Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FSJs1TlAyf.exe

Overview

General Information

Sample name:FSJs1TlAyf.exe
renamed because original name is a hash value
Original sample name:ee9523e1c8dacfac2fa2414e6ff2bb3e.exe
Analysis ID:1520605
MD5:ee9523e1c8dacfac2fa2414e6ff2bb3e
SHA1:0134b858c8ad7445ea13f7fbd92705dc80dd726f
SHA256:d275d3443707fd0808aadf5e4697b4dc38f5c74034cec06af426142c4ea72bd0
Tags:exeuser-abuse_ch
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • FSJs1TlAyf.exe (PID: 6088 cmdline: "C:\Users\user\Desktop\FSJs1TlAyf.exe" MD5: EE9523E1C8DACFAC2FA2414E6FF2BB3E)
    • conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: FSJs1TlAyf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715206920 FindFirstFileExW,FindClose,0_2_00007FF715206920
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715220974 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF715220974
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF715216208
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF715216208
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715210D6C0_2_00007FF715210D6C
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521AFEC0_2_00007FF71521AFEC
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715211BF40_2_00007FF715211BF4
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521F9D80_2_00007FF71521F9D8
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520FDD00_2_00007FF71520FDD0
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715222DDC0_2_00007FF715222DDC
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520783C0_2_00007FF71520783C
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152160540_2_00007FF715216054
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152120280_2_00007FF715212028
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521D8180_2_00007FF71521D818
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152058900_2_00007FF715205890
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521705C0_2_00007FF71521705C
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152110F80_2_00007FF7152110F8
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152098F00_2_00007FF7152098F0
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152287180_2_00007FF715228718
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520FFBC0_2_00007FF71520FFBC
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520F8140_2_00007FF71520F814
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715208FF00_2_00007FF715208FF0
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152073140_2_00007FF715207314
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152229500_2_00007FF715222950
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520717D0_2_00007FF71520717D
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152149700_2_00007FF715214970
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152209740_2_00007FF715220974
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521D1980_2_00007FF71521D198
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152101A40_2_00007FF7152101A4
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152162080_2_00007FF715216208
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520F9FC0_2_00007FF71520F9FC
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521F9D80_2_00007FF71521F9D8
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152249D80_2_00007FF7152249D8
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715224C540_2_00007FF715224C54
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715218C600_2_00007FF715218C60
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71521CCE80_2_00007FF71521CCE8
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152162080_2_00007FF715216208
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715207B480_2_00007FF715207B48
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152253D00_2_00007FF7152253D0
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520FBE80_2_00007FF71520FBE8
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152123F40_2_00007FF7152123F4
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: String function: 00007FF715201C40 appears 44 times
Source: classification engineClassification label: clean5.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152065C0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7152065C0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_03
Source: FSJs1TlAyf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeFile read: C:\Users\user\Desktop\FSJs1TlAyf.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\FSJs1TlAyf.exe "C:\Users\user\Desktop\FSJs1TlAyf.exe"
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeSection loaded: kernel.appcore.dllJump to behavior
Source: FSJs1TlAyf.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: FSJs1TlAyf.exeStatic file information: File size 1908755 > 1048576
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: FSJs1TlAyf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: FSJs1TlAyf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: FSJs1TlAyf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: FSJs1TlAyf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: FSJs1TlAyf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: FSJs1TlAyf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: FSJs1TlAyf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: FSJs1TlAyf.exeStatic PE information: real checksum: 0x6b0ea0 should be: 0x1e112c
Source: FSJs1TlAyf.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715202EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF715202EF0
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17778
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeAPI coverage: 7.8 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715206920 FindFirstFileExW,FindClose,0_2_00007FF715206920
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715220974 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF715220974
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF715216208
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF715216208
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520A79C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF71520A79C
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715222540 GetProcessHeap,0_2_00007FF715222540
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520A79C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF71520A79C
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520A944 SetUnhandledExceptionFilter,0_2_00007FF71520A944
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520A184 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF71520A184
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715219B90 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF715219B90
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF715228560 cpuid 0_2_00007FF715228560
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF71520A680 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF71520A680
Source: C:\Users\user\Desktop\FSJs1TlAyf.exeCode function: 0_2_00007FF7152249D8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7152249D8

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Process Injection		1
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1520605 Sample: FSJs1TlAyf.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 5 5 FSJs1TlAyf.exe 1 2->5         started        process3 7 conhost.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
FSJs1TlAyf.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1520605
Start date and time:2024-09-27 16:45:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:FSJs1TlAyf.exe
renamed because original name is a hash value
Original Sample Name:ee9523e1c8dacfac2fa2414e6ff2bb3e.exe
Detection:CLEAN
Classification:clean5.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 99%
  • Number of executed functions: 22
  • Number of non-executed functions: 78
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: FSJs1TlAyf.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\FSJs1TlAyf.exe
File Type:JSON data
Category:dropped
Size (bytes):158
Entropy (8bit):4.992032697619302
Encrypted:false
SSDEEP:3:sVWLVVALkjBXFEWMAK0Nk8uUWJRWjdpi2mgL5eT98uUWJRWjGvn:sAzTFXF2oNk8uNJALtHAT98uNJAav
MD5:B55C99998D8C3373C0D85DE03CE2F34D
SHA1:567E2B86CD501916997CCF575DD2AE71E3D00B0E
SHA-256:5327633513DA874A793F8844D1DAAFB30AAFE7C245A923861CBE99DBA5CB2CF2
SHA-512:2BF8E4C7DA634AFC3060A9AD64B04B9D9D26B30851610F0890248E0B9D3CAC271FC38A6C7C2D52D9D8C9A88582A58B366B229511416FEB19B199272FF44723A6
Malicious:false
Reputation:low
Preview:[6088] Cannot open PyInstaller archive from executable (C:\Users\user\Desktop\FSJs1TlAyf.exe) or external archive (C:\Users\user\Desktop\FSJs1TlAyf.pkg)..

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):7.92076736379278
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:FSJs1TlAyf.exe
File size:1'908'755 bytes
MD5:ee9523e1c8dacfac2fa2414e6ff2bb3e
SHA1:0134b858c8ad7445ea13f7fbd92705dc80dd726f
SHA256:d275d3443707fd0808aadf5e4697b4dc38f5c74034cec06af426142c4ea72bd0
SHA512:f302124d0224657fc25e05bc16fe8a4bd7426f9e822094ed6c549c559b3d8d12652bbb62b4016537f30e91d0f1d4e11c4ab20eac100bfaf87214dc05118a9c4c
SSDEEP:24576:zzmVuyO5XT6785RIWO4r2EBnfxGmTgayLPA8nkweCk9mIZQeICFcIiLbnQNbnKWX:zXzXTK82EZ5zgzQCFIKerF1wA2W5V
TLSH:0F952285726018F5ECB2913EC8519926E6717C261725C68B03F4DB633F236E2AD3F792
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0..&t..ut..ut..u...ts..u...t...u...t~..u...uw..u&..tS..u&..te..u&..t}..u...tq..ut..u...u...t`..u...tu..uRicht..u...............

File Icon

Icon Hash:2e1e7c4c4c61e979

Static PE Info

General

Entrypoint:0x14000a170
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x635FD051 [Mon Oct 31 13:40:33 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:2
File Version Major:5
File Version Minor:2
Subsystem Version Major:5
Subsystem Version Minor:2
Import Hash:0bbecc8e9f9f17b0ea9cc3899b15e5cf

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F171CB44FACh
dec eax
add esp, 28h
jmp 00007F171CB4490Fh
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0001FF83h]
dec eax
mov ecx, ebx
call dword ptr [0001FF72h]
call dword ptr [0001FEFCh]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [0001FF68h]
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [0001FF54h]
test eax, eax
je 00007F171CB44AA9h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [00040EBAh]
call 00007F171CB44C6Eh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [00040FA1h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [00040F31h], eax
dec eax
mov eax, dword ptr [00040F8Ah]
dec eax
mov dword ptr [00040DFBh], eax
dec eax
mov eax, dword ptr [esp+40h]
dec eax
mov dword ptr [00040EFFh], eax
mov dword ptr [00040DD5h], C0000409h
mov dword ptr [00040DCFh], 00000001h
mov dword ptr [000000D9h], 00000000h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x3af840x3c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000xf00c.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4d0000x20c4.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x610000x760.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x388d00x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x388f00x138.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x283b00x284003934da16b5483705275109464a144723False0.5573866944875776zlib compressed data6.489819183693795IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x2a0000x11b0a0x11c005a74c3f7ad60948d0df9367209637026False0.49700154049295775data5.740250026808923IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x3c0000x103f80xe002e1e8fe7925a84141c5002f6f9f2433fFalse0.13169642857142858data1.815543957758518IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x4d0000x20c40x2200fa1e65ae14d0fa9cfb8c159678c80456False0.4762178308823529data5.29574114817852IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x500000xf40x200b8e40129f8b47b4f0cad612d6dcc81ceFalse0.30859375data1.9916014127577144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x510000xf00c0xf20022651a6423c0ab780c43ed764bf56979False0.7950994318181818data7.356285455548181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x610000x7600x800f1b8ddf27c1f50be169553e1e4fa77aeFalse0.5576171875data5.23067452278527IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x512080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
RT_ICON0x520b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
RT_ICON0x529580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
RT_ICON0x52ec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
RT_ICON0x5bf5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
RT_ICON0x5e5040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
RT_ICON0x5f5ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
RT_GROUP_ICON0x5fa140x68data0.7019230769230769
RT_MANIFEST0x5fa7c0x58eXML 1.0 document, ASCII text, with CRLF line terminators0.4451476793248945

Imports

DLLImport
KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, FreeLibrary, LoadLibraryExW, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, GetStartupInfoW, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW
ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:10:45:55
Start date:27/09/2024
Path:C:\Users\user\Desktop\FSJs1TlAyf.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\FSJs1TlAyf.exe"
Imagebase:0x7ff715200000
File size:1'908'755 bytes
MD5 hash:EE9523E1C8DACFAC2FA2414E6FF2BB3E
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:1
Start time:10:45:55
Start date:27/09/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6d64d0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:6.8%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:10.8%
    Total number of Nodes:2000
    Total number of Limit Nodes:33
    execution_graph 19745 7ff71521e8d0 19746 7ff71521eab8 19745->19746 19748 7ff71521e913 _isindst 19745->19748 19747 7ff715215a18 _set_errno_from_matherr 11 API calls 19746->19747 19765 7ff71521eaaa 19747->19765 19748->19746 19751 7ff71521e98f _isindst 19748->19751 19749 7ff715209e80 _wfindfirst32i64 8 API calls 19750 7ff71521ead3 19749->19750 19766 7ff715224f6c 19751->19766 19756 7ff71521eae4 19757 7ff715219e80 _wfindfirst32i64 17 API calls 19756->19757 19760 7ff71521eaf8 19757->19760 19763 7ff71521e9ec 19763->19765 19791 7ff715224fac 19763->19791 19765->19749 19767 7ff71521e9ad 19766->19767 19768 7ff715224f7a 19766->19768 19773 7ff715224378 19767->19773 19798 7ff71521f758 EnterCriticalSection 19768->19798 19774 7ff715224381 19773->19774 19778 7ff71521e9c2 19773->19778 19775 7ff715215a18 _set_errno_from_matherr 11 API calls 19774->19775 19776 7ff715224386 19775->19776 19777 7ff715219e60 _invalid_parameter_noinfo 37 API calls 19776->19777 19777->19778 19778->19756 19779 7ff7152243a8 19778->19779 19780 7ff71521e9d3 19779->19780 19781 7ff7152243b1 19779->19781 19780->19756 19785 7ff7152243d8 19780->19785 19782 7ff715215a18 _set_errno_from_matherr 11 API calls 19781->19782 19783 7ff7152243b6 19782->19783 19784 7ff715219e60 _invalid_parameter_noinfo 37 API calls 19783->19784 19784->19780 19786 7ff71521e9e4 19785->19786 19787 7ff7152243e1 19785->19787 19786->19756 19786->19763 19788 7ff715215a18 _set_errno_from_matherr 11 API calls 19787->19788 19789 7ff7152243e6 19788->19789 19790 7ff715219e60 _invalid_parameter_noinfo 37 API calls 19789->19790 19790->19786 19799 7ff71521f758 EnterCriticalSection 19791->19799 18979 7ff71521a540 18980 7ff71521a55a 18979->18980 18981 7ff71521a545 18979->18981 18985 7ff71521a560 18981->18985 18986 7ff71521a5aa 18985->18986 18987 7ff71521a5a2 18985->18987 18989 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18986->18989 18988 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18987->18988 18988->18986 18990 7ff71521a5b7 18989->18990 18991 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18990->18991 18992 7ff71521a5c4 18991->18992 18993 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18992->18993 18994 7ff71521a5d1 18993->18994 18995 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18994->18995 18996 7ff71521a5de 18995->18996 18997 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18996->18997 18998 7ff71521a5eb 18997->18998 18999 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18998->18999 19000 7ff71521a5f8 18999->19000 19001 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19000->19001 19002 7ff71521a605 19001->19002 19003 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19002->19003 19004 7ff71521a615 19003->19004 19005 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19004->19005 19006 7ff71521a625 19005->19006 19011 7ff71521a410 19006->19011 19025 7ff71521f758 EnterCriticalSection 19011->19025 19027 7ff715226b40 19030 7ff7152216f0 19027->19030 19031 7ff715221742 19030->19031 19032 7ff7152216fd 19030->19032 19036 7ff71521a794 19032->19036 19037 7ff71521a7c0 FlsSetValue 19036->19037 19038 7ff71521a7a5 FlsGetValue 19036->19038 19040 7ff71521a7b2 19037->19040 19041 7ff71521a7cd 19037->19041 19039 7ff71521a7ba 19038->19039 19038->19040 19039->19037 19042 7ff71521a7b8 19040->19042 19043 7ff7152192cc __GetCurrentState 45 API calls 19040->19043 19044 7ff71521de58 _set_errno_from_matherr 11 API calls 19041->19044 19056 7ff7152213c8 19042->19056 19045 7ff71521a835 19043->19045 19046 7ff71521a7dc 19044->19046 19047 7ff71521a7fa FlsSetValue 19046->19047 19048 7ff71521a7ea FlsSetValue 19046->19048 19050 7ff71521a818 19047->19050 19051 7ff71521a806 FlsSetValue 19047->19051 19049 7ff71521a7f3 19048->19049 19052 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19049->19052 19053 7ff71521a470 _set_errno_from_matherr 11 API calls 19050->19053 19051->19049 19052->19040 19054 7ff71521a820 19053->19054 19055 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19054->19055 19055->19042 19079 7ff715221638 19056->19079 19058 7ff7152213fd 19094 7ff7152210c8 19058->19094 19061 7ff71521cbb0 _fread_nolock 12 API calls 19062 7ff71522142b 19061->19062 19063 7ff715221433 19062->19063 19065 7ff715221442 19062->19065 19064 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19063->19064 19076 7ff71522141a 19064->19076 19065->19065 19101 7ff71522176c 19065->19101 19068 7ff715221558 19072 7ff715221599 19068->19072 19077 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19068->19077 19069 7ff71522153e 19070 7ff715215a18 _set_errno_from_matherr 11 API calls 19069->19070 19071 7ff715221543 19070->19071 19073 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19071->19073 19074 7ff715221600 19072->19074 19112 7ff715220ef8 19072->19112 19073->19076 19075 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19074->19075 19075->19076 19076->19031 19077->19072 19080 7ff71522165b 19079->19080 19081 7ff715221665 19080->19081 19127 7ff71521f758 EnterCriticalSection 19080->19127 19083 7ff7152216d7 19081->19083 19085 7ff7152192cc __GetCurrentState 45 API calls 19081->19085 19083->19058 19087 7ff7152216ef 19085->19087 19090 7ff715221742 19087->19090 19091 7ff71521a794 50 API calls 19087->19091 19090->19058 19092 7ff71522172c 19091->19092 19093 7ff7152213c8 65 API calls 19092->19093 19093->19090 19095 7ff715214434 45 API calls 19094->19095 19096 7ff7152210dc 19095->19096 19097 7ff7152210e8 GetOEMCP 19096->19097 19098 7ff7152210fa 19096->19098 19100 7ff71522110f 19097->19100 19099 7ff7152210ff GetACP 19098->19099 19098->19100 19099->19100 19100->19061 19100->19076 19102 7ff7152210c8 47 API calls 19101->19102 19104 7ff715221799 19102->19104 19103 7ff715221819 memcpy_s 19105 7ff715209e80 _wfindfirst32i64 8 API calls 19103->19105 19104->19103 19106 7ff7152217d6 IsValidCodePage 19104->19106 19107 7ff715221535 19105->19107 19106->19103 19108 7ff7152217e7 19106->19108 19107->19068 19107->19069 19109 7ff71522181e GetCPInfo 19108->19109 19111 7ff7152217f0 memcpy_s 19108->19111 19109->19103 19109->19111 19128 7ff7152211e0 19111->19128 19196 7ff71521f758 EnterCriticalSection 19112->19196 19129 7ff71522121d GetCPInfo 19128->19129 19130 7ff715221313 19128->19130 19129->19130 19136 7ff715221230 19129->19136 19131 7ff715209e80 _wfindfirst32i64 8 API calls 19130->19131 19133 7ff7152213b2 19131->19133 19133->19103 19139 7ff715221ef8 19136->19139 19138 7ff715226aa0 54 API calls 19138->19130 19140 7ff715214434 45 API calls 19139->19140 19141 7ff715221f3a 19140->19141 19142 7ff71521e814 _fread_nolock MultiByteToWideChar 19141->19142 19145 7ff715221f70 19142->19145 19143 7ff715221f77 19147 7ff715209e80 _wfindfirst32i64 8 API calls 19143->19147 19144 7ff715221fa0 memcpy_s 19148 7ff71522203e 19144->19148 19151 7ff71521e814 _fread_nolock MultiByteToWideChar 19144->19151 19145->19143 19145->19144 19146 7ff71521cbb0 _fread_nolock 12 API calls 19145->19146 19145->19148 19146->19144 19149 7ff7152212a7 19147->19149 19148->19143 19150 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19148->19150 19154 7ff715226aa0 19149->19154 19150->19143 19152 7ff715222019 19151->19152 19152->19148 19153 7ff715222024 GetStringTypeW 19152->19153 19153->19148 19155 7ff715214434 45 API calls 19154->19155 19156 7ff715226ac5 19155->19156 19159 7ff715226780 19156->19159 19160 7ff7152267c2 19159->19160 19161 7ff71521e814 _fread_nolock MultiByteToWideChar 19160->19161 19162 7ff71522680c 19161->19162 19165 7ff71521cbb0 _fread_nolock 12 API calls 19162->19165 19166 7ff715226a77 19162->19166 19168 7ff715226842 19162->19168 19175 7ff715226944 19162->19175 19163 7ff715209e80 _wfindfirst32i64 8 API calls 19164 7ff7152212da 19163->19164 19164->19138 19165->19168 19166->19163 19167 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19167->19166 19169 7ff71521e814 _fread_nolock MultiByteToWideChar 19168->19169 19168->19175 19170 7ff7152268b2 19169->19170 19170->19175 19187 7ff71521e2a8 19170->19187 19173 7ff715226901 19173->19175 19177 7ff71521e2a8 __crtLCMapStringW 6 API calls 19173->19177 19174 7ff715226953 19174->19175 19176 7ff71521cbb0 _fread_nolock 12 API calls 19174->19176 19178 7ff715226971 19174->19178 19175->19166 19175->19167 19176->19178 19177->19175 19178->19175 19179 7ff71521e2a8 __crtLCMapStringW 6 API calls 19178->19179 19182 7ff7152269ee 19179->19182 19180 7ff715226a23 19180->19175 19181 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19180->19181 19181->19175 19182->19180 19183 7ff71521f0b4 WideCharToMultiByte 19182->19183 19184 7ff715226a1d 19183->19184 19184->19180 19185 7ff715226a4a 19184->19185 19185->19175 19186 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19185->19186 19186->19175 19188 7ff71521ded0 __crtLCMapStringW 5 API calls 19187->19188 19189 7ff71521e2e6 19188->19189 19190 7ff71521e2ee 19189->19190 19193 7ff71521e394 19189->19193 19190->19173 19190->19174 19190->19175 19192 7ff71521e357 LCMapStringW 19192->19190 19194 7ff71521ded0 __crtLCMapStringW 5 API calls 19193->19194 19195 7ff71521e3c2 __crtLCMapStringW 19194->19195 19195->19192 19844 7ff7152207b0 19855 7ff715226310 19844->19855 19856 7ff71522631d 19855->19856 19857 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19856->19857 19858 7ff715226339 19856->19858 19857->19856 19859 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19858->19859 19860 7ff7152207b9 19858->19860 19859->19858 19861 7ff71521f758 EnterCriticalSection 19860->19861 19862 7ff715216ab0 19867 7ff71521f758 EnterCriticalSection 19862->19867 19971 7ff715218b10 19974 7ff715218a90 19971->19974 19981 7ff71521f758 EnterCriticalSection 19974->19981 20014 7ff715209f00 20015 7ff715209f10 20014->20015 20031 7ff7152151bc 20015->20031 20017 7ff715209f1c 20037 7ff71520a4b8 20017->20037 20019 7ff715209f89 20020 7ff71520a79c 7 API calls 20019->20020 20030 7ff715209fa5 20019->20030 20021 7ff715209fb5 20020->20021 20022 7ff715209f34 _RTC_Initialize 20022->20019 20042 7ff71520a668 20022->20042 20024 7ff715209f49 20045 7ff715217f24 20024->20045 20032 7ff7152151cd 20031->20032 20033 7ff7152151d5 20032->20033 20034 7ff715215a18 _set_errno_from_matherr 11 API calls 20032->20034 20033->20017 20035 7ff7152151e4 20034->20035 20036 7ff715219e60 _invalid_parameter_noinfo 37 API calls 20035->20036 20036->20033 20038 7ff71520a4c9 20037->20038 20041 7ff71520a4ce __scrt_release_startup_lock 20037->20041 20039 7ff71520a79c 7 API calls 20038->20039 20038->20041 20040 7ff71520a542 20039->20040 20041->20022 20070 7ff71520a62c 20042->20070 20044 7ff71520a671 20044->20024 20046 7ff715217f44 20045->20046 20060 7ff715209f55 20045->20060 20047 7ff715217f4c 20046->20047 20048 7ff715217f62 GetModuleFileNameW 20046->20048 20049 7ff715215a18 _set_errno_from_matherr 11 API calls 20047->20049 20052 7ff715217f8d 20048->20052 20050 7ff715217f51 20049->20050 20051 7ff715219e60 _invalid_parameter_noinfo 37 API calls 20050->20051 20051->20060 20053 7ff715217ec4 11 API calls 20052->20053 20054 7ff715217fcd 20053->20054 20055 7ff715217fd5 20054->20055 20059 7ff715217fed 20054->20059 20056 7ff715215a18 _set_errno_from_matherr 11 API calls 20055->20056 20057 7ff715217fda 20056->20057 20058 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20057->20058 20058->20060 20062 7ff71521803b 20059->20062 20064 7ff715218054 20059->20064 20068 7ff71521800f 20059->20068 20060->20019 20069 7ff71520a73c InitializeSListHead 20060->20069 20061 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20061->20060 20063 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20062->20063 20065 7ff715218044 20063->20065 20066 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20064->20066 20067 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20065->20067 20066->20068 20067->20060 20068->20061 20071 7ff71520a63f 20070->20071 20072 7ff71520a646 20070->20072 20071->20044 20074 7ff715218fac 20072->20074 20077 7ff715218be8 20074->20077 20084 7ff71521f758 EnterCriticalSection 20077->20084 15940 7ff715209fec 15961 7ff71520a46c 15940->15961 15943 7ff71520a00d __scrt_acquire_startup_lock 15946 7ff71520a14d 15943->15946 15952 7ff71520a02b __scrt_release_startup_lock 15943->15952 15944 7ff71520a143 16070 7ff71520a79c IsProcessorFeaturePresent 15944->16070 15947 7ff71520a79c 7 API calls 15946->15947 15949 7ff71520a158 __GetCurrentState 15947->15949 15948 7ff71520a050 15950 7ff71520a0d6 15969 7ff71521868c 15950->15969 15952->15948 15952->15950 16059 7ff715218a44 15952->16059 15954 7ff71520a0db 15975 7ff715201000 15954->15975 15958 7ff71520a0ff 15958->15949 16066 7ff71520a600 15958->16066 16077 7ff71520aa3c 15961->16077 15964 7ff71520a005 15964->15943 15964->15944 15965 7ff71520a49b 16079 7ff71521914c 15965->16079 15970 7ff71521869c 15969->15970 15974 7ff7152186b1 15969->15974 15970->15974 16122 7ff71521811c 15970->16122 15974->15954 15976 7ff715201011 15975->15976 16318 7ff715206710 15976->16318 15978 7ff715201023 16325 7ff715214930 15978->16325 15980 7ff71520277b 16332 7ff715201ae0 15980->16332 15984 7ff715209e80 _wfindfirst32i64 8 API calls 15985 7ff7152028ae 15984->15985 16064 7ff71520a8f0 GetModuleHandleW 15985->16064 15986 7ff715202799 16016 7ff71520289a 15986->16016 16348 7ff715202c20 15986->16348 15988 7ff7152027cb 15988->16016 16351 7ff715205aa0 15988->16351 15990 7ff7152027e7 15991 7ff715202833 15990->15991 15993 7ff715205aa0 92 API calls 15990->15993 16366 7ff715206040 15991->16366 15997 7ff715202808 __std_exception_copy 15993->15997 15994 7ff715202848 16370 7ff7152019c0 15994->16370 15997->15991 16000 7ff715206040 89 API calls 15997->16000 15998 7ff715202968 16007 7ff7152029ab 15998->16007 16414 7ff715206d00 15998->16414 15999 7ff7152019c0 121 API calls 16003 7ff71520287e 15999->16003 16000->15991 16005 7ff715202882 16003->16005 16006 7ff7152028c0 16003->16006 16004 7ff715202988 16008 7ff71520299e SetDllDirectoryW 16004->16008 16009 7ff71520298d 16004->16009 16381 7ff715201c40 16005->16381 16026 7ff71520293d 16006->16026 16387 7ff715202db0 16006->16387 16428 7ff715204f70 16007->16428 16008->16007 16013 7ff715201c40 86 API calls 16009->16013 16013->16016 16016->15984 16017 7ff715202a06 16024 7ff715202ac6 16017->16024 16032 7ff715202a19 16017->16032 16018 7ff7152028e2 16021 7ff715201c40 86 API calls 16018->16021 16021->16016 16022 7ff7152029c8 16022->16017 16442 7ff715204760 16022->16442 16023 7ff715202910 16025 7ff715202915 16023->16025 16023->16026 16574 7ff715202310 16024->16574 16406 7ff71520e138 16025->16406 16026->15998 16410 7ff715202480 16026->16410 16031 7ff715202ad3 16031->16016 16584 7ff715205fd0 16031->16584 16039 7ff715202a65 16032->16039 16542 7ff715201b20 16032->16542 16033 7ff7152029dd 16462 7ff7152046f0 16033->16462 16034 7ff7152029fc 16536 7ff7152049c0 16034->16536 16039->16016 16546 7ff7152022b0 16039->16546 16040 7ff7152029e7 16040->16034 16042 7ff7152029eb 16040->16042 16041 7ff715202afb 16043 7ff715205aa0 92 API calls 16041->16043 16530 7ff715204dc0 16042->16530 16047 7ff715202b07 16043->16047 16045 7ff715202aa1 16050 7ff7152049c0 FreeLibrary 16045->16050 16047->16016 16049 7ff715202b18 16047->16049 16591 7ff715206080 16049->16591 16050->16016 16060 7ff715218a7c 16059->16060 16061 7ff715218a5b 16059->16061 18861 7ff715219198 16060->18861 16061->15950 16065 7ff71520a901 16064->16065 16065->15958 16068 7ff71520a611 16066->16068 16067 7ff71520a116 16067->15948 16068->16067 16069 7ff71520b994 __scrt_initialize_crt 7 API calls 16068->16069 16069->16067 16071 7ff71520a7c2 _wfindfirst32i64 memcpy_s 16070->16071 16072 7ff71520a7e1 RtlCaptureContext RtlLookupFunctionEntry 16071->16072 16073 7ff71520a80a RtlVirtualUnwind 16072->16073 16074 7ff71520a846 memcpy_s 16072->16074 16073->16074 16075 7ff71520a878 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16074->16075 16076 7ff71520a8ca _wfindfirst32i64 16075->16076 16076->15946 16078 7ff71520a48e __scrt_dllmain_crt_thread_attach 16077->16078 16078->15964 16078->15965 16081 7ff71522256c 16079->16081 16080 7ff71520a4a0 16080->15964 16083 7ff71520b994 16080->16083 16081->16080 16089 7ff71521bac0 16081->16089 16084 7ff71520b99c 16083->16084 16085 7ff71520b9a6 16083->16085 16101 7ff71520bd14 16084->16101 16085->15964 16100 7ff71521f758 EnterCriticalSection 16089->16100 16102 7ff71520b9a1 16101->16102 16103 7ff71520bd23 16101->16103 16105 7ff71520bd6c 16102->16105 16109 7ff71520bf3c 16103->16109 16106 7ff71520bd97 16105->16106 16107 7ff71520bd7a DeleteCriticalSection 16106->16107 16108 7ff71520bd9b 16106->16108 16107->16106 16108->16085 16113 7ff71520bda4 16109->16113 16114 7ff71520bde8 __vcrt_InitializeCriticalSectionEx 16113->16114 16120 7ff71520bebe TlsFree 16113->16120 16115 7ff71520be16 LoadLibraryExW 16114->16115 16116 7ff71520bead GetProcAddress 16114->16116 16114->16120 16121 7ff71520be59 LoadLibraryExW 16114->16121 16117 7ff71520be37 GetLastError 16115->16117 16118 7ff71520be8d 16115->16118 16116->16120 16117->16114 16118->16116 16119 7ff71520bea4 FreeLibrary 16118->16119 16119->16116 16121->16114 16121->16118 16123 7ff715218135 16122->16123 16130 7ff715218131 16122->16130 16143 7ff715221b3c GetEnvironmentStringsW 16123->16143 16126 7ff71521814e 16156 7ff71521829c 16126->16156 16127 7ff715218142 16150 7ff715219ec8 16127->16150 16130->15974 16135 7ff7152184dc 16130->16135 16132 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16133 7ff715218175 16132->16133 16134 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16133->16134 16134->16130 16136 7ff7152184ff 16135->16136 16140 7ff715218516 16135->16140 16136->15974 16137 7ff71521e814 MultiByteToWideChar _fread_nolock 16137->16140 16138 7ff71521de58 _set_errno_from_matherr 11 API calls 16138->16140 16139 7ff71521858a 16141 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16139->16141 16140->16136 16140->16137 16140->16138 16140->16139 16142 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16140->16142 16141->16136 16142->16140 16144 7ff715221b60 16143->16144 16145 7ff71521813a 16143->16145 16175 7ff71521cbb0 16144->16175 16145->16126 16145->16127 16147 7ff715221b97 memcpy_s 16148 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16147->16148 16149 7ff715221bb7 FreeEnvironmentStringsW 16148->16149 16149->16145 16151 7ff715219ecd HeapFree 16150->16151 16152 7ff715219efc 16150->16152 16151->16152 16153 7ff715219ee8 GetLastError 16151->16153 16152->16130 16154 7ff715219ef5 Concurrency::details::SchedulerProxy::DeleteThis 16153->16154 16155 7ff715215a18 _set_errno_from_matherr 9 API calls 16154->16155 16155->16152 16157 7ff7152182c4 16156->16157 16158 7ff71521de58 _set_errno_from_matherr 11 API calls 16157->16158 16170 7ff7152182ff 16158->16170 16159 7ff715218307 16160 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16159->16160 16161 7ff715218156 16160->16161 16161->16132 16162 7ff715218381 16163 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16162->16163 16163->16161 16164 7ff71521de58 _set_errno_from_matherr 11 API calls 16164->16170 16165 7ff715218370 16246 7ff7152183b8 16165->16246 16169 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16169->16159 16170->16159 16170->16162 16170->16164 16170->16165 16171 7ff7152183a4 16170->16171 16173 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16170->16173 16237 7ff71521f8f4 16170->16237 16252 7ff715219e80 IsProcessorFeaturePresent 16171->16252 16173->16170 16176 7ff71521cbfb 16175->16176 16180 7ff71521cbbf _set_errno_from_matherr 16175->16180 16185 7ff715215a18 16176->16185 16178 7ff71521cbe2 HeapAlloc 16179 7ff71521cbf9 16178->16179 16178->16180 16179->16147 16180->16176 16180->16178 16182 7ff715222650 16180->16182 16188 7ff71522268c 16182->16188 16194 7ff71521a838 GetLastError 16185->16194 16187 7ff715215a21 16187->16179 16193 7ff71521f758 EnterCriticalSection 16188->16193 16195 7ff71521a879 FlsSetValue 16194->16195 16197 7ff71521a85c 16194->16197 16196 7ff71521a88b 16195->16196 16200 7ff71521a869 SetLastError 16195->16200 16211 7ff71521de58 16196->16211 16197->16195 16197->16200 16200->16187 16202 7ff71521a8b8 FlsSetValue 16204 7ff71521a8c4 FlsSetValue 16202->16204 16205 7ff71521a8d6 16202->16205 16203 7ff71521a8a8 FlsSetValue 16206 7ff71521a8b1 16203->16206 16204->16206 16218 7ff71521a470 16205->16218 16208 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16206->16208 16208->16200 16216 7ff71521de69 _set_errno_from_matherr 16211->16216 16212 7ff71521deba 16215 7ff715215a18 _set_errno_from_matherr 10 API calls 16212->16215 16213 7ff71521de9e HeapAlloc 16214 7ff71521a89a 16213->16214 16213->16216 16214->16202 16214->16203 16215->16214 16216->16212 16216->16213 16217 7ff715222650 _set_errno_from_matherr 2 API calls 16216->16217 16217->16216 16223 7ff71521a348 16218->16223 16235 7ff71521f758 EnterCriticalSection 16223->16235 16238 7ff71521f90b 16237->16238 16239 7ff71521f901 16237->16239 16240 7ff715215a18 _set_errno_from_matherr 11 API calls 16238->16240 16239->16238 16243 7ff71521f927 16239->16243 16245 7ff71521f913 16240->16245 16241 7ff71521f91f 16241->16170 16243->16241 16244 7ff715215a18 _set_errno_from_matherr 11 API calls 16243->16244 16244->16245 16256 7ff715219e60 16245->16256 16250 7ff7152183bd 16246->16250 16251 7ff715218378 16246->16251 16247 7ff7152183e6 16249 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16247->16249 16248 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16248->16250 16249->16251 16250->16247 16250->16248 16251->16169 16253 7ff715219e93 16252->16253 16296 7ff715219b90 16253->16296 16258 7ff715219cf4 16256->16258 16259 7ff715219d1f 16258->16259 16262 7ff715219d90 16259->16262 16261 7ff715219d46 16270 7ff715219ad8 16262->16270 16266 7ff715219dcb 16266->16261 16268 7ff715219e80 _wfindfirst32i64 17 API calls 16269 7ff715219e5e 16268->16269 16271 7ff715219b2f 16270->16271 16272 7ff715219af4 GetLastError 16270->16272 16271->16266 16276 7ff715219b44 16271->16276 16273 7ff715219b04 16272->16273 16279 7ff71521a900 16273->16279 16277 7ff715219b78 16276->16277 16278 7ff715219b60 GetLastError SetLastError 16276->16278 16277->16266 16277->16268 16278->16277 16280 7ff71521a93a FlsSetValue 16279->16280 16281 7ff71521a91f FlsGetValue 16279->16281 16282 7ff71521a947 16280->16282 16285 7ff715219b1f SetLastError 16280->16285 16283 7ff71521a934 16281->16283 16281->16285 16284 7ff71521de58 _set_errno_from_matherr 11 API calls 16282->16284 16283->16280 16286 7ff71521a956 16284->16286 16285->16271 16287 7ff71521a974 FlsSetValue 16286->16287 16288 7ff71521a964 FlsSetValue 16286->16288 16290 7ff71521a980 FlsSetValue 16287->16290 16291 7ff71521a992 16287->16291 16289 7ff71521a96d 16288->16289 16292 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16289->16292 16290->16289 16293 7ff71521a470 _set_errno_from_matherr 11 API calls 16291->16293 16292->16285 16294 7ff71521a99a 16293->16294 16295 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16294->16295 16295->16285 16297 7ff715219bca _wfindfirst32i64 memcpy_s 16296->16297 16298 7ff715219bf2 RtlCaptureContext RtlLookupFunctionEntry 16297->16298 16299 7ff715219c2c RtlVirtualUnwind 16298->16299 16300 7ff715219c62 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16298->16300 16299->16300 16301 7ff715219cb4 _wfindfirst32i64 16300->16301 16304 7ff715209e80 16301->16304 16305 7ff715209e89 16304->16305 16306 7ff715209e94 GetCurrentProcess TerminateProcess 16305->16306 16307 7ff71520a1c0 IsProcessorFeaturePresent 16305->16307 16308 7ff71520a1d8 16307->16308 16313 7ff71520a3b4 RtlCaptureContext 16308->16313 16314 7ff71520a3ce RtlLookupFunctionEntry 16313->16314 16315 7ff71520a1eb 16314->16315 16316 7ff71520a3e4 RtlVirtualUnwind 16314->16316 16317 7ff71520a184 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16315->16317 16316->16314 16316->16315 16321 7ff71520672f 16318->16321 16319 7ff715206780 WideCharToMultiByte 16319->16321 16323 7ff715206827 16319->16323 16320 7ff715206737 __std_exception_copy 16320->15978 16321->16319 16321->16320 16322 7ff7152067d6 WideCharToMultiByte 16321->16322 16321->16323 16322->16321 16322->16323 16640 7ff715201ca0 16323->16640 16328 7ff71521ec2c 16325->16328 16326 7ff71521ec7f 16327 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16326->16327 16331 7ff71521eca8 16327->16331 16328->16326 16329 7ff71521ecd5 16328->16329 16988 7ff71521eb04 16329->16988 16331->15980 16333 7ff715201af5 16332->16333 16334 7ff715201b10 16333->16334 16996 7ff715201c00 16333->16996 16334->16016 16336 7ff715202ca0 16334->16336 17019 7ff715209eb0 16336->17019 16338 7ff715202cac GetModuleFileNameW 16339 7ff715202cf2 16338->16339 16340 7ff715202cdb 16338->16340 17021 7ff715206e10 16339->17021 16341 7ff715201ca0 86 API calls 16340->16341 16343 7ff715202cee 16341->16343 16346 7ff715209e80 _wfindfirst32i64 8 API calls 16343->16346 16345 7ff715201c40 86 API calls 16345->16343 16347 7ff715202d2f 16346->16347 16347->15986 16349 7ff715201b20 49 API calls 16348->16349 16350 7ff715202c3d 16349->16350 16350->15988 16352 7ff715205aaa 16351->16352 16353 7ff715206d00 88 API calls 16352->16353 16354 7ff715205acc GetEnvironmentVariableW 16353->16354 16355 7ff715205b36 16354->16355 16356 7ff715205ae4 ExpandEnvironmentStringsW 16354->16356 16358 7ff715209e80 _wfindfirst32i64 8 API calls 16355->16358 16357 7ff715206e10 88 API calls 16356->16357 16359 7ff715205b0c 16357->16359 16360 7ff715205b48 16358->16360 16359->16355 16361 7ff715205b16 16359->16361 16360->15990 17032 7ff7152191cc 16361->17032 16364 7ff715209e80 _wfindfirst32i64 8 API calls 16365 7ff715205b2e 16364->16365 16365->15990 16367 7ff715206d00 88 API calls 16366->16367 16368 7ff715206057 SetEnvironmentVariableW 16367->16368 16369 7ff71520606f __std_exception_copy 16368->16369 16369->15994 16371 7ff715201b20 49 API calls 16370->16371 16372 7ff7152019f0 16371->16372 16373 7ff715201b20 49 API calls 16372->16373 16380 7ff715201a6a 16372->16380 16374 7ff715201a12 16373->16374 16375 7ff715202c20 49 API calls 16374->16375 16374->16380 16376 7ff715201a2b 16375->16376 17039 7ff7152017a0 16376->17039 16379 7ff71520e138 74 API calls 16379->16380 16380->15999 16380->16026 16382 7ff715201c5e 16381->16382 16383 7ff715201b80 78 API calls 16382->16383 16384 7ff715201c7c 16383->16384 16385 7ff715201cf0 86 API calls 16384->16385 16386 7ff715201c8b 16385->16386 16386->16016 16388 7ff715202dbc 16387->16388 16389 7ff715206d00 88 API calls 16388->16389 16390 7ff715202de7 16389->16390 16391 7ff715206d00 88 API calls 16390->16391 16392 7ff715202dfa 16391->16392 17112 7ff715214ee8 16392->17112 16395 7ff715209e80 _wfindfirst32i64 8 API calls 16396 7ff7152028da 16395->16396 16396->16018 16397 7ff7152062b0 16396->16397 16398 7ff7152062d4 16397->16398 16399 7ff7152063ab __std_exception_copy 16398->16399 16400 7ff71520e7a0 73 API calls 16398->16400 16399->16023 16401 7ff7152062ee 16400->16401 16401->16399 17529 7ff7152179f4 16401->17529 16403 7ff71520e7a0 73 API calls 16405 7ff715206303 16403->16405 16404 7ff71520e488 _fread_nolock 53 API calls 16404->16405 16405->16399 16405->16403 16405->16404 16407 7ff71520e168 16406->16407 17544 7ff71520df18 16407->17544 16409 7ff71520e181 16409->16018 16411 7ff715202497 16410->16411 16412 7ff7152024c0 16410->16412 16411->16412 17555 7ff715201770 16411->17555 16412->15998 16415 7ff715206d21 MultiByteToWideChar 16414->16415 16416 7ff715206da7 MultiByteToWideChar 16414->16416 16417 7ff715206d6c 16415->16417 16418 7ff715206d47 16415->16418 16419 7ff715206def 16416->16419 16420 7ff715206dca 16416->16420 16417->16416 16425 7ff715206d82 16417->16425 16421 7ff715201ca0 86 API calls 16418->16421 16419->16004 16422 7ff715201ca0 86 API calls 16420->16422 16424 7ff715206d5a 16421->16424 16423 7ff715206ddd 16422->16423 16423->16004 16424->16004 16426 7ff715201ca0 86 API calls 16425->16426 16427 7ff715206d95 16426->16427 16427->16004 16429 7ff715204f85 16428->16429 16430 7ff7152029b0 16429->16430 16431 7ff715201c00 86 API calls 16429->16431 16430->16017 16432 7ff715204c10 16430->16432 16431->16430 16433 7ff715204c34 16432->16433 16438 7ff715204c61 16432->16438 16434 7ff715204c57 __std_exception_copy memcpy_s 16433->16434 16435 7ff715204c5c 16433->16435 16436 7ff715201770 86 API calls 16433->16436 16433->16438 16434->16022 17559 7ff7152012b0 16435->17559 16436->16433 16438->16434 17585 7ff715202e30 16438->17585 16440 7ff715204cc7 16440->16434 16441 7ff715201c40 86 API calls 16440->16441 16441->16434 16443 7ff71520477a memcpy_s 16442->16443 16444 7ff7152048aa 16443->16444 16446 7ff7152048c6 16443->16446 16450 7ff715202e30 49 API calls 16443->16450 16451 7ff71520488f 16443->16451 16460 7ff7152048ac 16443->16460 17625 7ff715201650 16443->17625 17630 7ff715201440 16443->17630 16447 7ff715202e30 49 API calls 16444->16447 16448 7ff715201c40 86 API calls 16446->16448 16449 7ff715204923 16447->16449 16453 7ff7152048bc __std_exception_copy 16448->16453 16452 7ff715202e30 49 API calls 16449->16452 16450->16443 16451->16444 16456 7ff715202e30 49 API calls 16451->16456 16454 7ff715204953 16452->16454 16455 7ff715209e80 _wfindfirst32i64 8 API calls 16453->16455 16458 7ff715202e30 49 API calls 16454->16458 16457 7ff7152029d9 16455->16457 16456->16444 16457->16033 16457->16034 16458->16453 16461 7ff715201c40 86 API calls 16460->16461 16461->16453 18216 7ff715206260 16462->18216 16464 7ff715204702 16465 7ff715206260 89 API calls 16464->16465 16466 7ff715204715 16465->16466 16467 7ff71520473a 16466->16467 16468 7ff71520472d GetProcAddress 16466->16468 16469 7ff715201c40 86 API calls 16467->16469 16472 7ff7152050cc GetProcAddress 16468->16472 16473 7ff7152050a9 16468->16473 16471 7ff715204746 16469->16471 16471->16040 16472->16473 16474 7ff7152050f1 GetProcAddress 16472->16474 16475 7ff715201ca0 86 API calls 16473->16475 16474->16473 16476 7ff715205116 GetProcAddress 16474->16476 16478 7ff7152050bc 16475->16478 16476->16473 16477 7ff71520513e GetProcAddress 16476->16477 16477->16473 16479 7ff715205166 GetProcAddress 16477->16479 16478->16040 16479->16473 16480 7ff71520518e GetProcAddress 16479->16480 16481 7ff7152051b6 GetProcAddress 16480->16481 16482 7ff7152051aa 16480->16482 16483 7ff7152051d2 16481->16483 16484 7ff7152051de GetProcAddress 16481->16484 16482->16481 16483->16484 16485 7ff715205206 GetProcAddress 16484->16485 16486 7ff7152051fa 16484->16486 16487 7ff715205222 16485->16487 16488 7ff71520522e GetProcAddress 16485->16488 16486->16485 16487->16488 16489 7ff715205256 GetProcAddress 16488->16489 16490 7ff71520524a 16488->16490 16491 7ff715205272 16489->16491 16492 7ff71520527e GetProcAddress 16489->16492 16490->16489 16491->16492 16493 7ff7152052a6 GetProcAddress 16492->16493 16494 7ff71520529a 16492->16494 16495 7ff7152052c2 16493->16495 16496 7ff7152052ce GetProcAddress 16493->16496 16494->16493 16495->16496 16531 7ff715204de4 16530->16531 16532 7ff715201c40 86 API calls 16531->16532 16535 7ff7152029fa 16531->16535 16533 7ff715204e3e 16532->16533 16534 7ff7152049c0 FreeLibrary 16533->16534 16534->16535 16535->16017 16537 7ff7152049ed 16536->16537 16538 7ff7152049d2 16536->16538 16537->16017 16538->16537 16539 7ff715204ab0 16538->16539 18220 7ff715206240 FreeLibrary 16538->18220 16539->16537 18221 7ff715206240 FreeLibrary 16539->18221 16543 7ff715201b45 16542->16543 16544 7ff715213630 49 API calls 16543->16544 16545 7ff715201b68 16544->16545 16545->16039 18222 7ff715203a80 16546->18222 16549 7ff7152022fd 16549->16045 16551 7ff7152022d4 16551->16549 18278 7ff715203810 16551->18278 16553 7ff7152022e0 16553->16549 18288 7ff715203960 16553->18288 16555 7ff7152022ec 16555->16549 16556 7ff71520253c 16555->16556 16557 7ff715202527 16555->16557 16559 7ff71520255c 16556->16559 16569 7ff715202571 __std_exception_copy 16556->16569 16558 7ff715201c40 86 API calls 16557->16558 16563 7ff715202533 16558->16563 16560 7ff715201c40 86 API calls 16559->16560 16560->16563 16561 7ff715209e80 _wfindfirst32i64 8 API calls 16563->16561 16564 7ff7152012b0 120 API calls 16564->16569 16565 7ff715201770 86 API calls 16565->16569 16566 7ff715201b20 49 API calls 16566->16569 16567 7ff715202712 16568 7ff715201c40 86 API calls 16567->16568 16568->16563 16569->16563 16569->16564 16569->16565 16569->16566 16569->16567 16570 7ff7152026ee 16569->16570 16572 7ff7152026ca 16569->16572 16571 7ff715201c40 86 API calls 16570->16571 16571->16563 16573 7ff715201c40 86 API calls 16572->16573 16573->16563 16576 7ff7152023c4 16574->16576 16583 7ff715202383 16574->16583 16575 7ff715202403 16578 7ff715209e80 _wfindfirst32i64 8 API calls 16575->16578 16576->16575 16577 7ff715201aa0 74 API calls 16576->16577 16577->16576 16579 7ff715202415 16578->16579 16579->16031 16581 7ff715201770 86 API calls 16581->16583 16582 7ff715201440 158 API calls 16582->16583 16583->16576 16583->16581 16583->16582 18527 7ff715201dc0 16583->18527 16585 7ff715206d00 88 API calls 16584->16585 16586 7ff715205fef 16585->16586 16587 7ff715206d00 88 API calls 16586->16587 16588 7ff715205fff 16587->16588 16589 7ff7152161a8 38 API calls 16588->16589 16590 7ff71520600d __std_exception_copy 16589->16590 16590->16041 16592 7ff715206090 16591->16592 16593 7ff715206d00 88 API calls 16592->16593 16594 7ff7152060c1 16593->16594 18803 7ff715216e58 16594->18803 16597 7ff715216e58 14 API calls 16598 7ff7152060da 16597->16598 16599 7ff715216e58 14 API calls 16598->16599 16600 7ff7152060e4 16599->16600 16601 7ff715216e58 14 API calls 16600->16601 16602 7ff7152060ee GetStartupInfoW 16601->16602 16603 7ff71520613b 16602->16603 16604 7ff715219244 _fread_nolock 37 API calls 16603->16604 16605 7ff715206143 16604->16605 16606 7ff7152169ec _fread_nolock 37 API calls 16605->16606 16647 7ff715201cf0 16640->16647 16648 7ff715201d00 16647->16648 16672 7ff715213630 16648->16672 16652 7ff715201d60 16705 7ff715201b80 16652->16705 16655 7ff715209e80 _wfindfirst32i64 8 API calls 16656 7ff715201cc7 GetLastError 16655->16656 16657 7ff7152065c0 16656->16657 16658 7ff7152065cc 16657->16658 16659 7ff7152065ed FormatMessageW 16658->16659 16660 7ff7152065e7 GetLastError 16658->16660 16661 7ff715206620 16659->16661 16662 7ff71520663c WideCharToMultiByte 16659->16662 16660->16659 16663 7ff715201ca0 83 API calls 16661->16663 16664 7ff715206676 16662->16664 16665 7ff715206633 16662->16665 16663->16665 16666 7ff715201ca0 83 API calls 16664->16666 16667 7ff715209e80 _wfindfirst32i64 8 API calls 16665->16667 16666->16665 16668 7ff715201cd4 16667->16668 16669 7ff715201bd0 16668->16669 16670 7ff715201cf0 86 API calls 16669->16670 16671 7ff715201bf2 16670->16671 16671->16320 16673 7ff71521368a 16672->16673 16674 7ff7152136af 16673->16674 16676 7ff7152136eb 16673->16676 16675 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16674->16675 16678 7ff7152136d9 16675->16678 16709 7ff7152110f8 16676->16709 16680 7ff715209e80 _wfindfirst32i64 8 API calls 16678->16680 16679 7ff7152137c8 16681 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16679->16681 16682 7ff715201d48 16680->16682 16681->16678 16690 7ff715206b40 MultiByteToWideChar 16682->16690 16684 7ff7152137ec 16684->16679 16686 7ff7152137f6 16684->16686 16685 7ff71521379d 16687 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16685->16687 16689 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16686->16689 16687->16678 16688 7ff715213794 16688->16679 16688->16685 16689->16678 16691 7ff715206ba3 16690->16691 16692 7ff715206b89 16690->16692 16694 7ff715206bd3 MultiByteToWideChar 16691->16694 16695 7ff715206bb9 16691->16695 16693 7ff715201ca0 82 API calls 16692->16693 16704 7ff715206b9c __std_exception_copy 16693->16704 16697 7ff715206bf6 16694->16697 16698 7ff715206c10 WideCharToMultiByte 16694->16698 16696 7ff715201ca0 82 API calls 16695->16696 16696->16704 16699 7ff715201ca0 82 API calls 16697->16699 16700 7ff715206c46 16698->16700 16703 7ff715206c3d 16698->16703 16699->16704 16702 7ff715206c6b WideCharToMultiByte 16700->16702 16700->16703 16701 7ff715201ca0 82 API calls 16701->16704 16702->16703 16702->16704 16703->16701 16704->16652 16706 7ff715201ba6 16705->16706 16973 7ff71521350c 16706->16973 16708 7ff715201bbc 16708->16655 16710 7ff71521112f 16709->16710 16711 7ff71521111f 16709->16711 16712 7ff715211135 16710->16712 16719 7ff715211165 16710->16719 16713 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16711->16713 16714 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16712->16714 16715 7ff71521115d 16713->16715 16714->16715 16715->16679 16715->16684 16715->16685 16715->16688 16718 7ff71521141e 16721 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16718->16721 16719->16711 16719->16715 16719->16718 16723 7ff715212028 16719->16723 16748 7ff7152118c4 16719->16748 16777 7ff715210c4c 16719->16777 16780 7ff7152131e0 16719->16780 16721->16711 16724 7ff7152120cb 16723->16724 16725 7ff71521206e 16723->16725 16727 7ff71521213b 16724->16727 16728 7ff7152120cf 16724->16728 16726 7ff71521212e 16725->16726 16738 7ff715212074 16725->16738 16808 7ff71520fbe8 16726->16808 16815 7ff715212944 16727->16815 16728->16726 16730 7ff715212127 16728->16730 16731 7ff7152120d7 16728->16731 16804 7ff715212f78 16730->16804 16734 7ff715212107 16731->16734 16735 7ff7152120db 16731->16735 16797 7ff71520f814 16734->16797 16735->16726 16737 7ff7152120c1 16735->16737 16746 7ff7152120b5 16735->16746 16747 7ff715212144 16737->16747 16790 7ff71520ffbc 16737->16790 16738->16727 16738->16737 16742 7ff71521209a 16738->16742 16744 7ff7152120a6 16738->16744 16738->16746 16738->16747 16739 7ff715209e80 _wfindfirst32i64 8 API calls 16741 7ff7152123d6 16739->16741 16741->16719 16742->16727 16742->16744 16742->16746 16744->16747 16786 7ff715212df0 16744->16786 16746->16747 16825 7ff71521db00 16746->16825 16747->16739 16749 7ff7152118cf 16748->16749 16750 7ff7152118e5 16748->16750 16752 7ff7152120cb 16749->16752 16753 7ff71521206e 16749->16753 16758 7ff715211923 16749->16758 16751 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16750->16751 16750->16758 16751->16758 16755 7ff71521213b 16752->16755 16756 7ff7152120cf 16752->16756 16754 7ff71521212e 16753->16754 16767 7ff715212074 16753->16767 16761 7ff71520fbe8 38 API calls 16754->16761 16757 7ff715212944 47 API calls 16755->16757 16756->16754 16759 7ff715212127 16756->16759 16760 7ff7152120d7 16756->16760 16774 7ff7152120b5 16757->16774 16758->16719 16763 7ff715212f78 37 API calls 16759->16763 16764 7ff715212107 16760->16764 16765 7ff7152120db 16760->16765 16761->16774 16762 7ff7152120a6 16766 7ff715212df0 47 API calls 16762->16766 16776 7ff715212144 16762->16776 16763->16774 16769 7ff71520f814 38 API calls 16764->16769 16765->16754 16772 7ff7152120c1 16765->16772 16765->16774 16766->16774 16767->16755 16767->16762 16771 7ff71521209a 16767->16771 16767->16772 16767->16774 16767->16776 16768 7ff715209e80 _wfindfirst32i64 8 API calls 16770 7ff7152123d6 16768->16770 16769->16774 16770->16719 16771->16755 16771->16762 16771->16774 16773 7ff71520ffbc 38 API calls 16772->16773 16772->16776 16773->16774 16775 7ff71521db00 47 API calls 16774->16775 16774->16776 16775->16774 16776->16768 16910 7ff71520ee0c 16777->16910 16781 7ff7152131f7 16780->16781 16927 7ff71521cc44 16781->16927 16787 7ff715212e04 16786->16787 16789 7ff715212e63 16786->16789 16788 7ff71521db00 47 API calls 16787->16788 16787->16789 16788->16789 16789->16746 16792 7ff71520ffe2 16790->16792 16791 7ff71521000c 16796 7ff715210048 16791->16796 16835 7ff71520ec78 16791->16835 16792->16791 16794 7ff7152100c3 16792->16794 16795 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16794->16795 16795->16796 16796->16746 16798 7ff71520f83a 16797->16798 16799 7ff71520f864 16798->16799 16801 7ff71520f91b 16798->16801 16800 7ff71520ec78 12 API calls 16799->16800 16803 7ff71520f8a0 16799->16803 16800->16803 16802 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16801->16802 16802->16803 16803->16746 16806 7ff715212f97 16804->16806 16805 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16807 7ff715212fc8 16805->16807 16806->16805 16806->16807 16807->16746 16809 7ff71520fc0e 16808->16809 16810 7ff71520fc38 16809->16810 16812 7ff71520fcef 16809->16812 16811 7ff71520ec78 12 API calls 16810->16811 16814 7ff71520fc74 16810->16814 16811->16814 16813 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16812->16813 16813->16814 16814->16746 16816 7ff715212966 16815->16816 16817 7ff71520ec78 12 API calls 16816->16817 16818 7ff7152129b0 16817->16818 16843 7ff71521d818 16818->16843 16821 7ff715212a9c 16823 7ff7152131e0 45 API calls 16821->16823 16824 7ff715212b25 16821->16824 16822 7ff7152131e0 45 API calls 16822->16821 16823->16824 16824->16746 16826 7ff71521db28 16825->16826 16827 7ff71521db6d 16826->16827 16828 7ff7152131e0 45 API calls 16826->16828 16831 7ff71521db2d memcpy_s 16826->16831 16834 7ff71521db56 memcpy_s 16826->16834 16827->16831 16827->16834 16907 7ff71521f0b4 16827->16907 16828->16827 16829 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16829->16831 16831->16746 16834->16829 16834->16831 16836 7ff71520ec9e 16835->16836 16837 7ff71520ecaf 16835->16837 16836->16796 16837->16836 16838 7ff71521cbb0 _fread_nolock 12 API calls 16837->16838 16839 7ff71520ecdc 16838->16839 16840 7ff71520ecf0 16839->16840 16841 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16839->16841 16842 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16840->16842 16841->16840 16842->16836 16844 7ff71521d868 16843->16844 16845 7ff71521d835 16843->16845 16844->16845 16847 7ff71521d89a 16844->16847 16846 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16845->16846 16855 7ff715212a7a 16846->16855 16851 7ff71521d9ad 16847->16851 16858 7ff71521d8e2 16847->16858 16848 7ff71521da9f 16898 7ff71521cce8 16848->16898 16850 7ff71521da65 16891 7ff71521d09c 16850->16891 16851->16848 16851->16850 16852 7ff71521da34 16851->16852 16854 7ff71521d9f7 16851->16854 16857 7ff71521d9ed 16851->16857 16884 7ff71521d37c 16852->16884 16874 7ff71521d5ac 16854->16874 16855->16821 16855->16822 16857->16850 16860 7ff71521d9f2 16857->16860 16858->16855 16865 7ff71521926c 16858->16865 16860->16852 16860->16854 16863 7ff715219e80 _wfindfirst32i64 17 API calls 16864 7ff71521dafc 16863->16864 16866 7ff715219283 16865->16866 16867 7ff715219279 16865->16867 16868 7ff715215a18 _set_errno_from_matherr 11 API calls 16866->16868 16867->16866 16872 7ff71521929e 16867->16872 16869 7ff71521928a 16868->16869 16870 7ff715219e60 _invalid_parameter_noinfo 37 API calls 16869->16870 16871 7ff715219296 16870->16871 16871->16855 16871->16863 16872->16871 16873 7ff715215a18 _set_errno_from_matherr 11 API calls 16872->16873 16873->16869 16875 7ff715222ddc 38 API calls 16874->16875 16876 7ff71521d5f9 16875->16876 16877 7ff7152227c8 37 API calls 16876->16877 16878 7ff71521d654 16877->16878 16879 7ff71521d6a9 16878->16879 16881 7ff71521d674 16878->16881 16883 7ff71521d658 16878->16883 16880 7ff71521d198 45 API calls 16879->16880 16880->16883 16882 7ff71521d454 45 API calls 16881->16882 16882->16883 16883->16855 16885 7ff715222ddc 38 API calls 16884->16885 16886 7ff71521d3c6 16885->16886 16887 7ff7152227c8 37 API calls 16886->16887 16888 7ff71521d416 16887->16888 16889 7ff71521d41a 16888->16889 16890 7ff71521d454 45 API calls 16888->16890 16889->16855 16890->16889 16892 7ff715222ddc 38 API calls 16891->16892 16893 7ff71521d0e7 16892->16893 16894 7ff7152227c8 37 API calls 16893->16894 16895 7ff71521d13f 16894->16895 16896 7ff71521d143 16895->16896 16897 7ff71521d198 45 API calls 16895->16897 16896->16855 16897->16896 16899 7ff71521cd2d 16898->16899 16900 7ff71521cd60 16898->16900 16902 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16899->16902 16901 7ff71521cd7b 16900->16901 16904 7ff71521cdff 16900->16904 16903 7ff71521d09c 46 API calls 16901->16903 16906 7ff71521cd59 memcpy_s 16902->16906 16903->16906 16905 7ff7152131e0 45 API calls 16904->16905 16904->16906 16905->16906 16906->16855 16908 7ff71521f0d7 WideCharToMultiByte 16907->16908 16911 7ff71520ee3a 16910->16911 16912 7ff71520ee4c 16910->16912 16913 7ff715215a18 _set_errno_from_matherr 11 API calls 16911->16913 16915 7ff71520ee59 16912->16915 16919 7ff71520ee96 16912->16919 16914 7ff71520ee3f 16913->16914 16916 7ff715219e60 _invalid_parameter_noinfo 37 API calls 16914->16916 16917 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16915->16917 16925 7ff71520ee4a 16916->16925 16917->16925 16918 7ff71520ef42 16922 7ff715215a18 _set_errno_from_matherr 11 API calls 16918->16922 16918->16925 16919->16918 16920 7ff715215a18 _set_errno_from_matherr 11 API calls 16919->16920 16921 7ff71520ef37 16920->16921 16923 7ff715219e60 _invalid_parameter_noinfo 37 API calls 16921->16923 16924 7ff71520efef 16922->16924 16923->16918 16926 7ff715219e60 _invalid_parameter_noinfo 37 API calls 16924->16926 16925->16719 16926->16925 16928 7ff71521cc5d 16927->16928 16929 7ff71521321f 16927->16929 16928->16929 16935 7ff7152223c8 16928->16935 16931 7ff71521ccb0 16929->16931 16932 7ff71521ccc9 16931->16932 16933 7ff71521322f 16931->16933 16932->16933 16970 7ff715221750 16932->16970 16933->16719 16947 7ff71521a6c0 GetLastError 16935->16947 16938 7ff715222422 16938->16929 16948 7ff71521a701 FlsSetValue 16947->16948 16949 7ff71521a6e4 FlsGetValue 16947->16949 16950 7ff71521a6f1 16948->16950 16951 7ff71521a713 16948->16951 16949->16950 16952 7ff71521a6fb 16949->16952 16953 7ff71521a76d SetLastError 16950->16953 16954 7ff71521de58 _set_errno_from_matherr 11 API calls 16951->16954 16952->16948 16955 7ff71521a77a 16953->16955 16956 7ff71521a78d 16953->16956 16957 7ff71521a722 16954->16957 16955->16938 16969 7ff71521f758 EnterCriticalSection 16955->16969 16958 7ff7152192cc __GetCurrentState 38 API calls 16956->16958 16959 7ff71521a740 FlsSetValue 16957->16959 16960 7ff71521a730 FlsSetValue 16957->16960 16961 7ff71521a792 16958->16961 16963 7ff71521a74c FlsSetValue 16959->16963 16964 7ff71521a75e 16959->16964 16962 7ff71521a739 16960->16962 16965 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16962->16965 16963->16962 16966 7ff71521a470 _set_errno_from_matherr 11 API calls 16964->16966 16965->16950 16967 7ff71521a766 16966->16967 16968 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16967->16968 16968->16953 16971 7ff71521a6c0 __GetCurrentState 45 API calls 16970->16971 16972 7ff715221759 16971->16972 16974 7ff715213536 16973->16974 16975 7ff71521356e 16974->16975 16977 7ff7152135a1 16974->16977 16976 7ff715219d90 _invalid_parameter_noinfo 37 API calls 16975->16976 16978 7ff715213597 16976->16978 16980 7ff71520ec38 16977->16980 16978->16708 16987 7ff715213d3c EnterCriticalSection 16980->16987 16995 7ff715213d3c EnterCriticalSection 16988->16995 16997 7ff715201cf0 86 API calls 16996->16997 16998 7ff715201c27 16997->16998 17001 7ff715213e90 16998->17001 17002 7ff715213ebb 17001->17002 17005 7ff715213d54 17002->17005 17018 7ff7152166e0 EnterCriticalSection 17005->17018 17020 7ff715209eda 17019->17020 17020->16338 17020->17020 17022 7ff715206e34 WideCharToMultiByte 17021->17022 17023 7ff715206ea2 WideCharToMultiByte 17021->17023 17024 7ff715206e5e 17022->17024 17029 7ff715206e75 17022->17029 17025 7ff715206ecf 17023->17025 17028 7ff715202d05 17023->17028 17026 7ff715201ca0 86 API calls 17024->17026 17027 7ff715201ca0 86 API calls 17025->17027 17026->17028 17027->17028 17028->16343 17028->16345 17029->17023 17030 7ff715206e8b 17029->17030 17031 7ff715201ca0 86 API calls 17030->17031 17031->17028 17033 7ff7152191e3 17032->17033 17036 7ff715205b1e 17032->17036 17034 7ff71521926c __std_exception_copy 37 API calls 17033->17034 17033->17036 17035 7ff715219210 17034->17035 17035->17036 17037 7ff715219e80 _wfindfirst32i64 17 API calls 17035->17037 17036->16364 17038 7ff715219240 17037->17038 17040 7ff7152017c4 17039->17040 17041 7ff7152017d4 17039->17041 17042 7ff715202db0 120 API calls 17040->17042 17043 7ff7152062b0 83 API calls 17041->17043 17045 7ff715201832 17041->17045 17042->17041 17044 7ff715201805 17043->17044 17044->17045 17073 7ff71520e7a0 17044->17073 17048 7ff715209e80 _wfindfirst32i64 8 API calls 17045->17048 17047 7ff71520181b 17049 7ff71520181f 17047->17049 17050 7ff71520183c 17047->17050 17051 7ff7152019b0 17048->17051 17052 7ff715201c00 86 API calls 17049->17052 17077 7ff71520e488 17050->17077 17051->16379 17051->16380 17052->17045 17055 7ff715201857 17058 7ff715201c00 86 API calls 17055->17058 17056 7ff71520e7a0 73 API calls 17057 7ff7152018c1 17056->17057 17059 7ff7152018d3 17057->17059 17060 7ff7152018ee 17057->17060 17058->17045 17061 7ff715201c00 86 API calls 17059->17061 17062 7ff71520e488 _fread_nolock 53 API calls 17060->17062 17061->17045 17063 7ff715201903 17062->17063 17063->17055 17064 7ff715201915 17063->17064 17080 7ff71520e1fc 17064->17080 17067 7ff71520192d 17069 7ff715201c40 86 API calls 17067->17069 17068 7ff715201983 17068->17045 17071 7ff71520e138 74 API calls 17068->17071 17069->17045 17070 7ff715201940 17070->17068 17072 7ff715201c40 86 API calls 17070->17072 17071->17045 17072->17068 17074 7ff71520e7d0 17073->17074 17086 7ff71520e550 17074->17086 17076 7ff71520e7e9 17076->17047 17098 7ff71520e4a8 17077->17098 17081 7ff715201929 17080->17081 17082 7ff71520e205 17080->17082 17081->17067 17081->17070 17083 7ff715215a18 _set_errno_from_matherr 11 API calls 17082->17083 17084 7ff71520e20a 17083->17084 17085 7ff715219e60 _invalid_parameter_noinfo 37 API calls 17084->17085 17085->17081 17087 7ff71520e5ba 17086->17087 17088 7ff71520e57a 17086->17088 17087->17088 17089 7ff71520e5bf 17087->17089 17090 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17088->17090 17097 7ff715213d3c EnterCriticalSection 17089->17097 17091 7ff71520e5a1 17090->17091 17091->17076 17099 7ff715201851 17098->17099 17100 7ff71520e4d2 17098->17100 17099->17055 17099->17056 17100->17099 17101 7ff71520e51e 17100->17101 17102 7ff71520e4e1 memcpy_s 17100->17102 17111 7ff715213d3c EnterCriticalSection 17101->17111 17104 7ff715215a18 _set_errno_from_matherr 11 API calls 17102->17104 17106 7ff71520e4f6 17104->17106 17108 7ff715219e60 _invalid_parameter_noinfo 37 API calls 17106->17108 17108->17099 17113 7ff715214e1c 17112->17113 17114 7ff715214e42 17113->17114 17117 7ff715214e75 17113->17117 17115 7ff715215a18 _set_errno_from_matherr 11 API calls 17114->17115 17116 7ff715214e47 17115->17116 17118 7ff715219e60 _invalid_parameter_noinfo 37 API calls 17116->17118 17119 7ff715214e88 17117->17119 17120 7ff715214e7b 17117->17120 17124 7ff715202e09 17118->17124 17131 7ff71521a1a8 17119->17131 17121 7ff715215a18 _set_errno_from_matherr 11 API calls 17120->17121 17121->17124 17124->16395 17144 7ff71521f758 EnterCriticalSection 17131->17144 17530 7ff715217a24 17529->17530 17533 7ff715217508 17530->17533 17532 7ff715217a3d 17532->16405 17534 7ff715217552 17533->17534 17535 7ff715217523 17533->17535 17543 7ff715213d3c EnterCriticalSection 17534->17543 17536 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17535->17536 17538 7ff715217543 17536->17538 17538->17532 17545 7ff71520df33 17544->17545 17547 7ff71520df61 17544->17547 17546 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17545->17546 17548 7ff71520df53 17546->17548 17547->17548 17554 7ff715213d3c EnterCriticalSection 17547->17554 17548->16409 17556 7ff715201791 17555->17556 17557 7ff715201785 17555->17557 17556->16411 17558 7ff715201c40 86 API calls 17557->17558 17558->17556 17560 7ff7152012c6 17559->17560 17561 7ff7152012f8 17559->17561 17563 7ff715202db0 120 API calls 17560->17563 17562 7ff71520e7a0 73 API calls 17561->17562 17564 7ff71520130a 17562->17564 17565 7ff7152012d6 17563->17565 17566 7ff71520132f 17564->17566 17567 7ff71520130e 17564->17567 17565->17561 17568 7ff7152012de 17565->17568 17573 7ff715201364 17566->17573 17574 7ff715201344 17566->17574 17569 7ff715201c00 86 API calls 17567->17569 17570 7ff715201c40 86 API calls 17568->17570 17572 7ff715201325 17569->17572 17571 7ff7152012ee 17570->17571 17571->16438 17572->16438 17576 7ff71520137e 17573->17576 17582 7ff715201395 17573->17582 17575 7ff715201c00 86 API calls 17574->17575 17581 7ff71520135f __std_exception_copy 17575->17581 17588 7ff715201050 17576->17588 17578 7ff715201421 17578->16438 17579 7ff71520e488 _fread_nolock 53 API calls 17579->17582 17580 7ff71520e138 74 API calls 17580->17578 17581->17578 17581->17580 17582->17579 17582->17581 17583 7ff7152013de 17582->17583 17584 7ff715201c00 86 API calls 17583->17584 17584->17581 17586 7ff715201b20 49 API calls 17585->17586 17587 7ff715202e60 17586->17587 17587->16440 17589 7ff7152010a6 17588->17589 17590 7ff7152010d3 17589->17590 17591 7ff7152010ad 17589->17591 17594 7ff7152010ed 17590->17594 17595 7ff715201109 17590->17595 17592 7ff715201c40 86 API calls 17591->17592 17593 7ff7152010c0 17592->17593 17593->17581 17596 7ff715201c00 86 API calls 17594->17596 17597 7ff71520111b 17595->17597 17600 7ff715201137 memcpy_s 17595->17600 17601 7ff715201104 __std_exception_copy 17596->17601 17598 7ff715201c00 86 API calls 17597->17598 17598->17601 17599 7ff71520e488 _fread_nolock 53 API calls 17599->17600 17600->17599 17600->17601 17602 7ff7152011fe 17600->17602 17605 7ff71520e1fc 37 API calls 17600->17605 17606 7ff71520eb94 17600->17606 17601->17581 17603 7ff715201c40 86 API calls 17602->17603 17603->17601 17605->17600 17607 7ff71520ebc4 17606->17607 17610 7ff71520e8f8 17607->17610 17609 7ff71520ebe2 17609->17600 17611 7ff71520e918 17610->17611 17616 7ff71520e945 17610->17616 17612 7ff71520e94d 17611->17612 17613 7ff71520e922 17611->17613 17611->17616 17617 7ff71520e838 17612->17617 17614 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17613->17614 17614->17616 17616->17609 17624 7ff715213d3c EnterCriticalSection 17617->17624 17626 7ff7152016ab 17625->17626 17627 7ff715201669 17625->17627 17626->16443 17627->17626 17628 7ff715201c40 86 API calls 17627->17628 17629 7ff7152016bf 17628->17629 17629->16443 17664 7ff715205830 17630->17664 17632 7ff715201454 17633 7ff715201459 17632->17633 17673 7ff715205b50 17632->17673 17633->16443 17636 7ff7152014a7 17639 7ff7152014e0 17636->17639 17641 7ff715202db0 120 API calls 17636->17641 17637 7ff715201487 17638 7ff715201c00 86 API calls 17637->17638 17657 7ff71520149d 17638->17657 17640 7ff71520e7a0 73 API calls 17639->17640 17642 7ff7152014f2 17640->17642 17643 7ff7152014bf 17641->17643 17644 7ff715201516 17642->17644 17645 7ff7152014f6 17642->17645 17643->17639 17646 7ff7152014c7 17643->17646 17648 7ff71520151c 17644->17648 17651 7ff715201534 17644->17651 17647 7ff715201c00 86 API calls 17645->17647 17649 7ff715201c40 86 API calls 17646->17649 17658 7ff7152014d6 __std_exception_copy 17647->17658 17650 7ff715201050 94 API calls 17648->17650 17649->17658 17650->17658 17653 7ff715201556 17651->17653 17662 7ff715201575 17651->17662 17652 7ff715201624 17655 7ff71520e138 74 API calls 17652->17655 17656 7ff715201c00 86 API calls 17653->17656 17654 7ff71520e138 74 API calls 17654->17652 17655->17657 17656->17658 17657->16443 17658->17652 17658->17654 17659 7ff71520e488 _fread_nolock 53 API calls 17659->17662 17660 7ff7152015d5 17663 7ff715201c00 86 API calls 17660->17663 17661 7ff71520eb94 76 API calls 17661->17662 17662->17658 17662->17659 17662->17660 17662->17661 17663->17658 17665 7ff715205842 17664->17665 17670 7ff715205878 17664->17670 17693 7ff7152016d0 17665->17693 17670->17632 17671 7ff715201c40 86 API calls 17672 7ff71520586d 17671->17672 17672->17632 17674 7ff715205b60 17673->17674 17675 7ff715201b20 49 API calls 17674->17675 17676 7ff715205b91 17675->17676 17677 7ff715201b20 49 API calls 17676->17677 17688 7ff715205d19 17676->17688 17680 7ff715205bb8 17677->17680 17678 7ff715209e80 _wfindfirst32i64 8 API calls 17679 7ff71520147f 17678->17679 17679->17636 17679->17637 17680->17688 18194 7ff715214b08 17680->18194 17682 7ff715205cc9 17683 7ff715206d00 88 API calls 17682->17683 17685 7ff715205ce1 17683->17685 17684 7ff715205d08 17687 7ff715202db0 120 API calls 17684->17687 17685->17684 17686 7ff715201c40 86 API calls 17685->17686 17686->17684 17687->17688 17688->17678 17689 7ff715214b08 49 API calls 17690 7ff715205bed 17689->17690 17690->17682 17690->17688 17690->17689 17691 7ff715206d00 88 API calls 17690->17691 17692 7ff7152069b0 58 API calls 17690->17692 17691->17690 17692->17690 17695 7ff7152016f5 17693->17695 17694 7ff715201732 17697 7ff715205890 17694->17697 17695->17694 17696 7ff715201c40 86 API calls 17695->17696 17696->17694 17698 7ff7152058a8 17697->17698 17699 7ff71520591b 17698->17699 17701 7ff715205aa0 92 API calls 17698->17701 17700 7ff715205920 GetTempPathW GetCurrentProcessId 17699->17700 17768 7ff715206560 17700->17768 17703 7ff7152058d4 17701->17703 17734 7ff715205590 17703->17734 17705 7ff7152058df 17733 7ff715205914 __std_exception_copy 17705->17733 17758 7ff7152161a8 17705->17758 17708 7ff715209e80 _wfindfirst32i64 8 API calls 17711 7ff71520585d 17708->17711 17710 7ff7152058fa __std_exception_copy 17710->17700 17713 7ff715205908 17710->17713 17711->17670 17711->17671 17712 7ff7152059f6 17714 7ff715206e10 88 API calls 17712->17714 17715 7ff715201c40 86 API calls 17713->17715 17719 7ff715205a07 __std_exception_copy 17714->17719 17715->17733 17716 7ff71520594e __std_exception_copy 17716->17712 17717 7ff715205981 17716->17717 17772 7ff71521743c 17716->17772 17775 7ff7152069b0 17716->17775 17718 7ff715206d00 88 API calls 17717->17718 17717->17733 17720 7ff715205997 17718->17720 17721 7ff715206d00 88 API calls 17719->17721 17719->17733 17722 7ff71520599c 17720->17722 17723 7ff7152059d9 SetEnvironmentVariableW 17720->17723 17724 7ff715205a25 17721->17724 17725 7ff715206d00 88 API calls 17722->17725 17723->17733 17726 7ff715205a5d SetEnvironmentVariableW 17724->17726 17727 7ff715205a2a 17724->17727 17728 7ff7152059ac 17725->17728 17726->17733 17729 7ff715206d00 88 API calls 17727->17729 17730 7ff7152161a8 38 API calls 17728->17730 17731 7ff715205a3a 17729->17731 17730->17733 17732 7ff7152161a8 38 API calls 17731->17732 17732->17733 17733->17708 17735 7ff71520559c 17734->17735 17736 7ff715206d00 88 API calls 17735->17736 17737 7ff7152055be 17736->17737 17738 7ff7152055c6 17737->17738 17739 7ff7152055d9 ExpandEnvironmentStringsW 17737->17739 17740 7ff715201c40 86 API calls 17738->17740 17741 7ff7152055ff __std_exception_copy 17739->17741 17742 7ff7152055d2 17740->17742 17743 7ff715205616 17741->17743 17744 7ff715205603 17741->17744 17745 7ff715209e80 _wfindfirst32i64 8 API calls 17742->17745 17748 7ff715205624 17743->17748 17749 7ff715205630 17743->17749 17746 7ff715201c40 86 API calls 17744->17746 17747 7ff7152056f8 17745->17747 17746->17742 17747->17705 17792 7ff715215a38 17748->17792 17799 7ff715214d68 17749->17799 17752 7ff71520562e 17753 7ff71520564a 17752->17753 17756 7ff71520565d memcpy_s 17752->17756 17754 7ff715201c40 86 API calls 17753->17754 17754->17742 17755 7ff7152056d2 CreateDirectoryW 17755->17742 17756->17755 17757 7ff7152056ac CreateDirectoryW 17756->17757 17757->17756 17759 7ff7152161c8 17758->17759 17760 7ff7152161b5 17758->17760 17891 7ff715215e2c 17759->17891 17762 7ff715215a18 _set_errno_from_matherr 11 API calls 17760->17762 17764 7ff7152161ba 17762->17764 17766 7ff715219e60 _invalid_parameter_noinfo 37 API calls 17764->17766 17765 7ff7152161c6 17765->17710 17766->17765 17769 7ff715206585 17768->17769 17899 7ff715213884 17769->17899 18067 7ff71521705c 17772->18067 17776 7ff715209eb0 17775->17776 17777 7ff7152069c0 GetCurrentProcess OpenProcessToken 17776->17777 17778 7ff715206a0b GetTokenInformation 17777->17778 17780 7ff715206a81 __std_exception_copy 17777->17780 17779 7ff715206a2d GetLastError 17778->17779 17781 7ff715206a38 17778->17781 17779->17780 17779->17781 17782 7ff715206a94 CloseHandle 17780->17782 17783 7ff715206a9a 17780->17783 17781->17780 17785 7ff715206a4e GetTokenInformation 17781->17785 17782->17783 18190 7ff7152066b0 17783->18190 17785->17780 17786 7ff715206a74 ConvertSidToStringSidW 17785->17786 17786->17780 17788 7ff715206af6 CreateDirectoryW 17789 7ff715206b08 17788->17789 17793 7ff715215a89 17792->17793 17794 7ff715215a56 17792->17794 17793->17752 17794->17793 17795 7ff71521f8f4 _wfindfirst32i64 37 API calls 17794->17795 17796 7ff715215a85 17795->17796 17796->17793 17797 7ff715219e80 _wfindfirst32i64 17 API calls 17796->17797 17798 7ff715215ab9 17797->17798 17800 7ff715214df2 17799->17800 17801 7ff715214d84 17799->17801 17836 7ff71521f08c 17800->17836 17801->17800 17803 7ff715214d89 17801->17803 17804 7ff715214dbe 17803->17804 17805 7ff715214da1 17803->17805 17819 7ff715214bac GetFullPathNameW 17804->17819 17811 7ff715214b38 GetFullPathNameW 17805->17811 17810 7ff715214db6 __std_exception_copy 17810->17752 17812 7ff715214b5e GetLastError 17811->17812 17813 7ff715214b74 17811->17813 17814 7ff71521598c _fread_nolock 11 API calls 17812->17814 17815 7ff715214b70 17813->17815 17818 7ff715215a18 _set_errno_from_matherr 11 API calls 17813->17818 17816 7ff715214b6b 17814->17816 17815->17810 17817 7ff715215a18 _set_errno_from_matherr 11 API calls 17816->17817 17817->17815 17818->17815 17820 7ff715214bdf GetLastError 17819->17820 17824 7ff715214bf5 __std_exception_copy 17819->17824 17821 7ff71521598c _fread_nolock 11 API calls 17820->17821 17822 7ff715214bec 17821->17822 17825 7ff715215a18 _set_errno_from_matherr 11 API calls 17822->17825 17823 7ff715214bf1 17827 7ff715214c84 17823->17827 17824->17823 17826 7ff715214c4f GetFullPathNameW 17824->17826 17825->17823 17826->17820 17826->17823 17831 7ff715214cf8 memcpy_s 17827->17831 17832 7ff715214cad memcpy_s 17827->17832 17828 7ff715214ce1 17829 7ff715215a18 _set_errno_from_matherr 11 API calls 17828->17829 17830 7ff715214ce6 17829->17830 17831->17810 17832->17828 17832->17831 17834 7ff715214d1a 17832->17834 17834->17831 17835 7ff715215a18 _set_errno_from_matherr 11 API calls 17834->17835 17835->17830 17839 7ff71521ee90 17836->17839 17840 7ff71521eebc 17839->17840 17841 7ff71521eee5 17839->17841 17844 7ff715215a18 _set_errno_from_matherr 11 API calls 17840->17844 17842 7ff71521ef0a 17841->17842 17843 7ff71521eee9 17841->17843 17877 7ff71521e538 17842->17877 17865 7ff71521f00c 17843->17865 17846 7ff71521eec1 17844->17846 17850 7ff715219e60 _invalid_parameter_noinfo 37 API calls 17846->17850 17848 7ff71521ef0f 17852 7ff71521eecc __std_exception_copy 17850->17852 17851 7ff71521eef2 17856 7ff715209e80 _wfindfirst32i64 8 API calls 17852->17856 17859 7ff71521eeda 17856->17859 17859->17810 17866 7ff71521f026 17865->17866 17867 7ff71521f045 17865->17867 17868 7ff7152159f8 _fread_nolock 11 API calls 17866->17868 17869 7ff71521f041 17867->17869 17870 7ff71521f050 GetDriveTypeW 17867->17870 17871 7ff71521f02b 17868->17871 17873 7ff715209e80 _wfindfirst32i64 8 API calls 17869->17873 17870->17869 17872 7ff715215a18 _set_errno_from_matherr 11 API calls 17871->17872 17874 7ff71521f036 17872->17874 17875 7ff71521eeee 17873->17875 17875->17848 17875->17851 17878 7ff71520b5d0 memcpy_s 17877->17878 17879 7ff71521e56e GetCurrentDirectoryW 17878->17879 17880 7ff71521e5ac 17879->17880 17881 7ff71521e585 17879->17881 17882 7ff71521de58 _set_errno_from_matherr 11 API calls 17880->17882 17883 7ff715209e80 _wfindfirst32i64 8 API calls 17881->17883 17884 7ff71521e5bb 17882->17884 17885 7ff71521e619 17883->17885 17885->17848 17898 7ff71521f758 EnterCriticalSection 17891->17898 17900 7ff7152138de 17899->17900 17901 7ff715213903 17900->17901 17903 7ff71521393f 17900->17903 17902 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17901->17902 17905 7ff71521392d 17902->17905 17917 7ff71521147c 17903->17917 17907 7ff715209e80 _wfindfirst32i64 8 API calls 17905->17907 17906 7ff715213a20 17908 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17906->17908 17909 7ff7152065a4 17907->17909 17908->17905 17909->17716 17911 7ff7152139f5 17914 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17911->17914 17912 7ff715213a46 17912->17906 17913 7ff715213a50 17912->17913 17916 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17913->17916 17914->17905 17915 7ff7152139ec 17915->17906 17915->17911 17916->17905 17918 7ff7152114ba 17917->17918 17919 7ff7152114aa 17917->17919 17920 7ff7152114c0 17918->17920 17926 7ff7152114f0 17918->17926 17921 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17919->17921 17922 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17920->17922 17923 7ff7152114e8 17921->17923 17922->17923 17923->17906 17923->17911 17923->17912 17923->17915 17926->17919 17926->17923 17928 7ff7152123f4 17926->17928 17959 7ff715211a48 17926->17959 17994 7ff715210cdc 17926->17994 17929 7ff715212438 17928->17929 17930 7ff7152124aa 17928->17930 17931 7ff71521251b 17929->17931 17943 7ff71521243e 17929->17943 17932 7ff715212528 17930->17932 17933 7ff7152124b0 17930->17933 18021 7ff71520fdd0 17931->18021 18028 7ff715212b90 17932->18028 17933->17931 17937 7ff7152124bc 17933->17937 17938 7ff715212514 17933->17938 17936 7ff71521247d 17957 7ff715212533 17936->17957 17997 7ff715212eb4 17936->17997 17941 7ff7152124c2 17937->17941 17942 7ff7152124f4 17937->17942 17940 7ff715212f78 37 API calls 17938->17940 17954 7ff71521248e 17940->17954 17944 7ff7152124dd 17941->17944 17945 7ff7152124ce 17941->17945 17949 7ff71521249d 17941->17949 18014 7ff71520f9fc 17942->18014 17943->17932 17943->17936 17943->17944 17948 7ff715212468 17943->17948 17943->17957 18010 7ff7152130c4 17944->18010 17945->17931 17945->17949 17946 7ff715209e80 _wfindfirst32i64 8 API calls 17951 7ff715212832 17946->17951 17948->17949 17952 7ff71521246d 17948->17952 17949->17957 18003 7ff7152101a4 17949->18003 17951->17926 17952->17932 17952->17936 17952->17954 17955 7ff7152131e0 45 API calls 17954->17955 17954->17957 17958 7ff715212719 17954->17958 17955->17958 17957->17946 17958->17957 18038 7ff71521dcb0 17958->18038 17960 7ff715211a6c 17959->17960 17961 7ff715211a56 17959->17961 17962 7ff715211aac 17960->17962 17963 7ff715219d90 _invalid_parameter_noinfo 37 API calls 17960->17963 17961->17962 17964 7ff715212438 17961->17964 17965 7ff7152124aa 17961->17965 17962->17926 17963->17962 17966 7ff71521251b 17964->17966 17967 7ff71521243e 17964->17967 17968 7ff715212528 17965->17968 17969 7ff7152124b0 17965->17969 17971 7ff71520fdd0 38 API calls 17966->17971 17967->17968 17978 7ff7152124dd 17967->17978 17982 7ff715212468 17967->17982 17988 7ff71521247d 17967->17988 17992 7ff715212533 17967->17992 17970 7ff715212b90 47 API calls 17968->17970 17969->17966 17972 7ff7152124bc 17969->17972 17973 7ff715212514 17969->17973 17990 7ff71521248e 17970->17990 17971->17990 17976 7ff7152124c2 17972->17976 17977 7ff7152124f4 17972->17977 17975 7ff715212f78 37 API calls 17973->17975 17974 7ff715212eb4 46 API calls 17974->17990 17975->17990 17976->17978 17979 7ff7152124ce 17976->17979 17983 7ff71521249d 17976->17983 17981 7ff71520f9fc 38 API calls 17977->17981 17984 7ff7152130c4 45 API calls 17978->17984 17979->17966 17979->17983 17980 7ff715209e80 _wfindfirst32i64 8 API calls 17985 7ff715212832 17980->17985 17981->17990 17982->17983 17986 7ff71521246d 17982->17986 17987 7ff7152101a4 38 API calls 17983->17987 17983->17992 17984->17990 17985->17926 17986->17968 17986->17988 17986->17990 17987->17990 17988->17974 17988->17992 17989 7ff7152131e0 45 API calls 17993 7ff715212719 17989->17993 17990->17989 17990->17992 17990->17993 17991 7ff71521dcb0 46 API calls 17991->17993 17992->17980 17993->17991 17993->17992 18050 7ff71520f0bc 17994->18050 17999 7ff715212ee7 17997->17999 17998 7ff715212f2c 17998->17954 17999->17998 18000 7ff715212f05 17999->18000 18001 7ff7152131e0 45 API calls 17999->18001 18002 7ff71521dcb0 46 API calls 18000->18002 18001->18000 18002->17998 18004 7ff7152101ca 18003->18004 18005 7ff7152101f4 18004->18005 18007 7ff7152102ab 18004->18007 18006 7ff71520ed20 12 API calls 18005->18006 18009 7ff715210230 18005->18009 18006->18009 18008 7ff715219d90 _invalid_parameter_noinfo 37 API calls 18007->18008 18008->18009 18009->17954 18011 7ff715213105 18010->18011 18012 7ff715213109 __crtLCMapStringW 18011->18012 18013 7ff71521315c 45 API calls 18011->18013 18012->17954 18013->18012 18015 7ff71520fa22 18014->18015 18016 7ff71520fa4c 18015->18016 18018 7ff71520fb03 18015->18018 18017 7ff71520ed20 12 API calls 18016->18017 18020 7ff71520fa88 18016->18020 18017->18020 18019 7ff715219d90 _invalid_parameter_noinfo 37 API calls 18018->18019 18019->18020 18020->17954 18022 7ff71520fdf6 18021->18022 18023 7ff71520fe20 18022->18023 18025 7ff71520fed7 18022->18025 18024 7ff71520ed20 12 API calls 18023->18024 18027 7ff71520fe5c 18023->18027 18024->18027 18026 7ff715219d90 _invalid_parameter_noinfo 37 API calls 18025->18026 18026->18027 18027->17954 18029 7ff715212bb6 18028->18029 18030 7ff71520ec78 12 API calls 18029->18030 18031 7ff715212c08 18030->18031 18032 7ff71521d818 46 API calls 18031->18032 18033 7ff715212cd2 18032->18033 18034 7ff7152131e0 45 API calls 18033->18034 18036 7ff715212cf4 18033->18036 18034->18036 18035 7ff7152131e0 45 API calls 18037 7ff715212d82 18035->18037 18036->18035 18036->18036 18036->18037 18037->17954 18039 7ff71521dce1 18038->18039 18040 7ff71521dcef 18038->18040 18039->18040 18041 7ff71521dd0f 18039->18041 18042 7ff7152131e0 45 API calls 18039->18042 18040->17958 18043 7ff71521dd47 18041->18043 18044 7ff71521dd20 18041->18044 18042->18041 18043->18040 18051 7ff71520f0f1 18050->18051 18052 7ff71520f103 18050->18052 18053 7ff715215a18 _set_errno_from_matherr 11 API calls 18051->18053 18054 7ff71520f14d 18052->18054 18056 7ff71520f111 18052->18056 18055 7ff71520f0f6 18053->18055 18060 7ff715215a18 _set_errno_from_matherr 11 API calls 18054->18060 18061 7ff71520f4ad 18054->18061 18057 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18055->18057 18058 7ff715219d90 _invalid_parameter_noinfo 37 API calls 18056->18058 18066 7ff71520f101 18057->18066 18058->18066 18059 7ff715215a18 _set_errno_from_matherr 11 API calls 18062 7ff71520f74d 18059->18062 18063 7ff71520f4a2 18060->18063 18061->18059 18061->18066 18064 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18062->18064 18065 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18063->18065 18064->18066 18065->18061 18066->17926 18108 7ff715220658 18067->18108 18167 7ff7152203d0 18108->18167 18188 7ff71521f758 EnterCriticalSection 18167->18188 18191 7ff7152066d5 18190->18191 18192 7ff715213884 48 API calls 18191->18192 18193 7ff7152066f8 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 18192->18193 18193->17788 18193->17789 18195 7ff71521a6c0 __GetCurrentState 45 API calls 18194->18195 18197 7ff715214b1d 18195->18197 18196 7ff71521ee89 18203 7ff71520a294 18196->18203 18197->18196 18200 7ff71521eda2 18197->18200 18201 7ff715209e80 _wfindfirst32i64 8 API calls 18200->18201 18202 7ff71521ee81 18201->18202 18202->17690 18206 7ff71520a2a8 IsProcessorFeaturePresent 18203->18206 18207 7ff71520a2bf 18206->18207 18212 7ff71520a344 RtlCaptureContext RtlLookupFunctionEntry 18207->18212 18213 7ff71520a374 RtlVirtualUnwind 18212->18213 18214 7ff71520a2d3 18212->18214 18213->18214 18215 7ff71520a184 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18214->18215 18217 7ff715206d00 88 API calls 18216->18217 18218 7ff715206277 LoadLibraryExW 18217->18218 18219 7ff715206294 __std_exception_copy 18218->18219 18219->16464 18220->16539 18221->16537 18223 7ff715203a90 18222->18223 18224 7ff715201b20 49 API calls 18223->18224 18225 7ff715203ac2 18224->18225 18226 7ff715203aeb 18225->18226 18227 7ff715203acb 18225->18227 18229 7ff715203b42 18226->18229 18231 7ff715202e30 49 API calls 18226->18231 18228 7ff715201c40 86 API calls 18227->18228 18233 7ff715203ae1 18228->18233 18230 7ff715202e30 49 API calls 18229->18230 18232 7ff715203b5b 18230->18232 18234 7ff715203b0c 18231->18234 18236 7ff715203b79 18232->18236 18240 7ff715201c40 86 API calls 18232->18240 18235 7ff715209e80 _wfindfirst32i64 8 API calls 18233->18235 18237 7ff715203b2a 18234->18237 18242 7ff715201c40 86 API calls 18234->18242 18239 7ff7152022be 18235->18239 18241 7ff715206260 89 API calls 18236->18241 18293 7ff715202d40 18237->18293 18239->16549 18250 7ff715203e00 18239->18250 18240->18236 18244 7ff715203b86 18241->18244 18242->18237 18245 7ff715203bad 18244->18245 18246 7ff715203b8b 18244->18246 18299 7ff715202ef0 GetProcAddress 18245->18299 18249 7ff715201ca0 86 API calls 18246->18249 18248 7ff715206260 89 API calls 18248->18229 18249->18233 18251 7ff715205aa0 92 API calls 18250->18251 18253 7ff715203e15 18251->18253 18252 7ff715203e30 18254 7ff715206d00 88 API calls 18252->18254 18253->18252 18255 7ff715201c40 86 API calls 18253->18255 18256 7ff715203e74 18254->18256 18255->18252 18257 7ff715203e79 18256->18257 18260 7ff715203e90 18256->18260 18258 7ff715201c40 86 API calls 18257->18258 18259 7ff715203e85 18258->18259 18259->16551 18261 7ff715206d00 88 API calls 18260->18261 18262 7ff715203ec5 18261->18262 18264 7ff715201b20 49 API calls 18262->18264 18276 7ff715203eca __std_exception_copy 18262->18276 18263 7ff715201c40 86 API calls 18265 7ff715204071 18263->18265 18266 7ff715203f47 18264->18266 18265->16551 18267 7ff715203f73 18266->18267 18268 7ff715203f4e 18266->18268 18270 7ff715206d00 88 API calls 18267->18270 18269 7ff715201c40 86 API calls 18268->18269 18271 7ff715203f63 18269->18271 18272 7ff715203f8c 18270->18272 18271->16551 18272->18276 18406 7ff715203be0 18272->18406 18276->18263 18277 7ff71520405a 18276->18277 18277->16551 18279 7ff715203827 18278->18279 18279->18279 18280 7ff715203850 18279->18280 18287 7ff715203867 __std_exception_copy 18279->18287 18281 7ff715201c40 86 API calls 18280->18281 18282 7ff71520385c 18281->18282 18282->16553 18283 7ff71520394d 18283->16553 18284 7ff7152012b0 120 API calls 18284->18287 18285 7ff715201770 86 API calls 18285->18287 18286 7ff715201c40 86 API calls 18286->18287 18287->18283 18287->18284 18287->18285 18287->18286 18289 7ff715203a67 18288->18289 18291 7ff71520397b 18288->18291 18289->16555 18290 7ff715201770 86 API calls 18290->18291 18291->18289 18291->18290 18292 7ff715201c40 86 API calls 18291->18292 18292->18291 18294 7ff715202d4a 18293->18294 18295 7ff715206d00 88 API calls 18294->18295 18296 7ff715202d72 18295->18296 18297 7ff715209e80 _wfindfirst32i64 8 API calls 18296->18297 18298 7ff715202d9a 18297->18298 18298->18229 18298->18248 18300 7ff715202f3b GetProcAddress 18299->18300 18301 7ff715202f18 18299->18301 18300->18301 18302 7ff715202f60 GetProcAddress 18300->18302 18303 7ff715201ca0 86 API calls 18301->18303 18302->18301 18304 7ff715202f85 GetProcAddress 18302->18304 18305 7ff715202f2b 18303->18305 18304->18301 18306 7ff715202fad GetProcAddress 18304->18306 18305->18233 18306->18301 18307 7ff715202fd5 GetProcAddress 18306->18307 18307->18301 18308 7ff715202ffd GetProcAddress 18307->18308 18309 7ff715203025 GetProcAddress 18308->18309 18310 7ff715203019 18308->18310 18311 7ff715203041 18309->18311 18312 7ff71520304d GetProcAddress 18309->18312 18310->18309 18311->18312 18313 7ff715203069 18312->18313 18314 7ff7152030a5 GetProcAddress 18313->18314 18315 7ff71520307d GetProcAddress 18313->18315 18317 7ff7152030c1 18314->18317 18318 7ff7152030cd GetProcAddress 18314->18318 18315->18314 18316 7ff715203099 18315->18316 18316->18314 18317->18318 18319 7ff7152030f5 GetProcAddress 18318->18319 18320 7ff7152030e9 18318->18320 18321 7ff715203111 18319->18321 18322 7ff71520311d GetProcAddress 18319->18322 18320->18319 18321->18322 18323 7ff715203145 GetProcAddress 18322->18323 18324 7ff715203139 18322->18324 18325 7ff715203161 18323->18325 18326 7ff71520316d GetProcAddress 18323->18326 18324->18323 18325->18326 18327 7ff715203195 GetProcAddress 18326->18327 18328 7ff715203189 18326->18328 18329 7ff7152031b1 18327->18329 18330 7ff7152031bd GetProcAddress 18327->18330 18328->18327 18329->18330 18331 7ff7152031e5 GetProcAddress 18330->18331 18332 7ff7152031d9 18330->18332 18333 7ff715203201 18331->18333 18334 7ff71520320d GetProcAddress 18331->18334 18332->18331 18333->18334 18414 7ff715203bfa 18406->18414 18407 7ff715203db1 18408 7ff715209e80 _wfindfirst32i64 8 API calls 18407->18408 18410 7ff715203dd0 18408->18410 18409 7ff715201770 86 API calls 18409->18414 18433 7ff715206f00 18410->18433 18411 7ff715203d13 18411->18407 18444 7ff715219244 18411->18444 18414->18407 18414->18409 18414->18411 18416 7ff715203de9 18414->18416 18440 7ff7152150f0 18414->18440 18418 7ff715201c40 86 API calls 18416->18418 18418->18407 18436 7ff715206f1f 18433->18436 18434 7ff715206f27 __std_exception_copy 18434->18276 18435 7ff715206f70 MultiByteToWideChar 18435->18436 18437 7ff715206ffc 18435->18437 18436->18434 18436->18435 18436->18437 18438 7ff715206fb8 MultiByteToWideChar 18436->18438 18439 7ff715201ca0 86 API calls 18437->18439 18438->18436 18438->18437 18439->18434 18441 7ff715215120 18440->18441 18475 7ff715214ef4 18441->18475 18443 7ff715215139 18443->18414 18445 7ff71521924d 18444->18445 18449 7ff715203d2a 18444->18449 18446 7ff715215a18 _set_errno_from_matherr 11 API calls 18445->18446 18447 7ff715219252 18446->18447 18448 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18447->18448 18448->18449 18450 7ff7152151fc 18449->18450 18451 7ff715215255 18450->18451 18452 7ff715215225 18450->18452 18453 7ff715215267 18451->18453 18454 7ff71521525a 18451->18454 18452->18451 18460 7ff715215245 18452->18460 18456 7ff7152152d0 18453->18456 18459 7ff715215297 18453->18459 18455 7ff715215a18 _set_errno_from_matherr 11 API calls 18454->18455 18462 7ff715215a18 _set_errno_from_matherr 11 API calls 18460->18462 18476 7ff715214f27 18475->18476 18477 7ff715214f69 18476->18477 18478 7ff715214f3c 18476->18478 18487 7ff715214f2c 18476->18487 18479 7ff715214f77 18477->18479 18481 7ff7152131e0 45 API calls 18477->18481 18480 7ff715219d90 _invalid_parameter_noinfo 37 API calls 18478->18480 18480->18487 18481->18479 18487->18443 18487->18487 18528 7ff715201dd6 18527->18528 18529 7ff715201b20 49 API calls 18528->18529 18531 7ff715201e0b 18529->18531 18530 7ff7152021f9 18531->18530 18532 7ff715202c20 49 API calls 18531->18532 18533 7ff715201e87 18532->18533 18581 7ff715202210 18533->18581 18536 7ff715201f17 18537 7ff715205830 127 API calls 18536->18537 18540 7ff715201f1f 18537->18540 18538 7ff715202210 75 API calls 18539 7ff715201f13 18538->18539 18539->18536 18541 7ff715201f85 18539->18541 18543 7ff715201f3c 18540->18543 18589 7ff715205710 18540->18589 18544 7ff715202210 75 API calls 18541->18544 18545 7ff715201c40 86 API calls 18543->18545 18580 7ff715201f56 18543->18580 18546 7ff715201fae 18544->18546 18545->18580 18547 7ff715202008 18546->18547 18548 7ff715202210 75 API calls 18546->18548 18547->18543 18549 7ff715205830 127 API calls 18547->18549 18550 7ff715201fdb 18548->18550 18555 7ff715202018 18549->18555 18550->18547 18553 7ff715202210 75 API calls 18550->18553 18551 7ff715209e80 _wfindfirst32i64 8 API calls 18552 7ff715201f7a 18551->18552 18552->16583 18553->18547 18554 7ff715201ae0 86 API calls 18556 7ff71520206f 18554->18556 18555->18543 18555->18554 18558 7ff715202136 18555->18558 18556->18543 18557 7ff715201b20 49 API calls 18556->18557 18559 7ff715202097 18557->18559 18558->18543 18571 7ff71520214e 18558->18571 18560 7ff7152021d2 18559->18560 18561 7ff715201b20 49 API calls 18559->18561 18562 7ff715201c40 86 API calls 18560->18562 18563 7ff7152020c4 18561->18563 18564 7ff715202131 18562->18564 18563->18560 18566 7ff715201b20 49 API calls 18563->18566 18565 7ff715201aa0 74 API calls 18564->18565 18565->18543 18567 7ff7152020f1 18566->18567 18567->18560 18570 7ff7152020fc 18567->18570 18568 7ff715201440 158 API calls 18568->18571 18569 7ff715201770 86 API calls 18569->18571 18572 7ff7152017a0 121 API calls 18570->18572 18571->18568 18571->18569 18573 7ff7152021b4 18571->18573 18571->18580 18575 7ff715202113 18572->18575 18574 7ff715201c40 86 API calls 18573->18574 18576 7ff7152021c5 18574->18576 18575->18571 18578 7ff715201aa0 74 API calls 18576->18578 18578->18580 18580->18551 18582 7ff715202244 18581->18582 18583 7ff715213630 49 API calls 18582->18583 18584 7ff71520226a 18583->18584 18585 7ff71520227b 18584->18585 18613 7ff715214824 18584->18613 18587 7ff715209e80 _wfindfirst32i64 8 API calls 18585->18587 18588 7ff715201ec6 18587->18588 18588->18536 18588->18538 18590 7ff71520571e 18589->18590 18591 7ff715202db0 120 API calls 18590->18591 18592 7ff715205745 18591->18592 18593 7ff715205b50 134 API calls 18592->18593 18594 7ff715205753 18593->18594 18595 7ff715205803 18594->18595 18597 7ff71520576d 18594->18597 18596 7ff7152057ff 18595->18596 18599 7ff71520e138 74 API calls 18595->18599 18600 7ff715209e80 _wfindfirst32i64 8 API calls 18596->18600 18777 7ff71520e1d0 18597->18777 18599->18596 18602 7ff715205825 18600->18602 18601 7ff7152057e0 18603 7ff71520e138 74 API calls 18601->18603 18602->18543 18605 7ff7152057f7 18603->18605 18604 7ff71520e488 _fread_nolock 53 API calls 18611 7ff715205772 18604->18611 18606 7ff71520e138 74 API calls 18605->18606 18606->18596 18607 7ff71520eb94 76 API calls 18607->18611 18608 7ff7152057a9 18783 7ff715217458 18608->18783 18609 7ff71520e1fc 37 API calls 18609->18611 18610 7ff71520e1d0 37 API calls 18610->18611 18611->18601 18611->18604 18611->18607 18611->18608 18611->18609 18611->18610 18614 7ff71521484d 18613->18614 18615 7ff715214841 18613->18615 18616 7ff715214434 45 API calls 18614->18616 18630 7ff715214098 18615->18630 18618 7ff715214875 18616->18618 18620 7ff715214885 18618->18620 18654 7ff71521e0e8 18618->18654 18657 7ff715213f1c 18620->18657 18623 7ff7152148e1 18625 7ff715214846 18623->18625 18627 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18623->18627 18624 7ff7152148f5 18626 7ff715214098 69 API calls 18624->18626 18625->18585 18628 7ff715214901 18626->18628 18627->18625 18628->18625 18629 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18628->18629 18629->18625 18631 7ff7152140cf 18630->18631 18632 7ff7152140b2 18630->18632 18631->18632 18634 7ff7152140e2 CreateFileW 18631->18634 18633 7ff7152159f8 _fread_nolock 11 API calls 18632->18633 18635 7ff7152140b7 18633->18635 18636 7ff71521414c 18634->18636 18637 7ff715214116 18634->18637 18639 7ff715215a18 _set_errno_from_matherr 11 API calls 18635->18639 18705 7ff715214714 18636->18705 18679 7ff7152141ec GetFileType 18637->18679 18642 7ff7152140bf 18639->18642 18646 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18642->18646 18644 7ff715214180 18726 7ff7152144d0 18644->18726 18645 7ff715214155 18649 7ff71521598c _fread_nolock 11 API calls 18645->18649 18653 7ff7152140ca 18646->18653 18647 7ff71521412b CloseHandle 18647->18653 18648 7ff715214141 CloseHandle 18648->18653 18649->18653 18653->18625 18767 7ff71521ded0 18654->18767 18658 7ff715213f6a 18657->18658 18659 7ff715213f46 18657->18659 18660 7ff715213f6f 18658->18660 18661 7ff715213fc4 18658->18661 18663 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18659->18663 18665 7ff715213f55 18659->18665 18660->18665 18666 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18660->18666 18670 7ff715213f84 18660->18670 18662 7ff71521e814 _fread_nolock MultiByteToWideChar 18661->18662 18664 7ff715213fe0 18662->18664 18663->18665 18668 7ff715213fe7 GetLastError 18664->18668 18672 7ff715214015 18664->18672 18675 7ff715219ec8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18664->18675 18678 7ff715214022 18664->18678 18665->18623 18665->18624 18666->18670 18667 7ff71521cbb0 _fread_nolock 12 API calls 18667->18665 18669 7ff71521598c _fread_nolock 11 API calls 18668->18669 18671 7ff715213ff4 18669->18671 18670->18667 18674 7ff715215a18 _set_errno_from_matherr 11 API calls 18671->18674 18676 7ff71521cbb0 _fread_nolock 12 API calls 18672->18676 18673 7ff71521e814 _fread_nolock MultiByteToWideChar 18677 7ff715214066 18673->18677 18674->18665 18675->18672 18676->18678 18677->18665 18677->18668 18678->18665 18678->18673 18680 7ff7152142f7 18679->18680 18681 7ff71521423a 18679->18681 18683 7ff7152142ff 18680->18683 18684 7ff715214321 18680->18684 18682 7ff715214266 GetFileInformationByHandle 18681->18682 18686 7ff71521460c 21 API calls 18681->18686 18687 7ff71521428f 18682->18687 18688 7ff715214312 GetLastError 18682->18688 18683->18688 18689 7ff715214303 18683->18689 18685 7ff715214344 PeekNamedPipe 18684->18685 18694 7ff7152142e2 18684->18694 18685->18694 18690 7ff715214254 18686->18690 18691 7ff7152144d0 51 API calls 18687->18691 18693 7ff71521598c _fread_nolock 11 API calls 18688->18693 18692 7ff715215a18 _set_errno_from_matherr 11 API calls 18689->18692 18690->18682 18690->18694 18696 7ff71521429a 18691->18696 18692->18694 18693->18694 18695 7ff715209e80 _wfindfirst32i64 8 API calls 18694->18695 18697 7ff715214124 18695->18697 18743 7ff715214394 18696->18743 18697->18647 18697->18648 18700 7ff715214394 10 API calls 18701 7ff7152142b9 18700->18701 18702 7ff715214394 10 API calls 18701->18702 18703 7ff7152142ca 18702->18703 18703->18694 18704 7ff715215a18 _set_errno_from_matherr 11 API calls 18703->18704 18704->18694 18706 7ff71521474a 18705->18706 18707 7ff715215a18 _set_errno_from_matherr 11 API calls 18706->18707 18720 7ff7152147e2 __std_exception_copy 18706->18720 18709 7ff71521475c 18707->18709 18708 7ff715209e80 _wfindfirst32i64 8 API calls 18710 7ff715214151 18708->18710 18711 7ff715215a18 _set_errno_from_matherr 11 API calls 18709->18711 18710->18644 18710->18645 18712 7ff715214764 18711->18712 18713 7ff715214d68 45 API calls 18712->18713 18714 7ff715214779 18713->18714 18715 7ff71521478b 18714->18715 18716 7ff715214781 18714->18716 18717 7ff715215a18 _set_errno_from_matherr 11 API calls 18715->18717 18718 7ff715215a18 _set_errno_from_matherr 11 API calls 18716->18718 18719 7ff715214790 18717->18719 18725 7ff715214786 18718->18725 18719->18720 18721 7ff715215a18 _set_errno_from_matherr 11 API calls 18719->18721 18720->18708 18722 7ff71521479a 18721->18722 18723 7ff715214d68 45 API calls 18722->18723 18723->18725 18724 7ff7152147d4 GetDriveTypeW 18724->18720 18725->18720 18725->18724 18728 7ff7152144f8 18726->18728 18727 7ff71521418d 18736 7ff71521460c 18727->18736 18728->18727 18750 7ff71521e6a4 18728->18750 18730 7ff71521458c 18730->18727 18731 7ff71521e6a4 51 API calls 18730->18731 18737 7ff715214626 18736->18737 18738 7ff71521465e 18737->18738 18739 7ff715214636 18737->18739 18740 7ff71521e538 21 API calls 18738->18740 18741 7ff71521598c _fread_nolock 11 API calls 18739->18741 18742 7ff715214646 18739->18742 18740->18742 18741->18742 18742->18653 18744 7ff7152143bd FileTimeToSystemTime 18743->18744 18745 7ff7152143b0 18743->18745 18746 7ff7152143d1 SystemTimeToTzSpecificLocalTime 18744->18746 18747 7ff7152143b8 18744->18747 18745->18744 18745->18747 18746->18747 18748 7ff715209e80 _wfindfirst32i64 8 API calls 18747->18748 18749 7ff7152142a9 18748->18749 18749->18700 18751 7ff71521e6b1 18750->18751 18753 7ff71521e6d5 18750->18753 18752 7ff71521e6b6 18751->18752 18751->18753 18755 7ff715215a18 _set_errno_from_matherr 11 API calls 18752->18755 18754 7ff71521e70f 18753->18754 18757 7ff71521e72e 18753->18757 18756 7ff715215a18 _set_errno_from_matherr 11 API calls 18754->18756 18758 7ff71521e6bb 18755->18758 18759 7ff71521e714 18756->18759 18760 7ff715214434 45 API calls 18757->18760 18761 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18758->18761 18762 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18759->18762 18765 7ff71521e73b 18760->18765 18763 7ff71521e6c6 18761->18763 18764 7ff71521e71f 18762->18764 18763->18730 18764->18730 18765->18764 18766 7ff715224204 51 API calls 18765->18766 18766->18765 18768 7ff71521df31 18767->18768 18770 7ff71521df2c __vcrt_InitializeCriticalSectionEx 18767->18770 18768->18620 18769 7ff71521df60 LoadLibraryExW 18772 7ff71521e035 18769->18772 18773 7ff71521df85 GetLastError 18769->18773 18770->18768 18770->18769 18771 7ff71521e055 GetProcAddress 18770->18771 18776 7ff71521dfbf LoadLibraryExW 18770->18776 18771->18768 18775 7ff71521e066 18771->18775 18772->18771 18774 7ff71521e04c FreeLibrary 18772->18774 18773->18770 18774->18771 18775->18768 18776->18770 18776->18772 18778 7ff71520e1d9 18777->18778 18779 7ff71520e1e9 18777->18779 18780 7ff715215a18 _set_errno_from_matherr 11 API calls 18778->18780 18779->18611 18781 7ff71520e1de 18780->18781 18782 7ff715219e60 _invalid_parameter_noinfo 37 API calls 18781->18782 18782->18779 18784 7ff715217460 18783->18784 18785 7ff71521747c 18784->18785 18786 7ff71521749d 18784->18786 18787 7ff715215a18 _set_errno_from_matherr 11 API calls 18785->18787 18802 7ff715213d3c EnterCriticalSection 18786->18802 18789 7ff715217481 18787->18789 18804 7ff715216e80 18803->18804 18816 7ff715216f32 memcpy_s 18803->18816 18805 7ff715216f42 18804->18805 18807 7ff715216e97 18804->18807 18810 7ff71521a838 _set_errno_from_matherr 11 API calls 18805->18810 18805->18816 18806 7ff715215a18 _set_errno_from_matherr 11 API calls 18819 7ff7152060d0 18806->18819 18820 7ff71521f758 EnterCriticalSection 18807->18820 18811 7ff715216f5e 18810->18811 18815 7ff71521cbb0 _fread_nolock 12 API calls 18811->18815 18811->18816 18815->18816 18816->18806 18816->18819 18819->16597 18862 7ff71521a6c0 __GetCurrentState 45 API calls 18861->18862 18863 7ff7152191a1 18862->18863 18866 7ff7152192cc 18863->18866 18875 7ff715216b88 18866->18875 18901 7ff715216a64 18875->18901 18906 7ff71521f758 EnterCriticalSection 18901->18906 18910 7ff71521886d 18911 7ff715219198 45 API calls 18910->18911 18912 7ff715218872 18911->18912 18913 7ff715218899 GetModuleHandleW 18912->18913 18914 7ff7152188e3 18912->18914 18913->18914 18920 7ff7152188a6 18913->18920 18922 7ff715218770 18914->18922 18920->18914 18936 7ff7152189a0 GetModuleHandleExW 18920->18936 18942 7ff71521f758 EnterCriticalSection 18922->18942 18937 7ff7152189fd 18936->18937 18938 7ff7152189d4 GetProcAddress 18936->18938 18940 7ff715218a09 18937->18940 18941 7ff715218a02 FreeLibrary 18937->18941 18939 7ff7152189e6 18938->18939 18939->18937 18940->18914 18941->18940 19697 7ff71522915b 19698 7ff71522916a 19697->19698 19699 7ff715229174 19697->19699 19701 7ff71521f7b8 LeaveCriticalSection 19698->19701 20507 7ff715213ce0 20508 7ff715213ceb 20507->20508 20516 7ff71521e474 20508->20516 20529 7ff71521f758 EnterCriticalSection 20516->20529

    Executed Functions

    Function 00007FF71521AFEC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 285 7ff71521afec-7ff71521b00d 286 7ff71521b027-7ff71521b029 285->286 287 7ff71521b00f-7ff71521b022 call 7ff7152159f8 call 7ff715215a18 285->287 288 7ff71521b40b-7ff71521b418 call 7ff7152159f8 call 7ff715215a18 286->288 289 7ff71521b02f-7ff71521b036 286->289 305 7ff71521b423 287->305 308 7ff71521b41e call 7ff715219e60 288->308 289->288 291 7ff71521b03c-7ff71521b070 289->291 291->288 294 7ff71521b076-7ff71521b07d 291->294 297 7ff71521b097-7ff71521b09a 294->297 298 7ff71521b07f-7ff71521b092 call 7ff7152159f8 call 7ff715215a18 294->298 303 7ff71521b407-7ff71521b409 297->303 304 7ff71521b0a0-7ff71521b0a2 297->304 298->308 306 7ff71521b426-7ff71521b435 303->306 304->303 309 7ff71521b0a8-7ff71521b0ab 304->309 305->306 308->305 309->298 312 7ff71521b0ad-7ff71521b0d1 309->312 314 7ff71521b0d3-7ff71521b0d6 312->314 315 7ff71521b106-7ff71521b10e 312->315 318 7ff71521b0d8-7ff71521b0e0 314->318 319 7ff71521b0fe-7ff71521b104 314->319 316 7ff71521b110-7ff71521b13a call 7ff71521cbb0 call 7ff715219ec8 * 2 315->316 317 7ff71521b0e2-7ff71521b0f9 call 7ff7152159f8 call 7ff715215a18 call 7ff715219e60 315->317 350 7ff71521b157-7ff71521b181 call 7ff71521b81c 316->350 351 7ff71521b13c-7ff71521b152 call 7ff715215a18 call 7ff7152159f8 316->351 347 7ff71521b295 317->347 318->317 318->319 320 7ff71521b185-7ff71521b196 319->320 324 7ff71521b19c-7ff71521b1a4 320->324 325 7ff71521b21d-7ff71521b227 call 7ff7152226c0 320->325 324->325 329 7ff71521b1a6-7ff71521b1a8 324->329 336 7ff71521b22d-7ff71521b243 325->336 337 7ff71521b2b3 325->337 329->325 333 7ff71521b1aa-7ff71521b1c8 329->333 333->325 338 7ff71521b1ca-7ff71521b1d6 333->338 336->337 342 7ff71521b245-7ff71521b257 GetConsoleMode 336->342 340 7ff71521b2b8-7ff71521b2d9 ReadFile 337->340 338->325 343 7ff71521b1d8-7ff71521b1da 338->343 345 7ff71521b2df-7ff71521b2e7 340->345 346 7ff71521b3d1-7ff71521b3da GetLastError 340->346 342->337 348 7ff71521b259-7ff71521b261 342->348 343->325 349 7ff71521b1dc-7ff71521b1f4 343->349 345->346 352 7ff71521b2ed 345->352 355 7ff71521b3f7-7ff71521b3fa 346->355 356 7ff71521b3dc-7ff71521b3f2 call 7ff715215a18 call 7ff7152159f8 346->356 357 7ff71521b298-7ff71521b2a2 call 7ff715219ec8 347->357 348->340 354 7ff71521b263-7ff71521b286 ReadConsoleW 348->354 349->325 358 7ff71521b1f6-7ff71521b202 349->358 350->320 351->347 361 7ff71521b2f4-7ff71521b30b 352->361 363 7ff71521b288 GetLastError 354->363 364 7ff71521b2a7-7ff71521b2b1 354->364 368 7ff71521b28e-7ff71521b290 call 7ff71521598c 355->368 369 7ff71521b400-7ff71521b402 355->369 356->347 357->306 358->325 367 7ff71521b204-7ff71521b206 358->367 361->357 371 7ff71521b30d-7ff71521b318 361->371 363->368 364->361 367->325 375 7ff71521b208-7ff71521b218 367->375 368->347 369->357 377 7ff71521b31a-7ff71521b333 call 7ff71521abfc 371->377 378 7ff71521b33f-7ff71521b347 371->378 375->325 385 7ff71521b338-7ff71521b33a 377->385 381 7ff71521b349-7ff71521b35b 378->381 382 7ff71521b3bf-7ff71521b3cc call 7ff71521aa24 378->382 386 7ff71521b35d 381->386 387 7ff71521b3b2-7ff71521b3ba 381->387 382->385 385->357 389 7ff71521b363-7ff71521b36a 386->389 387->357 390 7ff71521b3a7-7ff71521b3ac 389->390 391 7ff71521b36c-7ff71521b370 389->391 390->387 392 7ff71521b38d 391->392 393 7ff71521b372-7ff71521b379 391->393 394 7ff71521b393-7ff71521b3a3 392->394 393->392 395 7ff71521b37b-7ff71521b37f 393->395 394->389 396 7ff71521b3a5 394->396 395->392 397 7ff71521b381-7ff71521b38b 395->397 396->387 397->394
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 1efec4cda5df6dec563488fd6b489641d90e4c159bad1a86432f81c53d1c3fea
    • Instruction ID: 2d32883203f605419f2786866cf29ab0f35eb0f50b9de663ae38deeca9d129de
    • Opcode Fuzzy Hash: 1efec4cda5df6dec563488fd6b489641d90e4c159bad1a86432f81c53d1c3fea
    • Instruction Fuzzy Hash: 09C191A3A08E4695E7697B219CD03BEA7A0EB41FA0FC44135DA4E077A1CF7CE45C8721
    Function 00007FF715211BF4 Relevance: .3, Instructions: 345COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6b57c07ee410fd099c399a89ba106d39b1c70b102af5975a3334a5b455f61937
    • Instruction ID: b2d8875e54e247a4dc0e17a2ecc64d9bdf1d0b2816a7137331e0810a566ba284
    • Opcode Fuzzy Hash: 6b57c07ee410fd099c399a89ba106d39b1c70b102af5975a3334a5b455f61937
    • Instruction Fuzzy Hash: C1E1C9A3908E4685EB6CAA298C8437FA7A1EB45F68FA44135DD0D472F5CF39D849C321
    Function 00007FF715210D6C Relevance: .2, Instructions: 248COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: df827db252763572e02e0a54ce157ccc6132b2c44029538ac4c7a5bbc0429e0f
    • Instruction ID: 0c2c0e30307011da54d01bd4bee8ebab3c55d2ab01675d7003436b058e1de648
    • Opcode Fuzzy Hash: df827db252763572e02e0a54ce157ccc6132b2c44029538ac4c7a5bbc0429e0f
    • Instruction Fuzzy Hash: 10B16EB3A08A8586E768AF358C9127E7BA0EB05F68F640135CE4D473A9CF39D448C764
    Function 00007FF7152017A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _fread_nolock$_invalid_parameter_noinfo
    • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
    • API String ID: 3405171723-4158440160
    • Opcode ID: dcb00d85fefd41ca24dcc0014f77b320b48d92a86aa44687ca5b56c916bd0197
    • Instruction ID: 6593ab7b0507df3289fbe508e360621eb3eb1804e3e686cba9a8e8236fd15a52
    • Opcode Fuzzy Hash: dcb00d85fefd41ca24dcc0014f77b320b48d92a86aa44687ca5b56c916bd0197
    • Instruction Fuzzy Hash: 6A5150B3A0AE0686EB58EF24DC90178A3A0FF88F64BA14135D90D877A5DF7CE548C750
    Function 00007FF715225918 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 53 7ff715225918-7ff71522598b call 7ff715225648 56 7ff71522598d-7ff715225996 call 7ff7152159f8 53->56 57 7ff7152259a5-7ff7152259af call 7ff7152167f0 53->57 64 7ff715225999-7ff7152259a0 call 7ff715215a18 56->64 62 7ff7152259ca-7ff715225a33 CreateFileW 57->62 63 7ff7152259b1-7ff7152259c8 call 7ff7152159f8 call 7ff715215a18 57->63 66 7ff715225ab0-7ff715225abb GetFileType 62->66 67 7ff715225a35-7ff715225a3b 62->67 63->64 80 7ff715225ce7-7ff715225d07 64->80 73 7ff715225b0e-7ff715225b15 66->73 74 7ff715225abd-7ff715225af8 GetLastError call 7ff71521598c CloseHandle 66->74 70 7ff715225a7d-7ff715225aab GetLastError call 7ff71521598c 67->70 71 7ff715225a3d-7ff715225a41 67->71 70->64 71->70 78 7ff715225a43-7ff715225a7b CreateFileW 71->78 76 7ff715225b17-7ff715225b1b 73->76 77 7ff715225b1d-7ff715225b20 73->77 74->64 87 7ff715225afe-7ff715225b09 call 7ff715215a18 74->87 84 7ff715225b26-7ff715225b7b call 7ff715216708 76->84 77->84 85 7ff715225b22 77->85 78->66 78->70 92 7ff715225b9a-7ff715225bcb call 7ff7152253d0 84->92 93 7ff715225b7d-7ff715225b89 call 7ff715225854 84->93 85->84 87->64 98 7ff715225bcd-7ff715225bcf 92->98 99 7ff715225bd1-7ff715225c14 92->99 93->92 100 7ff715225b8b 93->100 101 7ff715225b8d-7ff715225b95 call 7ff71521a040 98->101 102 7ff715225c36-7ff715225c41 99->102 103 7ff715225c16-7ff715225c1a 99->103 100->101 101->80 106 7ff715225c47-7ff715225c4b 102->106 107 7ff715225ce5 102->107 103->102 105 7ff715225c1c-7ff715225c31 103->105 105->102 106->107 109 7ff715225c51-7ff715225c96 CloseHandle CreateFileW 106->109 107->80 110 7ff715225c98-7ff715225cc6 GetLastError call 7ff71521598c call 7ff715216930 109->110 111 7ff715225ccb-7ff715225ce0 109->111 110->111 111->107
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
    • String ID:
    • API String ID: 1330151763-0
    • Opcode ID: 02cca5bccd40fabf63340106bcaa0c32295241461f6bfbf06850c78983670354
    • Instruction ID: 2bd350280d2921e900d97c69a822259b6685155d1c2c12a9abe0ef3065bdf782
    • Opcode Fuzzy Hash: 02cca5bccd40fabf63340106bcaa0c32295241461f6bfbf06850c78983670354
    • Instruction Fuzzy Hash: 9CC1CF77B24E4285EB18EF64C8802AC7761FB49FB8B814225DA1F9B7A4DF38D059C750
    Function 00007FF715201000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 116 7ff715201000-7ff715202786 call 7ff71520df10 call 7ff71520df08 call 7ff715206710 call 7ff715209eb0 call 7ff715213cc0 call 7ff715214930 call 7ff715201ae0 132 7ff71520278c-7ff71520279b call 7ff715202ca0 116->132 133 7ff71520289a 116->133 132->133 138 7ff7152027a1-7ff7152027b4 call 7ff715202b70 132->138 135 7ff71520289f-7ff7152028bf call 7ff715209e80 133->135 138->133 142 7ff7152027ba-7ff7152027cd call 7ff715202c20 138->142 142->133 145 7ff7152027d3-7ff7152027fa call 7ff715205aa0 142->145 148 7ff71520283c-7ff715202864 call 7ff715206040 call 7ff7152019c0 145->148 149 7ff7152027fc-7ff71520280b call 7ff715205aa0 145->149 160 7ff71520294d-7ff71520295e 148->160 161 7ff71520286a-7ff715202880 call 7ff7152019c0 148->161 149->148 155 7ff71520280d-7ff715202813 149->155 156 7ff715202815-7ff71520281d 155->156 157 7ff71520281f-7ff715202839 call 7ff715213ae8 call 7ff715206040 155->157 156->157 157->148 163 7ff715202973-7ff71520298b call 7ff715206d00 160->163 164 7ff715202960-7ff71520296a call 7ff715202480 160->164 173 7ff715202882-7ff715202895 call 7ff715201c40 161->173 174 7ff7152028c0-7ff7152028c3 161->174 178 7ff71520299e-7ff7152029a5 SetDllDirectoryW 163->178 179 7ff71520298d-7ff715202999 call 7ff715201c40 163->179 176 7ff71520296c 164->176 177 7ff7152029ab-7ff7152029b8 call 7ff715204f70 164->177 173->133 174->160 175 7ff7152028c9-7ff7152028e0 call 7ff715202db0 174->175 189 7ff7152028e2-7ff7152028e5 175->189 190 7ff7152028e7-7ff715202913 call 7ff7152062b0 175->190 176->163 187 7ff715202a06-7ff715202a0b call 7ff715204ef0 177->187 188 7ff7152029ba-7ff7152029ca call 7ff715204c10 177->188 178->177 179->133 196 7ff715202a10-7ff715202a13 187->196 188->187 202 7ff7152029cc-7ff7152029db call 7ff715204760 188->202 193 7ff715202922-7ff715202938 call 7ff715201c40 189->193 203 7ff715202915-7ff71520291d call 7ff71520e138 190->203 204 7ff71520293d-7ff71520294b 190->204 193->133 200 7ff715202ac6-7ff715202ad5 call 7ff715202310 196->200 201 7ff715202a19-7ff715202a26 196->201 200->133 218 7ff715202adb-7ff715202b12 call 7ff715205fd0 call 7ff715205aa0 call 7ff715204500 200->218 205 7ff715202a30-7ff715202a3a 201->205 216 7ff7152029dd-7ff7152029e9 call 7ff7152046f0 202->216 217 7ff7152029fc-7ff715202a01 call 7ff7152049c0 202->217 203->193 204->164 209 7ff715202a43-7ff715202a45 205->209 210 7ff715202a3c-7ff715202a41 205->210 214 7ff715202a91-7ff715202ac1 call 7ff715202470 call 7ff7152022b0 call 7ff715202460 call 7ff7152049c0 call 7ff715204ef0 209->214 215 7ff715202a47-7ff715202a6a call 7ff715201b20 209->215 210->205 210->209 214->135 215->133 228 7ff715202a70-7ff715202a7b 215->228 216->217 229 7ff7152029eb-7ff7152029fa call 7ff715204dc0 216->229 217->187 218->133 241 7ff715202b18-7ff715202b4d call 7ff715202470 call 7ff715206080 call 7ff7152049c0 call 7ff715204ef0 218->241 233 7ff715202a80-7ff715202a8f 228->233 229->196 233->214 233->233 254 7ff715202b4f-7ff715202b52 call 7ff715205d40 241->254 255 7ff715202b57-7ff715202b61 call 7ff715201aa0 241->255 254->255 255->135
    APIs
      • Part of subcall function 00007FF715202CA0: GetModuleFileNameW.KERNEL32(?,00007FF715202799,?,?,?,?,?,?), ref: 00007FF715202CD1
    • SetDllDirectoryW.KERNEL32 ref: 00007FF7152029A5
      • Part of subcall function 00007FF715205AA0: GetEnvironmentVariableW.KERNEL32(00007FF7152027E7,?,?,?,?,?,?), ref: 00007FF715205ADA
      • Part of subcall function 00007FF715205AA0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF715205AF7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
    • API String ID: 2344891160-3602715111
    • Opcode ID: 437be6d0b46d60767c3808ad64dd4452352ae2485947e3d029eda56fbacb3c9c
    • Instruction ID: 17ad17f5cfb77efde7a8765b7f65714710b3b95252e044be4062e06a60a04f4b
    • Opcode Fuzzy Hash: 437be6d0b46d60767c3808ad64dd4452352ae2485947e3d029eda56fbacb3c9c
    • Instruction Fuzzy Hash: E0C175A7A1AD8241EA2CBB21DC502FDA351BF55FA4FC44032EA4D476B6DF2CE50D8760
    Function 00007FF71521DED0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    • FreeLibrary.KERNEL32(?,00000000,?,00007FF71521E26E,?,?,-00000018,00007FF71521A2D2,?,?,?,00007FF71521A1CA,?,?,?,00007FF715214E92), ref: 00007FF71521E04F
    • GetProcAddress.KERNEL32(?,00000000,?,00007FF71521E26E,?,?,-00000018,00007FF71521A2D2,?,?,?,00007FF71521A1CA,?,?,?,00007FF715214E92), ref: 00007FF71521E05B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: AddressFreeLibraryProc
    • String ID: api-ms-$ext-ms-
    • API String ID: 3013587201-537541572
    • Opcode ID: 9ff0b00ddf2d53719ca0ae7b4d7c1f3d3dc542aa51b61fb483f5c334d992089f
    • Instruction ID: 52af08bba8365f9cf0d61534086d7b945353e4ab3d440aaaf9c260dd6cd2703b
    • Opcode Fuzzy Hash: 9ff0b00ddf2d53719ca0ae7b4d7c1f3d3dc542aa51b61fb483f5c334d992089f
    • Instruction Fuzzy Hash: 2041E5A3B19E4285FA19BB269C446A6A391BF44FF0F844135DD0D87764EF3CE14D8320
    Function 00007FF71521C51C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 398 7ff71521c51c-7ff71521c541 399 7ff71521c547-7ff71521c54a 398->399 400 7ff71521c819 398->400 402 7ff71521c54c-7ff71521c57e call 7ff715219d90 399->402 403 7ff71521c583-7ff71521c5ae 399->403 401 7ff71521c81b-7ff71521c82b 400->401 402->401 404 7ff71521c5b9-7ff71521c5bf 403->404 405 7ff71521c5b0-7ff71521c5b7 403->405 407 7ff71521c5cf-7ff71521c5e8 call 7ff7152226c0 404->407 408 7ff71521c5c1-7ff71521c5ca call 7ff71521b8b8 404->408 405->402 405->404 413 7ff71521c5ee-7ff71521c5f7 407->413 414 7ff71521c705-7ff71521c70e 407->414 408->407 413->414 417 7ff71521c5fd-7ff71521c601 413->417 415 7ff71521c710-7ff71521c715 414->415 416 7ff71521c761-7ff71521c786 WriteFile 414->416 420 7ff71521c717-7ff71521c71a 415->420 421 7ff71521c74d-7ff71521c75a call 7ff71521bfcc 415->421 418 7ff71521c788-7ff71521c78e GetLastError 416->418 419 7ff71521c791 416->419 422 7ff71521c603-7ff71521c60f call 7ff7152131e0 417->422 423 7ff71521c616-7ff71521c621 417->423 418->419 424 7ff71521c794 419->424 425 7ff71521c739-7ff71521c74b call 7ff71521c1ec 420->425 426 7ff71521c71c-7ff71521c71f 420->426 438 7ff71521c75f 421->438 422->423 429 7ff71521c632-7ff71521c647 GetConsoleMode 423->429 430 7ff71521c623-7ff71521c62c 423->430 433 7ff71521c799 424->433 439 7ff71521c6ee-7ff71521c6f5 425->439 434 7ff71521c7a9-7ff71521c7b3 426->434 435 7ff71521c725-7ff71521c737 call 7ff71521c0d0 426->435 431 7ff71521c6fa-7ff71521c6fe 429->431 432 7ff71521c64d-7ff71521c650 429->432 430->414 430->429 431->414 440 7ff71521c6d7-7ff71521c6e9 call 7ff71521bb40 432->440 441 7ff71521c656-7ff71521c65d 432->441 442 7ff71521c79e-7ff71521c7a2 433->442 443 7ff71521c812-7ff71521c817 434->443 444 7ff71521c7b5-7ff71521c7ba 434->444 435->439 438->439 439->433 440->439 441->442 448 7ff71521c663-7ff71521c671 441->448 442->434 443->401 449 7ff71521c7e8-7ff71521c7f2 444->449 450 7ff71521c7bc-7ff71521c7bf 444->450 448->424 454 7ff71521c677 448->454 452 7ff71521c7fa-7ff71521c809 449->452 453 7ff71521c7f4-7ff71521c7f8 449->453 455 7ff71521c7d8-7ff71521c7e3 call 7ff7152159d4 450->455 456 7ff71521c7c1-7ff71521c7d0 450->456 452->443 453->400 453->452 457 7ff71521c67a-7ff71521c691 call 7ff71522278c 454->457 455->449 456->455 462 7ff71521c6c9-7ff71521c6d2 GetLastError 457->462 463 7ff71521c693-7ff71521c69d 457->463 462->424 464 7ff71521c6ba-7ff71521c6c1 463->464 465 7ff71521c69f-7ff71521c6b1 call 7ff71522278c 463->465 464->424 467 7ff71521c6c7 464->467 465->462 469 7ff71521c6b3-7ff71521c6b8 465->469 467->457 469->464
    APIs
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF71521C4BC), ref: 00007FF71521C63F
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF71521C4BC), ref: 00007FF71521C6C9
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode
    • String ID:
    • API String ID: 953036326-0
    • Opcode ID: b8782002306de0398a634dae520aeb9f99aa45353b65106ac1a4176d4e67bd1c
    • Instruction ID: 98339d95bb340f39b16c7df0ceba81f2921181d25d0d9068c26f5a75b014e8a9
    • Opcode Fuzzy Hash: b8782002306de0398a634dae520aeb9f99aa45353b65106ac1a4176d4e67bd1c
    • Instruction Fuzzy Hash: 4C91E6F7E18E5285E758AB65DCC02BEA7A0BB44FA8F805135DD0E636A4CF78D049C720
    Function 00007FF715209FEC Relevance: 6.1, APIs: 4, Instructions: 102COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
    • String ID:
    • API String ID: 1321466686-0
    • Opcode ID: 75ced3f1347e96692db72aa4457157b955664eb10c7598344c9f390de26af036
    • Instruction ID: 8f912c7e4b5c07801454422da5b21b24265128af11a434c3206c80744223e80a
    • Opcode Fuzzy Hash: 75ced3f1347e96692db72aa4457157b955664eb10c7598344c9f390de26af036
    • Instruction Fuzzy Hash: 05315BA3E0AD4642EA1CBB209C913BAD391AF41FA4FC44135E90D076F3DFADA40D8321
    Function 00007FF71521893C Relevance: 4.5, APIs: 3, Instructions: 14COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 72c40e9bc9da88f563b1ddfc7c3b652d8fa207243ca7bed097afc0063ca2036c
    • Instruction ID: 013611d01cafb1a034bff0b35ac5b1f8069dbbf694fee578e7a6136ef821db00
    • Opcode Fuzzy Hash: 72c40e9bc9da88f563b1ddfc7c3b652d8fa207243ca7bed097afc0063ca2036c
    • Instruction Fuzzy Hash: 89D09E9AB18E0642EA1C3B715CD517AA3516F88F61FC01938C94B067B3DFFDA84D8662
    Function 00007FF71520E228 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 538 7ff71520e228-7ff71520e24d 539 7ff71520e269 538->539 540 7ff71520e24f-7ff71520e252 538->540 542 7ff71520e26b-7ff71520e27f 539->542 540->539 541 7ff71520e254-7ff71520e257 540->541 543 7ff71520e259-7ff71520e25e call 7ff715215a18 541->543 544 7ff71520e280-7ff71520e28b 541->544 556 7ff71520e264 call 7ff715219e60 543->556 546 7ff71520e29b-7ff71520e29f 544->546 547 7ff71520e28d-7ff71520e299 544->547 548 7ff71520e2a1-7ff71520e2ab call 7ff71520b5d0 546->548 549 7ff71520e2b3-7ff71520e2b6 546->549 547->546 551 7ff71520e2c6-7ff71520e2ce 547->551 548->549 549->543 553 7ff71520e2b8-7ff71520e2c4 549->553 554 7ff71520e2d0-7ff71520e2d3 551->554 555 7ff71520e2d5 551->555 553->543 553->551 558 7ff71520e2da-7ff71520e2f9 554->558 555->558 556->539 560 7ff71520e43f-7ff71520e442 558->560 561 7ff71520e2ff-7ff71520e30c 558->561 560->542 562 7ff71520e30e-7ff71520e315 561->562 563 7ff71520e384-7ff71520e389 561->563 562->563 564 7ff71520e317 562->564 565 7ff71520e38b-7ff71520e397 563->565 566 7ff71520e3f6-7ff71520e3f9 call 7ff71521b438 563->566 568 7ff71520e46a-7ff71520e46f 564->568 569 7ff71520e31d-7ff71520e327 564->569 570 7ff71520e399-7ff71520e3a0 565->570 571 7ff71520e3a3-7ff71520e3a9 565->571 573 7ff71520e3fe-7ff71520e401 566->573 572 7ff71520e476-7ff71520e481 568->572 574 7ff71520e447-7ff71520e44b 569->574 575 7ff71520e32d-7ff71520e333 569->575 570->571 571->574 576 7ff71520e3af-7ff71520e3cc call 7ff715219244 call 7ff71521afec 571->576 572->542 573->572 578 7ff71520e403-7ff71520e406 573->578 581 7ff71520e45a-7ff71520e465 call 7ff715215a18 574->581 582 7ff71520e44d-7ff71520e455 call 7ff71520b5d0 574->582 579 7ff71520e36b-7ff71520e37f 575->579 580 7ff71520e335-7ff71520e338 575->580 597 7ff71520e3d1-7ff71520e3d3 576->597 578->574 586 7ff71520e408-7ff71520e41f 578->586 587 7ff71520e426-7ff71520e431 579->587 588 7ff71520e33a-7ff71520e340 580->588 589 7ff71520e356-7ff71520e361 call 7ff715215a18 call 7ff715219e60 580->589 581->556 582->581 586->587 587->561 595 7ff71520e437 587->595 590 7ff71520e34c-7ff71520e351 call 7ff71520b5d0 588->590 591 7ff71520e342-7ff71520e34a call 7ff71520ac20 588->591 604 7ff71520e366 589->604 590->589 591->604 595->560 601 7ff71520e3d9 597->601 602 7ff71520e471 597->602 601->568 605 7ff71520e3df-7ff71520e3f4 601->605 602->572 604->579 605->587
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: e44e10923db74b5893bbab202256f5abcd689c30b6215d53ffe62d7ddd08f1bb
    • Instruction ID: 1292a6f7eaf78367438134027f7b68d157a6923f9ecc2995e1b1f3be0e869768
    • Opcode Fuzzy Hash: e44e10923db74b5893bbab202256f5abcd689c30b6215d53ffe62d7ddd08f1bb
    • Instruction Fuzzy Hash: 0551B9A3B0AA424AF66CAE259D0067AA791BF40F74F844331DD6C177E5CF3CD4898721
    Function 00007FF71521BFCC Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 606 7ff71521bfcc-7ff71521c032 call 7ff715209eb0 609 7ff71521c034 606->609 610 7ff71521c0a3-7ff71521c0cd call 7ff715209e80 606->610 611 7ff71521c039-7ff71521c03c 609->611 613 7ff71521c03e-7ff71521c045 611->613 614 7ff71521c062-7ff71521c087 WriteFile 611->614 616 7ff71521c047-7ff71521c04d 613->616 617 7ff71521c050-7ff71521c060 613->617 618 7ff71521c089-7ff71521c092 614->618 619 7ff71521c09b-7ff71521c0a1 GetLastError 614->619 616->617 617->611 617->614 618->610 620 7ff71521c094-7ff71521c097 618->620 619->610 620->609 621 7ff71521c099 620->621 621->610
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: 60ba3ea1cee370b47c9822f89494a1430f5e21301793be04a4380ac70a028981
    • Instruction ID: d798e439926f77d52a867f294a36509dfaa4eea8b34517c4239eaf4440c2a11a
    • Opcode Fuzzy Hash: 60ba3ea1cee370b47c9822f89494a1430f5e21301793be04a4380ac70a028981
    • Instruction Fuzzy Hash: 7831D9B7619E818AD714AF25EC8029AB760FB58F90F844032DB4D53724DF7CD55ACB10
    Function 00007FF71521B9B0 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: 254452b7706e12ab99815ecd481b2d36dcc5792f580765e970da78b2d1b252ed
    • Instruction ID: 9f45cbba0dcd59d962016d62ba5896a98e2d4ad90cfc72a77c8fa5254bf56c3c
    • Opcode Fuzzy Hash: 254452b7706e12ab99815ecd481b2d36dcc5792f580765e970da78b2d1b252ed
    • Instruction Fuzzy Hash: 53316F63A18F4681DB68AB159D8017AA660FB45FB0BA4133ADB6E077F0CF38E495D350
    Function 00007FF71521B6CC Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF71521B66C,?,?,?,?,?,?,?,00007FF71521B7C1), ref: 00007FF71521B718
    • GetLastError.KERNEL32(?,?,?,?,?,00007FF71521B66C,?,?,?,?,?,?,?,00007FF71521B7C1), ref: 00007FF71521B722
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: 3fcae65897e6c61f04e557ea26a8e218cd8f9f9714c9d8c87c697d929e26921c
    • Instruction ID: e333b961e20d9ad46db41ef38f753e2ddf8d84539600fde0d0e9afff1c9dc7c2
    • Opcode Fuzzy Hash: 3fcae65897e6c61f04e557ea26a8e218cd8f9f9714c9d8c87c697d929e26921c
    • Instruction Fuzzy Hash: EB11C4A7718E8181DA14AB25AC8416AA361EB45FF4F944332EE7D0B7F9CF7CD0598740
    Function 00007FF71521A0D8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • CloseHandle.KERNELBASE(?,?,?,00007FF715219F55,?,?,00000000,00007FF71521A00A), ref: 00007FF71521A146
    • GetLastError.KERNEL32(?,?,?,00007FF715219F55,?,?,00000000,00007FF71521A00A), ref: 00007FF71521A150
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: CloseErrorHandleLast
    • String ID:
    • API String ID: 918212764-0
    • Opcode ID: 72524f83cc78990394c5b66e1865510d1fac97e41dc314b45af11a8cb4b07a54
    • Instruction ID: b73ee849dacae41f24a56941ffeb77744a5eda1a08ffe71ebaf34ef5403ee70d
    • Opcode Fuzzy Hash: 72524f83cc78990394c5b66e1865510d1fac97e41dc314b45af11a8cb4b07a54
    • Instruction Fuzzy Hash: 8C2192A2B08E8241EE6877619DC137E92C15F44FB0FD44235D96E4B7E1CFACE48D8250
    Function 00007FF71521B438 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: d62942da97de37a2860dd6d0e1f9e630cfdeedc3425349316c2570dffc25b01a
    • Instruction ID: b52bde095a54679be9f5578a4dd5087e1f29bada654ae5e3ae02be741613f136
    • Opcode Fuzzy Hash: d62942da97de37a2860dd6d0e1f9e630cfdeedc3425349316c2570dffc25b01a
    • Instruction Fuzzy Hash: 0D41A473A18A0593EA38EB19EDC027AB7B0EB55F60F940131D68A477B1CF2DE5068760
    Function 00007FF7152062B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _fread_nolock
    • String ID:
    • API String ID: 840049012-0
    • Opcode ID: cb22e2439c165d9821cd33dcd0ae704be25b1c4f8b238088efad9984f8d70623
    • Instruction ID: 97ce5c0d761990b7cf3e87c5b9e7985b62906d48c8a892dfb538df451d7c71ec
    • Opcode Fuzzy Hash: cb22e2439c165d9821cd33dcd0ae704be25b1c4f8b238088efad9984f8d70623
    • Instruction Fuzzy Hash: C6218162B09A9245FA1CAB125D043BAE695BB45FE4FD85430EE0D07B96CF3CF0498320
    Function 00007FF71521AED0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: a12535e4dc74fb1052bc3e5f393ecddc21ee65f167b380334bfc50af62763cea
    • Instruction ID: 07ae6d1c9f0333e5fef24e55adcd25756fa0c98e2c0ab6f95407d06a21f87dc1
    • Opcode Fuzzy Hash: a12535e4dc74fb1052bc3e5f393ecddc21ee65f167b380334bfc50af62763cea
    • Instruction Fuzzy Hash: 2F3194E3A18A0645E6197B558CC137EAA90AB80F71FD50135EA1D073F2CFBCA4498771
    Function 00007FF71521886D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: daca8cff460457d6512fb6da0464d50e1cc43b67e9e7d2a5494a2fa5ad7a7b29
    • Instruction ID: d42839ed6c6bb04e3afa48f98287a1eb515fa0294cd7f0948d96586b6ecefda6
    • Opcode Fuzzy Hash: daca8cff460457d6512fb6da0464d50e1cc43b67e9e7d2a5494a2fa5ad7a7b29
    • Instruction Fuzzy Hash: A0218373E04B0589EB19AFA4CCC42ED73A0EB44B28F944635D65D07AE5DFB8D849C790
    Function 00007FF715214EE8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
    • Instruction ID: 6e439b2a22d294cbf0af23708629e033b7b8f70156fb84486997e188a9f1eab2
    • Opcode Fuzzy Hash: e90f8ce5764a470f7ee9635705d620940d88810dc673939d3ef575fbcdedae18
    • Instruction Fuzzy Hash: FE1196A3A1CA4241EA68BF519C8067FE2A0BF85FA0FC84431EB4C576A6CF7DD40447A4
    Function 00007FF71522530C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 6c3d8333815b8a39be3028d6c802438f47f4a5808d3411c6d7eaaeee1b4a38a8
    • Instruction ID: c3ad88aedda405f8671689d7e2c2363d1f191c810625d429636e85ba8b8c89b3
    • Opcode Fuzzy Hash: 6c3d8333815b8a39be3028d6c802438f47f4a5808d3411c6d7eaaeee1b4a38a8
    • Instruction Fuzzy Hash: 06210A73718E4147D728AF24E880379B6A0EB84F74F949234D65E4B6E5DF7CD4048B00
    Function 00007FF71520E4A8 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 29025e4fbd0061adb57e08459e0c1774dda2bf5131305b82728034827c82207c
    • Instruction ID: a6b65c4c5e72501e72b56753e35c37ed8766da204c2fcc9f227250c246bb929f
    • Opcode Fuzzy Hash: 29025e4fbd0061adb57e08459e0c1774dda2bf5131305b82728034827c82207c
    • Instruction Fuzzy Hash: 0001E1A2A09F4141EA08AB529D0106AEA91AF85FF0F884A31EE5C13BE6DF3CE4458310

    Non-executed Functions

    Function 00007FF715202EF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
    Download Yara Rule
    APIs
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715202F06
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715202F45
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715202F6A
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715202F8F
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715202FB7
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715202FDF
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715203007
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF71520302F
    • GetProcAddress.KERNEL32(?,?,00000000,00007FF7152022BE,?,?,?,?), ref: 00007FF715203057
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
    • API String ID: 190572456-3109299426
    • Opcode ID: 9c2bbc218991423718b6960939b18873de7b1caac2114aaca40452c8a50254ff
    • Instruction ID: 3a0537ae9c0217a2a64eaf92eedf289f35cd7c7089d8171059dc4dd5dba2c2cb
    • Opcode Fuzzy Hash: 9c2bbc218991423718b6960939b18873de7b1caac2114aaca40452c8a50254ff
    • Instruction Fuzzy Hash: CE4263EBA0EF0791EA5DEB05EC54274A3A1AF19FA0BD45135D80E06674EFACB54C9320
    Function 00007FF715222DDC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: 88546c3e9777260c07589008071f33eafcbe12cf6fb5ac57dc0ccaafb8243f92
    • Instruction ID: b7dd40539843c307bf175e72c53598ce2b70ba0e6753283c06c375b1a09f4292
    • Opcode Fuzzy Hash: 88546c3e9777260c07589008071f33eafcbe12cf6fb5ac57dc0ccaafb8243f92
    • Instruction Fuzzy Hash: B9B249B7E186828BE7289F24DC407FDB7A1FB64B54F805135DA0957AA4DF38E508CB50
    Function 00007FF7152065C0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(WideCharToMultiByte,00007FF715201CD4,?,?,00000000,00007FF715206853), ref: 00007FF7152065E7
    • FormatMessageW.KERNEL32 ref: 00007FF715206616
    • WideCharToMultiByte.KERNEL32 ref: 00007FF71520666C
      • Part of subcall function 00007FF715201CA0: GetLastError.KERNEL32(?,?,00000000,00007FF715206853,?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF715201CC7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorLast$ByteCharFormatMessageMultiWide
    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
    • API String ID: 2383786077-2573406579
    • Opcode ID: 1b8d59cd5b5bf335459b2e3d94409fe6cc25077a4b6f638e6fa76439b37b363e
    • Instruction ID: 73cc2de7d110c7692119c89eba2a847f759defa22296defeb77adc63edf221c2
    • Opcode Fuzzy Hash: 1b8d59cd5b5bf335459b2e3d94409fe6cc25077a4b6f638e6fa76439b37b363e
    • Instruction Fuzzy Hash: BA216DB3A0DE4291E628AB55EC50366A3A5FF88BA4FD40135E54D936B4EF3CE50DC720
    Function 00007FF715205890 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
    Download Yara Rule
    APIs
    • GetTempPathW.KERNEL32(?,00000000,?,00007FF71520585D), ref: 00007FF71520592A
    • GetCurrentProcessId.KERNEL32(?,00007FF71520585D), ref: 00007FF715205930
      • Part of subcall function 00007FF715205AA0: GetEnvironmentVariableW.KERNEL32(00007FF7152027E7,?,?,?,?,?,?), ref: 00007FF715205ADA
      • Part of subcall function 00007FF715205AA0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF715205AF7
      • Part of subcall function 00007FF7152161A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7152161C1
    • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7152059E1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
    • API String ID: 1556224225-1116378104
    • Opcode ID: ed69d033866e9cd31fee1e2177c8787c46bf75be1e4d62d76d1c8fa4a080ed4b
    • Instruction ID: 7fdfeb121619e32defddd71225bf480e81e955b2ca59f2be01a17900adb8b955
    • Opcode Fuzzy Hash: ed69d033866e9cd31fee1e2177c8787c46bf75be1e4d62d76d1c8fa4a080ed4b
    • Instruction Fuzzy Hash: FA514F93B0AE5250FE5CB6229D952BAD2915F49FE0FD40031EC0E47BB6DF2CE5098720
    Function 00007FF715207B48 Relevance: 12.0, Strings: 9, Instructions: 730COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
    • API String ID: 0-2665694366
    • Opcode ID: 66a29c6a9c930a8d813cc0886cc88004687682dd640166dffdb68fb0cc9f406e
    • Instruction ID: ab0b30d8851af4f7c8b8462cc487044fe2fb870da9e805008057b7cd0b4eb6d2
    • Opcode Fuzzy Hash: 66a29c6a9c930a8d813cc0886cc88004687682dd640166dffdb68fb0cc9f406e
    • Instruction Fuzzy Hash: FE5228B3A19AAA47D798AF14D888A7E77ADFB84710F454139D689837D0DF3CD848CB10
    Function 00007FF71520A79C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: 54619639c4e19b591525bcec07e2514be4908dfaa4c6e05eec1230d45fa8032c
    • Instruction ID: c610c1076afa31cbbe9d955dbe50b8c637f83628d8c11c7bad37a9ff6621777d
    • Opcode Fuzzy Hash: 54619639c4e19b591525bcec07e2514be4908dfaa4c6e05eec1230d45fa8032c
    • Instruction Fuzzy Hash: 7D316FB7609E8186EB649F61E8403EDB361FB44B64F84443ADA4D47AA4EFBCC54CC720
    Function 00007FF7152249D8 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
    Download Yara Rule
    APIs
    • _get_daylight.LIBCMT ref: 00007FF715224A1D
      • Part of subcall function 00007FF715224378: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71522438C
      • Part of subcall function 00007FF715219EC8: HeapFree.KERNEL32(?,?,?,00007FF715221DDA,?,?,?,00007FF715221E17,?,?,00000000,00007FF7152222E8,?,?,00000000,00007FF71522221B), ref: 00007FF715219EDE
      • Part of subcall function 00007FF715219EC8: GetLastError.KERNEL32(?,?,?,00007FF715221DDA,?,?,?,00007FF715221E17,?,?,00000000,00007FF7152222E8,?,?,00000000,00007FF71522221B), ref: 00007FF715219EE8
      • Part of subcall function 00007FF715219E80: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF715219E5E,?,?,?,?,?,00007FF715211476), ref: 00007FF715219E89
      • Part of subcall function 00007FF715219E80: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF715219E5E,?,?,?,?,?,00007FF715211476), ref: 00007FF715219EAE
    • _get_daylight.LIBCMT ref: 00007FF715224A0C
      • Part of subcall function 00007FF7152243D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7152243EC
    • _get_daylight.LIBCMT ref: 00007FF715224C82
    • _get_daylight.LIBCMT ref: 00007FF715224C93
    • _get_daylight.LIBCMT ref: 00007FF715224CA4
    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF715224EE4), ref: 00007FF715224CCB
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
    • String ID:
    • API String ID: 4070488512-0
    • Opcode ID: 05719709eeb8bce8f1e8c0b75a80b94850ea42a6417b7f374a0be3bd65579af4
    • Instruction ID: bcdb2af8976f873a12613df306d1bbcc80dd449041e24e878930536e6f2b5e91
    • Opcode Fuzzy Hash: 05719709eeb8bce8f1e8c0b75a80b94850ea42a6417b7f374a0be3bd65579af4
    • Instruction Fuzzy Hash: 91D1B4BBE08A4246E728FF25DC501B9A6A1FF44FA4FC44136DA0D476A5DF3CE44987A0
    Function 00007FF715219B90 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 301eb69301f3734f54b04e04011c3038f0fd6acd3c64170b9e7f47c13de2a280
    • Instruction ID: c7620c229b87fd41ff2ed46167834de6166ab54b64f9ebf711a091fd7f74ef4c
    • Opcode Fuzzy Hash: 301eb69301f3734f54b04e04011c3038f0fd6acd3c64170b9e7f47c13de2a280
    • Instruction Fuzzy Hash: 3C314D77618F8185DB64DB25EC402AEB3A4FB88B64F904136EA9D43BA4DF7CC149CB10
    Function 00007FF715220974 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: FileFindFirst_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2227656907-0
    • Opcode ID: f5c4de298b3eb13d643d0c7cc3d76b332490ae3ea56438630f49c8633663cf3c
    • Instruction ID: 7eb3ff221b7a48042766badd0410e91e73995392d4ce358eaf549bd1ab15a510
    • Opcode Fuzzy Hash: f5c4de298b3eb13d643d0c7cc3d76b332490ae3ea56438630f49c8633663cf3c
    • Instruction Fuzzy Hash: CCB1C9ABB19E9641EA69AB21DD001B9E392EB44FF4FC44132DA4D47AA5DF3CE449C310
    Function 00007FF715222950 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-3916222277
    • Opcode ID: dbe32003fc979fca20096e7f857c02f8f250bdb8c637356438d5f2f7703990db
    • Instruction ID: 1c988a0606279d71055c31bb10b17d674947b366c83ef5579a04a580fd9c808c
    • Opcode Fuzzy Hash: dbe32003fc979fca20096e7f857c02f8f250bdb8c637356438d5f2f7703990db
    • Instruction Fuzzy Hash: 2AC117B7B18A8687D728DF15E444AAAF791F784B94F848134DB4E43B54DB3DE809CB10
    Function 00007FF715224C54 Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
    Download Yara Rule
    APIs
    • _get_daylight.LIBCMT ref: 00007FF715224C82
      • Part of subcall function 00007FF7152243D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7152243EC
    • _get_daylight.LIBCMT ref: 00007FF715224C93
      • Part of subcall function 00007FF715224378: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71522438C
    • _get_daylight.LIBCMT ref: 00007FF715224CA4
      • Part of subcall function 00007FF7152243A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7152243BC
      • Part of subcall function 00007FF715219EC8: HeapFree.KERNEL32(?,?,?,00007FF715221DDA,?,?,?,00007FF715221E17,?,?,00000000,00007FF7152222E8,?,?,00000000,00007FF71522221B), ref: 00007FF715219EDE
      • Part of subcall function 00007FF715219EC8: GetLastError.KERNEL32(?,?,?,00007FF715221DDA,?,?,?,00007FF715221E17,?,?,00000000,00007FF7152222E8,?,?,00000000,00007FF71522221B), ref: 00007FF715219EE8
    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF715224EE4), ref: 00007FF715224CCB
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
    • String ID:
    • API String ID: 3458911817-0
    • Opcode ID: 28dd224734edfb14863a4a314489bc730e29ffcc86fa699e779e74096d9017b9
    • Instruction ID: ce65e1879ec2a9cfd6603fa731f53da1aa39d53a430384d0d43838121bf719f8
    • Opcode Fuzzy Hash: 28dd224734edfb14863a4a314489bc730e29ffcc86fa699e779e74096d9017b9
    • Instruction Fuzzy Hash: 635167B7A08A4246E718FF25DC815A9A760FF48F64FC44135EA4D436B5DF7CE4488760
    Function 00007FF715207314 Relevance: 5.4, Strings: 4, Instructions: 399COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: $header crc mismatch$unknown compression method$unknown header flags set
    • API String ID: 0-4074041902
    • Opcode ID: cfc0f713a2359d4960dfa851b33a48a66bf808d315256c79df550c7d5088afa5
    • Instruction ID: d020836a31eadb5197c8238492c8e46aaac7a072076eb79baffc6c1e151b6999
    • Opcode Fuzzy Hash: cfc0f713a2359d4960dfa851b33a48a66bf808d315256c79df550c7d5088afa5
    • Instruction Fuzzy Hash: 68F1C9B3619BC547E7A9AF08C888A3ABBA9FF44B54F494538DA4D073A1DB3CD448C750
    Function 00007FF7152098F0 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
    • API String ID: 0-3255898291
    • Opcode ID: 76358157b968d48b0cdac3bdd6641d9e39c39ac49580ea4f5e9837c3b2f208a1
    • Instruction ID: 735c3e127e8d11b040e825513303a7ab3f79ac372b9fe82bd53ebc9dafbf7d9d
    • Opcode Fuzzy Hash: 76358157b968d48b0cdac3bdd6641d9e39c39ac49580ea4f5e9837c3b2f208a1
    • Instruction Fuzzy Hash: 8DD154B3B099C18BD71D9B28D850279BBE1E795BA0F448139EA9B437D5CB3CD90AC710
    Function 00007FF71520717D Relevance: 4.0, Strings: 3, Instructions: 219COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: incorrect header check$invalid window size$unknown compression method
    • API String ID: 0-1186847913
    • Opcode ID: dc6f6637eae4ad8260e70fd7a9f65f9afe53dd101c5fca4c778ccf820c9863bf
    • Instruction ID: e0b304d9d438d017179d53d7e404c80927eb1ab562288309908485eece9a3621
    • Opcode Fuzzy Hash: dc6f6637eae4ad8260e70fd7a9f65f9afe53dd101c5fca4c778ccf820c9863bf
    • Instruction Fuzzy Hash: A991F9B3A19A854BE7A8AF14CC48B3B77ADFF40760F554135DA49467A0CB38E948CB10
    Function 00007FF71520783C Relevance: 3.9, Strings: 3, Instructions: 161COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: $ $invalid block type
    • API String ID: 0-2056396358
    • Opcode ID: a9bab42206015fa5475629a96226a8ecf7e95e173ed42da48c8850fe955239d4
    • Instruction ID: 21412e2682c5ef67c3e6dca62430de10dbcfc0252da6ccc927835eab209e00dd
    • Opcode Fuzzy Hash: a9bab42206015fa5475629a96226a8ecf7e95e173ed42da48c8850fe955239d4
    • Instruction Fuzzy Hash: 6D61E9F3D05B9A87E764AF15DC8C63A7AADFB40760F954135C648823A0DF78E549CB10
    Function 00007FF715228718 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 927f2303c65032b379294b09c50f1c16bdf3dde702c5ba013418468f2142f5bc
    • Instruction ID: 193cf016705d1af7d6d6ac8facc19410819ed5e798abcca9a5c32b09c4130583
    • Opcode Fuzzy Hash: 927f2303c65032b379294b09c50f1c16bdf3dde702c5ba013418468f2142f5bc
    • Instruction Fuzzy Hash: E5B16EBBA00B888BEB19CF29C88236877A0F744F58F548921EB5D87BB4CB79D455C711
    Function 00007FF715206920 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Find$CloseFileFirst
    • String ID:
    • API String ID: 2295610775-0
    • Opcode ID: c4226705429021310e2405b2fcfa2fd33e843441c3bca499de0f338ae03d5563
    • Instruction ID: 3494b93b7466389976f29fd2d8bfdccddd745aa5bac98a830f505783ba26a488
    • Opcode Fuzzy Hash: c4226705429021310e2405b2fcfa2fd33e843441c3bca499de0f338ae03d5563
    • Instruction Fuzzy Hash: 66018867A1998181F7A4AB10E8553AAB391FB85B34FC11335D56D46AE4DF7CE40C8B10
    Function 00007FF71521D198 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: e+000$gfff
    • API String ID: 0-3030954782
    • Opcode ID: d265a0edf78bf113034b8edf7e65410607a41c186a8833035051b41bdfa47671
    • Instruction ID: 67a8eed2322d6940cc0cab0faed912766aa632af7c30bfce62107af151385b93
    • Opcode Fuzzy Hash: d265a0edf78bf113034b8edf7e65410607a41c186a8833035051b41bdfa47671
    • Instruction Fuzzy Hash: 875160A3B18AC586E728AE359C4076AF791F744FA4F888231CB684BAD5CF7DD448C710
    Function 00007FF71521F9D8 Relevance: 2.0, APIs: 1, Instructions: 462COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: CurrentFeaturePresentProcessProcessor
    • String ID:
    • API String ID: 1010374628-0
    • Opcode ID: 62391075a08f777cca59d4d240808eb9bd4591fb822f05c971a2e8337e003bc5
    • Instruction ID: d09c8f2e4907b7d75179c0db061e9186296a22f66b26626c53b97f7cbfadf556
    • Opcode Fuzzy Hash: 62391075a08f777cca59d4d240808eb9bd4591fb822f05c971a2e8337e003bc5
    • Instruction Fuzzy Hash: 2902ABA3B09E4640FA6DBB219D9167AA280AF15FB0FD44635DD7D466F2DF3CA4098330
    Function 00007FF7152253D0 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo
    • String ID:
    • API String ID: 474895018-0
    • Opcode ID: 2cdae2c4bae686e0b2ab8e1597d0ef303a8a530a40c1dc1bec2af7fa7c99efef
    • Instruction ID: 89d7c602179f1213e9bd1b78a952ba52183b9455ccadfc9f9d452a82badcbb1b
    • Opcode Fuzzy Hash: 2cdae2c4bae686e0b2ab8e1597d0ef303a8a530a40c1dc1bec2af7fa7c99efef
    • Instruction Fuzzy Hash: BE61E9A7F1895245FB68A9188C40739E591AF40F70FD5C239DA1F8B6F1EF6DE8488720
    Function 00007FF71521CCE8 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: gfffffff
    • API String ID: 0-1523873471
    • Opcode ID: f0babd2a4116c292f609ecd59ca72ddd1d97966ff2f5f7d81977c7f268a0cbd2
    • Instruction ID: dda2a1a962a008a21f20498775ea167a1f6208c19833c7e76905267f9a87bf9c
    • Opcode Fuzzy Hash: f0babd2a4116c292f609ecd59ca72ddd1d97966ff2f5f7d81977c7f268a0cbd2
    • Instruction Fuzzy Hash: 4AA159A3B08BC586EB29DB25DC8076AB791AB50BD4F848132DE4D477A5DB3DE409C311
    Function 00007FF71521705C Relevance: 1.4, Strings: 1, Instructions: 177COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: TMP
    • API String ID: 3215553584-3125297090
    • Opcode ID: 9c7c30ff1bd3034210a31de3d8723e6c27ff280c2fa648633df4a30bb0249d96
    • Instruction ID: 2e26a88aabe866d07b83b92147ff907d16ee25750ba80bbf600dec24733302dc
    • Opcode Fuzzy Hash: 9c7c30ff1bd3034210a31de3d8723e6c27ff280c2fa648633df4a30bb0249d96
    • Instruction Fuzzy Hash: 61519093B08A4641FA6CBA265D8117BD2926F85FA4FDC4535DD0E477B6EF3CE40A8220
    Function 00007FF715222540 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 2a5b2a835b90c1c75182aa9a41e7504d1bbb522c305e3250e911f83f474f91d7
    • Instruction ID: b25b7f0612810f62c3fc1cd713296ce0dc0d279b6e8c27dcd9e74f7249497cff
    • Opcode Fuzzy Hash: 2a5b2a835b90c1c75182aa9a41e7504d1bbb522c305e3250e911f83f474f91d7
    • Instruction Fuzzy Hash: 12B09265F07F46C2EA0C7B55AC8261463A47F4CF20FC80038C00C52730DFAC24A95720
    Function 00007FF7152123F4 Relevance: .3, Instructions: 339COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 79aeb74dcd41203d883abb8f602e37265719b91fdc4bb7065a078c7c0318d7e6
    • Instruction ID: ef961a12bf7805fecf96dbf9b15f0aa61ff8a94a4e66d6008fa6894bf1b09a28
    • Opcode Fuzzy Hash: 79aeb74dcd41203d883abb8f602e37265719b91fdc4bb7065a078c7c0318d7e6
    • Instruction Fuzzy Hash: D2D1B3E3908A4682EB6CAF168CD057BB7A1FB05F64F945135EE4D032E4DF29D85AC360
    Function 00007FF715212028 Relevance: .3, Instructions: 317COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e85b87da5def6e9f4aa1042f1c42724fe328baef1587be38b9c4391f28844ca4
    • Instruction ID: 822ca4c6b699f9724bc492e28e60894285d8801d2c6f6e66b44552ec338b8ea0
    • Opcode Fuzzy Hash: e85b87da5def6e9f4aa1042f1c42724fe328baef1587be38b9c4391f28844ca4
    • Instruction Fuzzy Hash: A5D1DAE3908A4685EB2CEB268C8067FA761EB06F68F940135EE4D176F5DF39D449C360
    Function 00007FF7152110F8 Relevance: .2, Instructions: 244COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a6805a75c0a02df8d9b4224ca4059a18b17722ca7cf91ca6ed0098cc30caf1eb
    • Instruction ID: 6a5e23d2b431ad00beb6d1c42157b0c3c53387d3a98c27dfaffdae3567f436fe
    • Opcode Fuzzy Hash: a6805a75c0a02df8d9b4224ca4059a18b17722ca7cf91ca6ed0098cc30caf1eb
    • Instruction Fuzzy Hash: ECB19FB3A08B9585E76D9F2A8C9013EBBA0E706F68FB40135CA4D477A9CF39D445C724
    Function 00007FF71521D818 Relevance: .2, Instructions: 198COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 757df43eff3413411748c25245d8275d8800926c10e05f909bcc79928a9f3bea
    • Instruction ID: 9e1cde5ad5ac053eb47a429ba1bd0d1a65253631136c16224e3003af564fb8b2
    • Opcode Fuzzy Hash: 757df43eff3413411748c25245d8275d8800926c10e05f909bcc79928a9f3bea
    • Instruction Fuzzy Hash: D681CBB3A0CB8185E778EB159CC037BAA91FB45BA4F944235DA9E47BA5CF3DD4048B10
    Function 00007FF715208FF0 Relevance: .2, Instructions: 197COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 51f9c5395b3148a3a418ac3d9f385a2b2dd1f6988032a93fe45e84df5a34dcd6
    • Instruction ID: 8eecb2a990f46d1e08e4779760954b4381a064ca4eb5f81d366517f6d12372e7
    • Opcode Fuzzy Hash: 51f9c5395b3148a3a418ac3d9f385a2b2dd1f6988032a93fe45e84df5a34dcd6
    • Instruction Fuzzy Hash: 0971ADB37301749BEB688B2E9514AB93390F36A749FC16115EB8547B81CF3EB921CB50
    Function 00007FF71520FDD0 Relevance: .1, Instructions: 138COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 91676e2c6819f2125a1fdcdf1d499c76ba6867f36b41da1b0312bc2d09b032fe
    • Instruction ID: efa780f62b9f0c7ee88958e0263cab00ff2a609dfe6f84ee17691ab76875c09d
    • Opcode Fuzzy Hash: 91676e2c6819f2125a1fdcdf1d499c76ba6867f36b41da1b0312bc2d09b032fe
    • Instruction Fuzzy Hash: EF51B4B3A49A5182E32C9F24C95863CA760EB55F78F941134DF1A177F9CB28EC46C390
    Function 00007FF715214970 Relevance: .1, Instructions: 138COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
    • Instruction ID: 9d0239f4ba41caa8a92c79dce2b0a9d618cff9874a12783f0a5e625a76479c07
    • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
    • Instruction Fuzzy Hash: B941B4D3C09E8A04E95D99180DA07B69680AF12FB8DA952B4CD9D137E2DF0E358EC364
    Function 00007FF7152101A4 Relevance: .1, Instructions: 138COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d35544f0de4291087a22586488ce75b6eb3c39d1b62f2cbc732685b95b505f20
    • Instruction ID: cc926700a2d0a4d1a38608b5c7a4c2886b02c6e00bc09ad53d82271f635539d1
    • Opcode Fuzzy Hash: d35544f0de4291087a22586488ce75b6eb3c39d1b62f2cbc732685b95b505f20
    • Instruction Fuzzy Hash: DA518FB3B08A1183E76CAE248C9423EA7A0EB55F78F540135DA491B7A8CF2DEC45C750
    Function 00007FF71520F9FC Relevance: .1, Instructions: 138COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cd13913463f2a535fc0c8be1876713af60b9a5b5c2f997033bced444a0d0364e
    • Instruction ID: 3bb4db20d3aa9f53aa9ed72e3d875edc62be16b0b71e650ff0afbf187430ec5e
    • Opcode Fuzzy Hash: cd13913463f2a535fc0c8be1876713af60b9a5b5c2f997033bced444a0d0364e
    • Instruction Fuzzy Hash: 2551A1B3A59A6182E72CAE28C854A3CB7A0EB54F78F544135CE5D177E8CF28EC45C790
    Function 00007FF71520FFBC Relevance: .1, Instructions: 137COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fd8ebc248ced660718111c5b2368b9a6156698bebe51c5a3ea58e993a1de5436
    • Instruction ID: 9c14a292b3406c34398664b61acfaef475784d3cfba12ad94b2749dc4b8559b7
    • Opcode Fuzzy Hash: fd8ebc248ced660718111c5b2368b9a6156698bebe51c5a3ea58e993a1de5436
    • Instruction Fuzzy Hash: 0F5190B3B08A5183E72C9E288C9423EA7A0EB55F68F940135CA4D177A8DB3DEC45C790
    Function 00007FF71520F814 Relevance: .1, Instructions: 137COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: eaa0e8279f47b3a442918b0d2efffb71c4d8b95321069e11353736f5b085a131
    • Instruction ID: b13f2138591890db9e0dbffec8d9e362c87222d32d0bba9759404b749f8d512b
    • Opcode Fuzzy Hash: eaa0e8279f47b3a442918b0d2efffb71c4d8b95321069e11353736f5b085a131
    • Instruction Fuzzy Hash: FF51E2B3A49A1182E72CAF29C99477CA7A0EB50F68F550135CF5D173A8DF28EC85C790
    Function 00007FF71520FBE8 Relevance: .1, Instructions: 137COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0d206cf78a1e1fdd7179b185d329a52e3742a16a0b21815c9c7ebae968ae7add
    • Instruction ID: 1bf945dce00eb889ab0dac9841c07f0be46c01e0ec951046910a7efcd646e77e
    • Opcode Fuzzy Hash: 0d206cf78a1e1fdd7179b185d329a52e3742a16a0b21815c9c7ebae968ae7add
    • Instruction Fuzzy Hash: D451D3B3A59A0182E72CAF24C84573CA7A0EB55F78F940135CE1D177A8CB28EC86C790
    Function 00007FF715218C60 Relevance: .1, Instructions: 126COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: e35ea190b458751bdcea846265f53a439cee16ecec82aef6602eccaaa71a0652
    • Instruction ID: 7377baeae78b64abbd6caf175daaf6be375c635b8262768d96239cb22d36de2e
    • Opcode Fuzzy Hash: e35ea190b458751bdcea846265f53a439cee16ecec82aef6602eccaaa71a0652
    • Instruction Fuzzy Hash: B041D663714E5482EF48DF2ADD941A9B391BB48FE4B899136DE4D97B64DF3CD04A8300
    Function 00007FF715216054 Relevance: .1, Instructions: 98COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b2ce6953021ea5498c95affb9162b79822c7e59d3f1215ec751abce20f6463ca
    • Instruction ID: c8c50afac0ca9b344db5a514cbbbc9caaa43f7ad4b0c91cb5b9dcae50307866d
    • Opcode Fuzzy Hash: b2ce6953021ea5498c95affb9162b79822c7e59d3f1215ec751abce20f6463ca
    • Instruction Fuzzy Hash: AF31A373B18F4281EA28AF256C8013FA695AB84FA0F544238EA5D53BE6DF3CE1158714
    Function 00007FF715228560 Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7591aee40615b900559739c7508c649997bd7b38f439b587c3fca6a269e69796
    • Instruction ID: 1214ea47aa142cac3a20e7a9881123ded8447a2240864e1e06597c6bd6783a71
    • Opcode Fuzzy Hash: 7591aee40615b900559739c7508c649997bd7b38f439b587c3fca6a269e69796
    • Instruction Fuzzy Hash: 99F044B36186558ADB9C9F6DF8026297BD0F708790F808039E68983A14D73C90648F14
    Function 00007FF71520A944 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e64e7364472d09bdf8af0a1a870edad0a13a036e59e5f52640ce81408c81c52c
    • Instruction ID: 6fbc5a504eec988fb364da051ce369df738c36bc774abeb7d126d0c31a1e30d4
    • Opcode Fuzzy Hash: e64e7364472d09bdf8af0a1a870edad0a13a036e59e5f52640ce81408c81c52c
    • Instruction Fuzzy Hash: 02A002A7A0EC4AD0EA4CAB05ECD1034A330FF50B30BC18131D00D514B09FFCA458C360
    Function 00007FF7152046F0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: AddressProc$LibraryLoad
    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
    • API String ID: 2238633743-1453502826
    • Opcode ID: 90bcec71e667a96801b07e8c92031bd4810347336fdf9f7575a7f48e75f8c625
    • Instruction ID: 3d4fbcd61e661ecc352bdbdc0b887e2646b4da313b68e7af79c427d5a05fd3a3
    • Opcode Fuzzy Hash: 90bcec71e667a96801b07e8c92031bd4810347336fdf9f7575a7f48e75f8c625
    • Instruction Fuzzy Hash: 28E1A7EBA0AF0390FA5DAB44FC94275A3A5AF08F60FD45035D80E16674EFBCA54C9361
    Function 00007FF715206B40 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
    Download Yara Rule
    APIs
    • MultiByteToWideChar.KERNEL32 ref: 00007FF715206B7C
      • Part of subcall function 00007FF715201CA0: GetLastError.KERNEL32(?,?,00000000,00007FF715206853,?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF715201CC7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ByteCharErrorLastMultiWide
    • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
    • API String ID: 203985260-1562484376
    • Opcode ID: a5ed55af1c6e677fe154f2cf6df17f5e4f0e08ee002acad090a135831242e49e
    • Instruction ID: 8854690029a8f50a5c63490a413b06f4bdb69e74341b2720454adc41ec099a8b
    • Opcode Fuzzy Hash: a5ed55af1c6e677fe154f2cf6df17f5e4f0e08ee002acad090a135831242e49e
    • Instruction Fuzzy Hash: 464174B3A0DE4251E628BB11AC4017AA692FF84FF4FE44535D94D57AB5DF3CE5098320
    Function 00007FF715201440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
    • API String ID: 0-666925554
    • Opcode ID: b4523c211dac84283705a3c98717d9ab97cd2e8500c41bdaaea837af148db2f8
    • Instruction ID: b185ecbd4951b47cd97c410e64f5a74855dca90baabd2ef3df16946c2042565b
    • Opcode Fuzzy Hash: b4523c211dac84283705a3c98717d9ab97cd2e8500c41bdaaea837af148db2f8
    • Instruction Fuzzy Hash: 96517CA3A0AE4241EA18BB11DC406B9A351AF45FF4FD44131DE1D47AB5EFACE54D8320
    Function 00007FF7152069B0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
    • String ID: D:(A;;FA;;;%s)$S-1-3-4
    • API String ID: 4998090-2855260032
    • Opcode ID: bef6b7e1ae39f53b6f69793a258f0788f4ad7388b7c7719ded7cbd05991c14be
    • Instruction ID: 2a90a6f6480a803864a202a59bb60b96bb2efc1683881e2ba36dd78815a86c82
    • Opcode Fuzzy Hash: bef6b7e1ae39f53b6f69793a258f0788f4ad7388b7c7719ded7cbd05991c14be
    • Instruction Fuzzy Hash: DF416473609A4282E764AF11E8407AAB361FB84B74F940231EA5E47AA5DF7CE54CC750
    Function 00007FF71520CADC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 3606184308-393685449
    • Opcode ID: e293e87a919c72b577dbd3c5999e3d98b00d41f3e638475b7b9119a8300110a0
    • Instruction ID: 8710f4cafd1b34243afa54fcc26664775b8d6c5cdca3ff912ba2285c2fde1fe2
    • Opcode Fuzzy Hash: e293e87a919c72b577dbd3c5999e3d98b00d41f3e638475b7b9119a8300110a0
    • Instruction Fuzzy Hash: 3CD1B7F3909B4186EB28AF65D8442ADF7A0FB45BA8F400135DE4D677A9CF38E088C751
    Function 00007FF7152012B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
    • API String ID: 0-3659356012
    • Opcode ID: 95ce5ddeb1016ec66aab2b9a2c26b0d62a05a270a5920c0c331f0d320ca516a8
    • Instruction ID: 5aadd10886a9d39e8b371d4e5eaccbb0f4d580c799838273b129e7c199168527
    • Opcode Fuzzy Hash: 95ce5ddeb1016ec66aab2b9a2c26b0d62a05a270a5920c0c331f0d320ca516a8
    • Instruction Fuzzy Hash: 344162A3A09E4281EA1CEB15AC402AAE3A1EB44FE0FD44431DE4D47A65EF7CE5498310
    Function 00007FF715219324 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0$f$p$p
    • API String ID: 3215553584-1202675169
    • Opcode ID: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
    • Instruction ID: 691189f0d4f8465fe1ed8ebb6644189ce8ecaa74a3dd62274bdfc5927431fb0b
    • Opcode Fuzzy Hash: be5fa115a8b52a4824b37adbae4d10183e050eaabf8b896c07a19f058a599ef8
    • Instruction Fuzzy Hash: 5E12C3A3F0898386FB287A15DCD427BB691EB40F64FC44032D69A476E4DF3DE5488B21
    Function 00007FF715201050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID:
    • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
    • API String ID: 0-1060636955
    • Opcode ID: 5898803286fb91328c27e444052bc4c6bf0b4f2544b3745be21024ddf00b3f18
    • Instruction ID: 81ba6d5c8f1248a4bf8633831c8d0870ff203eb057af17f3445057b1c6568c43
    • Opcode Fuzzy Hash: 5898803286fb91328c27e444052bc4c6bf0b4f2544b3745be21024ddf00b3f18
    • Instruction Fuzzy Hash: 8A51C4A3A0AE8285EA28BB119C403BAE391BB44FA4FD44135DD4D877A5EF7CE549C310
    Function 00007FF715206710 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
    Download Yara Rule
    APIs
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF7152067AF
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF7152067FF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ByteCharMultiWide
    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
    • API String ID: 626452242-27947307
    • Opcode ID: afc2dd2afb64664a3267dcee753a2a3a0610f2f78acc60b511ca11a4e71830e3
    • Instruction ID: 1f62598f57202aae57643a3366c1f0bb8260c9c56911d22c099d6fe0ba28ad0c
    • Opcode Fuzzy Hash: afc2dd2afb64664a3267dcee753a2a3a0610f2f78acc60b511ca11a4e71830e3
    • Instruction Fuzzy Hash: 91417E73A09F8282E624EF55AC4017AF7A5FB84BA0FA44135DA8D47BA4DF3CE459C710
    Function 00007FF715206080 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF715206D00: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF715206D3A
      • Part of subcall function 00007FF715216E58: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF7152192E4), ref: 00007FF715216EC5
      • Part of subcall function 00007FF715216E58: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF7152192E4), ref: 00007FF715216ED8
    • GetStartupInfoW.KERNEL32 ref: 00007FF715206107
      • Part of subcall function 00007FF715219244: _invalid_parameter_noinfo.LIBCMT ref: 00007FF715219258
      • Part of subcall function 00007FF7152169EC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF715216A53
    • GetCommandLineW.KERNEL32 ref: 00007FF71520618F
    • CreateProcessW.KERNEL32 ref: 00007FF7152061D1
    • WaitForSingleObject.KERNEL32 ref: 00007FF7152061E5
    • GetExitCodeProcess.KERNEL32 ref: 00007FF7152061F5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
    • String ID: CreateProcessW$Error creating child process!
    • API String ID: 1742298069-3524285272
    • Opcode ID: 7d0fac17dad77a02351690ddb8e338c742b3cdcb7b369dffca0a917d32ab735f
    • Instruction ID: d3403b3354ef3634c40d24a686c09e4b7ef584d1a00b6da52774e4a2e9d00e45
    • Opcode Fuzzy Hash: 7d0fac17dad77a02351690ddb8e338c742b3cdcb7b369dffca0a917d32ab735f
    • Instruction Fuzzy Hash: 6C414873A08A8186D724EB64EC952AFF360FB95B60F904135D68D07AA5DF7CE15CCB10
    Function 00007FF715206E10 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
    Download Yara Rule
    APIs
    • WideCharToMultiByte.KERNEL32(00000000,00007FF715202D05,?,?,?,?,?,?), ref: 00007FF715206E51
      • Part of subcall function 00007FF715201CA0: GetLastError.KERNEL32(?,?,00000000,00007FF715206853,?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF715201CC7
    • WideCharToMultiByte.KERNEL32(00000000,00007FF715202D05,?,?,?,?,?,?), ref: 00007FF715206EC5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLast
    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
    • API String ID: 1717984340-27947307
    • Opcode ID: 25a2b4d0b75b9139cfa9768a4c0383f4afcc382229157aa7b187247db13e667f
    • Instruction ID: e473cff638580eb94202245dc56d2088ff68772dd3aa7af62af3dcf0f4bffa46
    • Opcode Fuzzy Hash: 25a2b4d0b75b9139cfa9768a4c0383f4afcc382229157aa7b187247db13e667f
    • Instruction Fuzzy Hash: 28218FA6A09F0295EB18EF96EC41169B7A1AB84FE0BE44135DA4D437A5EF3CF509C310
    Function 00007FF71520F0BC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: f$p$p
    • API String ID: 3215553584-1995029353
    • Opcode ID: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
    • Instruction ID: 9e5ae27fea0da95bef51d4cbb8fbd6b36883c8f2b841b00b10cfc1ef876c1305
    • Opcode Fuzzy Hash: 5260fc6e70538eab79462ef4c698ef4c5cb929645a3d65cb86eb2fac62676952
    • Instruction Fuzzy Hash: 9812D6A3E4E94386FB687E14E844A7AF651EB40F74FC44035D6E9466E4DF3CE4488B60
    Function 00007FF715206F00 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ByteCharMultiWide
    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
    • API String ID: 626452242-876015163
    • Opcode ID: eddc79caa78543f1771b3e8c455aa905f049565d913bb1e43e358d4f8aa5132d
    • Instruction ID: 0af5f930f8faaf1d7f3902fbe7368da505cb816bdc4ee01b952695b9c549048f
    • Opcode Fuzzy Hash: eddc79caa78543f1771b3e8c455aa905f049565d913bb1e43e358d4f8aa5132d
    • Instruction Fuzzy Hash: C2419473A09E4282E614EF15AC4017BA6A6FB44FA0FA40135DE8D47BB4DF3CD419C710
    Function 00007FF715205590 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF715206D00: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF715206D3A
    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7152058DF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7152055EF
    Strings
    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF715205603
    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF71520564A
    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7152055C6
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ByteCharEnvironmentExpandMultiStringsWide
    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
    • API String ID: 2001182103-3498232454
    • Opcode ID: de250e4eb811c83aaabcbc9518ee9c2d417fa195ef671e140211cc389dbbb758
    • Instruction ID: 49c52e3bb4005dbfb443465adf44a9177d3254a324b69a213ebd4e20c3022375
    • Opcode Fuzzy Hash: de250e4eb811c83aaabcbc9518ee9c2d417fa195ef671e140211cc389dbbb758
    • Instruction Fuzzy Hash: 27315A97B1AE4241FA6CBB11DD553BAD251AF98FE0FC40431DA4E427A6EF6CE10C8720
    Function 00007FF71520BDA4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF71520C056,?,?,?,00007FF71520BD50,?,?,?,?,00007FF71520B975), ref: 00007FF71520BE29
    • GetLastError.KERNEL32(?,?,?,00007FF71520C056,?,?,?,00007FF71520BD50,?,?,?,?,00007FF71520B975), ref: 00007FF71520BE37
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF71520C056,?,?,?,00007FF71520BD50,?,?,?,?,00007FF71520B975), ref: 00007FF71520BE61
    • FreeLibrary.KERNEL32(?,?,?,00007FF71520C056,?,?,?,00007FF71520BD50,?,?,?,?,00007FF71520B975), ref: 00007FF71520BEA7
    • GetProcAddress.KERNEL32(?,?,?,00007FF71520C056,?,?,?,00007FF71520BD50,?,?,?,?,00007FF71520B975), ref: 00007FF71520BEB3
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: 7b4ce622ac2bf00ccd49ce3f979f48c000ff92067871b628f576bc45d5db7497
    • Instruction ID: ce3197800198c3643bf12acf10135f0cf7e2986becf906c7767dd91d52c1a77f
    • Opcode Fuzzy Hash: 7b4ce622ac2bf00ccd49ce3f979f48c000ff92067871b628f576bc45d5db7497
    • Instruction Fuzzy Hash: CD3185A3A1BE4191EE29AF129C00679A394FF48FB0FD94535DE1D467A0EF7CE4498324
    Function 00007FF715206D00 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
    Download Yara Rule
    APIs
    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF715206D3A
      • Part of subcall function 00007FF715201CA0: GetLastError.KERNEL32(?,?,00000000,00007FF715206853,?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF715201CC7
    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF715206DC0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLast
    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
    • API String ID: 1717984340-876015163
    • Opcode ID: a3c41d32fee06f0bc4f7d3f8d4da313dc285a05c580e1254b017ed9c43e64460
    • Instruction ID: d9b99946e978942e5fb8e423a8fc60f27ae5b82ef1c74b19c1430acfbb9b5552
    • Opcode Fuzzy Hash: a3c41d32fee06f0bc4f7d3f8d4da313dc285a05c580e1254b017ed9c43e64460
    • Instruction Fuzzy Hash: 4C2195A7B09E4241EB58EB15FC40066E761EF84BE4BD84131DB4C93B79EF2CE5598710
    Function 00007FF71521A6C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A6CF
    • FlsGetValue.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A6E4
    • FlsSetValue.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A705
    • FlsSetValue.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A732
    • FlsSetValue.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A743
    • FlsSetValue.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A754
    • SetLastError.KERNEL32(?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F,?,?,?,00007FF7152193D4), ref: 00007FF71521A76F
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 18b7faeee27d6baa02fe511a9168d04a385ef3bb053123a9e3f810302c557934
    • Instruction ID: b109b64ca43634906d5ebd9aa494a6e33fb6048dc10ecce72221bdd0b5c0e7e5
    • Opcode Fuzzy Hash: 18b7faeee27d6baa02fe511a9168d04a385ef3bb053123a9e3f810302c557934
    • Instruction Fuzzy Hash: AB2171A6B08E4242F55C77219E9513FE2925F48FB0FC04634D93E076F6DF6CB44A46A0
    Function 00007FF715226C0C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: 98c69cb4885b5889e332a18a4983e0895d1cd665dce4f498ff52cfc2961821a3
    • Instruction ID: 64c5b473b3ccfdb207719f2e59bb2e314d89734ed944918fd19cb473dc64fb25
    • Opcode Fuzzy Hash: 98c69cb4885b5889e332a18a4983e0895d1cd665dce4f498ff52cfc2961821a3
    • Instruction Fuzzy Hash: CC118467B18E4186E354AF52EC54325A2A0FB88FF4F800234E91D87BA4DFBCD5088750
    Function 00007FF71521A838 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,00007FF715215A21,?,?,?,?,00007FF71521DEBF,?,?,00000000,00007FF71521A956,?,?,?), ref: 00007FF71521A847
    • FlsSetValue.KERNEL32(?,?,?,00007FF715215A21,?,?,?,?,00007FF71521DEBF,?,?,00000000,00007FF71521A956,?,?,?), ref: 00007FF71521A87D
    • FlsSetValue.KERNEL32(?,?,?,00007FF715215A21,?,?,?,?,00007FF71521DEBF,?,?,00000000,00007FF71521A956,?,?,?), ref: 00007FF71521A8AA
    • FlsSetValue.KERNEL32(?,?,?,00007FF715215A21,?,?,?,?,00007FF71521DEBF,?,?,00000000,00007FF71521A956,?,?,?), ref: 00007FF71521A8BB
    • FlsSetValue.KERNEL32(?,?,?,00007FF715215A21,?,?,?,?,00007FF71521DEBF,?,?,00000000,00007FF71521A956,?,?,?), ref: 00007FF71521A8CC
    • SetLastError.KERNEL32(?,?,?,00007FF715215A21,?,?,?,?,00007FF71521DEBF,?,?,00000000,00007FF71521A956,?,?,?), ref: 00007FF71521A8E7
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: c9dc37af4f87961d25fbc0ce5a48ddfdaab7547aa572f2f47d6c4ba6d73b68d7
    • Instruction ID: 7c74bb245ae05f867d751aa732a5345310d39b002d44e7527c8b9930a0e85338
    • Opcode Fuzzy Hash: c9dc37af4f87961d25fbc0ce5a48ddfdaab7547aa572f2f47d6c4ba6d73b68d7
    • Instruction Fuzzy Hash: E8116FA2E09E4246F65C77219D9503BE2815F48FB0FD44734D86E177F5DFACA40A8660
    Function 00007FF71520D2FC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
    • String ID: csm$csm
    • API String ID: 851805269-3733052814
    • Opcode ID: 52ad06c5ff560891a60d9582bb7a5039c5fa8aa60573b1efc2ba76cab93e59d4
    • Instruction ID: 586edaec496fa913be7fc1aa5b89e30841edf942a6113fd6a6edb2ed4875b961
    • Opcode Fuzzy Hash: 52ad06c5ff560891a60d9582bb7a5039c5fa8aa60573b1efc2ba76cab93e59d4
    • Instruction Fuzzy Hash: 296196B390AB4186DB68AF15D84436CB7A0FB44F64F844135DA4D47BA5CF3CE458C710
    Function 00007FF7152189A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: e0fb2b492cc132a12b5115bfc8c6ad36574ad2c1dfa8dd6a2f5920aa30e5d553
    • Instruction ID: 308df8eb9cd8f5a94c0fa0e25260d447e494211f6d4a76e526f479aefbef0896
    • Opcode Fuzzy Hash: e0fb2b492cc132a12b5115bfc8c6ad36574ad2c1dfa8dd6a2f5920aa30e5d553
    • Instruction Fuzzy Hash: 73F044A7619F0241EB18AB24AC843799320AF49F71FD40335C56E456F4CFACD58DC720
    Function 00007FF71522835C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
    • Instruction ID: beeff95c91d67a6708c331f286cb52cad831ded3722a78dd98caf9bb932e4956
    • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
    • Instruction Fuzzy Hash: 0A113DABE18F4201F66C3528DD8637990417F64B70E984634FB6E466FA8FECE8484124
    Function 00007FF71521A900 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FlsGetValue.KERNEL32(?,?,?,00007FF715219B1F,?,?,00000000,00007FF715219DBA,?,?,?,?,?,00007FF715211476), ref: 00007FF71521A91F
    • FlsSetValue.KERNEL32(?,?,?,00007FF715219B1F,?,?,00000000,00007FF715219DBA,?,?,?,?,?,00007FF715211476), ref: 00007FF71521A93E
    • FlsSetValue.KERNEL32(?,?,?,00007FF715219B1F,?,?,00000000,00007FF715219DBA,?,?,?,?,?,00007FF715211476), ref: 00007FF71521A966
    • FlsSetValue.KERNEL32(?,?,?,00007FF715219B1F,?,?,00000000,00007FF715219DBA,?,?,?,?,?,00007FF715211476), ref: 00007FF71521A977
    • FlsSetValue.KERNEL32(?,?,?,00007FF715219B1F,?,?,00000000,00007FF715219DBA,?,?,?,?,?,00007FF715211476), ref: 00007FF71521A988
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 0cb0ecc62ce8febc4c1cd3f07cadcb41c3a2023019720235fc3b27c624f1e212
    • Instruction ID: 00bc291ae7394afc8f14d6877f6b51c0cad2531b6a69b7fd07eb8c5a362f5f41
    • Opcode Fuzzy Hash: 0cb0ecc62ce8febc4c1cd3f07cadcb41c3a2023019720235fc3b27c624f1e212
    • Instruction Fuzzy Hash: DE1190A2B08E4201FA5C77229DD117FE2915F89FB0E844735E87F067F6DF6CA8498660
    Function 00007FF71521A794 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule
    APIs
    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F), ref: 00007FF71521A7A5
    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F), ref: 00007FF71521A7C4
    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F), ref: 00007FF71521A7EC
    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F), ref: 00007FF71521A7FD
    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7152223D7,?,?,?,00007FF71521CC70,?,?,00000000,00007FF71521321F), ref: 00007FF71521A80E
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 472a203f570dff355be6dd52579cd86c3993db08607a52614a1bc7ae05160aed
    • Instruction ID: a89324a9de16b424b8e9369bba42f8a05476c10688ab0005cdeeac64776e21f3
    • Opcode Fuzzy Hash: 472a203f570dff355be6dd52579cd86c3993db08607a52614a1bc7ae05160aed
    • Instruction Fuzzy Hash: F5111C92E0990745F95C77219CA147BA1924F49F70ED44B35D93D0A2F2DF6CB44E82B0
    Function 00007FF71521F164 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: b792a72b0c262d60afe5143e3ce56eb9234b3c315f2f73cbf77dd6b0b88ef1dd
    • Instruction ID: a390a9543f0a38ae47e91ef3b73ed1c27e4c1bcdd1d09feece7a7835c9a0ae2c
    • Opcode Fuzzy Hash: b792a72b0c262d60afe5143e3ce56eb9234b3c315f2f73cbf77dd6b0b88ef1dd
    • Instruction Fuzzy Hash: A981E9F3E0CA8385F76CBE15CDD097AA6A0AB21F64FD54035DA39571A4CB2DE40A8731
    Function 00007FF71520CFA4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: 320b973d2360f702f6492bdafd9a57bf4472b6d8b40771194c4154b694ecb360
    • Instruction ID: c44ed07aedbc1ffa03ea82fd7f6be27bb298d087be1752f51378398d54d3c8e3
    • Opcode Fuzzy Hash: 320b973d2360f702f6492bdafd9a57bf4472b6d8b40771194c4154b694ecb360
    • Instruction Fuzzy Hash: 42518DB7A0AB458AE724EF65D8803ADB7A0F744B98F844125EF4D17B69CF38E049C710
    Function 00007FF715202CA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
    Download Yara Rule
    APIs
    • GetModuleFileNameW.KERNEL32(?,00007FF715202799,?,?,?,?,?,?), ref: 00007FF715202CD1
      • Part of subcall function 00007FF715201CA0: GetLastError.KERNEL32(?,?,00000000,00007FF715206853,?,?,?,?,?,?,?,?,?,?,?,00007FF715201023), ref: 00007FF715201CC7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorFileLastModuleName
    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
    • API String ID: 2776309574-1977442011
    • Opcode ID: 0d9338abfd3054d072f33e15734b76f7292a07630b574cb69ce4fb167e8b756c
    • Instruction ID: c9980fdf8bb21d7b7d50f56510accbf375dad9bd08033b6f0a07958aaca21d5b
    • Opcode Fuzzy Hash: 0d9338abfd3054d072f33e15734b76f7292a07630b574cb69ce4fb167e8b756c
    • Instruction Fuzzy Hash: 420171A3B1EE4251FA6DB720DC453B59251AF4CFA4FC00032E94E86AA6EF5CE54DC720
    Function 00007FF71521BB40 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: FileWrite$ConsoleErrorLastOutput
    • String ID:
    • API String ID: 2718003287-0
    • Opcode ID: 4bb75c92a1ab2e7fd0df41a8cbac080d743b3a607fa80f295853e8c214f2ad95
    • Instruction ID: 2ea77b84898e349ff50ac7100b009022cb1b131cbc4ff9fb3f1ad0637dd77eac
    • Opcode Fuzzy Hash: 4bb75c92a1ab2e7fd0df41a8cbac080d743b3a607fa80f295853e8c214f2ad95
    • Instruction Fuzzy Hash: EBD123A3B08A8589E714DF75DC801AEB7B1F745BA8B944231DE4D97BA9CF38D00AC710
    Function 00007FF71521E8D0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _get_daylight$_isindst
    • String ID:
    • API String ID: 4170891091-0
    • Opcode ID: cfcf0323b73ea728397c9886ef4302b6457bc383625769a9df7878215742c1e9
    • Instruction ID: 3983a0c24d954775d63931205d9c5cf6dc03a090df94a1ffb79107b1fdb4eaa4
    • Opcode Fuzzy Hash: cfcf0323b73ea728397c9886ef4302b6457bc383625769a9df7878215742c1e9
    • Instruction Fuzzy Hash: 7051F7B3F04A128EFB2CEB649D815BDAB65BB40768F900135EE1D56AF5CB38A449C710
    Function 00007FF715225648 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$_get_daylight
    • String ID:
    • API String ID: 72036449-0
    • Opcode ID: d8d8fce7de822db2a4474f97e36a13ce103c8888522bff190dc61e27e7a4e771
    • Instruction ID: ac00c85c882185fc21fb0220b48a6bccb0292b201414acc598138ec3fe86d5bb
    • Opcode Fuzzy Hash: d8d8fce7de822db2a4474f97e36a13ce103c8888522bff190dc61e27e7a4e771
    • Instruction Fuzzy Hash: E551B4BBF48A0286F72D6A28DC84379E5809B40F34FD9C035C94B5E2F5CF6CE8489661
    Function 00007FF7152141EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
    • String ID:
    • API String ID: 2780335769-0
    • Opcode ID: 0ae7b5227a693bd4cdc0f439dd7087ea1d18e56f445419d08ed96828b75df31f
    • Instruction ID: 392e3d01a3d278c708394b4c2ac8c165415da551c70c8d5a058139e69920db55
    • Opcode Fuzzy Hash: 0ae7b5227a693bd4cdc0f439dd7087ea1d18e56f445419d08ed96828b75df31f
    • Instruction Fuzzy Hash: 6E5193A3E08A4189FB18EF71DC903BE63A1AB44F68FA44135DE0D57658DF78D489C7A0
    Function 00007FF715214098 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
    • String ID:
    • API String ID: 1279662727-0
    • Opcode ID: 2914ba268addd75aa9a28fbb9c98da1b3a2d57cd915208efa484a858712485bb
    • Instruction ID: 52287b9cc3896d76c7c395ab8bc93a89af5148d876e527c171265b1f5d7cd1b6
    • Opcode Fuzzy Hash: 2914ba268addd75aa9a28fbb9c98da1b3a2d57cd915208efa484a858712485bb
    • Instruction Fuzzy Hash: 2241CBA3E18B8143E318AB219D9037AB350FBA5B74F504334D65C03AE6DF7CA5E88750
    Function 00007FF7152248F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo
    • String ID: ?
    • API String ID: 1286766494-1684325040
    • Opcode ID: 5c3d20ecd8b8f8d4138e819684951d977da0ba85eb2e496d796a0fddbf7c8408
    • Instruction ID: f87d989f54baded7e33d9405071b8a29ec8d764f5f62a7362932c86c8bcfaa67
    • Opcode Fuzzy Hash: 5c3d20ecd8b8f8d4138e819684951d977da0ba85eb2e496d796a0fddbf7c8408
    • Instruction Fuzzy Hash: 6941F6B7A08B8246FB28AB25DC5137AD660EB80FB4F944235EE5C06AE5DF3CD4458750
    Function 00007FF715217F24 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF715217F56
      • Part of subcall function 00007FF715219EC8: HeapFree.KERNEL32(?,?,?,00007FF715221DDA,?,?,?,00007FF715221E17,?,?,00000000,00007FF7152222E8,?,?,00000000,00007FF71522221B), ref: 00007FF715219EDE
      • Part of subcall function 00007FF715219EC8: GetLastError.KERNEL32(?,?,?,00007FF715221DDA,?,?,?,00007FF715221E17,?,?,00000000,00007FF7152222E8,?,?,00000000,00007FF71522221B), ref: 00007FF715219EE8
    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF715209F55), ref: 00007FF715217F74
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\FSJs1TlAyf.exe
    • API String ID: 3580290477-787965512
    • Opcode ID: acbca15cd44fabff596ac91c3d18800840816a6c626c598ef6f49ccff3c34a57
    • Instruction ID: 266ed03299f504d9d8336f4d3116979a6d07a9cc40a83910fb0ce9aad39da5f6
    • Opcode Fuzzy Hash: acbca15cd44fabff596ac91c3d18800840816a6c626c598ef6f49ccff3c34a57
    • Instruction Fuzzy Hash: 084185B7A08E1685EB19EF21DCC00BAA794EB44FA0F955035E94D43BA5DF3CE449C320
    Function 00007FF71521C1EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: 65841838ba5035cfd428734c9ea552cf83108e5d474ae49afaa43364d676ac32
    • Instruction ID: 596c0d3c606cb213181ce4a7a9c80f4a1359e0eb418ed984a28c924afe60021d
    • Opcode Fuzzy Hash: 65841838ba5035cfd428734c9ea552cf83108e5d474ae49afaa43364d676ac32
    • Instruction Fuzzy Hash: EB41E9B3718A8182DB14DF65EC443AAA7A0FB88B94F804031DE4D877A8DF3CD545C750
    Function 00007FF71521E538 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: CurrentDirectory
    • String ID: :
    • API String ID: 1611563598-336475711
    • Opcode ID: e2fe067896e50c3c1ec6b5d97d2340bd8d163c4be3586bda63525948b241b892
    • Instruction ID: 8cc4cd4d86741ccf96f81e4ba2a0e6a1b154d28f3d83de26c6e6258b78c8084d
    • Opcode Fuzzy Hash: e2fe067896e50c3c1ec6b5d97d2340bd8d163c4be3586bda63525948b241b892
    • Instruction Fuzzy Hash: 1C21E6B3B08A8185EB28AB11DC8416EB3A1FB84F54FC54135D64D43694DF7CE948CB61
    Function 00007FF71520DE40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: d1de4137e22356e05c572dc18bab9e471ef67eb3cdc81db5d824458242951ede
    • Instruction ID: 8fac35b2de6ff95c93938482ead5f8b29b7b268c39542539c1eecdb908fb4fbb
    • Opcode Fuzzy Hash: d1de4137e22356e05c572dc18bab9e471ef67eb3cdc81db5d824458242951ede
    • Instruction Fuzzy Hash: 9D118F7360AF4182EB549F15E840269B7A5FB88FA4F984230EF8C07B64DF7CD4558B00
    Function 00007FF71521F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: :
    • API String ID: 3215553584-336475711
    • Opcode ID: 5c4970f09abed39c6753eb42c82a62cc26ac4b61f4eb473f848091fe78b923c2
    • Instruction ID: ac6622f10390a4c9b1a8c5d27d8b847c43e8f2879011e9e1795552245690b86c
    • Opcode Fuzzy Hash: 5c4970f09abed39c6753eb42c82a62cc26ac4b61f4eb473f848091fe78b923c2
    • Instruction Fuzzy Hash: E801A2A3A18A0281F728BB609C9217FA3A0EF58B64FC00136D56E466A5DF2CD54C8B34
    Function 00007FF715228CBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
    Download Yara Rule
    APIs
    • __C_specific_handler.LIBVCRUNTIME ref: 00007FF715228CCC
      • Part of subcall function 00007FF71520B760: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF71520B78B
      • Part of subcall function 00007FF71520B760: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF71520B820
      • Part of subcall function 00007FF71520B760: RtlUnwindEx.KERNEL32 ref: 00007FF71520B86F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2042765592.00007FF715201000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715200000, based on PE: true
    • Associated: 00000000.00000002.2042748000.00007FF715200000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042797646.00007FF71522A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71523C000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042820898.00007FF71524B000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2042859028.00007FF71524D000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff715200000_FSJs1TlAyf.jbxd
    Similarity
    • API ID: C_specific_handlerCurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm$f
    • API String ID: 3112662972-629598281
    • Opcode ID: d3260eec85eef3f17ec74c0d8d1e811eaf18040ea1dd95a5080735d095d66c32
    • Instruction ID: adff18a431ac40a9a291737b147e4f494844083aacead646e4d0888af0f4be99
    • Opcode Fuzzy Hash: d3260eec85eef3f17ec74c0d8d1e811eaf18040ea1dd95a5080735d095d66c32
    • Instruction Fuzzy Hash: C0E065A7909B8681E67C3F25A98517DA690AF09F64F94C071EF4C0A6B7CF7CD4948312