Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ujsvTrVlol.exe

Overview

General Information

Sample name:ujsvTrVlol.exe
renamed because original name is a hash value
Original sample name:15af4a7899b540337cebe28776f4e24874aa6ac219636ca76b5b106f98919a04.exe
Analysis ID:1502382
MD5:35868ed1b450f9fcf74d7076b64383f2
SHA1:a5be319b81e0551e27436f0a5010808723d48704
SHA256:15af4a7899b540337cebe28776f4e24874aa6ac219636ca76b5b106f98919a04
Tags:exe
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
AI detected suspicious sample
Contains functionality to inject code into remote processes
Found direct / indirect Syscall (likely to bypass EDR)
Hides threads from debuggers
Machine Learning detection for sample
PE file has nameless sections
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Detected potential crypto function
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • ujsvTrVlol.exe (PID: 5180 cmdline: "C:\Users\user\Desktop\ujsvTrVlol.exe" MD5: 35868ED1B450F9FCF74D7076B64383F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: ujsvTrVlol.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E2205 FindFirstFileW,FindClose,0_2_00007FF7F59E2205
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E21E4 FindFirstFileW,FindClose,0_2_00007FF7F59E21E4
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E21DC FindFirstFileW,FindClose,0_2_00007FF7F59E21DC
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E21F1 FindFirstFileW,FindClose,0_2_00007FF7F59E21F1
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E55D2 InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00007FF7F59E55D2
Source: ujsvTrVlol.exeString found in binary or memory: https://enigmaprotector.com/taggant/spv.crl0
Source: ujsvTrVlol.exeString found in binary or memory: https://enigmaprotector.com/taggant/user.crl0
Source: ujsvTrVlol.exe, 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://gcc.gnu.org/bugs/):

System Summary

barindex
PE file has nameless sections
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E493C0_2_00007FF7F59E493C
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E58C00_2_00007FF7F59E58C0
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E1E5B0_2_00007FF7F59E1E5B
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E159A0_2_00007FF7F59E159A
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59EA9FA0_2_00007FF7F59EA9FA
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E89820_2_00007FF7F59E8982
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E49630_2_00007FF7F59E4963
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E8F620_2_00007FF7F59E8F62
Source: ujsvTrVlol.exeStatic PE information: invalid certificate
Source: ujsvTrVlol.exeStatic PE information: Number of sections : 12 > 10
Source: ujsvTrVlol.exeStatic PE information: Section: ZLIB complexity 0.9949612657563025
Source: classification engineClassification label: mal80.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E493C GetEnvironmentVariableW,GetFileAttributesW,GetEnvironmentVariableW,GetFileAttributesW,CreateToolhelp32Snapshot,Process32FirstW,_wcsicmp,Process32NextW,_wcsicmp,0_2_00007FF7F59E493C
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 8
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 9
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 4
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 5
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 6
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 7
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 0
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 1
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 2
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 3
Source: C:\Users\user\Desktop\ujsvTrVlol.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex object: Unique: -1472423074-1413185751. Number: 10
Source: C:\Users\user\Desktop\ujsvTrVlol.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeFile read: C:\Users\user\Desktop\ujsvTrVlol.exeJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InProcServer32Jump to behavior
Source: ujsvTrVlol.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ujsvTrVlol.exeStatic file information: File size 16260936 > 1048576
Source: ujsvTrVlol.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x323600

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\ujsvTrVlol.exeUnpacked PE file: 0.2.ujsvTrVlol.exe.7ff7f59e0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;Unknown_Section5:W;Unknown_Section6:EW;Unknown_Section7:EW;Unknown_Section8:EW;Unknown_Section9:EW;Unknown_Section10:EW;Unknown_Section11:EW; vs Unknown_Section0:ER;Unknown_Section1:W;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:R;Unknown_Section5:W;Unknown_Section6:W;Unknown_Section7:W;Unknown_Section8:W;Unknown_Section9:R;Unknown_Section10:EW;Unknown_Section11:EW;
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name:
Source: ujsvTrVlol.exeStatic PE information: section name: entropy: 7.992284035028791
Source: ujsvTrVlol.exeStatic PE information: section name: entropy: 7.857678669786828
Source: ujsvTrVlol.exeStatic PE information: section name: entropy: 7.813860737497707
Source: C:\Users\user\Desktop\ujsvTrVlol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\ujsvTrVlol.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $SANDBOXIERPCSS.EXETA
Source: ujsvTrVlol.exe, 00000000.00000002.1733413761.000001E800C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TCPDUMP.EXEZ1Y)H
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NETSNIFFER.EXE#
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: QEMU-GA.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: XENSERVICE.EXE3
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXEQ
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SBIESVC.EXE&
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SBIECTRL.EXEC
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $APIMONITOR-X86.EXEURES\Q
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE=
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IMPORTREC.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $FAKEHTTPSERVER.EXEU+
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE[
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $BEHAVIORDUMPER.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733413761.000001E800C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE?1QD-
Source: ujsvTrVlol.exe, 00000000.00000002.1733413761.000001E800C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE>
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: REGMON.EXEG
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SYSANALYZER.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMUSRVC.EXE0
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: XENSERVICE.EXEV
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CFF EXPLORER.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUNSC.EXE9
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUNS.EXES\PICTURES\\{
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .SANDBOXIEDCOMLAUNCH.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: :FRIDA-WINJECTOR-HELPER-64.EXELOL.EXE\WINDOWS\INETCACHE\\
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "PROC_ANALYZER.EXEG
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PETOOLS.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000002.1733413761.000001E800C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TCPDUMP.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SNIFF_HIT.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: XENSERVICE.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HOOKEXPLORER.EXEK
Source: ujsvTrVlol.exe, 00000000.00000002.1733413761.000001E800C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUNSC.EXE91PC-
Source: ujsvTrVlol.exe, 00000000.00000002.1733736527.000001E802A60000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000002.1733413761.000001E800C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "PROCESSHACKER.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802AC9000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUNSC.EXEC
Source: C:\Users\user\Desktop\ujsvTrVlol.exeAPI coverage: 8.4 %
Source: C:\Users\user\Desktop\ujsvTrVlol.exe TID: 1804Thread sleep count: 231 > 30Jump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ujsvTrVlol.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E2205 FindFirstFileW,FindClose,0_2_00007FF7F59E2205
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E21E4 FindFirstFileW,FindClose,0_2_00007FF7F59E21E4
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E21DC FindFirstFileW,FindClose,0_2_00007FF7F59E21DC
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E21F1 FindFirstFileW,FindClose,0_2_00007FF7F59E21F1
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: #Windows 10 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1733962235.000001E803070000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicheartbeatfaceY
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareuser.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmwareVBoxService.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmware
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmtools
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qemu-ga!
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: "Windows 8 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray.exeO
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1733962235.000001E803070000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLEAUT32.dllager.dllHhyper-v m
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray.exeW
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareuser.exe>1qe-
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V (guest)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray.exe>1qe-
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareuser.exe<
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: )Windows 8 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmsrvc.exeM
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmusrvc.exe0
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %Windows 2012 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: $Windows 8.1 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ,Windows 2012 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtray.exe>1qe-
Source: ujsvTrVlol.exe, 00000000.00000003.1728764942.000001E803176000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Exchange ServicevmickvpexchangeHyper-V Heartbeat ServicevmicheartbeatHyper-V Gue
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice.exe(
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qemu-ga.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtray.exe5
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %Windows 2016 Microsoft Hyper-V Server
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: +Windows 8.1 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000003.1728764942.000001E803176000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: l Direct ServicevmicvmsessionHyper-V Time Synchronization ServicevmictimesyncHyp
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmmemctl.exec
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice.exe]
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Fvmware physical disk helper servicee\windows\inetcache\
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice.exe>1qe-
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray.exe
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000003.1728764942.000001E803176000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hutdown ServicevmicshutdownHyper-V Remote Desktop Virtualization ServicevmicrdvH
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmscsi.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmtoolsd.exeC
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qemu-ga@
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: *Windows 11 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ,Windows 2016 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtray.exe{
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxService.exe
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: *Windows 10 Server Standard without Hyper-V
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWare
Source: ujsvTrVlol.exe, 00000000.00000003.1728764942.000001E803176000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: meW32TimeVolume Shadow CopyVSSHyper-V Volume Shadow Copy RequestorvmicvssHyper
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
Source: ujsvTrVlol.exe, ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtray.exe^
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
Source: ujsvTrVlol.exe, 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: #Windows 11 Microsoft Hyper-V Server
Source: C:\Users\user\Desktop\ujsvTrVlol.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\ujsvTrVlol.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeProcess queried: DebugPortJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E1131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,_malloc_dbg,strlen,_malloc_dbg,_cexit,0_2_00007FF7F59E1131
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F5A11690 SetUnhandledExceptionFilter,0_2_00007FF7F5A11690

HIPS / PFW / Operating System Protection Evasion

barindex
Contains functionality to inject code into remote processes
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59E58C0 ExitProcess,CreateMutexA,GetLastError,CreateProcessA,CreateProcessA,VirtualAllocEx,WriteProcessMemory,VirtualProtect,QueueUserAPC,ResumeThread,0_2_00007FF7F59E58C0
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\ujsvTrVlol.exeNtProtectVirtualMemory: Indirect: 0x7FF7F65F92E1Jump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeNtProtectVirtualMemory: Indirect: 0x7FF7F5AABD37Jump to behavior
Source: C:\Users\user\Desktop\ujsvTrVlol.exeNtSetInformationThread: Indirect: 0x7FF7F5A5ACC1Jump to behavior
Source: ujsvTrVlol.exe, 00000000.00000002.1733792396.000001E802B65000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell_traywndexeeh
Source: ujsvTrVlol.exe, 00000000.00000002.1733962235.000001E803070000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: program manager chrome
Source: ujsvTrVlol.exe, 00000000.00000002.1733917093.000001E802BFB000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729442062.000001E802BF8000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000003.1729303397.000001E802B65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: progmane
Source: C:\Users\user\Desktop\ujsvTrVlol.exeCode function: 0_2_00007FF7F59F2040 GetSystemTimeAsFileTime,0_2_00007FF7F59F2040
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1734103431.000001E803486000.00000004.00000020.00020000.00000000.sdmp, ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wireshark.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fch32.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: spideragent.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procexp.exe
Source: ujsvTrVlol.exe, 00000000.00000002.1733602494.000001E8026A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fsaua.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Abuse Elevation Control Mechanism		11
Process Injection		LSASS Memory331
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		Security Account Manager23
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials13
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ujsvTrVlol.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://gcc.gnu.org/bugs/):0%Avira URL Cloudsafe
https://enigmaprotector.com/taggant/spv.crl00%Avira URL Cloudsafe
https://enigmaprotector.com/taggant/user.crl00%Avira URL Cloudsafe
https://enigmaprotector.com/taggant/user.crl00%VirustotalBrowse
https://enigmaprotector.com/taggant/spv.crl00%VirustotalBrowse
https://gcc.gnu.org/bugs/):0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://gcc.gnu.org/bugs/):ujsvTrVlol.exe, 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://enigmaprotector.com/taggant/spv.crl0ujsvTrVlol.exefalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://enigmaprotector.com/taggant/user.crl0ujsvTrVlol.exefalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502382
Start date and time:2024-09-01 03:42:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 7s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:ujsvTrVlol.exe
renamed because original name is a hash value
Original Sample Name:15af4a7899b540337cebe28776f4e24874aa6ac219636ca76b5b106f98919a04.exe
Detection:MAL
Classification:mal80.evad.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):2.535956405188153
TrID:
  • Win64 Executable (generic) (12005/4) 74.95%
  • Generic Win/DOS Executable (2004/3) 12.51%
  • DOS Executable Generic (2002/1) 12.50%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:ujsvTrVlol.exe
File size:16'260'936 bytes
MD5:35868ed1b450f9fcf74d7076b64383f2
SHA1:a5be319b81e0551e27436f0a5010808723d48704
SHA256:15af4a7899b540337cebe28776f4e24874aa6ac219636ca76b5b106f98919a04
SHA512:75e5dca2f3718b48df8bec3e2d9222f73c6c7d0d0315bf4291fbb5eb40400b0d87bf0ac7f992c1949880e4e157cfec67fa21c033132d8ae238f0086dc35c5c96
SSDEEP:49152:3GkxqJL9ShMZwshiNMNVkWeedBdI3voGkQwJ5dxKMVgM6QW/ddz/xMC3h/:3NFgwixLZ8flkQaz/Vg5h37Jd
TLSH:55F63387F96F2ACAE60525BA6A145542CFAB12447BFF0805730ED78C71C37A11BDA3C9
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.......................@.............................p.......'....`...@...... ........ ...... .....

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x141031d90
Entrypoint Section:
Digitally signed:true
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:c1fbf380722f62e9d13f77bc10915a89

Authenticode Signature

Signature Valid:false
Signature Issuer:CN=Microsoft Windows Third Party Component CA 2012, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:The digital signature of the object did not verify
Error Number:-2146869232
Not Before, Not After
  • 14/09/2023 20:14:17 04/09/2024 20:14:17
Subject Chain
  • CN=Microsoft Windows 3rd party Component, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:3
Thumbprint MD5:D327E7E8E247DDC0E7314737F61385E9
Thumbprint SHA-1:D8E11B329D0A4327717DE0F59AFA3B50652A589C
Thumbprint SHA-256:33760015F745C23025DD88BAC62534A4373F18D396806AB2C38ABEA7FFCB6C7B
Serial:3300000105637D69ABB7413418000000000105

Entrypoint Preview

Instruction
jmp 00007F4C5C803A9Ah
add dl, al
add eax, 00000000h
add byte ptr [eax+51h], dl
push edx
push ebx
push ebp
push esi
push edi
inc ecx
push eax
inc ecx
push ecx
inc ecx
push edx
inc ecx
push ebx
inc ecx
push esp
inc ecx
push ebp
inc ecx
push esi
inc ecx
push edi
dec eax
pushfd
dec eax
sub esp, 00000008h
stmxcsr dword ptr [esp]
call 00007F4C5C803A95h
pop ebp
dec eax
sub ebp, 00000033h
dec eax
sub ebp, 01031D90h
dec eax
sub esp, 00000020h
jmp 00007F4C5C803A99h
ret
push ebx
das
sahf
dec eax
mov eax, 01031D90h
dec eax
add eax, ebp
dec eax
add eax, 00000084h
dec eax
mov ecx, 0000060Bh
dec eax
mov edx, 3C125229h
xor byte ptr [eax], dl
dec eax
inc eax
dec eax
dec ecx
jne 00007F4C5C803A88h
jmp 00007F4C5C803A99h
std
wait
adc al, 15h
popad
mov al, byte ptr [15A0A2C0h]
sub dword ptr [ecx], ebp
sub dword ptr [ecx-58h], esp
call 00007F4C85A962B6h
popad
sub al, al
popad
out dx, al
jmp 00007F4C85A963B8h
popad
out dx, al
jmp 00007F4C5C803A93h
sub dword ptr [ecx], ebp
sub dword ptr [ecx-22h], esp
retf
popad
sub al, ch
mov byte ptr [292925A8h], al
sub dword ptr [ecx+28h], esp
sar dword ptr [ecx+79h], 61h
xchg eax, ecx
xchg eax, ecx
xor al, 06h
sub dword ptr [ecx], ebp
sub dword ptr [ecx], ebp
sub dword ptr [ecx-70h], esp
int1

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0xd160600xe10
IMAGE_DIRECTORY_ENTRY_IMPORT0xd16e700x2e8
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0xd17a580x28260
IMAGE_DIRECTORY_ENTRY_SECURITY0xf7f8000x2748
IMAGE_DIRECTORY_ENTRY_BASERELOC0xd160400x10
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0xd160000x28
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
0x10000x210000xee00a2978e26ac17b895a8892198932c7586False0.9949612657563025data7.992284035028791IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x220000x20000x2002ef7b7c14f375ed79bc660e3d832d7d5False0.54296875data4.549237444581537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x240000x50000x1800cff392e02346bede5550c56f00474076False0.9654947916666666data7.857678669786828IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x290000x40000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x2d0000x30000xa00ceb4031eca21f49fbd6372c9fbeb45daFalse0.980859375data7.813860737497707IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x300000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x310000x20000x200b651ac7f2eb6e0a28d8da1e67d8f9a27False0.1796875data1.4913317566268227IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x330000x10000x20009801ea94b4138c6eea441e1236259feFalse0.087890625data0.6015377733147627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x340000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x350000x10000x4006cc157b8ee4be76ec9623a2911c34ff8False0.8056640625data6.6013212901111435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x360000xcdd0000x4a4008b084ac645ee6665e6bce9495fb597c6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0xd130000x3240000x323600f19b582d0e1a165ed888bb908274f1feunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLLImport
kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
user32.dllMessageBoxA
advapi32.dllRegCloseKey
oleaut32.dllSysFreeString
gdi32.dllCreateFontA
shell32.dllShellExecuteA
version.dllGetFileVersionInfoA
ole32.dllOleInitialize
msvcrt.dll__C_specific_handler
WININET.dllInternetCloseHandle

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:21:43:04
Start date:31/08/2024
Path:C:\Users\user\Desktop\ujsvTrVlol.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\ujsvTrVlol.exe"
Imagebase:0x7ff7f59e0000
File size:16'260'936 bytes
MD5 hash:35868ED1B450F9FCF74D7076B64383F2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:3.8%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:23.6%
    Total number of Nodes:1411
    Total number of Limit Nodes:6
    execution_graph 8731 7ff7f59e9ec5 8732 7ff7f59e9ecb 8731->8732 8733 7ff7f59ea06c 8732->8733 8735 7ff7f59e645b 8732->8735 8738 7ff7f59e646b 8735->8738 8736 7ff7f59e64a2 8736->8733 8738->8736 8739 7ff7f59e639d 8738->8739 8740 7ff7f59e63ac 8739->8740 8741 7ff7f59e6407 8740->8741 8742 7ff7f59e63ee memcmp 8740->8742 8741->8738 8742->8741 8743 7ff7f59ed4c6 8744 7ff7f59ed51e 8743->8744 8745 7ff7f59ed4db 8743->8745 8765 7ff7f59ec623 8744->8765 8747 7ff7f59ed505 wcslen 8745->8747 8748 7ff7f59ed4fe 8745->8748 8747->8748 8755 7ff7f59ec4b0 8748->8755 8750 7ff7f59edaf7 8751 7ff7f59ec477 _fputchar 8754 7ff7f59ed412 8751->8754 8754->8750 8754->8751 8769 7ff7f59ec66a 8754->8769 8773 7ff7f59ece3f 8754->8773 8793 7ff7f59ef857 8755->8793 8757 7ff7f59ec4df 8763 7ff7f59ec4f2 8757->8763 8798 7ff7f59ec477 8757->8798 8759 7ff7f59ec561 8761 7ff7f59ec57d 8759->8761 8762 7ff7f59ec477 _fputchar 8759->8762 8760 7ff7f59ef857 4 API calls 8760->8763 8761->8754 8762->8759 8763->8759 8763->8760 8764 7ff7f59ec477 _fputchar 8763->8764 8764->8763 8766 7ff7f59ec633 8765->8766 8767 7ff7f59ec651 strlen 8766->8767 8768 7ff7f59ec64a 8766->8768 8767->8768 8770 7ff7f59ec680 8769->8770 8807 7ff7f59ec58e 8770->8807 8779 7ff7f59ece56 8773->8779 8774 7ff7f59ec477 _fputchar 8776 7ff7f59ed02d 8774->8776 8775 7ff7f59ecfee 8775->8774 8775->8776 8777 7ff7f59ec477 _fputchar 8776->8777 8778 7ff7f59ed03a 8777->8778 8780 7ff7f59ec477 _fputchar 8778->8780 8779->8775 8781 7ff7f59ec477 _fputchar 8779->8781 8783 7ff7f59ed04b 8780->8783 8781->8779 8782 7ff7f59ed098 8786 7ff7f59ed0e4 8782->8786 8789 7ff7f59ec477 _fputchar 8782->8789 8784 7ff7f59ec477 _fputchar 8783->8784 8785 7ff7f59ed051 8783->8785 8784->8783 8785->8782 8788 7ff7f59ec477 _fputchar 8785->8788 8792 7ff7f59ec4b0 5 API calls 8785->8792 8815 7ff7f59ec6dc 8785->8815 8790 7ff7f59ec477 _fputchar 8786->8790 8788->8785 8789->8782 8791 7ff7f59ed0f8 8790->8791 8792->8785 8794 7ff7f59ef863 8793->8794 8795 7ff7f59ef868 ___mb_cur_max_func ___lc_codepage_func 8793->8795 8794->8795 8802 7ff7f59ef7e0 8795->8802 8799 7ff7f59ec488 8798->8799 8800 7ff7f59ec4a0 8799->8800 8801 7ff7f59ec499 _fputchar 8799->8801 8800->8757 8801->8800 8803 7ff7f59ef804 WideCharToMultiByte 8802->8803 8804 7ff7f59ef7f4 8802->8804 8803->8804 8805 7ff7f59ef844 _errno 8803->8805 8804->8805 8806 7ff7f59ef7fb 8804->8806 8805->8806 8806->8757 8808 7ff7f59ec5a6 8807->8808 8809 7ff7f59ec477 _fputchar 8808->8809 8811 7ff7f59ec5b3 8808->8811 8809->8808 8810 7ff7f59ec5fe 8813 7ff7f59ec61a 8810->8813 8814 7ff7f59ec477 _fputchar 8810->8814 8811->8810 8812 7ff7f59ec477 _fputchar 8811->8812 8812->8811 8813->8754 8814->8810 8816 7ff7f59ec6f6 8815->8816 8817 7ff7f59ec71f 8815->8817 8829 7ff7f59efa7c 8816->8829 8818 7ff7f59ec796 8817->8818 8819 7ff7f59ec737 8817->8819 8820 7ff7f59ec477 _fputchar 8818->8820 8822 7ff7f59ef857 4 API calls 8819->8822 8828 7ff7f59ec782 8820->8828 8823 7ff7f59ec765 8822->8823 8824 7ff7f59ec784 8823->8824 8825 7ff7f59ec76c 8823->8825 8826 7ff7f59ec477 _fputchar 8824->8826 8827 7ff7f59ec477 _fputchar 8825->8827 8825->8828 8826->8828 8827->8825 8828->8785 8830 7ff7f59efa92 ___mb_cur_max_func ___lc_codepage_func 8829->8830 8831 7ff7f59efa8d 8829->8831 8832 7ff7f59efacb 8830->8832 8831->8830 8835 7ff7f59ef960 8832->8835 8836 7ff7f59ef980 8835->8836 8837 7ff7f59ef99c 8835->8837 8836->8837 8838 7ff7f59efa64 8836->8838 8840 7ff7f59ef9ef IsDBCSLeadByteEx 8836->8840 8842 7ff7f59ef9ba 8836->8842 8837->8817 8838->8837 8839 7ff7f59efa2f MultiByteToWideChar 8838->8839 8839->8837 8843 7ff7f59efa54 _errno 8839->8843 8840->8838 8840->8842 8841 7ff7f59ef9d6 MultiByteToWideChar 8841->8837 8841->8843 8842->8837 8842->8841 8843->8837 9438 7ff7f59e8bc3 9441 7ff7f59e8f62 9438->9441 9440 7ff7f59e8bcd 9442 7ff7f59e8f7f 9441->9442 9443 7ff7f59e911a 9441->9443 9445 7ff7f59e8f81 9442->9445 9446 7ff7f59e8f8f 9442->9446 9494 7ff7f59e9c9f 9443->9494 9450 7ff7f59e8f9c 9445->9450 9451 7ff7f59e8f85 9445->9451 9447 7ff7f59e9012 9446->9447 9453 7ff7f59e8f8d 9446->9453 9463 7ff7f59e8982 9447->9463 9449 7ff7f59e9c9f 2 API calls 9457 7ff7f59e8fbb 9449->9457 9450->9457 9458 7ff7f59ea098 9450->9458 9451->9453 9514 7ff7f59e85bc 9451->9514 9453->9449 9453->9457 9454 7ff7f59e9020 9456 7ff7f59e8f62 2 API calls 9454->9456 9454->9457 9456->9457 9457->9440 9461 7ff7f59ea0a6 9458->9461 9459 7ff7f59e9c9f 2 API calls 9459->9461 9460 7ff7f59e85bc memcmp 9460->9461 9461->9459 9461->9460 9462 7ff7f59ea0c3 9461->9462 9462->9457 9464 7ff7f59e89a3 9463->9464 9465 7ff7f59e899a 9463->9465 9467 7ff7f59e89c6 9464->9467 9471 7ff7f59e89b3 9464->9471 9465->9464 9466 7ff7f59e8e2b 9465->9466 9468 7ff7f59e8f62 2 API calls 9466->9468 9469 7ff7f59e8ce6 9467->9469 9470 7ff7f59e8c1b 9467->9470 9492 7ff7f59e89c1 9467->9492 9468->9492 9475 7ff7f59e8d14 9469->9475 9479 7ff7f59e8cfa 9469->9479 9473 7ff7f59e8c1d 9470->9473 9474 7ff7f59e8c4a 9470->9474 9472 7ff7f59e8a11 9471->9472 9483 7ff7f59e8a92 9471->9483 9471->9492 9488 7ff7f59e8ac1 9472->9488 9491 7ff7f59e8a19 9472->9491 9477 7ff7f59e8c22 9473->9477 9478 7ff7f59e8c9c 9473->9478 9482 7ff7f59e8f62 2 API calls 9474->9482 9474->9492 9476 7ff7f59e8982 2 API calls 9475->9476 9476->9492 9480 7ff7f59e8c73 9477->9480 9481 7ff7f59e8c27 9477->9481 9518 7ff7f59e64b0 9478->9518 9485 7ff7f59e8982 2 API calls 9479->9485 9487 7ff7f59e8f62 2 API calls 9480->9487 9489 7ff7f59e8982 2 API calls 9481->9489 9481->9492 9482->9492 9486 7ff7f59e8982 2 API calls 9483->9486 9483->9492 9485->9492 9486->9492 9487->9492 9490 7ff7f59e8982 2 API calls 9488->9490 9488->9492 9489->9492 9490->9492 9491->9492 9493 7ff7f59e8982 2 API calls 9491->9493 9492->9454 9493->9492 9495 7ff7f59e64b0 memcmp 9494->9495 9496 7ff7f59e9cbe 9495->9496 9497 7ff7f59e9cd4 9496->9497 9498 7ff7f59e9ce1 9496->9498 9509 7ff7f59e9f2d 9496->9509 9499 7ff7f59e639d memcmp 9497->9499 9500 7ff7f59e9d75 9498->9500 9501 7ff7f59e9ced 9498->9501 9507 7ff7f59e9cdc 9499->9507 9502 7ff7f59e9dd8 9500->9502 9510 7ff7f59e9d7a 9500->9510 9503 7ff7f59e9b60 memcmp 9501->9503 9506 7ff7f59e639d memcmp 9502->9506 9502->9507 9504 7ff7f59e9d12 9503->9504 9504->9507 9508 7ff7f59e9d2a strcmp 9504->9508 9505 7ff7f59e639d memcmp 9505->9510 9506->9507 9507->9509 9512 7ff7f59e645b memcmp 9507->9512 9508->9507 9511 7ff7f59e9d52 9508->9511 9509->9457 9510->9505 9510->9507 9513 7ff7f59e639d memcmp 9511->9513 9512->9509 9513->9507 9515 7ff7f59e85ce 9514->9515 9517 7ff7f59e8605 9514->9517 9516 7ff7f59e645b memcmp 9515->9516 9515->9517 9516->9517 9517->9453 9519 7ff7f59e64bd 9518->9519 9520 7ff7f59e639d memcmp 9519->9520 9521 7ff7f59e6509 9519->9521 9520->9519 9521->9492 8564 7ff7f59e58c0 8565 7ff7f59e58d8 8564->8565 8566 7ff7f59e58de ExitProcess 8565->8566 8567 7ff7f59e58e9 8565->8567 8600 7ff7f59e1d19 8567->8600 8572 7ff7f59ec17f 41 API calls 8573 7ff7f59e5906 8572->8573 8574 7ff7f59e5918 8573->8574 8576 7ff7f59ec17f 41 API calls 8573->8576 8575 7ff7f59ec17f 41 API calls 8574->8575 8582 7ff7f59e5942 CreateMutexA GetLastError 8575->8582 8576->8574 8578 7ff7f59e59d8 8579 7ff7f59ec17f 41 API calls 8578->8579 8580 7ff7f59e59f6 8579->8580 8581 7ff7f59ec17f 41 API calls 8580->8581 8584 7ff7f59e5a05 8581->8584 8582->8578 8598 7ff7f59e59ca 8582->8598 8649 7ff7f59e55d2 8584->8649 8586 7ff7f59ec17f 41 API calls 8587 7ff7f59e5ada 8586->8587 8588 7ff7f59ec17f 41 API calls 8587->8588 8591 7ff7f59e5ae9 8588->8591 8590 7ff7f59e5b9a 8592 7ff7f59ec17f 41 API calls 8590->8592 8670 7ff7f59e13d6 strlen 8591->8670 8593 7ff7f59e5bdc 8592->8593 8594 7ff7f59e5bf3 8593->8594 8595 7ff7f59ec17f 41 API calls 8593->8595 8596 7ff7f59ec17f 41 API calls 8594->8596 8595->8594 8599 7ff7f59e5c19 6 API calls 8596->8599 8599->8598 8601 7ff7f59ec17f 41 API calls 8600->8601 8602 7ff7f59e1d2a 8601->8602 8603 7ff7f59ec17f 41 API calls 8602->8603 8607 7ff7f59e1d39 RegOpenKeyExA 8603->8607 8605 7ff7f59e1e1b 8608 7ff7f59e159a 8605->8608 8606 7ff7f59e1e08 RegCloseKey exit 8606->8605 8607->8605 8607->8606 8609 7ff7f59ec17f 41 API calls 8608->8609 8610 7ff7f59e15bc 8609->8610 8611 7ff7f59ec17f 41 API calls 8610->8611 8615 7ff7f59e15cb 8611->8615 8612 7ff7f59ec17f 41 API calls 8613 7ff7f59e1676 8612->8613 8614 7ff7f59ec17f 41 API calls 8613->8614 8619 7ff7f59e1685 8614->8619 8615->8612 8616 7ff7f59ec17f 41 API calls 8617 7ff7f59e1737 8616->8617 8618 7ff7f59ec17f 41 API calls 8617->8618 8623 7ff7f59e1746 8618->8623 8619->8616 8620 7ff7f59ec17f 41 API calls 8621 7ff7f59e17ff 8620->8621 8622 7ff7f59ec17f 41 API calls 8621->8622 8627 7ff7f59e180e 8622->8627 8623->8620 8624 7ff7f59ec17f 41 API calls 8625 7ff7f59e18b4 8624->8625 8626 7ff7f59ec17f 41 API calls 8625->8626 8631 7ff7f59e18c3 8626->8631 8627->8624 8628 7ff7f59ec17f 41 API calls 8629 7ff7f59e197d 8628->8629 8630 7ff7f59ec17f 41 API calls 8629->8630 8635 7ff7f59e198c 8630->8635 8631->8628 8632 7ff7f59ec17f 41 API calls 8633 7ff7f59e1a46 8632->8633 8634 7ff7f59ec17f 41 API calls 8633->8634 8637 7ff7f59e1a55 8634->8637 8635->8632 8636 7ff7f59ec17f 41 API calls 8638 7ff7f59e1b00 8636->8638 8637->8636 8639 7ff7f59ec17f 41 API calls 8638->8639 8643 7ff7f59e1b0f 8639->8643 8640 7ff7f59ec17f 41 API calls 8641 7ff7f59e1be2 8640->8641 8642 7ff7f59ec17f 41 API calls 8641->8642 8647 7ff7f59e1bf1 8642->8647 8643->8640 8644 7ff7f59e1c9d VirtualProtect 8645 7ff7f59e1cc3 VirtualProtect 8644->8645 8646 7ff7f59e1d05 8644->8646 8645->8647 8646->8572 8647->8644 8647->8646 8648 7ff7f59e1ce6 FlushInstructionCache 8647->8648 8648->8647 8650 7ff7f59e55e8 8649->8650 8651 7ff7f59ec17f 41 API calls 8650->8651 8652 7ff7f59e55fd 8651->8652 8653 7ff7f59ec17f 41 API calls 8652->8653 8657 7ff7f59e560c InternetOpenW 8653->8657 8655 7ff7f59e56e6 InternetOpenUrlW 8658 7ff7f59e570f 8655->8658 8659 7ff7f59e5722 InternetCloseHandle 8655->8659 8656 7ff7f59e572d 8656->8586 8656->8598 8657->8655 8657->8656 8660 7ff7f59e5791 InternetReadFile 8658->8660 8662 7ff7f59e588a GetLastError 8658->8662 8665 7ff7f5a019a0 20 API calls 8658->8665 8666 7ff7f5a008f0 17 API calls 8658->8666 8668 7ff7f59fb8f0 memcpy 8658->8668 8669 7ff7f59fb930 memcpy 8658->8669 8674 7ff7f59fb8f0 8658->8674 8659->8656 8660->8658 8661 7ff7f59e57ae 8660->8661 8661->8662 8663 7ff7f59e5870 InternetCloseHandle InternetCloseHandle 8661->8663 8662->8663 8664 7ff7f59e5894 InternetCloseHandle InternetCloseHandle 8662->8664 8663->8656 8664->8656 8665->8658 8666->8658 8668->8658 8669->8658 8671 7ff7f59e1401 8670->8671 8673 7ff7f59e1411 8670->8673 8677 7ff7f59fdbc0 8671->8677 8673->8590 8675 7ff7f59fb904 memcpy 8674->8675 8676 7ff7f59fb917 8674->8676 8675->8676 8676->8660 8678 7ff7f59fdbd6 8677->8678 8680 7ff7f59fdbe2 8677->8680 8679 7ff7f5a019a0 20 API calls 8678->8679 8679->8680 8849 7ff7f59ed6c1 8854 7ff7f59ed412 8849->8854 8850 7ff7f59ec66a _fputchar 8850->8854 8851 7ff7f59ece3f 11 API calls 8851->8854 8852 7ff7f59edaf7 8853 7ff7f59ec477 _fputchar 8853->8854 8854->8849 8854->8850 8854->8851 8854->8852 8854->8853 9527 7ff7f59efbbb ___mb_cur_max_func ___lc_codepage_func 9528 7ff7f59efbea 9527->9528 9529 7ff7f59ef960 4 API calls 9528->9529 9530 7ff7f59efc09 9529->9530 8870 7ff7f59e14d3 8871 7ff7f5a00a00 3 API calls 8870->8871 8872 7ff7f59e14db 8871->8872 8879 7ff7f5a00d30 8872->8879 8881 7ff7f5a00d3a 8879->8881 8880 7ff7f5a00d77 8882 7ff7f5a00580 3 API calls 8880->8882 8881->8880 8887 7ff7f59ebf78 8881->8887 8883 7ff7f5a00d7c 8882->8883 8888 7ff7f59ebf83 8887->8888 8889 7ff7f59ebf8a 8887->8889 8894 7ff7f59ebe78 RaiseException 8888->8894 8895 7ff7f59ebbb0 RaiseException 8889->8895 8892 7ff7f59ebf88 8893 7ff7f59ebf8f abort 8892->8893 8894->8892 8896 7ff7f59ebbf7 8895->8896 8896->8893 9531 7ff7f59e95d1 9533 7ff7f59e95e9 9531->9533 9532 7ff7f59e9716 9533->9532 9536 7ff7f59e66a1 9533->9536 9539 7ff7f59ec330 9536->9539 9542 7ff7f59ed360 9539->9542 9547 7ff7f59ed397 9542->9547 9543 7ff7f59e66c5 strlen 9543->9532 9544 7ff7f59ec477 _fputchar 9544->9547 9545 7ff7f59ec66a _fputchar 9545->9547 9546 7ff7f59ece3f 11 API calls 9546->9547 9547->9543 9547->9544 9547->9545 9547->9546 9553 7ff7f59ebfcf RtlCaptureContext 9554 7ff7f59ec050 RtlLookupFunctionEntry 9553->9554 9555 7ff7f59ec07c RtlVirtualUnwind 9554->9555 9556 7ff7f59ec0e7 9554->9556 9557 7ff7f59ec0d4 9555->9557 9557->9554 9557->9556 9558 7ff7f59eb5c7 9559 7ff7f59eb5ee 9558->9559 9560 7ff7f59eb67f signal 9559->9560 9561 7ff7f59eb60f 9559->9561 9562 7ff7f59eb655 9559->9562 9560->9561 9560->9562 9562->9561 9563 7ff7f59eb69b signal 9562->9563 9563->9561 8914 7ff7f59e9ea5 8915 7ff7f59e9ecb 8914->8915 8916 7ff7f59ea06c 8915->8916 8917 7ff7f59e645b memcmp 8915->8917 8917->8916 9574 7ff7f59ef39a 9575 7ff7f59ef3af 9574->9575 9576 7ff7f59ef3b3 9575->9576 9577 7ff7f59ef3d0 9575->9577 9578 7ff7f59eee63 5 API calls 9576->9578 9579 7ff7f59eee63 5 API calls 9577->9579 9580 7ff7f59ef3ba 9578->9580 9579->9580 8933 7ff7f59ef898 ___lc_codepage_func ___mb_cur_max_func 8934 7ff7f59ef8c7 8933->8934 8939 7ff7f59ef901 8933->8939 8935 7ff7f59ef8cc 8934->8935 8936 7ff7f59ef8d3 8934->8936 8937 7ff7f59ef7e0 2 API calls 8935->8937 8935->8939 8938 7ff7f59ef7e0 2 API calls 8936->8938 8936->8939 8937->8935 8938->8936 9581 7ff7f59ef598 9582 7ff7f59eee63 5 API calls 9581->9582 9583 7ff7f59ef5b4 9582->9583 9588 7ff7f59effb4 9589 7ff7f59efdd9 2 API calls 9588->9589 9590 7ff7f59effbf 9589->9590 9591 7ff7f59effd9 9590->9591 9592 7ff7f59effea 9590->9592 9594 7ff7f59efff0 9590->9594 9593 7ff7f59effdf GetCurrentThreadId 9591->9593 9591->9594 9592->9594 9595 7ff7f59efff7 GetCurrentThreadId 9592->9595 9593->9594 9595->9594 8951 7ff7f59eb6ae 8952 7ff7f59eb6b3 signal 8951->8952 8953 7ff7f59eb6c5 signal 8952->8953 8954 7ff7f59eb641 8952->8954 8953->8954 9596 7ff7f59ed5ab 9597 7ff7f59ed5bd 9596->9597 9604 7ff7f59ecc44 9597->9604 9599 7ff7f59edaf7 9600 7ff7f59ec477 _fputchar 9603 7ff7f59ed412 9600->9603 9601 7ff7f59ec66a _fputchar 9601->9603 9602 7ff7f59ece3f 11 API calls 9602->9603 9603->9599 9603->9600 9603->9601 9603->9602 9605 7ff7f59ecc76 9604->9605 9606 7ff7f59ecd96 9605->9606 9611 7ff7f59ec477 _fputchar 9605->9611 9607 7ff7f59ece16 9606->9607 9608 7ff7f59ec477 _fputchar 9606->9608 9609 7ff7f59ece32 9607->9609 9610 7ff7f59ec477 _fputchar 9607->9610 9608->9606 9609->9603 9610->9607 9611->9605 9612 7ff7f59e8ba9 9613 7ff7f59e8f62 2 API calls 9612->9613 9614 7ff7f59e8bb3 9613->9614 9620 7ff7f59e6806 9621 7ff7f59e6814 9620->9621 9624 7ff7f59e6376 strlen 9621->9624 9625 7ff7f59ebc01 9626 7ff7f59ebc0f 9625->9626 9627 7ff7f59ebc0a abort 9625->9627 9627->9626 9632 7ff7f59e1001 9633 7ff7f59e103c __set_app_type 9632->9633 9635 7ff7f59e10a9 9633->9635 9636 7ff7f59e65fe 9637 7ff7f59e666b 9636->9637 9639 7ff7f59e6625 9636->9639 9638 7ff7f59e663d _realloc_dbg 9638->9637 9640 7ff7f59e664d ??3@YAXPEAX 9638->9640 9639->9637 9639->9638 9640->9637 8681 7ff7f59e12fd 8682 7ff7f59e1306 8681->8682 8684 7ff7f59e1335 8682->8684 8686 7ff7f59e1131 8682->8686 8687 7ff7f59e115a 8686->8687 8688 7ff7f59e1172 8687->8688 8689 7ff7f59e1169 Sleep 8687->8689 8690 7ff7f59e1194 8688->8690 8691 7ff7f59e1188 _amsg_exit 8688->8691 8689->8687 8692 7ff7f59e11b5 8690->8692 8693 7ff7f59e119a _initterm 8690->8693 8691->8692 8694 7ff7f59e11c5 _initterm 8692->8694 8695 7ff7f59e11de 8692->8695 8693->8692 8694->8695 8707 7ff7f59eb30b 8695->8707 8698 7ff7f59e122e 8699 7ff7f59e1233 _malloc_dbg 8698->8699 8700 7ff7f59e1253 8699->8700 8701 7ff7f59e1283 8700->8701 8702 7ff7f59e1258 strlen _malloc_dbg 8700->8702 8718 7ff7f5a01d80 8701->8718 8702->8700 8708 7ff7f59e1208 SetUnhandledExceptionFilter 8707->8708 8710 7ff7f59eb329 8707->8710 8708->8698 8709 7ff7f59eb52f 8709->8708 8712 7ff7f59eb557 VirtualProtect 8709->8712 8710->8709 8711 7ff7f59eb3a0 8710->8711 8715 7ff7f59eb3df 8710->8715 8711->8709 8714 7ff7f59eb3be 8711->8714 8712->8709 8714->8711 8724 7ff7f59eb1c4 8714->8724 8715->8709 8716 7ff7f59eb44a 8715->8716 8717 7ff7f59eb1c4 3 API calls 8716->8717 8717->8715 8719 7ff7f5a01d91 8718->8719 8722 7ff7f5a01daf _ismbblead 8719->8722 8723 7ff7f5a01d9e GetStartupInfoA 8719->8723 8721 7ff7f5a01e14 8722->8719 8723->8721 8726 7ff7f59eb1ea 8724->8726 8725 7ff7f59eb2f3 8725->8714 8726->8725 8727 7ff7f59eb24f VirtualQuery 8726->8727 8728 7ff7f59eb278 8727->8728 8728->8725 8729 7ff7f59eb2a7 VirtualProtect 8728->8729 8729->8725 8730 7ff7f59eb2df GetLastError 8729->8730 8730->8725 8994 7ff7f59e14fd 8995 7ff7f59e1500 8994->8995 8998 7ff7f59ebeb8 RtlCaptureContext RtlUnwindEx abort 8995->8998 8999 7ff7f59e74f8 9000 7ff7f59e7505 8999->9000 9012 7ff7f59e7554 8999->9012 9001 7ff7f59e7561 9000->9001 9005 7ff7f59e7516 9000->9005 9014 7ff7f59e8340 9001->9014 9003 7ff7f59e7571 9003->9012 9024 7ff7f59e8492 9003->9024 9013 7ff7f59e6376 strlen 9005->9013 9007 7ff7f59e75ba strcmp 9009 7ff7f59e75e0 9007->9009 9008 7ff7f59e7589 9008->9007 9008->9012 9010 7ff7f59e760a strcmp 9009->9010 9011 7ff7f59e7659 strcmp 9010->9011 9010->9012 9011->9012 9015 7ff7f59e8363 9014->9015 9023 7ff7f59e83a0 9014->9023 9016 7ff7f59e8396 9015->9016 9017 7ff7f59e83ee 9015->9017 9019 7ff7f59e83a5 9016->9019 9020 7ff7f59e8398 9016->9020 9029 7ff7f59e6376 strlen 9017->9029 9019->9023 9028 7ff7f59e6376 strlen 9019->9028 9020->9023 9030 7ff7f59e6376 strlen 9020->9030 9023->9003 9025 7ff7f59e84a5 9024->9025 9027 7ff7f59e8501 9025->9027 9031 7ff7f59e6376 strlen 9025->9031 9027->9008 9651 7ff7f59eb00c 9652 7ff7f59eb01e 9651->9652 9654 7ff7f59eb033 9652->9654 9655 7ff7f59eb85d 9652->9655 9656 7ff7f59eb86b 9655->9656 9659 7ff7f59eb873 9655->9659 9657 7ff7f59eb881 9656->9657 9656->9659 9660 7ff7f59eb871 9656->9660 9658 7ff7f59eb88b RtlInitializeCriticalSection 9657->9658 9657->9659 9658->9659 9659->9654 9660->9659 9661 7ff7f59eb8c9 ??3@YAXPEAX 9660->9661 9662 7ff7f59eb8d7 RtlDeleteCriticalSection 9660->9662 9661->9660 9662->9659 9663 7ff7f59ea409 strcmp 9664 7ff7f59ea43e 9663->9664 9685 7ff7f59ea2ce 9663->9685 9665 7ff7f59ea468 9664->9665 9668 7ff7f59ea51e 9664->9668 9666 7ff7f59ea47b 9665->9666 9677 7ff7f59ea46d 9665->9677 9667 7ff7f59ea64c strcmp 9666->9667 9666->9685 9669 7ff7f59ea65f strcmp 9667->9669 9667->9685 9670 7ff7f59ea544 strcmp 9668->9670 9671 7ff7f59ea53a 9668->9671 9678 7ff7f59ea52b 9668->9678 9672 7ff7f59ea67c 9669->9672 9669->9685 9674 7ff7f59ea557 9670->9674 9670->9678 9673 7ff7f59e9b60 memcmp 9671->9673 9680 7ff7f59e9b60 memcmp 9672->9680 9672->9685 9673->9678 9679 7ff7f59e9c9f 2 API calls 9674->9679 9675 7ff7f59ea77a strcmp 9675->9685 9676 7ff7f59ea56e strcmp 9681 7ff7f59ea596 strcmp 9676->9681 9676->9685 9677->9675 9677->9685 9678->9676 9679->9678 9680->9685 9682 7ff7f59ea5bc 9681->9682 9683 7ff7f59ea5a9 strcmp 9681->9683 9684 7ff7f59e9c9f 2 API calls 9682->9684 9682->9685 9683->9682 9683->9685 9684->9685 9706 7ff7f59e6fdc 9708 7ff7f59e7015 9706->9708 9707 7ff7f59e70cf 9708->9707 9710 7ff7f59e81ee 9708->9710 9711 7ff7f59e8218 9710->9711 9715 7ff7f59e8209 9710->9715 9712 7ff7f59e8240 9711->9712 9716 7ff7f59e6376 strlen 9711->9716 9717 7ff7f59e8090 9712->9717 9721 7ff7f59e80a1 9717->9721 9718 7ff7f59e80f9 9732 7ff7f59e7f71 9718->9732 9720 7ff7f59e8113 9723 7ff7f59e81ee 12 API calls 9720->9723 9721->9718 9721->9720 9722 7ff7f59e8131 9721->9722 9728 7ff7f59e8109 9721->9728 9735 7ff7f59e6376 strlen 9722->9735 9723->9728 9728->9715 9733 7ff7f59e8002 9732->9733 9734 7ff7f59e8090 12 API calls 9733->9734 9736 7ff7f59e79db 9737 7ff7f59e79e9 9736->9737 9738 7ff7f59e79fe 9736->9738 9738->9737 9740 7ff7f59e6376 strlen 9738->9740 9741 7ff7f59ed5f2 9742 7ff7f59ed5f6 9741->9742 9748 7ff7f59ed412 9742->9748 9749 7ff7f59eca40 9742->9749 9744 7ff7f59edaf7 9745 7ff7f59ec477 _fputchar 9745->9748 9746 7ff7f59ec66a _fputchar 9746->9748 9747 7ff7f59ece3f 11 API calls 9747->9748 9748->9744 9748->9745 9748->9746 9748->9747 9755 7ff7f59eca92 9749->9755 9750 7ff7f59ecbf6 9751 7ff7f59ecc0f 9750->9751 9753 7ff7f59ec477 _fputchar 9750->9753 9754 7ff7f59ecc36 9751->9754 9756 7ff7f59ec477 _fputchar 9751->9756 9752 7ff7f59ec477 _fputchar 9752->9755 9753->9750 9754->9748 9755->9750 9755->9752 9756->9751 9048 7ff7f59efef0 9049 7ff7f59eff14 9048->9049 9050 7ff7f59eff07 9048->9050 9052 7ff7f59f2040 GetSystemTimeAsFileTime 9050->9052 9052->9049 9768 7ff7f59eaff0 9769 7ff7f59eaff9 9768->9769 9770 7ff7f59eb002 9769->9770 9771 7ff7f59eb85d 3 API calls 9769->9771 9771->9770 9053 7ff7f59efae7 9054 7ff7f59efb06 9053->9054 9055 7ff7f59efb0d ___lc_codepage_func ___mb_cur_max_func 9053->9055 9054->9055 9056 7ff7f59efb68 9055->9056 9057 7ff7f59efb28 9055->9057 9057->9056 9058 7ff7f59efb33 9057->9058 9061 7ff7f59efb71 9057->9061 9058->9056 9059 7ff7f59ef960 4 API calls 9058->9059 9059->9058 9060 7ff7f59ef960 4 API calls 9060->9061 9061->9056 9061->9060 9772 7ff7f59ed9e8 9773 7ff7f59ed9f0 localeconv 9772->9773 9779 7ff7f59ed412 9772->9779 9774 7ff7f59efa7c 6 API calls 9773->9774 9774->9779 9775 7ff7f59edaf7 9776 7ff7f59ec477 _fputchar 9776->9779 9777 7ff7f59ec66a _fputchar 9777->9779 9778 7ff7f59ece3f 11 API calls 9778->9779 9779->9775 9779->9776 9779->9777 9779->9778 9780 7ff7f59eb7e8 9781 7ff7f59eb854 9780->9781 9782 7ff7f59eb7fa RtlAcquirePebLock 9780->9782 9784 7ff7f59eb813 9782->9784 9783 7ff7f59eb84b RtlLeaveCriticalSection 9783->9781 9784->9783 9785 7ff7f59eb838 ??3@YAXPEAX 9784->9785 9785->9783 9068 7ff7f59e7c46 9069 7ff7f59e7c59 9068->9069 9071 7ff7f59e7c89 9069->9071 9072 7ff7f59e6376 strlen 9069->9072 9071->9071 9786 7ff7f59e493c 9789 7ff7f59e49b6 9786->9789 9787 7ff7f59e1362 20 API calls 9788 7ff7f59e4a7f 9787->9788 9790 7ff7f59ec17f 41 API calls 9788->9790 9789->9787 9791 7ff7f59e4a97 9790->9791 9792 7ff7f59ec17f 41 API calls 9791->9792 9793 7ff7f59e4aa6 9792->9793 9794 7ff7f59e1362 20 API calls 9793->9794 9795 7ff7f59e4b86 9794->9795 9796 7ff7f59ec17f 41 API calls 9795->9796 9797 7ff7f59e4b9e 9796->9797 9798 7ff7f59ec17f 41 API calls 9797->9798 9799 7ff7f59e4bad 9798->9799 9800 7ff7f59e1362 20 API calls 9799->9800 9801 7ff7f59e4c8d 9800->9801 9802 7ff7f59ec17f 41 API calls 9801->9802 9803 7ff7f59e4ca5 9802->9803 9804 7ff7f59ec17f 41 API calls 9803->9804 9806 7ff7f59e4cb4 9804->9806 9805 7ff7f59e1362 20 API calls 9807 7ff7f59e4d95 9805->9807 9806->9805 9808 7ff7f59ec17f 41 API calls 9807->9808 9809 7ff7f59e4dad 9808->9809 9810 7ff7f59ec17f 41 API calls 9809->9810 9812 7ff7f59e4dbc 9810->9812 9811 7ff7f59e1362 20 API calls 9813 7ff7f59e4e9d 9811->9813 9812->9811 9814 7ff7f59ec17f 41 API calls 9813->9814 9815 7ff7f59e4eb5 9814->9815 9816 7ff7f59ec17f 41 API calls 9815->9816 9817 7ff7f59e4ec4 9816->9817 9818 7ff7f59e1362 20 API calls 9817->9818 9819 7ff7f59e4fa5 9818->9819 9820 7ff7f59e1444 21 API calls 9819->9820 9821 7ff7f59e4fdb 9820->9821 9822 7ff7f59ec17f 41 API calls 9821->9822 9823 7ff7f59e5012 9822->9823 9824 7ff7f59ec17f 41 API calls 9823->9824 9828 7ff7f59e5021 GetEnvironmentVariableW 9824->9828 9826 7ff7f59e5470 CreateToolhelp32Snapshot 9830 7ff7f59e5489 Process32FirstW 9826->9830 9859 7ff7f59e544d 9826->9859 9827 7ff7f59e5119 9829 7ff7f59ec17f 41 API calls 9827->9829 9828->9826 9828->9827 9831 7ff7f59e5125 9829->9831 9832 7ff7f59e54b4 9830->9832 9830->9859 9833 7ff7f59ec17f 41 API calls 9831->9833 9834 7ff7f59e54d2 Process32NextW 9832->9834 9835 7ff7f59e54ec _wcsicmp 9832->9835 9837 7ff7f59e5134 9833->9837 9834->9832 9834->9859 9835->9832 9835->9859 9836 7ff7f59e1362 20 API calls 9838 7ff7f59e51f1 9836->9838 9837->9836 9839 7ff7f59fee10 21 API calls 9838->9839 9840 7ff7f59e51fc 9839->9840 9841 7ff7f59e5214 GetFileAttributesW 9840->9841 9842 7ff7f59e5227 9841->9842 9841->9859 9843 7ff7f59ec17f 41 API calls 9842->9843 9844 7ff7f59e5233 9843->9844 9845 7ff7f59ec17f 41 API calls 9844->9845 9849 7ff7f59e5242 GetEnvironmentVariableW 9845->9849 9847 7ff7f59e5316 9850 7ff7f59ec17f 41 API calls 9847->9850 9848 7ff7f59e5454 9848->9826 9849->9847 9849->9848 9851 7ff7f59e5322 9850->9851 9852 7ff7f59ec17f 41 API calls 9851->9852 9854 7ff7f59e5331 9852->9854 9853 7ff7f59e1362 20 API calls 9855 7ff7f59e5418 9853->9855 9854->9853 9856 7ff7f59fee10 21 API calls 9855->9856 9857 7ff7f59e5423 9856->9857 9858 7ff7f59e543b GetFileAttributesW 9857->9858 9858->9848 9858->9859 9871 7ff7f59e874d 9872 7ff7f59e8767 9871->9872 9876 7ff7f59e8760 9871->9876 9873 7ff7f59e877c 9872->9873 9875 7ff7f59e87ae 9872->9875 9874 7ff7f59e8982 2 API calls 9873->9874 9873->9876 9874->9876 9875->9876 9877 7ff7f59e87d4 strcmp 9875->9877 9877->9876 9878 7ff7f59ec14b 9879 7ff7f59ec15d 9878->9879 9884 7ff7f59f0ab9 9879->9884 9882 7ff7f59ec174 abort 9883 7ff7f59ec17a 9882->9883 9885 7ff7f59f0ad9 9884->9885 9892 7ff7f59ec170 9884->9892 9894 7ff7f59f2900 9885->9894 9887 7ff7f59f0b5a 9889 7ff7f59f2882 8 API calls 9887->9889 9889->9892 9890 7ff7f59f0b72 _realloc_dbg 9890->9887 9893 7ff7f59f0b1e 9890->9893 9892->9882 9892->9883 9907 7ff7f59f2882 9893->9907 9913 7ff7f59f2512 9894->9913 9896 7ff7f59f2912 9906 7ff7f59f0ae8 9896->9906 9917 7ff7f59f2274 9896->9917 9899 7ff7f59f121c 26 API calls 9900 7ff7f59f2972 9899->9900 9901 7ff7f59f121c 26 API calls 9900->9901 9903 7ff7f59f2982 9901->9903 9904 7ff7f59f29a4 9903->9904 9924 7ff7f59f3577 9903->9924 9905 7ff7f59f121c 26 API calls 9904->9905 9905->9906 9906->9887 9906->9890 9906->9893 9909 7ff7f59f2892 9907->9909 9908 7ff7f59f28ce 9908->9892 9909->9908 9910 7ff7f59efee8 6 API calls 9909->9910 9911 7ff7f59f28ab 9910->9911 9911->9908 9912 7ff7f59eff3f 4 API calls 9911->9912 9912->9908 9914 7ff7f59f2540 9913->9914 9916 7ff7f59f2522 9913->9916 9945 7ff7f59f24c8 9914->9945 9916->9896 9918 7ff7f59efee8 6 API calls 9917->9918 9919 7ff7f59f228a 9918->9919 9920 7ff7f59f22a7 9919->9920 9921 7ff7f59efee8 6 API calls 9919->9921 9920->9899 9920->9906 9922 7ff7f59f2299 9921->9922 9922->9920 9923 7ff7f59eff3f 4 API calls 9922->9923 9923->9920 9925 7ff7f59f3595 9924->9925 9926 7ff7f59f36f1 9924->9926 9925->9926 9934 7ff7f59f35af 9925->9934 9968 7ff7f59f2f0a 9925->9968 9926->9903 9929 7ff7f59f3605 RtlTryAcquirePebLock 9930 7ff7f59f3640 RtlLeaveCriticalSection 9929->9930 9929->9934 9932 7ff7f59f2bc0 5 API calls 9930->9932 9933 7ff7f59f3663 9932->9933 9933->9926 9936 7ff7f59f121c 26 API calls 9933->9936 9934->9926 9934->9929 9972 7ff7f59f31ab RtlAcquirePebLock RtlLeaveCriticalSection 9934->9972 9979 7ff7f59f2bc0 RtlAcquirePebLock 9934->9979 9986 7ff7f59f3cc6 Sleep 9934->9986 9937 7ff7f59f369e 9936->9937 9938 7ff7f59f121c 26 API calls 9937->9938 9939 7ff7f59f36ae 9938->9939 9940 7ff7f59eff3f 4 API calls 9939->9940 9942 7ff7f59f36c1 9940->9942 9941 7ff7f59f36e8 9944 7ff7f59f121c 26 API calls 9941->9944 9942->9941 9943 7ff7f59f31ab 51 API calls 9942->9943 9943->9941 9944->9926 9946 7ff7f59f24e0 9945->9946 9947 7ff7f59f24e6 9946->9947 9949 7ff7f59f240d 9946->9949 9947->9916 9950 7ff7f59f24b2 9949->9950 9951 7ff7f59f2428 _calloc_dbg 9949->9951 9950->9947 9951->9950 9953 7ff7f59f2449 9951->9953 9952 7ff7f59f248a ??3@YAXPEAX 9952->9950 9953->9952 9954 7ff7f59f2482 9953->9954 9959 7ff7f59f2dff 9953->9959 9957 7ff7f59f0010 ??3@YAXPEAX 9954->9957 9957->9952 9958 7ff7f59f0010 ??3@YAXPEAX 9958->9954 9960 7ff7f59f249f 9959->9960 9961 7ff7f59f2e17 9959->9961 9960->9950 9960->9958 9961->9960 9962 7ff7f59f2e2a _calloc_dbg 9961->9962 9962->9960 9963 7ff7f59f2e4a CreateSemaphoreA CreateSemaphoreA 9962->9963 9964 7ff7f59f2e9e 9963->9964 9965 7ff7f59f2ea3 9963->9965 9964->9965 9966 7ff7f59f2ecf RtlInitializeCriticalSection RtlInitializeCriticalSection RtlInitializeCriticalSection 9964->9966 9967 7ff7f59f2ebb ??3@YAXPEAX 9965->9967 9966->9960 9967->9960 9970 7ff7f59f2f28 9968->9970 9969 7ff7f59f2f3f 9969->9934 9970->9969 9971 7ff7f59f2dff 7 API calls 9970->9971 9971->9969 9973 7ff7f59f3200 9972->9973 9974 7ff7f59f321d 9972->9974 9987 7ff7f59f2f53 9973->9987 9974->9934 9977 7ff7f59f3214 9978 7ff7f59f3217 RtlLeaveCriticalSection 9977->9978 9978->9974 9980 7ff7f59f2c05 9979->9980 9981 7ff7f59f2bf9 RtlLeaveCriticalSection 9979->9981 9983 7ff7f59f2c15 ReleaseSemaphore 9980->9983 9984 7ff7f59f2c0c RtlLeaveCriticalSection 9980->9984 9982 7ff7f59f2c3b 9981->9982 9982->9934 9983->9984 9985 7ff7f59f2c2c RtlLeaveCriticalSection 9983->9985 9984->9982 9985->9982 9986->9934 9988 7ff7f59f2fb5 9987->9988 9991 7ff7f59f2f6c 9987->9991 10014 7ff7f59f11ee 9988->10014 9993 7ff7f59f2f9e WaitForSingleObject 9991->9993 9994 7ff7f59f2f97 RtlAcquirePebLock 9991->9994 9992 7ff7f59f3083 9996 7ff7f59f3092 9992->9996 10003 7ff7f59f310f 9992->10003 9993->9994 9994->9977 9994->9978 9995 7ff7f59f2ff6 9995->9994 10000 7ff7f59f3059 9995->10000 10001 7ff7f59f3048 WaitForSingleObject 9995->10001 9997 7ff7f59f13ec 26 API calls 9996->9997 9999 7ff7f59f30e3 9996->9999 10005 7ff7f59f3021 9996->10005 9997->9996 9998 7ff7f59f2fcd 9998->9995 10002 7ff7f59f3011 ResetEvent 9998->10002 10008 7ff7f59f14e4 42 API calls 9998->10008 9999->9994 10010 7ff7f59f30f8 WaitForSingleObject 9999->10010 10000->9994 10028 7ff7f59f13ec 10000->10028 10001->9994 10001->10000 10002->9998 10002->10005 10003->9994 10004 7ff7f59f316a 10003->10004 10006 7ff7f59f13ec 26 API calls 10003->10006 10011 7ff7f59f3187 10003->10011 10009 7ff7f59f3172 WaitForSingleObject 10004->10009 10004->10011 10005->9994 10017 7ff7f59f14e4 10005->10017 10006->10003 10008->9998 10009->10011 10010->9994 10011->9994 10012 7ff7f59f14e4 42 API calls 10011->10012 10012->9994 10015 7ff7f59f068f 26 API calls 10014->10015 10016 7ff7f59f11f7 10015->10016 10016->9992 10016->9998 10018 7ff7f59f068f 26 API calls 10017->10018 10020 7ff7f59f14ef 10018->10020 10019 7ff7f59f1553 10019->9994 10020->10019 10021 7ff7f59efee8 6 API calls 10020->10021 10022 7ff7f59f1513 10021->10022 10022->10019 10023 7ff7f59f1546 10022->10023 10024 7ff7f59f1540 ResetEvent 10022->10024 10025 7ff7f59eff3f 4 API calls 10023->10025 10024->10023 10026 7ff7f59f154e 10025->10026 10032 7ff7f59f1444 10026->10032 10029 7ff7f59f13fe 10028->10029 10031 7ff7f59f13fa 10028->10031 10030 7ff7f59f068f 26 API calls 10029->10030 10030->10031 10031->9994 10033 7ff7f59f068f 26 API calls 10032->10033 10034 7ff7f59f144e 10033->10034 10049 7ff7f59f141f 10034->10049 10037 7ff7f59f141f 26 API calls 10038 7ff7f59f148a 10037->10038 10052 7ff7f59f131f 10038->10052 10050 7ff7f59f068f 26 API calls 10049->10050 10051 7ff7f59f142b 10050->10051 10051->10037 10053 7ff7f59f068f 26 API calls 10052->10053 10054 7ff7f59f132d 10053->10054 10062 7ff7f59f0df7 10054->10062 10057 7ff7f59f1346 longjmp 10058 7ff7f59f1358 TlsGetValue 10057->10058 10059 7ff7f59f13e3 _endthreadex 10058->10059 10060 7ff7f59f136c 10058->10060 10060->10059 10061 7ff7f59f13d5 TlsSetValue 10060->10061 10061->10059 10063 7ff7f59f0e10 10062->10063 10064 7ff7f59f0ec7 10062->10064 10069 7ff7f59f08fc 10063->10069 10064->10057 10064->10058 10066 7ff7f59f0e15 10066->10064 10068 7ff7f59f2882 8 API calls 10066->10068 10075 7ff7f59f262c 10066->10075 10068->10066 10070 7ff7f59f092f 10069->10070 10071 7ff7f59f090d 10069->10071 10070->10066 10072 7ff7f59efee8 6 API calls 10071->10072 10073 7ff7f59f091c 10072->10073 10074 7ff7f59eff3f _malloc_dbg ??3@YAXPEAX GetCurrentThreadId SetEvent 10073->10074 10074->10070 10076 7ff7f59f2512 10 API calls 10075->10076 10077 7ff7f59f263c 10076->10077 10078 7ff7f59efee8 6 API calls 10077->10078 10086 7ff7f59f2679 10077->10086 10079 7ff7f59f264f 10078->10079 10080 7ff7f59f2694 10079->10080 10081 7ff7f59f2662 10079->10081 10079->10086 10082 7ff7f59eff3f _malloc_dbg ??3@YAXPEAX GetCurrentThreadId SetEvent 10080->10082 10083 7ff7f59efee8 6 API calls 10081->10083 10082->10086 10084 7ff7f59f266b 10083->10084 10085 7ff7f59eff3f _malloc_dbg ??3@YAXPEAX GetCurrentThreadId SetEvent 10084->10085 10084->10086 10085->10086 10086->10066 9089 7ff7f59e7a4d 9090 7ff7f59e7a60 9089->9090 9094 7ff7f59e7c0a 9089->9094 9095 7ff7f59e6376 strlen 9090->9095 10087 7ff7f59edb4c 10090 7ff7f59edb20 10087->10090 10091 7ff7f59edb2c 10090->10091 10092 7ff7f59eee63 5 API calls 10091->10092 10093 7ff7f59edb40 10092->10093 10094 7ff7f59ed549 10097 7ff7f59ed557 10094->10097 10095 7ff7f59ed59e 10099 7ff7f59eca40 _fputchar 10095->10099 10096 7ff7f59ed58e 10098 7ff7f59ecc44 _fputchar 10096->10098 10097->10095 10097->10096 10104 7ff7f59ed412 10098->10104 10099->10104 10100 7ff7f59edaf7 10101 7ff7f59ec477 _fputchar 10101->10104 10102 7ff7f59ec66a _fputchar 10102->10104 10103 7ff7f59ece3f 11 API calls 10103->10104 10104->10100 10104->10101 10104->10102 10104->10103 10105 7ff7f59ef149 10106 7ff7f59ef173 10105->10106 10107 7ff7f59ef15d 10105->10107 10108 7ff7f59ef249 10106->10108 10110 7ff7f59eed60 4 API calls 10106->10110 10113 7ff7f59ef19e 10106->10113 10109 7ff7f59eef63 5 API calls 10107->10109 10109->10106 10110->10113 10111 7ff7f59eed60 4 API calls 10111->10113 10112 7ff7f59eef17 4 API calls 10112->10113 10113->10108 10113->10111 10113->10112 10114 7ff7f59ef029 RtlAcquirePebLock RtlInitializeCriticalSection RtlInitializeCriticalSection Sleep _malloc_dbg 10113->10114 10114->10113 9096 7ff7f59e6c49 9101 7ff7f59e6376 strlen 9096->9101 10119 7ff7f59eaf25 10120 7ff7f59eaf38 10119->10120 10121 7ff7f59eaf2e 10119->10121 10121->10120 10122 7ff7f59ea9fa 6 API calls 10121->10122 10122->10120 9102 7ff7f59eee24 9103 7ff7f59eee5d 9102->9103 9104 7ff7f59eee3b RtlDeleteCriticalSection 9102->9104 9104->9103 9110 7ff7f59e6820 9111 7ff7f59e6831 9110->9111 9113 7ff7f59e7c3f 9111->9113 9114 7ff7f59e6376 strlen 9111->9114 10129 7ff7f59e3920 10151 7ff7f59fe690 10129->10151 10131 7ff7f59e3942 10132 7ff7f59ec17f 41 API calls 10131->10132 10133 7ff7f59e3956 10132->10133 10134 7ff7f59ec17f 41 API calls 10133->10134 10135 7ff7f59e3965 GetEnvironmentVariableW 10134->10135 10142 7ff7f59e3a43 10135->10142 10146 7ff7f59e3a4a 10135->10146 10137 7ff7f59e3ad0 10139 7ff7f59ec17f 41 API calls 10137->10139 10140 7ff7f59e3adc 10139->10140 10141 7ff7f59ec17f 41 API calls 10140->10141 10144 7ff7f59e3aeb 10141->10144 10143 7ff7f5a007d0 21 API calls 10145 7ff7f59e3bae 10143->10145 10144->10143 10147 7ff7f59e2205 2 API calls 10145->10147 10146->10137 10146->10142 10155 7ff7f5a007d0 wcslen 10146->10155 10162 7ff7f59e2205 FindFirstFileW 10146->10162 10149 7ff7f59e3bb6 10147->10149 10149->10142 10165 7ff7f59e2238 GetFileAttributesW 10149->10165 10152 7ff7f59fe6a8 10151->10152 10154 7ff7f59fe6b5 10151->10154 10153 7ff7f59ff890 20 API calls 10152->10153 10153->10154 10154->10131 10167 7ff7f59ff6d0 10155->10167 10157 7ff7f5a00815 10171 7ff7f59fee60 10157->10171 10159 7ff7f5a00823 10160 7ff7f59fee60 20 API calls 10159->10160 10161 7ff7f5a00831 10160->10161 10161->10146 10163 7ff7f59e2225 FindClose 10162->10163 10164 7ff7f59e2230 10162->10164 10163->10164 10164->10146 10166 7ff7f59e224c 10165->10166 10166->10149 10168 7ff7f59ff6e3 10167->10168 10169 7ff7f59ff6fa 10168->10169 10170 7ff7f59ff890 20 API calls 10168->10170 10169->10157 10170->10169 10172 7ff7f59f9080 20 API calls 10171->10172 10173 7ff7f59fee80 10172->10173 10174 7ff7f59ff8f0 20 API calls 10173->10174 10175 7ff7f59ff7d0 10173->10175 10174->10175 10175->10159 10176 7ff7f59e6f19 10177 7ff7f59e6f29 10176->10177 10180 7ff7f59e66ca 10177->10180 10181 7ff7f59e66a1 11 API calls 10180->10181 10182 7ff7f59e66ea 10181->10182 10185 7ff7f59e6376 strlen 10182->10185 9123 7ff7f59eb636 9124 7ff7f59eb6b3 signal 9123->9124 9126 7ff7f59eb641 9123->9126 9125 7ff7f59eb6c5 signal 9124->9125 9124->9126 9125->9126 9127 7ff7f59eae31 9128 7ff7f59eae56 9127->9128 9133 7ff7f59eae49 9127->9133 9128->9133 9138 7ff7f59ea9fa 9128->9138 9130 7ff7f59eae8a 9131 7ff7f59eae93 ??3@YAXPEAX 9130->9131 9132 7ff7f59eae9f 9130->9132 9131->9133 9132->9133 9134 7ff7f59eaee1 strlen 9132->9134 9135 7ff7f59eaf03 ??3@YAXPEAX 9134->9135 9136 7ff7f59eaeeb 9134->9136 9135->9133 9137 7ff7f59eaef6 ??3@YAXPEAX 9136->9137 9137->9133 9139 7ff7f59eaa32 _strncoll 9138->9139 9140 7ff7f59eaa27 9138->9140 9145 7ff7f59eaa4d 9139->9145 9140->9139 9140->9145 9141 7ff7f59eaaab strlen 9141->9145 9146 7ff7f59eaced 9141->9146 9142 7ff7f59eac75 strlen 9142->9145 9143 7ff7f59e8982 memcmp strcmp 9143->9145 9144 7ff7f59eacb3 strlen 9144->9145 9145->9141 9145->9142 9145->9143 9145->9144 9145->9146 9146->9130 9152 7ff7f59ed62e 9153 7ff7f59ed644 9152->9153 9160 7ff7f59ed1c0 9153->9160 9155 7ff7f59edaf7 9156 7ff7f59ec477 _fputchar 9159 7ff7f59ed412 9156->9159 9157 7ff7f59ec66a _fputchar 9157->9159 9158 7ff7f59ece3f 11 API calls 9158->9159 9159->9155 9159->9156 9159->9157 9159->9158 9161 7ff7f59ed1d1 9160->9161 9162 7ff7f59ed216 9161->9162 9163 7ff7f59ed223 9161->9163 9164 7ff7f59ec66a _fputchar 9162->9164 9169 7ff7f59ed11a 9163->9169 9166 7ff7f59ed221 9164->9166 9175 7ff7f59edb87 9166->9175 9170 7ff7f59ed13c 9169->9170 9179 7ff7f59ec7b1 9170->9179 9173 7ff7f59ec477 _fputchar 9174 7ff7f59ed1a8 9173->9174 9176 7ff7f59eef17 9175->9176 9178 7ff7f59ed236 9176->9178 9199 7ff7f59eed60 9176->9199 9178->9159 9182 7ff7f59ec7cd 9179->9182 9180 7ff7f59ec81e 9181 7ff7f59ec477 _fputchar 9180->9181 9187 7ff7f59ec8bb 9180->9187 9181->9187 9182->9180 9184 7ff7f59ec477 _fputchar 9182->9184 9183 7ff7f59ec8c1 9185 7ff7f59ec8f7 9183->9185 9186 7ff7f59ec8ca 9183->9186 9184->9182 9190 7ff7f59ec477 _fputchar 9185->9190 9191 7ff7f59ec94c 9185->9191 9196 7ff7f59ec4b0 5 API calls 9185->9196 9188 7ff7f59ec477 _fputchar 9186->9188 9187->9183 9189 7ff7f59ec477 _fputchar 9187->9189 9188->9191 9189->9187 9190->9185 9192 7ff7f59ec6dc 11 API calls 9191->9192 9197 7ff7f59ec960 9191->9197 9192->9197 9193 7ff7f59ec978 9194 7ff7f59ec9a0 9193->9194 9198 7ff7f59ec477 _fputchar 9193->9198 9194->9173 9195 7ff7f59ec477 _fputchar 9195->9197 9196->9185 9197->9193 9197->9195 9198->9193 9200 7ff7f59eed73 RtlAcquirePebLock 9199->9200 9202 7ff7f59eed91 9199->9202 9200->9202 9201 7ff7f59eeda4 RtlInitializeCriticalSection RtlInitializeCriticalSection 9201->9202 9202->9200 9202->9201 9203 7ff7f59eedec Sleep 9202->9203 9204 7ff7f59eedfe 9202->9204 9203->9202 9204->9178 10192 7ff7f59ed52e 10193 7ff7f59ed537 10192->10193 10194 7ff7f59ec623 strlen 10193->10194 10196 7ff7f59ed412 10194->10196 10195 7ff7f59edaf7 10196->10195 10197 7ff7f59ec477 _fputchar 10196->10197 10198 7ff7f59ec66a _fputchar 10196->10198 10199 7ff7f59ece3f 11 API calls 10196->10199 10197->10196 10198->10196 10199->10196 10205 7ff7f59eb981 strlen 10206 7ff7f59eb999 10205->10206 10208 7ff7f59eb9e3 10205->10208 10207 7ff7f59eb9c6 _strncoll 10206->10207 10206->10208 10207->10206 10207->10208 9210 7ff7f59ed480 9211 7ff7f59ed4b3 9210->9211 9212 7ff7f59ed4a7 9210->9212 9213 7ff7f59ec58e _fputchar 9211->9213 9214 7ff7f59ec4b0 5 API calls 9212->9214 9219 7ff7f59ed412 9212->9219 9213->9212 9214->9219 9215 7ff7f59edaf7 9216 7ff7f59ec477 _fputchar 9216->9219 9217 7ff7f59ec66a _fputchar 9217->9219 9218 7ff7f59ece3f 11 API calls 9218->9219 9219->9215 9219->9216 9219->9217 9219->9218 9235 7ff7f59ed87c 9239 7ff7f59ed412 9235->9239 9236 7ff7f59edaf7 9237 7ff7f59ec477 _fputchar 9237->9239 9238 7ff7f59ec66a _fputchar 9238->9239 9239->9236 9239->9237 9239->9238 9240 7ff7f59ece3f 11 API calls 9239->9240 9240->9239 10219 7ff7f59eb778 10220 7ff7f59eb793 _calloc_dbg 10219->10220 10221 7ff7f59eb7de 10219->10221 10220->10221 10222 7ff7f59eb7ad RtlAcquirePebLock RtlLeaveCriticalSection 10220->10222 10222->10221 9246 7ff7f59ed690 9247 7ff7f59ed6a6 9246->9247 9254 7ff7f59ed23e 9247->9254 9249 7ff7f59edaf7 9250 7ff7f59ec477 _fputchar 9253 7ff7f59ed412 9250->9253 9251 7ff7f59ec66a _fputchar 9251->9253 9252 7ff7f59ece3f 11 API calls 9252->9253 9253->9249 9253->9250 9253->9251 9253->9252 9255 7ff7f59ed250 9254->9255 9256 7ff7f59ed2af 9255->9256 9257 7ff7f59ed29d 9255->9257 9258 7ff7f59ed320 9256->9258 9260 7ff7f59ed2c5 9256->9260 9259 7ff7f59ec66a _fputchar 9257->9259 9261 7ff7f59ed324 9258->9261 9262 7ff7f59ed32b strlen 9258->9262 9263 7ff7f59ed2aa 9259->9263 9264 7ff7f59ed2d1 strlen 9260->9264 9265 7ff7f59ed2c9 9260->9265 9266 7ff7f59ed11a 11 API calls 9261->9266 9262->9261 9267 7ff7f59edb87 4 API calls 9263->9267 9264->9265 9269 7ff7f59ec7b1 11 API calls 9265->9269 9266->9263 9268 7ff7f59ed357 9267->9268 9268->9253 9270 7ff7f59ed304 9269->9270 9270->9263 9271 7ff7f59ec477 _fputchar 9270->9271 9271->9270 9272 7ff7f59f0487 9273 7ff7f59eff3f 4 API calls 9272->9273 9274 7ff7f59f0498 9273->9274 8211 7ff7f59e4963 8292 7ff7f59e1362 8211->8292 8213 7ff7f59e4977 8296 7ff7f59ec17f 8213->8296 8216 7ff7f59ec17f 41 API calls 8218 7ff7f59e499e 8216->8218 8217 7ff7f59e1362 20 API calls 8219 7ff7f59e4a7f 8217->8219 8218->8217 8220 7ff7f59ec17f 41 API calls 8219->8220 8221 7ff7f59e4a97 8220->8221 8222 7ff7f59ec17f 41 API calls 8221->8222 8223 7ff7f59e4aa6 8222->8223 8224 7ff7f59e1362 20 API calls 8223->8224 8225 7ff7f59e4b86 8224->8225 8226 7ff7f59ec17f 41 API calls 8225->8226 8227 7ff7f59e4b9e 8226->8227 8228 7ff7f59ec17f 41 API calls 8227->8228 8230 7ff7f59e4bad 8228->8230 8229 7ff7f59e1362 20 API calls 8231 7ff7f59e4c8d 8229->8231 8230->8229 8232 7ff7f59ec17f 41 API calls 8231->8232 8233 7ff7f59e4ca5 8232->8233 8234 7ff7f59ec17f 41 API calls 8233->8234 8236 7ff7f59e4cb4 8234->8236 8235 7ff7f59e1362 20 API calls 8237 7ff7f59e4d95 8235->8237 8236->8235 8238 7ff7f59ec17f 41 API calls 8237->8238 8239 7ff7f59e4dad 8238->8239 8240 7ff7f59ec17f 41 API calls 8239->8240 8242 7ff7f59e4dbc 8240->8242 8241 7ff7f59e1362 20 API calls 8243 7ff7f59e4e9d 8241->8243 8242->8241 8244 7ff7f59ec17f 41 API calls 8243->8244 8245 7ff7f59e4eb5 8244->8245 8246 7ff7f59ec17f 41 API calls 8245->8246 8247 7ff7f59e4ec4 8246->8247 8248 7ff7f59e1362 20 API calls 8247->8248 8249 7ff7f59e4fa5 8248->8249 8315 7ff7f59e1444 8249->8315 8251 7ff7f59e4fdb 8252 7ff7f59ec17f 41 API calls 8251->8252 8253 7ff7f59e5012 8252->8253 8254 7ff7f59ec17f 41 API calls 8253->8254 8258 7ff7f59e5021 GetEnvironmentVariableW 8254->8258 8256 7ff7f59e5470 CreateToolhelp32Snapshot 8260 7ff7f59e5489 Process32FirstW 8256->8260 8266 7ff7f59e544d 8256->8266 8257 7ff7f59e5119 8259 7ff7f59ec17f 41 API calls 8257->8259 8258->8256 8258->8257 8261 7ff7f59e5125 8259->8261 8262 7ff7f59e54b4 8260->8262 8260->8266 8263 7ff7f59ec17f 41 API calls 8261->8263 8264 7ff7f59e54d2 Process32NextW 8262->8264 8265 7ff7f59e54ec _wcsicmp 8262->8265 8269 7ff7f59e5134 8263->8269 8264->8262 8264->8266 8265->8262 8265->8266 8273 7ff7f59e5463 8266->8273 8267 7ff7f59e1362 20 API calls 8268 7ff7f59e51f1 8267->8268 8321 7ff7f59fee10 wcslen 8268->8321 8269->8267 8271 7ff7f59e51fc 8272 7ff7f59e5214 GetFileAttributesW 8271->8272 8272->8273 8274 7ff7f59e5227 8272->8274 8275 7ff7f59ec17f 41 API calls 8274->8275 8276 7ff7f59e5233 8275->8276 8277 7ff7f59ec17f 41 API calls 8276->8277 8281 7ff7f59e5242 GetEnvironmentVariableW 8277->8281 8279 7ff7f59e5316 8282 7ff7f59ec17f 41 API calls 8279->8282 8280 7ff7f59e5454 8280->8256 8281->8279 8281->8280 8283 7ff7f59e5322 8282->8283 8284 7ff7f59ec17f 41 API calls 8283->8284 8287 7ff7f59e5331 8284->8287 8286 7ff7f59e1362 20 API calls 8288 7ff7f59e5418 8286->8288 8287->8286 8289 7ff7f59fee10 21 API calls 8288->8289 8290 7ff7f59e5423 8289->8290 8291 7ff7f59e543b GetFileAttributesW 8290->8291 8291->8266 8291->8280 8293 7ff7f59e137e 8292->8293 8294 7ff7f59e13a6 8293->8294 8326 7ff7f59ff890 8293->8326 8294->8213 8297 7ff7f59ec1e2 8296->8297 8298 7ff7f59ec197 8296->8298 8472 7ff7f59f0cae GetLastError 8297->8472 8454 7ff7f59f1233 8298->8454 8302 7ff7f59ec1ed 8304 7ff7f59ec1f5 _calloc_dbg 8302->8304 8307 7ff7f59ec219 8302->8307 8303 7ff7f59efee8 6 API calls 8308 7ff7f59ec1b9 8303->8308 8305 7ff7f59ec20f abort 8304->8305 8309 7ff7f59ec214 8304->8309 8305->8309 8306 7ff7f59ec22f _realloc_dbg 8306->8305 8306->8309 8307->8306 8307->8309 8311 7ff7f59eff3f 4 API calls 8308->8311 8312 7ff7f59ec2a6 _malloc_dbg 8309->8312 8313 7ff7f59ec28b _malloc_dbg 8309->8313 8314 7ff7f59e498f 8309->8314 8476 7ff7f59f0d0d GetLastError 8309->8476 8311->8297 8312->8305 8312->8314 8313->8305 8313->8314 8314->8216 8316 7ff7f59e147d 8315->8316 8317 7ff7f59e1489 8315->8317 8318 7ff7f5a019a0 20 API calls 8316->8318 8320 7ff7f59e1496 8317->8320 8550 7ff7f5a008f0 8317->8550 8318->8317 8320->8251 8556 7ff7f59f9080 8321->8556 8323 7ff7f59fee3d 8325 7ff7f59ff7d0 8323->8325 8560 7ff7f59ff8f0 8323->8560 8325->8271 8327 7ff7f59ff8a6 8326->8327 8328 7ff7f59ff8b2 8326->8328 8330 7ff7f5a019a0 8327->8330 8369 7ff7f5a009b0 _malloc_dbg 8330->8369 8332 7ff7f5a019b3 8375 7ff7f5a00d80 8332->8375 8334 7ff7f5a019d7 8385 7ff7f59ebeb8 RtlCaptureContext RtlUnwindEx abort 8334->8385 8370 7ff7f5a009e2 8369->8370 8371 7ff7f5a009cd 8369->8371 8370->8332 8386 7ff7f59f6c70 8371->8386 8376 7ff7f5a00d99 8375->8376 8446 7ff7f59ebe78 RaiseException 8376->8446 8378 7ff7f5a00dc2 8379 7ff7f5a00a00 3 API calls 8378->8379 8380 7ff7f5a00dca 8379->8380 8381 7ff7f5a00580 3 API calls 8380->8381 8382 7ff7f5a00dcf 8381->8382 8447 7ff7f59ebc95 8382->8447 8396 7ff7f59f70b0 8386->8396 8391 7ff7f5a00580 8392 7ff7f5a00589 8391->8392 8435 7ff7f59f6690 8392->8435 8395 7ff7f5a005cc 8395->8370 8410 7ff7f59efee8 8396->8410 8399 7ff7f59f6c88 8403 7ff7f59f70f0 8399->8403 8400 7ff7f5a009b0 16 API calls 8401 7ff7f59f70c7 8400->8401 8402 7ff7f5a00d80 7 API calls 8401->8402 8402->8399 8428 7ff7f59eff3f 8403->8428 8406 7ff7f59f6cf9 8406->8370 8406->8391 8407 7ff7f5a009b0 16 API calls 8408 7ff7f59f7107 8407->8408 8409 7ff7f5a00d80 7 API calls 8408->8409 8409->8406 8411 7ff7f59efdec 8410->8411 8421 7ff7f59efdd9 8411->8421 8413 7ff7f59efdfd 8415 7ff7f59efe34 GetCurrentThreadId 8413->8415 8416 7ff7f59efe5d 8413->8416 8419 7ff7f59efe43 8413->8419 8420 7ff7f59efe16 8413->8420 8414 7ff7f59efe20 GetCurrentThreadId 8414->8419 8415->8416 8415->8419 8417 7ff7f59efe64 CreateEventA 8416->8417 8416->8420 8418 7ff7f59efe7c GetLastError 8417->8418 8417->8420 8418->8419 8419->8399 8419->8400 8420->8414 8420->8419 8422 7ff7f59efd70 _malloc_dbg 8421->8422 8423 7ff7f59efdeb 8421->8423 8425 7ff7f59efdcf 8422->8425 8426 7ff7f59efd8e 8422->8426 8423->8413 8425->8413 8426->8425 8427 7ff7f59efdc7 ??3@YAXPEAX 8426->8427 8427->8425 8429 7ff7f59efdd9 2 API calls 8428->8429 8430 7ff7f59eff4a 8429->8430 8431 7ff7f59eff82 8430->8431 8432 7ff7f59eff7b 8430->8432 8434 7ff7f59eff67 GetCurrentThreadId 8430->8434 8431->8406 8431->8407 8432->8431 8433 7ff7f59eff9b SetEvent 8432->8433 8433->8431 8434->8431 8434->8432 8436 7ff7f59f6696 abort 8435->8436 8442 7ff7f5a00a00 8436->8442 8439 7ff7f59f66b6 8440 7ff7f5a00580 strlen 8439->8440 8441 7ff7f59f66bb strlen 8440->8441 8441->8395 8443 7ff7f5a00a0d 8442->8443 8444 7ff7f5a00580 3 API calls 8443->8444 8445 7ff7f59f66a3 abort 8443->8445 8444->8445 8445->8439 8446->8378 8448 7ff7f59ebcc5 8447->8448 8452 7ff7f59ebcd9 8447->8452 8448->8334 8449 7ff7f59ebe56 RtlUnwindEx 8450 7ff7f59ebe15 abort 8449->8450 8451 7ff7f59ebce0 8450->8451 8451->8448 8451->8449 8451->8450 8452->8448 8452->8450 8452->8451 8453 7ff7f59ebda2 RaiseException 8452->8453 8453->8450 8455 7ff7f59ec1aa 8454->8455 8456 7ff7f59f1251 8454->8456 8455->8303 8456->8455 8457 7ff7f59efee8 6 API calls 8456->8457 8458 7ff7f59f1270 8457->8458 8459 7ff7f59f12c0 8458->8459 8460 7ff7f59f1278 8458->8460 8466 7ff7f59f12d6 fprintf 8459->8466 8471 7ff7f59f12b0 8459->8471 8484 7ff7f59f121c 8460->8484 8462 7ff7f59eff3f 4 API calls 8464 7ff7f59f12f5 8462->8464 8487 7ff7f59f03e2 8464->8487 8465 7ff7f59f121c 26 API calls 8469 7ff7f59f129e 8465->8469 8466->8471 8470 7ff7f59f121c 26 API calls 8469->8470 8470->8471 8471->8462 8473 7ff7f59f068f 26 API calls 8472->8473 8474 7ff7f59f0cc9 8473->8474 8475 7ff7f59f0cf7 SetLastError 8474->8475 8475->8302 8477 7ff7f59f068f 26 API calls 8476->8477 8478 7ff7f59f0d30 8477->8478 8479 7ff7f59f0d44 _realloc_dbg 8478->8479 8480 7ff7f59f0d87 8478->8480 8481 7ff7f59f0d64 _realloc_dbg 8479->8481 8483 7ff7f59f0d78 8479->8483 8482 7ff7f59f0dd2 SetLastError 8480->8482 8481->8480 8481->8483 8482->8483 8483->8309 8496 7ff7f59f068f 8484->8496 8486 7ff7f59f1225 8486->8465 8488 7ff7f59f0470 8487->8488 8489 7ff7f59f03f5 8487->8489 8488->8455 8490 7ff7f59f0453 8489->8490 8491 7ff7f59f0425 8489->8491 8492 7ff7f59f045e fprintf 8490->8492 8491->8488 8546 7ff7f59f0010 8491->8546 8492->8488 8510 7ff7f59f05f8 8496->8510 8499 7ff7f59f06b3 8518 7ff7f59f04a5 8499->8518 8500 7ff7f59f079b 8500->8486 8503 7ff7f59f06d2 GetCurrentThreadId CreateEventA 8531 7ff7f59f0551 8503->8531 8507 7ff7f59f0731 DuplicateHandle 8508 7ff7f59f0764 GetThreadPriority TlsSetValue 8507->8508 8509 7ff7f59f075f abort 8507->8509 8508->8500 8508->8509 8509->8508 8511 7ff7f59f0678 TlsGetValue 8510->8511 8512 7ff7f59f0608 8510->8512 8511->8499 8511->8500 8513 7ff7f59efee8 6 API calls 8512->8513 8514 7ff7f59f0626 8513->8514 8517 7ff7f59f0637 8514->8517 8537 7ff7f59f03c3 TlsAlloc 8514->8537 8516 7ff7f59eff3f 4 API calls 8516->8511 8517->8516 8519 7ff7f59efee8 6 API calls 8518->8519 8520 7ff7f59f04bb 8519->8520 8521 7ff7f59f0501 8520->8521 8522 7ff7f59f04c7 _calloc_dbg 8520->8522 8523 7ff7f59f029a 2 API calls 8521->8523 8524 7ff7f59f04eb 8522->8524 8525 7ff7f59f04de 8522->8525 8523->8524 8526 7ff7f59eff3f 4 API calls 8524->8526 8540 7ff7f59f029a 8525->8540 8528 7ff7f59f0546 8526->8528 8528->8500 8528->8503 8530 7ff7f59f04f7 ??3@YAXPEAX 8530->8524 8532 7ff7f59f05e6 GetCurrentThread 8531->8532 8533 7ff7f59f0567 8531->8533 8532->8507 8533->8532 8534 7ff7f59f0570 GetCurrentThreadId _ultoa 8533->8534 8536 7ff7f59f05b4 OutputDebugStringA abort 8534->8536 8536->8532 8538 7ff7f59f03dd 8537->8538 8539 7ff7f59f03d7 abort 8537->8539 8538->8517 8539->8538 8541 7ff7f59f02b6 8540->8541 8542 7ff7f59f02ae 8540->8542 8543 7ff7f59f02ce _malloc_dbg 8541->8543 8544 7ff7f59f02dd 8541->8544 8542->8524 8542->8530 8543->8542 8543->8544 8544->8542 8545 7ff7f59f037b memcpy 8544->8545 8545->8542 8547 7ff7f59f0026 8546->8547 8548 7ff7f59f0042 ??3@YAXPEAX 8546->8548 8549 7ff7f59f0035 ??3@YAXPEAX 8547->8549 8548->8488 8549->8548 8551 7ff7f5a00904 _malloc_dbg 8550->8551 8552 7ff7f5a0094d 8551->8552 8553 7ff7f5a00911 8551->8553 8552->8320 8553->8551 8554 7ff7f5a009b0 16 API calls 8553->8554 8555 7ff7f5a00d80 7 API calls 8553->8555 8554->8553 8555->8553 8557 7ff7f59f90a5 8556->8557 8558 7ff7f59f90a0 8556->8558 8557->8323 8559 7ff7f5a019a0 20 API calls 8558->8559 8559->8557 8561 7ff7f59ff930 8560->8561 8562 7ff7f59ff890 20 API calls 8561->8562 8563 7ff7f59ff940 8562->8563 8563->8325 9275 7ff7f59ebc66 RtlLookupFunctionEntry 9276 7ff7f59ebc7d 9275->9276 9277 7ff7f59eea64 9287 7ff7f59eef63 9277->9287 9280 7ff7f59eea93 9282 7ff7f59eef63 5 API calls 9280->9282 9281 7ff7f59eeaa0 9283 7ff7f59eef63 5 API calls 9281->9283 9284 7ff7f59eea98 9282->9284 9285 7ff7f59eeaa5 9283->9285 9286 7ff7f59eef63 5 API calls 9285->9286 9286->9284 9289 7ff7f59eef7e 9287->9289 9288 7ff7f59eea80 9288->9280 9288->9281 9289->9288 9293 7ff7f59eee63 9289->9293 9291 7ff7f59eefb5 9291->9288 9298 7ff7f59eef17 9291->9298 9294 7ff7f59eed60 4 API calls 9293->9294 9295 7ff7f59eee73 9294->9295 9296 7ff7f59eeeec _malloc_dbg 9295->9296 9297 7ff7f59eee8b 9295->9297 9296->9297 9297->9291 9299 7ff7f59eef3b 9298->9299 9300 7ff7f59eef24 9298->9300 9299->9288 9301 7ff7f59eed60 4 API calls 9300->9301 9301->9299 9307 7ff7f59ed65f 9308 7ff7f59ed675 9307->9308 9315 7ff7f59ec9a9 9308->9315 9310 7ff7f59edaf7 9311 7ff7f59ec477 _fputchar 9314 7ff7f59ed412 9311->9314 9312 7ff7f59ec66a _fputchar 9312->9314 9313 7ff7f59ece3f 11 API calls 9313->9314 9314->9310 9314->9311 9314->9312 9314->9313 9316 7ff7f59ec9ba 9315->9316 9317 7ff7f59ec9fc 9316->9317 9318 7ff7f59eca09 9316->9318 9319 7ff7f59ec66a _fputchar 9317->9319 9320 7ff7f59ec7b1 11 API calls 9318->9320 9321 7ff7f59eca07 9319->9321 9322 7ff7f59eca14 9320->9322 9324 7ff7f59edb87 4 API calls 9321->9324 9322->9321 9323 7ff7f59ec477 _fputchar 9322->9323 9323->9322 9325 7ff7f59eca38 9324->9325 9325->9314 9326 7ff7f59ea45d 9327 7ff7f59ea466 9326->9327 9335 7ff7f59ea2ce 9326->9335 9328 7ff7f59ea47b 9327->9328 9333 7ff7f59ea46d 9327->9333 9329 7ff7f59ea64c strcmp 9328->9329 9328->9335 9330 7ff7f59ea65f strcmp 9329->9330 9329->9335 9331 7ff7f59ea67c 9330->9331 9330->9335 9331->9335 9336 7ff7f59e9b60 9331->9336 9332 7ff7f59ea77a strcmp 9332->9335 9333->9332 9333->9335 9337 7ff7f59e9b74 9336->9337 9338 7ff7f59e639d memcmp 9337->9338 9339 7ff7f59e9bb1 9337->9339 9338->9339 9339->9335 9340 7ff7f59e1e5b 9371 7ff7f59e1e21 GetModuleFileNameA 9340->9371 9343 7ff7f59ec17f 41 API calls 9344 7ff7f59e1e88 9343->9344 9345 7ff7f59e1e98 9344->9345 9346 7ff7f59ec17f 41 API calls 9344->9346 9347 7ff7f59ec17f 41 API calls 9345->9347 9346->9345 9351 7ff7f59e1eb0 9347->9351 9348 7ff7f59ec17f 41 API calls 9349 7ff7f59e1f29 9348->9349 9350 7ff7f59ec17f 41 API calls 9349->9350 9356 7ff7f59e1f38 9350->9356 9351->9348 9352 7ff7f59e13d6 21 API calls 9353 7ff7f59e1fe3 9352->9353 9374 7ff7f59fd230 9353->9374 9355 7ff7f59e1fee 9380 7ff7f59fd1a0 strlen 9355->9380 9356->9352 9358 7ff7f59e200c 9359 7ff7f59ec17f 41 API calls 9358->9359 9360 7ff7f59e2044 9359->9360 9361 7ff7f59e2054 9360->9361 9362 7ff7f59ec17f 41 API calls 9360->9362 9363 7ff7f59ec17f 41 API calls 9361->9363 9362->9361 9367 7ff7f59e2079 9363->9367 9364 7ff7f59ec17f 41 API calls 9365 7ff7f59e20f8 9364->9365 9366 7ff7f59ec17f 41 API calls 9365->9366 9369 7ff7f59e2107 ShellExecuteA 9366->9369 9367->9364 9370 7ff7f59e21b8 9369->9370 9372 7ff7f59e13d6 21 API calls 9371->9372 9373 7ff7f59e1e4e 9372->9373 9373->9343 9375 7ff7f59fd1f0 9374->9375 9385 7ff7f59f85a0 9375->9385 9377 7ff7f59fd210 9378 7ff7f59fdb00 9377->9378 9389 7ff7f59fdc20 9377->9389 9378->9355 9381 7ff7f59f85a0 20 API calls 9380->9381 9382 7ff7f59fd1cd 9381->9382 9383 7ff7f59fdb00 9382->9383 9384 7ff7f59fdc20 20 API calls 9382->9384 9383->9358 9384->9383 9386 7ff7f59f85c5 9385->9386 9387 7ff7f59f85c0 9385->9387 9386->9377 9388 7ff7f5a019a0 20 API calls 9387->9388 9388->9386 9390 7ff7f59fdc60 9389->9390 9391 7ff7f59fdbc0 20 API calls 9390->9391 9392 7ff7f59fdc70 9391->9392 9392->9378 9398 7ff7f59ef257 9399 7ff7f59ef280 9398->9399 9400 7ff7f59eee63 5 API calls 9399->9400 9403 7ff7f59ef290 9400->9403 9401 7ff7f59ef342 9402 7ff7f59eef17 4 API calls 9402->9401 9403->9401 9403->9402 9419 7ff7f59eb070 9420 7ff7f59eb097 9419->9420 9421 7ff7f59eb103 fprintf 9420->9421 9431 7ff7f59ed46c 9432 7ff7f59ec477 _fputchar 9431->9432 9434 7ff7f59ed412 9432->9434 9433 7ff7f59edaf7 9434->9433 9435 7ff7f59ec477 _fputchar 9434->9435 9436 7ff7f59ec66a _fputchar 9434->9436 9437 7ff7f59ece3f 11 API calls 9434->9437 9435->9434 9436->9434 9437->9434

    Executed Functions

    Function 00007FF7F59E58C0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 341memoryinjectionprocessCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff7f59e58c0-7ff7f59e58dc call 7ff7f59e3d0a 3 7ff7f59e58de-7ff7f59e58e3 ExitProcess 0->3 4 7ff7f59e58e9-7ff7f59e590c call 7ff7f59e1d19 call 7ff7f59e159a call 7ff7f59ec17f 0->4 11 7ff7f59e590e-7ff7f59e5936 call 7ff7f59ec17f 4->11 12 7ff7f59e593a-7ff7f59e594a call 7ff7f59ec17f 4->12 11->12 17 7ff7f59e594c-7ff7f59e594f 12->17 18 7ff7f59e59a9-7ff7f59e59c8 CreateMutexA GetLastError 12->18 21 7ff7f59e5952-7ff7f59e595f 17->21 19 7ff7f59e59d8-7ff7f59e5a0c call 7ff7f59ec17f * 2 18->19 20 7ff7f59e59ca-7ff7f59e59d3 call 7ff7f5a114d0 18->20 39 7ff7f59e5a0e-7ff7f59e5a34 19->39 40 7ff7f59e5a38-7ff7f59e5a3c 19->40 31 7ff7f59e5d7b-7ff7f59e5d90 20->31 24 7ff7f59e5965-7ff7f59e596c 21->24 25 7ff7f59e5961-7ff7f59e5963 21->25 29 7ff7f59e5973-7ff7f59e5976 24->29 30 7ff7f59e596e-7ff7f59e5971 24->30 28 7ff7f59e5997-7ff7f59e599b 25->28 28->21 33 7ff7f59e597d-7ff7f59e5984 29->33 34 7ff7f59e5978-7ff7f59e597b 29->34 30->28 37 7ff7f59e5986-7ff7f59e5989 33->37 38 7ff7f59e598b-7ff7f59e5992 33->38 36 7ff7f59e599d-7ff7f59e59a7 34->36 36->18 36->21 37->28 38->36 41 7ff7f59e5994 38->41 39->40 42 7ff7f59e5ab1-7ff7f59e5ac8 call 7ff7f59e55d2 40->42 43 7ff7f59e5a3e-7ff7f59e5a5c 40->43 41->28 49 7ff7f59e5d4c 42->49 50 7ff7f59e5ace-7ff7f59e5af3 call 7ff7f59ec17f * 2 42->50 45 7ff7f59e5a60-7ff7f59e5a69 43->45 47 7ff7f59e5a94-7ff7f59e5aa6 45->47 48 7ff7f59e5a6b-7ff7f59e5a71 45->48 47->45 48->47 51 7ff7f59e5a73-7ff7f59e5a76 48->51 53 7ff7f59e5d51-7ff7f59e5d59 call 7ff7f59fc870 49->53 64 7ff7f59e5af5-7ff7f59e5b1d 50->64 65 7ff7f59e5b20-7ff7f59e5b24 50->65 54 7ff7f59e5a84-7ff7f59e5a8a 51->54 55 7ff7f59e5a78-7ff7f59e5a82 51->55 53->31 54->47 57 7ff7f59e5a8c-7ff7f59e5a8f 54->57 56 7ff7f59e5aa8-7ff7f59e5aaf 55->56 56->42 56->45 57->56 60 7ff7f59e5a91 57->60 60->47 64->65 66 7ff7f59e5b83-7ff7f59e5be2 call 7ff7f59e13d6 call 7ff7f59e225c call 7ff7f59ec17f 65->66 67 7ff7f59e5b26-7ff7f59e5b29 65->67 86 7ff7f59e5be4-7ff7f59e5c0d call 7ff7f59ec17f 66->86 87 7ff7f59e5c11-7ff7f59e5c24 call 7ff7f59ec17f 66->87 68 7ff7f59e5b2c-7ff7f59e5b39 67->68 70 7ff7f59e5b3f-7ff7f59e5b46 68->70 71 7ff7f59e5b3b-7ff7f59e5b3d 68->71 74 7ff7f59e5b4d-7ff7f59e5b50 70->74 75 7ff7f59e5b48-7ff7f59e5b4b 70->75 73 7ff7f59e5b71-7ff7f59e5b75 71->73 73->68 78 7ff7f59e5b52-7ff7f59e5b55 74->78 79 7ff7f59e5b57-7ff7f59e5b5e 74->79 75->73 81 7ff7f59e5b77-7ff7f59e5b81 78->81 82 7ff7f59e5b65-7ff7f59e5b6c 79->82 83 7ff7f59e5b60-7ff7f59e5b63 79->83 81->66 81->68 82->81 85 7ff7f59e5b6e 82->85 83->73 85->73 86->87 92 7ff7f59e5c83-7ff7f59e5d4a CreateProcessA VirtualAllocEx WriteProcessMemory VirtualProtect QueueUserAPC ResumeThread call 7ff7f59fc8a0 87->92 93 7ff7f59e5c26-7ff7f59e5c29 87->93 92->53 95 7ff7f59e5c2c-7ff7f59e5c39 93->95 97 7ff7f59e5c3f-7ff7f59e5c46 95->97 98 7ff7f59e5c3b-7ff7f59e5c3d 95->98 100 7ff7f59e5c4d-7ff7f59e5c50 97->100 101 7ff7f59e5c48-7ff7f59e5c4b 97->101 99 7ff7f59e5c71-7ff7f59e5c75 98->99 99->95 102 7ff7f59e5c52-7ff7f59e5c55 100->102 103 7ff7f59e5c57-7ff7f59e5c5e 100->103 101->99 104 7ff7f59e5c77-7ff7f59e5c81 102->104 105 7ff7f59e5c65-7ff7f59e5c6c 103->105 106 7ff7f59e5c60-7ff7f59e5c63 103->106 104->92 104->95 105->104 107 7ff7f59e5c6e 105->107 106->99 107->99
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Process$CreateVirtual$AllocErrorExitLastMemoryMutexProtectQueueResumeThreadUserWrite
    • String ID: @
    • API String ID: 2997260034-2766056989
    • Opcode ID: 9f7852a02a220a5e5b33c3eb3e8b6b9e50d7e72d7da08080b9e47964c4a5a969
    • Instruction ID: cf6ec4206e2cc9b31051db56076bd0551cf557771414b74e0bfe573d4e6066f2
    • Opcode Fuzzy Hash: 9f7852a02a220a5e5b33c3eb3e8b6b9e50d7e72d7da08080b9e47964c4a5a969
    • Instruction Fuzzy Hash: 22E1D122A1C58696E728EB20D420A6EFB91EB51F84FD48031DA1D077D1DF7CA855CBB2
    Function 00007FF7F59E1131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: _initterm_malloc_dbg$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
    • String ID:
    • API String ID: 4167734774-0
    • Opcode ID: 753628ac01c2c5ff09041190b82e25c71f875488427bbd96ee8c278c392f9780
    • Instruction ID: d76bd97127d36f017eef35c185b6a99fd034c60e6b1fde5f8de7be86a0b0571c
    • Opcode Fuzzy Hash: 753628ac01c2c5ff09041190b82e25c71f875488427bbd96ee8c278c392f9780
    • Instruction Fuzzy Hash: 0E513921A1C64686EB55FB25E840A79ABA4BF48F94F844031DD2D473D1EF3CE46187F2
    Function 00007FF7F59E493C Relevance: 12.8, APIs: 8, Instructions: 752COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 46388b73c7daebd9874acaa60cf26d5e30e69ca13bc0712a9788c5b13997f90f
    • Instruction ID: 3f483e11e35d39c74b344efc6bbf5b265384e4651afcf0628b75291faa0c34c9
    • Opcode Fuzzy Hash: 46388b73c7daebd9874acaa60cf26d5e30e69ca13bc0712a9788c5b13997f90f
    • Instruction Fuzzy Hash: BE72D232A1D69386E728EB14D40066DFB90EB50F88F98D134C62D077D0DF7AE956C7A2
    Function 00007FF7F59E4963 Relevance: 6.6, APIs: 4, Instructions: 597COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: _malloc_dbg$_calloc_dbg_realloc_dbgabort
    • String ID:
    • API String ID: 1593204669-0
    • Opcode ID: 37c4acbd5d2b75a74fc6b2c30c1b30852b287732ed97225bbd25e9d2e457384d
    • Instruction ID: 88cb606971ccb263c98f765f307fbc550a481c18b951a01583395684a96d9844
    • Opcode Fuzzy Hash: 37c4acbd5d2b75a74fc6b2c30c1b30852b287732ed97225bbd25e9d2e457384d
    • Instruction Fuzzy Hash: A252D032A1D6C68AEB28EB14D4006ADFB90FB51F48F988134C62D077D0DF79E956C7A1
    Function 00007FF7F59F068F Relevance: 12.1, APIs: 8, Instructions: 71threadCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Thread$Current$Valueabort$CreateDebugDuplicateEventHandleOutputPriorityString_calloc_dbg_ultoa
    • String ID:
    • API String ID: 3003713025-0
    • Opcode ID: bf720afae6cc2831d5dec5afd31eb2b47a9e5cd5ef4996494e334fc07c4d2c6c
    • Instruction ID: 3509e98e71915817551886f10fee8d411dcc449ac09b31f6c2afbfe69e048882
    • Opcode Fuzzy Hash: bf720afae6cc2831d5dec5afd31eb2b47a9e5cd5ef4996494e334fc07c4d2c6c
    • Instruction Fuzzy Hash: 33319031A1874286EB54EF35E844669BAA5EF44FA4F880235C93E437D4EF3CD451CBA0
    Function 00007FF7F59EC17F Relevance: 7.6, APIs: 5, Instructions: 108COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: _malloc_dbg$CurrentThread_calloc_dbg_realloc_dbgabort
    • String ID:
    • API String ID: 4037631172-0
    • Opcode ID: 98955a1ccf2fb4bb41422b61f5aec0c2e9efb4f9caaed5460e39e2e248c0b7d9
    • Instruction ID: 4cdbaae3f4a989c4dfbba0444a0ddf5fc31434fb573d7e5034fe9f38ca9bfda2
    • Opcode Fuzzy Hash: 98955a1ccf2fb4bb41422b61f5aec0c2e9efb4f9caaed5460e39e2e248c0b7d9
    • Instruction Fuzzy Hash: FC419D21B0DA0696EB09FB15D8046A9A795AF44F94FC88032DE6D177C5EF2CE905C3B1
    Function 00007FF7F59F1233 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: once %p is %d
    • API String ID: 383729395-95064319
    • Opcode ID: 55b584f43668437dd560fc9eee8895c1e0dace20f83414431f4fc698468315d6
    • Instruction ID: f08e7cc56382368d2f03626a1fbcf4ab1f74691d3e7bc290a62a71148563cb5b
    • Opcode Fuzzy Hash: 55b584f43668437dd560fc9eee8895c1e0dace20f83414431f4fc698468315d6
    • Instruction Fuzzy Hash: A8118035A08A4285EB18FB61E4005BDA6E49F85FC4FD48031EA3D037D6DF2CE41297A0

    Non-executed Functions

    Function 00007FF7F59E55D2 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 208networkfileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 729 7ff7f59e55d2-7ff7f59e5614 call 7ff7f59ebb70 call 7ff7f59ec17f * 2 736 7ff7f59e5616-7ff7f59e563c 729->736 737 7ff7f59e5641-7ff7f59e5645 729->737 736->737 738 7ff7f59e56bb-7ff7f59e56e4 InternetOpenW 737->738 739 7ff7f59e5647-7ff7f59e5666 737->739 740 7ff7f59e56e6-7ff7f59e570d InternetOpenUrlW 738->740 741 7ff7f59e572d-7ff7f59e572f 738->741 742 7ff7f59e566a-7ff7f59e5673 739->742 743 7ff7f59e570f-7ff7f59e5720 740->743 744 7ff7f59e5722-7ff7f59e5727 InternetCloseHandle 740->744 745 7ff7f59e58ac-7ff7f59e58bf 741->745 746 7ff7f59e5675-7ff7f59e567b 742->746 747 7ff7f59e569e-7ff7f59e56b0 742->747 748 7ff7f59e5791-7ff7f59e57ac InternetReadFile 743->748 744->741 746->747 749 7ff7f59e567d-7ff7f59e5680 746->749 747->742 752 7ff7f59e5734-7ff7f59e573a 748->752 753 7ff7f59e57ae-7ff7f59e586e 748->753 750 7ff7f59e5682-7ff7f59e568c 749->750 751 7ff7f59e568e-7ff7f59e5694 749->751 754 7ff7f59e56b2-7ff7f59e56b9 750->754 751->747 755 7ff7f59e5696-7ff7f59e5699 751->755 757 7ff7f59e5740-7ff7f59e575b 752->757 758 7ff7f59e588a-7ff7f59e5892 GetLastError 752->758 753->758 760 7ff7f59e5870-7ff7f59e5888 InternetCloseHandle * 2 753->760 754->738 754->742 755->754 759 7ff7f59e569b 755->759 762 7ff7f59e57b3-7ff7f59e57c9 757->762 763 7ff7f59e575d-7ff7f59e578c call 7ff7f59fb8f0 call 7ff7f59fb930 call 7ff7f59fb8f0 757->763 758->760 761 7ff7f59e5894-7ff7f59e58a7 InternetCloseHandle * 2 758->761 759->747 760->745 761->741 764 7ff7f59e57cb-7ff7f59e57d2 call 7ff7f5a019a0 762->764 765 7ff7f59e57d7-7ff7f59e57e1 762->765 763->748 764->765 768 7ff7f59e57e3-7ff7f59e57e8 765->768 769 7ff7f59e57fd 765->769 772 7ff7f59e5812-7ff7f59e5844 call 7ff7f59fb930 call 7ff7f59fb8f0 call 7ff7f59fb930 768->772 773 7ff7f59e57ea-7ff7f59e57fb 768->773 774 7ff7f59e5807-7ff7f59e580f call 7ff7f5a008f0 769->774 785 7ff7f59e5846-7ff7f59e5850 call 7ff7f5a008e0 772->785 786 7ff7f59e5855-7ff7f59e5864 772->786 773->774 774->772 785->786 786->748
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Internet$CloseHandle$Open_malloc_dbg$ErrorFileLastRead_calloc_dbg_realloc_dbgabort
    • String ID: vector::_M_range_insert
    • API String ID: 264723552-1989829942
    • Opcode ID: 0f8aa1aad9e42c1a2b09d3c5134087cb67ee98e9b140eb476b48317dedf48c8b
    • Instruction ID: 019e81b3aaf1599ac06661953deaa7f2a5373b1e4a72ae8718803c0e78c15c9f
    • Opcode Fuzzy Hash: 0f8aa1aad9e42c1a2b09d3c5134087cb67ee98e9b140eb476b48317dedf48c8b
    • Instruction Fuzzy Hash: F7811422A1D68286EB14EB26E41066DE790FF45FE4F888131DE6D07BD5DF3CD45287A0
    Function 00007FF7F59EA9FA Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 292stringCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 961 7ff7f59ea9fa-7ff7f59eaa25 962 7ff7f59eaa32-7ff7f59eaa4b _strncoll 961->962 963 7ff7f59eaa27-7ff7f59eaa30 961->963 964 7ff7f59eaa84-7ff7f59eaaa7 962->964 965 7ff7f59eaa4d-7ff7f59eaa55 962->965 963->962 963->964 966 7ff7f59eaaab-7ff7f59eaafc strlen 964->966 965->964 967 7ff7f59eaa57-7ff7f59eaa65 965->967 968 7ff7f59eab02-7ff7f59eab3e call 7ff7f59ebb70 * 2 966->968 969 7ff7f59eacf8-7ff7f59eacfa 966->969 967->964 970 7ff7f59eaa67-7ff7f59eaa6c 967->970 979 7ff7f59eab40-7ff7f59eab44 968->979 980 7ff7f59eab6e-7ff7f59eab71 968->980 972 7ff7f59eae1d-7ff7f59eae30 969->972 973 7ff7f59eaa72-7ff7f59eaa78 970->973 974 7ff7f59eaa6e-7ff7f59eaa70 970->974 973->964 976 7ff7f59eaa7a-7ff7f59eaa81 973->976 974->964 974->973 976->964 981 7ff7f59eab46-7ff7f59eab52 979->981 982 7ff7f59eab5d-7ff7f59eab69 call 7ff7f59e91f3 979->982 983 7ff7f59eab73-7ff7f59eab76 980->983 984 7ff7f59eab7b-7ff7f59eab83 980->984 986 7ff7f59eac6f-7ff7f59eac73 981->986 987 7ff7f59eab58 981->987 989 7ff7f59eacc9-7ff7f59eacd0 982->989 983->989 984->983 985 7ff7f59eab85-7ff7f59eaba5 call 7ff7f59e8982 984->985 985->989 1002 7ff7f59eabab-7ff7f59eabb2 985->1002 993 7ff7f59eac75-7ff7f59eac8c strlen call 7ff7f59e5ece 986->993 994 7ff7f59eac8e-7ff7f59eac9c call 7ff7f59e8982 986->994 987->993 991 7ff7f59eacd2-7ff7f59eacd5 989->991 992 7ff7f59eacd7-7ff7f59eacdb 989->992 991->992 997 7ff7f59eacff-7ff7f59ead7b call 7ff7f59e6192 991->997 998 7ff7f59eaced 992->998 999 7ff7f59eacdd-7ff7f59eace8 992->999 1006 7ff7f59eaca1-7ff7f59eacc5 call 7ff7f59e5de1 strlen 993->1006 994->1006 1013 7ff7f59ead7d-7ff7f59ead80 997->1013 1014 7ff7f59ead87-7ff7f59eae18 call 7ff7f59ebb70 * 2 call 7ff7f59e7d6e call 7ff7f59e62b6 997->1014 1003 7ff7f59eacef-7ff7f59eacf3 998->1003 999->966 1002->989 1007 7ff7f59eabb8-7ff7f59eabd0 1002->1007 1003->972 1006->989 1011 7ff7f59eabd6-7ff7f59eabde 1007->1011 1012 7ff7f59eac5d-7ff7f59eac5f 1007->1012 1015 7ff7f59eabe0-7ff7f59eabe5 1011->1015 1016 7ff7f59eabe7 1011->1016 1012->1011 1017 7ff7f59eac65-7ff7f59eac67 1012->1017 1013->1014 1014->1003 1015->1016 1019 7ff7f59eac0f-7ff7f59eac13 1015->1019 1021 7ff7f59eabeb-7ff7f59eac04 1016->1021 1017->1016 1020 7ff7f59eac6d 1017->1020 1025 7ff7f59eac15-7ff7f59eac1e 1019->1025 1026 7ff7f59eac33-7ff7f59eac58 call 7ff7f59e5ece call 7ff7f59e5de1 1019->1026 1020->989 1023 7ff7f59eac06-7ff7f59eac09 1021->1023 1024 7ff7f59eac0b-7ff7f59eac0d 1021->1024 1023->1021 1024->1019 1024->1023 1025->1026 1030 7ff7f59eac20 1025->1030 1026->1002 1033 7ff7f59eac24-7ff7f59eac2c 1030->1033 1033->1019 1036 7ff7f59eac2e-7ff7f59eac31 1033->1036 1036->1033
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: strlen$_strncoll
    • String ID: _GLOBAL_
    • API String ID: 3979851410-770460502
    • Opcode ID: 78255e53fb856305445e6588d778a689cd4c3cc0a28087946a99be3806b47767
    • Instruction ID: 073f40396dc7ccd7177ba1dca19df75034b5f11d20ec3d155a1bb9dc4d2ed221
    • Opcode Fuzzy Hash: 78255e53fb856305445e6588d778a689cd4c3cc0a28087946a99be3806b47767
    • Instruction Fuzzy Hash: 6BC1D332A0C7828BF728EB70D8483ED77A5BB04B88F844135DA6D17BD5DF38955287A1
    Function 00007FF7F59E159A Relevance: 5.0, APIs: 3, Instructions: 548memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: ProtectVirtual_malloc_dbg$CacheFlushInstruction_calloc_dbg_realloc_dbgabort
    • String ID:
    • API String ID: 4203908447-0
    • Opcode ID: dcc3aade698dbe6acce71ded1e8ff223fe62e30bc48d3c26e3a64b7732f0337a
    • Instruction ID: 6a2fa4ef6963894961365e88ed8ea0b5d00aaa65766dd3b8abf5d5d00e78ec52
    • Opcode Fuzzy Hash: dcc3aade698dbe6acce71ded1e8ff223fe62e30bc48d3c26e3a64b7732f0337a
    • Instruction Fuzzy Hash: 2D32C432A1C29686E729EB10D400A79FB91EB91F40FD9C131D66A037C5DF7DA842D7B2
    Function 00007FF7F59E21DC Relevance: 3.0, APIs: 2, Instructions: 22fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Find$CaptureCloseContextFileFirstUnwindabort
    • String ID:
    • API String ID: 1173583122-0
    • Opcode ID: 07bed845c777f2094d9f1d8608d56d60ff18c68610ad4310ed9743b875ecc369
    • Instruction ID: 44aabe82db28b7a124b9ed6b2fecec858ca636f02418920b2476d2ab7f9d00d6
    • Opcode Fuzzy Hash: 07bed845c777f2094d9f1d8608d56d60ff18c68610ad4310ed9743b875ecc369
    • Instruction Fuzzy Hash: 98E03212E4D40282EF69F725E82837882506F85FB0FD40330DA3F463D2EE2CA20546B1
    Function 00007FF7F59E21E4 Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Find$CaptureCloseContextFileFirstUnwindabort
    • String ID:
    • API String ID: 1173583122-0
    • Opcode ID: 49752a5b69ba3cca85898a7ce776668438236c9ac12fb5bc9c0f809d60343a9d
    • Instruction ID: 227e85f80d01f3b4e180207eb7eb8e781e2cc3aa7eb5278f506ff241f4dcb4bd
    • Opcode Fuzzy Hash: 49752a5b69ba3cca85898a7ce776668438236c9ac12fb5bc9c0f809d60343a9d
    • Instruction Fuzzy Hash: 3BE0E512E5D44286EF69F735E81937892506F86FB0FD44330DA3F463D2EE2CA11646A1
    Function 00007FF7F59E21F1 Relevance: 3.0, APIs: 2, Instructions: 18fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Find$CaptureCloseContextFileFirstUnwindabort
    • String ID:
    • API String ID: 1173583122-0
    • Opcode ID: f6be1d11bafd7138262e0ed3e4cc706dcfcce335c57d2ecc58c705f9c05d47dc
    • Instruction ID: 55ab5cd0a1e17542ab831dc5f2c662e168328a25e19f464ddc89eaa735a1de27
    • Opcode Fuzzy Hash: f6be1d11bafd7138262e0ed3e4cc706dcfcce335c57d2ecc58c705f9c05d47dc
    • Instruction Fuzzy Hash: 4AE08C12F5C40286EF69F735E8183789250AF89FB0FC80330D93F863E2EE2C911546A0
    Function 00007FF7F59E2205 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Find$CloseFileFirst
    • String ID:
    • API String ID: 2295610775-0
    • Opcode ID: ddc723069839fbc64ed822299912c8629a0478eca376f5b88e1be3bad91a2ba0
    • Instruction ID: 75f81698e6a71e857fb2b6e47b044c2af8c219191f7af2d90e1aa090a0b2e28b
    • Opcode Fuzzy Hash: ddc723069839fbc64ed822299912c8629a0478eca376f5b88e1be3bad91a2ba0
    • Instruction Fuzzy Hash: CED05E62E1840282EF25A724D4083385260AB44B74FD00330D53F823E0EE6C811A4A60
    Function 00007FF7F59E8F62 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID:
    • String ID: std$string literal
    • API String ID: 0-2980153874
    • Opcode ID: 6a946cb0a3405175331ad94ad00e71cc511e386829943c81622d4c0cc77cc3f8
    • Instruction ID: 771e39c3245ddaed6458d60333bd06e8147408f2ec44285aef3f9ce388ff5fe0
    • Opcode Fuzzy Hash: 6a946cb0a3405175331ad94ad00e71cc511e386829943c81622d4c0cc77cc3f8
    • Instruction Fuzzy Hash: EA718B61E0C64246FB6DEA66D905279A7819F46FC4FC88430DA2D473C6EF2DE94183F2
    Function 00007FF7F59E1E5B Relevance: 1.8, APIs: 1, Instructions: 267COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF7F59E1E21: GetModuleFileNameA.KERNEL32 ref: 00007FF7F59E1E3D
      • Part of subcall function 00007FF7F59EC17F: _calloc_dbg.MSVCRT ref: 00007FF7F59EC202
      • Part of subcall function 00007FF7F59EC17F: abort.MSVCRT(?,?,00000000,?,00007FF7F59E15BC), ref: 00007FF7F59EC20F
      • Part of subcall function 00007FF7F59EC17F: _malloc_dbg.MSVCRT ref: 00007FF7F59EC28F
      • Part of subcall function 00007FF7F59EC17F: _realloc_dbg.MSVCRT ref: 00007FF7F59EC23A
      • Part of subcall function 00007FF7F59EC17F: _malloc_dbg.MSVCRT ref: 00007FF7F59EC2AB
    • ShellExecuteA.SHELL32 ref: 00007FF7F59E21AA
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: _malloc_dbg$ExecuteFileModuleNameShell_calloc_dbg_realloc_dbgabort
    • String ID:
    • API String ID: 1988290971-0
    • Opcode ID: 8469d6f7687541d2284c82d1fd9a916e2834edf6ec8860e712d162e7119f5010
    • Instruction ID: 645d1f051c96ac67d529d880bb8a0c1c2e1e9c1afc474bbc9befb15b06b97e18
    • Opcode Fuzzy Hash: 8469d6f7687541d2284c82d1fd9a916e2834edf6ec8860e712d162e7119f5010
    • Instruction Fuzzy Hash: 89B1B472A1C28256EB29EB10D50067DEB91EFA1F80FD5C031D66A072D2DF6CA945D3F2
    Function 00007FF7F59F2040 Relevance: 1.5, APIs: 1, Instructions: 14timeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Time$FileSystem
    • String ID:
    • API String ID: 2086374402-0
    • Opcode ID: 21ab27f4fa84f6b9d8a90f3ad8d344712bba9146ed1255f8eadf81c2d5fbb99a
    • Instruction ID: d0029a02751e842e4df5960c0a2a925df68eb6cda8262f5207bafd19656e3f07
    • Opcode Fuzzy Hash: 21ab27f4fa84f6b9d8a90f3ad8d344712bba9146ed1255f8eadf81c2d5fbb99a
    • Instruction Fuzzy Hash: 5ED05EAAF0854487DB20DB10F445016B722EBD87E9B848120EE5D02768DF3CD667CF00
    Function 00007FF7F59E8982 Relevance: .4, Instructions: 356COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 47397c67e756e3ce22256b19d5bc484a3134d5edddd8c0af1c067dce716a842e
    • Instruction ID: 82a39d82a620dd1546640497b2515c1ad279f249a947b477b2feb5d40806ca85
    • Opcode Fuzzy Hash: 47397c67e756e3ce22256b19d5bc484a3134d5edddd8c0af1c067dce716a842e
    • Instruction Fuzzy Hash: 43D18521E0D64247FB6CFA95D44137A97929F95F84FDA8431CA2D136C6DF2CE88182F2
    Function 00007FF7F5A11690 Relevance: .0, Instructions: 16COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 881578eabfbfffa7946b0a06e234dd643742ef944514ef788b83b882e2c7e22b
    • Instruction ID: a247a302809207fb1806045fd937e66d3abc40e6a1b16bc9ee9f2d6f1bd27950
    • Opcode Fuzzy Hash: 881578eabfbfffa7946b0a06e234dd643742ef944514ef788b83b882e2c7e22b
    • Instruction Fuzzy Hash: B0E01287E5EEC54AF35361548C6D8286ED29F72D3074D40B6CA78062D3AC0F2C1646A2
    Function 00007FF7F59EBC95 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 127COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 788 7ff7f59ebc95-7ff7f59ebcc3 789 7ff7f59ebcc5-7ff7f59ebcd4 788->789 790 7ff7f59ebcd9-7ff7f59ebcde 788->790 791 7ff7f59ebe64-7ff7f59ebe77 789->791 792 7ff7f59ebd04-7ff7f59ebd35 790->792 793 7ff7f59ebce0-7ff7f59ebce4 790->793 795 7ff7f59ebd64-7ff7f59ebd69 792->795 796 7ff7f59ebd37-7ff7f59ebd62 792->796 793->791 794 7ff7f59ebcea-7ff7f59ebcff 793->794 797 7ff7f59ebe56-7ff7f59ebe62 RtlUnwindEx 794->797 795->791 798 7ff7f59ebd6f-7ff7f59ebd75 795->798 803 7ff7f59ebd7c-7ff7f59ebd97 796->803 800 7ff7f59ebe15 abort 797->800 801 7ff7f59ebdd4-7ff7f59ebdf1 798->801 802 7ff7f59ebd77 798->802 804 7ff7f59ebe1a-7ff7f59ebe51 800->804 801->791 806 7ff7f59ebdf3-7ff7f59ebdf6 801->806 802->803 803->791 809 7ff7f59ebd9d-7ff7f59ebda0 803->809 804->797 806->800 808 7ff7f59ebdf8-7ff7f59ebe13 806->808 808->800 808->804 809->800 810 7ff7f59ebda2-7ff7f59ebdd2 RaiseException 809->810 810->800
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Unwindabort
    • String ID: CCG $CCG!$CCG!$CCG"$basic_string::_M_create
    • API String ID: 2187188232-955483099
    • Opcode ID: 07666c5911fae5383afa0ff1d0b08fb36272c3b48217d42c5d5c40ffc9c6ef3b
    • Instruction ID: 301136728799400ae8cc2fdf6d71fa2a4f7bf95d91c56b1c5309044a56e5bf85
    • Opcode Fuzzy Hash: 07666c5911fae5383afa0ff1d0b08fb36272c3b48217d42c5d5c40ffc9c6ef3b
    • Instruction Fuzzy Hash: BE516D76608B4082D764DB45E4802AAB3B5F788F94F60413AEF9D43BA9CF3DD891C791
    Function 00007FF7F59EB1C4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Virtual$ErrorLastProtectQuery
    • String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
    • API String ID: 637304234-2693646698
    • Opcode ID: d0d996821a2ca10f39028e77ba8c4b9571d2c6f9c7c75cd471fc788101b850ad
    • Instruction ID: bdc969b37ea7ef5452e2dd4eddd076b97eb7658f22f8ba3357a0a7fead850e5e
    • Opcode Fuzzy Hash: d0d996821a2ca10f39028e77ba8c4b9571d2c6f9c7c75cd471fc788101b850ad
    • Instruction Fuzzy Hash: 2E317F61B09A0287EB04EB11E841569BB62FF94FA4F848135DE2C473E5DE3CE556C7B0
    Function 00007FF7F59F2DFF Relevance: 10.6, APIs: 7, Instructions: 73COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: CriticalInitializeSection$CreateSemaphore$??3@_calloc_dbg
    • String ID:
    • API String ID: 278339251-0
    • Opcode ID: a0c677a658eab8f689cd59e2a2e6a0ec8e4901bff5b3ddd49d5ece65d1f956a7
    • Instruction ID: c778602acb823dd877a0f62a583ffe4818fef3fb9e19d9734fb57c62947ea7e1
    • Opcode Fuzzy Hash: a0c677a658eab8f689cd59e2a2e6a0ec8e4901bff5b3ddd49d5ece65d1f956a7
    • Instruction Fuzzy Hash: F221EC32B0564282FF69EF75E8107A966D1AF50F94F988135CE2D873C4DF3C984183A0
    Function 00007FF7F59EA409 Relevance: 10.2, APIs: 8, Instructions: 250stringCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 848 7ff7f59ea409-7ff7f59ea42f strcmp 849 7ff7f59ea431-7ff7f59ea439 call 7ff7f59e91f3 848->849 850 7ff7f59ea43e-7ff7f59ea444 848->850 860 7ff7f59ea50e-7ff7f59ea519 849->860 852 7ff7f59ea446 850->852 853 7ff7f59ea468-7ff7f59ea46b 850->853 852->853 857 7ff7f59ea51e-7ff7f59ea529 call 7ff7f59e6796 852->857 855 7ff7f59ea46d-7ff7f59ea46f 853->855 856 7ff7f59ea47b-7ff7f59ea47e 853->856 861 7ff7f59ea471-7ff7f59ea474 855->861 862 7ff7f59ea489-7ff7f59ea494 855->862 858 7ff7f59ea643-7ff7f59ea646 856->858 859 7ff7f59ea484 856->859 870 7ff7f59ea535-7ff7f59ea538 857->870 871 7ff7f59ea52b-7ff7f59ea533 call 7ff7f59e91f3 857->871 865 7ff7f59ea2ce-7ff7f59ea2d1 858->865 867 7ff7f59ea64c-7ff7f59ea65d strcmp 858->867 859->865 866 7ff7f59ea768-7ff7f59ea772 860->866 868 7ff7f59ea476 861->868 869 7ff7f59ea4b8-7ff7f59ea4bb 861->869 862->866 874 7ff7f59ea79e-7ff7f59ea7a9 865->874 875 7ff7f59ea672-7ff7f59ea67a call 7ff7f59ea1ad 867->875 876 7ff7f59ea65f-7ff7f59ea670 strcmp 867->876 868->865 872 7ff7f59ea4ed 869->872 873 7ff7f59ea4bd-7ff7f59ea4c1 869->873 881 7ff7f59ea544-7ff7f59ea555 strcmp 870->881 882 7ff7f59ea53a-7ff7f59ea542 call 7ff7f59e9b60 870->882 897 7ff7f59ea56e-7ff7f59ea582 strcmp 871->897 877 7ff7f59ea4ef-7ff7f59ea4f2 call 7ff7f59ea1ad 872->877 879 7ff7f59ea4c3-7ff7f59ea4c5 873->879 880 7ff7f59ea4cb-7ff7f59ea4ce 873->880 903 7ff7f59ea68a-7ff7f59ea6a3 call 7ff7f59ea1ad * 2 875->903 876->875 883 7ff7f59ea67c-7ff7f59ea680 876->883 896 7ff7f59ea4f7-7ff7f59ea4f9 877->896 879->880 887 7ff7f59ea778 879->887 880->887 888 7ff7f59ea4d4-7ff7f59ea4db 880->888 890 7ff7f59ea566-7ff7f59ea569 call 7ff7f59ea1ad 881->890 891 7ff7f59ea557-7ff7f59ea564 call 7ff7f59e9c9f 881->891 882->897 893 7ff7f59ea682-7ff7f59ea685 call 7ff7f59e9b60 883->893 894 7ff7f59ea6ae-7ff7f59ea6b0 883->894 895 7ff7f59ea77a-7ff7f59ea78b strcmp 887->895 888->895 898 7ff7f59ea4e1-7ff7f59ea4e8 888->898 890->897 891->897 893->903 894->865 900 7ff7f59ea6b6-7ff7f59ea6bb 894->900 895->877 905 7ff7f59ea791-7ff7f59ea799 call 7ff7f59e88d3 895->905 896->860 907 7ff7f59ea4fb-7ff7f59ea509 call 7ff7f59e5de1 896->907 911 7ff7f59ea596-7ff7f59ea5a7 strcmp 897->911 912 7ff7f59ea584-7ff7f59ea591 call 7ff7f59ea96f 897->912 898->872 898->887 908 7ff7f59ea6c5-7ff7f59ea6e9 call 7ff7f59ea96f call 7ff7f59e91f3 900->908 909 7ff7f59ea6bd-7ff7f59ea6bf 900->909 935 7ff7f59ea6a9 903->935 936 7ff7f59ea737-7ff7f59ea765 call 7ff7f59e5de1 * 2 903->936 905->874 905->896 907->860 943 7ff7f59ea6f6-7ff7f59ea6f9 908->943 944 7ff7f59ea6eb-7ff7f59ea6f4 908->944 909->865 909->908 916 7ff7f59ea5bc-7ff7f59ea5c5 911->916 917 7ff7f59ea5a9-7ff7f59ea5ba strcmp 911->917 927 7ff7f59ea61d 912->927 924 7ff7f59ea5cd-7ff7f59ea5d0 916->924 925 7ff7f59ea5c7-7ff7f59ea5cb 916->925 917->916 923 7ff7f59ea5d8-7ff7f59ea5e0 call 7ff7f59ea1ad 917->923 923->927 930 7ff7f59ea5e2-7ff7f59ea5f9 call 7ff7f59e9c9f 924->930 931 7ff7f59ea5d2 924->931 929 7ff7f59ea5d6 925->929 934 7ff7f59ea620-7ff7f59ea63e call 7ff7f59e5de1 927->934 929->923 929->930 930->934 949 7ff7f59ea5fb-7ff7f59ea618 call 7ff7f59e8965 call 7ff7f59e5de1 930->949 931->929 934->866 935->865 936->866 945 7ff7f59ea6fb-7ff7f59ea6ff 943->945 946 7ff7f59ea71c-7ff7f59ea71f 943->946 944->936 945->865 951 7ff7f59ea705-7ff7f59ea71a call 7ff7f59ea96f 945->951 946->865 952 7ff7f59ea725-7ff7f59ea729 946->952 949->927 951->936 952->865 956 7ff7f59ea72f-7ff7f59ea732 call 7ff7f59ea1ad 952->956 956->936
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: strcmp
    • String ID:
    • API String ID: 1004003707-0
    • Opcode ID: 47e7821870c9d44db7b1c61fb07224ef18ee184e55d4f8feeb2e9a8fbeef8cbd
    • Instruction ID: 7990730e8267c076d7a426cdd651326a7b3dae4851d17813076cb2efd324e3f5
    • Opcode Fuzzy Hash: 47e7821870c9d44db7b1c61fb07224ef18ee184e55d4f8feeb2e9a8fbeef8cbd
    • Instruction Fuzzy Hash: 12916B11E4C24247FB6CFB62D8192BD96825F52F84FD84031DD2E067E6DF2DE94282B2
    Function 00007FF7F59EFEE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81threadCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1040 7ff7f59efee8-7ff7f59efeeb call 7ff7f59efdd9 1044 7ff7f59efe09-7ff7f59efe14 1040->1044 1045 7ff7f59efed8 1040->1045 1046 7ff7f59efe16-7ff7f59efe1a 1044->1046 1047 7ff7f59efe2e-7ff7f59efe32 1044->1047 1048 7ff7f59efedd-7ff7f59efee7 1045->1048 1049 7ff7f59efed4-7ff7f59efed6 1046->1049 1050 7ff7f59efe20-7ff7f59efe29 GetCurrentThreadId 1046->1050 1051 7ff7f59efe34-7ff7f59efe41 GetCurrentThreadId 1047->1051 1052 7ff7f59efe5d-7ff7f59efe62 1047->1052 1049->1048 1050->1049 1051->1052 1053 7ff7f59efe43-7ff7f59efe52 1051->1053 1054 7ff7f59efe64-7ff7f59efe7a CreateEventA 1052->1054 1055 7ff7f59efea0 1052->1055 1053->1048 1057 7ff7f59efe58-7ff7f59efe5b 1053->1057 1058 7ff7f59efe90-7ff7f59efe98 1054->1058 1059 7ff7f59efe7c-7ff7f59efe8c GetLastError 1054->1059 1056 7ff7f59efea5-7ff7f59efeab 1055->1056 1056->1046 1060 7ff7f59efeb1-7ff7f59efebe call 7ff7f59f20c1 1056->1060 1057->1049 1058->1055 1062 7ff7f59efe9a call 7ff7f5a114d0 1058->1062 1059->1045 1061 7ff7f59efe8e 1059->1061 1060->1056 1066 7ff7f59efec0-7ff7f59efed2 1060->1066 1061->1048 1062->1055 1066->1048
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: CurrentThread$??3@_malloc_dbg
    • String ID: basic_string::_M_create
    • API String ID: 581562805-3122258987
    • Opcode ID: 5c38d48b0b1f57da120027f2617a23af55e420cf5cba999f5cc3a76c39dbfb9b
    • Instruction ID: 0fbbe739818d2bd871cdddc79ead500c1fa6312a12d41849f4a34c24eeff2df4
    • Opcode Fuzzy Hash: 5c38d48b0b1f57da120027f2617a23af55e420cf5cba999f5cc3a76c39dbfb9b
    • Instruction Fuzzy Hash: 2D317821A0D60387FB69AA35D400739A591AF44F15F94943ACA3E46AC5EF3DF881C7F2
    Function 00007FF7F59F0551 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46threadCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1067 7ff7f59f0551-7ff7f59f0561 1068 7ff7f59f05ed-7ff7f59f05f7 1067->1068 1069 7ff7f59f0567-7ff7f59f056e call 7ff7f59f2b7a 1067->1069 1072 7ff7f59f05e6 1069->1072 1073 7ff7f59f0570-7ff7f59f05af GetCurrentThreadId _ultoa 1069->1073 1072->1068 1074 7ff7f59f05b4-7ff7f59f05b8 1073->1074 1075 7ff7f59f05c5-7ff7f59f05c8 1074->1075 1076 7ff7f59f05ba-7ff7f59f05c1 1074->1076 1078 7ff7f59f05db-7ff7f59f05e1 OutputDebugStringA abort 1075->1078 1079 7ff7f59f05ca-7ff7f59f05d6 1075->1079 1076->1074 1077 7ff7f59f05c3 1076->1077 1077->1078 1078->1072 1079->1078
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: CurrentDebugOutputStringThread_ultoaabort
    • String ID: Error cleaning up spin_keys for thread
    • API String ID: 4191895893-2906507043
    • Opcode ID: 28625374de596ec957c2db102addecdbc3fdee8b1b9ec0c5134ffc8d867eb8dd
    • Instruction ID: 5133c41012fe8e785e02d5d52066648f7f33d62515cfb1f54318573a62c3f7f4
    • Opcode Fuzzy Hash: 28625374de596ec957c2db102addecdbc3fdee8b1b9ec0c5134ffc8d867eb8dd
    • Instruction Fuzzy Hash: 3811ED52B0CA02C0FB25A724E41477A9EE19F45B64FD40330DA7E067C4DFACE9468BA1
    Function 00007FF7F59F2F53 Relevance: 7.7, APIs: 5, Instructions: 181synchronizationCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: ObjectSingleWait$EventReset
    • String ID:
    • API String ID: 466820088-0
    • Opcode ID: c9eace45c1e20b2ee973a4e5154353f1058ee3e2b26b7ba299b9a0ac35f2f4ec
    • Instruction ID: 001bfef29a45186b206e969e1fafd6f5f6e36137486fff0cd21c7263447a7002
    • Opcode Fuzzy Hash: c9eace45c1e20b2ee973a4e5154353f1058ee3e2b26b7ba299b9a0ac35f2f4ec
    • Instruction Fuzzy Hash: C7513211F0D20342FBBCF5A5CA8837AD1C09F85B94F98413ADD7E8A1D2CF5CA84592A2
    Function 00007FF7F59F2BC0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: CriticalLeaveSection$AcquireLock
    • String ID:
    • API String ID: 602743569-0
    • Opcode ID: 0962ff4d408e6cb1288624cfeb866287765c4f685f0bdbf6130013d173507566
    • Instruction ID: 5a3a7af07829f5df0a095e18c124b246f04f016042a6a6df5081e47b874f54be
    • Opcode Fuzzy Hash: 0962ff4d408e6cb1288624cfeb866287765c4f685f0bdbf6130013d173507566
    • Instruction Fuzzy Hash: 4001A721F0960646EB14EF56ED91B39D2916F99FF5F988530CD7E837C0DE2CA8828254
    Function 00007FF7F59EB30B Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualProtect.KERNEL32(?,?,00007FF7F5A10078,00000000,?,?,?,00007FF7F5A10070,00007FF7F59E1208), ref: 00007FF7F59EB562
    Strings
    • Unknown pseudo relocation protocol version %d., xrefs: 00007FF7F59EB402
    • Unknown pseudo relocation bit size %d., xrefs: 00007FF7F59EB48B
    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF7F59EB4FD
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: ProtectVirtual
    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
    • API String ID: 544645111-1286557213
    • Opcode ID: b87c440d0ce09a325146255e2c62a7d7f9ea911dbc58ee9562a63bfc68d4317a
    • Instruction ID: 5b598ef86871e152252ffd0824ee1968755670cd2c0eb0c997377e792af1e845
    • Opcode Fuzzy Hash: b87c440d0ce09a325146255e2c62a7d7f9ea911dbc58ee9562a63bfc68d4317a
    • Instruction Fuzzy Hash: 71619F31F0C61287EB18EB21D9406B8A7A2AF04FA4F845131D92C477D6EF3CE55187B2
    Function 00007FF7F59EAE31 Relevance: 6.1, APIs: 4, Instructions: 81stringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: ??3@$strlen
    • String ID:
    • API String ID: 4288758904-0
    • Opcode ID: a6dfbd3bbd6d30f0285126fd7785c26c9d49edd82aa33e0c3b24215e10c8bb32
    • Instruction ID: 60d0f45c08d8c718567ce14ef852d0d27c9ae38ef5bc46db699d07b6f7245df0
    • Opcode Fuzzy Hash: a6dfbd3bbd6d30f0285126fd7785c26c9d49edd82aa33e0c3b24215e10c8bb32
    • Instruction Fuzzy Hash: DA21D462A1D64287FBADFB11D448278D2906F50FA0F948535EE7E06BE8DF2C944186F2
    Function 00007FF7F59EF960 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Byte$CharMultiWide$Lead_errno
    • String ID:
    • API String ID: 2766522060-0
    • Opcode ID: 9826d567b648bf2a4da359b114d33b2d7787b083df2dbd1d3b3ec95ef89887e6
    • Instruction ID: f0ddc9fd5683209a9c5ea7034f13251eddd3d3555d272f44cdb17866b4e61b61
    • Opcode Fuzzy Hash: 9826d567b648bf2a4da359b114d33b2d7787b083df2dbd1d3b3ec95ef89887e6
    • Instruction Fuzzy Hash: BE310771A0C68247F3349B21E401769BA90AF85F88F848136DAA84B7C5EB3CD541CBB2
    Function 00007FF7F59F0D0D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Thread$CurrentErrorLastValue_realloc_dbg$CreateDuplicateEventHandlePriorityabort
    • String ID:
    • API String ID: 276713024-0
    • Opcode ID: 509f6bb76a6c33398b4ef3129c2671d0f9d188c6ac23010b116aace9a4fa66ff
    • Instruction ID: b4985e35c05202d64d2fe86c345c66f0646b156da156a3d8ea5bbed78e98c59c
    • Opcode Fuzzy Hash: 509f6bb76a6c33398b4ef3129c2671d0f9d188c6ac23010b116aace9a4fa66ff
    • Instruction Fuzzy Hash: E621B07260478146DB08EF29D88466CABD6BB45FE4F840030CE2A07385EF38E481C390
    Function 00007FF7F59F131F Relevance: 6.1, APIs: 4, Instructions: 52COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: Value$Thread$Current$CreateDuplicateEventHandlePriority_endthreadexabortlongjmp
    • String ID:
    • API String ID: 843818611-0
    • Opcode ID: 5f9ad97aa4ef47e8a630175607ed95d2c45f71f0beb6403a4ce64425aad03d7f
    • Instruction ID: cae2348172431c3c8d323380e69243201979584541353ddcb198326ff60a767b
    • Opcode Fuzzy Hash: 5f9ad97aa4ef47e8a630175607ed95d2c45f71f0beb6403a4ce64425aad03d7f
    • Instruction Fuzzy Hash: 93215C35E0960286EB19EF21D444338AAE5EF88F68F894035CA2D073D0DF7CA856C7E0
    Function 00007FF7F59F31AB Relevance: 6.0, APIs: 4, Instructions: 46COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: AcquireCriticalLeaveLockSection
    • String ID:
    • API String ID: 1584331419-0
    • Opcode ID: ed7aad597c06a4bb3ce86a0ffdcfefde02845fcb6de0f9fbb5a24b8bcb1a1b13
    • Instruction ID: 10d4ad8de53c58d91a69da0e9b3a67c45f602b8c2382ba2c3bdb8e57885776fa
    • Opcode Fuzzy Hash: ed7aad597c06a4bb3ce86a0ffdcfefde02845fcb6de0f9fbb5a24b8bcb1a1b13
    • Instruction Fuzzy Hash: 6D01A233F4525186DB16EB5BBD0096AA750BB88FE0F444131EE2A47391CE3CD8A28BC0
    Function 00007FF7F59EB5C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: signal
    • String ID: CCG
    • API String ID: 1946981877-1584390748
    • Opcode ID: a4dc9a7c7b0d6930c548d7929bbeb70a8dfba4514cb76b27c5fc15729a25129a
    • Instruction ID: 8f20e7e8a022bf2fa1b8ffa2794586cc7ce8226f8424411708f0f6c685c14ca9
    • Opcode Fuzzy Hash: a4dc9a7c7b0d6930c548d7929bbeb70a8dfba4514cb76b27c5fc15729a25129a
    • Instruction Fuzzy Hash: 3E217A21E0D50643FB6CF615C440378D593AF46F74FA88936CABD862D2CF5DA89142B3
    Function 00007FF7F59F03E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: ??3@fprintf
    • String ID: %p not found?!?!
    • API String ID: 4236183796-11085004
    • Opcode ID: d4ccac3f16f495541239e0516adcd3c245d2562482bc6974cdf4db170845370b
    • Instruction ID: fe9e3603f226baccd7461283756d8633b4e646db557e13f3d6e5e3ebe091c300
    • Opcode Fuzzy Hash: d4ccac3f16f495541239e0516adcd3c245d2562482bc6974cdf4db170845370b
    • Instruction Fuzzy Hash: 6511F521A1E60281FF69FB56E950178AA98AF58F94F941431CD3E067D5EF2CA89183E0
    Function 00007FF7F59EFF3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40threadCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: ??3@CurrentEventThread_malloc_dbg
    • String ID: basic_string::_M_create
    • API String ID: 3602570239-3122258987
    • Opcode ID: 3e086e1e1efb732a2bacf63e727d34f988616a79da3d3229d1a8298470904e7d
    • Instruction ID: e406856d24b303f69f121e88f79bc4eb50081de5ec0c50d4f652b1dedf4e08fb
    • Opcode Fuzzy Hash: 3e086e1e1efb732a2bacf63e727d34f988616a79da3d3229d1a8298470904e7d
    • Instruction Fuzzy Hash: D9014F32A195818BEB59AF35D800769A6E0DB49F14F884A32D929C61D4DB2CD881C7F2
    Function 00007FF7F59EB070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-3474627141
    • Opcode ID: f79641b6554905c2071e0436e5a8cc675a953b9ca8f1b14d9ef0de9fb5485f2e
    • Instruction ID: 0965e58d2001065f9e9796d7e3b56d59758922d5c3de1939d3cec5fbf5753db5
    • Opcode Fuzzy Hash: f79641b6554905c2071e0436e5a8cc675a953b9ca8f1b14d9ef0de9fb5485f2e
    • Instruction Fuzzy Hash: B3115166808E84C2D7119F1CE0413EAB370FF9A759FA05726EBC827664DF3AD1528750
    Function 00007FF7F59EB0C2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-4273532761
    • Opcode ID: 3c30c74fbd3a8ddfe79d8203db9c88e2db8818a124d273b3e40c8f0e39c7f29f
    • Instruction ID: 645982a7d1520734e3cf890da6f174c6d74251aaead9c36499d4fc4898309844
    • Opcode Fuzzy Hash: 3c30c74fbd3a8ddfe79d8203db9c88e2db8818a124d273b3e40c8f0e39c7f29f
    • Instruction Fuzzy Hash: 73F06266808F8482D311DF18E0002ABB370FF9E789F605326EBC926564DF3DD5128790
    Function 00007FF7F59EB0B9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-4283191376
    • Opcode ID: 04a889be2543c6147e35710510380d74e02a8c9c553f051a13b4bcad3d1ebc2c
    • Instruction ID: 185bcdcbd46ccbba4eca9c640ad8efa5514b9870d7a686d50fa9b05ca6737ccf
    • Opcode Fuzzy Hash: 04a889be2543c6147e35710510380d74e02a8c9c553f051a13b4bcad3d1ebc2c
    • Instruction Fuzzy Hash: F9F06D66808F8482D311DF28E0002ABB370FF9EB89F605326EBC92A564DF3DD5128790
    Function 00007FF7F59EB0CB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-2187435201
    • Opcode ID: f52472305d3ab5d63fc849f1574e45686c4f16452a5b7e6288fcec5478011775
    • Instruction ID: 32499fd7fe462522c20d8a5100189dfc77dd6d452a94597105b0430e023ee9ed
    • Opcode Fuzzy Hash: f52472305d3ab5d63fc849f1574e45686c4f16452a5b7e6288fcec5478011775
    • Instruction Fuzzy Hash: 1CF06D66808F8482D311DF28E0002ABB370FF9EB89F605326EBC92A564DF3DD5128790
    Function 00007FF7F59EB0B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-4064033741
    • Opcode ID: 16fc224b4bca745fd197d012a30d66de97d0318c747842bdd232329dfa74399c
    • Instruction ID: 0a0a00e19c78733036ac03b0720e3a8b7242cf8e76f8b90cc0abcdaf7157fc10
    • Opcode Fuzzy Hash: 16fc224b4bca745fd197d012a30d66de97d0318c747842bdd232329dfa74399c
    • Instruction Fuzzy Hash: 5FF06266808F8483D311DF18E0002ABB370FF9E789F605326EBC926564DF3DD5128750
    Function 00007FF7F59EB0A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-2713391170
    • Opcode ID: 4b833ccd667910693c88d745a006db30c292b226b9ddee592da0c286fcd70c56
    • Instruction ID: d347cbe6de8f14f556c7df2c43f5cb80ff2544964d7c08721da1ef9fbfa72f2d
    • Opcode Fuzzy Hash: 4b833ccd667910693c88d745a006db30c292b226b9ddee592da0c286fcd70c56
    • Instruction Fuzzy Hash: 17F06266808F8482D311DF18E0002ABB370FF9E789F605326EBC926564DF3DD5128750
    Function 00007FF7F59EB0D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1734232887.00007FF7F59E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F59E0000, based on PE: true
    • Associated: 00000000.00000002.1734220406.00007FF7F59E0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734251471.00007FF7F5A02000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A04000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734267913.00007FF7F5A0D000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734292780.00007FF7F5A10000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734305762.00007FF7F5A15000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5A16000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5D9E000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DC8000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5DF0000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F5EF3000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F63A7000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1734318346.00007FF7F66F6000.00000040.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7f59e0000_ujsvTrVlol.jbxd
    Similarity
    • API ID: fprintf
    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
    • API String ID: 383729395-2468659920
    • Opcode ID: b60da36e04e493ffe0a46cb8861305eccc9b30ba0eead1ba32104459ad7300b7
    • Instruction ID: 22f6d91d1b5b5b79f7c017fcc0462b82da6db2551d8990cc8a59c17399ff6c4a
    • Opcode Fuzzy Hash: b60da36e04e493ffe0a46cb8861305eccc9b30ba0eead1ba32104459ad7300b7
    • Instruction Fuzzy Hash: A3F01D66818F8482D311DF28E4402ABB370FF9E789F605326EFC92A664DF3DD5528750