Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe
Analysis ID:1532114
MD5:f32e47eeab5658904b67a491c4c08a39
SHA1:11661085721eaa76651e7132f4e4ff36722f7ea4
SHA256:0bda73349659b682a08172de94196235b902784d74457d3cd837aa47f16144f8
Tags:exe
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe (PID: 7508 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe" MD5: F32E47EEAB5658904B67A491C4C08A39)
    • conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7560 cmdline: C:\Windows\system32\cmd.exe /c pause MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeVirustotal: Detection: 61%Perma Link
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeReversingLabs: Detection: 52%
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0066ACCE FindFirstFileExA,0_2_0066ACCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065B9F60_2_0065B9F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006601C00_2_006601C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065B1A90_2_0065B1A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065AC000_2_0065AC00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065DCD30_2_0065DCD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065ACAD0_2_0065ACAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065B5C10_2_0065B5C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065BE2B0_2_0065BE2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00664EE80_2_00664EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006696B90_2_006696B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006577680_2_00657768
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0066EFCD0_2_0066EFCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: String function: 00658900 appears 44 times
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@4/1@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCommand line argument: ^-g0_2_00672CB0
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeVirustotal: Detection: 61%
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeReversingLabs: Detection: 52%
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c pause
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c pauseJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeSection loaded: apphelp.dllJump to behavior
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00658946 push ecx; ret 0_2_00658959
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006583E8 push ecx; ret 0_2_006583FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00657768 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00657768
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeAPI coverage: 6.9 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0066ACCE FindFirstFileExA,0_2_0066ACCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065CDC7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0065CDC7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006611A5 mov eax, dword ptr fs:[00000030h]0_2_006611A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00666DB1 GetProcessHeap,0_2_00666DB1
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006588A0 SetUnhandledExceptionFilter,0_2_006588A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065895B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0065895B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_0065CDC7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0065CDC7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00658782 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00658782
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c pauseJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_006585D8 cpuid 0_2_006585D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: GetLocaleInfoW,0_2_0066E026
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0066E0F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: GetLocaleInfoW,0_2_006669DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: EnumSystemLocalesW,0_2_0066DA7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: EnumSystemLocalesW,0_2_0066DA33
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: EnumSystemLocalesW,0_2_0066DB19
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0066DBA6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: EnumSystemLocalesW,0_2_00666577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: GetLocaleInfoW,0_2_0066DDF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0066DF1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0066D7BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00658B5A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00658B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00651F60 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,0_2_00651F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exeCode function: 0_2_00651F00 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,0_2_00651F00

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532114 Sample: SecuriteInfo.com.Win32.Troj... Startdate: 12/10/2024 Architecture: WINDOWS Score: 56 12 Antivirus / Scanner detection for submitted sample 2->12 14 Multi AV Scanner detection for submitted file 2->14 6 SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started        10 cmd.exe 1 6->10         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe61%VirustotalBrowse
SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe53%ReversingLabsWin32.Trojan.Malgent
SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe100%AviraTR/Hacktool.knmkk

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1532114
Start date and time:2024-10-12 12:39:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe
Detection:MAL
Classification:mal56.winEXE@4/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 16
  • Number of non-executed functions: 86
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):116
Entropy (8bit):4.569971639959732
Encrypted:false
SSDEEP:3:tSyuvaWNoGKcVFBALsJGKgernmK6vk/1dy:8WKbxCsIGrm1/
MD5:05673CBE1112B8D3676DD166A18B020F
SHA1:EC1A3214EF8195796690504654F57698543BBC53
SHA-256:F2A7EC420B5A1173878C4F34BA9D985BE638454C4373A804F2E4D9DFAB4432E4
SHA-512:12630ABC213529E80FE7E440C0334964A44F64CC552591ED0CB71A5043F49C8C2350004F19F6F882A8997AF3A265C88C2CEB13486290C853BAD1F4A38D149DCB
Malicious:false
Reputation:low
Preview:~ runshc v.1.2 ~..Run shellcode: loads and deploys shellcode file...For 32-bit shellcodes...Args: <shellcode_file>..

Static File Info

General

File type:PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):6.549941232930169
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe
File size:219'648 bytes
MD5:f32e47eeab5658904b67a491c4c08a39
SHA1:11661085721eaa76651e7132f4e4ff36722f7ea4
SHA256:0bda73349659b682a08172de94196235b902784d74457d3cd837aa47f16144f8
SHA512:7ce6a0111c55ef9403d32d042e333baeb447bd72b8964b3b96fd31639c4d3a9ded955645f89e78921887dc36d5bb9277e2072c70fd03d49dd7a2d3484abb1c45
SSDEEP:3072:taDgZcejNH8Q24LTOgxIAZlqH1U21uURyFFtRDeAg0FujU4Vlexh:tXjjt8wHxJqVU2Dg/eAOoGMh
TLSH:03249D1179D2C432D5B2153508F8DB762A3DB9200B359AFFA7E80B7D8E381C16636A77
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S2^..S0..S0..S0......S0......S0......S0.,.3..S0.,.5.-S0.,.4.4S0......S0..S1.{S0...5..S0......S0...2..S0.Rich.S0.........PE..L..

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x4083d8
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x637C0F58 [Mon Nov 21 23:52:56 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:3b6f78e3cfbcd4e1f8f5415d855d3767

Entrypoint Preview

Instruction
call 00007F17E0D381E2h
jmp 00007F17E0D378ECh
jmp dword ptr [00424168h]
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007F17E0D377D5h
jmp 00007F17E0D37A40h
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00433070h]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00433070h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [00433070h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], esp
push dword ptr [ebp-04h]
mov dword ptr [ebp+00h], 00000000h

Rich Headers

Programming Language:
  • [RES] VS2015 UPD3 build 24213

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x323dc0x28.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x1e0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x380000x22ec.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x303500x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x303cc0x18.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x303700x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x240000x168.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x22caf0x22e00a59f588c1a7fc38141c55ba5cbb9f20aFalse0.5538614471326165data6.63887892247768IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x240000xebd20xec00d0df3a3aa185b57bbf61f9551f1fdf84False0.4888605667372881data5.539702941600411IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x330000x1dc00x1000b628337452f82a2e8b2b1c5674602e6fFalse0.20703125DOS executable (block device driver ght (c)3.2314724997825084IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.gfids0x350000x26c0x400a7edb4f7b6304a10b344c0d9b46e097dFalse0.3623046875data2.6119447619429694IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls0x360000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x370000x1e00x2002d5eb1e7989b77f5c38c72583a0272d3False0.52734375data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x380000x22ec0x24001a129fb53ad0240f1b1a720d76911c5eFalse0.71875data6.517361156671963IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x370600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

Imports

DLLImport
KERNEL32.dllWaitForSingleObject, CreateThread, VirtualAlloc, VirtualFree, CreateFileA, GetFileSize, ReadFile, WriteFile, CloseHandle, MapViewOfFile, UnmapViewOfFile, CreateFileMappingA, GetProcAddress, IsBadReadPtr, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, MultiByteToWideChar, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetStringTypeW, GetCPInfo, SetEvent, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RaiseException, RtlUnwind, GetLastError, FreeLibrary, LoadLibraryExW, HeapAlloc, HeapFree, HeapReAlloc, ExitProcess, GetModuleHandleExW, GetModuleFileNameA, GetStdHandle, GetCommandLineA, GetCommandLineW, GetACP, GetExitCodeProcess, CreateProcessA, GetFileAttributesExW, GetFileType, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetProcessHeap, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetStdHandle, WriteConsoleW, ReadConsoleW, HeapSize, CreateFileW

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:06:40:18
Start date:12/10/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe"
Imagebase:0x650000
File size:219'648 bytes
MD5 hash:F32E47EEAB5658904B67A491C4C08A39
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

General

Target ID:1
Start time:06:40:18
Start date:12/10/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:2
Start time:06:40:18
Start date:12/10/2024
Path:C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):true
Commandline:C:\Windows\system32\cmd.exe /c pause
Imagebase:0x240000
File size:236'544 bytes
MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:4.4%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:0.6%
    Total number of Nodes:2000
    Total number of Limit Nodes:51
    execution_graph 17556 658269 17557 658275 ___scrt_is_nonwritable_in_current_image 17556->17557 17581 657d69 17557->17581 17559 65827c 17561 6582a5 17559->17561 17641 658782 IsProcessorFeaturePresent 17559->17641 17567 6582e4 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 17561->17567 17592 661f0a 17561->17592 17565 6582c4 ___scrt_is_nonwritable_in_current_image 17566 658344 17596 6618d7 17566->17596 17567->17566 17649 6612d7 17567->17649 17572 658362 17655 6611e6 GetModuleHandleW 17572->17655 17575 658376 17576 65837f 17575->17576 17660 6612b2 17575->17660 17663 657ee0 17576->17663 17582 657d72 17581->17582 17669 6585d8 IsProcessorFeaturePresent 17582->17669 17586 657d83 17587 657d87 17586->17587 17680 661dea 17586->17680 17587->17559 17590 657d9e 17590->17559 17595 661f21 17592->17595 17593 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17594 6582be 17593->17594 17594->17565 17645 661eae 17594->17645 17595->17593 17597 6618e0 17596->17597 17598 658358 17596->17598 17761 66161e 17597->17761 17600 655210 17598->17600 17601 65528c 17600->17601 17602 65521c 17600->17602 17604 651150 73 API calls 17601->17604 17973 651150 17602->17973 17606 6552aa 17604->17606 17608 651150 73 API calls 17606->17608 17607 651150 73 API calls 17609 655243 17607->17609 17610 6552b3 17608->17610 17611 651150 73 API calls 17609->17611 17612 651500 110 API calls 17610->17612 17613 65524c 17611->17613 17614 6552b9 17612->17614 17615 651150 73 API calls 17613->17615 18007 655430 CreateFileA 17614->18007 17617 655255 17615->17617 17619 651150 73 API calls 17617->17619 17618 6552c3 17620 6552ec 17618->17620 17621 6552cc 17618->17621 17623 655264 17619->17623 18028 655570 17620->18028 17624 651150 73 API calls 17621->17624 17626 651150 73 API calls 17623->17626 17627 6552db 17624->17627 17629 655273 17626->17629 17630 651500 110 API calls 17627->17630 17628 655320 18036 655170 17628->18036 17999 651500 17629->17999 17631 6552e1 17630->17631 17631->17572 17632 655307 17636 651150 73 API calls 17632->17636 17637 655316 17636->17637 17637->17572 17638 651150 73 API calls 17639 655367 17638->17639 17639->17572 17640 65533e 17640->17638 17642 658798 _memcpy_s 17641->17642 17643 658840 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17642->17643 17644 65888a 17643->17644 17644->17559 17646 661edd 17645->17646 17647 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17646->17647 17648 661f06 17647->17648 17648->17567 17650 6612ff pre_c_initialization _abort 17649->17650 17650->17566 17651 663f32 __Getcvt 38 API calls 17650->17651 17654 663172 17651->17654 17652 6600f7 _abort 38 API calls 17653 66319c 17652->17653 17654->17652 17656 65836c 17655->17656 17656->17575 17657 66130f 17656->17657 18592 66108c 17657->18592 17661 66108c _abort 28 API calls 17660->17661 17662 6612bd 17661->17662 17662->17576 17664 657eec 17663->17664 17668 657f02 17664->17668 18668 661dfc 17664->18668 17668->17565 17670 657d7e 17669->17670 17671 65c42d 17670->17671 17672 65c432 ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 17671->17672 17691 65cabc 17672->17691 17676 65c448 17677 65c453 17676->17677 17705 65caf8 17676->17705 17677->17586 17679 65c440 17679->17586 17746 66bc5d 17680->17746 17683 65c456 17684 65c470 17683->17684 17685 65c45f 17683->17685 17684->17587 17686 65ca48 ___vcrt_uninitialize_ptd 6 API calls 17685->17686 17687 65c464 17686->17687 17688 65caf8 ___vcrt_uninitialize_locks DeleteCriticalSection 17687->17688 17689 65c469 17688->17689 17757 65c8b2 17689->17757 17693 65cac5 17691->17693 17694 65caee 17693->17694 17695 65c43c 17693->17695 17709 65c832 17693->17709 17696 65caf8 ___vcrt_uninitialize_locks DeleteCriticalSection 17694->17696 17695->17679 17697 65ca15 17695->17697 17696->17695 17727 65c747 17697->17727 17699 65ca1f 17704 65ca2a 17699->17704 17732 65c7f5 17699->17732 17701 65ca38 17702 65ca45 17701->17702 17737 65ca48 17701->17737 17702->17676 17704->17676 17706 65cb03 17705->17706 17708 65cb22 17705->17708 17707 65cb0d DeleteCriticalSection 17706->17707 17707->17707 17707->17708 17708->17679 17714 65c626 17709->17714 17711 65c84c 17712 65c855 17711->17712 17713 65c869 InitializeCriticalSectionAndSpinCount 17711->17713 17712->17693 17713->17712 17715 65c656 17714->17715 17716 65c65a __crt_fast_encode_pointer 17714->17716 17715->17716 17719 65c67a 17715->17719 17720 65c6c6 17715->17720 17716->17711 17718 65c686 GetProcAddress 17718->17716 17719->17716 17719->17718 17721 65c6ee LoadLibraryExW 17720->17721 17725 65c6e3 17720->17725 17722 65c722 17721->17722 17723 65c70a GetLastError 17721->17723 17722->17725 17726 65c739 FreeLibrary 17722->17726 17723->17722 17724 65c715 LoadLibraryExW 17723->17724 17724->17722 17725->17715 17726->17725 17728 65c626 try_get_function 5 API calls 17727->17728 17729 65c761 17728->17729 17730 65c779 TlsAlloc 17729->17730 17731 65c76a 17729->17731 17731->17699 17733 65c626 try_get_function 5 API calls 17732->17733 17734 65c80f 17733->17734 17735 65c829 TlsSetValue 17734->17735 17736 65c81e 17734->17736 17735->17736 17736->17701 17738 65ca52 17737->17738 17740 65ca58 17737->17740 17741 65c781 17738->17741 17740->17704 17742 65c626 try_get_function 5 API calls 17741->17742 17743 65c79b 17742->17743 17744 65c7b2 TlsFree 17743->17744 17745 65c7a7 17743->17745 17744->17745 17745->17740 17747 66bc7a 17746->17747 17750 66bc76 17746->17750 17747->17750 17752 6663f9 17747->17752 17748 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17749 657d90 17748->17749 17749->17590 17749->17683 17750->17748 17754 666400 17752->17754 17753 666443 GetStdHandle 17753->17754 17754->17753 17755 6664ab 17754->17755 17756 666456 GetFileType 17754->17756 17755->17747 17756->17754 17758 65c8e1 17757->17758 17759 65c8bb 17757->17759 17758->17684 17759->17758 17760 65c8cb FreeLibrary 17759->17760 17760->17759 17762 661627 17761->17762 17767 661640 17761->17767 17763 66162f 17762->17763 17768 66164d 17762->17768 17763->17598 17765 661637 17765->17763 17781 6617a6 17765->17781 17767->17598 17769 661656 17768->17769 17770 661659 17768->17770 17769->17765 17791 66b4ae 17770->17791 17775 66166b 17777 66006f _free 20 API calls 17775->17777 17778 6616a0 17777->17778 17778->17765 17779 661676 17780 66006f _free 20 API calls 17779->17780 17780->17775 17782 6617b3 17781->17782 17790 6617b8 17781->17790 17782->17767 17783 6617be WideCharToMultiByte 17784 661813 17783->17784 17783->17790 17784->17767 17785 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 17785->17790 17786 6617e4 WideCharToMultiByte 17787 661819 17786->17787 17786->17790 17788 66006f _free 20 API calls 17787->17788 17788->17784 17789 66006f _free 20 API calls 17789->17790 17790->17783 17790->17784 17790->17785 17790->17786 17790->17787 17790->17789 17792 66b4b7 17791->17792 17793 661660 17791->17793 17824 66b3ad 17792->17824 17795 66b817 GetEnvironmentStringsW 17793->17795 17796 66b881 17795->17796 17797 66b82e 17795->17797 17798 661665 17796->17798 17799 66b88a FreeEnvironmentStringsW 17796->17799 17800 66b834 WideCharToMultiByte 17797->17800 17798->17775 17807 6616a6 17798->17807 17799->17798 17800->17796 17801 66b850 17800->17801 17802 6600a9 ___crtLCMapStringA 21 API calls 17801->17802 17803 66b856 17802->17803 17804 66b85d WideCharToMultiByte 17803->17804 17805 66b873 17803->17805 17804->17805 17806 66006f _free 20 API calls 17805->17806 17806->17796 17809 6616bb 17807->17809 17808 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 17820 6616e2 17808->17820 17809->17808 17810 661746 17811 66006f _free 20 API calls 17810->17811 17812 661760 17811->17812 17812->17779 17813 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 17813->17820 17814 661748 17967 661777 17814->17967 17816 6631fc ___std_exception_copy 26 API calls 17816->17820 17818 66006f _free 20 API calls 17818->17810 17819 66176a 17821 65cfbe _memcpy_s 11 API calls 17819->17821 17820->17810 17820->17813 17820->17814 17820->17816 17820->17819 17822 66006f _free 20 API calls 17820->17822 17823 661776 17821->17823 17822->17820 17825 663f32 __Getcvt 38 API calls 17824->17825 17826 66b3ba 17825->17826 17827 66b4cc __cftof 38 API calls 17826->17827 17828 66b3c2 17827->17828 17844 66b141 17828->17844 17831 66b3d9 17831->17793 17832 6600a9 ___crtLCMapStringA 21 API calls 17833 66b3ea 17832->17833 17839 66b41c 17833->17839 17851 66b56e 17833->17851 17835 66006f _free 20 API calls 17835->17831 17839->17835 17845 65d72e __cftof 38 API calls 17844->17845 17846 66b153 17845->17846 17847 66b174 17846->17847 17848 66b162 GetOEMCP 17846->17848 17849 66b18b 17847->17849 17850 66b179 GetACP 17847->17850 17848->17849 17849->17831 17849->17832 17850->17849 17852 66b141 40 API calls 17851->17852 17854 66b58d 17852->17854 17853 66b594 17855 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17853->17855 17854->17853 17856 66b5de IsValidCodePage 17854->17856 17860 66b603 _memcpy_s 17854->17860 17857 66b40f 17855->17857 17856->17853 17858 66b5f0 GetCPInfo 17856->17858 17858->17853 17858->17860 17864 66b219 GetCPInfo 17860->17864 17865 66b2fd 17864->17865 17869 66b253 17864->17869 17968 661784 17967->17968 17969 66174e 17967->17969 17970 66179b 17968->17970 17971 66006f _free 20 API calls 17968->17971 17969->17818 17972 66006f _free 20 API calls 17970->17972 17971->17968 17972->17969 17974 65118a 17973->17974 17981 65120c 17974->17981 18047 6549f0 17974->18047 17976 6513e6 17979 651414 17976->17979 17983 651490 std::ios_base::clear 34 API calls 17976->17983 17977 65143e 17978 651458 17977->17978 18081 6535f0 17977->18081 17978->17607 17984 651490 std::ios_base::clear 34 API calls 17979->17984 17994 651227 17981->17994 18043 6571bf 17981->18043 17986 6513ef 17983->17986 17987 651419 17984->17987 17989 651d10 std::ios_base::failure::failure 27 API calls 17986->17989 17990 651d10 std::ios_base::failure::failure 27 API calls 17987->17990 17992 6513ff 17989->17992 17993 651429 17990->17993 17996 65a0d6 __CxxThrowException@8 RaiseException 17992->17996 17997 65a0d6 __CxxThrowException@8 RaiseException 17993->17997 17994->17976 17994->17977 18060 651490 17994->18060 17996->17979 17997->17977 18000 65153a 17999->18000 18296 6515b0 18000->18296 18008 655460 CreateFileMappingA 18007->18008 18009 655459 18007->18009 18010 655487 MapViewOfFile 18008->18010 18011 655478 CloseHandle 18008->18011 18009->17618 18012 655502 CloseHandle CloseHandle 18010->18012 18013 65549e GetFileSize 18010->18013 18011->17618 18012->17618 18014 6554b2 18013->18014 18588 6555e0 IsBadReadPtr 18014->18588 18016 6554c0 18017 6554c7 18016->18017 18021 655517 _memcpy_s 18016->18021 18018 651150 73 API calls 18017->18018 18019 6554de 18018->18019 18020 651150 73 API calls 18019->18020 18022 6554e7 18020->18022 18023 655544 UnmapViewOfFile CloseHandle CloseHandle 18021->18023 18024 651150 73 API calls 18022->18024 18023->17618 18025 6554f0 18024->18025 18026 651500 110 API calls 18025->18026 18027 6554f6 UnmapViewOfFile 18026->18027 18027->18012 18029 65557b 18028->18029 18035 6552f2 18028->18035 18589 6555e0 IsBadReadPtr 18029->18589 18031 655583 18031->18035 18590 6555e0 IsBadReadPtr 18031->18590 18033 6555ab 18033->18035 18591 6555e0 IsBadReadPtr 18033->18591 18035->17628 18035->17632 18037 651150 73 API calls 18036->18037 18038 655183 CreateThread 18037->18038 18039 6551a1 18038->18039 18040 6551b8 WaitForSingleObject 18038->18040 18041 651150 73 API calls 18039->18041 18040->17640 18042 6551b0 18041->18042 18042->17640 18044 6572a9 18043->18044 18045 6571e1 _memcpy_s 18043->18045 18044->17994 18045->18044 18102 6569ca 18045->18102 18048 654a28 18047->18048 18051 654add 18047->18051 18166 651c30 18048->18166 18050 654ac5 18050->18051 18053 6535f0 35 API calls 18050->18053 18051->17981 18053->18051 18054 654a7b 18055 654a84 18054->18055 18056 651490 std::ios_base::clear 34 API calls 18054->18056 18057 651490 34 API calls std::ios_base::clear 18055->18057 18058 651d10 std::ios_base::failure::failure 27 API calls 18055->18058 18059 65a0d6 __CxxThrowException@8 RaiseException 18055->18059 18056->18055 18057->18055 18058->18055 18059->18055 18061 6514b2 18060->18061 18067 6513c1 18060->18067 18170 658073 18061->18170 18068 651d10 18067->18068 18069 651d59 18068->18069 18184 653d70 18069->18184 18071 651d75 18196 651a20 18071->18196 18082 653707 18081->18082 18083 653634 18081->18083 18082->17978 18083->18082 18084 6536a9 18083->18084 18086 651490 std::ios_base::clear 34 API calls 18083->18086 18085 6536d7 18084->18085 18087 651490 std::ios_base::clear 34 API calls 18084->18087 18088 651490 std::ios_base::clear 34 API calls 18085->18088 18089 653684 18086->18089 18090 6536b2 18087->18090 18091 6536dc 18088->18091 18092 651d10 std::ios_base::failure::failure 27 API calls 18089->18092 18093 651d10 std::ios_base::failure::failure 27 API calls 18090->18093 18094 651d10 std::ios_base::failure::failure 27 API calls 18091->18094 18095 653694 18092->18095 18096 6536c2 18093->18096 18097 6536ec 18094->18097 18098 65a0d6 __CxxThrowException@8 RaiseException 18095->18098 18099 65a0d6 __CxxThrowException@8 RaiseException 18096->18099 18100 65a0d6 __CxxThrowException@8 RaiseException 18097->18100 18098->18084 18099->18085 18101 653701 18100->18101 18101->17978 18105 6569d6 __EH_prolog3_GS 18102->18105 18106 656a41 18105->18106 18107 656a5c 18105->18107 18110 6569ea 18105->18110 18116 655f45 18106->18116 18119 653ca0 18107->18119 18125 6583fd 18110->18125 18128 65f694 18116->18128 18118 655f55 18118->18110 18120 653d50 18119->18120 18151 6557b9 18120->18151 18126 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 18125->18126 18127 658408 18126->18127 18127->18127 18129 65f6a0 ___scrt_is_nonwritable_in_current_image 18128->18129 18130 65f6c6 18129->18130 18131 65f6ae 18129->18131 18146 65f1cd EnterCriticalSection 18130->18146 18132 65edda _free 20 API calls 18131->18132 18134 65f6b3 18132->18134 18136 65cf91 _memcpy_s 26 API calls 18134->18136 18135 65f6d0 18137 65f766 _Fputc 18135->18137 18138 66621a _Fputc 26 API calls 18135->18138 18141 65f6be ___scrt_is_nonwritable_in_current_image @_EH4_CallFilterFunc@8 18136->18141 18147 65f790 18137->18147 18139 65f6e9 18138->18139 18139->18137 18142 65f73e 18139->18142 18141->18118 18143 65edda _free 20 API calls 18142->18143 18144 65f743 18143->18144 18145 65cf91 _memcpy_s 26 API calls 18144->18145 18145->18141 18146->18135 18150 65f1e1 LeaveCriticalSection 18147->18150 18149 65f796 18149->18141 18150->18149 18156 655724 18151->18156 18154 65a0d6 __CxxThrowException@8 RaiseException 18155 6557d8 18154->18155 18159 6556d2 18156->18159 18162 65a054 18159->18162 18161 6556fe 18161->18154 18163 65a061 ___std_exception_copy 18162->18163 18164 65a08e ___std_exception_copy 18162->18164 18163->18164 18165 6631fc ___std_exception_copy 26 API calls 18163->18165 18164->18161 18165->18164 18168 651c6c 18166->18168 18167 651c95 18167->18050 18167->18054 18168->18167 18169 6549f0 35 API calls 18168->18169 18169->18167 18175 6580b9 EnterCriticalSection 18170->18175 18172 65807c 18173 658093 18172->18173 18176 658112 18172->18176 18175->18172 18177 658150 18176->18177 18181 65811f 18176->18181 18182 658106 LeaveCriticalSection 18177->18182 18179 658155 WaitForSingleObjectEx 18183 6580b9 EnterCriticalSection 18179->18183 18181->18172 18182->18179 18183->18181 18185 653dd5 18184->18185 18186 653d7e 18184->18186 18187 653dde 18185->18187 18188 653e5b 18185->18188 18186->18185 18193 653da4 18186->18193 18192 653dee _memcpy_s 18187->18192 18226 6526f0 18187->18226 18189 6557b9 std::ios_base::failure::failure 27 API calls 18188->18189 18191 653e65 18189->18191 18192->18071 18218 653b70 18193->18218 18197 653b70 std::ios_base::failure::failure 27 API calls 18196->18197 18198 651a59 18197->18198 18288 653520 18198->18288 18219 653c72 18218->18219 18245 6557d9 18219->18245 18227 65272d 18226->18227 18228 652771 18227->18228 18229 65279a 18227->18229 18238 652766 _memcpy_s 18227->18238 18231 65277d 18228->18231 18253 65579c 18228->18253 18230 657c8b new 8 API calls 18229->18230 18232 6527a0 18230->18232 18257 657c8b 18231->18257 18237 6527a9 18232->18237 18232->18238 18236 653e70 std::ios_base::failure::failure 26 API calls 18242 65280c 18236->18242 18239 65cfa1 std::ios_base::failure::failure 26 API calls 18237->18239 18238->18236 18238->18242 18241 6527ae 18239->18241 18268 653830 18241->18268 18242->18192 18244 6527c5 18244->18192 18250 65577b 18245->18250 18248 65a0d6 __CxxThrowException@8 RaiseException 18249 6557f8 18248->18249 18251 6556d2 std::exception::exception 26 API calls 18250->18251 18252 65578d 18251->18252 18252->18248 18254 6557aa Concurrency::cancel_current_task 18253->18254 18255 65a0d6 __CxxThrowException@8 RaiseException 18254->18255 18256 6557b8 18255->18256 18258 657c90 ___std_exception_copy 18257->18258 18259 652783 18258->18259 18260 660e70 new 7 API calls 18258->18260 18262 65579c Concurrency::cancel_current_task RaiseException 18258->18262 18284 6585bb 18258->18284 18259->18238 18263 65cfa1 18259->18263 18260->18258 18262->18258 18264 65cf16 _memcpy_s 26 API calls 18263->18264 18265 65cfb0 18264->18265 18266 65cfbe _memcpy_s 11 API calls 18265->18266 18269 65383e 18268->18269 18270 65383a 18268->18270 18271 653845 18269->18271 18272 653868 18269->18272 18270->18244 18285 6585c9 Concurrency::cancel_current_task 18284->18285 18286 65a0d6 __CxxThrowException@8 RaiseException 18285->18286 18287 6585d7 18286->18287 18289 653560 std::ios_base::failure::failure 18288->18289 18290 653e70 std::ios_base::failure::failure 26 API calls 18289->18290 18291 6535a1 std::ios_base::failure::failure 18289->18291 18290->18291 18292 6535d2 18291->18292 18293 653e70 std::ios_base::failure::failure 26 API calls 18291->18293 18294 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 18292->18294 18293->18292 18295 651a68 18294->18295 18337 655623 18296->18337 18338 655632 18337->18338 18341 655639 18337->18341 18363 65e6ca 18338->18363 18340 6515e2 18341->18340 18366 65738e EnterCriticalSection 18341->18366 18366->18340 18588->18016 18589->18031 18590->18033 18591->18035 18593 661098 _abort 18592->18593 18594 6610b0 18593->18594 18596 6611e6 _abort GetModuleHandleW 18593->18596 18621 65e66b EnterCriticalSection 18594->18621 18597 6610a4 18596->18597 18597->18594 19634 65104d 19635 651056 19634->19635 19642 656083 19635->19642 19637 651065 19648 6565eb 19637->19648 19643 65608f __EH_prolog3 19642->19643 19644 657c8b new 8 API calls 19643->19644 19645 65609e 19644->19645 19647 6560b0 std::locale::_Init 19645->19647 19655 655c93 19645->19655 19647->19637 19649 65660a 19648->19649 19651 651079 19649->19651 19685 65f187 19649->19685 19652 657f43 19651->19652 19692 657f08 19652->19692 19656 655c9f __EH_prolog3 19655->19656 19657 655623 std::_Lockit::_Lockit 2 API calls 19656->19657 19658 655caa 19657->19658 19659 655cc5 _Yarn 19658->19659 19665 655e03 19658->19665 19661 65567b std::_Lockit::~_Lockit 2 API calls 19659->19661 19664 655d19 std::locale::_Init 19661->19664 19662 655cbd 19668 655e28 19662->19668 19664->19647 19666 657c8b new 8 API calls 19665->19666 19667 655e0e std::locale::_Locimp::_Locimp 19666->19667 19667->19662 19669 655e34 19668->19669 19670 655e45 19668->19670 19672 65762f 19669->19672 19670->19659 19673 6600f7 19672->19673 19674 65763f EncodePointer 19672->19674 19675 66931c _abort 2 API calls 19673->19675 19674->19670 19674->19673 19676 6600fc 19675->19676 19677 660107 19676->19677 19678 669377 _abort 38 API calls 19676->19678 19679 66012f 19677->19679 19680 660111 IsProcessorFeaturePresent 19677->19680 19678->19677 19682 6612c1 _abort 28 API calls 19679->19682 19681 66011c 19680->19681 19683 65cdc7 _abort 8 API calls 19681->19683 19684 660139 19682->19684 19683->19679 19686 65f193 19685->19686 19687 65f1a8 19685->19687 19688 65edda _free 20 API calls 19686->19688 19687->19651 19689 65f198 19688->19689 19690 65cf91 _memcpy_s 26 API calls 19689->19690 19691 65f1a3 19690->19691 19691->19651 19693 657f25 19692->19693 19694 657f2c 19692->19694 19698 661c62 19693->19698 19701 661cd2 19694->19701 19697 651083 19699 661cd2 __onexit 29 API calls 19698->19699 19700 661c74 19699->19700 19700->19697 19704 6619ba 19701->19704 19707 6618f0 19704->19707 19706 6619de 19706->19697 19708 6618fc ___scrt_is_nonwritable_in_current_image 19707->19708 19715 65e66b EnterCriticalSection 19708->19715 19710 66190a 19716 661b21 19710->19716 19712 661917 19726 661935 19712->19726 19714 661928 ___scrt_is_nonwritable_in_current_image 19714->19706 19715->19710 19717 661b3f 19716->19717 19725 661b37 pre_c_initialization __crt_fast_encode_pointer 19716->19725 19718 661b98 19717->19718 19717->19725 19729 66bbe5 19717->19729 19720 66bbe5 __onexit 29 API calls 19718->19720 19718->19725 19722 661bae 19720->19722 19721 661b8e 19724 66006f _free 20 API calls 19721->19724 19723 66006f _free 20 API calls 19722->19723 19723->19725 19724->19718 19725->19712 19757 65e6b3 LeaveCriticalSection 19726->19757 19728 66193f 19728->19714 19730 66bbf0 19729->19730 19731 66bc18 19730->19731 19733 66bc09 19730->19733 19732 66bc27 19731->19732 19738 671e13 19731->19738 19745 66013a 19732->19745 19735 65edda _free 20 API calls 19733->19735 19737 66bc0e _memcpy_s 19735->19737 19737->19721 19739 671e33 HeapSize 19738->19739 19740 671e1e 19738->19740 19739->19732 19741 65edda _free 20 API calls 19740->19741 19742 671e23 19741->19742 19743 65cf91 _memcpy_s 26 API calls 19742->19743 19744 671e2e 19743->19744 19744->19732 19746 660147 19745->19746 19747 660152 19745->19747 19748 6600a9 ___crtLCMapStringA 21 API calls 19746->19748 19749 660163 ___crtLCMapStringA 19747->19749 19750 66015a 19747->19750 19754 66014f 19748->19754 19752 66018d HeapReAlloc 19749->19752 19753 660168 19749->19753 19756 660e70 new 7 API calls 19749->19756 19751 66006f _free 20 API calls 19750->19751 19751->19754 19752->19749 19752->19754 19755 65edda _free 20 API calls 19753->19755 19754->19737 19755->19754 19756->19749 19757->19728 21917 65674b 21918 656752 21917->21918 21919 656757 21917->21919 21921 65f1cd EnterCriticalSection 21918->21921 21921->21919 16807 65d056 16831 6641f1 16807->16831 16810 65d092 16812 65d096 16810->16812 16813 65d0b3 16810->16813 16811 65d14b 16860 65cfbe IsProcessorFeaturePresent 16811->16860 16830 65d0a8 16812->16830 16837 664b7e 16812->16837 16813->16830 16834 65edda 16813->16834 16816 65d155 16819 65d137 16853 658177 16819->16853 16822 65edda _free 20 API calls 16824 65d0d6 16822->16824 16823 65d147 16825 65edda _free 20 API calls 16824->16825 16826 65d0f0 16825->16826 16827 65edda _free 20 API calls 16826->16827 16829 65d105 16826->16829 16826->16830 16827->16829 16828 65edda _free 20 API calls 16828->16830 16829->16828 16829->16830 16847 66006f 16830->16847 16864 664081 16831->16864 16833 65d082 16833->16810 16833->16811 16835 663fb6 _free 20 API calls 16834->16835 16836 65d0cf 16835->16836 16836->16822 16838 664b8a 16837->16838 16839 664b98 16837->16839 17254 664abe 16838->17254 17280 66ee20 16839->17280 16843 664b94 16843->16830 16844 664baf 16846 66006f _free 20 API calls 16844->16846 16845 664abe 28 API calls 16845->16844 16846->16843 16848 66007a HeapFree 16847->16848 16852 6600a3 _free 16847->16852 16849 66008f 16848->16849 16848->16852 16850 65edda _free 18 API calls 16849->16850 16851 660095 GetLastError 16850->16851 16851->16852 16852->16819 16854 658180 16853->16854 16855 658182 IsProcessorFeaturePresent 16853->16855 16854->16823 16857 658997 16855->16857 17317 65895b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16857->17317 16859 658a7a 16859->16823 16861 65cfc9 16860->16861 16862 65cdc7 _abort 8 API calls 16861->16862 16863 65cfde GetCurrentProcess TerminateProcess 16862->16863 16863->16816 16865 66408d ___scrt_is_nonwritable_in_current_image 16864->16865 16872 65e66b EnterCriticalSection 16865->16872 16867 664098 16873 6640dc 16867->16873 16871 6640c8 ___scrt_is_nonwritable_in_current_image 16871->16833 16872->16867 16874 6640fe 16873->16874 16875 6640eb 16873->16875 16874->16875 16878 664111 16874->16878 16876 65edda _free 20 API calls 16875->16876 16877 6640f0 16876->16877 16894 65cf91 16877->16894 16897 664181 16878->16897 16881 6640b4 16891 6640d3 16881->16891 16882 66411a 16882->16881 16883 664145 16882->16883 16884 664158 16882->16884 16885 65edda _free 20 API calls 16883->16885 16901 6631fc 16884->16901 16885->16881 16888 664174 16889 65cfbe _memcpy_s 11 API calls 16888->16889 16890 664180 16889->16890 17253 65e6b3 LeaveCriticalSection 16891->17253 16893 6640da 16893->16871 16910 65cf16 16894->16910 16896 65cf9d 16896->16881 16899 66418e 16897->16899 16898 6641e2 16898->16882 16899->16898 17029 66e81e 16899->17029 16902 663217 16901->16902 16903 663209 16901->16903 16904 65edda _free 20 API calls 16902->16904 16903->16902 16907 66322e 16903->16907 16905 66321f 16904->16905 16906 65cf91 _memcpy_s 26 API calls 16905->16906 16908 663229 16906->16908 16907->16908 16909 65edda _free 20 API calls 16907->16909 16908->16881 16908->16888 16909->16905 16921 663fb6 GetLastError 16910->16921 16913 65cf8b 16914 65cfbe _memcpy_s 11 API calls 16913->16914 16916 65cf90 16914->16916 16915 65cf3a 16919 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 16915->16919 16917 65cf16 _memcpy_s 26 API calls 16916->16917 16918 65cf9d 16917->16918 16918->16896 16920 65cf61 16919->16920 16920->16896 16922 663fcf 16921->16922 16923 663fd5 16921->16923 16940 66692f 16922->16940 16926 66402c SetLastError 16923->16926 16947 65e6dc 16923->16947 16930 65cf2c 16926->16930 16927 663fef 16931 66006f _free 17 API calls 16927->16931 16930->16913 16930->16915 16933 663ff5 16931->16933 16935 664023 SetLastError 16933->16935 16934 66400b 16963 663da4 16934->16963 16935->16930 16968 66663d 16940->16968 16943 66696e TlsGetValue 16944 666962 16943->16944 16945 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 16944->16945 16946 66697f 16945->16946 16946->16923 16948 65e6e9 16947->16948 16949 65e729 16948->16949 16950 65e714 HeapAlloc 16948->16950 16954 65e6fd ___crtLCMapStringA 16948->16954 16952 65edda _free 19 API calls 16949->16952 16951 65e727 16950->16951 16950->16954 16953 65e72e 16951->16953 16952->16953 16953->16927 16956 666985 16953->16956 16954->16949 16954->16950 16982 660e70 16954->16982 16957 66663d __Getcvt 5 API calls 16956->16957 16958 6669ac 16957->16958 16959 6669c7 TlsSetValue 16958->16959 16960 6669bb 16958->16960 16959->16960 16961 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 16960->16961 16962 664004 16961->16962 16962->16927 16962->16934 16997 663d7c 16963->16997 16969 66666d 16968->16969 16973 666669 16968->16973 16969->16943 16969->16944 16970 66668d 16970->16969 16972 666699 GetProcAddress 16970->16972 16974 6666a9 __crt_fast_encode_pointer 16972->16974 16973->16969 16973->16970 16975 6666d9 16973->16975 16974->16969 16976 6666fa LoadLibraryExW 16975->16976 16981 6666ef 16975->16981 16977 666717 GetLastError 16976->16977 16978 66672f 16976->16978 16977->16978 16979 666722 LoadLibraryExW 16977->16979 16980 666746 FreeLibrary 16978->16980 16978->16981 16979->16978 16980->16981 16981->16973 16987 660eb4 16982->16987 16984 660e86 16985 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 16984->16985 16986 660eb0 16985->16986 16986->16954 16988 660ec0 ___scrt_is_nonwritable_in_current_image 16987->16988 16993 65e66b EnterCriticalSection 16988->16993 16990 660ecb 16994 660efd 16990->16994 16992 660ef2 ___scrt_is_nonwritable_in_current_image 16992->16984 16993->16990 16995 65e6b3 std::_Lockit::~_Lockit LeaveCriticalSection 16994->16995 16996 660f04 16995->16996 16996->16992 17003 663cbc 16997->17003 16999 663da0 17000 663d2c 16999->17000 17013 663bc0 17000->17013 17004 663cc8 ___scrt_is_nonwritable_in_current_image 17003->17004 17009 65e66b EnterCriticalSection 17004->17009 17006 663cd2 17010 663cf8 17006->17010 17008 663cf0 ___scrt_is_nonwritable_in_current_image 17008->16999 17009->17006 17011 65e6b3 std::_Lockit::~_Lockit LeaveCriticalSection 17010->17011 17012 663d02 17011->17012 17012->17008 17014 663bcc ___scrt_is_nonwritable_in_current_image 17013->17014 17021 65e66b EnterCriticalSection 17014->17021 17016 663bd6 17022 663ee7 17016->17022 17018 663bee 17021->17016 17023 663ef6 __Getcvt 17022->17023 17025 663f1d __Getcvt 17022->17025 17023->17025 17025->17018 17030 66e832 17029->17030 17036 66e82c 17029->17036 17046 66e847 17030->17046 17033 672170 17066 67218d 17033->17066 17035 672135 17037 65edda _free 20 API calls 17035->17037 17036->17033 17036->17035 17038 672152 17036->17038 17039 67213a 17037->17039 17038->17033 17040 67215c 17038->17040 17041 65cf91 _memcpy_s 26 API calls 17039->17041 17042 65edda _free 20 API calls 17040->17042 17045 672145 17041->17045 17043 672161 17042->17043 17044 65cf91 _memcpy_s 26 API calls 17043->17044 17044->17045 17045->16899 17077 65d72e 17046->17077 17049 66e879 17051 65edda _free 20 API calls 17049->17051 17050 66e890 17053 66e8ab 17050->17053 17054 66e899 17050->17054 17052 66e87e 17051->17052 17057 65cf91 _memcpy_s 26 API calls 17052->17057 17055 66e8cb 17053->17055 17056 66e8b8 17053->17056 17058 65edda _free 20 API calls 17054->17058 17085 6724ec 17055->17085 17059 67218d 47 API calls 17056->17059 17061 66e842 17057->17061 17062 66e89e 17058->17062 17059->17061 17061->16899 17064 65cf91 _memcpy_s 26 API calls 17062->17064 17064->17061 17065 65edda _free 20 API calls 17065->17061 17067 67219f 17066->17067 17074 6721d7 ___ascii_strnicmp 17066->17074 17068 65d72e __cftof 38 API calls 17067->17068 17069 6721ad 17068->17069 17070 6721c7 17069->17070 17076 6721d9 17069->17076 17071 65edda _free 20 API calls 17070->17071 17072 6721cc 17071->17072 17073 65cf91 _memcpy_s 26 API calls 17072->17073 17073->17074 17074->17045 17075 660e12 47 API calls 17075->17076 17076->17074 17076->17075 17078 65d741 17077->17078 17079 65d74b 17077->17079 17078->17049 17078->17050 17078->17061 17079->17078 17090 663f32 GetLastError 17079->17090 17081 65d76c 17110 6657ab 17081->17110 17086 65d72e __cftof 38 API calls 17085->17086 17087 6724ff 17086->17087 17201 672244 17087->17201 17091 663f4e 17090->17091 17092 663f48 17090->17092 17094 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 17091->17094 17096 663f9d SetLastError 17091->17096 17093 66692f __Getcvt 11 API calls 17092->17093 17093->17091 17095 663f60 17094->17095 17097 663f68 17095->17097 17098 666985 __Getcvt 11 API calls 17095->17098 17096->17081 17099 66006f _free 20 API calls 17097->17099 17100 663f7d 17098->17100 17101 663f6e 17099->17101 17100->17097 17102 663f84 17100->17102 17103 663fa9 SetLastError 17101->17103 17104 663da4 __Getcvt 20 API calls 17102->17104 17118 6600f7 17103->17118 17106 663f8f 17104->17106 17107 66006f _free 20 API calls 17106->17107 17109 663f96 17107->17109 17109->17096 17109->17103 17111 65d785 17110->17111 17112 6657be 17110->17112 17114 6657d8 17111->17114 17112->17111 17168 66cff6 17112->17168 17115 665800 17114->17115 17116 6657eb 17114->17116 17115->17078 17116->17115 17188 66b4cc 17116->17188 17129 66931c 17118->17129 17121 660107 17123 660111 IsProcessorFeaturePresent 17121->17123 17128 66012f 17121->17128 17124 66011c 17123->17124 17159 65cdc7 17124->17159 17165 6612c1 17128->17165 17130 669259 _abort EnterCriticalSection LeaveCriticalSection 17129->17130 17131 6600fc 17130->17131 17131->17121 17132 669377 17131->17132 17133 669383 _abort 17132->17133 17134 663fb6 _free 20 API calls 17133->17134 17136 6693aa _abort 17133->17136 17139 6693b0 _abort 17133->17139 17134->17136 17135 6693fc 17137 65edda _free 20 API calls 17135->17137 17136->17135 17136->17139 17158 6693df 17136->17158 17138 669401 17137->17138 17140 65cf91 _memcpy_s 26 API calls 17138->17140 17142 65e66b _abort EnterCriticalSection 17139->17142 17144 669428 17139->17144 17140->17158 17141 672f29 _abort 5 API calls 17143 66957e 17141->17143 17142->17144 17143->17121 17146 669487 17144->17146 17148 66947f 17144->17148 17150 65e6b3 std::_Lockit::~_Lockit LeaveCriticalSection 17144->17150 17155 6694b2 17144->17155 17145 669537 _abort LeaveCriticalSection 17147 669506 17145->17147 17151 66936e _abort 38 API calls 17146->17151 17146->17155 17152 663f32 __Getcvt 38 API calls 17147->17152 17156 669515 17147->17156 17147->17158 17149 6612c1 _abort 28 API calls 17148->17149 17149->17146 17150->17148 17153 6694a8 17151->17153 17152->17156 17154 66936e _abort 38 API calls 17153->17154 17154->17155 17155->17145 17157 663f32 __Getcvt 38 API calls 17156->17157 17156->17158 17157->17158 17158->17141 17160 65cde3 _memcpy_s _abort 17159->17160 17161 65ce0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17160->17161 17164 65cee0 _abort 17161->17164 17162 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17163 65cefe 17162->17163 17163->17128 17164->17162 17166 66108c _abort 28 API calls 17165->17166 17167 660139 17166->17167 17169 66d002 ___scrt_is_nonwritable_in_current_image 17168->17169 17170 663f32 __Getcvt 38 API calls 17169->17170 17171 66d00b 17170->17171 17179 66d059 ___scrt_is_nonwritable_in_current_image 17171->17179 17180 65e66b EnterCriticalSection 17171->17180 17173 66d029 17181 66d06d 17173->17181 17178 6600f7 _abort 38 API calls 17178->17179 17179->17111 17180->17173 17182 66d03d 17181->17182 17183 66d07b __Getcvt 17181->17183 17185 66d05c 17182->17185 17183->17182 17184 66cda9 __Getcvt 20 API calls 17183->17184 17184->17182 17186 65e6b3 std::_Lockit::~_Lockit LeaveCriticalSection 17185->17186 17187 66d050 17186->17187 17187->17178 17187->17179 17189 66b4d8 ___scrt_is_nonwritable_in_current_image 17188->17189 17190 663f32 __Getcvt 38 API calls 17189->17190 17195 66b4e2 17190->17195 17193 66b566 ___scrt_is_nonwritable_in_current_image 17193->17115 17194 6600f7 _abort 38 API calls 17194->17195 17195->17193 17195->17194 17196 66006f _free 20 API calls 17195->17196 17197 65e66b EnterCriticalSection 17195->17197 17198 66b55d 17195->17198 17196->17195 17197->17195 17199 65e6b3 std::_Lockit::~_Lockit LeaveCriticalSection 17198->17199 17200 66b564 17199->17200 17200->17195 17203 672278 ___crtLCMapStringA 17201->17203 17202 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17204 66e8e1 17202->17204 17205 672366 MultiByteToWideChar 17203->17205 17206 67229f 17203->17206 17209 6722eb GetCPInfo 17203->17209 17204->17061 17204->17065 17205->17206 17207 672384 17205->17207 17206->17202 17208 6723a5 __alloca_probe_16 17207->17208 17224 6600a9 17207->17224 17212 6723f8 MultiByteToWideChar 17208->17212 17223 6724c9 17208->17223 17209->17206 17210 6722fa 17209->17210 17210->17205 17210->17206 17213 672414 MultiByteToWideChar 17212->17213 17212->17223 17215 67242e 17213->17215 17213->17223 17214 6575ad __freea 20 API calls 17214->17206 17216 6600a9 ___crtLCMapStringA 21 API calls 17215->17216 17219 67244f __alloca_probe_16 17215->17219 17216->17219 17217 6724bc 17241 6575ad 17217->17241 17218 67248c MultiByteToWideChar 17218->17217 17220 6724a3 17218->17220 17219->17217 17219->17218 17233 6667a2 17220->17233 17223->17214 17225 6600e7 17224->17225 17226 6600b7 17224->17226 17227 65edda _free 20 API calls 17225->17227 17228 6600d2 HeapAlloc 17226->17228 17229 6600bb ___crtLCMapStringA 17226->17229 17231 6600ec 17227->17231 17228->17229 17230 6600e5 17228->17230 17229->17225 17229->17228 17232 660e70 new 7 API calls 17229->17232 17230->17231 17231->17208 17232->17229 17245 666623 17233->17245 17238 6667be 17239 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17238->17239 17240 666810 17239->17240 17240->17217 17242 6575b7 17241->17242 17243 6575c8 17241->17243 17242->17243 17244 66006f _free 20 API calls 17242->17244 17243->17223 17244->17243 17246 66663d __Getcvt 5 API calls 17245->17246 17247 666639 17246->17247 17247->17238 17248 666c66 17247->17248 17249 66663d __Getcvt 5 API calls 17248->17249 17250 666c8d std::_Locinfo::_Locinfo_ctor 17249->17250 17251 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17250->17251 17252 6667fe CompareStringW 17251->17252 17252->17238 17253->16893 17255 664af3 17254->17255 17256 664ad8 17254->17256 17258 664aff 17255->17258 17259 664b1a GetFileAttributesExW 17255->17259 17304 65edc7 17256->17304 17262 65edc7 __dosmaperr 20 API calls 17258->17262 17260 664b2b GetLastError 17259->17260 17265 664b3a 17259->17265 17307 65eda4 17260->17307 17266 664b04 17262->17266 17264 65edda _free 20 API calls 17268 664ae5 17264->17268 17275 664aef 17265->17275 17276 65edc7 __dosmaperr 20 API calls 17265->17276 17269 65edda _free 20 API calls 17266->17269 17267 664b37 17272 65edda _free 20 API calls 17267->17272 17271 65cf91 _memcpy_s 26 API calls 17268->17271 17270 664b0c 17269->17270 17273 65cf91 _memcpy_s 26 API calls 17270->17273 17271->17275 17272->17275 17273->17275 17274 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17277 664b7a 17274->17277 17275->17274 17278 664b52 17276->17278 17277->16843 17279 65edda _free 20 API calls 17278->17279 17279->17267 17281 66ee43 17280->17281 17282 66ee2c 17280->17282 17284 66ee62 17281->17284 17285 66ee4b 17281->17285 17283 65edda _free 20 API calls 17282->17283 17286 66ee31 17283->17286 17312 666754 17284->17312 17287 65edda _free 20 API calls 17285->17287 17289 65cf91 _memcpy_s 26 API calls 17286->17289 17290 66ee50 17287->17290 17297 664ba9 17289->17297 17294 65cf91 _memcpy_s 26 API calls 17290->17294 17292 66ee98 17296 6600a9 ___crtLCMapStringA 21 API calls 17292->17296 17293 66ee88 GetLastError 17295 65eda4 __dosmaperr 20 API calls 17293->17295 17294->17297 17295->17297 17298 66eea0 17296->17298 17297->16844 17297->16845 17299 66eec8 17298->17299 17300 66eea7 MultiByteToWideChar 17298->17300 17302 66006f _free 20 API calls 17299->17302 17300->17299 17301 66eebc GetLastError 17300->17301 17303 65eda4 __dosmaperr 20 API calls 17301->17303 17302->17297 17303->17299 17305 663fb6 _free 20 API calls 17304->17305 17306 65edcc 17305->17306 17306->17264 17308 65edc7 __dosmaperr 20 API calls 17307->17308 17309 65edaf _free 17308->17309 17310 65edda _free 20 API calls 17309->17310 17311 65edc2 17310->17311 17311->17267 17313 66663d __Getcvt 5 API calls 17312->17313 17314 66677b 17313->17314 17315 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17314->17315 17316 66679e MultiByteToWideChar 17315->17316 17316->17292 17316->17293 17317->16859 21280 656e5a 21281 656e66 __EH_prolog3_GS 21280->21281 21284 656eb0 21281->21284 21285 656ece 21281->21285 21295 656e7d 21281->21295 21282 6583fd 5 API calls 21283 656f88 21282->21283 21297 655f25 21284->21297 21300 65f50e 21285->21300 21288 653990 27 API calls 21289 656ee6 21288->21289 21289->21288 21290 656f50 21289->21290 21291 65f50e 28 API calls 21289->21291 21289->21295 21296 656fc5 21289->21296 21334 654930 21289->21334 21320 6572ba 21290->21320 21291->21289 21295->21282 21296->21295 21339 65ffe3 21296->21339 21298 65f50e 28 API calls 21297->21298 21299 655f30 21298->21299 21299->21295 21301 65f51a ___scrt_is_nonwritable_in_current_image 21300->21301 21302 65f543 21301->21302 21303 65f52b 21301->21303 21352 65f1cd EnterCriticalSection 21302->21352 21305 65edda _free 20 API calls 21303->21305 21307 65f530 21305->21307 21306 65f54d 21309 65f5e3 21306->21309 21310 66621a _Fputc 26 API calls 21306->21310 21308 65cf91 _memcpy_s 26 API calls 21307->21308 21314 65f53b ___scrt_is_nonwritable_in_current_image @_EH4_CallFilterFunc@8 21308->21314 21353 65f4d2 21309->21353 21315 65f566 21310->21315 21312 65f5e9 21360 65f606 21312->21360 21314->21289 21315->21309 21316 65f5bb 21315->21316 21317 65edda _free 20 API calls 21316->21317 21318 65f5c0 21317->21318 21319 65cf91 _memcpy_s 26 API calls 21318->21319 21319->21314 21321 6572c9 21320->21321 21329 6572c5 _memcpy_s 21320->21329 21322 6572d0 21321->21322 21323 6572e3 _memcpy_s 21321->21323 21324 65edda _free 20 API calls 21322->21324 21327 657311 21323->21327 21328 65731a 21323->21328 21323->21329 21325 6572d5 21324->21325 21326 65cf91 _memcpy_s 26 API calls 21325->21326 21326->21329 21330 65edda _free 20 API calls 21327->21330 21328->21329 21332 65edda _free 20 API calls 21328->21332 21329->21295 21331 657316 21330->21331 21333 65cf91 _memcpy_s 26 API calls 21331->21333 21332->21331 21333->21329 21335 6549bf 21334->21335 21338 654941 ___BuildCatchObject 21334->21338 21336 6557d9 std::ios_base::failure::failure 27 API calls 21335->21336 21337 6549c9 21336->21337 21338->21289 21340 65ffef ___scrt_is_nonwritable_in_current_image 21339->21340 21341 660012 21340->21341 21342 65fffd 21340->21342 21364 65f1cd EnterCriticalSection 21341->21364 21344 65edda _free 20 API calls 21342->21344 21346 660002 21344->21346 21345 66001c 21365 65fef4 21345->21365 21348 65cf91 _memcpy_s 26 API calls 21346->21348 21351 66000d ___scrt_is_nonwritable_in_current_image 21348->21351 21351->21296 21352->21306 21354 65f4de 21353->21354 21357 65f4f3 21353->21357 21355 65edda _free 20 API calls 21354->21355 21356 65f4e3 21355->21356 21358 65cf91 _memcpy_s 26 API calls 21356->21358 21357->21312 21359 65f4ee 21358->21359 21359->21312 21363 65f1e1 LeaveCriticalSection 21360->21363 21362 65f60e 21362->21314 21363->21362 21364->21345 21366 65ff0a 21365->21366 21368 65ff75 21365->21368 21367 66621a _Fputc 26 API calls 21366->21367 21372 65ff10 21367->21372 21369 6691a2 _Ungetc 21 API calls 21368->21369 21370 65ff70 21368->21370 21369->21370 21376 66004b 21370->21376 21371 65ff60 21373 65edda _free 20 API calls 21371->21373 21372->21368 21372->21371 21374 65ff65 21373->21374 21375 65cf91 _memcpy_s 26 API calls 21374->21375 21375->21370 21379 65f1e1 LeaveCriticalSection 21376->21379 21378 660051 21378->21351 21379->21378 21428 662222 21429 66222e ___scrt_is_nonwritable_in_current_image 21428->21429 21430 662265 ___scrt_is_nonwritable_in_current_image 21429->21430 21436 65e66b EnterCriticalSection 21429->21436 21432 662242 21433 66d06d __Getcvt 20 API calls 21432->21433 21434 662252 21433->21434 21437 66226b 21434->21437 21436->21432 21440 65e6b3 LeaveCriticalSection 21437->21440 21439 662272 21439->21430 21440->21439 21441 656e22 21442 656e4e 21441->21442 21443 656e2c 21441->21443 21443->21442 21445 65f479 21443->21445 21446 65f485 ___scrt_is_nonwritable_in_current_image 21445->21446 21447 65f495 21446->21447 21448 65f48c 21446->21448 21456 65f1cd EnterCriticalSection 21447->21456 21449 65f3a1 66 API calls 21448->21449 21454 65f492 ___scrt_is_nonwritable_in_current_image 21449->21454 21451 65f49f 21457 65f351 21451->21457 21454->21442 21456->21451 21458 65f367 21457->21458 21459 65f35e 21457->21459 21461 65f2eb 62 API calls 21458->21461 21460 65f3a1 66 API calls 21459->21460 21463 65f364 21460->21463 21462 65f36d 21461->21462 21462->21463 21464 66621a _Fputc 26 API calls 21462->21464 21467 65f4ca 21463->21467 21465 65f387 21464->21465 21470 667e38 21465->21470 21503 65f1e1 LeaveCriticalSection 21467->21503 21469 65f4d0 21469->21454 21471 667e47 21470->21471 21475 667e54 21470->21475 21472 65edda _free 20 API calls 21471->21472 21480 667e4c 21472->21480 21473 667e8f 21474 65edda _free 20 API calls 21473->21474 21476 667e94 21474->21476 21475->21473 21477 667e7b 21475->21477 21478 65cf91 _memcpy_s 26 API calls 21476->21478 21481 667e10 21477->21481 21478->21480 21480->21463 21484 667d78 21481->21484 21483 667e34 21483->21480 21485 667d84 ___scrt_is_nonwritable_in_current_image 21484->21485 21498 66bfc1 EnterCriticalSection 21485->21498 21487 667dda 21490 65edda _free 20 API calls 21487->21490 21488 667d93 21488->21487 21489 66c098 26 API calls 21488->21489 21491 667dbf FlushFileBuffers 21489->21491 21492 667ddf 21490->21492 21491->21492 21493 667dcb 21491->21493 21499 667e04 21492->21499 21494 65edc7 __dosmaperr 20 API calls 21493->21494 21497 667dd0 GetLastError 21494->21497 21496 667df7 ___scrt_is_nonwritable_in_current_image 21496->21483 21497->21487 21498->21488 21502 66bfe4 LeaveCriticalSection 21499->21502 21501 667e0e 21501->21496 21502->21501 21503->21469 22005 66872f 22006 66873c 22005->22006 22010 668754 22005->22010 22007 65edda _free 20 API calls 22006->22007 22008 668741 22007->22008 22009 65cf91 _memcpy_s 26 API calls 22008->22009 22017 66874c 22009->22017 22011 6687af 22010->22011 22012 6691a2 _Ungetc 21 API calls 22010->22012 22010->22017 22013 66621a _Fputc 26 API calls 22011->22013 22012->22011 22014 6687c7 22013->22014 22025 670b3a 22014->22025 22016 6687ce 22016->22017 22018 66621a _Fputc 26 API calls 22016->22018 22019 6687fa 22018->22019 22019->22017 22020 66621a _Fputc 26 API calls 22019->22020 22021 668808 22020->22021 22021->22017 22022 66621a _Fputc 26 API calls 22021->22022 22023 668818 22022->22023 22024 66621a _Fputc 26 API calls 22023->22024 22024->22017 22026 670b46 ___scrt_is_nonwritable_in_current_image 22025->22026 22027 670b66 22026->22027 22028 670b4e 22026->22028 22030 670c2c 22027->22030 22035 670b9f 22027->22035 22029 65edc7 __dosmaperr 20 API calls 22028->22029 22032 670b53 22029->22032 22031 65edc7 __dosmaperr 20 API calls 22030->22031 22033 670c31 22031->22033 22034 65edda _free 20 API calls 22032->22034 22038 65edda _free 20 API calls 22033->22038 22048 670b5b ___scrt_is_nonwritable_in_current_image 22034->22048 22036 670bc3 22035->22036 22037 670bae 22035->22037 22055 66bfc1 EnterCriticalSection 22036->22055 22039 65edc7 __dosmaperr 20 API calls 22037->22039 22041 670bbb 22038->22041 22042 670bb3 22039->22042 22047 65cf91 _memcpy_s 26 API calls 22041->22047 22044 65edda _free 20 API calls 22042->22044 22043 670bc9 22045 670be5 22043->22045 22046 670bfa 22043->22046 22044->22041 22049 65edda _free 20 API calls 22045->22049 22056 670c4d 22046->22056 22047->22048 22048->22016 22051 670bea 22049->22051 22053 65edc7 __dosmaperr 20 API calls 22051->22053 22052 670bf5 22119 670c24 22052->22119 22053->22052 22055->22043 22057 670c77 22056->22057 22058 670c5f 22056->22058 22060 670fe1 22057->22060 22071 670cbc 22057->22071 22059 65edc7 __dosmaperr 20 API calls 22058->22059 22061 670c64 22059->22061 22062 65edc7 __dosmaperr 20 API calls 22060->22062 22063 65edda _free 20 API calls 22061->22063 22064 670fe6 22062->22064 22065 670c6c 22063->22065 22066 65edda _free 20 API calls 22064->22066 22065->22052 22069 670cd4 22066->22069 22067 670cc7 22068 65edc7 __dosmaperr 20 API calls 22067->22068 22070 670ccc 22068->22070 22073 65cf91 _memcpy_s 26 API calls 22069->22073 22074 65edda _free 20 API calls 22070->22074 22071->22065 22071->22067 22072 670cf7 22071->22072 22075 670d10 22072->22075 22076 670d36 22072->22076 22077 670d52 22072->22077 22073->22065 22074->22069 22075->22076 22084 670d1d 22075->22084 22078 65edc7 __dosmaperr 20 API calls 22076->22078 22080 6600a9 ___crtLCMapStringA 21 API calls 22077->22080 22079 670d3b 22078->22079 22082 65edda _free 20 API calls 22079->22082 22081 670d69 22080->22081 22085 66006f _free 20 API calls 22081->22085 22086 670d42 22082->22086 22083 670369 26 API calls 22087 670ebb 22083->22087 22084->22083 22088 670d72 22085->22088 22089 65cf91 _memcpy_s 26 API calls 22086->22089 22090 670f31 22087->22090 22093 670ed4 GetConsoleMode 22087->22093 22091 66006f _free 20 API calls 22088->22091 22118 670d4d 22089->22118 22092 670f35 ReadFile 22090->22092 22094 670d79 22091->22094 22095 670f4f 22092->22095 22096 670fa9 GetLastError 22092->22096 22093->22090 22097 670ee5 22093->22097 22098 670d83 22094->22098 22099 670d9e 22094->22099 22095->22096 22102 670f26 22095->22102 22100 670fb6 22096->22100 22101 670f0d 22096->22101 22097->22092 22103 670eeb ReadConsoleW 22097->22103 22105 65edda _free 20 API calls 22098->22105 22107 669187 28 API calls 22099->22107 22106 65edda _free 20 API calls 22100->22106 22109 65eda4 __dosmaperr 20 API calls 22101->22109 22101->22118 22114 670f74 22102->22114 22115 670f8b 22102->22115 22102->22118 22103->22102 22108 670f07 GetLastError 22103->22108 22104 66006f _free 20 API calls 22104->22065 22110 670d88 22105->22110 22111 670fbb 22106->22111 22107->22084 22108->22101 22109->22118 22112 65edc7 __dosmaperr 20 API calls 22110->22112 22113 65edc7 __dosmaperr 20 API calls 22111->22113 22112->22118 22113->22118 22122 670969 22114->22122 22115->22118 22134 6707a9 22115->22134 22118->22104 22144 66bfe4 LeaveCriticalSection 22119->22144 22121 670c2a 22121->22048 22139 670652 22122->22139 22125 670a82 GetLastError 22126 65eda4 __dosmaperr 20 API calls 22125->22126 22130 6709b1 22126->22130 22127 670a09 22132 6709c4 MultiByteToWideChar 22127->22132 22133 669187 28 API calls 22127->22133 22128 6709f9 22131 65edda _free 20 API calls 22128->22131 22130->22118 22131->22130 22132->22125 22132->22130 22133->22132 22137 6707e1 22134->22137 22135 670939 22135->22118 22136 670871 ReadFile 22136->22137 22137->22135 22137->22136 22138 669187 28 API calls 22137->22138 22138->22137 22142 670687 22139->22142 22140 67077d 22140->22127 22140->22128 22140->22130 22140->22132 22141 6706ed ReadFile 22141->22142 22142->22140 22142->22141 22143 669187 28 API calls 22142->22143 22143->22142 22144->22121 20612 65f13b 20622 65f398 20612->20622 20616 65f148 20635 667b3a 20616->20635 20619 65f172 20620 66006f _free 20 API calls 20619->20620 20621 65f17d 20620->20621 20639 65f3a1 20622->20639 20624 65f143 20625 667a9a 20624->20625 20626 667aa6 ___scrt_is_nonwritable_in_current_image 20625->20626 20659 65e66b EnterCriticalSection 20626->20659 20628 667b1c 20673 667b31 20628->20673 20629 667ab1 20629->20628 20631 667af0 DeleteCriticalSection 20629->20631 20660 65f26b 20629->20660 20634 66006f _free 20 API calls 20631->20634 20632 667b28 ___scrt_is_nonwritable_in_current_image 20632->20616 20634->20629 20636 65f157 DeleteCriticalSection 20635->20636 20637 667b50 20635->20637 20636->20616 20636->20619 20637->20636 20638 66006f _free 20 API calls 20637->20638 20638->20636 20640 65f3ad ___scrt_is_nonwritable_in_current_image 20639->20640 20649 65e66b EnterCriticalSection 20640->20649 20642 65f450 20654 65f470 20642->20654 20645 65f45c ___scrt_is_nonwritable_in_current_image 20645->20624 20647 65f351 66 API calls 20648 65f3bc 20647->20648 20648->20642 20648->20647 20650 65f1cd EnterCriticalSection 20648->20650 20651 65f446 20648->20651 20649->20648 20650->20648 20657 65f1e1 LeaveCriticalSection 20651->20657 20653 65f44e 20653->20648 20658 65e6b3 LeaveCriticalSection 20654->20658 20656 65f477 20656->20645 20657->20653 20658->20656 20659->20629 20661 65f277 ___scrt_is_nonwritable_in_current_image 20660->20661 20662 65f29d 20661->20662 20663 65f288 20661->20663 20665 65f298 ___scrt_is_nonwritable_in_current_image 20662->20665 20676 65f1cd EnterCriticalSection 20662->20676 20664 65edda _free 20 API calls 20663->20664 20666 65f28d 20664->20666 20665->20629 20668 65cf91 _memcpy_s 26 API calls 20666->20668 20668->20665 20669 65f2b9 20677 65f1f5 20669->20677 20671 65f2c4 20693 65f2e1 20671->20693 20755 65e6b3 LeaveCriticalSection 20673->20755 20675 667b38 20675->20632 20676->20669 20678 65f217 20677->20678 20679 65f202 20677->20679 20682 65f2eb 62 API calls 20678->20682 20686 65f212 20678->20686 20680 65edda _free 20 API calls 20679->20680 20681 65f207 20680->20681 20684 65cf91 _memcpy_s 26 API calls 20681->20684 20683 65f22b 20682->20683 20685 667b3a 20 API calls 20683->20685 20684->20686 20687 65f233 20685->20687 20686->20671 20688 66621a _Fputc 26 API calls 20687->20688 20689 65f239 20688->20689 20696 667c22 20689->20696 20692 66006f _free 20 API calls 20692->20686 20754 65f1e1 LeaveCriticalSection 20693->20754 20695 65f2e9 20695->20665 20697 667c46 20696->20697 20698 667c31 20696->20698 20699 667c81 20697->20699 20703 667c6d 20697->20703 20700 65edc7 __dosmaperr 20 API calls 20698->20700 20701 65edc7 __dosmaperr 20 API calls 20699->20701 20702 667c36 20700->20702 20704 667c86 20701->20704 20705 65edda _free 20 API calls 20702->20705 20711 667bfa 20703->20711 20707 65edda _free 20 API calls 20704->20707 20708 65f23f 20705->20708 20709 667c8e 20707->20709 20708->20686 20708->20692 20710 65cf91 _memcpy_s 26 API calls 20709->20710 20710->20708 20714 667b78 20711->20714 20715 667b84 ___scrt_is_nonwritable_in_current_image 20714->20715 20725 66bfc1 EnterCriticalSection 20715->20725 20717 667b92 20718 667bc4 20717->20718 20719 667bb9 20717->20719 20721 65edda _free 20 API calls 20718->20721 20726 667ca1 20719->20726 20722 667bbf 20721->20722 20741 667bee 20722->20741 20724 667be1 ___scrt_is_nonwritable_in_current_image 20725->20717 20727 66c098 26 API calls 20726->20727 20729 667cb1 20727->20729 20728 667cb7 20744 66c007 20728->20744 20729->20728 20731 667ce9 20729->20731 20734 66c098 26 API calls 20729->20734 20731->20728 20732 66c098 26 API calls 20731->20732 20735 667cf5 CloseHandle 20732->20735 20737 667ce0 20734->20737 20735->20728 20738 66c098 26 API calls 20737->20738 20738->20731 20753 66bfe4 LeaveCriticalSection 20741->20753 20743 667bf8 20743->20724 20745 66c016 20744->20745 20746 66c07d 20744->20746 20745->20746 20753->20743 20754->20695 20755->20675 17318 668e01 17333 66621a 17318->17333 17320 668e0f 17321 668e3c 17320->17321 17322 668e1d 17320->17322 17323 668e49 17321->17323 17330 668e56 17321->17330 17324 65edda _free 20 API calls 17322->17324 17325 65edda _free 20 API calls 17323->17325 17328 668e22 17324->17328 17325->17328 17326 668ee6 17340 668f12 17326->17340 17330->17326 17330->17328 17331 668ed9 17330->17331 17351 670369 17330->17351 17331->17326 17360 6691a2 17331->17360 17334 666226 17333->17334 17335 66623b 17333->17335 17336 65edda _free 20 API calls 17334->17336 17335->17320 17337 66622b 17336->17337 17338 65cf91 _memcpy_s 26 API calls 17337->17338 17339 666236 17338->17339 17339->17320 17341 66621a _Fputc 26 API calls 17340->17341 17342 668f21 17341->17342 17343 668fc5 17342->17343 17344 668f33 17342->17344 17365 668438 17343->17365 17346 668f50 17344->17346 17348 668f76 17344->17348 17347 668438 62 API calls 17346->17347 17349 668f5d 17347->17349 17348->17349 17390 66916c 17348->17390 17349->17328 17352 670376 17351->17352 17353 670383 17351->17353 17354 65edda _free 20 API calls 17352->17354 17355 67038f 17353->17355 17356 65edda _free 20 API calls 17353->17356 17357 67037b 17354->17357 17355->17331 17358 6703b0 17356->17358 17357->17331 17359 65cf91 _memcpy_s 26 API calls 17358->17359 17359->17357 17361 6600a9 ___crtLCMapStringA 21 API calls 17360->17361 17362 6691bd 17361->17362 17363 66006f _free 20 API calls 17362->17363 17364 6691c7 17363->17364 17364->17326 17366 668444 ___scrt_is_nonwritable_in_current_image 17365->17366 17367 668464 17366->17367 17368 66844c 17366->17368 17370 668502 17367->17370 17375 668499 17367->17375 17369 65edc7 __dosmaperr 20 API calls 17368->17369 17371 668451 17369->17371 17372 65edc7 __dosmaperr 20 API calls 17370->17372 17373 65edda _free 20 API calls 17371->17373 17374 668507 17372->17374 17376 668459 ___scrt_is_nonwritable_in_current_image 17373->17376 17377 65edda _free 20 API calls 17374->17377 17393 66bfc1 EnterCriticalSection 17375->17393 17376->17349 17379 66850f 17377->17379 17381 65cf91 _memcpy_s 26 API calls 17379->17381 17380 66849f 17382 6684d0 17380->17382 17383 6684bb 17380->17383 17381->17376 17394 668523 17382->17394 17384 65edda _free 20 API calls 17383->17384 17386 6684c0 17384->17386 17388 65edc7 __dosmaperr 20 API calls 17386->17388 17387 6684cb 17447 6684fa 17387->17447 17388->17387 17526 668fe9 17390->17526 17392 669182 17392->17349 17393->17380 17395 668551 17394->17395 17432 66854a 17394->17432 17396 668574 17395->17396 17397 668555 17395->17397 17400 6685c5 17396->17400 17401 6685a8 17396->17401 17399 65edc7 __dosmaperr 20 API calls 17397->17399 17398 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17402 66872b 17398->17402 17403 66855a 17399->17403 17406 6685db 17400->17406 17464 669187 17400->17464 17404 65edc7 __dosmaperr 20 API calls 17401->17404 17402->17387 17405 65edda _free 20 API calls 17403->17405 17407 6685ad 17404->17407 17408 668561 17405->17408 17450 6680c8 17406->17450 17411 65edda _free 20 API calls 17407->17411 17412 65cf91 _memcpy_s 26 API calls 17408->17412 17414 6685b5 17411->17414 17412->17432 17419 65cf91 _memcpy_s 26 API calls 17414->17419 17415 668622 17420 668636 17415->17420 17421 66867c WriteFile 17415->17421 17416 6685e9 17417 66860f 17416->17417 17418 6685ed 17416->17418 17472 667ea8 GetConsoleCP 17417->17472 17422 6686e3 17418->17422 17467 66805b 17418->17467 17419->17432 17425 66863e 17420->17425 17426 66866c 17420->17426 17424 66869f GetLastError 17421->17424 17436 66865a 17421->17436 17422->17432 17433 65edda _free 20 API calls 17422->17433 17424->17436 17429 668643 17425->17429 17430 66865c 17425->17430 17457 66813e 17426->17457 17429->17422 17435 66864c 17429->17435 17490 66830b 17430->17490 17432->17398 17437 668708 17433->17437 17434 668605 17434->17422 17434->17432 17438 6686bf 17434->17438 17483 66821d 17435->17483 17436->17434 17440 65edc7 __dosmaperr 20 API calls 17437->17440 17441 6686c6 17438->17441 17442 6686da 17438->17442 17440->17432 17444 65edda _free 20 API calls 17441->17444 17443 65eda4 __dosmaperr 20 API calls 17442->17443 17443->17432 17445 6686cb 17444->17445 17446 65edc7 __dosmaperr 20 API calls 17445->17446 17446->17432 17525 66bfe4 LeaveCriticalSection 17447->17525 17449 668500 17449->17376 17451 670369 26 API calls 17450->17451 17452 6680d8 17451->17452 17453 6680dd 17452->17453 17454 663f32 __Getcvt 38 API calls 17452->17454 17453->17415 17453->17416 17455 668100 17454->17455 17455->17453 17456 66811e GetConsoleMode 17455->17456 17456->17453 17462 66814d 17457->17462 17458 668200 17459 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17458->17459 17461 668219 17459->17461 17460 6681bf WriteFile 17460->17462 17463 668202 GetLastError 17460->17463 17461->17434 17462->17458 17462->17460 17463->17458 17498 6690ee 17464->17498 17470 6680b5 17467->17470 17471 668080 17467->17471 17468 6680b7 GetLastError 17468->17470 17469 67060d WriteConsoleW CreateFileW 17469->17471 17470->17434 17471->17468 17471->17469 17471->17470 17477 66801d 17472->17477 17481 667f0b 17472->17481 17473 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17474 668057 17473->17474 17474->17434 17476 665653 40 API calls __fassign 17476->17481 17477->17473 17478 667f91 WideCharToMultiByte 17478->17477 17479 667fb7 WriteFile 17478->17479 17480 668040 GetLastError 17479->17480 17479->17481 17480->17477 17481->17476 17481->17477 17481->17478 17482 667fe8 WriteFile 17481->17482 17520 65e739 17481->17520 17482->17480 17482->17481 17488 66822c 17483->17488 17484 6682ee 17485 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17484->17485 17487 668307 17485->17487 17486 6682aa WriteFile 17486->17488 17489 6682f0 GetLastError 17486->17489 17487->17436 17488->17484 17488->17486 17489->17484 17495 66831a 17490->17495 17491 668425 17492 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 17491->17492 17493 668434 17492->17493 17493->17436 17494 66839c WideCharToMultiByte 17496 6683d1 WriteFile 17494->17496 17497 66841d GetLastError 17494->17497 17495->17491 17495->17494 17495->17496 17496->17495 17496->17497 17497->17491 17507 66c098 17498->17507 17500 669100 17501 669108 17500->17501 17502 669119 SetFilePointerEx 17500->17502 17505 65edda _free 20 API calls 17501->17505 17503 66910d 17502->17503 17504 669131 GetLastError 17502->17504 17503->17406 17506 65eda4 __dosmaperr 20 API calls 17504->17506 17505->17503 17506->17503 17508 66c0a5 17507->17508 17509 66c0ba 17507->17509 17510 65edc7 __dosmaperr 20 API calls 17508->17510 17511 65edc7 __dosmaperr 20 API calls 17509->17511 17513 66c0df 17509->17513 17512 66c0aa 17510->17512 17514 66c0ea 17511->17514 17515 65edda _free 20 API calls 17512->17515 17513->17500 17516 65edda _free 20 API calls 17514->17516 17518 66c0b2 17515->17518 17517 66c0f2 17516->17517 17519 65cf91 _memcpy_s 26 API calls 17517->17519 17518->17500 17519->17518 17521 663f32 __Getcvt 38 API calls 17520->17521 17522 65e744 17521->17522 17523 6657ab __Getcvt 38 API calls 17522->17523 17524 65e754 17523->17524 17524->17481 17525->17449 17527 668ff5 ___scrt_is_nonwritable_in_current_image 17526->17527 17528 669015 17527->17528 17529 668ffd 17527->17529 17530 6690c9 17528->17530 17534 66904d 17528->17534 17531 65edc7 __dosmaperr 20 API calls 17529->17531 17532 65edc7 __dosmaperr 20 API calls 17530->17532 17533 669002 17531->17533 17535 6690ce 17532->17535 17536 65edda _free 20 API calls 17533->17536 17551 66bfc1 EnterCriticalSection 17534->17551 17538 65edda _free 20 API calls 17535->17538 17545 66900a ___scrt_is_nonwritable_in_current_image 17536->17545 17540 6690d6 17538->17540 17539 669053 17541 669077 17539->17541 17542 66908c 17539->17542 17543 65cf91 _memcpy_s 26 API calls 17540->17543 17544 65edda _free 20 API calls 17541->17544 17546 6690ee 28 API calls 17542->17546 17543->17545 17547 66907c 17544->17547 17545->17392 17548 669087 17546->17548 17549 65edc7 __dosmaperr 20 API calls 17547->17549 17552 6690c1 17548->17552 17549->17548 17551->17539 17555 66bfe4 LeaveCriticalSection 17552->17555 17554 6690c7 17554->17545 17555->17554 21630 663e1d 21631 663e38 21630->21631 21632 663e28 21630->21632 21636 663e3e 21632->21636 21637 663e51 21636->21637 21638 663e57 21636->21638 21639 66006f _free 20 API calls 21637->21639 21640 66006f _free 20 API calls 21638->21640 21639->21638 21641 663e63 21640->21641 21642 66006f _free 20 API calls 21641->21642 21643 663e6e 21642->21643 21644 66006f _free 20 API calls 21643->21644 21645 663e79 21644->21645 21646 66006f _free 20 API calls 21645->21646 21647 663e84 21646->21647 21648 66006f _free 20 API calls 21647->21648 21649 663e8f 21648->21649 21650 66006f _free 20 API calls 21649->21650 21651 663e9a 21650->21651 21652 66006f _free 20 API calls 21651->21652 21653 663ea5 21652->21653 21654 66006f _free 20 API calls 21653->21654 21655 663eb0 21654->21655 21656 66006f _free 20 API calls 21655->21656 21657 663ebe 21656->21657 21662 663d04 21657->21662 21668 663c10 21662->21668 21664 663d28 21665 663d54 21664->21665 21681 663c71 21665->21681 21669 663c1c ___scrt_is_nonwritable_in_current_image 21668->21669 21676 65e66b EnterCriticalSection 21669->21676 21671 663c50 21677 663c65 21671->21677 21672 663c26 21672->21671 21675 66006f _free 20 API calls 21672->21675 21674 663c5d ___scrt_is_nonwritable_in_current_image 21674->21664 21675->21671 21676->21672 21680 65e6b3 LeaveCriticalSection 21677->21680 21679 663c6f 21679->21674 21680->21679 21682 663c7d ___scrt_is_nonwritable_in_current_image 21681->21682 21689 65e66b EnterCriticalSection 21682->21689 21684 663c87 21685 663ee7 __Getcvt 20 API calls 21684->21685 21686 663c9a 21685->21686 21690 663cb0 21686->21690 21688 663ca8 ___scrt_is_nonwritable_in_current_image 21689->21684 21693 65e6b3 LeaveCriticalSection 21690->21693 21692 663cba 21692->21688 21693->21692 20002 656ce0 20003 656d02 20002->20003 20011 656d42 fpos 20002->20011 20012 656428 20003->20012 20007 656d17 20008 656d2f 20007->20008 20007->20011 20031 65fa8d 20007->20031 20008->20011 20034 65f610 20008->20034 20015 656434 __EH_prolog3_GS 20012->20015 20013 6583fd 5 API calls 20014 656545 20013->20014 20014->20011 20021 65f798 20014->20021 20016 653ca0 27 API calls 20015->20016 20017 656466 20015->20017 20019 656487 20016->20019 20017->20013 20019->20017 20045 65fce0 20019->20045 20054 653990 20019->20054 20022 65f7a3 20021->20022 20023 65f7b8 20021->20023 20025 65edda _free 20 API calls 20022->20025 20023->20022 20024 65f7bf 20023->20024 20027 65fa8d 64 API calls 20024->20027 20026 65f7a8 20025->20026 20028 65cf91 _memcpy_s 26 API calls 20026->20028 20029 65f7ce 20027->20029 20030 65f7b3 20028->20030 20029->20007 20030->20007 20122 65f854 20031->20122 20033 65faa3 20033->20008 20035 65f630 20034->20035 20036 65f61b 20034->20036 20038 65f648 20035->20038 20040 65edda _free 20 API calls 20035->20040 20037 65edda _free 20 API calls 20036->20037 20039 65f620 20037->20039 20038->20011 20041 65cf91 _memcpy_s 26 API calls 20039->20041 20042 65f63d 20040->20042 20043 65f62b 20041->20043 20044 65cf91 _memcpy_s 26 API calls 20042->20044 20043->20011 20044->20038 20046 65fcee 20045->20046 20051 65fd0a 20045->20051 20047 65fd10 20046->20047 20048 65fcfa 20046->20048 20046->20051 20069 65faf9 20047->20069 20050 65edda _free 20 API calls 20048->20050 20052 65fcff 20050->20052 20051->20019 20053 65cf91 _memcpy_s 26 API calls 20052->20053 20053->20051 20055 653a20 20054->20055 20056 6557b9 std::ios_base::failure::failure 27 API calls 20055->20056 20057 653a2a 20056->20057 20058 6557b9 std::ios_base::failure::failure 27 API calls 20057->20058 20065 653a34 20058->20065 20059 653ab7 20062 653b59 20059->20062 20063 653acc 20059->20063 20068 653ada _memcpy_s 20059->20068 20060 653b4f 20061 6557b9 std::ios_base::failure::failure 27 API calls 20060->20061 20061->20062 20064 6557b9 std::ios_base::failure::failure 27 API calls 20062->20064 20067 6526f0 std::ios_base::failure::failure 27 API calls 20063->20067 20063->20068 20066 653b63 20064->20066 20065->20059 20065->20060 20067->20068 20068->20019 20072 65faa8 20069->20072 20071 65fb1d 20071->20051 20073 65fab4 ___scrt_is_nonwritable_in_current_image 20072->20073 20080 65f1cd EnterCriticalSection 20073->20080 20075 65fac2 20081 65fb21 20075->20081 20079 65fae0 ___scrt_is_nonwritable_in_current_image 20079->20071 20080->20075 20091 666255 20081->20091 20088 65faed 20121 65f1e1 LeaveCriticalSection 20088->20121 20090 65faf7 20090->20079 20092 66621a _Fputc 26 API calls 20091->20092 20093 666264 20092->20093 20094 670369 26 API calls 20093->20094 20095 66626a 20094->20095 20096 6600a9 ___crtLCMapStringA 21 API calls 20095->20096 20099 65fb36 20095->20099 20097 6662c9 20096->20097 20098 66006f _free 20 API calls 20097->20098 20098->20099 20100 65fb67 20099->20100 20103 65fb79 20100->20103 20106 65fb51 20100->20106 20101 65fb87 20102 65edda _free 20 API calls 20101->20102 20104 65fb8c 20102->20104 20103->20101 20103->20106 20109 65fbb2 _memcpy_s _Fputc 20103->20109 20105 65cf91 _memcpy_s 26 API calls 20104->20105 20105->20106 20111 66630a 20106->20111 20108 66621a _Fputc 26 API calls 20108->20109 20109->20106 20109->20108 20110 668438 62 API calls 20109->20110 20115 65f2eb 20109->20115 20110->20109 20112 666315 20111->20112 20113 65facf 20111->20113 20112->20113 20114 65f2eb 62 API calls 20112->20114 20113->20088 20114->20113 20116 65f303 20115->20116 20120 65f2ff 20115->20120 20117 66621a _Fputc 26 API calls 20116->20117 20116->20120 20118 65f323 20117->20118 20119 668438 62 API calls 20118->20119 20119->20120 20120->20109 20121->20090 20126 65f860 ___scrt_is_nonwritable_in_current_image 20122->20126 20123 65f86c 20124 65edda _free 20 API calls 20123->20124 20127 65f871 20124->20127 20125 65f892 20135 65f1cd EnterCriticalSection 20125->20135 20126->20123 20126->20125 20130 65cf91 _memcpy_s 26 API calls 20127->20130 20129 65f89e 20136 65f9b4 20129->20136 20134 65f87c ___scrt_is_nonwritable_in_current_image 20130->20134 20132 65f8b2 20147 65f8d1 20132->20147 20134->20033 20135->20129 20137 65f9d6 20136->20137 20138 65f9c6 20136->20138 20150 65f8db 20137->20150 20139 65edda _free 20 API calls 20138->20139 20141 65f9cb 20139->20141 20141->20132 20142 65f9f9 20143 65fa78 20142->20143 20144 65f2eb 62 API calls 20142->20144 20143->20132 20145 65fa20 20144->20145 20146 669187 28 API calls 20145->20146 20146->20143 20154 65f1e1 LeaveCriticalSection 20147->20154 20149 65f8d9 20149->20134 20151 65f8ee 20150->20151 20152 65f8e7 20150->20152 20151->20152 20153 669187 28 API calls 20151->20153 20152->20142 20153->20152 20154->20149 20986 656dca 20987 656dd6 20986->20987 20988 656e0d 20986->20988 20992 65fe7e 20987->20992 20991 6565eb 26 API calls 20991->20988 20993 65fe90 20992->20993 20995 65fea5 20992->20995 20994 65edda _free 20 API calls 20993->20994 20996 65fe95 20994->20996 20995->20993 20997 65fecc 20995->20997 20998 65cf91 _memcpy_s 26 API calls 20996->20998 21001 65fd89 20997->21001 20999 656dfa 20998->20999 20999->20988 20999->20991 21004 65fd38 21001->21004 21003 65fdad 21003->20999 21005 65fd44 ___scrt_is_nonwritable_in_current_image 21004->21005 21012 65f1cd EnterCriticalSection 21005->21012 21007 65fd52 21013 65fdb1 21007->21013 21009 65fd5f 21022 65fd7d 21009->21022 21011 65fd70 ___scrt_is_nonwritable_in_current_image 21011->21003 21012->21007 21014 65f2eb 62 API calls 21013->21014 21015 65fdc9 21014->21015 21016 667b3a 20 API calls 21015->21016 21017 65fdd3 21016->21017 21018 65fded 21017->21018 21019 6600a9 ___crtLCMapStringA 21 API calls 21017->21019 21018->21009 21020 65fe10 21019->21020 21021 66006f _free 20 API calls 21020->21021 21021->21018 21025 65f1e1 LeaveCriticalSection 21022->21025 21024 65fd87 21024->21011 21025->21024 20289 6664af 20290 6664bb ___scrt_is_nonwritable_in_current_image 20289->20290 20301 65e66b EnterCriticalSection 20290->20301 20292 6664c2 20302 66bf29 20292->20302 20294 6664d1 20299 6664e0 20294->20299 20315 666343 GetStartupInfoW 20294->20315 20298 6663f9 2 API calls 20298->20299 20321 6664fc 20299->20321 20300 6664f1 ___scrt_is_nonwritable_in_current_image 20301->20292 20303 66bf35 ___scrt_is_nonwritable_in_current_image 20302->20303 20304 66bf42 20303->20304 20305 66bf59 20303->20305 20307 65edda _free 20 API calls 20304->20307 20324 65e66b EnterCriticalSection 20305->20324 20308 66bf47 20307->20308 20309 65cf91 _memcpy_s 26 API calls 20308->20309 20310 66bf51 ___scrt_is_nonwritable_in_current_image 20309->20310 20310->20294 20313 66bf65 20314 66bf91 20313->20314 20325 66be7a 20313->20325 20332 66bfb8 20314->20332 20316 6663f2 20315->20316 20317 666360 20315->20317 20316->20298 20317->20316 20318 66bf29 27 API calls 20317->20318 20319 666389 20318->20319 20319->20316 20320 6663b7 GetFileType 20319->20320 20320->20319 20336 65e6b3 LeaveCriticalSection 20321->20336 20323 666503 20323->20300 20324->20313 20326 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 20325->20326 20327 66be8c 20326->20327 20329 666aaf 11 API calls 20327->20329 20331 66be99 20327->20331 20328 66006f _free 20 API calls 20330 66beeb 20328->20330 20329->20327 20330->20313 20331->20328 20335 65e6b3 LeaveCriticalSection 20332->20335 20334 66bfbf 20334->20310 20335->20334 20336->20323 20341 6688bb 20342 6688c7 ___scrt_is_nonwritable_in_current_image 20341->20342 20343 6688d3 20342->20343 20344 6688ea 20342->20344 20346 65edda _free 20 API calls 20343->20346 20354 65f1cd EnterCriticalSection 20344->20354 20348 6688d8 20346->20348 20347 6688fa 20355 668937 20347->20355 20350 65cf91 _memcpy_s 26 API calls 20348->20350 20353 6688e3 ___scrt_is_nonwritable_in_current_image 20350->20353 20351 668906 20374 66892d 20351->20374 20354->20347 20356 668945 20355->20356 20357 66895f 20355->20357 20358 65edda _free 20 API calls 20356->20358 20359 66621a _Fputc 26 API calls 20357->20359 20360 66894a 20358->20360 20361 668968 20359->20361 20362 65cf91 _memcpy_s 26 API calls 20360->20362 20363 66916c 30 API calls 20361->20363 20372 668955 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20362->20372 20364 668984 20363->20364 20365 6689f0 20364->20365 20366 668a6c 20364->20366 20364->20372 20369 668a0d 20365->20369 20370 668a1f 20365->20370 20367 668a79 20366->20367 20366->20370 20368 65edda _free 20 API calls 20367->20368 20368->20372 20377 668c50 20369->20377 20370->20372 20389 668acc 20370->20389 20372->20351 20396 65f1e1 LeaveCriticalSection 20374->20396 20376 668935 20376->20353 20378 668c5f 20377->20378 20379 66621a _Fputc 26 API calls 20378->20379 20381 668c72 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20379->20381 20380 658177 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 20382 668de7 20380->20382 20383 66916c 30 API calls 20381->20383 20388 668c7e 20381->20388 20382->20372 20384 668ccc 20383->20384 20385 668cfe ReadFile 20384->20385 20384->20388 20386 668d25 20385->20386 20385->20388 20387 66916c 30 API calls 20386->20387 20387->20388 20388->20380 20390 66621a _Fputc 26 API calls 20389->20390 20391 668add 20390->20391 20392 66916c 30 API calls 20391->20392 20395 668b25 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20391->20395 20393 668b63 20392->20393 20394 66916c 30 API calls 20393->20394 20393->20395 20394->20395 20395->20372 20396->20376 18675 664288 18676 6642b0 18675->18676 18677 664298 18675->18677 18676->18677 18684 6642c7 _strrchr 18676->18684 18678 65edda _free 20 API calls 18677->18678 18679 66429d 18678->18679 18680 65cf91 _memcpy_s 26 API calls 18679->18680 18699 6642a8 18680->18699 18681 664378 _strrchr 18682 66439e 18681->18682 18683 6643c8 18681->18683 18685 664b7e 33 API calls 18682->18685 18687 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 18683->18687 18684->18681 18688 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 18684->18688 18686 6643a5 18685->18686 18694 6643be 18686->18694 18721 6644a3 18686->18721 18691 6643e2 18687->18691 18689 664325 18688->18689 18692 664330 18689->18692 18693 66433e 18689->18693 18696 6631fc ___std_exception_copy 26 API calls 18691->18696 18720 6643ea 18691->18720 18697 66006f _free 20 API calls 18692->18697 18698 6631fc ___std_exception_copy 26 API calls 18693->18698 18695 66006f _free 20 API calls 18694->18695 18695->18699 18700 6643fe 18696->18700 18697->18699 18701 66434c 18698->18701 18703 664496 18700->18703 18704 664409 18700->18704 18701->18703 18784 66e911 18701->18784 18702 66006f _free 20 API calls 18702->18694 18707 65cfbe _memcpy_s 11 API calls 18703->18707 18705 65edda _free 20 API calls 18704->18705 18713 664419 18705->18713 18708 6644a2 18707->18708 18710 6631fc ___std_exception_copy 26 API calls 18710->18713 18711 66006f _free 20 API calls 18711->18681 18712 664b7e 33 API calls 18712->18713 18713->18710 18713->18712 18714 664461 18713->18714 18716 664455 18713->18716 18715 65edda _free 20 API calls 18714->18715 18717 664466 18715->18717 18718 66006f _free 20 API calls 18716->18718 18719 6644a3 45 API calls 18717->18719 18718->18694 18719->18720 18720->18702 18722 6644b1 18721->18722 18723 6644c9 18721->18723 18724 65edda _free 20 API calls 18722->18724 18723->18722 18725 6644d5 18723->18725 18726 6644df 18723->18726 18727 6644b6 18724->18727 18728 65edc7 __dosmaperr 20 API calls 18725->18728 18793 66ecf3 18726->18793 18730 65cf91 _memcpy_s 26 API calls 18727->18730 18728->18722 18742 6644c1 18730->18742 18732 664506 18734 66006f _free 20 API calls 18732->18734 18733 66451d 18798 664260 18733->18798 18737 66450e 18734->18737 18740 66006f _free 20 API calls 18737->18740 18738 664557 18741 66006f _free 20 API calls 18738->18741 18739 66457f 18744 65edc7 __dosmaperr 20 API calls 18739->18744 18740->18742 18743 66455f 18741->18743 18742->18694 18745 66006f _free 20 API calls 18743->18745 18746 664590 _memcpy_s 18744->18746 18747 66456a 18745->18747 18749 6645a1 CreateProcessA 18746->18749 18748 66006f _free 20 API calls 18747->18748 18748->18742 18750 664603 18749->18750 18751 6645de GetLastError 18749->18751 18753 6646c1 18750->18753 18754 66460f 18750->18754 18752 65eda4 __dosmaperr 20 API calls 18751->18752 18755 6645ea 18752->18755 18756 6612c1 _abort 28 API calls 18753->18756 18757 664613 WaitForSingleObject GetExitCodeProcess 18754->18757 18758 664649 18754->18758 18785 66e92d 18784->18785 18788 66e91f 18784->18788 18786 65edda _free 20 API calls 18785->18786 18787 66e935 18786->18787 18789 65cf91 _memcpy_s 26 API calls 18787->18789 18788->18785 18791 66e956 18788->18791 18790 664361 18789->18790 18790->18703 18790->18711 18791->18790 18792 65edda _free 20 API calls 18791->18792 18792->18787 18801 66e97a 18793->18801 18796 66006f _free 20 API calls 18797 6644fc 18796->18797 18797->18732 18797->18733 18817 66420f 18798->18817 18800 664284 18800->18738 18800->18739 18803 66e996 18801->18803 18802 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 18804 66e9c4 18802->18804 18803->18802 18805 66e9cc 18804->18805 18812 66e9e0 18804->18812 18806 65eda4 __dosmaperr 20 API calls 18805->18806 18808 66e9d3 18806->18808 18807 66e9d9 18810 66006f _free 20 API calls 18807->18810 18811 65edda _free 20 API calls 18808->18811 18809 6631fc ___std_exception_copy 26 API calls 18809->18812 18813 66ea2b 18810->18813 18811->18807 18812->18807 18812->18809 18814 66ea35 18812->18814 18813->18796 18815 65cfbe _memcpy_s 11 API calls 18814->18815 18816 66ea41 18815->18816 18818 66421b ___scrt_is_nonwritable_in_current_image 18817->18818 18825 65e66b EnterCriticalSection 18818->18825 18820 664229 18826 6646c9 18820->18826 18824 664247 ___scrt_is_nonwritable_in_current_image 18824->18800 18825->18820 18827 6646f2 18826->18827 18828 664730 18827->18828 18829 66471e 18827->18829 18831 65e6dc std::_Locinfo::_Locinfo_ctor 20 API calls 18828->18831 18830 65edda _free 20 API calls 18829->18830 18832 664236 18830->18832 18833 664744 18831->18833 18837 664254 18832->18837 18834 65edda _free 20 API calls 18833->18834 18835 664752 18833->18835 18834->18835 18836 66006f _free 20 API calls 18835->18836 18836->18832 18840 65e6b3 LeaveCriticalSection 18837->18840 18839 66425e 18839->18824 18840->18839

    Executed Functions

    Function 006644A3 Relevance: 34.7, APIs: 23, Instructions: 194processsynchronizationCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
      • Part of subcall function 0066ECF3: _free.LIBCMT ref: 0066ED15
    • _free.LIBCMT ref: 00664514
    • CreateProcessA.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000), ref: 006645CE
    • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 006645DE
    • __dosmaperr.LIBCMT ref: 006645E5
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 006645F0
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 006645FB
    • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,?,?,00000000,00000000), ref: 00664615
    • GetExitCodeProcess.KERNEL32(?,?), ref: 00664622
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 00664633
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 0066463E
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 00664653
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 0066465E
    • _free.LIBCMT ref: 00664669
    • _free.LIBCMT ref: 00664675
    • _free.LIBCMT ref: 00664681
    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 0066468F
    • _free.LIBCMT ref: 00664509
      • Part of subcall function 0066006F: HeapFree.KERNEL32(00000000,00000000,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?), ref: 00660085
      • Part of subcall function 0066006F: GetLastError.KERNEL32(?,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?,?), ref: 00660097
    • _free.LIBCMT ref: 0066455A
    • _free.LIBCMT ref: 00664565
    • _free.LIBCMT ref: 00664570
    • _free.LIBCMT ref: 00664698
    • _free.LIBCMT ref: 006646A4
    • _free.LIBCMT ref: 006646B0
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$CloseHandle$ErrorLastProcess$CodeCreateExitFreeHeapObjectSingleWait__dosmaperr
    • String ID:
    • API String ID: 4143445633-0
    • Opcode ID: 704b3f7c8364b4f7895d4cc3771924c00081e268f0213cbfd7e425e04b8090fb
    • Instruction ID: 0fc2689489ec7604525e85caa17b29cc6aca630ca1b24eab52efc442e86d521a
    • Opcode Fuzzy Hash: 704b3f7c8364b4f7895d4cc3771924c00081e268f0213cbfd7e425e04b8090fb
    • Instruction Fuzzy Hash: 4D616A71C00209EFDF21AFA0DC85AEEBBBBFF05315F20412AF915A6251DB354A948F65
    Function 00664288 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 212COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 78 664288-664296 79 6642b0-6642b3 78->79 80 664298-6642ab call 65edda call 65cf91 78->80 79->80 81 6642b5-6642ba 79->81 90 664491-664495 80->90 81->80 83 6642bc-6642c0 81->83 83->80 85 6642c2-6642c5 83->85 85->80 87 6642c7-6642ed call 673190 * 2 85->87 94 6642f3-6642f5 87->94 95 66437e-664380 87->95 96 6642fb-664307 call 673190 94->96 97 664388-66439c call 673190 94->97 98 664386 95->98 99 664382-664384 95->99 96->97 106 664309-66430b 96->106 104 66439e-6643a9 call 664b7e 97->104 105 6643c8 97->105 98->97 99->97 99->98 113 6643af-6643b9 call 6644a3 104->113 114 66445c-66445f 104->114 108 6643cb-6643d0 105->108 109 66430e-664313 106->109 108->108 111 6643d2-6643e8 call 65e6dc 108->111 109->109 112 664315-66432e call 65e6dc 109->112 125 6643f2-664403 call 6631fc 111->125 126 6643ea-6643ed 111->126 121 664330-664339 call 66006f 112->121 122 66433e-664351 call 6631fc 112->122 123 6643be-6643c3 113->123 117 664486-66448c call 66006f 114->117 136 66448e-664490 117->136 121->136 139 664496 122->139 140 664357-664366 call 66e911 122->140 123->117 137 664498-6644a2 call 65cfbe 125->137 138 664409-664423 call 65edda 125->138 131 66447f-664485 call 66006f 126->131 131->117 136->90 148 664426-664443 call 6631fc call 664b7e 138->148 139->137 140->139 149 66436c-66437c call 66006f 140->149 157 664445-664453 148->157 158 664461-66447d call 65edda call 6644a3 148->158 149->97 157->148 160 664455-66445b call 66006f 157->160 158->131 160->114
    APIs
    • _strrchr.LIBCMT ref: 006642CC
    • _strrchr.LIBCMT ref: 006642D7
    • _strrchr.LIBCMT ref: 006642FE
    • _free.LIBCMT ref: 00664331
      • Part of subcall function 0065CFBE: IsProcessorFeaturePresent.KERNEL32(00000017,0065CF90,00000000,?,00000004,00000004,?,?,?,?,0065CF9D,00000000,00000000,00000000,00000000,00000000), ref: 0065CFC0
      • Part of subcall function 0065CFBE: GetCurrentProcess.KERNEL32(C0000417,?), ref: 0065CFE2
      • Part of subcall function 0065CFBE: TerminateProcess.KERNEL32(00000000), ref: 0065CFE9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _strrchr$Process$CurrentFeaturePresentProcessorTerminate_free
    • String ID: .com
    • API String ID: 1283974128-4200470757
    • Opcode ID: 416d5d95e7822e8ea54446d363eb9dd167413f3b70eecb17d6c93f9d6a367e2f
    • Instruction ID: 378afac920a89ff931cff2cefecf806c5d477f1f8509d07286a3bbde6e1e1f70
    • Opcode Fuzzy Hash: 416d5d95e7822e8ea54446d363eb9dd167413f3b70eecb17d6c93f9d6a367e2f
    • Instruction Fuzzy Hash: ED51C271900205BEEF15AEB5CD42BAE7BABDF52320F24426DF814E6381EF328E019755
    Function 00651150 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 263COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 214 651150-651188 215 65118e-651190 214->215 216 65118a-65118c 214->216 218 651193-651198 215->218 217 65119c-6511b1 216->217 220 6511b3 217->220 221 6511ca-6511d5 217->221 218->218 219 65119a 218->219 219->217 222 6511b5-6511b7 220->222 223 6511c3-6511c8 220->223 224 6511d8-6511e1 221->224 222->221 225 6511b9-6511bb 222->225 223->224 226 6511e3 224->226 227 6511e8-6511f9 224->227 225->221 230 6511bd 225->230 226->227 228 65120c-651225 227->228 229 6511fb-651201 227->229 232 651227-65122c 228->232 233 651231-651241 228->233 229->228 231 651203-651205 229->231 230->223 234 6511bf-6511c1 230->234 231->228 235 651207 call 6549f0 231->235 236 651387-651390 232->236 237 651243-651245 233->237 238 6512ae-6512c4 call 6571bf 233->238 234->221 234->223 235->228 240 651396-6513b2 236->240 241 65143e-65144f call 65569a 236->241 242 651247 237->242 243 6512a6-6512a8 237->243 245 6512c6-6512c9 238->245 240->241 246 6513b8-6513ba 240->246 258 651451-651453 call 6535f0 241->258 259 651458-651467 241->259 247 65124d-651263 242->247 248 651249-65124b 242->248 243->238 244 651334-651380 243->244 244->236 251 651294-651299 245->251 252 6512cb-6512cd 245->252 253 6513e6-6513e8 246->253 254 6513bc-6513e1 call 651490 call 651d10 call 65a0d6 246->254 255 651285-65128b 247->255 256 651265-65126c 247->256 248->243 248->247 251->244 252->251 262 6512cf 252->262 260 651414-651439 call 651490 call 651d10 call 65a0d6 253->260 261 6513ea-65140f call 651490 call 651d10 call 65a0d6 253->261 254->253 265 65128f-651292 255->265 256->255 264 65126e-651283 256->264 258->259 268 65146e-651481 259->268 269 651469 259->269 260->241 261->260 271 6512d0-6512d2 262->271 264->265 265->251 273 65129e-6512a4 265->273 269->268 276 6512d4 271->276 277 651332 271->277 273->237 281 6512d6-6512d8 276->281 282 6512da-6512f0 276->282 277->244 281->277 281->282 286 651315-65131a 282->286 287 6512f2-6512f9 282->287 292 65131e-651321 286->292 287->286 291 6512fb-651313 287->291 291->292 293 651323-651328 292->293 294 65132a-651330 292->294 293->244 294->271
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006513E1
    • __CxxThrowException@8.LIBVCRUNTIME ref: 0065140F
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00651439
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw
    • String ID: (Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 2005118841-1493168240
    • Opcode ID: 08dae52d721dbc58ec89d55bbd5470f9a038d5c64bd4d7497251493c87d705a3
    • Instruction ID: ad6650b2abc2951eda045509584641257611ef05a7584c93886f5089c45272b8
    • Opcode Fuzzy Hash: 08dae52d721dbc58ec89d55bbd5470f9a038d5c64bd4d7497251493c87d705a3
    • Instruction Fuzzy Hash: 7AA18E74A016059FDB14CF68C590BA9B7F2AF06316F258298EC159F392C731ED89CB50
    Function 00667268 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 216COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 296 667268-667281 297 667297-66729c 296->297 298 667283-667293 call 660053 296->298 300 66729e-6672a6 297->300 301 6672a9-6672cd MultiByteToWideChar 297->301 298->297 305 667295 298->305 300->301 303 6672d3-6672df 301->303 304 667460-667473 call 658177 301->304 306 667333 303->306 307 6672e1-6672f2 303->307 305->297 309 667335-667337 306->309 310 6672f4-667303 call 6584b0 307->310 311 667311-667322 call 6600a9 307->311 313 667455 309->313 314 66733d-667350 MultiByteToWideChar 309->314 310->313 324 667309-66730f 310->324 311->313 321 667328 311->321 318 667457-66745e call 6575ad 313->318 314->313 317 667356-667368 call 666bde 314->317 326 66736d-667371 317->326 318->304 325 66732e-667331 321->325 324->325 325->309 326->313 328 667377-66737e 326->328 329 667380-667385 328->329 330 6673b8-6673c4 328->330 329->318 333 66738b-66738d 329->333 331 6673c6-6673d7 330->331 332 667410 330->332 334 6673f2-667403 call 6600a9 331->334 335 6673d9-6673e8 call 6584b0 331->335 336 667412-667414 332->336 333->313 337 667393-6673ad call 666bde 333->337 341 66744e-667454 call 6575ad 334->341 350 667405 334->350 335->341 348 6673ea-6673f0 335->348 340 667416-66742f call 666bde 336->340 336->341 337->318 352 6673b3 337->352 340->341 354 667431-667438 340->354 341->313 353 66740b-66740e 348->353 350->353 352->313 353->336 355 667474-66747a 354->355 356 66743a-66743b 354->356 357 66743c-66744c WideCharToMultiByte 355->357 356->357 357->341 358 66747c-667483 call 6575ad 357->358 358->318
    APIs
    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,e,0065E0E2,?,?,?,006674B9,00000001,00000001,C8E85006), ref: 006672C2
    • __alloca_probe_16.LIBCMT ref: 006672FA
    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006674B9,00000001,00000001,C8E85006,?,?,?), ref: 00667348
    • __alloca_probe_16.LIBCMT ref: 006673DF
    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C8E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00667442
    • __freea.LIBCMT ref: 0066744F
      • Part of subcall function 006600A9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0066014F,?,00000000,?,0066BC39,?,00000004,00000004,?,?,?,00661BAE), ref: 006600DB
    • __freea.LIBCMT ref: 00667458
    • __freea.LIBCMT ref: 0066747D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
    • String ID: e
    • API String ID: 2597970681-1206045156
    • Opcode ID: 0cbdb90b21b64eaff888a7e045c8c5583bbcd55179244b06fde44f56b9ea3a4b
    • Instruction ID: 5aa967cc5c5a59ce9b3a64612d8aebefdb25fc28a09fd520ec9d8f044782e7b7
    • Opcode Fuzzy Hash: 0cbdb90b21b64eaff888a7e045c8c5583bbcd55179244b06fde44f56b9ea3a4b
    • Instruction Fuzzy Hash: 9C51CF72614216ABEB258F64DC45EBB7BABEB40758F254628FC08D6240EF34DC90D6A0
    Function 00654F40 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 158COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 361 654f40-654f85 362 654f87 361->362 363 654f8c-654f9d 361->363 362->363 364 654fb0-654fc9 363->364 365 654f9f-654fa5 363->365 366 654fd5-654fe3 364->366 367 654fcb-654fd0 364->367 365->364 368 654fa7-654fa9 365->368 370 654fe5-654fec 366->370 371 655012-655019 call 6569ca 366->371 369 655067-655070 367->369 368->364 372 654fab call 6549f0 368->372 374 655076-655092 369->374 375 65511e-65512c call 65569a 369->375 370->371 376 654fee-655010 370->376 380 65501c-655029 371->380 372->364 374->375 377 655098-65509a 374->377 385 655135-655144 375->385 386 65512e-655130 call 6535f0 375->386 378 655060 376->378 381 6550c6-6550c8 377->381 382 65509c-6550c1 call 651490 call 651d10 call 65a0d6 377->382 378->369 380->378 387 6550f4-655119 call 651490 call 651d10 call 65a0d6 381->387 388 6550ca-6550ef call 651490 call 651d10 call 65a0d6 381->388 382->381 393 655146 385->393 394 65514b-65515e 385->394 386->385 387->375 388->387 393->394
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006550C1
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006550EF
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00655119
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw
    • String ID: (Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 2005118841-1493168240
    • Opcode ID: 0de88a7ca9dc6879f8549f2f084f9c99177beaf96d946aab256374541bbe708d
    • Instruction ID: db86ba65b1794ed3db9d1d7b46efed0212cdef2bd07d1c31e00a7e94f6c9490f
    • Opcode Fuzzy Hash: 0de88a7ca9dc6879f8549f2f084f9c99177beaf96d946aab256374541bbe708d
    • Instruction Fuzzy Hash: CE51DE306006049FDB14DF58C569BA9BBF6FF0531AF14829CE8069B392CB75ED49CB84
    Function 006569CA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 407 6569ca-6569e8 call 658442 410 6569f8-6569ff 407->410 411 6569ea-6569f3 407->411 413 656a26-656a2a 410->413 414 656a01-656a0b 410->414 412 656b60-656b65 call 6583fd 411->412 417 656a30-656a3f call 656759 413->417 418 656b5e 413->418 414->413 416 656a0d-656a21 414->416 416->412 422 656a41-656a45 call 655f45 417->422 423 656a5c-656a7e call 653ca0 417->423 418->412 426 656a4a-656a51 422->426 428 656a81-656a84 423->428 426->412 429 656a57 426->429 430 656a87-656a8c 428->430 429->418 431 656a93-656ac1 call 6583e2 430->431 432 656a8e-656a91 430->432 436 656ac7-656aca 431->436 437 656b52-656b59 call 6567b2 431->437 432->431 438 656b36-656b39 436->438 439 656acc-656ad7 436->439 437->418 438->437 441 656b3b-656b4d call 655f45 438->441 442 656adc-656ae1 439->442 443 656ad9 439->443 441->437 451 656b4f 441->451 445 656ae3-656ae6 442->445 446 656b09 442->446 443->442 449 656ae8 445->449 450 656aeb-656aff call 65fce0 445->450 447 656b0c-656b16 446->447 447->451 452 656b18-656b1a 447->452 449->450 450->437 456 656b01-656b07 450->456 451->437 452->430 455 656b20-656b24 452->455 455->437 457 656b26-656b31 call 653990 455->457 456->447 457->428
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: H_prolog3_
    • String ID:
    • API String ID: 2427045233-3916222277
    • Opcode ID: ff9cd23ecf853bfc7ce183a51e88837646922526a155b89a66d269ea23e8808a
    • Instruction ID: fafa960712304c0ca76b2c4cae818d2b365922df6f36b364091a61395b35c4b3
    • Opcode Fuzzy Hash: ff9cd23ecf853bfc7ce183a51e88837646922526a155b89a66d269ea23e8808a
    • Instruction Fuzzy Hash: AE513B31A0020A9FCF24CF94C590AEDBBB6BF58321F54452DF942A7381EB31A989CB54
    Function 0065D056 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 460 65d056-65d087 call 6641f1 463 65d092-65d094 460->463 464 65d089-65d08c 460->464 466 65d096-65d099 463->466 467 65d0b3-65d0c8 463->467 464->463 465 65d14b-65d155 call 65cfbe 464->465 469 65d12f-65d14a call 66006f call 658177 466->469 470 65d09f-65d0b1 call 664b7e 466->470 471 65d116-65d12d call 664ab3 467->471 472 65d0ca-65d0e1 call 65edda * 2 call 664809 467->472 470->469 471->469 487 65d0e6-65d0f3 call 65edda 472->487 490 65d0f5-65d0f9 487->490 491 65d0fb-65d0fe 487->491 490->469 492 65d100-65d108 call 65edda 491->492 493 65d10f-65d114 call 65edda 491->493 492->493 498 65d10a-65d10d 492->498 493->471 498->469
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free
    • String ID: COMSPEC$cmd.exe
    • API String ID: 269201875-2256226045
    • Opcode ID: 6aaa195d0bdebfe3817cc86d20984b7962cd141e9b000527c70333b380608bfb
    • Instruction ID: 43d6e9b1bb98d7bc985f764c37d4802be4d72e6e6653e4853241506a792ceeeb
    • Opcode Fuzzy Hash: 6aaa195d0bdebfe3817cc86d20984b7962cd141e9b000527c70333b380608bfb
    • Instruction Fuzzy Hash: 9531D971D011199F8B34AFA5CD069BFBBBADE42352F15026EFC04A7291DA314E09CBE5
    Function 0066B3AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 499 66b3ad-66b3d7 call 663f32 call 66b4cc call 66b141 506 66b3dd-66b3f2 call 6600a9 499->506 507 66b3d9-66b3db 499->507 511 66b3f4-66b40a call 66b56e 506->511 512 66b422 506->512 508 66b430-66b433 507->508 516 66b40f-66b415 511->516 513 66b424-66b42f call 66006f 512->513 513->508 518 66b417-66b41c call 65edda 516->518 519 66b434-66b438 516->519 518->512 520 66b43f-66b44a 519->520 521 66b43a call 662217 519->521 525 66b461-66b47b 520->525 526 66b44c-66b456 520->526 521->520 525->513 528 66b47d-66b484 525->528 526->525 527 66b458-66b460 call 66006f 526->527 527->525 528->513 529 66b486-66b49d call 66b017 528->529 529->513 534 66b49f-66b4a9 529->534 534->513
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
      • Part of subcall function 0066B4CC: _abort.LIBCMT ref: 0066B4FE
      • Part of subcall function 0066B4CC: _free.LIBCMT ref: 0066B532
      • Part of subcall function 0066B141: GetOEMCP.KERNEL32(00000000,?,?,0066B3CA,?), ref: 0066B16C
    • _free.LIBCMT ref: 0066B425
    • _free.LIBCMT ref: 0066B45B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorLast_abort
    • String ID: x6h
    • API String ID: 2991157371-1876334821
    • Opcode ID: f929976c31d1152d974cf5a414cc803ec0a679aaef284ba0c4aec950b8492c21
    • Instruction ID: 702eca37a39c4f10b8401fd3a3fa6c43a17a1efa668c040de33ff20cd64b887f
    • Opcode Fuzzy Hash: f929976c31d1152d974cf5a414cc803ec0a679aaef284ba0c4aec950b8492c21
    • Instruction Fuzzy Hash: 5231B331900114EFDB10EBA9D441BA977F6EF40324F25519DE504DB3A3EB329E81DB54
    Function 00666BDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 535 666bde-666c0c call 66663d 538 666c35-666c4f call 666c66 LCMapStringW 535->538 539 666c0e-666c33 LCMapStringEx 535->539 543 666c55-666c63 call 658177 538->543 539->543
    APIs
    • LCMapStringEx.KERNELBASE(?,0066D9FC,?,?), ref: 00666C31
    • LCMapStringW.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,?,00000001,00000000,00000001,?,0066D9FC,0066D9FC,?,?), ref: 00666C4F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: String
    • String ID: LCMapStringEx
    • API String ID: 2568140703-3893581201
    • Opcode ID: 3a3237aa18fb4b32148b2a7bd0071c2b19bb809f8380f5c42a81c03fe0e8d1e0
    • Instruction ID: 940c1b2066351a8fe0fed6ad27ed86c6de2c9ef5988253e4a0e083372775e2c6
    • Opcode Fuzzy Hash: 3a3237aa18fb4b32148b2a7bd0071c2b19bb809f8380f5c42a81c03fe0e8d1e0
    • Instruction Fuzzy Hash: 24012532500209BBCF129F90ED05DEE3F63EF48760F414118FE1966160CB328971EB95
    Function 0066164D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 546 66164d-661654 547 661656-661658 546->547 548 661659-661660 call 66b4ae call 66b817 546->548 552 661665-661669 548->552 553 661670-661679 call 6616a6 552->553 554 66166b-66166e 552->554 560 661680-661690 call 6692c3 553->560 561 66167b-66167e 553->561 555 66169a-6616a5 call 66006f 554->555 562 661692-661699 call 66006f 560->562 561->562 562->555
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free
    • String ID: `Ih
    • API String ID: 269201875-3578007316
    • Opcode ID: e651e5dfa62dcbaa95e0d588c2fa19e016ea573819a80316dfd83c20f2c8fc6f
    • Instruction ID: dd8e60039d52eab9e48b4a4dd36e55d709482ca65511f66f0a6e49c09ecfa947
    • Opcode Fuzzy Hash: e651e5dfa62dcbaa95e0d588c2fa19e016ea573819a80316dfd83c20f2c8fc6f
    • Instruction Fuzzy Hash: 66E0E52A94251262D7F1323AFC11BAB064B5BC3371F2D032DF524DB1C2DF20484281B9
    Function 00668523 Relevance: 4.7, APIs: 3, Instructions: 186COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 567 668523-668548 568 668551-668553 567->568 569 66854a-66854c 567->569 571 668574-668599 568->571 572 668555-66856f call 65edc7 call 65edda call 65cf91 568->572 570 66871f-66872e call 658177 569->570 575 6685a0-6685a6 571->575 576 66859b-66859e 571->576 572->570 577 6685c5 575->577 578 6685a8-6685c0 call 65edc7 call 65edda call 65cf91 575->578 576->575 581 6685c8-6685cd 576->581 577->581 616 668716-668719 578->616 584 6685de-6685e7 call 6680c8 581->584 585 6685cf-6685db call 669187 581->585 596 668622-668634 584->596 597 6685e9-6685eb 584->597 585->584 601 668636-66863c 596->601 602 66867c-66869d WriteFile 596->602 598 66860f-668618 call 667ea8 597->598 599 6685ed-6685f2 597->599 615 66861d-668620 598->615 603 6686e6-6686f8 599->603 604 6685f8-668605 call 66805b 599->604 609 66863e-668641 601->609 610 66866c-668675 call 66813e 601->610 607 66869f-6686a5 GetLastError 602->607 608 6686a8 602->608 613 668703-668713 call 65edda call 65edc7 603->613 614 6686fa-6686fd 603->614 625 668608-66860a 604->625 607->608 617 6686ab-6686b6 608->617 618 668643-668646 609->618 619 66865c-66866a call 66830b 609->619 622 66867a 610->622 613->616 614->613 623 6686ff-668701 614->623 615->625 629 66871e 616->629 626 66871b 617->626 627 6686b8-6686bd 617->627 618->603 628 66864c-66865a call 66821d 618->628 619->615 622->615 623->629 625->617 626->629 632 6686e3 627->632 633 6686bf-6686c4 627->633 628->615 629->570 632->603 636 6686c6-6686d8 call 65edda call 65edc7 633->636 637 6686da-6686e1 call 65eda4 633->637 636->616 637->616
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9b92be64a90f3940fff92d4e9b73697e72df34badbabdb2b88b25059f7fadb85
    • Instruction ID: e1b2597c39ebf635af5bc1a1f74d60e99fd7e13b7c524e101664104920d863f2
    • Opcode Fuzzy Hash: 9b92be64a90f3940fff92d4e9b73697e72df34badbabdb2b88b25059f7fadb85
    • Instruction Fuzzy Hash: F551C671D0020AAFCF25DFB8C945EEEBBB6AF45310F140359E805A7292DF359A02CB65
    Function 0066B219 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 646 66b219-66b24d GetCPInfo 647 66b343-66b350 646->647 648 66b253 646->648 649 66b356-66b366 647->649 650 66b255-66b25f 648->650 651 66b372-66b379 649->651 652 66b368-66b370 649->652 650->650 653 66b261-66b274 650->653 655 66b37b-66b382 651->655 656 66b389 651->656 654 66b385-66b387 652->654 657 66b295-66b297 653->657 660 66b38b-66b39a 654->660 655->654 656->660 658 66b276-66b27d 657->658 659 66b299-66b2d0 call 66714b call 667485 657->659 661 66b28c-66b28e 658->661 671 66b2d5-66b300 call 667485 659->671 660->649 663 66b39c-66b3ac call 658177 660->663 664 66b290-66b293 661->664 665 66b27f-66b281 661->665 664->657 665->664 668 66b283-66b28b 665->668 668->661 674 66b302-66b30c 671->674 675 66b30e-66b31a 674->675 676 66b31c-66b31e 674->676 677 66b32c-66b333 675->677 678 66b335 676->678 679 66b320-66b325 676->679 680 66b33c-66b33f 677->680 678->680 679->677 680->674 681 66b341 680->681 681->663
    APIs
    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0066B23E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Info
    • String ID:
    • API String ID: 1807457897-3916222277
    • Opcode ID: 202c32b100747ca4f94c02e63b08438a4e56ee7f108b3e5b6a8322fefb134f33
    • Instruction ID: 1bfdddd6f42b23e3c9fc94b73d2308ec7a86f3e796dd1f1afc2ee0920e6eaaac
    • Opcode Fuzzy Hash: 202c32b100747ca4f94c02e63b08438a4e56ee7f108b3e5b6a8322fefb134f33
    • Instruction Fuzzy Hash: D641FB7060424CDADB218E64CC94BFABBFFDB45304F1414EDD59AD7242D3359A85DB60
    Function 0066B56E Relevance: 3.2, APIs: 2, Instructions: 168COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 682 66b56e-66b592 call 66b141 685 66b594-66b59d call 66b1b4 682->685 686 66b5a2-66b5a9 682->686 693 66b74f-66b75e call 658177 685->693 688 66b5ac-66b5b2 686->688 690 66b6a2-66b6c1 call 65aaa0 688->690 691 66b5b8-66b5c4 688->691 701 66b6c4-66b6c9 690->701 691->688 694 66b5c6-66b5cc 691->694 697 66b5d2-66b5d8 694->697 698 66b69a-66b69d 694->698 697->698 699 66b5de-66b5ea IsValidCodePage 697->699 700 66b74e 698->700 699->698 703 66b5f0-66b5fd GetCPInfo 699->703 700->693 704 66b700-66b70a 701->704 705 66b6cb-66b6d0 701->705 706 66b687-66b68d 703->706 707 66b603-66b624 call 65aaa0 703->707 704->701 708 66b70c-66b733 call 66b103 704->708 709 66b6d2-66b6d8 705->709 710 66b6fd 705->710 706->698 711 66b68f-66b695 call 66b1b4 706->711 721 66b626-66b62d 707->721 722 66b677 707->722 723 66b734-66b743 708->723 714 66b6f1-66b6f3 709->714 710->704 726 66b74b-66b74c 711->726 715 66b6f5-66b6fb 714->715 716 66b6da-66b6e0 714->716 715->705 715->710 716->715 724 66b6e2-66b6ed 716->724 727 66b650-66b653 721->727 728 66b62f-66b634 721->728 725 66b67a-66b682 722->725 723->723 729 66b745-66b746 call 66b219 723->729 724->714 725->729 726->700 732 66b658-66b65f 727->732 728->727 730 66b636-66b63c 728->730 729->726 733 66b644-66b646 730->733 732->732 734 66b661-66b675 call 66b103 732->734 735 66b63e-66b643 733->735 736 66b648-66b64e 733->736 734->725 735->733 736->727 736->728
    APIs
      • Part of subcall function 0066B141: GetOEMCP.KERNEL32(00000000,?,?,0066B3CA,?), ref: 0066B16C
    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0066B40F,?,00000000), ref: 0066B5E2
    • GetCPInfo.KERNEL32(00000000,0066B40F,?,?,?,0066B40F,?,00000000), ref: 0066B5F5
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CodeInfoPageValid
    • String ID:
    • API String ID: 546120528-0
    • Opcode ID: 6392ce6633780532b2e596c7ba4433652f4f4694306e24977082bb484407883c
    • Instruction ID: 93aa560ff0780548b3ef10474c08393bb27e5585da3fbd45a84ff76f82a5bed1
    • Opcode Fuzzy Hash: 6392ce6633780532b2e596c7ba4433652f4f4694306e24977082bb484407883c
    • Instruction Fuzzy Hash: A1513270A00245DFDB248F31C8956FABBE7EF41310F14A16EE496CB351DB359A86CB90
    Function 0066813E Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 739 66813e-668195 call 658cc0 742 6681fc-6681fe 739->742 743 668197 742->743 744 668200 742->744 746 66819d-66819f 743->746 745 66820a-66821c call 658177 744->745 748 6681a1-6681a6 746->748 749 6681bf-6681e1 WriteFile 746->749 751 6681af-6681bd 748->751 752 6681a8-6681ae 748->752 753 668202-668208 GetLastError 749->753 754 6681e3-6681ee 749->754 751->746 751->749 752->751 753->745 754->745 755 6681f0-6681f6 754->755 755->742
    APIs
    • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,?,?,?,0066867A,?,?,00000000,?,?,?), ref: 006681D9
    • GetLastError.KERNEL32(?,0066867A,?,?,00000000,?,?,?,?,?,00000001,?,00682280,00000014,0065FC6C,00000000), ref: 00668202
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: e4e73291af4a23906b93f28c1e84fa655baf3301f50a6cd530f32c688da13b86
    • Instruction ID: 51564ebd19d64a26bfa7af0eb6f972f5d1ca886c3e60b936daf79627cbed7fc6
    • Opcode Fuzzy Hash: e4e73291af4a23906b93f28c1e84fa655baf3301f50a6cd530f32c688da13b86
    • Instruction Fuzzy Hash: 7B21B435600219DFCB24CF69CC80AE9F3FAFB48301F1045AAE946D3251DB30AE86CB60
    Function 006663F9 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
    Download Yara Rule
    APIs
    • GetStdHandle.KERNEL32(000000F6), ref: 00666445
    • GetFileType.KERNELBASE(00000000), ref: 00666457
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: 7ce8335379e06b2164c6f6ece2d7fd46d2200faa59013031137d2f7760c52a13
    • Instruction ID: 2c049710aa7503643d623fef7aec449dee2da164c2e11afede4bace32186fd7f
    • Opcode Fuzzy Hash: 7ce8335379e06b2164c6f6ece2d7fd46d2200faa59013031137d2f7760c52a13
    • Instruction Fuzzy Hash: 2211B4311047525BCB304E3EEC886627AD7AB96330B388729F5B6C72F1DF24D9829641
    Function 0065F694 Relevance: 1.6, APIs: 1, Instructions: 75COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • @_EH4_CallFilterFunc@8.LIBCMT ref: 0065F759
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CallFilterFunc@8
    • String ID:
    • API String ID: 4062629308-0
    • Opcode ID: 673e07b3b84715f157dc9def660fd2f08bb8df36d0e99152d3189b7786d4c751
    • Instruction ID: 07edfcc8513ca51333083a5511c2f2262cd421f2fb303f8e09d3043641ec227c
    • Opcode Fuzzy Hash: 673e07b3b84715f157dc9def660fd2f08bb8df36d0e99152d3189b7786d4c751
    • Instruction Fuzzy Hash: CA21D731A102105BCB586B38AD127AE37939F49336F29832DFC355A2E1DB759A0F8709

    Non-executed Functions

    Function 0066E0F3 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F91
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F9E
    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0066E1FF
    • IsValidCodePage.KERNEL32(00000000), ref: 0066E25A
    • IsValidLocale.KERNEL32(?,00000001), ref: 0066E269
    • GetLocaleInfoW.KERNEL32(?,00001001,M&f,00000040,?,006620DC,00000055,00000000,?,?,00000055,00000000), ref: 0066E2B1
    • GetLocaleInfoW.KERNEL32(?,00001002,00000000,00000040), ref: 0066E2D0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
    • String ID: M&f$M&f$M&f
    • API String ID: 745075371-3021673437
    • Opcode ID: 51f37a55ef49cdffc6e61fc77b2b4b39162952864658ad83e2908b93e51e2c88
    • Instruction ID: 9fe6032728f612d511734c7c0804d8383a042b20c66e98f57acfd6995b404d50
    • Opcode Fuzzy Hash: 51f37a55ef49cdffc6e61fc77b2b4b39162952864658ad83e2908b93e51e2c88
    • Instruction Fuzzy Hash: D3519176E00215ABDB20DFA4DC45AFAB7BFBF05700F154429E914E7290EB729A408B61
    Function 0066DF1F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,0066E23E,?,00000000), ref: 0066DFB8
    • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,0066E23E,?,00000000), ref: 0066DFE1
    • GetACP.KERNEL32(?,?,0066E23E,?,00000000), ref: 0066DFF6
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: >f$ACP$OCP
    • API String ID: 2299586839-2598261672
    • Opcode ID: ff4f3d175b99217106c82cc444808ee38d9eb8a93f92f94bb7bcc5c2f0d31ea4
    • Instruction ID: 2bf1ca282d1bc71d87d3790868f462760ee83d1802a682941680b41ca276a12e
    • Opcode Fuzzy Hash: ff4f3d175b99217106c82cc444808ee38d9eb8a93f92f94bb7bcc5c2f0d31ea4
    • Instruction Fuzzy Hash: 1421AC22F01105EADB348F55C905BEB73ABAB94B20B568464F90BDB304EB32DE41C390
    Function 0066EFCD Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: __floor_pentium4
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 4168288129-2761157908
    • Opcode ID: d38de5d047fcbe746d99b32dffe53f94eb423c52044fd952e655a55ebedcf0d6
    • Instruction ID: 72bce5673bb91aebe465429f7db22926ec2e738ad26ef9082c8db08ed8ede6ff
    • Opcode Fuzzy Hash: d38de5d047fcbe746d99b32dffe53f94eb423c52044fd952e655a55ebedcf0d6
    • Instruction Fuzzy Hash: 64C25F71E086288FDB65CF28ED407EAB7B6EB44315F1541EAD80DE7241E775AE818F40
    Function 0066D7BB Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00662654,?,?,?,?,006620AB,?,00000004), ref: 0066D89D
    • _wcschr.LIBVCRUNTIME ref: 0066D92D
    • _wcschr.LIBVCRUNTIME ref: 0066D93B
    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,T&f,00000000,006620DC), ref: 0066D9DE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
    • String ID: T&f
    • API String ID: 4212172061-4093319223
    • Opcode ID: a001279fa356dbbde1decf2c0350a1c37276ace07629a70eaeb642308d434656
    • Instruction ID: df226d010506f4b8c9c20598e569152b789bed8d112f5abc15f1399f327914a4
    • Opcode Fuzzy Hash: a001279fa356dbbde1decf2c0350a1c37276ace07629a70eaeb642308d434656
    • Instruction Fuzzy Hash: DE61F771F00206AADB24AF75CC46AF673AAEF49750F14452EF905DB281EB70ED41CBA4
    Function 0066DBA6 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F91
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F9E
    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0066DBFA
    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0066DC4B
    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0066DD0B
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorInfoLastLocale$_free$_abort
    • String ID:
    • API String ID: 2829624132-0
    • Opcode ID: ae57fe02d73bb2ac6acc2f32e0201c7bdcc512cbba004b24c157eccfd1d3926c
    • Instruction ID: a09fedc2220e441dbc77457a409d825acd357fcded6025bc644b64038c26b3ab
    • Opcode Fuzzy Hash: ae57fe02d73bb2ac6acc2f32e0201c7bdcc512cbba004b24c157eccfd1d3926c
    • Instruction Fuzzy Hash: 5261A271A5020B9FDF28AF24CD82BBA77AAEF04310F204169E906CA681F775DD51CB54
    Function 0065CDC7 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000004), ref: 0065CEBF
    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000004), ref: 0065CEC9
    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000004), ref: 0065CED6
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$DebuggerPresent
    • String ID:
    • API String ID: 3906539128-0
    • Opcode ID: a9515fa5514ffcc2365708105f1c468156834f9b1df49b30e3bac72d24176c63
    • Instruction ID: 9889cfd58e2b53c3327a33bb5126a07d40656a276e8f3a3d187a200f5961943f
    • Opcode Fuzzy Hash: a9515fa5514ffcc2365708105f1c468156834f9b1df49b30e3bac72d24176c63
    • Instruction Fuzzy Hash: 4D31C4749012199BCB61DF64D889BDDBBB9BF08311F5042EAE81CA7250EB309F858F44
    Function 006611A5 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetCurrentProcess.KERNEL32(00000000,?,0066117B,00000000,00682018,0000000C,006612D2,00000000,00000002,00000000), ref: 006611C6
    • TerminateProcess.KERNEL32(00000000,?,0066117B,00000000,00682018,0000000C,006612D2,00000000,00000002,00000000), ref: 006611CD
    • ExitProcess.KERNEL32 ref: 006611DF
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 7ded0ed94131c93514d0950e46c67b51227a9168aafd8f5ee5ce263089f91cf0
    • Instruction ID: a810fcf70226b75d387e374bfd5463fa4988148e4e6941b4dd86131710a75942
    • Opcode Fuzzy Hash: 7ded0ed94131c93514d0950e46c67b51227a9168aafd8f5ee5ce263089f91cf0
    • Instruction Fuzzy Hash: C6E0B631410648EFCF15AF65ED0DA997B6BFF46381B045018FE498A632CB35DE92CA94
    Function 006585D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
    Download Yara Rule
    APIs
    • IsProcessorFeaturePresent.KERNEL32(0000000A,?), ref: 006585F1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: FeaturePresentProcessor
    • String ID:
    • API String ID: 2325560087-3916222277
    • Opcode ID: 289d3c3432297aa7960261b788576341cff40dc095d60040b7f0ef5961818162
    • Instruction ID: 5fffa4f00dabaf87fbe2b319b6897eae556fabba01cc609a65a3ef6961df1a09
    • Opcode Fuzzy Hash: 289d3c3432297aa7960261b788576341cff40dc095d60040b7f0ef5961818162
    • Instruction Fuzzy Hash: 8E41C07190120AAFEB24CF59D885BAEBBF6FB48311F20822ED815E7390DB709944CF50
    Function 0066ACCE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: .
    • API String ID: 0-248832578
    • Opcode ID: d0471f32f010f00dc4f46f2e61c17f97f5f09603d6bda5b336002a86fe29057c
    • Instruction ID: 5171f1f7423d03f0097d7947ddfc3a9f5d4f48df6a07920d8d559103a0e48918
    • Opcode Fuzzy Hash: d0471f32f010f00dc4f46f2e61c17f97f5f09603d6bda5b336002a86fe29057c
    • Instruction Fuzzy Hash: 7831E271900249AFCB249EB8CC85EFA7BBFDF85314F1442ACF919A7251E6319E458F50
    Function 0066DA7E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • EnumSystemLocalesW.KERNEL32(0066DBA6,00000001,00000000,?,M&f,?,0066E1D3,00000000,?,?,?), ref: 0066DAF0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystem_abort_free
    • String ID: M&f
    • API String ID: 1084509184-3758915784
    • Opcode ID: 160048a50ad21ebca46e75a23bd49baf0f215ed1b14c11e06dbd80f07417dda8
    • Instruction ID: c815dfbdf3f5165e0ce582053315c5fae422324df6cffac6bbc12da198797fe4
    • Opcode Fuzzy Hash: 160048a50ad21ebca46e75a23bd49baf0f215ed1b14c11e06dbd80f07417dda8
    • Instruction Fuzzy Hash: B6112976B047015FDB189F79C8915BAB792FF80358B19442CE58647B40D371B942CB40
    Function 0066DB19 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • EnumSystemLocalesW.KERNEL32(0066DDF6,00000001,00000000,?,M&f,?,0066E197,M&f,?,?,?,?,?,0066264D,?,?), ref: 0066DB65
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystem_abort_free
    • String ID: M&f
    • API String ID: 1084509184-3758915784
    • Opcode ID: a551e07138fb21ff35a59b984b1902309c6a553102108a8d71ab7ff73944a82c
    • Instruction ID: f2950b4377f141ef2f6e2f93dd0a6c4b1bb17ac6cda8047eaaf74f022e905439
    • Opcode Fuzzy Hash: a551e07138fb21ff35a59b984b1902309c6a553102108a8d71ab7ff73944a82c
    • Instruction Fuzzy Hash: 62F0F6B67003046FDB246F39DC81ABA7B96FF81368F06442CF9458B750D671AC42CB54
    Function 006669DE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,006620AB,?,00000004), ref: 00666A31
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: GetLocaleInfoEx
    • API String ID: 2299586839-2904428671
    • Opcode ID: d750cc0e75aed31dafcad3fbad9c0d4f29962fdc1fb82284d7111f4d5cae3336
    • Instruction ID: da5bee52ce933a33fd9e9cc9bc3a93372252acdbd693459021f7c130869bab89
    • Opcode Fuzzy Hash: d750cc0e75aed31dafcad3fbad9c0d4f29962fdc1fb82284d7111f4d5cae3336
    • Instruction Fuzzy Hash: 94F0F631A40208BBCB11AFA1EC05EBE7F67EF44750F014148FC09A6261CE728E109789
    Function 006601C0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fe2ee9c0aebd57ab518bab1e932adee73be93b786d5c054d4cefeb01fe9d4b7d
    • Instruction ID: d6467544b7033c90650af3a1fbb5a8c3035a5ec714bffa88eb3f7ba23b69fa41
    • Opcode Fuzzy Hash: fe2ee9c0aebd57ab518bab1e932adee73be93b786d5c054d4cefeb01fe9d4b7d
    • Instruction Fuzzy Hash: 98021C71E002199FEF14CFA9C9906EEBBF2EF88314F258169D919E7340D731AA418B94
    Function 00664EE8 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00664EE3,?,?,00000008,?,?,00671769,00000000), ref: 00665115
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionRaise
    • String ID:
    • API String ID: 3997070919-0
    • Opcode ID: 5e1635765737490340b0a2733511a65b97e70df95fb4728d447a0f7afe015428
    • Instruction ID: bb18d2d931731e9abc4a30c756c132054981ade1e0d116403ce70fcaf6941cb7
    • Opcode Fuzzy Hash: 5e1635765737490340b0a2733511a65b97e70df95fb4728d447a0f7afe015428
    • Instruction Fuzzy Hash: 5CB13B31610A09DFD715CF28C48ABA57BE2FF45364F258658E8DACF2A1C735E992CB40
    Function 0066DDF6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F91
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F9E
    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0066DE4A
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$_free$InfoLocale_abort
    • String ID:
    • API String ID: 1663032902-0
    • Opcode ID: b4a65a10dcf1622f560070e534428fa15393c7d068b0f0cc8d9e8425f48a43b1
    • Instruction ID: 66ec7f77137c7d8e55abf319bd041c09c074a0cf5d9acf773bd8a26a8e9b9a51
    • Opcode Fuzzy Hash: b4a65a10dcf1622f560070e534428fa15393c7d068b0f0cc8d9e8425f48a43b1
    • Instruction Fuzzy Hash: 2521C572E10216ABDB249F64DC81BBA73ADEF15310F10017AFD01DA281EB76AD51CB55
    Function 0066E026 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0066DDC4,00000000,00000000,?), ref: 0066E052
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$InfoLocale_abort_free
    • String ID:
    • API String ID: 2692324296-0
    • Opcode ID: 3f460b241810f788c52afe07e44d67df63f3ff30ee36abcb47c226d05f6fe3d1
    • Instruction ID: 13fc3179774d1af0ef51cbae47c0b179d27f1a9b8ccf7640fa96306b08d82a25
    • Opcode Fuzzy Hash: 3f460b241810f788c52afe07e44d67df63f3ff30ee36abcb47c226d05f6fe3d1
    • Instruction Fuzzy Hash: 06F0F43AA00115BBDF385A64C806BFA7B6AEB40714F150429EC09A3280EAB2BD518AD0
    Function 00666577 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 0065E66B: EnterCriticalSection.KERNEL32(?,?,0066190A,006514E6,00682040,0000000C), ref: 0065E67A
    • EnumSystemLocalesW.KERNEL32(00666531,00000001,00682200,0000000C), ref: 006665AF
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CriticalEnterEnumLocalesSectionSystem
    • String ID:
    • API String ID: 1272433827-0
    • Opcode ID: 9132411f380e85da29b99f580493296265447dd918f23afcaa06298af5192326
    • Instruction ID: 959cc7f45b3ba55d8572c527bf085ba33097315482c5aec380cff3410c3931ca
    • Opcode Fuzzy Hash: 9132411f380e85da29b99f580493296265447dd918f23afcaa06298af5192326
    • Instruction Fuzzy Hash: 26F04972A10200EFDB00EF78E856B5D37B2BB04B21F119219F810EB2A2DF758A448B45
    Function 0066DA33 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • EnumSystemLocalesW.KERNEL32(0066D98A,00000001,00000000,?,?,0066E1F5,M&f,?,?,?,?,?,0066264D,?,?,?), ref: 0066DA6A
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$EnumLocalesSystem_abort_free
    • String ID:
    • API String ID: 1084509184-0
    • Opcode ID: eb2753b0590e31d18b98c017b960dada22f94126be7854182ccc4afc7159f310
    • Instruction ID: e88d9d076d2327efaa68ad3480e1d628f09890e5e01652668c3e8f6dc23bd9d6
    • Opcode Fuzzy Hash: eb2753b0590e31d18b98c017b960dada22f94126be7854182ccc4afc7159f310
    • Instruction Fuzzy Hash: 08F05C3970020467CB049F75C815A767F52EFC1710B07405CFA098B250C6319883C790
    Function 006588A0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
    Download Yara Rule
    APIs
    • SetUnhandledExceptionFilter.KERNEL32(Function_000088AC,0065825C), ref: 006588A5
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled
    • String ID:
    • API String ID: 3192549508-0
    • Opcode ID: 0fbe89f7d4a6ff8a04f83439184b8a5d8e1447a7409aaf5dbd028124997b7c71
    • Instruction ID: 8795e329641277b275d8797c1c8375a850f5609fc98e8765ca2a4565fb644ef2
    • Opcode Fuzzy Hash: 0fbe89f7d4a6ff8a04f83439184b8a5d8e1447a7409aaf5dbd028124997b7c71
    • Instruction Fuzzy Hash:
    Function 0065DCD3 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: 0
    • API String ID: 0-4108050209
    • Opcode ID: ca97c5f309770fb07f37061b9e1abd40896b3de4fc6dfe25d4dfe0c8bd6b85dc
    • Instruction ID: 3c182349ee9028391288f2b7b63c26893d27014f73fc120ef1f22dd3be75298b
    • Opcode Fuzzy Hash: ca97c5f309770fb07f37061b9e1abd40896b3de4fc6dfe25d4dfe0c8bd6b85dc
    • Instruction Fuzzy Hash: 77513A6160464997DF788A6888967FF27E79F62307F180A19EC82CB3C2C615DE4E8356
    Function 00666DB1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 61bdd166cc4c56fd23df2cf4e4d9cf8d92f7278e87f3cd50ad8716bb0b2c0e9a
    • Instruction ID: df04dbdffebe740c2eebde45f5c5e661db300fec5271046940d0947c0de081cf
    • Opcode Fuzzy Hash: 61bdd166cc4c56fd23df2cf4e4d9cf8d92f7278e87f3cd50ad8716bb0b2c0e9a
    • Instruction Fuzzy Hash: CCA011B0202202AF8300CF3AAA0A20A3AAAAA22280302A028A008C0220EF2080C08B00
    Function 006696B9 Relevance: .6, Instructions: 637COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3f92e77d406a4febc1b9a73d551b2003ae0418881447179f0cbabfca2b57dc3c
    • Instruction ID: f5cc011a31b962f3e3590f47e839c731dbd459b62bb736d49f9abe0a7e49cd30
    • Opcode Fuzzy Hash: 3f92e77d406a4febc1b9a73d551b2003ae0418881447179f0cbabfca2b57dc3c
    • Instruction Fuzzy Hash: 7532F331D29F414DD7279A34C922339A28EAFB73D4F15E727F81AB5AA5EB3984C34101
    Function 0065B9F6 Relevance: .3, Instructions: 345COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
    • Instruction ID: 41cb108aa130a55d8b0df36f610732a7028319f2f3099bcb04b41a4ddf1fd34b
    • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
    • Instruction Fuzzy Hash: 5AC1763220519349DB1D463AD4741BEBAA2AE917B371A275EECB3CB2D5FF10C52CD610
    Function 0065BE2B Relevance: .3, Instructions: 341COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
    • Instruction ID: 8cdf96c42615632920bfefdddcd99742d1da7b0759177b72329e112c28dec967
    • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
    • Instruction Fuzzy Hash: E1C1883210519349DF2D467AD4741BEBAA26AA27B371A175EECB3CB2C5FF20C52CD610
    Function 0065B5C1 Relevance: .3, Instructions: 331COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
    • Instruction ID: e370223c881b781dc3d410c31cfec72358178adf609db51508240432dbbcec44
    • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
    • Instruction Fuzzy Hash: 86C1663220515349DF1D4A7AD4740BEBAA26E927B371A276EE8B3CB2D5FF10C52CD610
    Function 0065B1A9 Relevance: .3, Instructions: 323COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
    • Instruction ID: 5a995897a891535201af15d1eaff96273391bd4b345ae67ea72a90a5a166b9ab
    • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
    • Instruction Fuzzy Hash: E2C1773220515349DF2D4A3AD47417EBAA26A917B371A275EECB3CB2D5FF10C52C9620
    Function 0065AC00 Relevance: .1, Instructions: 76COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
    • Instruction ID: 8470bffb80bd0e7fc5dbf827de42dd228dca5261ba391c9e9f198c47bbffaf9b
    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
    • Instruction Fuzzy Hash: CB112B7720018287D709CAEDC5B46F7A797EBCA323F2C437AD8824B754D122A94D9606
    Function 00651F60 Relevance: .0, Instructions: 28COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 97d3d689d84f01f2fa66278c194af716fd84b58a73db486c7c98c93affd9ffa8
    • Instruction ID: 5e4d1420e5e4124fb5d45d7561a58a213b135ead5b7994ae46d9a96bd1af048d
    • Opcode Fuzzy Hash: 97d3d689d84f01f2fa66278c194af716fd84b58a73db486c7c98c93affd9ffa8
    • Instruction Fuzzy Hash: B4F0A931704604AFC714DF14D850F66B7E9FB0AB10F1082ADE81ACBBA0DB32A800CB90
    Function 00651F00 Relevance: .0, Instructions: 25COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 734291d9d809b1aa1b187255fe9f1f29e58484bd3074ec01a8da601b8f6a7b59
    • Instruction ID: eaae1bd3bcaa5856b7d5ada76fa977d26f3d9b727e7b97beb0c63198ea02931e
    • Opcode Fuzzy Hash: 734291d9d809b1aa1b187255fe9f1f29e58484bd3074ec01a8da601b8f6a7b59
    • Instruction Fuzzy Hash: D1F01535644544AFC714CF18D980F15B7E9FB09B24F1142ADE81A8BBA0DB36A900CA40
    Function 00655430 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 123fileCOMMON
    Download Yara Rule
    APIs
    • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000000,?), ref: 0065544C
    • CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 0065546C
    • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000,?), ref: 00655479
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CreateFile$CloseHandleMapping
    • String ID: is invalid!$TRg$[-] Mapping of
    • API String ID: 2353530451-3941208638
    • Opcode ID: 7e242ef24344e384e7721ebc365558049acd897c126cd97ea78df70cc9f49e4e
    • Instruction ID: e65478a398bd1991bb93c83dd620ab62ffd158005883766f6579f66594729aa5
    • Opcode Fuzzy Hash: 7e242ef24344e384e7721ebc365558049acd897c126cd97ea78df70cc9f49e4e
    • Instruction Fuzzy Hash: 9C310C71A40204B7DB21AFB4BC4AF5E7B6ADF05763F100065FF09A62D0FF71A9148A95
    Function 0065E9C3 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$Info
    • String ID:
    • API String ID: 2509303402-0
    • Opcode ID: 388653fa0fb2d064b8c30ddf3c892735dee611a2ac19ddce55103c4bd9c61478
    • Instruction ID: 93a28adba53cc9ee8dd75eb08e52451f9427a026d987680a4c8a3107ad8f60c9
    • Opcode Fuzzy Hash: 388653fa0fb2d064b8c30ddf3c892735dee611a2ac19ddce55103c4bd9c61478
    • Instruction Fuzzy Hash: 06B1AF719003099FDF259F69C881BEEBBFABF08301F14416DF859AB342DA7699459B20
    Function 00664814 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 257COMMON
    Download Yara Rule
    APIs
    • ___from_strstr_to_strchr.LIBCMT ref: 006648A0
    • ___from_strstr_to_strchr.LIBCMT ref: 006648AE
      • Part of subcall function 0065CFBE: IsProcessorFeaturePresent.KERNEL32(00000017,0065CF90,00000000,?,00000004,00000004,?,?,?,?,0065CF9D,00000000,00000000,00000000,00000000,00000000), ref: 0065CFC0
      • Part of subcall function 0065CFBE: GetCurrentProcess.KERNEL32(C0000417,?), ref: 0065CFE2
      • Part of subcall function 0065CFBE: TerminateProcess.KERNEL32(00000000), ref: 0065CFE9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Process___from_strstr_to_strchr$CurrentFeaturePresentProcessorTerminate
    • String ID: PATH$\
    • API String ID: 2025418227-1896636505
    • Opcode ID: 0b92ccebc30cb04c0a24563e9d51e949da6bde3ae21974411ab6f183ff0280ad
    • Instruction ID: e9f76e0d1a0bbb02a06e162354d2997a279b8198ac83c0542cbfda63a3313896
    • Opcode Fuzzy Hash: 0b92ccebc30cb04c0a24563e9d51e949da6bde3ae21974411ab6f183ff0280ad
    • Instruction Fuzzy Hash: 7A716B329442117EDF259FA88C01BFE77AB9F52360F24416DE800AB3C6EE718E41C769
    Function 0066CDA9 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • ___free_lconv_mon.LIBCMT ref: 0066CDED
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C11F
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C131
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C143
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C155
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C167
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C179
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C18B
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C19D
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C1AF
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C1C1
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C1D3
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C1E5
      • Part of subcall function 0066C102: _free.LIBCMT ref: 0066C1F7
    • _free.LIBCMT ref: 0066CDE2
      • Part of subcall function 0066006F: HeapFree.KERNEL32(00000000,00000000,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?), ref: 00660085
      • Part of subcall function 0066006F: GetLastError.KERNEL32(?,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?,?), ref: 00660097
    • _free.LIBCMT ref: 0066CE04
    • _free.LIBCMT ref: 0066CE19
    • _free.LIBCMT ref: 0066CE24
    • _free.LIBCMT ref: 0066CE46
    • _free.LIBCMT ref: 0066CE59
    • _free.LIBCMT ref: 0066CE67
    • _free.LIBCMT ref: 0066CE72
    • _free.LIBCMT ref: 0066CEAA
    • _free.LIBCMT ref: 0066CEB1
    • _free.LIBCMT ref: 0066CECE
    • _free.LIBCMT ref: 0066CEE6
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
    • String ID:
    • API String ID: 161543041-0
    • Opcode ID: baddabe16edc19fc9d6dc0f5ffab2338401d857b33829fdc8a665e5747abfb1c
    • Instruction ID: de899f5134efff18e33615de28e6a4f3220ad790b23e73ba5c65714c4f1d8693
    • Opcode Fuzzy Hash: baddabe16edc19fc9d6dc0f5ffab2338401d857b33829fdc8a665e5747abfb1c
    • Instruction Fuzzy Hash: 31314A71A40B059FEB70AA39D845BB777EBEF00360F14442EE499D7252DB36AD90CB24
    Function 0066C200 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 4f42b174528fcfae349f0b83e788d750cf404cdf64bf19da49511ccc424bb127
    • Instruction ID: 22bf36286d4882e0ea7140f70536a6ee6b009fd7ad0559bc4108467462967353
    • Opcode Fuzzy Hash: 4f42b174528fcfae349f0b83e788d750cf404cdf64bf19da49511ccc424bb127
    • Instruction Fuzzy Hash: 69C147B1D40208AFDB60DBA8DC42FEE77FA9B48714F150169FA45FB282D570EE418764
    Function 00652010 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 184COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00652169
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006521AF
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006521DD
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00652207
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw
    • String ID: (Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 2005118841-1493168240
    • Opcode ID: 862815ada2ade01da0afea31552ea72491fa0e0fd2ab14811fb9993c12977381
    • Instruction ID: 72ee69ef9682e4f9e47d94dccdf18596ef9b51ae623784830dcef02c91037148
    • Opcode Fuzzy Hash: 862815ada2ade01da0afea31552ea72491fa0e0fd2ab14811fb9993c12977381
    • Instruction Fuzzy Hash: A861AE70A012059FDB14DFA8C965BADBBF6BF05309F14815CE805AB392CB71EE08CB54
    Function 00652250 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 184COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006523A9
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006523EF
    • __CxxThrowException@8.LIBVCRUNTIME ref: 0065241D
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00652447
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw
    • String ID: (Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 2005118841-1493168240
    • Opcode ID: 1d50e14bf6cf765500da8dfc34a311034474ad2075f2009737c6766c19099d7f
    • Instruction ID: bad013d35eff92a19e1f206331219ff3e36541837c9e615b77a849e8ade1d131
    • Opcode Fuzzy Hash: 1d50e14bf6cf765500da8dfc34a311034474ad2075f2009737c6766c19099d7f
    • Instruction Fuzzy Hash: 1961AD74A002059FDB14DFA8C955BADBBF6BF05309F14819CE806AB392CB75ED48CB54
    Function 00653020 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
    Download Yara Rule
    APIs
    • __Getcvt.LIBCPMT ref: 0065305E
    • __Getcvt.LIBCPMT ref: 00653096
    • Concurrency::cancel_current_task.LIBCPMT ref: 006530BE
    • Concurrency::cancel_current_task.LIBCPMT ref: 006530FC
    • Concurrency::cancel_current_task.LIBCPMT ref: 0065313C
    • numpunct.LIBCPMT ref: 00653144
    • __CxxThrowException@8.LIBVCRUNTIME ref: 0065314D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Concurrency::cancel_current_task$Getcvt$Exception@8Thrownumpunct
    • String ID: false$true$xBg
    • API String ID: 3191441162-3916518841
    • Opcode ID: 07396869b1789ea404169fb374c30d47293770f8a9ae0c41c7a358f1f4df22fe
    • Instruction ID: d7a854b45f3dcbca3d8ec7d9e161f0ed7fde879d9b5146f797e2596f1d3a96d5
    • Opcode Fuzzy Hash: 07396869b1789ea404169fb374c30d47293770f8a9ae0c41c7a358f1f4df22fe
    • Instruction Fuzzy Hash: CF413331A042548FCF209F64C8407AABFA7EF91711F1481ADEC595B382DA779A09CBA1
    Function 006535F0 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 90COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006536A4
      • Part of subcall function 0065A0D6: RaiseException.KERNEL32(?,?,006557D8,B164CD04,B164CD04,00000000,00000000,?,?,?,?,006557D8,B164CD04,00681A4C,00000000,B164CD04), ref: 0065A135
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006536D2
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006536FC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw$ExceptionRaise
    • String ID: (Cg$(Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 3476068407-577955861
    • Opcode ID: 870f91e0220dfbf12cb85b01b0ca8a309a6fa8752c1d2351fd541a6341a7f3e3
    • Instruction ID: 305d0ffd01a28f035326d62d5e9e6f66676e9e8c364a3fd790810671eef85e96
    • Opcode Fuzzy Hash: 870f91e0220dfbf12cb85b01b0ca8a309a6fa8752c1d2351fd541a6341a7f3e3
    • Instruction Fuzzy Hash: 42319270A40208AFDB14DF54C846FA8BBFAFF04769F508259F815AB381CB71E908CB45
    Function 0065137A Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006513E1
      • Part of subcall function 0065A0D6: RaiseException.KERNEL32(?,?,006557D8,B164CD04,B164CD04,00000000,00000000,?,?,?,?,006557D8,B164CD04,00681A4C,00000000,B164CD04), ref: 0065A135
    • __CxxThrowException@8.LIBVCRUNTIME ref: 0065140F
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00651439
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw$ExceptionRaise
    • String ID: (Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 3476068407-1493168240
    • Opcode ID: e03b831c1b7e484dc83abcf2e95c934a252d4ee213ffd8295fe659717e833f09
    • Instruction ID: 307605f5aab4ddb819f717a2ff40a8b3d9988c4063bebc1e8540acca1d28c2e0
    • Opcode Fuzzy Hash: e03b831c1b7e484dc83abcf2e95c934a252d4ee213ffd8295fe659717e833f09
    • Instruction Fuzzy Hash: 1E217F30A403099BDB14EF94C856BECB7F6EF05316F40815CE809AB342CB71AD49CB54
    Function 0065505A Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006550C1
      • Part of subcall function 0065A0D6: RaiseException.KERNEL32(?,?,006557D8,B164CD04,B164CD04,00000000,00000000,?,?,?,?,006557D8,B164CD04,00681A4C,00000000,B164CD04), ref: 0065A135
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006550EF
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00655119
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw$ExceptionRaise
    • String ID: (Cg$(Cg$(Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 3476068407-1493168240
    • Opcode ID: ba402b6f16f357efed7ad37cef56e57cbb6d6aa2e4f2fa4906bc4f683b25887b
    • Instruction ID: a1a259a26af95793bca2fe1b4ae0db3a021e3f41c4737cb6c8255f144cdbbc95
    • Opcode Fuzzy Hash: ba402b6f16f357efed7ad37cef56e57cbb6d6aa2e4f2fa4906bc4f683b25887b
    • Instruction Fuzzy Hash: 4F219170A406049BDB54EF94C96ABECB7F6EF14716F14815CEC06AB381CB71AD09CB58
    Function 00655F7F Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 51COMMON
    Download Yara Rule
    APIs
    • __EH_prolog3.LIBCMT ref: 00655F86
    • std::_Lockit::_Lockit.LIBCPMT ref: 00655F90
    • int.LIBCPMT ref: 00655FA7
      • Part of subcall function 00656249: std::_Lockit::_Lockit.LIBCPMT ref: 0065625A
      • Part of subcall function 00656249: std::_Lockit::~_Lockit.LIBCPMT ref: 00656274
    • std::locale::_Getfacet.LIBCPMT ref: 00655FB0
    • codecvt.LIBCPMT ref: 00655FCA
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00655FE7
    • std::_Facet_Register.LIBCPMT ref: 00656006
    • std::_Lockit::~_Lockit.LIBCPMT ref: 0065600F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prolog3RegisterThrowcodecvtstd::locale::_
    • String ID: H@h
    • API String ID: 1243920060-853058309
    • Opcode ID: 82d4dd027e070e9a7fafa2a7f386644447219fb4a1080b45e0067f1fab86d003
    • Instruction ID: 28bc8f2e6586f58137fbd8d5351547a57488f2eadc60c96d2ec88919a76fde3a
    • Opcode Fuzzy Hash: 82d4dd027e070e9a7fafa2a7f386644447219fb4a1080b45e0067f1fab86d003
    • Instruction Fuzzy Hash: E2018B3290061A9BCB41EBA0C956AAE7767AF40722F55010CFD126B2A2DF749A0DDB94
    Function 00663E3E Relevance: 15.1, APIs: 10, Instructions: 54COMMON
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 00663E52
      • Part of subcall function 0066006F: HeapFree.KERNEL32(00000000,00000000,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?), ref: 00660085
      • Part of subcall function 0066006F: GetLastError.KERNEL32(?,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?,?), ref: 00660097
    • _free.LIBCMT ref: 00663E5E
    • _free.LIBCMT ref: 00663E69
    • _free.LIBCMT ref: 00663E74
    • _free.LIBCMT ref: 00663E7F
    • _free.LIBCMT ref: 00663E8A
    • _free.LIBCMT ref: 00663E95
    • _free.LIBCMT ref: 00663EA0
    • _free.LIBCMT ref: 00663EAB
    • _free.LIBCMT ref: 00663EB9
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 31e8808fac7360c25965828ccf61e1a0def3882c5d428016a074d0045c024ef8
    • Instruction ID: 3903ece8db90c06a4fc87208eaffab20e9c3c7c64700b953298204720838f706
    • Opcode Fuzzy Hash: 31e8808fac7360c25965828ccf61e1a0def3882c5d428016a074d0045c024ef8
    • Instruction Fuzzy Hash: CF117476550108AFDB41FF55C842DEA7BBBEF04750F5140A9BA088B226DA32DA909B94
    Function 00651810 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94COMMON
    Download Yara Rule
    APIs
    • std::_Lockit::_Lockit.LIBCPMT ref: 0065183D
    • std::_Lockit::_Lockit.LIBCPMT ref: 00651860
    • std::_Lockit::~_Lockit.LIBCPMT ref: 00651880
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006518F9
    • std::_Facet_Register.LIBCPMT ref: 0065190F
    • std::_Lockit::~_Lockit.LIBCPMT ref: 0065191A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
    • String ID: 4Bg$bad cast
    • API String ID: 2536120697-3501147049
    • Opcode ID: 4a8c3a91949c1058311e06a4de3aeae57a09d7fc5375d126e28438bd22811781
    • Instruction ID: c1e12f4eb1fa6fa7957276a89ef631d3f5e2cb06a40b76481bc078976ac94760
    • Opcode Fuzzy Hash: 4a8c3a91949c1058311e06a4de3aeae57a09d7fc5375d126e28438bd22811781
    • Instruction Fuzzy Hash: 5B31E131D00224AFCB20DF54D844BA9B7BAEF05711F14435EEC15AB3A2D731AE49CB90
    Function 006515B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94COMMON
    Download Yara Rule
    APIs
    • std::_Lockit::_Lockit.LIBCPMT ref: 006515DD
    • std::_Lockit::_Lockit.LIBCPMT ref: 00651600
    • std::_Lockit::~_Lockit.LIBCPMT ref: 00651620
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00651699
    • std::_Facet_Register.LIBCPMT ref: 006516AF
    • std::_Lockit::~_Lockit.LIBCPMT ref: 006516BA
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
    • String ID: 4Bg$<Bg
    • API String ID: 2536120697-3145376740
    • Opcode ID: dea0738aaf1a7ab9e268a4b00a80800bc6a06e646178c467e6d05a13e748a03d
    • Instruction ID: 052f17075f599fe67212da13d5953ee1138df03402fd5833ad9927ce154c33ac
    • Opcode Fuzzy Hash: dea0738aaf1a7ab9e268a4b00a80800bc6a06e646178c467e6d05a13e748a03d
    • Instruction Fuzzy Hash: 5831EF71D00224AFCB10DF54D890AAAB7B6FB15721F18025DEC05AB3A1EB31AE49CB90
    Function 006516E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94COMMON
    Download Yara Rule
    APIs
    • std::_Lockit::_Lockit.LIBCPMT ref: 0065170D
    • std::_Lockit::_Lockit.LIBCPMT ref: 00651730
    • std::_Lockit::~_Lockit.LIBCPMT ref: 00651750
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006517C9
    • std::_Facet_Register.LIBCPMT ref: 006517DF
    • std::_Lockit::~_Lockit.LIBCPMT ref: 006517EA
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
    • String ID: 4Bg$bad cast
    • API String ID: 2536120697-3501147049
    • Opcode ID: d3cee44bf21f860808b615a1a8c3c542558749172ddd1dd8b9e4f72c916b1b72
    • Instruction ID: f9cd781e5d59d27f07bee125a57bc4feeeb0cee29a56724971428c4b7f88bf9d
    • Opcode Fuzzy Hash: d3cee44bf21f860808b615a1a8c3c542558749172ddd1dd8b9e4f72c916b1b72
    • Instruction Fuzzy Hash: 8F31E372900614AFCB10DFA8D885BA9B7B6FB19711F14035EEC05AB361D731AE49CB90
    Function 00670C4D Relevance: 13.8, APIs: 9, Instructions: 300COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4d7988d96edc1bd91776e3995f3d4f385aabc965da4a072a605d1f0d9805ba89
    • Instruction ID: 3088e16212104e1b096af4e1f859d08a25b0ddd2fc0211adb308ced6cfa7b825
    • Opcode Fuzzy Hash: 4d7988d96edc1bd91776e3995f3d4f385aabc965da4a072a605d1f0d9805ba89
    • Instruction Fuzzy Hash: A4C1B675A04349EFEF25DFA8C841BEDBBB6AF09310F148259E848A7392C7749941CB71
    Function 00672244 Relevance: 13.8, APIs: 9, Instructions: 268COMMON
    Download Yara Rule
    APIs
    • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,0067251D,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 006722F0
    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,0067251D,00000000,00000000,?,00000001,?,?,?,?), ref: 00672373
    • __alloca_probe_16.LIBCMT ref: 006723AB
    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000001,00000000,0067251D,?,0067251D,00000000,00000000,?,00000001,?,?,?,?), ref: 00672406
    • __alloca_probe_16.LIBCMT ref: 00672455
    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,0067251D,00000000,00000000,?,00000001,?,?,?,?), ref: 0067241D
      • Part of subcall function 006600A9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0066014F,?,00000000,?,0066BC39,?,00000004,00000004,?,?,?,00661BAE), ref: 006600DB
    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,0067251D,00000000,00000000,?,00000001,?,?,?,?), ref: 00672499
    • __freea.LIBCMT ref: 006724C4
    • __freea.LIBCMT ref: 006724D0
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocHeapInfo
    • String ID:
    • API String ID: 3256262068-0
    • Opcode ID: 70c4131f57eb12a46ecf3397328935e905860a8e640fd821e50956d0fa4181b7
    • Instruction ID: 24f121631600913f64c2ec6d8c5dcb6e286105f3e3403392e1bb16c22756bacf
    • Opcode Fuzzy Hash: 70c4131f57eb12a46ecf3397328935e905860a8e640fd821e50956d0fa4181b7
    • Instruction Fuzzy Hash: AC91E372E002179ADF209E64CCA5EEE7BF7AF09710F148619E91CE7281D725DD85C7A0
    Function 0066B89A Relevance: 13.7, APIs: 9, Instructions: 209COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
    • String ID:
    • API String ID: 1282221369-0
    • Opcode ID: bbd2aa37e0e93eca92d453fa43987fc63ed1ae59613fea57c1affc908afa2047
    • Instruction ID: b9ddcf19d92e944f5568eb9808775141ec9a2c387fd076ac0ea3aa92bcb0fa3e
    • Opcode Fuzzy Hash: bbd2aa37e0e93eca92d453fa43987fc63ed1ae59613fea57c1affc908afa2047
    • Instruction Fuzzy Hash: BE61E571D04305EFDF25AFB598916BA7BABEF02320F04536DEA44E7341EB3199818794
    Function 00662D5A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • _memcmp.LIBVCRUNTIME ref: 00663004
    • _free.LIBCMT ref: 00663075
    • _free.LIBCMT ref: 0066308E
    • _free.LIBCMT ref: 006630C0
    • _free.LIBCMT ref: 006630C9
    • _free.LIBCMT ref: 006630D5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorLast$_abort_memcmp
    • String ID: C
    • API String ID: 1679612858-1037565863
    • Opcode ID: 249ed6f92e53d5ed5d19826429f5d70debd74233abafeef7b4ee350f1bb93a73
    • Instruction ID: c65b597370e8320d944c7058d2b95da555f00e1958b6c409816a50efce045964
    • Opcode Fuzzy Hash: 249ed6f92e53d5ed5d19826429f5d70debd74233abafeef7b4ee350f1bb93a73
    • Instruction Fuzzy Hash: CFB12875A0162A9FDB24DF18C894AADB7B6FF48304F1045AEE809A7351E731AE94CF40
    Function 0066C625 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 9f8ba873c5d4347501ffd7755a32dac1c4da11353cc29b22bb9d02e6bca6a50e
    • Instruction ID: 8887acd7d1426682f02779003d206a868183fd4a0d2072f11646f12d0377853d
    • Opcode Fuzzy Hash: 9f8ba873c5d4347501ffd7755a32dac1c4da11353cc29b22bb9d02e6bca6a50e
    • Instruction Fuzzy Hash: 1B61C475900605AFDB20DF69C841BBABBF7EF44720F24416EE994EB382E770AD418B54
    Function 00667EA8 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
    Download Yara Rule
    APIs
    • GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,0066861D,?,?,00000000,?,?,?), ref: 00667EEA
    • __fassign.LIBCMT ref: 00667F65
    • __fassign.LIBCMT ref: 00667F80
    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 00667FA6
    • WriteFile.KERNEL32(?,00000000,00000000,0066861D,00000000,?,?,?,?,?,?,?,?,?,0066861D,?), ref: 00667FC5
    • WriteFile.KERNEL32(?,?,00000001,0066861D,00000000,?,?,?,?,?,?,?,?,?,0066861D,?), ref: 00667FFE
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
    • String ID:
    • API String ID: 1324828854-0
    • Opcode ID: 5bb2ca8addb3c7d67364f722be56e06b1f4e40d46966959c088d5106367578b2
    • Instruction ID: eb1ab55d0ccd8b2bb1891e54aa209efc5abe3fc8f4e635226c48ed58c322cd24
    • Opcode Fuzzy Hash: 5bb2ca8addb3c7d67364f722be56e06b1f4e40d46966959c088d5106367578b2
    • Instruction Fuzzy Hash: EA51B271A40209EFCB10CFA8D885AEEBBFAEF59300F14465AE955E7251DB309945CBA0
    Function 0066EE20 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7335108adaf3661e82e34b4cadd2236a1f52dd4188c7a9fe1315d9089e5b0058
    • Instruction ID: 24c19ac08e7b490d024d25ac37a8d394d9b81a7ab1e99e2f38966c0007446cae
    • Opcode Fuzzy Hash: 7335108adaf3661e82e34b4cadd2236a1f52dd4188c7a9fe1315d9089e5b0058
    • Instruction Fuzzy Hash: 6311E13A504219AFDB206FB6DC08DAB3AAFDFC6730B104628F815C7250DB3389419670
    Function 0066CAFA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 0066C841: _free.LIBCMT ref: 0066C86A
    • _free.LIBCMT ref: 0066CB48
      • Part of subcall function 0066006F: HeapFree.KERNEL32(00000000,00000000,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?), ref: 00660085
      • Part of subcall function 0066006F: GetLastError.KERNEL32(?,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?,?), ref: 00660097
    • _free.LIBCMT ref: 0066CB53
    • _free.LIBCMT ref: 0066CB5E
    • _free.LIBCMT ref: 0066CBB2
    • _free.LIBCMT ref: 0066CBBD
    • _free.LIBCMT ref: 0066CBC8
    • _free.LIBCMT ref: 0066CBD3
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 9bb85ae0115d142cb66313944cad99e78b2eb5f679dc1568e508c942e57ddfa9
    • Instruction ID: 9e1eb6291d2c1fa360b2bc93fe5232d393bc98e05201fcc3bb5716e4048386a1
    • Opcode Fuzzy Hash: 9bb85ae0115d142cb66313944cad99e78b2eb5f679dc1568e508c942e57ddfa9
    • Instruction Fuzzy Hash: 11115E71580F04AAEAB0BBB5CC47FEB7B9FAF00710F40882DB2DAA7053DA65F5548654
    Function 00651940 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • std::_Lockit::_Lockit.LIBCPMT ref: 0065196D
    • ___std_exception_copy.LIBVCRUNTIME ref: 006519DC
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006519F4
      • Part of subcall function 0065A0D6: RaiseException.KERNEL32(?,?,006557D8,B164CD04,B164CD04,00000000,00000000,?,?,?,?,006557D8,B164CD04,00681A4C,00000000,B164CD04), ref: 0065A135
    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006519FB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: std::_$ExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrow___std_exception_copy
    • String ID: (Bg$HBg
    • API String ID: 2988018378-1224512978
    • Opcode ID: 8a8641fffda0d03a62f183244569910dc8f4430ddb9683ce114a430f17e2f73a
    • Instruction ID: 21da6fc62b388caa5517de0562182ed357bee565d44e2204463e4e1d123a07a7
    • Opcode Fuzzy Hash: 8a8641fffda0d03a62f183244569910dc8f4430ddb9683ce114a430f17e2f73a
    • Instruction Fuzzy Hash: 3621B0B18147489EC720CFA8C80578BBFF9EF19304F10875EE859A3741E7B5A608CBA5
    Function 0065C983 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,0065C97A,006598A1,00681D70,00000010,00659069,?,?,?,?,?,00000000,?), ref: 0065C991
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0065C99F
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0065C9B8
    • SetLastError.KERNEL32(00000000,0065C97A,006598A1,00681D70,00000010,00659069,?,?,?,?,?,00000000,?), ref: 0065CA0A
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLastValue___vcrt_
    • String ID:
    • API String ID: 3852720340-0
    • Opcode ID: 62e4d3592b8bbed20f63db668c28fbafeaeee86f91793b152a2ea39cf0de7302
    • Instruction ID: 137f22e91558759905e731a12f842a68c54ab98e798f0de7e15d3d1eb1243fe0
    • Opcode Fuzzy Hash: 62e4d3592b8bbed20f63db668c28fbafeaeee86f91793b152a2ea39cf0de7302
    • Instruction Fuzzy Hash: 12014733109325AEE76427B8BCC5AA72B57EB04BB6F30032DFD10612E0FF110C0A9288
    Function 0065502B Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: >>> Creating a new thread...$Failed to created the thread!$TRg$TRg
    • API String ID: 0-3870398264
    • Opcode ID: 94753d1de6dafbe650a255077706b0cf05b84b725e5c82b207caf70f7af0e2a3
    • Instruction ID: ab743e68411b7498165a0b168ad139ddbcf7ce8b3897d2df2bed48115222dff7
    • Opcode Fuzzy Hash: 94753d1de6dafbe650a255077706b0cf05b84b725e5c82b207caf70f7af0e2a3
    • Instruction Fuzzy Hash: BE01A430BC07057BE760AB54DC0BF827792AB10B5BF658054FF0D6A3C2DAA0E9888695
    Function 00655170 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 32synchronizationthreadCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00651150: __CxxThrowException@8.LIBVCRUNTIME ref: 006513E1
    • CreateThread.KERNEL32(00000000,00000000,Function_00004F00,?,00000000,00000000), ref: 00655197
    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 006551BB
      • Part of subcall function 00651150: __CxxThrowException@8.LIBVCRUNTIME ref: 0065140F
      • Part of subcall function 00651150: __CxxThrowException@8.LIBVCRUNTIME ref: 00651439
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw$CreateObjectSingleThreadWait
    • String ID: >>> Creating a new thread...$Failed to created the thread!$TRg$TRg
    • API String ID: 1620007371-3870398264
    • Opcode ID: 816ea6711e140e7a58f21e6a43c1215eb5f2766f5cf1881b6a7189dd54de5604
    • Instruction ID: 321d34573288cdfe9c5d33854aa04bb8a3d4965190d1b51759145a8395e7df46
    • Opcode Fuzzy Hash: 816ea6711e140e7a58f21e6a43c1215eb5f2766f5cf1881b6a7189dd54de5604
    • Instruction Fuzzy Hash: 42E06D317C432432DA2027A57C0BFC23B4A8B02FBBF224150FF1D692D2DA80604446A9
    Function 00661D70 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 00661D8E
      • Part of subcall function 0066006F: HeapFree.KERNEL32(00000000,00000000,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?), ref: 00660085
      • Part of subcall function 0066006F: GetLastError.KERNEL32(?,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?,?), ref: 00660097
    • _free.LIBCMT ref: 00661DA0
    • _free.LIBCMT ref: 00661DB3
    • _free.LIBCMT ref: 00661DC4
    • _free.LIBCMT ref: 00661DD5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID: x6h
    • API String ID: 776569668-1876334821
    • Opcode ID: cd484b6721ec0de6624ddce4654253aba082bf73681ec56fdd49e4a888bd68e8
    • Instruction ID: 2b72dbff2c175ece2d7f140ecec3a1ccab9385b4acdd916adf3df98a36c2dd10
    • Opcode Fuzzy Hash: cd484b6721ec0de6624ddce4654253aba082bf73681ec56fdd49e4a888bd68e8
    • Instruction Fuzzy Hash: 82F0D071866232BB9B62AF15EC525673BA7E705B20316371DF41856375CB3209818B84
    Function 0065EE69 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: __cftoe
    • String ID:
    • API String ID: 4189289331-0
    • Opcode ID: 15e1048a13738885e1693e362bcaf59096be11e3c1a3f32a849562981ac20eb5
    • Instruction ID: d87e9af0e8de3c61a5eb77a5dd923a5838d16b5d90fcc603149ce97a70fc3ee0
    • Opcode Fuzzy Hash: 15e1048a13738885e1693e362bcaf59096be11e3c1a3f32a849562981ac20eb5
    • Instruction Fuzzy Hash: A2510E32904205ABDF685B68DC42EEF77AB9F44362F24422DFC15962C2DF32DE458664
    Function 00663F32 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
    • _free.LIBCMT ref: 00663F69
    • _free.LIBCMT ref: 00663F91
    • SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F9E
    • SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
    • _abort.LIBCMT ref: 00663FB0
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$_free$_abort
    • String ID:
    • API String ID: 3160817290-0
    • Opcode ID: f520df13b73155907eb894057b7475c688e8dc6d1a7f9f905fcccae4a17ee17b
    • Instruction ID: bc35a64e09630addb76eafda1174b4874fbaae4f60c446ffa38ab4b75af39998
    • Opcode Fuzzy Hash: f520df13b73155907eb894057b7475c688e8dc6d1a7f9f905fcccae4a17ee17b
    • Instruction Fuzzy Hash: 48F0C8395886217BD7553339FC1EF9B663B8FC1B61F35022CF91892391EF368A464264
    Function 006549F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00654AA4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw
    • String ID: (Cg$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
    • API String ID: 2005118841-2599435867
    • Opcode ID: 688eb454368d55c50d3327359a83002368c2ae03294d9be3725ad62b0e4d20e0
    • Instruction ID: cd761350499fd94d909850b6f37249f80546500c0cbe8d19a3a10e3365ab8743
    • Opcode Fuzzy Hash: 688eb454368d55c50d3327359a83002368c2ae03294d9be3725ad62b0e4d20e0
    • Instruction Fuzzy Hash: E331A1306402049FDB54DF58C596BA9B7F6FF05319F18829DE806AB392CB71ED88CB45
    Function 00653830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: invalid string position$string too long
    • API String ID: 0-4289949731
    • Opcode ID: f8edba03c486c34a778270f1196330ca09e69654199d097f42f00d68f5cd610d
    • Instruction ID: d91533efa34eb2540e174f10402d6d627dc5dfefe6e0750e8b04fbb77b8a8d61
    • Opcode Fuzzy Hash: f8edba03c486c34a778270f1196330ca09e69654199d097f42f00d68f5cd610d
    • Instruction Fuzzy Hash: 01F0E5B26002144ADA1CA7709852AAE729B4F20797F40403DFC0AC7302E625EA5EC19E
    Function 0066122A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,006611DB,00000000,?,0066117B,00000000,00682018,0000000C,006612D2,00000000,00000002), ref: 0066124A
    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0066125D
    • FreeLibrary.KERNEL32(00000000,?,?,?,006611DB,00000000,?,0066117B,00000000,00682018,0000000C,006612D2,00000000,00000002), ref: 00661280
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: cadadb2a71acc1b6e4ed97e93cd6b87dabdbee86d691e544ce4778a17fff9984
    • Instruction ID: 6c6607670904c36038455d6d5885b28b740d8e19cd95922488540d95a2e6aac9
    • Opcode Fuzzy Hash: cadadb2a71acc1b6e4ed97e93cd6b87dabdbee86d691e544ce4778a17fff9984
    • Instruction Fuzzy Hash: E2F0A430900218FBCB145F60DC4DBEE7FBAEB04741F054158F809A6250DF305E85CB50
    Function 0066774C Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ada137388718969adda376a0c8d0f1c6a361c7883891a1c06e9d0646f93ec768
    • Instruction ID: ea282c95c1a4a6d393cf7cacd6cf38f11743b2529978b0c187aea9c5511023f0
    • Opcode Fuzzy Hash: ada137388718969adda376a0c8d0f1c6a361c7883891a1c06e9d0646f93ec768
    • Instruction Fuzzy Hash: D371B3319082169FDB218F54CC44AFFBBB7EF51368F284369E85557281E7709D41CBA1
    Function 006628DC Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 006600A9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0066014F,?,00000000,?,0066BC39,?,00000004,00000004,?,?,?,00661BAE), ref: 006600DB
    • _free.LIBCMT ref: 006629E7
    • _free.LIBCMT ref: 006629FE
    • _free.LIBCMT ref: 00662A1D
    • _free.LIBCMT ref: 00662A38
    • _free.LIBCMT ref: 00662A4F
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$AllocHeap
    • String ID:
    • API String ID: 1835388192-0
    • Opcode ID: f39e2d1b15effd92c3308d2a1329a500dc950c85ef3a92fbc6cded3f437ac8da
    • Instruction ID: e7e756798403eff4985eff8ded0d94a80e793b09e6d933af732d7f6e053991e2
    • Opcode Fuzzy Hash: f39e2d1b15effd92c3308d2a1329a500dc950c85ef3a92fbc6cded3f437ac8da
    • Instruction Fuzzy Hash: 2351C031A00A06AFEB21DF6AC851AAAB7FAFF58724F14066DE809D7350E7319D41CB50
    Function 00661B21 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 5a6974629dd5db53ed8e084b14e88ff2720b1adec4c9403d05281b8947158992
    • Instruction ID: 934e41818237d6a3c90b3700a96f660a3b4d6f283dc1cb33fd6c5c9e9af00e4f
    • Opcode Fuzzy Hash: 5a6974629dd5db53ed8e084b14e88ff2720b1adec4c9403d05281b8947158992
    • Instruction Fuzzy Hash: DF41A332A402049FCB14DF78C881AAEB7B7EF85714F1946A9E515EF351E731AD01CB84
    Function 0066714B Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,00679628,00000000,00000000,8B56FF8B,006620AB,?,00000004,00000001,00679628,0000007F,?,8B56FF8B,00000001), ref: 00667198
    • __alloca_probe_16.LIBCMT ref: 006671D0
    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00667221
    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00667233
    • __freea.LIBCMT ref: 0066723C
      • Part of subcall function 006600A9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0066014F,?,00000000,?,0066BC39,?,00000004,00000004,?,?,?,00661BAE), ref: 006600DB
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
    • String ID:
    • API String ID: 1857427562-0
    • Opcode ID: 606ec8abefa814c31d1f3179b8d83165ed2a01c8280b1d541471e55fd1cbfb20
    • Instruction ID: 03f138c95a627b1bce5d870d2bb45ce4a2778c73e22070bc8d99e8f4919b5cc7
    • Opcode Fuzzy Hash: 606ec8abefa814c31d1f3179b8d83165ed2a01c8280b1d541471e55fd1cbfb20
    • Instruction Fuzzy Hash: 0331C372A0021AAFDF259F64DC55DEE7BAAEB40314F140129FC14D7250EB35CD55CB90
    Function 0066B817 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
    Download Yara Rule
    APIs
    • GetEnvironmentStringsW.KERNEL32(00000000,?,00000002,?,?,0066EB02,00000000,?,00000000,00000000), ref: 0066B820
    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0066EB02,00000000,?,00000000,00000000), ref: 0066B843
      • Part of subcall function 006600A9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0066014F,?,00000000,?,0066BC39,?,00000004,00000004,?,?,?,00661BAE), ref: 006600DB
    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0066EB02,00000000,?,00000000,00000000), ref: 0066B869
    • _free.LIBCMT ref: 0066B87C
    • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,0066EB02,00000000,?,00000000,00000000), ref: 0066B88B
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
    • String ID:
    • API String ID: 2278895681-0
    • Opcode ID: 4d771ecce36afae701e50dd26dc8f08ab7a0c65e57f703c2779530f710ade2ca
    • Instruction ID: 825165052b4f2e1219ee0c6becb3db98a54a6bb3ae1679b6791bfebb40d6f467
    • Opcode Fuzzy Hash: 4d771ecce36afae701e50dd26dc8f08ab7a0c65e57f703c2779530f710ade2ca
    • Instruction Fuzzy Hash: 9A017162601215FB272526BA6C8CDBF6A6FDEC2BA4315113DF908C3201EF618C8281B0
    Function 00663FB6 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,0065EDDF,0066016D,?,0066BC39,?,00000004,00000004,?,?,?,00661BAE,?,00000004), ref: 00663FBB
    • _free.LIBCMT ref: 00663FF0
    • _free.LIBCMT ref: 00664017
    • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,006514E6,?,006514E6), ref: 00664024
    • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,006514E6,?,006514E6), ref: 0066402D
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast$_free
    • String ID:
    • API String ID: 3170660625-0
    • Opcode ID: 0655cc4bb49a98266d82e2e69d05e62192456c83337a2025d54cefcdf18bf846
    • Instruction ID: 0be3d5474b184ed0ec8ec218e41eed9e6e592ce4905afc959567ced85cc7ff8c
    • Opcode Fuzzy Hash: 0655cc4bb49a98266d82e2e69d05e62192456c83337a2025d54cefcdf18bf846
    • Instruction Fuzzy Hash: A6012D361846227787263775AC4DEAB663FCFC1771731122DFA1492392EF318E454124
    Function 0066C5BC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • _free.LIBCMT ref: 0066C5D4
      • Part of subcall function 0066006F: HeapFree.KERNEL32(00000000,00000000,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?), ref: 00660085
      • Part of subcall function 0066006F: GetLastError.KERNEL32(?,?,0066C86F,?,00000000,?,00000000,?,0066CB13,?,00000007,?,?,0066CF41,?,?), ref: 00660097
    • _free.LIBCMT ref: 0066C5E6
    • _free.LIBCMT ref: 0066C5F8
    • _free.LIBCMT ref: 0066C60A
    • _free.LIBCMT ref: 0066C61C
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 3264fffb7defdd173b10f79a728273d7af4653ceed52b92571767d7af00c65ad
    • Instruction ID: 1038b33e85fb3f33e99665940f9ef673b28efb41cc7a48774f9d871ad3d88124
    • Opcode Fuzzy Hash: 3264fffb7defdd173b10f79a728273d7af4653ceed52b92571767d7af00c65ad
    • Instruction Fuzzy Hash: 8AF01D32554610BBD770EB59E886D6B77DFAA04B207642919F089D7742CB34FDC08B6C
    Function 0066AB3E Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
    Download Yara Rule
    APIs
    • _strpbrk.LIBCMT ref: 0066AB8D
    • _free.LIBCMT ref: 0066ACAA
      • Part of subcall function 0065CFBE: IsProcessorFeaturePresent.KERNEL32(00000017,0065CF90,00000000,?,00000004,00000004,?,?,?,?,0065CF9D,00000000,00000000,00000000,00000000,00000000), ref: 0065CFC0
      • Part of subcall function 0065CFBE: GetCurrentProcess.KERNEL32(C0000417,?), ref: 0065CFE2
      • Part of subcall function 0065CFBE: TerminateProcess.KERNEL32(00000000), ref: 0065CFE9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
    • String ID: *?$.
    • API String ID: 2812119850-3972193922
    • Opcode ID: cf95c71792693ae5162865dbda5250e3e1706bf3389bdba647625b73f359e4cf
    • Instruction ID: c72beec8f17aee700a3944c2e76e5fbfb271e7e058c75bc18003b9980a813f13
    • Opcode Fuzzy Hash: cf95c71792693ae5162865dbda5250e3e1706bf3389bdba647625b73f359e4cf
    • Instruction Fuzzy Hash: E3518D75E00209AFDF14DFA8C881AEDBBB6EF98310F24816EE854F7341E6359A018F51
    Function 00661325 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
    Download Yara Rule
    APIs
    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe,00000104), ref: 00661365
    • _free.LIBCMT ref: 00661430
    • _free.LIBCMT ref: 0066143A
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free$FileModuleName
    • String ID: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe
    • API String ID: 2506810119-561017117
    • Opcode ID: 8812e4b5c8ec973f66785d28553b31fd19f4b2dca3b70c76a3e2c81423d09394
    • Instruction ID: 090d930c6cfb11105bf7c330421719c06bddde84e04f9ea4c23ddfb80c81fa7e
    • Opcode Fuzzy Hash: 8812e4b5c8ec973f66785d28553b31fd19f4b2dca3b70c76a3e2c81423d09394
    • Instruction Fuzzy Hash: C8318171A01218FFDB21DF95D9819AEBBFEEF86710F18416AF805AB311DA718E40CB51
    Function 0066588F Relevance: 6.3, APIs: 4, Instructions: 305COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: __alldvrm$_strrchr
    • String ID:
    • API String ID: 1036877536-0
    • Opcode ID: e9997e6ca622b5d8e5ddebb4b39f324e1db3a2ec6c520b4749bc8b9c9a25c566
    • Instruction ID: 11c0dc8570ae7075bd4b750684eeca6ad442e4ef5074476c4c78fbee736b8b29
    • Opcode Fuzzy Hash: e9997e6ca622b5d8e5ddebb4b39f324e1db3a2ec6c520b4749bc8b9c9a25c566
    • Instruction Fuzzy Hash: 6EA12772900B869FEB25CF58C8927AEBBE7EF55310F1842ADE4869B381D2389D41C754
    Function 006617A6 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 40a7810891f556b9b53f3b1523b19cf72034a96b5882a0197fe05e31310f7ef9
    • Instruction ID: 64d8df9254ec49696f4015d151dacc6d314682e34a7daf835cd813cc72659844
    • Opcode Fuzzy Hash: 40a7810891f556b9b53f3b1523b19cf72034a96b5882a0197fe05e31310f7ef9
    • Instruction Fuzzy Hash: D601F2B320920A7EF7211A782CC1F67274FDB527B8B38133DB1359A2C1DF208C4041A4
    Function 006666D9 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000004,00000000,00000000,?,00666680,00000004,00000000,00000000,00000000,?,006669AC,00000006,FlsSetValue), ref: 0066670B
    • GetLastError.KERNEL32(?,00666680,00000004,00000000,00000000,00000000,?,006669AC,00000006,FlsSetValue,0067A2B8,0067A2C0,00000000,00000364,?,00664004), ref: 00666717
    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00666680,00000004,00000000,00000000,00000000,?,006669AC,00000006,FlsSetValue,0067A2B8,0067A2C0,00000000), ref: 00666725
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: LibraryLoad$ErrorLast
    • String ID:
    • API String ID: 3177248105-0
    • Opcode ID: 0c76fcbc327bd732ee19864ed5b7bb4e3dac440a1c5c328353ef6eedaac011af
    • Instruction ID: a6c5ca569b7bbf43ab58a90b0c4398b021cee4457d0ee717a67046818e21e92e
    • Opcode Fuzzy Hash: 0c76fcbc327bd732ee19864ed5b7bb4e3dac440a1c5c328353ef6eedaac011af
    • Instruction Fuzzy Hash: F501A732641226ABC7214B68FC48E967F9BAF457A5F300620FA0AE7240DB20DC11CBE0
    Function 00659024 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • ___BuildCatchObject.LIBVCRUNTIME ref: 0065903B
      • Part of subcall function 00659673: ___AdjustPointer.LIBCMT ref: 006596BD
    • _UnwindNestedFrames.LIBCMT ref: 00659052
    • ___FrameUnwindToState.LIBVCRUNTIME ref: 00659064
    • CallCatchBlock.LIBVCRUNTIME ref: 00659088
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
    • String ID:
    • API String ID: 2633735394-0
    • Opcode ID: 0d232bba07cbc9eb66637365ced26a06c59b41c4fca23e51f85320cb3de90727
    • Instruction ID: d3adf6d1e8cff9a65c6f98d0572396fe4338013b5f7492319002faa45941cc72
    • Opcode Fuzzy Hash: 0d232bba07cbc9eb66637365ced26a06c59b41c4fca23e51f85320cb3de90727
    • Instruction Fuzzy Hash: 59012932400109FBCF126F55CC01EDA3BBAFF48755F044518FD5862161D736E865DBA4
    Function 0065C42D Relevance: 6.0, APIs: 4, Instructions: 14COMMON
    Download Yara Rule
    APIs
    • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 0065C42D
    • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0065C432
    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0065C437
      • Part of subcall function 0065CABC: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0065CACD
    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 0065C44C
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
    • String ID:
    • API String ID: 1761009282-0
    • Opcode ID: 605671bdbb1800db3d0951034b0fe2e6eb947864f706e70377adead6fb81878b
    • Instruction ID: f89e8f3b0dc1a8476d13ffb51845370f6aef7c4ab586d9400adf9b353b15ce5d
    • Opcode Fuzzy Hash: 605671bdbb1800db3d0951034b0fe2e6eb947864f706e70377adead6fb81878b
    • Instruction Fuzzy Hash: F9C04C241403091CECD07A782262AFD1B831C637FBF9120CDECD1271079D06044F617B
    Function 0066077D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
    Download Yara Rule
    APIs
    • __startOneArgErrorHandling.LIBCMT ref: 0066080D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorHandling__start
    • String ID: pow
    • API String ID: 3213639722-2276729525
    • Opcode ID: 0095a5a0c56c0d739680e8c5ea4f0750be70d1cbf04e195bb51f4afe38911abd
    • Instruction ID: 2b4f7acf2308b03e92b825c9f4ece07812c0630f83ae4cd8dccd073165e69763
    • Opcode Fuzzy Hash: 0095a5a0c56c0d739680e8c5ea4f0750be70d1cbf04e195bb51f4afe38911abd
    • Instruction Fuzzy Hash: 9A513B71A0810296EB15BB94C9053EF2BE7DB80710F249D7CE096923A9EE358CD5DEC7
    Function 0066E97A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: __dosmaperr_free
    • String ID: SystemRoot
    • API String ID: 3116789124-2034820756
    • Opcode ID: 5c77ce40c2223088e783fe163e8232666183dd08007ab8a5607f31c5d53857f2
    • Instruction ID: f6db709fba959253bcb6d6e6c40c0eda4e8af2f46ced6f2cf2ed3c6596431da0
    • Opcode Fuzzy Hash: 5c77ce40c2223088e783fe163e8232666183dd08007ab8a5607f31c5d53857f2
    • Instruction Fuzzy Hash: DD213D3A6042109FEF298E68C8417B9B7A7EF92725F19826DF8449F346D6339D02C751
    Function 0066D61A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0066D875,006820C0,00000050,?,?,?,?,?), ref: 0066D6F5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: ACP$OCP
    • API String ID: 0-711371036
    • Opcode ID: 0c513624d4df78d6738727015a015bcd0e99b0814863aca80fc180e055d55f7a
    • Instruction ID: 5638f26652264431328f118eab2b2435b7bbe3ece18a4152e565fe0f14cf1eed
    • Opcode Fuzzy Hash: 0c513624d4df78d6738727015a015bcd0e99b0814863aca80fc180e055d55f7a
    • Instruction Fuzzy Hash: BD21C262F00505A6DB348F68C905BEB73A7AB94B54F568524E90DDB305FB32DE41C394
    Function 0065F063 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: _free
    • String ID: 01h
    • API String ID: 269201875-1579078234
    • Opcode ID: 4aed8a1440ab63f86b15cec7e722c0231f3ad21fa553b8a1fe949919cddf8f96
    • Instruction ID: ab1974bb278515c45c6dc983a360302421cf8232c759bd518d4dda3f90c4f30a
    • Opcode Fuzzy Hash: 4aed8a1440ab63f86b15cec7e722c0231f3ad21fa553b8a1fe949919cddf8f96
    • Instruction Fuzzy Hash: 3211B2B1A50211ABDB30AF28BC16B5737DBA751771F18133AF960CB2D5EB70C8468784
    Function 00652199 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00652169
      • Part of subcall function 0065A0D6: RaiseException.KERNEL32(?,?,006557D8,B164CD04,B164CD04,00000000,00000000,?,?,?,?,006557D8,B164CD04,00681A4C,00000000,B164CD04), ref: 0065A135
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006521DD
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00652207
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw$ExceptionRaise
    • String ID: (Cg$ios_base::badbit set
    • API String ID: 3476068407-3065900072
    • Opcode ID: e56cc72bc807c624126bb887b7600a504bb7cf1ea79dda911a32efd0bb5d26a6
    • Instruction ID: dc79bf71d35e5957668f3365b19b2a21db9f44d3bf2e89509c737c08a23b5453
    • Opcode Fuzzy Hash: e56cc72bc807c624126bb887b7600a504bb7cf1ea79dda911a32efd0bb5d26a6
    • Instruction Fuzzy Hash: 94118E74A006079FEB54CF58C4A1BA9F7F2BF4131AF188158D90AAB342C774ED89CB80
    Function 006523D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
    Download Yara Rule
    APIs
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006523A9
      • Part of subcall function 0065A0D6: RaiseException.KERNEL32(?,?,006557D8,B164CD04,B164CD04,00000000,00000000,?,?,?,?,006557D8,B164CD04,00681A4C,00000000,B164CD04), ref: 0065A135
    • __CxxThrowException@8.LIBVCRUNTIME ref: 0065241D
    • __CxxThrowException@8.LIBVCRUNTIME ref: 00652447
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: Exception@8Throw$ExceptionRaise
    • String ID: (Cg$ios_base::badbit set
    • API String ID: 3476068407-3065900072
    • Opcode ID: 2cba78c4460ccf9f6f96eb233115569495d50f80cebe21b896346eda13ddce63
    • Instruction ID: a4c0866119fd23ae11b312b65a3fcedfc21ad4ab68eafe9e2496f0f764460271
    • Opcode Fuzzy Hash: 2cba78c4460ccf9f6f96eb233115569495d50f80cebe21b896346eda13ddce63
    • Instruction Fuzzy Hash: 75113C71A002069FEB54CF58C495BA9F7F2BF4131AF188159D806AB352D778EC89CB94
    Function 0066B4CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
    Download Yara Rule
    APIs
      • Part of subcall function 00663F32: GetLastError.KERNEL32(B164CD04,00000000,0065E957,?,?,00655802,00000000,?,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663F36
      • Part of subcall function 00663F32: _free.LIBCMT ref: 00663F69
      • Part of subcall function 00663F32: SetLastError.KERNEL32(00000000,?,00681A88,?,?,?,00000000,B164CD04), ref: 00663FAA
      • Part of subcall function 00663F32: _abort.LIBCMT ref: 00663FB0
    • _abort.LIBCMT ref: 0066B4FE
    • _free.LIBCMT ref: 0066B532
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLast_abort_free
    • String ID: x6h
    • API String ID: 289325740-1876334821
    • Opcode ID: 880382050fd2b8269a7fd33ccf0c64e798f435406a758ac25cdbdeb05eeb84d0
    • Instruction ID: 78fbcd38941d850eea0667c6a8b8c8f43818935b91f933e9efa5ec2ee1ee5438
    • Opcode Fuzzy Hash: 880382050fd2b8269a7fd33ccf0c64e798f435406a758ac25cdbdeb05eeb84d0
    • Instruction Fuzzy Hash: 2B01C471C01632EBCB21AF1C84016E9B3A3EF04B21B05120DF855E3391CB306E818FC6
    Function 00656809 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
    Download Yara Rule
    APIs
    • std::ios_base::failure::failure.LIBCPMT ref: 00656866
    • __CxxThrowException@8.LIBVCRUNTIME ref: 006568A3
      • Part of subcall function 0065F1E1: LeaveCriticalSection.KERNEL32(?,?,0065F60E,?,0065F5FB,?,?,?,00681F38,00000010,00655F30,?), ref: 0065F1ED
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: CriticalException@8LeaveSectionThrowstd::ios_base::failure::failure
    • String ID: ios_base::badbit set
    • API String ID: 1348848583-3882152299
    • Opcode ID: e57f1d2ceefc6ca14b7b4e51f9fe8e509956f4d9fbca2258fa937bf635f13ace
    • Instruction ID: 773425a874cd0331f044d388053ac68247270de73a2c6114a611ff5bc90f0865
    • Opcode Fuzzy Hash: e57f1d2ceefc6ca14b7b4e51f9fe8e509956f4d9fbca2258fa937bf635f13ace
    • Instruction Fuzzy Hash: 28D0A7215245456ACB54E2D0EC568BE662A4810323FB0800DFC125ACC2DA41060FE235
    Function 006674D0 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,00673A30,00673A30,00000000,00000000,00000000,?,00000000), ref: 00667566
    • GetLastError.KERNEL32 ref: 00667574
    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 006675CF
    Memory Dump Source
    • Source File: 00000000.00000002.3118861829.0000000000651000.00000020.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
    • Associated: 00000000.00000002.3118809092.0000000000650000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118893905.0000000000674000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118915516.0000000000683000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118932880.0000000000685000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.3118950265.0000000000687000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_650000_SecuriteInfo.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLast
    • String ID:
    • API String ID: 1717984340-0
    • Opcode ID: 16f1dadf8df9fed6195f28f872c153c21f0f2ed0f832e7010f358338f0035fc0
    • Instruction ID: aff105892c95d84a5d6025023c369e27380a9899442b23e15e3f02d510c5a386
    • Opcode Fuzzy Hash: 16f1dadf8df9fed6195f28f872c153c21f0f2ed0f832e7010f358338f0035fc0
    • Instruction Fuzzy Hash: 6C410A31618646AFCF258F68C844AFA7BB7EF01328F2541ADF85997291DF309D05CBA0