Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
antispam_account.exe

Overview

General Information

Sample name:antispam_account.exe
Analysis ID:1533406
MD5:ceef2ab4f8f6993c358ea309f87a96f5
SHA1:dccca05c9833b78dc75c7045e80056b35815ae93
SHA256:d30cab7db9542e23b3371e20d16758d0930e9d021e67745f6c53fd88135b6873
Tags:exeuser-Racco42
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • antispam_account.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\antispam_account.exe" MD5: CEEF2AB4F8F6993C358EA309F87A96F5)
    • conhost.exe (PID: 7276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: antispam_account.exeReversingLabs: Detection: 23%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 90.9% probability
Source: antispam_account.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\lfkmf\source\repos\AddMachineAccount\x64\Release\AddMachineAccount.pdb source: antispam_account.exe
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49EAC4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69E49EAC4
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4910D00_2_00007FF69E4910D0
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49734C0_2_00007FF69E49734C
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E496F3C0_2_00007FF69E496F3C
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4980980_2_00007FF69E498098
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49E06C0_2_00007FF69E49E06C
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4969280_2_00007FF69E496928
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4971480_2_00007FF69E497148
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E496D380_2_00007FF69E496D38
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49D5580_2_00007FF69E49D558
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49B2000_2_00007FF69E49B200
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4A6A280_2_00007FF69E4A6A28
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4A26200_2_00007FF69E4A2620
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49D9EC0_2_00007FF69E49D9EC
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E498A380_2_00007FF69E498A38
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E498E700_2_00007FF69E498E70
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E496B2C0_2_00007FF69E496B2C
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49EAC40_2_00007FF69E49EAC4
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4A2ABC0_2_00007FF69E4A2ABC
Source: classification engineClassification label: mal52.winEXE@2/1@0/0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7276:120:WilError_03
Source: antispam_account.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\antispam_account.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: antispam_account.exeReversingLabs: Detection: 23%
Source: unknownProcess created: C:\Users\user\Desktop\antispam_account.exe "C:\Users\user\Desktop\antispam_account.exe"
Source: C:\Users\user\Desktop\antispam_account.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: activeds.dllJump to behavior
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Users\user\Desktop\antispam_account.exeSection loaded: kernel.appcore.dllJump to behavior
Source: antispam_account.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: antispam_account.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: antispam_account.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\lfkmf\source\repos\AddMachineAccount\x64\Release\AddMachineAccount.pdb source: antispam_account.exe
Source: antispam_account.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: antispam_account.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: antispam_account.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: antispam_account.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: antispam_account.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4910D0 LoadLibraryA,GetProcAddress,DsGetDcNameW,CoInitializeEx,IIDFromString,IIDFromString,VariantInit,GetProcAddress,CharLowerW,NetApiBufferFree,CoUninitialize,0_2_00007FF69E4910D0
Source: antispam_account.exeStatic PE information: section name: _RDATA
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49EAC4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69E49EAC4
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E491F90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69E491F90
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4910D0 LoadLibraryA,GetProcAddress,DsGetDcNameW,CoInitializeEx,IIDFromString,IIDFromString,VariantInit,GetProcAddress,CharLowerW,NetApiBufferFree,CoUninitialize,0_2_00007FF69E4910D0
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4A0FF4 GetProcessHeap,0_2_00007FF69E4A0FF4
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E491F90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69E491F90
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E49C06C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69E49C06C
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E492134 SetUnhandledExceptionFilter,0_2_00007FF69E492134
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E491AB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF69E491AB4
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E4A6870 cpuid 0_2_00007FF69E4A6870
Source: C:\Users\user\Desktop\antispam_account.exeCode function: 0_2_00007FF69E491E70 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF69E491E70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Process Injection		1
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
DLL Side-Loading		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1533406 Sample: antispam_account.exe Startdate: 14/10/2024 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 AI detected suspicious sample 2->12 6 antispam_account.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
antispam_account.exe24%ReversingLabsWin64.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1533406
Start date and time:2024-10-14 17:22:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:antispam_account.exe
Detection:MAL
Classification:mal52.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 97%
  • Number of executed functions: 11
  • Number of non-executed functions: 40
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: antispam_account.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\antispam_account.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):30
Entropy (8bit):3.8062389286533893
Encrypted:false
SSDEEP:3:BOzReDRF6M+iFM3KL:U0Rl+iFnL
MD5:F0681ECA3C959C32563A58507B635587
SHA1:E4761D465B8B9A917C2A343A8DC8D99668DB10CB
SHA-256:9B811EC037ACC225656AEF2EBE45028FEAC63CAF4C2F55CAC5D5641C9BD6A8D0
SHA-512:00BF6E14094A685505ED184597B095C67D97D412B6E8A0FC125CF4425E731123F1F41C9D388507A0A121D2E69ED45A1C222E4E7295A2007B809D37884326D011
Malicious:false
Reputation:low
Preview:Failed to get domain/dns info.

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.209371083393372
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:antispam_account.exe
File size:152'064 bytes
MD5:ceef2ab4f8f6993c358ea309f87a96f5
SHA1:dccca05c9833b78dc75c7045e80056b35815ae93
SHA256:d30cab7db9542e23b3371e20d16758d0930e9d021e67745f6c53fd88135b6873
SHA512:7004b759de8f31064cd8dca8b056b351c852a43bf5f42cc335984cbd7fc5127515535db603dca18edf7eedc2215e278f2650d3c853e29e488d9d2e46420d1cda
SSDEEP:3072:i6RB21BKUFhj8g38ynuIXbRBaW/Cfs9a9xNaRl:Z21BKUFhognPXbzrCX9TIl
TLSH:ADE36C0773E531F9E1778278C9615956EB72B8320720EB9F07A452762F232C19E3EB61
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.G...G...G.......B...............M...G...F....q..o....q..W....q..V.......L...G...%....r..F....r..F....r..F...RichG..........

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x140001aa0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66F9226F [Sun Sep 29 09:48:31 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:369e408dda3fe749f300537480ac9648

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F7574BEE15Ch
dec eax
add esp, 28h
jmp 00007F7574BEDC07h
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [000175BBh]
dec eax
mov ecx, ebx
call dword ptr [000175AAh]
call dword ptr [000175B4h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [000175A8h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [0001759Ch]
test eax, eax
je 00007F7574BEDD99h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [00023072h]
call 00007F7574BEDE3Eh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [00023159h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [000230E9h], eax
dec eax
mov eax, dword ptr [00023142h]
dec eax
mov dword ptr [00022FB3h], eax
dec eax
mov eax, dword ptr [esp+40h]
dec eax
mov dword ptr [000230B7h], eax
mov dword ptr [00022F8Dh], C0000409h
mov dword ptr [00022F87h], 00000001h
mov dword ptr [00022F91h], 00000001h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x234d40x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x290000x1e0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x260000x1374.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2a0000x67c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x219d00x70.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x218900x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x190000x2b8.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x171900x17200aa847e1a68f5ed040937a40cb4a72d35False0.5508657094594595data6.513984672774974IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x190000xae120xb00014edd490b7752bedc3e7ca846a995ecaFalse0.4627352627840909data4.973559381618019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x240000x1db00xc0051a272b09c454fa33bdfd82ee498eb2dFalse0.13899739583333334data1.9245535089736694IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x260000x13740x140079eb0578d84bc30e6e05e13676033e50False0.4736328125PEX Binary Archive5.044588799850373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x280000x1f40x20009997816be71bf515d5cfa9120306593False0.515625data3.6758072665844157IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x290000x1e00x2007062a687748df9836bb994cee16a170aFalse0.53125data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x2a0000x67c0x8009802de97d35cad1973a2df190f56cc3cFalse0.51611328125data4.91912831966337IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x290600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

Imports

DLLImport
KERNEL32.dllLoadLibraryA, GetProcAddress, WriteConsoleW, CreateFileW, CloseHandle, HeapReAlloc, HeapSize, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetStringTypeW, GetProcessHeap
USER32.dllCharLowerW
ole32.dllCoUninitialize, IIDFromString, CoInitializeEx
OLEAUT32.dllVariantInit
NETAPI32.dllDsGetDcNameW, NetApiBufferFree

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:11:23:01
Start date:14/10/2024
Path:C:\Users\user\Desktop\antispam_account.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\antispam_account.exe"
Imagebase:0x7ff69e490000
File size:152'064 bytes
MD5 hash:CEEF2AB4F8F6993C358EA309F87A96F5
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:1
Start time:11:23:01
Start date:14/10/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6ee680000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:5.1%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:10%
    Total number of Nodes:1204
    Total number of Limit Nodes:21
    execution_graph 9124 7ff69e494010 9125 7ff69e49403d __except_validate_context_record 9124->9125 9126 7ff69e49287c _CreateFrameInfo 56 API calls 9125->9126 9127 7ff69e494042 9126->9127 9130 7ff69e49409c 9127->9130 9131 7ff69e49412a 9127->9131 9144 7ff69e4940f0 9127->9144 9128 7ff69e494198 9128->9144 9186 7ff69e493790 9128->9186 9129 7ff69e494117 9171 7ff69e492e08 9129->9171 9130->9129 9134 7ff69e4940be 9130->9134 9135 7ff69e4940f5 9130->9135 9130->9144 9137 7ff69e494149 9131->9137 9180 7ff69e493204 9131->9180 9147 7ff69e493394 9134->9147 9135->9129 9139 7ff69e4940cd 9135->9139 9137->9128 9137->9144 9183 7ff69e493218 9137->9183 9141 7ff69e494241 9139->9141 9142 7ff69e4940df 9139->9142 9143 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9141->9143 9152 7ff69e4945a8 9142->9152 9145 7ff69e494246 9143->9145 9148 7ff69e4933a2 9147->9148 9149 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9148->9149 9151 7ff69e4933b3 9148->9151 9150 7ff69e4933f9 9149->9150 9151->9139 9153 7ff69e493204 Is_bad_exception_allowed 56 API calls 9152->9153 9154 7ff69e4945d7 9153->9154 9248 7ff69e4932f0 9154->9248 9157 7ff69e49287c _CreateFrameInfo 56 API calls 9169 7ff69e4945f4 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 9157->9169 9158 7ff69e4946eb 9159 7ff69e49287c _CreateFrameInfo 56 API calls 9158->9159 9161 7ff69e4946f0 9159->9161 9160 7ff69e494726 9162 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9160->9162 9163 7ff69e49287c _CreateFrameInfo 56 API calls 9161->9163 9165 7ff69e4946fb 9161->9165 9162->9165 9163->9165 9164 7ff69e494708 __FrameHandler3::GetHandlerSearchState 9164->9144 9165->9164 9167 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9165->9167 9166 7ff69e493204 56 API calls Is_bad_exception_allowed 9166->9169 9168 7ff69e494731 9167->9168 9169->9158 9169->9160 9169->9166 9252 7ff69e49322c 9169->9252 9255 7ff69e492e6c 9171->9255 9178 7ff69e4945a8 __FrameHandler3::FrameUnwindToEmptyState 56 API calls 9179 7ff69e492e5c 9178->9179 9179->9144 9181 7ff69e49287c _CreateFrameInfo 56 API calls 9180->9181 9182 7ff69e49320d 9181->9182 9182->9137 9184 7ff69e49287c _CreateFrameInfo 56 API calls 9183->9184 9185 7ff69e493221 9184->9185 9185->9128 9269 7ff69e494734 9186->9269 9188 7ff69e493c57 9189 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9188->9189 9191 7ff69e493c5d 9189->9191 9190 7ff69e4938d6 9192 7ff69e493ba8 9190->9192 9194 7ff69e49390e 9190->9194 9192->9188 9193 7ff69e493ba6 9192->9193 9332 7ff69e493c60 9192->9332 9196 7ff69e49287c _CreateFrameInfo 56 API calls 9193->9196 9197 7ff69e493ad5 9194->9197 9297 7ff69e492f3c 9194->9297 9200 7ff69e493bea 9196->9200 9197->9193 9205 7ff69e493af6 9197->9205 9207 7ff69e493204 Is_bad_exception_allowed 56 API calls 9197->9207 9198 7ff69e49287c _CreateFrameInfo 56 API calls 9202 7ff69e49383d 9198->9202 9200->9188 9203 7ff69e493bf1 9200->9203 9202->9203 9208 7ff69e49287c _CreateFrameInfo 56 API calls 9202->9208 9204 7ff69e491820 _log10_special 8 API calls 9203->9204 9206 7ff69e493bfd 9204->9206 9205->9193 9211 7ff69e493b18 9205->9211 9324 7ff69e492ddc 9205->9324 9206->9144 9207->9205 9210 7ff69e49384d 9208->9210 9212 7ff69e49287c _CreateFrameInfo 56 API calls 9210->9212 9211->9193 9213 7ff69e493b2e 9211->9213 9214 7ff69e493c3a 9211->9214 9215 7ff69e493856 9212->9215 9216 7ff69e493b39 9213->9216 9220 7ff69e493204 Is_bad_exception_allowed 56 API calls 9213->9220 9217 7ff69e49287c _CreateFrameInfo 56 API calls 9214->9217 9281 7ff69e493244 9215->9281 9223 7ff69e4947cc 56 API calls 9216->9223 9221 7ff69e493c40 9217->9221 9220->9216 9224 7ff69e49287c _CreateFrameInfo 56 API calls 9221->9224 9222 7ff69e493218 56 API calls 9238 7ff69e49393d 9222->9238 9226 7ff69e493b50 9223->9226 9225 7ff69e493c49 9224->9225 9228 7ff69e49b70c 47 API calls 9225->9228 9226->9193 9230 7ff69e492e6c __FrameHandler3::FrameUnwindToEmptyState 48 API calls 9226->9230 9227 7ff69e49287c _CreateFrameInfo 56 API calls 9229 7ff69e493898 9227->9229 9228->9188 9229->9190 9232 7ff69e49287c _CreateFrameInfo 56 API calls 9229->9232 9231 7ff69e493b6a 9230->9231 9329 7ff69e493070 RtlUnwindEx 9231->9329 9234 7ff69e4938a4 9232->9234 9236 7ff69e49287c _CreateFrameInfo 56 API calls 9234->9236 9237 7ff69e4938ad 9236->9237 9284 7ff69e4947cc 9237->9284 9238->9197 9238->9222 9303 7ff69e493ed0 9238->9303 9317 7ff69e4936bc 9238->9317 9242 7ff69e4938c1 9293 7ff69e4948bc 9242->9293 9244 7ff69e493c34 9245 7ff69e49b70c 47 API calls 9244->9245 9245->9214 9246 7ff69e4938c9 __CxxCallCatchBlock std::bad_alloc::bad_alloc 9246->9244 9350 7ff69e494ab8 9246->9350 9249 7ff69e493312 9248->9249 9250 7ff69e493307 9248->9250 9249->9157 9251 7ff69e493394 __GetCurrentState 47 API calls 9250->9251 9251->9249 9253 7ff69e49287c _CreateFrameInfo 56 API calls 9252->9253 9254 7ff69e49323a 9253->9254 9254->9169 9256 7ff69e49338c __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9255->9256 9257 7ff69e492e9a 9256->9257 9258 7ff69e492e27 9257->9258 9259 7ff69e492ec4 RtlLookupFunctionEntry 9257->9259 9260 7ff69e49338c 9258->9260 9259->9257 9261 7ff69e493394 9260->9261 9262 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9261->9262 9264 7ff69e492e35 9261->9264 9263 7ff69e4933f9 9262->9263 9265 7ff69e492d78 9264->9265 9267 7ff69e492dc3 9265->9267 9268 7ff69e492d98 9265->9268 9266 7ff69e49287c _CreateFrameInfo 56 API calls 9266->9268 9267->9178 9268->9266 9268->9267 9270 7ff69e49338c __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9269->9270 9271 7ff69e494759 9270->9271 9272 7ff69e492e6c __FrameHandler3::FrameUnwindToEmptyState 48 API calls 9271->9272 9273 7ff69e49476e 9272->9273 9355 7ff69e493318 9273->9355 9276 7ff69e494780 __FrameHandler3::GetHandlerSearchState 9358 7ff69e493350 9276->9358 9277 7ff69e4947a3 9278 7ff69e493318 __GetUnwindTryBlock 48 API calls 9277->9278 9279 7ff69e4937f1 9278->9279 9279->9188 9279->9190 9279->9198 9282 7ff69e49287c _CreateFrameInfo 56 API calls 9281->9282 9283 7ff69e493252 9282->9283 9283->9188 9283->9227 9285 7ff69e4948b3 9284->9285 9292 7ff69e4947f7 9284->9292 9287 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9285->9287 9286 7ff69e4938bd 9286->9190 9286->9242 9288 7ff69e4948b8 9287->9288 9289 7ff69e493218 56 API calls 9289->9292 9290 7ff69e493204 Is_bad_exception_allowed 56 API calls 9290->9292 9291 7ff69e493ed0 56 API calls 9291->9292 9292->9286 9292->9289 9292->9290 9292->9291 9294 7ff69e494929 9293->9294 9296 7ff69e4948d9 Is_bad_exception_allowed 9293->9296 9294->9246 9295 7ff69e493204 56 API calls Is_bad_exception_allowed 9295->9296 9296->9294 9296->9295 9298 7ff69e49338c __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9297->9298 9299 7ff69e492f7a 9298->9299 9300 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9299->9300 9302 7ff69e492f88 9299->9302 9301 7ff69e49306c 9300->9301 9302->9238 9304 7ff69e493efd 9303->9304 9316 7ff69e493f8c 9303->9316 9305 7ff69e493204 Is_bad_exception_allowed 56 API calls 9304->9305 9306 7ff69e493f06 9305->9306 9307 7ff69e493204 Is_bad_exception_allowed 56 API calls 9306->9307 9308 7ff69e493f1f 9306->9308 9306->9316 9307->9308 9309 7ff69e493f4b 9308->9309 9310 7ff69e493204 Is_bad_exception_allowed 56 API calls 9308->9310 9308->9316 9311 7ff69e493218 56 API calls 9309->9311 9310->9309 9312 7ff69e493f5f 9311->9312 9313 7ff69e493f78 9312->9313 9314 7ff69e493204 Is_bad_exception_allowed 56 API calls 9312->9314 9312->9316 9315 7ff69e493218 56 API calls 9313->9315 9314->9313 9315->9316 9316->9238 9318 7ff69e492e6c __FrameHandler3::FrameUnwindToEmptyState 48 API calls 9317->9318 9319 7ff69e4936f9 9318->9319 9320 7ff69e493204 Is_bad_exception_allowed 56 API calls 9319->9320 9321 7ff69e493731 9320->9321 9322 7ff69e493070 9 API calls 9321->9322 9323 7ff69e493775 9322->9323 9323->9238 9325 7ff69e49338c __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9324->9325 9326 7ff69e492df0 9325->9326 9327 7ff69e492d78 __FrameHandler3::FrameUnwindToEmptyState 56 API calls 9326->9327 9328 7ff69e492dfa 9327->9328 9328->9211 9330 7ff69e491820 _log10_special 8 API calls 9329->9330 9331 7ff69e49316a 9330->9331 9331->9193 9333 7ff69e493c99 9332->9333 9334 7ff69e493eac 9332->9334 9335 7ff69e49287c _CreateFrameInfo 56 API calls 9333->9335 9334->9193 9336 7ff69e493c9e 9335->9336 9337 7ff69e493cbd EncodePointer 9336->9337 9346 7ff69e493d10 9336->9346 9340 7ff69e49287c _CreateFrameInfo 56 API calls 9337->9340 9338 7ff69e493d30 9341 7ff69e492f3c 47 API calls 9338->9341 9339 7ff69e493ec7 9342 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9339->9342 9344 7ff69e493ccd 9340->9344 9348 7ff69e493d52 9341->9348 9343 7ff69e493ecc 9342->9343 9344->9346 9361 7ff69e492d24 9344->9361 9346->9334 9346->9338 9346->9339 9347 7ff69e4936bc 58 API calls 9347->9348 9348->9334 9348->9347 9349 7ff69e493204 56 API calls Is_bad_exception_allowed 9348->9349 9349->9348 9351 7ff69e494ad7 9350->9351 9352 7ff69e494b00 RtlPcToFileHeader 9351->9352 9353 7ff69e494b22 RaiseException 9351->9353 9354 7ff69e494b18 9352->9354 9353->9244 9354->9353 9356 7ff69e492e6c __FrameHandler3::FrameUnwindToEmptyState 48 API calls 9355->9356 9357 7ff69e49332b 9356->9357 9357->9276 9357->9277 9359 7ff69e492e6c __FrameHandler3::FrameUnwindToEmptyState 48 API calls 9358->9359 9360 7ff69e49336a 9359->9360 9360->9279 9362 7ff69e49287c _CreateFrameInfo 56 API calls 9361->9362 9363 7ff69e492d50 9362->9363 9363->9346 9011 7ff69e4a7d50 9014 7ff69e49a2d8 9011->9014 9015 7ff69e49bdcc _set_fmode 11 API calls 9014->9015 9016 7ff69e49a2f6 9015->9016 9364 7ff69e4a7010 9365 7ff69e4a7048 __GSHandlerCheckCommon 9364->9365 9366 7ff69e4a7074 9365->9366 9368 7ff69e49325c 9365->9368 9369 7ff69e49287c _CreateFrameInfo 56 API calls 9368->9369 9370 7ff69e493286 9369->9370 9371 7ff69e49287c _CreateFrameInfo 56 API calls 9370->9371 9372 7ff69e493293 9371->9372 9373 7ff69e49287c _CreateFrameInfo 56 API calls 9372->9373 9374 7ff69e49329c 9373->9374 9374->9366 9375 7ff69e4a6210 9376 7ff69e4a6221 CloseHandle 9375->9376 9377 7ff69e4a6227 9375->9377 9376->9377 9743 7ff69e4a80d0 9744 7ff69e4a80df 9743->9744 9745 7ff69e4a80e9 9743->9745 9747 7ff69e4a0318 LeaveCriticalSection 9744->9747 9700 7ff69e491a52 9701 7ff69e4920e0 GetModuleHandleW 9700->9701 9702 7ff69e491a59 __FrameHandler3::FrameUnwindToEmptyState 9701->9702 9017 7ff69e49bf54 9018 7ff69e49bf64 9017->9018 9019 7ff69e49bdcc _set_fmode 11 API calls 9018->9019 9020 7ff69e49bf6f __vcrt_uninitialize_ptd 9018->9020 9019->9020 9748 7ff69e49bad4 9749 7ff69e49baee 9748->9749 9750 7ff69e49bad9 9748->9750 9754 7ff69e49baf4 9750->9754 9755 7ff69e49bb3e 9754->9755 9756 7ff69e49bb36 9754->9756 9758 7ff69e49c4c4 __free_lconv_num 11 API calls 9755->9758 9757 7ff69e49c4c4 __free_lconv_num 11 API calls 9756->9757 9757->9755 9759 7ff69e49bb4b 9758->9759 9760 7ff69e49c4c4 __free_lconv_num 11 API calls 9759->9760 9761 7ff69e49bb58 9760->9761 9762 7ff69e49c4c4 __free_lconv_num 11 API calls 9761->9762 9763 7ff69e49bb65 9762->9763 9764 7ff69e49c4c4 __free_lconv_num 11 API calls 9763->9764 9765 7ff69e49bb72 9764->9765 9766 7ff69e49c4c4 __free_lconv_num 11 API calls 9765->9766 9767 7ff69e49bb7f 9766->9767 9768 7ff69e49c4c4 __free_lconv_num 11 API calls 9767->9768 9769 7ff69e49bb8c 9768->9769 9770 7ff69e49c4c4 __free_lconv_num 11 API calls 9769->9770 9771 7ff69e49bb99 9770->9771 9772 7ff69e49c4c4 __free_lconv_num 11 API calls 9771->9772 9773 7ff69e49bba9 9772->9773 9774 7ff69e49c4c4 __free_lconv_num 11 API calls 9773->9774 9775 7ff69e49bbb9 9774->9775 9780 7ff69e49b9a4 9775->9780 9794 7ff69e4a02c4 EnterCriticalSection 9780->9794 8973 7ff69e4a7d86 8974 7ff69e4a7d9e 8973->8974 8980 7ff69e4a7e09 8973->8980 8974->8980 8981 7ff69e49287c 8974->8981 8977 7ff69e49287c _CreateFrameInfo 56 API calls 8978 7ff69e4a7e00 8977->8978 8979 7ff69e49b70c 47 API calls 8978->8979 8979->8980 8987 7ff69e492898 8981->8987 8984 7ff69e49288a 8984->8977 8985 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 8986 7ff69e492894 8985->8986 8988 7ff69e492885 8987->8988 8989 7ff69e4928b7 GetLastError 8987->8989 8988->8984 8988->8985 8999 7ff69e492c24 8989->8999 9000 7ff69e492a44 __vcrt_FlsAlloc 5 API calls 8999->9000 9001 7ff69e492c4b TlsGetValue 9000->9001 9735 7ff69e491908 9742 7ff69e492134 SetUnhandledExceptionFilter 9735->9742 9592 7ff69e49b5cc 9595 7ff69e49ab80 9592->9595 9602 7ff69e49ab0c 9595->9602 9600 7ff69e49aa0c 11 API calls 9601 7ff69e49abb3 9600->9601 9603 7ff69e49ab21 9602->9603 9604 7ff69e49ab1c 9602->9604 9606 7ff69e49ab28 9603->9606 9605 7ff69e49aa0c 11 API calls 9604->9605 9605->9603 9607 7ff69e49ab38 9606->9607 9608 7ff69e49ab3d 9606->9608 9609 7ff69e49aa0c 11 API calls 9607->9609 9608->9600 9609->9608 9796 7ff69e4a7ebf 9799 7ff69e494524 9796->9799 9800 7ff69e49453e 9799->9800 9802 7ff69e49458b 9799->9802 9801 7ff69e49287c _CreateFrameInfo 56 API calls 9800->9801 9800->9802 9801->9802 9003 7ff69e4a7f80 9004 7ff69e49287c _CreateFrameInfo 56 API calls 9003->9004 9005 7ff69e4a7f8e 9004->9005 9006 7ff69e4a7f99 9005->9006 9007 7ff69e49287c _CreateFrameInfo 56 API calls 9005->9007 9007->9006 9378 7ff69e49ca00 9379 7ff69e49ca39 9378->9379 9381 7ff69e49ca0a 9378->9381 9380 7ff69e49ca1f FreeLibrary 9380->9381 9381->9379 9381->9380 9803 7ff69e495ac3 9804 7ff69e495b48 9803->9804 9805 7ff69e49c44c _set_fmode 11 API calls 9804->9805 9806 7ff69e495b89 9805->9806 9807 7ff69e49c4c4 __free_lconv_num 11 API calls 9806->9807 9808 7ff69e495b97 9807->9808 9809 7ff69e49c44c _set_fmode 11 API calls 9808->9809 9813 7ff69e495bc1 9808->9813 9810 7ff69e495bb3 9809->9810 9812 7ff69e49c4c4 __free_lconv_num 11 API calls 9810->9812 9811 7ff69e49c820 6 API calls 9811->9813 9812->9813 9813->9811 9814 7ff69e495bca 9813->9814 9021 7ff69e492144 9022 7ff69e492178 9021->9022 9023 7ff69e49215c 9021->9023 9023->9022 9030 7ff69e492784 9023->9030 9028 7ff69e49b70c 47 API calls 9029 7ff69e49219e 9028->9029 9031 7ff69e49287c _CreateFrameInfo 56 API calls 9030->9031 9032 7ff69e49218a 9031->9032 9033 7ff69e492798 9032->9033 9034 7ff69e49287c _CreateFrameInfo 56 API calls 9033->9034 9035 7ff69e492196 9034->9035 9035->9028 9815 7ff69e4946c4 9826 7ff69e4945f7 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 9815->9826 9816 7ff69e4946eb 9817 7ff69e49287c _CreateFrameInfo 56 API calls 9816->9817 9819 7ff69e4946f0 9817->9819 9818 7ff69e494726 9820 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9818->9820 9821 7ff69e49287c _CreateFrameInfo 56 API calls 9819->9821 9823 7ff69e4946fb 9819->9823 9820->9823 9821->9823 9822 7ff69e494708 __FrameHandler3::GetHandlerSearchState 9823->9822 9824 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9823->9824 9825 7ff69e494731 9824->9825 9826->9816 9826->9818 9827 7ff69e493204 56 API calls Is_bad_exception_allowed 9826->9827 9828 7ff69e49322c __FrameHandler3::FrameUnwindToEmptyState 56 API calls 9826->9828 9827->9826 9828->9826 9829 7ff69e49eac4 9830 7ff69e49eb04 9829->9830 9840 7ff69e49eb1c 9829->9840 9831 7ff69e49c42c _set_fmode 11 API calls 9830->9831 9833 7ff69e49eb09 9831->9833 9832 7ff69e49ed4c 9835 7ff69e49a69c 11 API calls 9832->9835 9834 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9833->9834 9852 7ff69e49eb15 9834->9852 9836 7ff69e49ed9c 9835->9836 9839 7ff69e49eda4 9836->9839 9860 7ff69e49edd6 9836->9860 9837 7ff69e491820 _log10_special 8 API calls 9842 7ff69e49ee83 9837->9842 9838 7ff69e49eeb4 50 API calls 9838->9840 9843 7ff69e49c4c4 __free_lconv_num 11 API calls 9839->9843 9840->9832 9840->9838 9845 7ff69e49ebf2 FindFirstFileExW 9840->9845 9854 7ff69e49ed24 9840->9854 9856 7ff69e49ecf5 9840->9856 9861 7ff69e49ec9b FindNextFileW 9840->9861 9864 7ff69e49ed1b FindClose 9840->9864 9865 7ff69e49ecdd FindClose 9840->9865 9868 7ff69e4a44e0 9840->9868 9841 7ff69e49ee42 9844 7ff69e49c4c4 __free_lconv_num 11 API calls 9841->9844 9857 7ff69e49edab 9843->9857 9849 7ff69e49ee51 9844->9849 9845->9840 9846 7ff69e49c4c4 __free_lconv_num 11 API calls 9846->9852 9847 7ff69e49c4c4 __free_lconv_num 11 API calls 9847->9856 9848 7ff69e49c4c4 __free_lconv_num 11 API calls 9848->9857 9850 7ff69e49ee6a 9849->9850 9851 7ff69e49c4c4 __free_lconv_num 11 API calls 9849->9851 9853 7ff69e49c4c4 __free_lconv_num 11 API calls 9850->9853 9851->9849 9852->9837 9853->9852 9858 7ff69e49ed16 9854->9858 9862 7ff69e49c4c4 __free_lconv_num 11 API calls 9854->9862 9856->9847 9856->9858 9857->9848 9857->9858 9858->9846 9859 7ff69e49ee9e 9863 7ff69e49c358 _invalid_parameter_noinfo 17 API calls 9859->9863 9860->9841 9860->9859 9876 7ff69e49e9b4 9860->9876 9861->9840 9862->9854 9866 7ff69e49eeb0 9863->9866 9864->9854 9865->9840 9869 7ff69e4a450d 9868->9869 9870 7ff69e49c42c _set_fmode 11 API calls 9869->9870 9875 7ff69e4a4522 9869->9875 9871 7ff69e4a4517 9870->9871 9872 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9871->9872 9872->9875 9873 7ff69e491820 _log10_special 8 API calls 9874 7ff69e4a48e0 9873->9874 9874->9865 9875->9873 9880 7ff69e49e9d1 9876->9880 9877 7ff69e49e9d6 9878 7ff69e49e9ec 9877->9878 9879 7ff69e49c42c _set_fmode 11 API calls 9877->9879 9878->9860 9881 7ff69e49e9e0 9879->9881 9880->9877 9880->9878 9883 7ff69e49ea22 9880->9883 9882 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9881->9882 9882->9878 9883->9878 9884 7ff69e49c42c _set_fmode 11 API calls 9883->9884 9884->9881 9036 7ff69e494338 9037 7ff69e49287c _CreateFrameInfo 56 API calls 9036->9037 9038 7ff69e49436d 9037->9038 9039 7ff69e49287c _CreateFrameInfo 56 API calls 9038->9039 9040 7ff69e49437b __except_validate_context_record 9039->9040 9041 7ff69e49287c _CreateFrameInfo 56 API calls 9040->9041 9042 7ff69e4943bf 9041->9042 9043 7ff69e49287c _CreateFrameInfo 56 API calls 9042->9043 9044 7ff69e4943c8 9043->9044 9045 7ff69e49287c _CreateFrameInfo 56 API calls 9044->9045 9046 7ff69e4943d1 9045->9046 9059 7ff69e493174 9046->9059 9049 7ff69e49287c _CreateFrameInfo 56 API calls 9050 7ff69e494401 __CxxCallCatchBlock 9049->9050 9066 7ff69e4931b0 9050->9066 9052 7ff69e4944db __CxxCallCatchBlock 9053 7ff69e49287c _CreateFrameInfo 56 API calls 9052->9053 9054 7ff69e4944ee 9053->9054 9055 7ff69e49287c _CreateFrameInfo 56 API calls 9054->9055 9057 7ff69e4944f7 9055->9057 9060 7ff69e49287c _CreateFrameInfo 56 API calls 9059->9060 9061 7ff69e493185 9060->9061 9062 7ff69e49287c _CreateFrameInfo 56 API calls 9061->9062 9063 7ff69e493190 9061->9063 9062->9063 9064 7ff69e49287c _CreateFrameInfo 56 API calls 9063->9064 9065 7ff69e4931a1 9064->9065 9065->9049 9065->9050 9067 7ff69e49287c _CreateFrameInfo 56 API calls 9066->9067 9068 7ff69e4931c2 9067->9068 9069 7ff69e4931fd 9068->9069 9070 7ff69e49287c _CreateFrameInfo 56 API calls 9068->9070 9071 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9069->9071 9072 7ff69e4931cd 9070->9072 9073 7ff69e493202 9071->9073 9072->9069 9074 7ff69e4931e9 9072->9074 9075 7ff69e49287c _CreateFrameInfo 56 API calls 9074->9075 9076 7ff69e4931ee 9075->9076 9076->9052 9077 7ff69e4926c8 9076->9077 9078 7ff69e49287c _CreateFrameInfo 56 API calls 9077->9078 9079 7ff69e4926d6 9078->9079 9079->9052 9888 7ff69e49d0b8 9889 7ff69e49d0c4 9888->9889 9891 7ff69e49d0eb 9889->9891 9892 7ff69e4a0440 9889->9892 9893 7ff69e4a0480 9892->9893 9894 7ff69e4a0445 9892->9894 9893->9889 9895 7ff69e4a0466 DeleteCriticalSection 9894->9895 9896 7ff69e4a0478 9894->9896 9895->9895 9895->9896 9897 7ff69e49c4c4 __free_lconv_num 11 API calls 9896->9897 9897->9893 9080 7ff69e495b3b 9081 7ff69e495b6a 9080->9081 9082 7ff69e49c44c _set_fmode 11 API calls 9081->9082 9083 7ff69e495b89 9082->9083 9084 7ff69e49c4c4 __free_lconv_num 11 API calls 9083->9084 9085 7ff69e495b97 9084->9085 9086 7ff69e49c44c _set_fmode 11 API calls 9085->9086 9090 7ff69e495bc1 9085->9090 9087 7ff69e495bb3 9086->9087 9089 7ff69e49c4c4 __free_lconv_num 11 API calls 9087->9089 9089->9090 9091 7ff69e495bca 9090->9091 9092 7ff69e49c820 9090->9092 9097 7ff69e49c500 9092->9097 9095 7ff69e49c875 InitializeCriticalSectionAndSpinCount 9096 7ff69e49c85b 9095->9096 9096->9090 9098 7ff69e49c55d 9097->9098 9105 7ff69e49c558 __vcrt_FlsAlloc 9097->9105 9098->9095 9098->9096 9099 7ff69e49c58d LoadLibraryExW 9101 7ff69e49c662 9099->9101 9102 7ff69e49c5b2 GetLastError 9099->9102 9100 7ff69e49c682 GetProcAddress 9100->9098 9104 7ff69e49c693 9100->9104 9101->9100 9103 7ff69e49c679 FreeLibrary 9101->9103 9102->9105 9103->9100 9104->9098 9105->9098 9105->9099 9105->9100 9106 7ff69e49c5ec LoadLibraryExW 9105->9106 9106->9101 9106->9105 9382 7ff69e49affc GetCommandLineA GetCommandLineW 9640 7ff69e4a027c 9641 7ff69e4a0284 9640->9641 9642 7ff69e49c820 6 API calls 9641->9642 9643 7ff69e4a02b5 9641->9643 9644 7ff69e4a02b1 9641->9644 9642->9641 9646 7ff69e4a02e0 9643->9646 9647 7ff69e4a030b 9646->9647 9648 7ff69e4a030f 9647->9648 9649 7ff69e4a02ee DeleteCriticalSection 9647->9649 9648->9644 9649->9647 9898 7ff69e4a4cbc 9901 7ff69e49f8d8 9898->9901 9902 7ff69e49f92a 9901->9902 9903 7ff69e49f8e5 9901->9903 9907 7ff69e49bd28 9903->9907 9908 7ff69e49bd54 FlsSetValue 9907->9908 9909 7ff69e49bd39 FlsGetValue 9907->9909 9911 7ff69e49bd46 9908->9911 9912 7ff69e49bd61 9908->9912 9910 7ff69e49bd4e 9909->9910 9909->9911 9910->9908 9913 7ff69e49bd4c 9911->9913 9914 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9911->9914 9915 7ff69e49c44c _set_fmode 11 API calls 9912->9915 9927 7ff69e49f5b0 9913->9927 9916 7ff69e49bdc9 9914->9916 9917 7ff69e49bd70 9915->9917 9918 7ff69e49bd8e FlsSetValue 9917->9918 9919 7ff69e49bd7e FlsSetValue 9917->9919 9921 7ff69e49bd9a FlsSetValue 9918->9921 9922 7ff69e49bdac 9918->9922 9920 7ff69e49bd87 9919->9920 9924 7ff69e49c4c4 __free_lconv_num 11 API calls 9920->9924 9921->9920 9923 7ff69e49ba04 _set_fmode 11 API calls 9922->9923 9925 7ff69e49bdb4 9923->9925 9924->9911 9926 7ff69e49c4c4 __free_lconv_num 11 API calls 9925->9926 9926->9913 9950 7ff69e49f820 9927->9950 9932 7ff69e49d0f8 12 API calls 9933 7ff69e49f613 9932->9933 9934 7ff69e49f61b 9933->9934 9936 7ff69e49f62a 9933->9936 9935 7ff69e49c4c4 __free_lconv_num 11 API calls 9934->9935 9947 7ff69e49f602 9935->9947 9936->9936 9968 7ff69e49f954 9936->9968 9939 7ff69e49f726 9940 7ff69e49c42c _set_fmode 11 API calls 9939->9940 9941 7ff69e49f72b 9940->9941 9944 7ff69e49c4c4 __free_lconv_num 11 API calls 9941->9944 9942 7ff69e49f781 9945 7ff69e49f7e8 9942->9945 9979 7ff69e49f0e0 9942->9979 9943 7ff69e49f740 9943->9942 9948 7ff69e49c4c4 __free_lconv_num 11 API calls 9943->9948 9944->9947 9946 7ff69e49c4c4 __free_lconv_num 11 API calls 9945->9946 9946->9947 9947->9902 9948->9942 9951 7ff69e49f843 9950->9951 9952 7ff69e49f84d 9951->9952 9994 7ff69e4a02c4 EnterCriticalSection 9951->9994 9956 7ff69e49f5e5 9952->9956 9958 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9952->9958 9961 7ff69e49f2b0 9956->9961 9959 7ff69e49f8d7 9958->9959 9962 7ff69e49f03c 47 API calls 9961->9962 9963 7ff69e49f2c4 9962->9963 9964 7ff69e49f2d0 GetOEMCP 9963->9964 9965 7ff69e49f2e2 9963->9965 9966 7ff69e49f2f7 9964->9966 9965->9966 9967 7ff69e49f2e7 GetACP 9965->9967 9966->9932 9966->9947 9967->9966 9969 7ff69e49f2b0 49 API calls 9968->9969 9970 7ff69e49f981 9969->9970 9971 7ff69e49fad7 9970->9971 9972 7ff69e49f9be IsValidCodePage 9970->9972 9978 7ff69e49f9d8 memcpy_s 9970->9978 9973 7ff69e491820 _log10_special 8 API calls 9971->9973 9972->9971 9974 7ff69e49f9cf 9972->9974 9975 7ff69e49f71d 9973->9975 9976 7ff69e49f9fe GetCPInfo 9974->9976 9974->9978 9975->9939 9975->9943 9976->9971 9976->9978 9995 7ff69e49f3c8 9978->9995 10069 7ff69e4a02c4 EnterCriticalSection 9979->10069 9996 7ff69e49f405 GetCPInfo 9995->9996 9997 7ff69e49f4fb 9995->9997 9996->9997 10000 7ff69e49f418 9996->10000 9998 7ff69e491820 _log10_special 8 API calls 9997->9998 9999 7ff69e49f59a 9998->9999 9999->9971 10006 7ff69e4a09c0 10000->10006 10007 7ff69e49f03c 47 API calls 10006->10007 10008 7ff69e4a0a02 10007->10008 10026 7ff69e49fc14 10008->10026 10028 7ff69e49fc1d MultiByteToWideChar 10026->10028 9650 7ff69e49b0b0 9653 7ff69e49b034 9650->9653 9660 7ff69e4a02c4 EnterCriticalSection 9653->9660 9383 7ff69e494432 9384 7ff69e49287c _CreateFrameInfo 56 API calls 9383->9384 9386 7ff69e49443f __CxxCallCatchBlock 9384->9386 9385 7ff69e494483 RaiseException 9387 7ff69e4944aa 9385->9387 9386->9385 9388 7ff69e4931b0 __CxxCallCatchBlock 56 API calls 9387->9388 9392 7ff69e4944b2 9388->9392 9389 7ff69e49287c _CreateFrameInfo 56 API calls 9390 7ff69e4944ee 9389->9390 9391 7ff69e49287c _CreateFrameInfo 56 API calls 9390->9391 9393 7ff69e4944f7 9391->9393 9394 7ff69e4926c8 __CxxCallCatchBlock 56 API calls 9392->9394 9395 7ff69e4944db __CxxCallCatchBlock 9392->9395 9394->9395 9395->9389 9703 7ff69e495c74 9704 7ff69e495c7f 9703->9704 9712 7ff69e49ca44 9704->9712 9725 7ff69e4a02c4 EnterCriticalSection 9712->9725 9610 7ff69e4a0ff4 GetProcessHeap 9611 7ff69e4925e8 9618 7ff69e4929c4 9611->9618 9617 7ff69e4925f5 9619 7ff69e4929cc 9618->9619 9621 7ff69e4929fd 9619->9621 9622 7ff69e4925f1 9619->9622 9631 7ff69e492cc0 9619->9631 9623 7ff69e492a0c __vcrt_uninitialize_locks DeleteCriticalSection 9621->9623 9622->9617 9624 7ff69e492958 9622->9624 9623->9622 9636 7ff69e492b94 9624->9636 9632 7ff69e492a44 __vcrt_FlsAlloc 5 API calls 9631->9632 9633 7ff69e492cf6 9632->9633 9634 7ff69e492d00 9633->9634 9635 7ff69e492d0b InitializeCriticalSectionAndSpinCount 9633->9635 9634->9619 9635->9634 9637 7ff69e492a44 __vcrt_FlsAlloc 5 API calls 9636->9637 9638 7ff69e492bb9 TlsAlloc 9637->9638 9107 7ff69e4a7f6a 9110 7ff69e49271c 9107->9110 9111 7ff69e492734 9110->9111 9112 7ff69e492746 9110->9112 9111->9112 9113 7ff69e49273c 9111->9113 9114 7ff69e49287c _CreateFrameInfo 56 API calls 9112->9114 9115 7ff69e492744 9113->9115 9117 7ff69e49287c _CreateFrameInfo 56 API calls 9113->9117 9116 7ff69e49274b 9114->9116 9116->9115 9119 7ff69e49287c _CreateFrameInfo 56 API calls 9116->9119 9118 7ff69e49276b 9117->9118 9120 7ff69e49287c _CreateFrameInfo 56 API calls 9118->9120 9119->9115 9121 7ff69e492778 9120->9121 9122 7ff69e49b70c 47 API calls 9121->9122 9123 7ff69e492781 9122->9123 9008 7ff69e4927ac 9009 7ff69e49b70c 47 API calls 9008->9009 9010 7ff69e4927b5 9009->9010 9661 7ff69e4942ac 9664 7ff69e494a00 9661->9664 9663 7ff69e4942d5 9665 7ff69e494a21 9664->9665 9667 7ff69e494a56 __vcrt_freefls 9664->9667 9665->9667 9668 7ff69e49b754 9665->9668 9667->9663 9669 7ff69e49b761 9668->9669 9670 7ff69e49b76b 9668->9670 9669->9670 9675 7ff69e49b786 9669->9675 9671 7ff69e49c42c _set_fmode 11 API calls 9670->9671 9672 7ff69e49b772 9671->9672 9673 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9672->9673 9674 7ff69e49b77e 9673->9674 9674->9667 9675->9674 9676 7ff69e49c42c _set_fmode 11 API calls 9675->9676 9676->9672 9677 7ff69e491aa0 9680 7ff69e491e70 9677->9680 9681 7ff69e491e93 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 9680->9681 9682 7ff69e491aa9 9680->9682 9681->9682 9396 7ff69e49fe20 9397 7ff69e49fe48 9396->9397 9400 7ff69e49fe58 9396->9400 9398 7ff69e49c42c _set_fmode 11 API calls 9397->9398 9399 7ff69e49fe4d 9398->9399 9401 7ff69e4a013b 9400->9401 9402 7ff69e49fe7a 9400->9402 9403 7ff69e49c42c _set_fmode 11 API calls 9401->9403 9404 7ff69e49fe97 9402->9404 9461 7ff69e4a0184 9402->9461 9405 7ff69e4a0140 9403->9405 9408 7ff69e49ff0b 9404->9408 9409 7ff69e49feff 9404->9409 9410 7ff69e49febf 9404->9410 9407 7ff69e49c4c4 __free_lconv_num 11 API calls 9405->9407 9407->9399 9414 7ff69e49c44c _set_fmode 11 API calls 9408->9414 9427 7ff69e49fece 9408->9427 9431 7ff69e49ff33 9408->9431 9424 7ff69e49ffbe 9409->9424 9409->9427 9482 7ff69e4a4cd4 9409->9482 9476 7ff69e49ab44 9410->9476 9413 7ff69e49c4c4 __free_lconv_num 11 API calls 9413->9399 9419 7ff69e49ff25 9414->9419 9416 7ff69e49c44c _set_fmode 11 API calls 9417 7ff69e49ff55 9416->9417 9421 7ff69e49c4c4 __free_lconv_num 11 API calls 9417->9421 9418 7ff69e49ffdb 9422 7ff69e49c4c4 __free_lconv_num 11 API calls 9418->9422 9425 7ff69e49c4c4 __free_lconv_num 11 API calls 9419->9425 9420 7ff69e49fec9 9426 7ff69e49c42c _set_fmode 11 API calls 9420->9426 9421->9409 9429 7ff69e49ffe4 9422->9429 9423 7ff69e49fee7 9423->9409 9430 7ff69e4a0184 47 API calls 9423->9430 9424->9418 9428 7ff69e4a002e 9424->9428 9425->9431 9426->9427 9427->9413 9428->9427 9432 7ff69e4a0f5c 50 API calls 9428->9432 9438 7ff69e49ffea 9429->9438 9506 7ff69e4a0f5c 9429->9506 9430->9409 9431->9409 9431->9416 9431->9427 9433 7ff69e4a006c 9432->9433 9434 7ff69e49c4c4 __free_lconv_num 11 API calls 9433->9434 9436 7ff69e4a0076 9434->9436 9436->9427 9436->9438 9437 7ff69e4a012f 9441 7ff69e49c4c4 __free_lconv_num 11 API calls 9437->9441 9438->9437 9442 7ff69e49c44c _set_fmode 11 API calls 9438->9442 9439 7ff69e4a0016 9440 7ff69e49c4c4 __free_lconv_num 11 API calls 9439->9440 9440->9438 9441->9399 9443 7ff69e4a00bb 9442->9443 9444 7ff69e4a00c3 9443->9444 9445 7ff69e4a00cc 9443->9445 9447 7ff69e49c4c4 __free_lconv_num 11 API calls 9444->9447 9446 7ff69e49a1f8 47 API calls 9445->9446 9448 7ff69e4a00da 9446->9448 9449 7ff69e4a00ca 9447->9449 9450 7ff69e4a016f 9448->9450 9451 7ff69e4a00e2 SetEnvironmentVariableW 9448->9451 9455 7ff69e49c4c4 __free_lconv_num 11 API calls 9449->9455 9454 7ff69e49c358 _invalid_parameter_noinfo 17 API calls 9450->9454 9452 7ff69e4a0127 9451->9452 9453 7ff69e4a0106 9451->9453 9458 7ff69e49c4c4 __free_lconv_num 11 API calls 9452->9458 9456 7ff69e49c42c _set_fmode 11 API calls 9453->9456 9457 7ff69e4a0183 9454->9457 9455->9399 9459 7ff69e4a010b 9456->9459 9458->9437 9460 7ff69e49c4c4 __free_lconv_num 11 API calls 9459->9460 9460->9449 9462 7ff69e4a01a7 9461->9462 9463 7ff69e4a01c4 9461->9463 9462->9404 9463->9463 9464 7ff69e49c44c _set_fmode 11 API calls 9463->9464 9471 7ff69e4a01e8 9464->9471 9465 7ff69e4a026c 9467 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9465->9467 9466 7ff69e4a0249 9468 7ff69e49c4c4 __free_lconv_num 11 API calls 9466->9468 9469 7ff69e4a0272 9467->9469 9468->9462 9470 7ff69e49c44c _set_fmode 11 API calls 9470->9471 9471->9465 9471->9466 9471->9470 9472 7ff69e49c4c4 __free_lconv_num 11 API calls 9471->9472 9473 7ff69e49a1f8 47 API calls 9471->9473 9474 7ff69e4a0258 9471->9474 9472->9471 9473->9471 9475 7ff69e49c358 _invalid_parameter_noinfo 17 API calls 9474->9475 9475->9465 9477 7ff69e49ab54 9476->9477 9481 7ff69e49ab5d 9476->9481 9478 7ff69e49a880 50 API calls 9477->9478 9477->9481 9479 7ff69e49ab66 9478->9479 9480 7ff69e49aa50 12 API calls 9479->9480 9479->9481 9480->9481 9481->9420 9481->9423 9483 7ff69e4a4ce1 9482->9483 9487 7ff69e4a4d0e 9482->9487 9484 7ff69e4a4ce6 9483->9484 9483->9487 9485 7ff69e49c42c _set_fmode 11 API calls 9484->9485 9488 7ff69e4a4ceb 9485->9488 9486 7ff69e4a4d52 9489 7ff69e49c42c _set_fmode 11 API calls 9486->9489 9487->9486 9490 7ff69e4a4d71 9487->9490 9504 7ff69e4a4d46 9487->9504 9491 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9488->9491 9492 7ff69e4a4d57 9489->9492 9493 7ff69e4a4d7b 9490->9493 9494 7ff69e4a4d8d 9490->9494 9495 7ff69e4a4cf6 9491->9495 9497 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9492->9497 9498 7ff69e49c42c _set_fmode 11 API calls 9493->9498 9515 7ff69e49f03c 9494->9515 9495->9409 9497->9504 9500 7ff69e4a4d80 9498->9500 9501 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9500->9501 9501->9504 9504->9409 9505 7ff69e49c42c _set_fmode 11 API calls 9505->9504 9507 7ff69e4a0f7e 9506->9507 9508 7ff69e4a0f9b 9506->9508 9507->9508 9510 7ff69e4a0f8c 9507->9510 9509 7ff69e4a0fa5 9508->9509 9560 7ff69e4a4e60 9508->9560 9567 7ff69e4a4e9c 9509->9567 9512 7ff69e49c42c _set_fmode 11 API calls 9510->9512 9514 7ff69e4a0f91 memcpy_s 9512->9514 9514->9439 9516 7ff69e49f060 9515->9516 9517 7ff69e49f05b 9515->9517 9516->9517 9518 7ff69e49bc54 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9516->9518 9517->9504 9523 7ff69e4a60fc 9517->9523 9519 7ff69e49f07b 9518->9519 9527 7ff69e49d480 9519->9527 9524 7ff69e4a6125 9523->9524 9525 7ff69e4a4dd6 9524->9525 9551 7ff69e49c714 9524->9551 9525->9504 9525->9505 9528 7ff69e49d495 9527->9528 9530 7ff69e49d4a8 9527->9530 9528->9530 9535 7ff69e4a0e84 9528->9535 9531 7ff69e49d4ec 9530->9531 9532 7ff69e49d501 9531->9532 9533 7ff69e49d514 9531->9533 9532->9533 9548 7ff69e49f938 9532->9548 9533->9517 9536 7ff69e49bc54 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9535->9536 9537 7ff69e4a0e93 9536->9537 9538 7ff69e4a0ede 9537->9538 9547 7ff69e4a02c4 EnterCriticalSection 9537->9547 9538->9530 9549 7ff69e49bc54 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9548->9549 9550 7ff69e49f941 9549->9550 9552 7ff69e49c500 5 API calls 9551->9552 9553 7ff69e49c752 9552->9553 9554 7ff69e49c75a 9553->9554 9557 7ff69e49c97c 9553->9557 9554->9525 9556 7ff69e49c7c3 CompareStringW 9556->9554 9558 7ff69e49c500 5 API calls 9557->9558 9559 7ff69e49c9aa 9558->9559 9559->9556 9561 7ff69e4a4e82 HeapSize 9560->9561 9562 7ff69e4a4e69 9560->9562 9563 7ff69e49c42c _set_fmode 11 API calls 9562->9563 9564 7ff69e4a4e6e 9563->9564 9565 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 9564->9565 9566 7ff69e4a4e79 9565->9566 9566->9509 9568 7ff69e4a4eb1 9567->9568 9569 7ff69e4a4ebb 9567->9569 9570 7ff69e49d0f8 12 API calls 9568->9570 9571 7ff69e4a4ec0 9569->9571 9578 7ff69e4a4ec7 _set_fmode 9569->9578 9576 7ff69e4a4eb9 9570->9576 9572 7ff69e49c4c4 __free_lconv_num 11 API calls 9571->9572 9572->9576 9573 7ff69e4a4efa HeapReAlloc 9573->9576 9573->9578 9574 7ff69e4a4ecd 9575 7ff69e49c42c _set_fmode 11 API calls 9574->9575 9575->9576 9576->9514 9577 7ff69e4a1100 _set_fmode 2 API calls 9577->9578 9578->9573 9578->9574 9578->9577 9683 7ff69e4a70a0 9693 7ff69e4923d0 9683->9693 9685 7ff69e4a70c8 9687 7ff69e49287c _CreateFrameInfo 56 API calls 9688 7ff69e4a70d8 9687->9688 9689 7ff69e49287c _CreateFrameInfo 56 API calls 9688->9689 9690 7ff69e4a70e1 9689->9690 9691 7ff69e49b70c 47 API calls 9690->9691 9692 7ff69e4a70ea 9691->9692 9695 7ff69e492400 __CxxCallCatchBlock _IsNonwritableInCurrentImage __except_validate_context_record 9693->9695 9694 7ff69e492501 9694->9685 9694->9687 9695->9694 9696 7ff69e4924c4 RtlUnwindEx 9695->9696 9696->9695 8368 7ff69e49ada5 8380 7ff69e49b70c 8368->8380 8370 7ff69e49adaa 8371 7ff69e49add1 GetModuleHandleW 8370->8371 8372 7ff69e49ae1b 8370->8372 8371->8372 8378 7ff69e49adde 8371->8378 8373 7ff69e49aca8 11 API calls 8372->8373 8374 7ff69e49ae57 8373->8374 8375 7ff69e49ae5e 8374->8375 8376 7ff69e49ae74 11 API calls 8374->8376 8377 7ff69e49ae70 8376->8377 8378->8372 8379 7ff69e49aecc GetModuleHandleExW GetProcAddress FreeLibrary 8378->8379 8379->8372 8385 7ff69e49bc54 GetLastError 8380->8385 8386 7ff69e49bc95 FlsSetValue 8385->8386 8387 7ff69e49bc78 FlsGetValue 8385->8387 8389 7ff69e49bc85 SetLastError 8386->8389 8390 7ff69e49bca7 8386->8390 8388 7ff69e49bc8f 8387->8388 8387->8389 8388->8386 8393 7ff69e49b715 8389->8393 8394 7ff69e49bd21 8389->8394 8417 7ff69e49c44c 8390->8417 8408 7ff69e49b7b4 8393->8408 8396 7ff69e49b7b4 __FrameHandler3::FrameUnwindToEmptyState 40 API calls 8394->8396 8401 7ff69e49bd26 8396->8401 8397 7ff69e49bcd4 FlsSetValue 8399 7ff69e49bce0 FlsSetValue 8397->8399 8400 7ff69e49bcf2 8397->8400 8398 7ff69e49bcc4 FlsSetValue 8402 7ff69e49bccd 8398->8402 8399->8402 8430 7ff69e49ba04 8400->8430 8424 7ff69e49c4c4 8402->8424 8478 7ff69e4a11c0 8408->8478 8423 7ff69e49c45d _set_fmode 8417->8423 8418 7ff69e49c492 HeapAlloc 8420 7ff69e49bcb6 8418->8420 8418->8423 8419 7ff69e49c4ae 8438 7ff69e49c42c 8419->8438 8420->8397 8420->8398 8423->8418 8423->8419 8435 7ff69e4a1100 8423->8435 8425 7ff69e49bcd2 8424->8425 8426 7ff69e49c4c9 HeapFree 8424->8426 8425->8389 8426->8425 8427 7ff69e49c4e4 GetLastError 8426->8427 8428 7ff69e49c4f1 __free_lconv_num 8427->8428 8429 7ff69e49c42c _set_fmode 9 API calls 8428->8429 8429->8425 8464 7ff69e49b8dc 8430->8464 8441 7ff69e4a1140 8435->8441 8447 7ff69e49bdcc GetLastError 8438->8447 8440 7ff69e49c435 8440->8420 8446 7ff69e4a02c4 EnterCriticalSection 8441->8446 8448 7ff69e49be0d FlsSetValue 8447->8448 8452 7ff69e49bdf0 8447->8452 8449 7ff69e49be1f 8448->8449 8453 7ff69e49bdfd 8448->8453 8451 7ff69e49c44c _set_fmode 5 API calls 8449->8451 8450 7ff69e49be79 SetLastError 8450->8440 8454 7ff69e49be2e 8451->8454 8452->8448 8452->8453 8453->8450 8455 7ff69e49be4c FlsSetValue 8454->8455 8456 7ff69e49be3c FlsSetValue 8454->8456 8457 7ff69e49be58 FlsSetValue 8455->8457 8458 7ff69e49be6a 8455->8458 8459 7ff69e49be45 8456->8459 8457->8459 8460 7ff69e49ba04 _set_fmode 5 API calls 8458->8460 8461 7ff69e49c4c4 __free_lconv_num 5 API calls 8459->8461 8462 7ff69e49be72 8460->8462 8461->8453 8463 7ff69e49c4c4 __free_lconv_num 5 API calls 8462->8463 8463->8450 8476 7ff69e4a02c4 EnterCriticalSection 8464->8476 8512 7ff69e4a1178 8478->8512 8517 7ff69e4a02c4 EnterCriticalSection 8512->8517 8592 7ff69e491924 8615 7ff69e491c6c 8592->8615 8595 7ff69e491945 __scrt_acquire_startup_lock 8598 7ff69e491a85 8595->8598 8599 7ff69e491963 8595->8599 8596 7ff69e491a7b 8720 7ff69e491f90 IsProcessorFeaturePresent 8596->8720 8600 7ff69e491f90 7 API calls 8598->8600 8605 7ff69e491984 __scrt_release_startup_lock 8599->8605 8623 7ff69e49ac60 8599->8623 8603 7ff69e491a90 __FrameHandler3::FrameUnwindToEmptyState 8600->8603 8602 7ff69e491988 8604 7ff69e491a0e 8627 7ff69e49abc4 8604->8627 8605->8602 8605->8604 8709 7ff69e49af70 8605->8709 8608 7ff69e491a13 8633 7ff69e4910d0 8608->8633 8612 7ff69e491a37 8612->8603 8716 7ff69e491df0 8612->8716 8616 7ff69e491c74 8615->8616 8617 7ff69e491c80 __scrt_dllmain_crt_thread_attach 8616->8617 8618 7ff69e49193d 8617->8618 8619 7ff69e491c8d 8617->8619 8618->8595 8618->8596 8727 7ff69e49b6c0 8619->8727 8624 7ff69e49ac73 8623->8624 8625 7ff69e49ac9a 8624->8625 8770 7ff69e491840 8624->8770 8625->8605 8628 7ff69e49abd4 8627->8628 8632 7ff69e49abe9 8627->8632 8628->8632 8848 7ff69e49a880 8628->8848 8632->8608 8634 7ff69e4910ef 8633->8634 8635 7ff69e491122 LoadLibraryA GetProcAddress 8634->8635 8636 7ff69e491161 DsGetDcNameW 8635->8636 8637 7ff69e491159 8635->8637 8638 7ff69e491184 8636->8638 8639 7ff69e49119a CoInitializeEx 8636->8639 8640 7ff69e491820 _log10_special 8 API calls 8637->8640 8918 7ff69e491070 8638->8918 8639->8637 8642 7ff69e4911ab IIDFromString IIDFromString 8639->8642 8643 7ff69e4917ec 8640->8643 8644 7ff69e4911fc 8642->8644 8714 7ff69e4920e0 GetModuleHandleW 8643->8714 8645 7ff69e491202 8644->8645 8646 7ff69e491213 VariantInit 8644->8646 8647 7ff69e491070 80 API calls 8645->8647 8649 7ff69e491235 8646->8649 8648 7ff69e49120e 8647->8648 8652 7ff69e491070 80 API calls 8648->8652 8650 7ff69e49124f memcpy_s 8649->8650 8651 7ff69e491239 8649->8651 8656 7ff69e49a1f8 47 API calls 8650->8656 8653 7ff69e491070 80 API calls 8651->8653 8654 7ff69e49177e 8652->8654 8653->8637 8655 7ff69e491788 NetApiBufferFree 8654->8655 8659 7ff69e49178e CoUninitialize 8654->8659 8655->8659 8657 7ff69e49127b 8656->8657 8922 7ff69e49a260 8657->8922 8659->8637 8662 7ff69e491324 memcpy_s 8666 7ff69e49a1f8 47 API calls 8662->8666 8663 7ff69e4912bc GetProcAddress 8664 7ff69e4912ee 8663->8664 8665 7ff69e491070 80 API calls 8664->8665 8667 7ff69e4912fd 8665->8667 8668 7ff69e491386 8666->8668 8931 7ff69e491010 8667->8931 8670 7ff69e49a260 47 API calls 8668->8670 8672 7ff69e49139e memcpy_s 8670->8672 8673 7ff69e49a1f8 47 API calls 8672->8673 8674 7ff69e491436 8673->8674 8675 7ff69e49a260 47 API calls 8674->8675 8676 7ff69e49144e CharLowerW 8675->8676 8677 7ff69e49a260 47 API calls 8676->8677 8678 7ff69e491471 memcpy_s 8677->8678 8679 7ff69e49a1f8 47 API calls 8678->8679 8680 7ff69e4914dd 8679->8680 8681 7ff69e49a260 47 API calls 8680->8681 8682 7ff69e4914f5 8681->8682 8683 7ff69e49a1f8 47 API calls 8682->8683 8684 7ff69e49150d 8683->8684 8685 7ff69e49a260 47 API calls 8684->8685 8686 7ff69e491525 8685->8686 8687 7ff69e49a1f8 47 API calls 8686->8687 8688 7ff69e49153d 8687->8688 8689 7ff69e49a260 47 API calls 8688->8689 8690 7ff69e491551 8689->8690 8691 7ff69e49a1f8 47 API calls 8690->8691 8692 7ff69e491569 8691->8692 8693 7ff69e49a260 47 API calls 8692->8693 8694 7ff69e49157d memcpy_s 8693->8694 8695 7ff69e49a1f8 47 API calls 8694->8695 8696 7ff69e491651 8695->8696 8697 7ff69e49a260 47 API calls 8696->8697 8698 7ff69e491665 8697->8698 8699 7ff69e49a260 47 API calls 8698->8699 8700 7ff69e49167d memcpy_s 8699->8700 8701 7ff69e49a1f8 47 API calls 8700->8701 8702 7ff69e491709 8701->8702 8703 7ff69e49a260 47 API calls 8702->8703 8704 7ff69e49171d 8703->8704 8705 7ff69e491749 8704->8705 8706 7ff69e49175c 8704->8706 8707 7ff69e491070 80 API calls 8705->8707 8708 7ff69e491070 80 API calls 8706->8708 8707->8637 8708->8648 8710 7ff69e49af87 8709->8710 8711 7ff69e49afa8 8709->8711 8710->8604 8712 7ff69e49b70c 47 API calls 8711->8712 8713 7ff69e49afad 8712->8713 8715 7ff69e4920f1 8714->8715 8715->8612 8718 7ff69e491e01 8716->8718 8717 7ff69e491a4e 8717->8602 8718->8717 8719 7ff69e492610 7 API calls 8718->8719 8719->8717 8721 7ff69e491fb6 memcpy_s __FrameHandler3::FrameUnwindToEmptyState 8720->8721 8722 7ff69e491fd5 RtlCaptureContext RtlLookupFunctionEntry 8721->8722 8723 7ff69e491ffe RtlVirtualUnwind 8722->8723 8724 7ff69e49203a memcpy_s 8722->8724 8723->8724 8725 7ff69e49206c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8724->8725 8726 7ff69e4920ba __FrameHandler3::FrameUnwindToEmptyState 8725->8726 8726->8598 8728 7ff69e4a101c 8727->8728 8729 7ff69e491c92 8728->8729 8737 7ff69e49d07c 8728->8737 8729->8618 8731 7ff69e492610 8729->8731 8732 7ff69e492622 8731->8732 8733 7ff69e492618 8731->8733 8732->8618 8749 7ff69e4929a0 8733->8749 8748 7ff69e4a02c4 EnterCriticalSection 8737->8748 8739 7ff69e49d08c 8740 7ff69e4a0490 53 API calls 8739->8740 8741 7ff69e49d095 8740->8741 8742 7ff69e49d0a3 8741->8742 8743 7ff69e49ce84 55 API calls 8741->8743 8744 7ff69e4a0318 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 8742->8744 8745 7ff69e49d09e 8743->8745 8746 7ff69e49d0af 8744->8746 8747 7ff69e49cf74 GetStdHandle GetFileType 8745->8747 8746->8728 8747->8742 8750 7ff69e4929af 8749->8750 8751 7ff69e49261d 8749->8751 8757 7ff69e492bdc 8750->8757 8753 7ff69e492a0c 8751->8753 8754 7ff69e492a37 8753->8754 8755 7ff69e492a1a DeleteCriticalSection 8754->8755 8756 7ff69e492a3b 8754->8756 8755->8754 8756->8732 8761 7ff69e492a44 8757->8761 8762 7ff69e492b2e TlsFree 8761->8762 8768 7ff69e492a88 __vcrt_FlsAlloc 8761->8768 8763 7ff69e492ab6 LoadLibraryExW 8765 7ff69e492b55 8763->8765 8766 7ff69e492ad7 GetLastError 8763->8766 8764 7ff69e492b75 GetProcAddress 8764->8762 8765->8764 8767 7ff69e492b6c FreeLibrary 8765->8767 8766->8768 8767->8764 8768->8762 8768->8763 8768->8764 8769 7ff69e492af9 LoadLibraryExW 8768->8769 8769->8765 8769->8768 8771 7ff69e491850 8770->8771 8787 7ff69e49afbc 8771->8787 8773 7ff69e49185c 8793 7ff69e491ca8 8773->8793 8775 7ff69e491f90 7 API calls 8777 7ff69e4918f5 8775->8777 8776 7ff69e491874 _RTC_Initialize 8785 7ff69e4918c9 8776->8785 8798 7ff69e491e58 8776->8798 8777->8624 8779 7ff69e491889 8801 7ff69e49a6fc 8779->8801 8783 7ff69e49189e 8784 7ff69e49b0e0 47 API calls 8783->8784 8784->8785 8785->8775 8786 7ff69e4918e5 8785->8786 8786->8624 8788 7ff69e49afcd 8787->8788 8789 7ff69e49afd5 8788->8789 8790 7ff69e49c42c _set_fmode 11 API calls 8788->8790 8789->8773 8791 7ff69e49afe4 8790->8791 8792 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 8791->8792 8792->8789 8794 7ff69e491cb9 8793->8794 8797 7ff69e491cbe __scrt_release_startup_lock 8793->8797 8795 7ff69e491f90 7 API calls 8794->8795 8794->8797 8796 7ff69e491d32 8795->8796 8797->8776 8827 7ff69e491e1c 8798->8827 8800 7ff69e491e61 8800->8779 8802 7ff69e49a71c 8801->8802 8808 7ff69e491895 8801->8808 8803 7ff69e49a724 8802->8803 8804 7ff69e49a73a GetModuleFileNameW 8802->8804 8805 7ff69e49c42c _set_fmode 11 API calls 8803->8805 8809 7ff69e49a765 8804->8809 8806 7ff69e49a729 8805->8806 8807 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 8806->8807 8807->8808 8808->8785 8826 7ff69e491f30 InitializeSListHead 8808->8826 8842 7ff69e49a69c 8809->8842 8812 7ff69e49a7ad 8813 7ff69e49c42c _set_fmode 11 API calls 8812->8813 8814 7ff69e49a7b2 8813->8814 8815 7ff69e49c4c4 __free_lconv_num 11 API calls 8814->8815 8818 7ff69e49a7c0 8815->8818 8816 7ff69e49a7e7 8819 7ff69e49c4c4 __free_lconv_num 11 API calls 8816->8819 8817 7ff69e49a7c5 8817->8816 8820 7ff69e49a813 8817->8820 8821 7ff69e49a82c 8817->8821 8818->8808 8819->8808 8822 7ff69e49c4c4 __free_lconv_num 11 API calls 8820->8822 8823 7ff69e49c4c4 __free_lconv_num 11 API calls 8821->8823 8824 7ff69e49a81c 8822->8824 8823->8816 8825 7ff69e49c4c4 __free_lconv_num 11 API calls 8824->8825 8825->8818 8828 7ff69e491e36 8827->8828 8830 7ff69e491e2f 8827->8830 8831 7ff69e49b54c 8828->8831 8830->8800 8834 7ff69e49b188 8831->8834 8841 7ff69e4a02c4 EnterCriticalSection 8834->8841 8843 7ff69e49a6b4 8842->8843 8847 7ff69e49a6ec 8842->8847 8844 7ff69e49c44c _set_fmode 11 API calls 8843->8844 8843->8847 8845 7ff69e49a6e2 8844->8845 8846 7ff69e49c4c4 __free_lconv_num 11 API calls 8845->8846 8846->8847 8847->8812 8847->8817 8849 7ff69e49a899 8848->8849 8856 7ff69e49a895 8848->8856 8869 7ff69e49fd84 GetEnvironmentStringsW 8849->8869 8852 7ff69e49a8b2 8877 7ff69e49a8f0 8852->8877 8853 7ff69e49a8a6 8854 7ff69e49c4c4 __free_lconv_num 11 API calls 8853->8854 8854->8856 8856->8632 8861 7ff69e49aa50 8856->8861 8858 7ff69e49c4c4 __free_lconv_num 11 API calls 8859 7ff69e49a8d9 8858->8859 8860 7ff69e49c4c4 __free_lconv_num 11 API calls 8859->8860 8860->8856 8862 7ff69e49aa73 8861->8862 8863 7ff69e49aa8a 8861->8863 8862->8632 8863->8862 8864 7ff69e49c44c _set_fmode 11 API calls 8863->8864 8865 7ff69e49aafe 8863->8865 8866 7ff69e49fc14 MultiByteToWideChar 8863->8866 8868 7ff69e49c4c4 __free_lconv_num 11 API calls 8863->8868 8864->8863 8867 7ff69e49c4c4 __free_lconv_num 11 API calls 8865->8867 8866->8863 8867->8862 8868->8863 8870 7ff69e49fda8 8869->8870 8871 7ff69e49a89e 8869->8871 8896 7ff69e49d0f8 8870->8896 8871->8852 8871->8853 8874 7ff69e49fddf memcpy_s 8875 7ff69e49c4c4 __free_lconv_num 11 API calls 8874->8875 8876 7ff69e49fdff FreeEnvironmentStringsW 8875->8876 8876->8871 8878 7ff69e49a918 8877->8878 8879 7ff69e49c44c _set_fmode 11 API calls 8878->8879 8888 7ff69e49a953 8879->8888 8880 7ff69e49c4c4 __free_lconv_num 11 API calls 8881 7ff69e49a8ba 8880->8881 8881->8858 8882 7ff69e49a9d5 8883 7ff69e49c4c4 __free_lconv_num 11 API calls 8882->8883 8883->8881 8884 7ff69e49c44c _set_fmode 11 API calls 8884->8888 8885 7ff69e49a9c4 8912 7ff69e49aa0c 8885->8912 8888->8882 8888->8884 8888->8885 8890 7ff69e49a9f8 8888->8890 8893 7ff69e49c4c4 __free_lconv_num 11 API calls 8888->8893 8894 7ff69e49a95b 8888->8894 8903 7ff69e49a1f8 8888->8903 8892 7ff69e49c358 _invalid_parameter_noinfo 17 API calls 8890->8892 8891 7ff69e49c4c4 __free_lconv_num 11 API calls 8891->8894 8895 7ff69e49aa0a 8892->8895 8893->8888 8894->8880 8897 7ff69e49d143 8896->8897 8901 7ff69e49d107 _set_fmode 8896->8901 8899 7ff69e49c42c _set_fmode 11 API calls 8897->8899 8898 7ff69e49d12a HeapAlloc 8900 7ff69e49d141 8898->8900 8898->8901 8899->8900 8900->8874 8901->8897 8901->8898 8902 7ff69e4a1100 _set_fmode 2 API calls 8901->8902 8902->8901 8904 7ff69e49a20f 8903->8904 8905 7ff69e49a205 8903->8905 8906 7ff69e49c42c _set_fmode 11 API calls 8904->8906 8905->8904 8910 7ff69e49a22b 8905->8910 8907 7ff69e49a217 8906->8907 8909 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 8907->8909 8908 7ff69e49a223 8908->8888 8909->8908 8910->8908 8911 7ff69e49c42c _set_fmode 11 API calls 8910->8911 8911->8907 8916 7ff69e49aa11 8912->8916 8917 7ff69e49a9cc 8912->8917 8913 7ff69e49aa3a 8915 7ff69e49c4c4 __free_lconv_num 11 API calls 8913->8915 8914 7ff69e49c4c4 __free_lconv_num 11 API calls 8914->8916 8915->8917 8916->8913 8916->8914 8917->8891 8919 7ff69e49109d 8918->8919 8935 7ff69e499fb0 8919->8935 8923 7ff69e49a270 8922->8923 8926 7ff69e49a27a 8922->8926 8923->8926 8927 7ff69e49a2ab 8923->8927 8924 7ff69e49c42c _set_fmode 11 API calls 8925 7ff69e49a282 8924->8925 8928 7ff69e49c338 _invalid_parameter_noinfo 47 API calls 8925->8928 8926->8924 8929 7ff69e491291 8927->8929 8930 7ff69e49c42c _set_fmode 11 API calls 8927->8930 8928->8929 8929->8662 8929->8663 8930->8925 8932 7ff69e49103d 8931->8932 8954 7ff69e49a0d4 8932->8954 8936 7ff69e499fda 8935->8936 8937 7ff69e49a012 8936->8937 8939 7ff69e49a045 8936->8939 8938 7ff69e49c26c _invalid_parameter_noinfo 37 API calls 8937->8938 8941 7ff69e49a03b 8938->8941 8946 7ff69e495d28 8939->8946 8942 7ff69e49a0af 8941->8942 8944 7ff69e497f10 _invalid_parameter_noinfo 47 API calls 8941->8944 8943 7ff69e4910bb 8942->8943 8945 7ff69e497f10 _invalid_parameter_noinfo 47 API calls 8942->8945 8943->8637 8944->8942 8945->8943 8953 7ff69e495cd0 EnterCriticalSection 8946->8953 8948 7ff69e495d45 8949 7ff69e497c6c 78 API calls 8948->8949 8950 7ff69e495d4e 8949->8950 8951 7ff69e495cdc LeaveCriticalSection 8950->8951 8952 7ff69e495d58 8951->8952 8952->8941 8955 7ff69e49a0fe 8954->8955 8956 7ff69e49a136 8955->8956 8958 7ff69e49a169 8955->8958 8957 7ff69e49c26c _invalid_parameter_noinfo 37 API calls 8956->8957 8960 7ff69e49a15f 8957->8960 8965 7ff69e495ce8 8958->8965 8961 7ff69e49a1d3 8960->8961 8963 7ff69e497f10 _invalid_parameter_noinfo 47 API calls 8960->8963 8962 7ff69e49105b 8961->8962 8964 7ff69e497f10 _invalid_parameter_noinfo 47 API calls 8961->8964 8962->8637 8963->8961 8964->8962 8972 7ff69e495cd0 EnterCriticalSection 8965->8972 9579 7ff69e49b624 9580 7ff69e49b655 9579->9580 9581 7ff69e49b63d 9579->9581 9581->9580 9582 7ff69e49c4c4 __free_lconv_num 11 API calls 9581->9582 9582->9580 9726 7ff69e49b664 9727 7ff69e49c4c4 __free_lconv_num 11 API calls 9726->9727 9728 7ff69e49b674 9727->9728 9729 7ff69e49c4c4 __free_lconv_num 11 API calls 9728->9729 9730 7ff69e49b688 9729->9730 9731 7ff69e49c4c4 __free_lconv_num 11 API calls 9730->9731 9732 7ff69e49b69c 9731->9732 9733 7ff69e49c4c4 __free_lconv_num 11 API calls 9732->9733 9734 7ff69e49b6b0 9733->9734 10070 7ff69e4a7ee4 10071 7ff69e4931b0 __CxxCallCatchBlock 56 API calls 10070->10071 10075 7ff69e4a7ef7 10071->10075 10072 7ff69e4a7f36 __CxxCallCatchBlock 10073 7ff69e49287c _CreateFrameInfo 56 API calls 10072->10073 10074 7ff69e4a7f4a 10073->10074 10076 7ff69e49287c _CreateFrameInfo 56 API calls 10074->10076 10075->10072 10077 7ff69e4926c8 __CxxCallCatchBlock 56 API calls 10075->10077 10078 7ff69e4a7f5a 10076->10078 10077->10072 9583 7ff69e4a7e1c 9584 7ff69e49287c _CreateFrameInfo 56 API calls 9583->9584 9585 7ff69e4a7e34 9584->9585 9586 7ff69e49287c _CreateFrameInfo 56 API calls 9585->9586 9587 7ff69e4a7e4f 9586->9587 9588 7ff69e49287c _CreateFrameInfo 56 API calls 9587->9588 9589 7ff69e4a7e63 9588->9589 9590 7ff69e49287c _CreateFrameInfo 56 API calls 9589->9590 9591 7ff69e4a7ea5 9590->9591

    Executed Functions

    Function 00007FF69E4910D0 Relevance: 68.6, APIs: 11, Strings: 28, Instructions: 361libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff69e4910d0-7ff69e491113 call 7ff69e4a6fc0 3 7ff69e491115 0->3 4 7ff69e491119-7ff69e49111c 0->4 3->4 5 7ff69e49111e 4->5 6 7ff69e491122-7ff69e491157 LoadLibraryA GetProcAddress 4->6 5->6 7 7ff69e491161-7ff69e491182 DsGetDcNameW 6->7 8 7ff69e491159-7ff69e49115c 6->8 10 7ff69e491184-7ff69e49118b call 7ff69e491070 7->10 11 7ff69e49119a-7ff69e4911a9 CoInitializeEx 7->11 9 7ff69e4917dd-7ff69e491803 call 7ff69e491820 8->9 14 7ff69e491190-7ff69e491195 10->14 11->14 15 7ff69e4911ab-7ff69e491200 IIDFromString * 2 11->15 14->9 18 7ff69e491202-7ff69e49120e call 7ff69e491070 15->18 19 7ff69e491213-7ff69e491237 VariantInit 15->19 23 7ff69e491772-7ff69e491786 call 7ff69e491070 18->23 24 7ff69e49124f-7ff69e4912ba call 7ff69e4a7310 call 7ff69e49a1f8 call 7ff69e49a260 19->24 25 7ff69e491239-7ff69e49124a call 7ff69e491070 19->25 32 7ff69e49178e-7ff69e491796 23->32 33 7ff69e491788 NetApiBufferFree 23->33 49 7ff69e491324-7ff69e49168c call 7ff69e4a7310 call 7ff69e49a1f8 call 7ff69e49a260 call 7ff69e4a7310 call 7ff69e49a1f8 call 7ff69e49a260 CharLowerW call 7ff69e49a260 call 7ff69e4a7310 call 7ff69e49a1f8 call 7ff69e49a260 call 7ff69e49a1f8 call 7ff69e49a260 call 7ff69e49a1f8 call 7ff69e49a260 call 7ff69e49a1f8 call 7ff69e49a260 call 7ff69e4a7310 call 7ff69e49a1f8 call 7ff69e49a260 * 2 24->49 50 7ff69e4912bc-7ff69e49131f GetProcAddress call 7ff69e491070 call 7ff69e491010 24->50 34 7ff69e4917d5 25->34 36 7ff69e4917a3-7ff69e4917ab 32->36 37 7ff69e491798-7ff69e49179e 32->37 33->32 34->9 39 7ff69e4917b8-7ff69e4917c0 36->39 40 7ff69e4917ad-7ff69e4917b3 36->40 37->36 43 7ff69e4917c2-7ff69e4917c8 39->43 44 7ff69e4917cd-7ff69e4917d3 CoUninitialize 39->44 40->39 43->44 44->34 96 7ff69e491693-7ff69e49169b 49->96 50->34 96->96 97 7ff69e49169d-7ff69e491747 call 7ff69e4a7310 call 7ff69e49a1f8 call 7ff69e49a260 96->97 105 7ff69e491749-7ff69e49175a call 7ff69e491070 97->105 106 7ff69e49175c-7ff69e49176d call 7ff69e491070 97->106 105->34 106->23
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: FromString$AddressBufferFreeInitializeLibraryLoadNameProcUninitialize
    • String ID: ADsGetLastError$ADsOpenObject$ADsOpenObject failed. %i$Activeds.dll$CN=$Cleanup$Computer$Error Code: %d Error Text: %ws Provider: %ws$Failed to create Computer object.$Failed to get defaultNamingContext.$Failed to get domain/dns info.$Failed to get rootDSE.$GCmtHzw8uI$JnJB$HOST/$LDAP://CN=Computers,$LDAP://rootDSE$RestrictedKrbHost/$SRVVSSKL$[+] Machine account %ls$ created with password: %ls $dNSHostName$defaultNamingContext$objectClass$sAMAccountName$servicePrincipalName$unicodePwd$userAccountControl${E798DE2C-22E4-11D0-84FE-00C04FD8D503}${FD8256D0-FD15-11CE-ABC4-02608C9E7553}
    • API String ID: 2369814104-2916989051
    • Opcode ID: 19e617eec08ad8a9770e4212ce4c1261ccb40c5330b1ce0025d98db86c65fd1a
    • Instruction ID: db3e04512ff60dc9e036e1f5ee21b1c0376f27ca6454c048c677134b48e3bf58
    • Opcode Fuzzy Hash: 19e617eec08ad8a9770e4212ce4c1261ccb40c5330b1ce0025d98db86c65fd1a
    • Instruction Fuzzy Hash: 2B125E36A18A8399EB30CF60D8903ED3364FB54B98F904172EA4D97B99DF39D249C750
    Function 00007FF69E49C500 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • FreeLibrary.KERNEL32(?,?,?,00007FF69E49C856,?,?,00000003,00007FF69E495BF1), ref: 00007FF69E49C67C
    • GetProcAddress.KERNEL32(?,?,?,00007FF69E49C856,?,?,00000003,00007FF69E495BF1), ref: 00007FF69E49C688
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: AddressFreeLibraryProc
    • String ID: api-ms-$ext-ms-
    • API String ID: 3013587201-537541572
    • Opcode ID: 491068c7b5cbaab168200220cb32f14bdda44b8c13364c7e6ba561cb6432f9fb
    • Instruction ID: 4706f0c6be83524de0d934760ae853a13a9b495c0a8c119fad75a4f610c53a0a
    • Opcode Fuzzy Hash: 491068c7b5cbaab168200220cb32f14bdda44b8c13364c7e6ba561cb6432f9fb
    • Instruction Fuzzy Hash: EC412532B59A1341FA31CB16AA905B92391FFA9FE0F485175ED0DE7794EE3CE8058320
    Function 00007FF69E4A2134 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 136 7ff69e4a2134-7ff69e4a2159 137 7ff69e4a215f-7ff69e4a2162 136->137 138 7ff69e4a2427 136->138 139 7ff69e4a2164-7ff69e4a2196 call 7ff69e49c26c 137->139 140 7ff69e4a219b-7ff69e4a21c7 137->140 141 7ff69e4a2429-7ff69e4a2439 138->141 139->141 143 7ff69e4a21d2-7ff69e4a21d8 140->143 144 7ff69e4a21c9-7ff69e4a21d0 140->144 146 7ff69e4a21e8-7ff69e4a21fd call 7ff69e4a447c 143->146 147 7ff69e4a21da-7ff69e4a21e3 call 7ff69e4a53a8 143->147 144->139 144->143 151 7ff69e4a2203-7ff69e4a220c 146->151 152 7ff69e4a2317-7ff69e4a2320 146->152 147->146 151->152 155 7ff69e4a2212-7ff69e4a2216 151->155 153 7ff69e4a2322-7ff69e4a2328 152->153 154 7ff69e4a2374-7ff69e4a2399 WriteFile 152->154 158 7ff69e4a2360-7ff69e4a236d call 7ff69e4a1c84 153->158 159 7ff69e4a232a-7ff69e4a232d 153->159 156 7ff69e4a23a4 154->156 157 7ff69e4a239b-7ff69e4a23a1 GetLastError 154->157 160 7ff69e4a2227-7ff69e4a2232 155->160 161 7ff69e4a2218-7ff69e4a2220 call 7ff69e499cf0 155->161 165 7ff69e4a23a7 156->165 157->156 173 7ff69e4a2372 158->173 166 7ff69e4a232f-7ff69e4a2332 159->166 167 7ff69e4a234c-7ff69e4a235e call 7ff69e4a1ea4 159->167 162 7ff69e4a2243-7ff69e4a2258 GetConsoleMode 160->162 163 7ff69e4a2234-7ff69e4a223d 160->163 161->160 171 7ff69e4a225e-7ff69e4a2264 162->171 172 7ff69e4a2310 162->172 163->152 163->162 174 7ff69e4a23ac 165->174 175 7ff69e4a23b8-7ff69e4a23c2 166->175 176 7ff69e4a2338-7ff69e4a234a call 7ff69e4a1d88 166->176 180 7ff69e4a2304-7ff69e4a230b 167->180 178 7ff69e4a226a-7ff69e4a226d 171->178 179 7ff69e4a22ed-7ff69e4a22ff call 7ff69e4a180c 171->179 172->152 173->180 181 7ff69e4a23b1 174->181 182 7ff69e4a2420-7ff69e4a2425 175->182 183 7ff69e4a23c4-7ff69e4a23c9 175->183 176->180 185 7ff69e4a226f-7ff69e4a2272 178->185 186 7ff69e4a2278-7ff69e4a2286 178->186 179->180 180->174 181->175 182->141 188 7ff69e4a23f7-7ff69e4a2401 183->188 189 7ff69e4a23cb-7ff69e4a23ce 183->189 185->181 185->186 193 7ff69e4a22e4-7ff69e4a22e8 186->193 194 7ff69e4a2288 186->194 191 7ff69e4a2403-7ff69e4a2406 188->191 192 7ff69e4a2408-7ff69e4a2417 188->192 195 7ff69e4a23d0-7ff69e4a23df 189->195 196 7ff69e4a23e7-7ff69e4a23f2 call 7ff69e49c3e8 189->196 191->138 191->192 192->182 193->165 198 7ff69e4a228c-7ff69e4a22a3 call 7ff69e4a53b0 194->198 195->196 196->188 202 7ff69e4a22a5-7ff69e4a22b1 198->202 203 7ff69e4a22db-7ff69e4a22e1 GetLastError 198->203 204 7ff69e4a22d0-7ff69e4a22d7 202->204 205 7ff69e4a22b3-7ff69e4a22c5 call 7ff69e4a53b0 202->205 203->193 204->193 206 7ff69e4a22d9 204->206 205->203 209 7ff69e4a22c7-7ff69e4a22ce 205->209 206->198 209->204
    APIs
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00007FF69E4A211F), ref: 00007FF69E4A2250
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00007FF69E4A211F), ref: 00007FF69E4A22DB
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode
    • String ID:
    • API String ID: 953036326-0
    • Opcode ID: 36ebb8f8e2cfc4ff7e6c149da52c35b986b5250e86e960e34211276686a744d9
    • Instruction ID: 78f874d87ac76a46eaac51a9188a873d3ac40ccb2496ed4bd0b15709eefaf1f3
    • Opcode Fuzzy Hash: 36ebb8f8e2cfc4ff7e6c149da52c35b986b5250e86e960e34211276686a744d9
    • Instruction Fuzzy Hash: 9291D272E4865385FB708F6595C02BD2BA1EB69FB8F144179EE0E96684CF3CE481D324
    Function 00007FF69E49AE74 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 87aed8f10c6c6000dddaa58b7c6a882458171bf13033028fc21bbebc0850734e
    • Instruction ID: ef62eea59a3e817e41086988933113dd44bb3169aa840c3fdae9699d03824e27
    • Opcode Fuzzy Hash: 87aed8f10c6c6000dddaa58b7c6a882458171bf13033028fc21bbebc0850734e
    • Instruction Fuzzy Hash: 6BD06718B8860742EE746B7069D51792221DFA8F61B0154BCE91F96392DE2CA8499320
    Function 00007FF69E491924 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
    • String ID:
    • API String ID: 1236291503-0
    • Opcode ID: ca167642192989a24d6340a96912226d03e942e6197ae367f1b2e418f3afb6b6
    • Instruction ID: 0f3815b76e2c36bd7f10d289e8ce3905448702c107846b8e403c3341861ebe37
    • Opcode Fuzzy Hash: ca167642192989a24d6340a96912226d03e942e6197ae367f1b2e418f3afb6b6
    • Instruction Fuzzy Hash: 40313A21E0864341FA34AB24A6D53B92391EF65F84F4545B4FA4DAB7DBDE2DE804C360
    Function 00007FF69E4A1C84 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 278 7ff69e4a1c84-7ff69e4a1cea call 7ff69e4a6fc0 281 7ff69e4a1d5b-7ff69e4a1d85 call 7ff69e491820 278->281 282 7ff69e4a1cec 278->282 284 7ff69e4a1cf1-7ff69e4a1cf4 282->284 286 7ff69e4a1cf6-7ff69e4a1cfd 284->286 287 7ff69e4a1d1a-7ff69e4a1d3f WriteFile 284->287 288 7ff69e4a1cff-7ff69e4a1d05 286->288 289 7ff69e4a1d08-7ff69e4a1d18 286->289 290 7ff69e4a1d41-7ff69e4a1d4a 287->290 291 7ff69e4a1d53-7ff69e4a1d59 GetLastError 287->291 288->289 289->284 289->287 290->281 292 7ff69e4a1d4c-7ff69e4a1d4f 290->292 291->281 292->282 293 7ff69e4a1d51 292->293 293->281
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: 9b55fa9029197f70d8b37b6f0eb019ef2f42f51b284c92a3100e8322c962e09a
    • Instruction ID: db9344bf8e643ac581f86ef08d182d57e1d24c60ae74188108a7500ae80c5008
    • Opcode Fuzzy Hash: 9b55fa9029197f70d8b37b6f0eb019ef2f42f51b284c92a3100e8322c962e09a
    • Instruction Fuzzy Hash: 1C31D472A18A8286DB209F15E4802A97764FB68BA0F444072FB8EC7754DF3CE415C710
    Function 00007FF69E49CF74 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: daa558b90cd69e4353a4188e09a708de5ea0f2d8865c0f75e7af0dad4205ff83
    • Instruction ID: b3f39a2b6c62edf33619d541e7f4b5e4aa8edcb223c5d84ba290c1d4f0d6ae03
    • Opcode Fuzzy Hash: daa558b90cd69e4353a4188e09a708de5ea0f2d8865c0f75e7af0dad4205ff83
    • Instruction Fuzzy Hash: BD318121A18B4681EB708F2596C42786650FB55FB4F680779EB6E973E4CF38E491C310
    Function 00007FF69E491840 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Initialize_invalid_parameter_noinfo_set_fmode
    • String ID:
    • API String ID: 3548387204-0
    • Opcode ID: 4702971cb94d821ecca20033a5084f20197d8a2ad3a1f3cc590cb54ff7f46001
    • Instruction ID: 5c2dfa7785cc1d408ddc7617b65c23a9f94cd2641e943a89ed1f2b17f0b95faf
    • Opcode Fuzzy Hash: 4702971cb94d821ecca20033a5084f20197d8a2ad3a1f3cc590cb54ff7f46001
    • Instruction Fuzzy Hash: FB114615E0820B45FA38BAB15ACA2B91194CF64F44F4604F4F61DFA2CBEE2CB8416376
    Function 00007FF69E49FD84 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF69E49A89E,?,?,?,00007FF69E49ABF2,?,?,?,?,00007FF69E491A13), ref: 00007FF69E49FD98
    • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF69E49A89E,?,?,?,00007FF69E49ABF2,?,?,?,?,00007FF69E491A13), ref: 00007FF69E49FE02
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: EnvironmentStrings$Free
    • String ID:
    • API String ID: 3328510275-0
    • Opcode ID: db970735c3359340a709ec3c5fbc5f26761b619722ac337746b7fdd4a290abb3
    • Instruction ID: 564c574c2f581cbbf6f240aca1e3758347c62b18173ca51650e5787e321e723d
    • Opcode Fuzzy Hash: db970735c3359340a709ec3c5fbc5f26761b619722ac337746b7fdd4a290abb3
    • Instruction Fuzzy Hash: B301E512F58B5341EE309F1665840796360EF64FF0B584670EF6E677C6DE2CE4428320
    Function 00007FF69E49ADA5 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: 114a91c9eb3997d96d96b89e66a5f704b68acc46b5da7cfbcbf35f884bfc2da3
    • Instruction ID: ef3b3fc8281aebde1b197d7e6ea24854dc599ce39abfef1d673fafa711a7946b
    • Opcode Fuzzy Hash: 114a91c9eb3997d96d96b89e66a5f704b68acc46b5da7cfbcbf35f884bfc2da3
    • Instruction Fuzzy Hash: CC217C3AA04A028AEF348F74C4886EC33A0EB54F18F050676E61DA7AC5DF38D495C760
    Function 00007FF69E491C6C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF69E491C80
      • Part of subcall function 00007FF69E492610: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF69E492618
      • Part of subcall function 00007FF69E492610: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF69E49261D
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
    • String ID:
    • API String ID: 1208906642-0
    • Opcode ID: ec2570cafee743dcb2ab4d8c5ed2c8d6037c73c528d06cddfe88c48b82e924c5
    • Instruction ID: f3e564e358200f8581fe35a8a3e0bb569bcd13d8ba625a577505693e01790d92
    • Opcode Fuzzy Hash: ec2570cafee743dcb2ab4d8c5ed2c8d6037c73c528d06cddfe88c48b82e924c5
    • Instruction Fuzzy Hash: 56E0EC10D0D11340FE792A6127D22B802409F76F04F5100F9F94EF22D39D0E750653B6

    Non-executed Functions

    Function 00007FF69E4A2ABC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: c5413e8b85f3f62e1b5e3c442f5b6e8201814dd53347c4e9641f5da6d242fb16
    • Instruction ID: 4e68483897b40a8790fe9446726c69beb643e6a047956d12be2a4a2d09b1d662
    • Opcode Fuzzy Hash: c5413e8b85f3f62e1b5e3c442f5b6e8201814dd53347c4e9641f5da6d242fb16
    • Instruction Fuzzy Hash: 44B2F372E582838BE7348E64D5807FD77A1FB64BA8F405175EA0D97A85EF38E900CB50
    Function 00007FF69E491F90 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: bed88b21f03ced8f03b229f060e7a7e7857f38ae682025ac13353ea6e571365a
    • Instruction ID: bfcef84cc3ed062aac14081056bf0074d057e1d1a1c07821d2cb15eee3704874
    • Opcode Fuzzy Hash: bed88b21f03ced8f03b229f060e7a7e7857f38ae682025ac13353ea6e571365a
    • Instruction Fuzzy Hash: 40313072609B8286EB748F60E8807EE7364FB94B54F444479EB4E97B98DF38D548C720
    Function 00007FF69E49C06C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 96b4b85298df9a7c94fc0ed32a4ff3fc3a8f8d2a756f0329476b0c0d7f2ce9a1
    • Instruction ID: af2ac05f753cf2a5113c670a24294c56f483caafbd94507a1351dbd23ed05b12
    • Opcode Fuzzy Hash: 96b4b85298df9a7c94fc0ed32a4ff3fc3a8f8d2a756f0329476b0c0d7f2ce9a1
    • Instruction Fuzzy Hash: E7316132658B8286EB70CF25E8802AE73A4FB94BA4F540175EB8D93B94DF3CD555CB10
    Function 00007FF69E49EAC4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: FileFindFirst_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2227656907-0
    • Opcode ID: ba11f07c1f722e6a40a18cc6528af4eedad9e4f8f0aafa614391c8f36644ff59
    • Instruction ID: ef2a6b0246100c614aedf5011f215451a52d028db7ad57770eaf609c40c8103e
    • Opcode Fuzzy Hash: ba11f07c1f722e6a40a18cc6528af4eedad9e4f8f0aafa614391c8f36644ff59
    • Instruction Fuzzy Hash: 7BB1B622B1869341EE70DB2296842B96391EB64FE4F545272FA5DA7BC5DF3CE441C320
    Function 00007FF69E491E70 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
    • String ID:
    • API String ID: 2933794660-0
    • Opcode ID: a0b89811d2abefea6c0b216da11c3ecfe6413ee332165bab6c2f463ce680ac48
    • Instruction ID: 5a9682751f3c02617663a00bebb9fc1726e927a2cfa86f4745ba49d01bb216e5
    • Opcode Fuzzy Hash: a0b89811d2abefea6c0b216da11c3ecfe6413ee332165bab6c2f463ce680ac48
    • Instruction Fuzzy Hash: E4112122B54F0689EF10CF60F8942B933A4FB29B68F440E31EA5D86764DF78D5548390
    Function 00007FF69E4A2620 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
    • Instruction ID: 87e41b6fee5b2c220665e30f61e00f9c9c3ae2682d117da1368843bc324cf7e9
    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
    • Instruction Fuzzy Hash: B6C1F672B5828787E7348F55A18466AB791F7A8FA4F448134EB4A83B84DF3CE901DB04
    Function 00007FF69E4A6A28 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 42800f7130fc09e1b5b148043ea866075d2b5c80eb62d1f6a2eafbe5d3518a0d
    • Instruction ID: e1d488c67fc6285906645cd88b8cb7f18df5c189506876d010d395c767bfc973
    • Opcode Fuzzy Hash: 42800f7130fc09e1b5b148043ea866075d2b5c80eb62d1f6a2eafbe5d3518a0d
    • Instruction Fuzzy Hash: DCB15E73604B898BEB25CF29C48636837A0F754FA8F1589B1EA5D8B7A4CF39D451C710
    Function 00007FF69E49D9EC Relevance: 2.6, Strings: 2, Instructions: 144COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID: e+000$gfff
    • API String ID: 0-3030954782
    • Opcode ID: d1e6dff7fef3bdb59747c01a8fb3bbc0b4806479f45d7012dcbbb5270c54b796
    • Instruction ID: 4d1541c9473d4cdfe72c42537fed6814e177c533c89b9f694a00255e5b3d21cd
    • Opcode Fuzzy Hash: d1e6dff7fef3bdb59747c01a8fb3bbc0b4806479f45d7012dcbbb5270c54b796
    • Instruction Fuzzy Hash: 2F516962B1C2C346E7348E359E807697B91E7A4FA4F08C2B1EB988BAC5CF7DD4408710
    Function 00007FF69E49D558 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID: gfffffff
    • API String ID: 0-1523873471
    • Opcode ID: 91725199b9ae0a4c4f7012fb6020ed17a538c55d02ec2f85fc7811ec0ab5c42b
    • Instruction ID: 52eda47ff42e5f04a0d673bdf45ebaaa5c844837483cdee59170d1d4fe1e467b
    • Opcode Fuzzy Hash: 91725199b9ae0a4c4f7012fb6020ed17a538c55d02ec2f85fc7811ec0ab5c42b
    • Instruction Fuzzy Hash: 79A15862B087C686EB31CF29A9807AD7791EBA0F84F048171EE4D97785DE3DE405C711
    Function 00007FF69E498098 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID: 0-3916222277
    • Opcode ID: f58e7d2fba646c9d56e368a4f66ee4e796840259c2c138df35e78770f08e093e
    • Instruction ID: 08649992bb13617fd0f3551c278fae9cce2f2ad0b8b0825295b210c7a1122f06
    • Opcode Fuzzy Hash: f58e7d2fba646c9d56e368a4f66ee4e796840259c2c138df35e78770f08e093e
    • Instruction Fuzzy Hash: 2EB17F72A08A8395E7748F39C29427D3BA0EB69F48F184175EB4DA7795CF3AD440C722
    Function 00007FF69E4A0FF4 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 713265200b0f8676a1dac90bda99ea801f41fb4e271d729f4c08ea7d931f899d
    • Instruction ID: cc6b158d1f1765e2e4e8877dad01b8ad2a16783031560b2d027a696466f8d738
    • Opcode Fuzzy Hash: 713265200b0f8676a1dac90bda99ea801f41fb4e271d729f4c08ea7d931f899d
    • Instruction Fuzzy Hash: FAB09220E57A43C2EE992B117C8621823AABFA8B20F8885B8D10C81320DF2C20A58720
    Function 00007FF69E498E70 Relevance: .4, Instructions: 374COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 12f2a61b33c2f5a9ff6fbf6eeeca1a1374fd0aaa3bccda5e65ef6e81077c1321
    • Instruction ID: ceeb0d4aac0545e5a047d82a422663c72bd8a562732355cf5f3b133ee7fb04f7
    • Opcode Fuzzy Hash: 12f2a61b33c2f5a9ff6fbf6eeeca1a1374fd0aaa3bccda5e65ef6e81077c1321
    • Instruction Fuzzy Hash: 78E19026A0824346EA788E29C2C413D37A2FB69F54F1451B5EF0DA77D9DF39E841C361
    Function 00007FF69E498A38 Relevance: .4, Instructions: 351COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 36c052bf87743b0a4e9054d2403e673aa66a68402ee0a2fcaabadde92108fa48
    • Instruction ID: 1f9c188ee5bed636b0318d2fe64f9114954a3ed4e05f1a9d315b1c53d6e7c09c
    • Opcode Fuzzy Hash: 36c052bf87743b0a4e9054d2403e673aa66a68402ee0a2fcaabadde92108fa48
    • Instruction Fuzzy Hash: 08E1B472A0860395EB748A2CC2D537D2791EB69F54F1842B5FA0DA76D5CF3DE841C322
    Function 00007FF69E49E06C Relevance: .2, Instructions: 198COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ce1f9992ca2b83fa0573aa7d428d943340b4a4b5419fb6f58666c6258925b0df
    • Instruction ID: 50b4ad72033417c2d1ca4a91b85c9993a41c2a4fcb3b40b0931f6266eb824a1e
    • Opcode Fuzzy Hash: ce1f9992ca2b83fa0573aa7d428d943340b4a4b5419fb6f58666c6258925b0df
    • Instruction Fuzzy Hash: DC811572A0C78286E774CB1996C137A6BD1FBA5F94F244275EA8D93B85CE3DE4008B10
    Function 00007FF69E49734C Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 69cd060b253cf035043fe50bbacb27ae17bc61c6d97ae5104e189b82c940c127
    • Instruction ID: e14050cf5601d2e484205fc83864b6a47dbc37d2d876d9396c2db5005917e05c
    • Opcode Fuzzy Hash: 69cd060b253cf035043fe50bbacb27ae17bc61c6d97ae5104e189b82c940c127
    • Instruction Fuzzy Hash: E551B832A1865382E7348F29C18923C37A0EB64F68F245171EE4DA7795DF3AE863C750
    Function 00007FF69E496F3C Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 43ff9c10f62d1b47ef5905391948ce9eac555b03b98ab0e7aa44716a88f8c3e2
    • Instruction ID: 79eaa2561fc26ca741fefef421204c3b497b86ad7d667d0aa6d560a9c956ab75
    • Opcode Fuzzy Hash: 43ff9c10f62d1b47ef5905391948ce9eac555b03b98ab0e7aa44716a88f8c3e2
    • Instruction Fuzzy Hash: 30518732A1865386E7348F29C19423837A1EB64FACF2441B1EE4DA7794DF3AE853C750
    Function 00007FF69E496B2C Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1cf95b503110b43d35bbcf95d68fe8087ba49051afeab174971cb0c306ff8024
    • Instruction ID: b47e25dbf1c2e7b31f9d91b1c66568b6b1d22fcabe11b196f314a88ae5d81df1
    • Opcode Fuzzy Hash: 1cf95b503110b43d35bbcf95d68fe8087ba49051afeab174971cb0c306ff8024
    • Instruction Fuzzy Hash: D4519B36A1465385E7348B29C19433837A0EB65FA8F2441B1EE4DAB794DF3AEC53C750
    Function 00007FF69E496928 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 712813fa3cdb594f0eb308bf8fb59a66a1630518c2f72753db9bc1e6f3e268fe
    • Instruction ID: ff89742e056e1ca6224b36ef3b4501dd524e2772b472267c0572fdaaea34f289
    • Opcode Fuzzy Hash: 712813fa3cdb594f0eb308bf8fb59a66a1630518c2f72753db9bc1e6f3e268fe
    • Instruction Fuzzy Hash: 5451CA72A1865286E7348F28C28473937A0EB55F98F2481B1DE4DAB794DF3AEC53C750
    Function 00007FF69E497148 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 273b73d5fb63701c19bb0bf1e59182d66848a0a0ab3d7cf47da5e148ab485331
    • Instruction ID: 43de5d1d099350413884b64303290cfd3b39190171a26e239dcb54594fdb7e89
    • Opcode Fuzzy Hash: 273b73d5fb63701c19bb0bf1e59182d66848a0a0ab3d7cf47da5e148ab485331
    • Instruction Fuzzy Hash: 7751BA36A1865386E7348B29C18973C37A0EB64F58F284171EE4DA7794DF3AE863C750
    Function 00007FF69E496D38 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 111b9a4e2f0511636ba9a42a30838a4c974f5a45ebe7d12396d731be4333c2c6
    • Instruction ID: f7e39f526b0fab456b18c2ad3ae176fd28fb89abe73425644597b0a1fa7815f7
    • Opcode Fuzzy Hash: 111b9a4e2f0511636ba9a42a30838a4c974f5a45ebe7d12396d731be4333c2c6
    • Instruction Fuzzy Hash: 2151AE7661465286EB748F29C28423837A0EB55F98F2541B1EE4CAB794CF3AEC52C750
    Function 00007FF69E49B200 Relevance: .1, Instructions: 126COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: 91e9a8959a486d16915ec3edadb5a2c8260f1535164ba97195848b35bf58a076
    • Instruction ID: 31436cf0e95f72e0ab83e5948a02ad1e38f095a2ce79d5a09fa848daf9bb604d
    • Opcode Fuzzy Hash: 91e9a8959a486d16915ec3edadb5a2c8260f1535164ba97195848b35bf58a076
    • Instruction Fuzzy Hash: 9741D862B14A5681EF24CF2AEAA416D7391FB58FD4B099036EE0DD7B58EF3CD4418344
    Function 00007FF69E4A6870 Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 06765e3e769664596c98c1387e2f6e4fe9174840ac955173aff2e886965b2cc6
    • Instruction ID: 108500ec7ce70ea7109ab31006eaf556ef02dcb3dc41e196a314294a6ec3a338
    • Opcode Fuzzy Hash: 06765e3e769664596c98c1387e2f6e4fe9174840ac955173aff2e886965b2cc6
    • Instruction Fuzzy Hash: 59F06871B382968FDBA48F28A48262D77D5FB58780F94C579E58DC3B14DA3CD0509F14
    Function 00007FF69E492134 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 39ca1d6a6832c669e6a29bba7dd95473a6ef9a4e19f238a5e2e873b8f2e182c5
    • Instruction ID: d1b3f74fe58db3360618b719b65f96dbc956eaa03cda52ce1e30ef3ccaf0c2d6
    • Opcode Fuzzy Hash: 39ca1d6a6832c669e6a29bba7dd95473a6ef9a4e19f238a5e2e873b8f2e182c5
    • Instruction Fuzzy Hash: F6A00121A4CC0390EA2C8F00BA911602230EBA4B60B4140B1E20DD10609E3CA514C328
    Function 00007FF69E4961B0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: f$f$p$p$f
    • API String ID: 3215553584-1325933183
    • Opcode ID: 12d08c0c8612637774bc7bdd463a756b07fcc01c14ea46ebeb92567cf731375d
    • Instruction ID: 07f2536c6fefc2001da7600500e117cb57e00e33cffc5c1641a972aeeb896509
    • Opcode Fuzzy Hash: 12d08c0c8612637774bc7bdd463a756b07fcc01c14ea46ebeb92567cf731375d
    • Instruction Fuzzy Hash: 6E129771E0D14386FB349E15E2946797652FBA0FD4F8440F5F69A9A9C8DF3CE8808B20
    Function 00007FF69E493790 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 849930591-393685449
    • Opcode ID: 9d2ab68f5844ecff8e78b121d5f9961d0fc8fa477ccde89421ed0d873669c760
    • Instruction ID: 4e4c51fa231708ec5012d801349ce30bb6fd177ce65779d27d6a1ecc168f612c
    • Opcode Fuzzy Hash: 9d2ab68f5844ecff8e78b121d5f9961d0fc8fa477ccde89421ed0d873669c760
    • Instruction Fuzzy Hash: 45D15032E0874686EB30DB6595802AD77A4FB66F98F000275FE4DA7B56DF38E450CB50
    Function 00007FF69E492A44 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF69E492CF6,?,?,?,00007FF69E4929E8,?,?,?,00007FF69E4925F1), ref: 00007FF69E492AC9
    • GetLastError.KERNEL32(?,?,?,00007FF69E492CF6,?,?,?,00007FF69E4929E8,?,?,?,00007FF69E4925F1), ref: 00007FF69E492AD7
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF69E492CF6,?,?,?,00007FF69E4929E8,?,?,?,00007FF69E4925F1), ref: 00007FF69E492B01
    • FreeLibrary.KERNEL32(?,?,?,00007FF69E492CF6,?,?,?,00007FF69E4929E8,?,?,?,00007FF69E4925F1), ref: 00007FF69E492B6F
    • GetProcAddress.KERNEL32(?,?,?,00007FF69E492CF6,?,?,?,00007FF69E4929E8,?,?,?,00007FF69E4925F1), ref: 00007FF69E492B7B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: cbbaaf9238a7b28753c96f16f4876fbf0f394f578af9b213cce3bfd2c1307ae4
    • Instruction ID: c01654bcb5e93e773a1828b016453c2bfd402078b4c382e8b6fccd7dfb1ada53
    • Opcode Fuzzy Hash: cbbaaf9238a7b28753c96f16f4876fbf0f394f578af9b213cce3bfd2c1307ae4
    • Instruction Fuzzy Hash: C2317021A1AA4391EE369F02B98057523D8FF68FA0F590575EE1D9A794DE3CE444C324
    Function 00007FF69E49BC54 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: ba8e99addf97a3e009db974f25feb7acb3a06d1c3b8078238f1e2f9ace8986bd
    • Instruction ID: d5c02c12f11825febc04ff783ed4c54664e741ae3322ec54fd2f215d693c842b
    • Opcode Fuzzy Hash: ba8e99addf97a3e009db974f25feb7acb3a06d1c3b8078238f1e2f9ace8986bd
    • Instruction Fuzzy Hash: 43213A20E4C64342FA74A76167C507D5192EF74FB0F1447B8F92EA76D6DE2CB4024364
    Function 00007FF69E4A622C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: 6f1dcbecdf4b1e4fd58a35dea008d528d15142dd48fdd07ece926cacfd9cd830
    • Instruction ID: a0062c3ec2a79b364ce646b08fbcd8230b041278cc4e06b6ef90a94e16ffbc1d
    • Opcode Fuzzy Hash: 6f1dcbecdf4b1e4fd58a35dea008d528d15142dd48fdd07ece926cacfd9cd830
    • Instruction Fuzzy Hash: 13118121A58A5286EB608B42F88432973A0FBA8FF4F1442B4FA6DC7B94DF3CD4048754
    Function 00007FF69E49BDCC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,00007FF69E49C435,?,?,?,?,00007FF69E49C4B3,?,?,00000000,00007FF69E49BEEA,?,?,?), ref: 00007FF69E49BDDB
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49C435,?,?,?,?,00007FF69E49C4B3,?,?,00000000,00007FF69E49BEEA,?,?,?), ref: 00007FF69E49BE11
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49C435,?,?,?,?,00007FF69E49C4B3,?,?,00000000,00007FF69E49BEEA,?,?,?), ref: 00007FF69E49BE3E
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49C435,?,?,?,?,00007FF69E49C4B3,?,?,00000000,00007FF69E49BEEA,?,?,?), ref: 00007FF69E49BE4F
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49C435,?,?,?,?,00007FF69E49C4B3,?,?,00000000,00007FF69E49BEEA,?,?,?), ref: 00007FF69E49BE60
    • SetLastError.KERNEL32(?,?,?,00007FF69E49C435,?,?,?,?,00007FF69E49C4B3,?,?,00000000,00007FF69E49BEEA,?,?,?), ref: 00007FF69E49BE7B
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: d09860916987003217397efd375fd118e2d3f65f3a6b55cd55b916f85a497808
    • Instruction ID: c3b534ec609b786ff9583b985ce74d1e486ee001a5f6c0c0351c81313b540a1d
    • Opcode Fuzzy Hash: d09860916987003217397efd375fd118e2d3f65f3a6b55cd55b916f85a497808
    • Instruction Fuzzy Hash: A1114920E4C64382FA74A7316AD543D2186DF74FB0F1546B4FA2EA76D6DE2CA4024360
    Function 00007FF69E49AECC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: bfb8e2e045aaa5d8a4d65f3051bd469de7b60ee180c7e05e45e1383d802046fe
    • Instruction ID: 6e220d8f2c2f346434b4e8b54ad3711c733505804c0b942195df53eac3dd2be1
    • Opcode Fuzzy Hash: bfb8e2e045aaa5d8a4d65f3051bd469de7b60ee180c7e05e45e1383d802046fe
    • Instruction Fuzzy Hash: 9EF04F65A5960381FE308B24B4C43B96360EFA4FB5F540675EAAD861E4CF2CD449D720
    Function 00007FF69E4A6664 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
    • Instruction ID: 942a21358d56a6d6cb39be9b51b63afc88f8e41817038ac04a9af98e8427aae0
    • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
    • Instruction Fuzzy Hash: 50118FA2ED8A1302F6751524D4D13793151EFB8BB4F4406F4FA6E8F2E6CE2CA8508320
    Function 00007FF69E49BE94 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FlsGetValue.KERNEL32(?,?,?,00007FF69E49BFFB,?,?,00000000,00007FF69E49C296), ref: 00007FF69E49BEB3
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49BFFB,?,?,00000000,00007FF69E49C296), ref: 00007FF69E49BED2
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49BFFB,?,?,00000000,00007FF69E49C296), ref: 00007FF69E49BEFA
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49BFFB,?,?,00000000,00007FF69E49C296), ref: 00007FF69E49BF0B
    • FlsSetValue.KERNEL32(?,?,?,00007FF69E49BFFB,?,?,00000000,00007FF69E49C296), ref: 00007FF69E49BF1C
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: d82967b0093e522171d61d00e694f9cbbf33dbceb67486b6bcec466325ac852b
    • Instruction ID: b9cac9e80e99947ffc2ca01af39d1dac9c07f6e62dd38a2f0d515405a9525ad1
    • Opcode Fuzzy Hash: d82967b0093e522171d61d00e694f9cbbf33dbceb67486b6bcec466325ac852b
    • Instruction Fuzzy Hash: 3511AC20F4960302FA78AB216BC64792181DF70FE0F4843B4F93DE66DADE2CB4024720
    Function 00007FF69E49BD28 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 65f9adb9b0b19f8343b732aaaa21e263637aa2be1f56b4a32b4bef1b526b4f52
    • Instruction ID: 8ca8cce34a07fa26b4187a9a0fe152b9750991fcdde6ca8c05f38d6a851d8570
    • Opcode Fuzzy Hash: 65f9adb9b0b19f8343b732aaaa21e263637aa2be1f56b4a32b4bef1b526b4f52
    • Instruction Fuzzy Hash: 6C110C10E4820302F979A3615AD64B91181DF74F71F1947B8F93EEB2D6EE2CB4024775
    Function 00007FF69E4923D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm
    • API String ID: 2395640692-1018135373
    • Opcode ID: b807eb808fdb2e15da36fa018c95533ac61eef16268ca53c2f541f9b3c74aaa2
    • Instruction ID: 51fe2dbf5b033eb13abd72b2c22f255eacf8d87fdff2f66e204f414401b11380
    • Opcode Fuzzy Hash: b807eb808fdb2e15da36fa018c95533ac61eef16268ca53c2f541f9b3c74aaa2
    • Instruction Fuzzy Hash: 3551A032A196038ADB28CB15F594A783395FB68FA8F508170FA4D97788EF3DE841C714
    Function 00007FF69E493C60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: 0015c3fc815786a6807c8109a6c457506ce591a4a26f1ae51aa01c347af6a682
    • Instruction ID: 5bea1cc7d59aa1286cf4a32ee383388d2ce4bebae6d504492226fac890a17b8c
    • Opcode Fuzzy Hash: 0015c3fc815786a6807c8109a6c457506ce591a4a26f1ae51aa01c347af6a682
    • Instruction Fuzzy Hash: 8C617F32908B8685DB30CB25E5807AAB7A0FBA5F94F044265FB9D93B56DF3CD194CB10
    Function 00007FF69E494010 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
    • String ID: csm$csm
    • API String ID: 3896166516-3733052814
    • Opcode ID: 6cf72d4d8f42cec05f346a57a3f86d1aab26b1a655db36c51017f6ed7c9e5421
    • Instruction ID: b8ae2a8a71b84f9c7edade0336d7bfc0b80873a04659eeeaf233ad21528eea1f
    • Opcode Fuzzy Hash: 6cf72d4d8f42cec05f346a57a3f86d1aab26b1a655db36c51017f6ed7c9e5421
    • Instruction Fuzzy Hash: 11519D3690828386EB748B61E6C827D7690FB65F94F148175EB8CA7B95CF3CE450CB50
    Function 00007FF69E4A180C Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: FileWrite$ConsoleErrorLastOutput
    • String ID:
    • API String ID: 2718003287-0
    • Opcode ID: 6c07ec55695532ce84805899ea55c6edc0c4037fb7ff4a5c537134dffbfe790f
    • Instruction ID: 84ad45d6fe8497d9994552c3cac867233068056909d2c0949d1845d453637536
    • Opcode Fuzzy Hash: 6c07ec55695532ce84805899ea55c6edc0c4037fb7ff4a5c537134dffbfe790f
    • Instruction Fuzzy Hash: DBD11572B08B9289E720CF75D5842AC37B1FB64BB8B444276EE5D97B99DE38D406C310
    Function 00007FF69E49A6FC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E49A72E
      • Part of subcall function 00007FF69E49C4C4: HeapFree.KERNEL32(?,?,00000000,00007FF69E4A086E,?,?,?,00007FF69E4A08AB,?,?,00000000,00007FF69E4A0DA5,?,?,?,00007FF69E4A0CD7), ref: 00007FF69E49C4DA
      • Part of subcall function 00007FF69E49C4C4: GetLastError.KERNEL32(?,?,00000000,00007FF69E4A086E,?,?,?,00007FF69E4A08AB,?,?,00000000,00007FF69E4A0DA5,?,?,?,00007FF69E4A0CD7), ref: 00007FF69E49C4E4
    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69E491895), ref: 00007FF69E49A74C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\antispam_account.exe
    • API String ID: 3580290477-1067520065
    • Opcode ID: ab94e42854c7bd0a14dc1ef185dedab96143f6ec4c4158bb59e6e6d00c116837
    • Instruction ID: 9ccc79e9f07034a829b83a05aa3688fad69bfa6596b621be4b37db0aa7053509
    • Opcode Fuzzy Hash: ab94e42854c7bd0a14dc1ef185dedab96143f6ec4c4158bb59e6e6d00c116837
    • Instruction Fuzzy Hash: 37419036A48B4385EB25DF26A6C11BC63A5EF64F94B484075FA0E97B85DF3CE4418320
    Function 00007FF69E4A1EA4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: 9cc9f422ebc48c697ed0ea45326535c74e1c6765b0f377516223d34f1b8a491b
    • Instruction ID: 31af3e3130266f9667cdb5b04bac8e79627adacca1d34388b2932ed99230723f
    • Opcode Fuzzy Hash: 9cc9f422ebc48c697ed0ea45326535c74e1c6765b0f377516223d34f1b8a491b
    • Instruction Fuzzy Hash: DD419172A19A8281EB209F25E4843BAA7A1FBA8BA4F454071FE4DC7798DF3CD441C750
    Function 00007FF69E494AB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1405049352.00007FF69E491000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69E490000, based on PE: true
    • Associated: 00000000.00000002.1405021824.00007FF69E490000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405076003.00007FF69E4A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405136216.00007FF69E4B4000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1405163546.00007FF69E4B6000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff69e490000_antispam_account.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: a6ec8bcaa6a19174eb367c356140e566403194152f40b68e0ecb328dd169b9a3
    • Instruction ID: d4037dcf806c5e16d41f7604828ecf859713f241bf3b49c7dd19a939d081030b
    • Opcode Fuzzy Hash: a6ec8bcaa6a19174eb367c356140e566403194152f40b68e0ecb328dd169b9a3
    • Instruction Fuzzy Hash: 88115B32618B8282EB608F15F58026977E4FB98F94F584270EB8D8BB68DF3CD551CB00