleObject.KERNEL32(?,?,00000000,00007FF7E18C8D3C), ref: 00007FF7E18C7CC2
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: ObjectSingleWait
  • String ID:
  • API String ID: 24740636-0
  • Opcode ID: 311056b2069fe22c9f6a453dd4702220405004c7f4f79dbab0d936f72ecc0ab7
  • Instruction ID: f815caf9000ad5aaf96462040f72b287f1385b43c0ff8d9c53f734f4b585dce5
  • Opcode Fuzzy Hash: 311056b2069fe22c9f6a453dd4702220405004c7f4f79dbab0d936f72ecc0ab7
  • Instruction Fuzzy Hash: B941463260C74287E7606B21D402379E661EF85BB0F959133DA5E42798DFBCD8A4CA23
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • AcquireSRWLockShared.KERNEL32(?,?,?,?,?,00007FF7E18C421E,?,?,?,?,00007FF7E18C2FEC), ref: 00007FF7E18C4105
  • ReleaseSRWLockShared.KERNEL32(?,?,?,?,?,00007FF7E18C421E,?,?,?,?,00007FF7E18C2FEC), ref: 00007FF7E18C4125
  • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF7E18C421E,?,?,?,?,00007FF7E18C2FEC), ref: 00007FF7E18C4145
  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00007FF7E18C421E,?,?,?,?,00007FF7E18C2FEC), ref: 00007FF7E18C4154
  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00007FF7E18C421E,?,?,?,?,00007FF7E18C2FEC), ref: 00007FF7E18C41AC
  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF7E18C421E,?,?,?,?,00007FF7E18C2FEC), ref: 00007FF7E18C41D1
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: Lock$AcquireCriticalExclusiveReleaseSectionShared$EnterLeave
  • String ID:
  • API String ID: 3221859647-0
  • Opcode ID: ac8a0eec957fd3451228aa59b364505a3a3f261b1bede1026a51b482b7202545
  • Instruction ID: f8b2577752c8f1ef377f498ab5ec76e8fc4a91659e2d753fd54cac68f1a30688
  • Opcode Fuzzy Hash: ac8a0eec957fd3451228aa59b364505a3a3f261b1bede1026a51b482b7202545
  • Instruction Fuzzy Hash: 6531B422B08F5186EB019F11A901279EB61FB99FE0F899132DE4E07B04DFBCD495C712
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • memset.MSVCRT ref: 00007FF7E18C62BE
    • Part of subcall function 00007FF7E18C5E40: GetProcAddress.KERNEL32 ref: 00007FF7E18C5E6B
  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E18C5DEC), ref: 00007FF7E18C635D
  • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E18C5DEC), ref: 00007FF7E18C6371
  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E18C5DEC), ref: 00007FF7E18C637D
  • HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E18C5DEC), ref: 00007FF7E18C6391
  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E18C5DEC), ref: 00007FF7E18C6545
  • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7E18C5DEC), ref: 00007FF7E18C6559
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: Heap$Process$Free$AddressAllocProcmemset
  • String ID:
  • API String ID: 2515388404-0
  • Opcode ID: 428b59a5c627357b6c47cd94d171436bf6ea1c0a8a756d576f1fb126026135ba
  • Instruction ID: 1cc1d7412ccdda5d58585cc5d25377659a8b64c6986cf1aef9705c2715a154b0
  • Opcode Fuzzy Hash: 428b59a5c627357b6c47cd94d171436bf6ea1c0a8a756d576f1fb126026135ba
  • Instruction Fuzzy Hash: FF91A032A04B618AEB20DF62E4416ADB7B0FB58B58B948136DF4E53754EF78D060C722
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: OpenSemaphore$ErrorLast
  • String ID: _p0
  • API String ID: 3042991519-2437413317
  • Opcode ID: 06f6d63e7a808263af5b1a45eb0c5cd3e88966f292146e1fdad6c838f392df62
  • Instruction ID: d549e7bcc98646916c0c7c23bca78b0bef9aa516c3cff89e9a209673d3108800
  • Opcode Fuzzy Hash: 06f6d63e7a808263af5b1a45eb0c5cd3e88966f292146e1fdad6c838f392df62
  • Instruction Fuzzy Hash: 8661A272A0878285EB20EB14E0523BAE3A0EF967A0FD54133DA4D43745EFBCD551C712
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetCurrentProcessId.KERNEL32 ref: 00007FF7E18C6F44
  • CreateMutexExW.KERNEL32 ref: 00007FF7E18C6F8F
    • Part of subcall function 00007FF7E18C5C68: GetLastError.KERNEL32 ref: 00007FF7E18C5C8A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CreateCurrentErrorLastMutexProcess
  • String ID: Local\SM0:%d:%d:%hs$x
  • API String ID: 3298007088-4178846994
  • Opcode ID: ef2503423aa31f09ab1b4e4e6865b8e5012a9e4eeae409d4bfa19e10f7428300
  • Instruction ID: 90913259da5f179549db33342bca03b99379ab6918b444666a338e434ef5d50f
  • Opcode Fuzzy Hash: ef2503423aa31f09ab1b4e4e6865b8e5012a9e4eeae409d4bfa19e10f7428300
  • Instruction Fuzzy Hash: 9D31423161C74282EB50AB24E4963AAF3A0EB94790FC05136EA8E87795DFBCD454C712
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: RaiseFailFastException$kernelbase.dll
  • API String ID: 1646373207-919018592
  • Opcode ID: 90237418f5489c81e568102f06743583406f8a2b20e5fed18a6678c408f941af
  • Instruction ID: 672c0b1be9e3c0d913aa0ae9797a2b67f8c1266e49ba88d6da9a83cb3eb6c923
  • Opcode Fuzzy Hash: 90237418f5489c81e568102f06743583406f8a2b20e5fed18a6678c408f941af
  • Instruction Fuzzy Hash: CFF03A25B08BA1C2EB00AB02F485179EB61FB49FE0B849036DA0E07B14EF7CD4A5C712
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
  • String ID:
  • API String ID: 140117192-0
  • Opcode ID: b5a2cf00e08f24f35519b55053e37a0498c6299b266642f78a809fcaf47f59d5
  • Instruction ID: 7a3a340e0959e54b283274ce44246adf405213ceda2a39421e151c314d45af6a
  • Opcode Fuzzy Hash: b5a2cf00e08f24f35519b55053e37a0498c6299b266642f78a809fcaf47f59d5
  • Instruction Fuzzy Hash: 9241A635A08B0185EB10AB08F8A2365F365FBC87A4F904237D98D537A4DFBDE465C762
Uniqueness

Uniqueness Score: -1.00%

APIs
  • EnterCriticalSection.KERNEL32(?,?,?,00007FF7E18C54E8,?,?,?,?,?,?,?,?,00007FF7E18C24B5), ref: 00007FF7E18C5445
  • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7E18C54E8,?,?,?,?,?,?,?,?,00007FF7E18C24B5), ref: 00007FF7E18C5454
  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF7E18C54E8,?,?,?,?,?,?,?,?,00007FF7E18C24B5), ref: 00007FF7E18C548B
  • LeaveCriticalSection.KERNEL32(?,?,?,00007FF7E18C54E8,?,?,?,?,?,?,?,?,00007FF7E18C24B5), ref: 00007FF7E18C549F
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CriticalExclusiveLockSection$AcquireEnterLeaveRelease
  • String ID:
  • API String ID: 1115728412-0
  • Opcode ID: 0f7df9b6096091a0eda25337a9051e2c79742103f04dcbea3f569fa167144b4c
  • Instruction ID: 0da4e7e60845b6e8b26a52b1229b43fc0f04ff28545a92d6c7ea7f325995b141
  • Opcode Fuzzy Hash: 0f7df9b6096091a0eda25337a9051e2c79742103f04dcbea3f569fa167144b4c
  • Instruction Fuzzy Hash: 5A0140A2B18B8282DF149F11A555278EB61FB8EFD1B989232DE4E03714DF7CD491C702
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetCurrentProcessId.KERNEL32 ref: 00007FF7E18C3625
  • CreateMutexExW.KERNEL32 ref: 00007FF7E18C366D
    • Part of subcall function 00007FF7E18C5C68: GetLastError.KERNEL32 ref: 00007FF7E18C5C8A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: CreateCurrentErrorLastMutexProcess
  • String ID: Local\SM0:%d:%d:%hs
  • API String ID: 3298007088-4162240545
  • Opcode ID: a03f0cf941183372015bcfc4ec3ea1b60ba38ffcc7d119e64e780811779cb604
  • Instruction ID: debe2430601f5f8c8789438de5bc81459afde2f33c8cc14095485c37ac072355
  • Opcode Fuzzy Hash: a03f0cf941183372015bcfc4ec3ea1b60ba38ffcc7d119e64e780811779cb604
  • Instruction Fuzzy Hash: A9417232618B4286EB10EB15E4817AAF3A0FB98790FC04036EA4D47B59DFBCD555C712
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetProcessHeap.KERNEL32(?,?,00000000,00007FF7E18C6E68,?,?,?,00007FF7E18C826F), ref: 00007FF7E18C70B9
  • HeapFree.KERNEL32(?,?,00000000,00007FF7E18C6E68,?,?,?,00007FF7E18C826F), ref: 00007FF7E18C70CD
  • GetProcessHeap.KERNEL32(?,?,00000000,00007FF7E18C6E68,?,?,?,00007FF7E18C826F), ref: 00007FF7E18C70F1
  • HeapFree.KERNEL32(?,?,00000000,00007FF7E18C6E68,?,?,?,00007FF7E18C826F), ref: 00007FF7E18C7105
Memory Dump Source
  • Source File: 00000000.00000002.266693300.00007FF7E18C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E18C0000, based on PE: true
  • Associated: 00000000.00000002.266688039.00007FF7E18C0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266723235.00007FF7E18CA000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266742103.00007FF7E18CD000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266765601.00007FF7E18CE000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.266771739.00007FF7E18D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7e18c0000_iexplore.jbxd
Similarity
  • API ID: Heap$FreeProcess
  • String ID:
  • API String ID: 3859560861-0
  • Opcode ID: b48126e289383ea1a3766ba9d6cd6342a985ef06311d3cc3f288c71a0fd3198b
  • Instruction ID: 93d887c6139d92c6b20b0825cd05a42430993f87876a5066946b2096e3aa8540
  • Opcode Fuzzy Hash: b48126e289383ea1a3766ba9d6cd6342a985ef06311d3cc3f288c71a0fd3198b
  • Instruction Fuzzy Hash: 28114C32A04B61C6DB009F56F4041ACFBB1F749F91B888126DB4E03718DF78E4A2C741
Uniqueness

Uniqueness Score: -1.00%