Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Metamask_setup.exe

Overview

General Information

Sample name:Metamask_setup.exe
Analysis ID:1379472
MD5:618f137baf526f754d3ee3885acb9c04
SHA1:a7f29acee8f33eee1b569fc992bdbbe2f413042c
SHA256:512ec746b8318aa67bb11aa498a94d0e9848c241e7296c46757dcf1997e28be4
Infos:

Detection

Meduza Stealer
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Meduza Stealer
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • Metamask_setup.exe (PID: 7064 cmdline: C:\Users\user\Desktop\Metamask_setup.exe MD5: 618F137BAF526F754D3EE3885ACB9C04)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "77.105.147.171:15666"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Metamask_setup.exe PID: 7064JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: Metamask_setup.exeAvira: detected
    Found malware configuration
    Source: Metamask_setup.exeMalware Configuration Extractor: Meduza Stealer {"C2 url": "77.105.147.171:15666"}
    Multi AV Scanner detection for submitted file
    Source: Metamask_setup.exeReversingLabs: Detection: 81%
    Source: Metamask_setup.exeVirustotal: Detection: 79%Perma Link
    Machine Learning detection for sample
    Source: Metamask_setup.exeJoe Sandbox ML: detected
    Source: Metamask_setup.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D308C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF6DF0D308C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D2FDC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,0_2_00007FF6DF0D2FDC
    Source: global trafficTCP traffic: 192.168.2.4:49729 -> 77.105.147.171:15666
    Source: Joe Sandbox ViewASN Name: PLUSTELECOM-ASRU PLUSTELECOM-ASRU
    Source: unknownTCP traffic detected without corresponding DNS query: 77.105.147.171
    Source: unknownTCP traffic detected without corresponding DNS query: 77.105.147.171
    Source: unknownTCP traffic detected without corresponding DNS query: 77.105.147.171
    Source: unknownTCP traffic detected without corresponding DNS query: 77.105.147.171
    Source: unknownTCP traffic detected without corresponding DNS query: 77.105.147.171
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0896F0 std::_Lockit::_Lockit,std::_Lockit::_Lockit,std::_Facet_Register,Concurrency::cancel_current_task,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,InternetOpenW,InternetOpenUrlA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF6DF0896F0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF09F110 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6DF09F110
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF075F000_2_00007FF6DF075F00
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0B08740_2_00007FF6DF0B0874
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0A80900_2_00007FF6DF0A8090
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0BD4880_2_00007FF6DF0BD488
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D308C0_2_00007FF6DF0D308C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0510E00_2_00007FF6DF0510E0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0B61100_2_00007FF6DF0B6110
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AB5100_2_00007FF6DF0AB510
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0B036C0_2_00007FF6DF0B036C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D4F900_2_00007FF6DF0D4F90
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0807900_2_00007FF6DF080790
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AF7A00_2_00007FF6DF0AF7A0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0A83A00_2_00007FF6DF0A83A0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0BBF9C0_2_00007FF6DF0BBF9C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0C78300_2_00007FF6DF0C7830
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF091A800_2_00007FF6DF091A80
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0A36800_2_00007FF6DF0A3680
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF075AD00_2_00007FF6DF075AD0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0896F00_2_00007FF6DF0896F0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D6EF40_2_00007FF6DF0D6EF4
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0BBB080_2_00007FF6DF0BBB08
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0B8D500_2_00007FF6DF0B8D50
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AD5900_2_00007FF6DF0AD590
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0A71800_2_00007FF6DF0A7180
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D69A80_2_00007FF6DF0D69A8
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AF9A40_2_00007FF6DF0AF9A4
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AF59C0_2_00007FF6DF0AF59C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0959C00_2_00007FF6DF0959C0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0BB2000_2_00007FF6DF0BB200
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0BC61C0_2_00007FF6DF0BC61C
    Source: classification engineClassification label: mal80.troj.spyw.winEXE@1/0@0/1
    Source: Metamask_setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Metamask_setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Metamask_setup.exeReversingLabs: Detection: 81%
    Source: Metamask_setup.exeVirustotal: Detection: 79%
    Source: Metamask_setup.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: Metamask_setup.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Metamask_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Metamask_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: Metamask_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: Metamask_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: Metamask_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: Metamask_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: Metamask_setup.exeStatic PE information: section name: _RDATA
    Source: C:\Users\user\Desktop\Metamask_setup.exeAPI coverage: 2.4 %
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D308C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF6DF0D308C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0D2FDC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,0_2_00007FF6DF0D2FDC
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD5A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AE280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6DF0AE280
    Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0CCE58 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6DF0CCE58
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0AE280 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6DF0AE280
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF6DF0C70C0
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: GetLocaleInfoW,0_2_00007FF6DF0BA4DC
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: EnumSystemLocalesW,0_2_00007FF6DF0B9F9C
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF6DF0C6678
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: EnumSystemLocalesW,0_2_00007FF6DF0C6AA4
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF6DF0C6EDC
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: EnumSystemLocalesW,0_2_00007FF6DF0C69D4
    Source: C:\Users\user\Desktop\Metamask_setup.exeCode function: 0_2_00007FF6DF0CD3CC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6DF0CD3CC

    Stealing of Sensitive Information

    barindex
    Yara detected Meduza Stealer
    Source: Yara matchFile source: Process Memory Space: Metamask_setup.exe PID: 7064, type: MEMORYSTR
    Found many strings related to Crypto-Wallets (likely being stolen)
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD57C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum\wallets
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD57C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD57C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty (Web)
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD57C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD57C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
    Source: Metamask_setup.exe, 00000000.00000002.1642063251.000002A5FD57C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore

    Remote Access Functionality

    barindex
    Yara detected Meduza Stealer
    Source: Yara matchFile source: Process Memory Space: Metamask_setup.exe PID: 7064, type: MEMORYSTR

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		Exfiltration Over Other Network Medium1
    Encrypted Channel    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory11
    Security Software Discovery    		Remote Desktop Protocol1
    Data from Local System    		Exfiltration Over Bluetooth1
    Non-Standard Port    		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
    Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Ingress Tool Transfer    		Data Encrypted for ImpactDNS ServerEmail Addresses
    Local AccountsCronLogin HookLogin HookBinary PaddingNTDS12
    System Information Discovery    		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Metamask_setup.exe82%ReversingLabsWin64.Spyware.Medusastealer
    Metamask_setup.exe79%VirustotalBrowse
    Metamask_setup.exe100%AviraTR/Spy.Agent.kgbyf
    Metamask_setup.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    77.105.147.171
    		unknownRussian Federation
    		42031PLUSTELECOM-ASRUtrue

    General Information

    Joe Sandbox version:38.0.0 Ammolite
    Analysis ID:1379472
    Start date and time:2024-01-23 13:24:14 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 1m 59s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:1
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Metamask_setup.exe
    Detection:MAL
    Classification:mal80.troj.spyw.winEXE@1/0@0/1
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    PLUSTELECOM-ASRUhttp://jerryposter.comGet hashmaliciousUnknownBrowse
    • 77.105.140.181
    hostcr.exeGet hashmaliciousRemcosBrowse
    • 77.105.132.70
    file.exeGet hashmaliciousPrivateLoaderBrowse
    • 77.105.147.130
    p1vNyPdVh2.exeGet hashmaliciousStealc, Vidar, zgRATBrowse
    • 77.105.132.229
    Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
    • 77.105.132.124
    Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
    • 77.105.132.124
    0442.EXE.exeGet hashmaliciousQuasarBrowse
    • 77.105.132.124
    gbquas.exeGet hashmaliciousQuasarBrowse
    • 77.105.132.124
    c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
    • 77.105.132.124
    c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
    • 77.105.132.124

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32+ executable (GUI) x86-64, for MS Windows
    Entropy (8bit):6.338845189889762
    TrID:
    • Win64 Executable GUI (202006/5) 92.65%
    • Win64 Executable (generic) (12005/4) 5.51%
    • Generic Win/DOS Executable (2004/3) 0.92%
    • DOS Executable Generic (2002/1) 0.92%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:Metamask_setup.exe
    File size:790'016 bytes
    MD5:618f137baf526f754d3ee3885acb9c04
    SHA1:a7f29acee8f33eee1b569fc992bdbbe2f413042c
    SHA256:512ec746b8318aa67bb11aa498a94d0e9848c241e7296c46757dcf1997e28be4
    SHA512:41d93eb646043fc2a16c0cb123d724db9091109dfd4ed457f45444859a38f463b3b410188d9ec1c0df8a3037a7846e8c94bd8e0dbe29634d44f01feb8a4bdf1e
    SSDEEP:12288:k/Dduefh+bErggggggggMfAF3m5mz1U/uuUtw/8DvC5mukp:mDduz6ggggggggMYF3Imzy2NAaC5M
    TLSH:1EF40934E69C3669D06BA078FC4B5C02E93278AA1320BFEB12D55A511F97EE15F3D360
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q.o.q.o.q.o.:.h.p.o.:.i.p.o.d.j...o.d.k.~.o.d.l.y.o.:.j...o.:.l.v.o.:.k.c.o.q.n...o.:.n.j.o.G.f.}.o.G...p.o.G.m.p.o.Richq.o

    File Icon

    Icon Hash:90cececece8e8eb0

    Static PE Info

    General

    Entrypoint:0x14007cb70
    Entrypoint Section:.text
    Digitally signed:false
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Time Stamp:0x64F15F28 [Fri Sep 1 03:48:56 2023 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:59fc3561b97c1724a66e573b2805c788

    Entrypoint Preview

    Instruction
    dec eax
    sub esp, 28h
    call 00007F397938B398h
    dec eax
    add esp, 28h
    jmp 00007F397938A9BFh
    int3
    int3
    and dword ptr [0003DBE5h], 00000000h
    ret
    dec eax
    mov dword ptr [esp+08h], ebx
    push ebp
    dec eax
    lea ebp, dword ptr [esp-000004C0h]
    dec eax
    sub esp, 000005C0h
    mov ebx, ecx
    mov ecx, 00000017h
    call dword ptr [0001C68Ah]
    test eax, eax
    je 00007F397938AB46h
    mov ecx, ebx
    int 29h
    mov ecx, 00000003h
    call 00007F397938AB09h
    xor edx, edx
    dec eax
    lea ecx, dword ptr [ebp-10h]
    inc ecx
    mov eax, 000004D0h
    call 00007F397938C484h
    dec eax
    lea ecx, dword ptr [ebp-10h]
    call dword ptr [0001C62Dh]
    dec eax
    mov ebx, dword ptr [ebp+000000E8h]
    dec eax
    lea edx, dword ptr [ebp+000004D8h]
    dec eax
    mov ecx, ebx
    inc ebp
    xor eax, eax
    call dword ptr [0001C61Bh]
    dec eax
    test eax, eax
    je 00007F397938AB7Eh
    dec eax
    and dword ptr [esp+38h], 00000000h
    dec eax
    lea ecx, dword ptr [ebp+000004E0h]
    dec eax
    mov edx, dword ptr [ebp+000004D8h]
    dec esp
    mov ecx, eax
    dec eax
    mov dword ptr [esp+30h], ecx
    dec esp
    mov eax, ebx
    dec eax
    lea ecx, dword ptr [ebp+000004E8h]
    dec eax
    mov dword ptr [esp+28h], ecx
    dec eax
    lea ecx, dword ptr [ebp-10h]
    dec eax
    mov dword ptr [esp+20h], ecx
    xor ecx, ecx
    call dword ptr [0001C5E2h]
    dec eax

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0xb5b900x118.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x1e0.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0xbd0000x79e0.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc70000xb54.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0xa76a00x38.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0xa77000x28.rdata
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa75600x140.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x990000x650.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x97edc0x9800014fecd9441573d8f8846ade337580eadFalse0.42626953125zlib compressed data6.304920226712859IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x990000x1e0c00x1e2002619a9f8e04fbdc4bbf68a1be1ba22e6False0.4567313926348548DIY-Thermocam raw data (Lepton 2.x), scale 25856-27648, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 154742504910672534362390528.000000, slope 2543115696954447765978707132416.0000005.510471051944646IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0xb80000x44840x1e001ac5d7acfbfbd5b995f739e66ca25ec4False0.16067708333333333data3.2862763790147604IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .pdata0xbd0000x79e00x7a009063aa876dbea603cc0cba3a374e398dFalse0.40320824795081966data5.843380934302045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    _RDATA0xc50000x15c0x200392099a42f1a81299705ff2d92da8379False0.41015625data3.3726519446433953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0xc60000x1e00x20040051623f806a9ed9f88c3948606ca62False0.52734375data4.7137725829467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0xc70000xb540xc00b58ee936f6aedd3f50b5062d1561ba30False0.4661458333333333data5.269667204999112IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_MANIFEST0xc60600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

    Imports

    DLLImport
    WS2_32.dllhtons, inet_pton, WSAStartup, send, socket, connect, recv, WSACleanup, closesocket
    CRYPT32.dllCryptUnprotectData
    WININET.dllInternetQueryDataAvailable, InternetReadFile, InternetCloseHandle, InternetOpenW, InternetOpenUrlA, InternetOpenA, HttpQueryInfoW
    ntdll.dllNtQueryObject, NtQuerySystemInformation
    RstrtMgr.DLLRmGetList, RmStartSession, RmEndSession, RmRegisterResources
    KERNEL32.dllMultiByteToWideChar, LocalFree, WideCharToMultiByte, IsDebuggerPresent, WriteProcessMemory, TerminateProcess, GetModuleFileNameW, WaitForSingleObject, ResumeThread, CloseHandle, GetThreadContext, VirtualAllocEx, CreateProcessW, SetThreadContext, GetExitCodeProcess, ExitProcess, ReadFile, GetModuleFileNameA, GetVolumeInformationW, GetGeoInfoA, HeapFree, EnterCriticalSection, GetCurrentProcess, GetProcessId, GetProductInfo, LeaveCriticalSection, SetFilePointer, InitializeCriticalSectionEx, GetModuleHandleA, OpenProcess, HeapSize, GetLogicalDriveStringsW, GetFinalPathNameByHandleA, GetTimeZoneInformation, GetLastError, HeapReAlloc, GetNativeSystemInfo, HeapAlloc, GetUserGeoID, DecodePointer, GetProcAddress, GetFileSize, DeleteCriticalSection, GetComputerNameW, GetProcessHeap, GlobalMemoryStatusEx, GetModuleHandleW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, IsProcessorFeaturePresent, GetCurrentProcessId, GetSystemTimeAsFileTime, FreeLibrary, GetModuleHandleExW, VirtualAlloc, VirtualProtect, VirtualQuery, GetCurrentThreadId, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetStdHandle, GetFileType, GetStartupInfoW, RaiseException, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, ReadConsoleW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetStringTypeW, SetStdHandle, CreateFileW, WriteConsoleW, OutputDebugStringW, SetEndOfFile, FreeEnvironmentStringsW, SetEnvironmentVariableW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, QueryPerformanceCounter, InitializeSListHead, RtlUnwindEx, RtlUnwind, RtlPcToFileHeader, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LCMapStringEx, GetCommandLineA, GetCommandLineW, GetSystemInfo, GetEnvironmentStringsW, GetFileInformationByHandleEx, AreFileApisANSI, GetFileAttributesExW, FindNextFileW, FindFirstFileExW, FindFirstFileW, FindClose, FormatMessageA, GetLocaleInfoEx, GetCurrentDirectoryW
    USER32.dllEnumDisplayDevicesW, GetDC, GetSystemMetrics, GetWindowRect, ReleaseDC, GetDesktopWindow
    GDI32.dllBitBlt, CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, GetDeviceCaps, DeleteDC, GetObjectW, DeleteObject
    ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, GetUserNameW, RegEnumKeyExA, GetCurrentHwProfileW
    SHELL32.dllShellExecuteA, SHGetKnownFolderPath
    ole32.dllCoTaskMemFree, CreateStreamOnHGlobal
    SHLWAPI.dll
    gdiplus.dllGdiplusStartup, GdiplusShutdown, GdipGetImageEncoders, GdipCloneImage, GdipAlloc, GdipCreateBitmapFromScan0, GdipSaveImageToStream, GdipGetImageEncodersSize, GdipDisposeImage, GdipFree, GdipCreateBitmapFromHBITMAP

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 23, 2024 13:24:59.873930931 CET4972915666192.168.2.477.105.147.171
    Jan 23, 2024 13:25:00.086932898 CET156664972977.105.147.171192.168.2.4
    Jan 23, 2024 13:25:00.588654995 CET4972915666192.168.2.477.105.147.171
    Jan 23, 2024 13:25:00.802571058 CET156664972977.105.147.171192.168.2.4
    Jan 23, 2024 13:25:01.307445049 CET4972915666192.168.2.477.105.147.171
    Jan 23, 2024 13:25:01.520523071 CET156664972977.105.147.171192.168.2.4
    Jan 23, 2024 13:25:02.026153088 CET4972915666192.168.2.477.105.147.171
    Jan 23, 2024 13:25:02.239245892 CET156664972977.105.147.171192.168.2.4
    Jan 23, 2024 13:25:02.744898081 CET4972915666192.168.2.477.105.147.171
    Jan 23, 2024 13:25:02.958246946 CET156664972977.105.147.171192.168.2.4

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    System Behavior

    General

    Target ID:0
    Start time:13:24:59
    Start date:23/01/2024
    Path:C:\Users\user\Desktop\Metamask_setup.exe
    Wow64 process (32bit):false
    Commandline:C:\Users\user\Desktop\Metamask_setup.exe
    Imagebase:0x7ff6df050000
    File size:790'016 bytes
    MD5 hash:618F137BAF526F754D3EE3885ACB9C04
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:1.2%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:19.7%
      Total number of Nodes:2000
      Total number of Limit Nodes:10
      execution_graph 13884 7ff6df0896f0 13950 7ff6df0d379c 13884->13950 13886 7ff6df089720 13887 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 13886->13887 13889 7ff6df089745 13886->13889 13887->13889 13888 7ff6df0897bd 13983 7ff6df0cc440 13888->13983 13889->13888 13954 7ff6df088d60 13889->13954 13893 7ff6df0897cf 13894 7ff6df0897d5 13893->13894 13895 7ff6df089836 13893->13895 13980 7ff6df0d39ac 13894->13980 13992 7ff6df088ae0 13895->13992 13900 7ff6df089a78 13902 7ff6df089a81 13900->13902 13903 7ff6df089a8a 13900->13903 13901 7ff6df089ac2 14067 7ff6df0890c0 13901->14067 14024 7ff6df08a160 13902->14024 13904 7ff6df0898c5 13904->13900 13904->13901 13907 7ff6df089a89 13907->13903 13910 7ff6df089b15 13911 7ff6df089d90 230 API calls 13910->13911 13913 7ff6df08a282 13910->13913 13911->13913 13912 7ff6df08a42d 13915 7ff6df08a43f 13912->13915 13916 7ff6df08a436 13912->13916 13913->13912 13914 7ff6df08a46c 13913->13914 13918 7ff6df0890c0 230 API calls 13914->13918 13917 7ff6df08a160 230 API calls 13916->13917 13919 7ff6df08a43e 13917->13919 13920 7ff6df08a4b0 13918->13920 13919->13915 13921 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 13920->13921 13922 7ff6df08a4c1 13921->13922 13923 7ff6df08a63e 13922->13923 13924 7ff6df08a50d 13922->13924 14085 7ff6df072550 13923->14085 13927 7ff6df08a596 13924->13927 13928 7ff6df08a56a 13924->13928 13926 7ff6df08a643 14088 7ff6df072490 13926->14088 13931 7ff6df0cc580 std::_Facet_Register 55 API calls 13927->13931 13933 7ff6df08a57f memcpy_s 13927->13933 13928->13926 13929 7ff6df08a577 13928->13929 14075 7ff6df0cc580 13929->14075 13931->13933 13937 7ff6df08a5fb memcpy_s 13933->13937 14094 7ff6df0ae56c 13933->14094 13951 7ff6df0d37b0 13950->13951 13952 7ff6df0d37ab 13950->13952 13951->13886 14099 7ff6df0bb678 13952->14099 13955 7ff6df088d90 13954->13955 13978 7ff6df088e7a __std_exception_copy 13954->13978 13956 7ff6df0cc580 std::_Facet_Register 55 API calls 13955->13956 13955->13978 13957 7ff6df088da2 13956->13957 13958 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 13957->13958 13959 7ff6df088dd3 13958->13959 13960 7ff6df088e0f 13959->13960 13961 7ff6df088f0d 13959->13961 14132 7ff6df0d3b5c 13960->14132 14139 7ff6df0d3614 13961->14139 13972 7ff6df0d3e21 13975 7ff6df0d3e56 13972->13975 13976 7ff6df0d3e5c 13972->13976 13979 7ff6df0d3e30 13972->13979 14154 7ff6df0ae850 13972->14154 13975->13976 13975->13979 14163 7ff6df0be178 13975->14163 13976->13979 14168 7ff6df0d43d8 13976->14168 13978->13893 13979->13893 13981 7ff6df0cc580 std::_Facet_Register 55 API calls 13980->13981 13982 7ff6df0d39bf 13981->13982 13982->13888 13984 7ff6df0cc449 13983->13984 13985 7ff6df089823 13984->13985 13986 7ff6df0cce8c IsProcessorFeaturePresent 13984->13986 13987 7ff6df0ccea4 13986->13987 14494 7ff6df0cd080 RtlCaptureContext 13987->14494 13993 7ff6df088aee Concurrency::cancel_current_task 13992->13993 13994 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 13993->13994 13995 7ff6df088aff 13994->13995 13996 7ff6df0ce208 __std_exception_copy 53 API calls 13995->13996 13997 7ff6df088b2d 13996->13997 13997->13904 13998 7ff6df089d90 13997->13998 13999 7ff6df089dce 13998->13999 14000 7ff6df089e4e 13998->14000 14499 7ff6df089cf0 13999->14499 14002 7ff6df0cc440 _log10_special 8 API calls 14000->14002 14004 7ff6df089e7b 14002->14004 14004->13904 14005 7ff6df089e3b 14005->14000 14006 7ff6df08a160 236 API calls 14005->14006 14006->14000 14007 7ff6df089e90 14008 7ff6df0890c0 236 API calls 14007->14008 14009 7ff6df089ed2 14008->14009 14010 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14009->14010 14011 7ff6df089ee3 14010->14011 14012 7ff6df089d90 236 API calls 14011->14012 14013 7ff6df089f3b 14011->14013 14012->14013 14014 7ff6df08a040 14013->14014 14016 7ff6df08a002 14013->14016 14018 7ff6df0890c0 236 API calls 14014->14018 14015 7ff6df08a013 14015->13904 14016->14015 14017 7ff6df08a160 236 API calls 14016->14017 14017->14015 14019 7ff6df08a082 14018->14019 14020 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14019->14020 14021 7ff6df08a093 14020->14021 14503 7ff6df0896f0 14021->14503 14023 7ff6df08a0d6 14023->13904 14025 7ff6df08a1a9 14024->14025 14026 7ff6df08a177 14024->14026 14025->13907 14026->14025 14027 7ff6df0890c0 230 API calls 14026->14027 14028 7ff6df08a1ef 14027->14028 14029 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14028->14029 14030 7ff6df08a200 14029->14030 14031 7ff6df089d90 230 API calls 14030->14031 14037 7ff6df08a282 14030->14037 14031->14037 14032 7ff6df08a46c 14036 7ff6df0890c0 230 API calls 14032->14036 14033 7ff6df08a42d 14034 7ff6df08a43e 14033->14034 14035 7ff6df08a160 230 API calls 14033->14035 14034->13907 14035->14034 14038 7ff6df08a4b0 14036->14038 14037->14032 14037->14033 14039 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14038->14039 14040 7ff6df08a4c1 14039->14040 14041 7ff6df08a63e 14040->14041 14042 7ff6df08a50d 14040->14042 14043 7ff6df072550 55 API calls 14041->14043 14045 7ff6df08a596 14042->14045 14046 7ff6df08a56a 14042->14046 14044 7ff6df08a643 14043->14044 14050 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14044->14050 14049 7ff6df0cc580 std::_Facet_Register 55 API calls 14045->14049 14051 7ff6df08a57f memcpy_s 14045->14051 14046->14044 14047 7ff6df08a577 14046->14047 14048 7ff6df0cc580 std::_Facet_Register 55 API calls 14047->14048 14048->14051 14049->14051 14050->14051 14052 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14051->14052 14055 7ff6df08a5fb memcpy_s 14051->14055 14053 7ff6df08a64f std::_Locinfo::_Locinfo_ctor 14052->14053 14054 7ff6df08a662 InternetOpenW 14053->14054 14056 7ff6df08a76b 14054->14056 14057 7ff6df08a6cb InternetOpenUrlA 14054->14057 14055->13907 14059 7ff6df0cc440 _log10_special 8 API calls 14056->14059 14061 7ff6df08a762 InternetCloseHandle 14057->14061 14062 7ff6df08a6fc InternetReadFile 14057->14062 14060 7ff6df08a77e 14059->14060 14060->13907 14061->14056 14063 7ff6df08a759 InternetCloseHandle 14062->14063 14064 7ff6df08a719 14062->14064 14063->14061 14064->14063 14065 7ff6df08ad30 55 API calls 14064->14065 14066 7ff6df08a73c InternetReadFile 14065->14066 14066->14063 14066->14064 14596 7ff6df0888a0 14067->14596 14069 7ff6df0890e3 14070 7ff6df0cf3f4 14069->14070 14071 7ff6df0cf413 14070->14071 14072 7ff6df0cf45e RaiseException 14071->14072 14073 7ff6df0cf43c RtlPcToFileHeader 14071->14073 14072->13910 14074 7ff6df0cf454 14073->14074 14074->14072 14077 7ff6df0cc58b 14075->14077 14076 7ff6df0b7f98 __std_exception_copy 12 API calls 14076->14077 14077->14076 14078 7ff6df0cc5a4 14077->14078 14079 7ff6df0c75a4 std::_Facet_Register 2 API calls 14077->14079 14080 7ff6df0cc5aa 14077->14080 14078->13933 14079->14077 14081 7ff6df0cc5b5 14080->14081 14082 7ff6df0cd3a0 Concurrency::cancel_current_task 2 API calls 14080->14082 14083 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14081->14083 14082->14081 14084 7ff6df0cc5bb 14083->14084 14086 7ff6df0d35cc 55 API calls 14085->14086 14087 7ff6df072560 14086->14087 14089 7ff6df07249e Concurrency::cancel_current_task 14088->14089 14090 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14089->14090 14091 7ff6df0724af 14090->14091 14092 7ff6df0ce208 __std_exception_copy 53 API calls 14091->14092 14093 7ff6df0724dd 14092->14093 14093->13933 14095 7ff6df0ae3e4 _invalid_parameter_noinfo_noreturn 52 API calls 14094->14095 14096 7ff6df0ae585 14095->14096 14097 7ff6df0ae59c _invalid_parameter_noinfo_noreturn 17 API calls 14096->14097 14098 7ff6df0ae59a 14097->14098 14102 7ff6df0baa08 14099->14102 14123 7ff6df0ba018 14102->14123 14105 7ff6df0ba018 __crtLCMapStringW 5 API calls 14106 7ff6df0baa47 14105->14106 14107 7ff6df0ba018 __crtLCMapStringW 5 API calls 14106->14107 14108 7ff6df0baa66 14107->14108 14109 7ff6df0ba018 __crtLCMapStringW 5 API calls 14108->14109 14110 7ff6df0baa85 14109->14110 14111 7ff6df0ba018 __crtLCMapStringW 5 API calls 14110->14111 14112 7ff6df0baaa4 14111->14112 14113 7ff6df0ba018 __crtLCMapStringW 5 API calls 14112->14113 14114 7ff6df0baac3 14113->14114 14115 7ff6df0ba018 __crtLCMapStringW 5 API calls 14114->14115 14116 7ff6df0baae2 14115->14116 14117 7ff6df0ba018 __crtLCMapStringW 5 API calls 14116->14117 14118 7ff6df0bab01 14117->14118 14119 7ff6df0ba018 __crtLCMapStringW 5 API calls 14118->14119 14120 7ff6df0bab20 14119->14120 14121 7ff6df0ba018 __crtLCMapStringW 5 API calls 14120->14121 14122 7ff6df0bab3f 14121->14122 14124 7ff6df0ba075 14123->14124 14130 7ff6df0ba070 __crtLCMapStringW 14123->14130 14124->14105 14125 7ff6df0ba0a5 LoadLibraryExW 14127 7ff6df0ba17a 14125->14127 14128 7ff6df0ba0ca GetLastError 14125->14128 14126 7ff6df0ba19a GetProcAddressForCaller 14126->14124 14127->14126 14129 7ff6df0ba191 FreeLibrary 14127->14129 14128->14130 14129->14126 14130->14124 14130->14125 14130->14126 14131 7ff6df0ba104 LoadLibraryExW 14130->14131 14131->14127 14131->14130 14188 7ff6df0d522c 14132->14188 14273 7ff6df0725f0 14139->14273 14142 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14143 7ff6df088f19 14142->14143 14143->13972 14144 7ff6df0c4478 14143->14144 14396 7ff6df0b8318 GetLastError 14144->14396 14146 7ff6df0c4481 14437 7ff6df0bb024 14146->14437 14149 7ff6df0c4448 14150 7ff6df0b8318 _Getctype 52 API calls 14149->14150 14151 7ff6df0c4451 14150->14151 14152 7ff6df0bb024 _Getctype 52 API calls 14151->14152 14153 7ff6df0c446a 14152->14153 14153->13972 14155 7ff6df0ae88a 14154->14155 14159 7ff6df0ae869 14154->14159 14156 7ff6df0b8318 _Getctype 52 API calls 14155->14156 14157 7ff6df0ae88f 14156->14157 14158 7ff6df0bb024 _Getctype 52 API calls 14157->14158 14160 7ff6df0ae8a8 14158->14160 14159->13975 14160->14159 14454 7ff6df0baf1c 14160->14454 14164 7ff6df0b8318 _Getctype 52 API calls 14163->14164 14165 7ff6df0be181 14164->14165 14166 7ff6df0bb024 _Getctype 52 API calls 14165->14166 14167 7ff6df0be19a 14166->14167 14167->13976 14169 7ff6df0d442d MultiByteToWideChar 14168->14169 14172 7ff6df0d4419 14168->14172 14170 7ff6df0d445b 14169->14170 14186 7ff6df0d4590 __std_exception_copy 14169->14186 14174 7ff6df0b7f98 __std_exception_copy 12 API calls 14170->14174 14175 7ff6df0d4486 std::_Locinfo::_Locinfo_ctor 14170->14175 14170->14186 14171 7ff6df0cc440 _log10_special 8 API calls 14173 7ff6df0d46b4 14171->14173 14172->14169 14173->13979 14174->14175 14176 7ff6df0d44da MultiByteToWideChar 14175->14176 14175->14186 14177 7ff6df0d4500 LCMapStringEx 14176->14177 14176->14186 14178 7ff6df0d453a 14177->14178 14177->14186 14179 7ff6df0d4544 14178->14179 14180 7ff6df0d4595 14178->14180 14181 7ff6df0d4557 LCMapStringEx 14179->14181 14179->14186 14182 7ff6df0b7f98 __std_exception_copy 12 API calls 14180->14182 14183 7ff6df0d45b3 std::_Locinfo::_Locinfo_ctor 14180->14183 14180->14186 14181->14186 14182->14183 14184 7ff6df0d4608 LCMapStringEx 14183->14184 14183->14186 14185 7ff6df0d463c WideCharToMultiByte 14184->14185 14184->14186 14185->14186 14186->14171 14189 7ff6df0baa08 std::_Locinfo::_Locinfo_ctor 5 API calls 14188->14189 14190 7ff6df0d5242 14189->14190 14197 7ff6df0d4f50 14190->14197 14204 7ff6df0bb608 EnterCriticalSection 14197->14204 14278 7ff6df0ce208 14273->14278 14275 7ff6df072638 14276 7ff6df0cc440 _log10_special 8 API calls 14275->14276 14277 7ff6df072653 14276->14277 14277->14142 14279 7ff6df0ce229 14278->14279 14282 7ff6df0ce25e __std_exception_copy 14278->14282 14280 7ff6df0b7f98 __std_exception_copy 12 API calls 14279->14280 14279->14282 14281 7ff6df0ce247 14280->14281 14281->14282 14284 7ff6df0c04a8 14281->14284 14282->14275 14285 7ff6df0c04bf 14284->14285 14286 7ff6df0c04b5 14284->14286 14287 7ff6df0b7450 memcpy_s 11 API calls 14285->14287 14286->14285 14291 7ff6df0c04da 14286->14291 14288 7ff6df0c04c6 14287->14288 14293 7ff6df0ae54c 14288->14293 14289 7ff6df0c04d2 14289->14282 14291->14289 14292 7ff6df0b7450 memcpy_s 11 API calls 14291->14292 14292->14288 14296 7ff6df0ae3e4 14293->14296 14297 7ff6df0ae40f 14296->14297 14304 7ff6df0ae480 14297->14304 14301 7ff6df0ae46e 14301->14289 14302 7ff6df0ae459 14302->14301 14303 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 14302->14303 14303->14301 14323 7ff6df0ae1c8 14304->14323 14308 7ff6df0ae436 14308->14302 14314 7ff6df0ae160 14308->14314 14315 7ff6df0ae1b3 14314->14315 14316 7ff6df0ae173 GetLastError 14314->14316 14315->14302 14317 7ff6df0ae183 14316->14317 14318 7ff6df0b8558 _invalid_parameter_noinfo_noreturn 16 API calls 14317->14318 14319 7ff6df0ae19e SetLastError 14318->14319 14319->14315 14320 7ff6df0ae1c1 14319->14320 14361 7ff6df0ae684 14320->14361 14324 7ff6df0ae21f 14323->14324 14325 7ff6df0ae1e4 GetLastError 14323->14325 14324->14308 14329 7ff6df0ae234 14324->14329 14326 7ff6df0ae1f4 14325->14326 14336 7ff6df0b8558 14326->14336 14330 7ff6df0ae250 GetLastError SetLastError 14329->14330 14331 7ff6df0ae268 14329->14331 14330->14331 14331->14308 14332 7ff6df0ae59c IsProcessorFeaturePresent 14331->14332 14333 7ff6df0ae5af 14332->14333 14353 7ff6df0ae280 14333->14353 14337 7ff6df0b8592 FlsSetValue 14336->14337 14338 7ff6df0b8577 FlsGetValue 14336->14338 14339 7ff6df0b859f 14337->14339 14341 7ff6df0ae20f SetLastError 14337->14341 14340 7ff6df0b858c 14338->14340 14338->14341 14342 7ff6df0bb708 _Getctype 11 API calls 14339->14342 14340->14337 14341->14324 14343 7ff6df0b85ae 14342->14343 14344 7ff6df0b85cc FlsSetValue 14343->14344 14345 7ff6df0b85bc FlsSetValue 14343->14345 14347 7ff6df0b85d8 FlsSetValue 14344->14347 14348 7ff6df0b85ea 14344->14348 14346 7ff6df0b85c5 14345->14346 14349 7ff6df0baee0 __free_lconv_mon 11 API calls 14346->14349 14347->14346 14350 7ff6df0b80c8 _Getctype 11 API calls 14348->14350 14349->14341 14351 7ff6df0b85f2 14350->14351 14352 7ff6df0baee0 __free_lconv_mon 11 API calls 14351->14352 14352->14341 14354 7ff6df0ae2ba memcpy_s _invalid_parameter_noinfo_noreturn 14353->14354 14355 7ff6df0ae2e2 RtlCaptureContext RtlLookupFunctionEntry 14354->14355 14356 7ff6df0ae352 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14355->14356 14357 7ff6df0ae31c RtlVirtualUnwind 14355->14357 14358 7ff6df0ae3a4 _invalid_parameter_noinfo_noreturn 14356->14358 14357->14356 14359 7ff6df0cc440 _log10_special 8 API calls 14358->14359 14360 7ff6df0ae3c3 GetCurrentProcess TerminateProcess 14359->14360 14370 7ff6df0bac14 14361->14370 14364 7ff6df0ae69c 14365 7ff6df0ae6a5 IsProcessorFeaturePresent 14364->14365 14368 7ff6df0ae6cf __std_fs_directory_iterator_open 14364->14368 14367 7ff6df0ae6b4 14365->14367 14369 7ff6df0ae280 _invalid_parameter_noinfo_noreturn 14 API calls 14367->14369 14369->14368 14371 7ff6df0babcc __std_fs_directory_iterator_open EnterCriticalSection LeaveCriticalSection 14370->14371 14372 7ff6df0ae68d 14371->14372 14372->14364 14373 7ff6df0bac64 14372->14373 14374 7ff6df0bac94 14373->14374 14376 7ff6df0bacbb 14373->14376 14375 7ff6df0b8490 memcpy_s 11 API calls 14374->14375 14374->14376 14380 7ff6df0baca8 14374->14380 14375->14380 14377 7ff6df0bad90 14376->14377 14379 7ff6df0bb608 std::_Locinfo::_Locinfo_ctor EnterCriticalSection 14376->14379 14381 7ff6df0baec4 14377->14381 14388 7ff6df0badbe 14377->14388 14391 7ff6df0badf7 14377->14391 14378 7ff6df0bacf8 14378->14364 14379->14377 14380->14376 14380->14378 14382 7ff6df0bad3d 14380->14382 14383 7ff6df0baed1 __std_fs_directory_iterator_open 14381->14383 14386 7ff6df0bb65c std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 14381->14386 14384 7ff6df0b7450 memcpy_s 11 API calls 14382->14384 14387 7ff6df0bad42 14384->14387 14385 7ff6df0bb65c std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 14393 7ff6df0bae55 14385->14393 14386->14383 14389 7ff6df0ae54c _invalid_parameter_noinfo 52 API calls 14387->14389 14390 7ff6df0b8318 _Getctype 52 API calls 14388->14390 14388->14391 14389->14378 14392 7ff6df0bade7 14390->14392 14391->14385 14391->14393 14394 7ff6df0b8318 _Getctype 52 API calls 14392->14394 14395 7ff6df0b8318 52 API calls _Getctype 14393->14395 14394->14391 14395->14393 14397 7ff6df0b8359 FlsSetValue 14396->14397 14398 7ff6df0b833c FlsGetValue 14396->14398 14400 7ff6df0b836b 14397->14400 14418 7ff6df0b8349 14397->14418 14399 7ff6df0b8353 14398->14399 14398->14418 14399->14397 14402 7ff6df0bb708 _Getctype 11 API calls 14400->14402 14401 7ff6df0b83c5 SetLastError 14404 7ff6df0b83e5 14401->14404 14405 7ff6df0b83d2 14401->14405 14403 7ff6df0b837a 14402->14403 14407 7ff6df0b8398 FlsSetValue 14403->14407 14408 7ff6df0b8388 FlsSetValue 14403->14408 14406 7ff6df0ae684 __std_fs_directory_iterator_open 40 API calls 14404->14406 14405->14146 14409 7ff6df0b83ea 14406->14409 14411 7ff6df0b83a4 FlsSetValue 14407->14411 14412 7ff6df0b83b6 14407->14412 14410 7ff6df0b8391 14408->14410 14413 7ff6df0b8418 FlsSetValue 14409->14413 14414 7ff6df0b83fd FlsGetValue 14409->14414 14415 7ff6df0baee0 __free_lconv_mon 11 API calls 14410->14415 14411->14410 14416 7ff6df0b80c8 _Getctype 11 API calls 14412->14416 14419 7ff6df0b8425 14413->14419 14420 7ff6df0b840a 14413->14420 14417 7ff6df0b8412 14414->14417 14414->14420 14415->14418 14421 7ff6df0b83be 14416->14421 14417->14413 14418->14401 14424 7ff6df0bb708 _Getctype 11 API calls 14419->14424 14422 7ff6df0b8410 14420->14422 14423 7ff6df0ae684 __std_fs_directory_iterator_open 40 API calls 14420->14423 14425 7ff6df0baee0 __free_lconv_mon 11 API calls 14421->14425 14422->14146 14426 7ff6df0b848d 14423->14426 14427 7ff6df0b8434 14424->14427 14425->14401 14428 7ff6df0b8452 FlsSetValue 14427->14428 14429 7ff6df0b8442 FlsSetValue 14427->14429 14431 7ff6df0b8470 14428->14431 14432 7ff6df0b845e FlsSetValue 14428->14432 14430 7ff6df0b844b 14429->14430 14434 7ff6df0baee0 __free_lconv_mon 11 API calls 14430->14434 14433 7ff6df0b80c8 _Getctype 11 API calls 14431->14433 14432->14430 14435 7ff6df0b8478 14433->14435 14434->14420 14436 7ff6df0baee0 __free_lconv_mon 11 API calls 14435->14436 14436->14422 14438 7ff6df0bb039 14437->14438 14440 7ff6df0bb04c 14437->14440 14438->14440 14441 7ff6df0c36b8 14438->14441 14440->14149 14442 7ff6df0b8318 _Getctype 52 API calls 14441->14442 14443 7ff6df0c36c7 14442->14443 14444 7ff6df0c3712 14443->14444 14453 7ff6df0bb608 EnterCriticalSection 14443->14453 14444->14440 14461 7ff6df0b1a5c 14454->14461 14456 7ff6df0baf61 14459 7ff6df0cc440 _log10_special 8 API calls 14456->14459 14460 7ff6df0ae8de 14459->14460 14460->13975 14462 7ff6df0b1a80 14461->14462 14463 7ff6df0b1a7b 14461->14463 14462->14463 14464 7ff6df0b8318 _Getctype 52 API calls 14462->14464 14463->14456 14469 7ff6df0c5d48 14463->14469 14465 7ff6df0b1a9b 14464->14465 14466 7ff6df0bb024 _Getctype 52 API calls 14465->14466 14467 7ff6df0b1abe 14466->14467 14484 7ff6df0bb090 14467->14484 14470 7ff6df0b1a5c TranslateName 52 API calls 14469->14470 14471 7ff6df0c5d8a 14470->14471 14491 7ff6df0c0508 14471->14491 14485 7ff6df0bb0a5 14484->14485 14486 7ff6df0bb0b8 14484->14486 14485->14486 14488 7ff6df0c3fe8 14485->14488 14486->14463 14489 7ff6df0b8318 _Getctype 52 API calls 14488->14489 14490 7ff6df0c3ff1 14489->14490 14493 7ff6df0c0511 MultiByteToWideChar 14491->14493 14495 7ff6df0cd09a RtlLookupFunctionEntry 14494->14495 14496 7ff6df0cd0b0 RtlVirtualUnwind 14495->14496 14497 7ff6df0cceb7 14495->14497 14496->14495 14496->14497 14498 7ff6df0cce58 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14497->14498 14500 7ff6df089d19 14499->14500 14501 7ff6df089d2e 14500->14501 14502 7ff6df089d90 236 API calls 14500->14502 14501->14005 14501->14007 14502->14501 14504 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 14503->14504 14505 7ff6df089720 14504->14505 14506 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 14505->14506 14508 7ff6df089745 14505->14508 14506->14508 14507 7ff6df0897bd 14509 7ff6df0cc440 _log10_special 8 API calls 14507->14509 14508->14507 14511 7ff6df088d60 96 API calls 14508->14511 14510 7ff6df089823 14509->14510 14510->14023 14512 7ff6df0897cf 14511->14512 14513 7ff6df0897d5 14512->14513 14514 7ff6df089836 14512->14514 14516 7ff6df0d39ac std::_Facet_Register 55 API calls 14513->14516 14515 7ff6df088ae0 Concurrency::cancel_current_task 55 API calls 14514->14515 14517 7ff6df08983b 14515->14517 14516->14507 14518 7ff6df089d90 230 API calls 14517->14518 14523 7ff6df0898c5 14517->14523 14518->14523 14519 7ff6df089a78 14521 7ff6df089a81 14519->14521 14522 7ff6df089a8a 14519->14522 14520 7ff6df089ac2 14525 7ff6df0890c0 230 API calls 14520->14525 14524 7ff6df08a160 230 API calls 14521->14524 14522->14023 14523->14519 14523->14520 14526 7ff6df089a89 14524->14526 14527 7ff6df089b04 14525->14527 14526->14522 14528 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14527->14528 14529 7ff6df089b15 14528->14529 14530 7ff6df089d90 230 API calls 14529->14530 14532 7ff6df08a282 14529->14532 14530->14532 14531 7ff6df08a42d 14534 7ff6df08a43f 14531->14534 14535 7ff6df08a436 14531->14535 14532->14531 14533 7ff6df08a46c 14532->14533 14537 7ff6df0890c0 230 API calls 14533->14537 14534->14023 14536 7ff6df08a160 230 API calls 14535->14536 14538 7ff6df08a43e 14536->14538 14539 7ff6df08a4b0 14537->14539 14538->14534 14540 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14539->14540 14541 7ff6df08a4c1 14540->14541 14542 7ff6df08a63e 14541->14542 14543 7ff6df08a50d 14541->14543 14544 7ff6df072550 55 API calls 14542->14544 14546 7ff6df08a596 14543->14546 14547 7ff6df08a56a 14543->14547 14545 7ff6df08a643 14544->14545 14551 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14545->14551 14550 7ff6df0cc580 std::_Facet_Register 55 API calls 14546->14550 14552 7ff6df08a57f memcpy_s 14546->14552 14547->14545 14548 7ff6df08a577 14547->14548 14549 7ff6df0cc580 std::_Facet_Register 55 API calls 14548->14549 14549->14552 14550->14552 14551->14552 14553 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14552->14553 14556 7ff6df08a5fb memcpy_s 14552->14556 14554 7ff6df08a64f std::_Locinfo::_Locinfo_ctor 14553->14554 14555 7ff6df08a662 InternetOpenW 14554->14555 14557 7ff6df08a76b 14555->14557 14558 7ff6df08a6cb 14555->14558 14556->14023 14561 7ff6df0cc440 _log10_special 8 API calls 14557->14561 14559 7ff6df08a6d2 14558->14559 14560 7ff6df08a6d5 InternetOpenUrlA 14558->14560 14559->14560 14563 7ff6df08a762 InternetCloseHandle 14560->14563 14564 7ff6df08a6fc InternetReadFile 14560->14564 14562 7ff6df08a77e 14561->14562 14562->14023 14563->14557 14565 7ff6df08a759 InternetCloseHandle 14564->14565 14566 7ff6df08a719 14564->14566 14565->14563 14566->14565 14569 7ff6df08ad30 14566->14569 14568 7ff6df08a73c InternetReadFile 14568->14565 14568->14566 14570 7ff6df08ad84 14569->14570 14575 7ff6df08aefb memcpy_s 14569->14575 14571 7ff6df08afd1 14570->14571 14572 7ff6df08adb1 14570->14572 14570->14575 14585 7ff6df07fea0 14571->14585 14574 7ff6df08ae10 14572->14574 14576 7ff6df08adce 14572->14576 14578 7ff6df08ae24 14572->14578 14574->14576 14577 7ff6df08afd6 14574->14577 14575->14568 14579 7ff6df0cc580 std::_Facet_Register 55 API calls 14576->14579 14581 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14577->14581 14580 7ff6df0cc580 std::_Facet_Register 55 API calls 14578->14580 14584 7ff6df08ade2 memcpy_s 14578->14584 14579->14584 14580->14584 14581->14584 14582 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14583 7ff6df08afe2 memcpy_s 14582->14583 14583->14568 14584->14575 14584->14582 14588 7ff6df0d35cc 14585->14588 14593 7ff6df0d34a4 14588->14593 14591 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14592 7ff6df0d35ee 14591->14592 14594 7ff6df0ce208 __std_exception_copy 53 API calls 14593->14594 14595 7ff6df0d34d8 14594->14595 14595->14591 14597 7ff6df0888d3 14596->14597 14597->14597 14611 7ff6df075f00 14597->14611 14599 7ff6df0888ea 14753 7ff6df07eee0 14599->14753 14601 7ff6df08890a 14770 7ff6df072740 14601->14770 14603 7ff6df088925 14794 7ff6df072570 14603->14794 14605 7ff6df0889c7 14605->14069 14606 7ff6df088a02 14608 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14606->14608 14607 7ff6df088931 14607->14605 14607->14606 14609 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14607->14609 14610 7ff6df088a08 14608->14610 14609->14606 14610->14069 14612 7ff6df075fea 14611->14612 14613 7ff6df075f26 14611->14613 14615 7ff6df072550 55 API calls 14612->14615 14614 7ff6df075f34 memcpy_s 14613->14614 14616 7ff6df075f5d 14613->14616 14618 7ff6df075fad 14613->14618 14619 7ff6df075fa2 14613->14619 14614->14599 14617 7ff6df075fef 14615->14617 14621 7ff6df0cc580 std::_Facet_Register 55 API calls 14616->14621 14620 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14617->14620 14623 7ff6df0cc580 std::_Facet_Register 55 API calls 14618->14623 14625 7ff6df075f78 memcpy_s 14618->14625 14619->14616 14619->14617 14622 7ff6df075f73 14620->14622 14621->14622 14624 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14622->14624 14622->14625 14623->14625 14626 7ff6df075ffb 14624->14626 14625->14599 14800 7ff6df0836c0 14626->14800 14630 7ff6df076109 14830 7ff6df0730b0 14630->14830 14632 7ff6df07611e 14634 7ff6df076cd0 14632->14634 14844 7ff6df074870 14632->14844 14636 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14634->14636 14638 7ff6df076cd6 14636->14638 14637 7ff6df076cbc 15083 7ff6df074100 14637->15083 15090 7ff6df074090 14638->15090 14641 7ff6df076c19 14642 7ff6df0cc440 _log10_special 8 API calls 14641->14642 14644 7ff6df076c45 14642->14644 14644->14599 14645 7ff6df076cec 14648 7ff6df074090 236 API calls 14645->14648 14646 7ff6df076c6b 14647 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14646->14647 14650 7ff6df076c70 14647->14650 14649 7ff6df076cfc 14648->14649 14651 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14649->14651 15052 7ff6df080f00 14650->15052 14653 7ff6df076d02 14651->14653 14655 7ff6df074090 236 API calls 14653->14655 14657 7ff6df076d12 14655->14657 14660 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14657->14660 14659 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14659->14637 14662 7ff6df076d18 14660->14662 14661 7ff6df076b28 14661->14637 14661->14641 14661->14646 14665 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14662->14665 14663 7ff6df07691c 14664 7ff6df0962b0 236 API calls 14663->14664 14666 7ff6df07692b 14664->14666 14667 7ff6df076d1e 14665->14667 14713 7ff6df076ab5 14666->14713 14957 7ff6df073430 14666->14957 15098 7ff6df072ed0 14667->15098 14668 7ff6df073300 61 API calls 14751 7ff6df0761ea 14668->14751 14675 7ff6df076d24 14677 7ff6df074090 236 API calls 14675->14677 14676 7ff6df076958 14679 7ff6df076d48 14676->14679 14681 7ff6df076d3c 14676->14681 14978 7ff6df083b70 14676->14978 14680 7ff6df076d36 14677->14680 14678 7ff6df0805d0 70 API calls 14678->14751 14682 7ff6df072ed0 2 API calls 14679->14682 14684 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14680->14684 14685 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14681->14685 14692 7ff6df076d4e 14682->14692 14684->14681 14687 7ff6df076d42 14685->14687 14690 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14687->14690 14688 7ff6df07eee0 55 API calls 14689 7ff6df076a1c 14688->14689 14987 7ff6df07e8b0 14689->14987 14690->14679 14694 7ff6df076e32 14692->14694 14698 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14692->14698 14694->14599 14695 7ff6df07eee0 55 API calls 14696 7ff6df076a4c 14695->14696 14697 7ff6df07e8b0 236 API calls 14696->14697 14699 7ff6df076a58 14697->14699 14704 7ff6df076e58 14698->14704 14701 7ff6df07eee0 55 API calls 14699->14701 14700 7ff6df074870 78 API calls 14700->14751 14702 7ff6df076a79 14701->14702 14703 7ff6df07e8b0 236 API calls 14702->14703 14705 7ff6df076a85 14703->14705 14711 7ff6df075f00 236 API calls 14704->14711 14722 7ff6df076f3f 14704->14722 15009 7ff6df07f260 14705->15009 14708 7ff6df074540 236 API calls 14708->14751 14709 7ff6df076fb9 14712 7ff6df076fcb 14709->14712 15102 7ff6df07ed70 14709->15102 14710 7ff6df077007 14710->14712 15113 7ff6df073800 14710->15113 14711->14722 14718 7ff6df073800 52 API calls 14712->14718 14725 7ff6df077029 14712->14725 14713->14687 15041 7ff6df074540 14713->15041 14715 7ff6df073430 55 API calls 14715->14751 14717 7ff6df07715e 14719 7ff6df072ed0 2 API calls 14717->14719 14718->14725 14721 7ff6df077164 14719->14721 14720 7ff6df077134 14724 7ff6df0cc440 _log10_special 8 API calls 14720->14724 14726 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14721->14726 14722->14709 14722->14710 14722->14717 14722->14721 14723 7ff6df073800 52 API calls 14723->14720 14727 7ff6df077140 14724->14727 14728 7ff6df075f00 236 API calls 14725->14728 14734 7ff6df07710e 14725->14734 14729 7ff6df07716a 14726->14729 14727->14599 14732 7ff6df0770c1 14728->14732 14731 7ff6df072ed0 2 API calls 14729->14731 14737 7ff6df077170 14731->14737 14732->14729 14732->14734 14736 7ff6df077159 14732->14736 14733 7ff6df075f00 236 API calls 14733->14751 14734->14720 14734->14723 14735 7ff6df077208 14735->14599 14739 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14736->14739 14738 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14737->14738 14740 7ff6df0771bd 14737->14740 14738->14740 14739->14717 14740->14735 14741 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14740->14741 14742 7ff6df077235 14741->14742 14744 7ff6df075f00 236 API calls 14742->14744 14743 7ff6df083b70 55 API calls 14743->14751 14745 7ff6df07732b 14744->14745 14746 7ff6df07e8b0 236 API calls 14746->14751 14747 7ff6df07eee0 55 API calls 14747->14751 14751->14638 14751->14645 14751->14649 14751->14650 14751->14653 14751->14657 14751->14661 14751->14662 14751->14663 14751->14667 14751->14668 14751->14675 14751->14678 14751->14680 14751->14700 14751->14708 14751->14715 14751->14733 14751->14743 14751->14746 14751->14747 14752 7ff6df07f260 55 API calls 14751->14752 14863 7ff6df075ad0 14751->14863 14885 7ff6df0962b0 14751->14885 14892 7ff6df07eae0 14751->14892 14895 7ff6df07f770 14751->14895 14907 7ff6df080020 14751->14907 14911 7ff6df082aa0 14751->14911 14752->14751 14757 7ff6df07ef0e 14753->14757 14754 7ff6df07efe5 14756 7ff6df072550 55 API calls 14754->14756 14755 7ff6df07ef32 14755->14601 14758 7ff6df07efeb 14756->14758 14757->14754 14757->14755 14759 7ff6df07efab 14757->14759 14760 7ff6df07ef84 14757->14760 14761 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14758->14761 14762 7ff6df07ef9d memcpy_s 14759->14762 14765 7ff6df0cc580 std::_Facet_Register 55 API calls 14759->14765 14760->14758 14763 7ff6df0cc580 std::_Facet_Register 55 API calls 14760->14763 14764 7ff6df07eff1 14761->14764 14762->14601 14766 7ff6df07ef95 14763->14766 14767 7ff6df07f030 53 API calls 14764->14767 14765->14762 14766->14762 14769 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14766->14769 14768 7ff6df07f012 14767->14768 14768->14601 14769->14754 14771 7ff6df07277c 14770->14771 14772 7ff6df07278e 14770->14772 14773 7ff6df07fc60 55 API calls 14771->14773 14774 7ff6df07fc60 55 API calls 14772->14774 14773->14772 14775 7ff6df0727c3 14774->14775 14776 7ff6df072802 14775->14776 14779 7ff6df0728ac 14775->14779 14777 7ff6df07287a 14776->14777 14780 7ff6df0728b1 14776->14780 14778 7ff6df0cc440 _log10_special 8 API calls 14777->14778 14781 7ff6df0728a1 14778->14781 14782 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14779->14782 14783 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14780->14783 14781->14603 14782->14780 14784 7ff6df0728b7 14783->14784 14785 7ff6df07eee0 55 API calls 14784->14785 14786 7ff6df0728ef 14785->14786 14787 7ff6df072740 55 API calls 14786->14787 14788 7ff6df07290a 14787->14788 14789 7ff6df072570 53 API calls 14788->14789 14791 7ff6df072916 14789->14791 14790 7ff6df07294b 14790->14603 14791->14790 14792 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14791->14792 14793 7ff6df07298d __std_exception_destroy 14792->14793 14793->14603 14795 7ff6df072597 14794->14795 14796 7ff6df0ce208 __std_exception_copy 53 API calls 14795->14796 14797 7ff6df0725c2 14796->14797 14798 7ff6df0cc440 _log10_special 8 API calls 14797->14798 14799 7ff6df0725dd 14798->14799 14799->14607 15118 7ff6df0d2d3c 14800->15118 14803 7ff6df0760ea 14816 7ff6df073870 14803->14816 14804 7ff6df0837b4 15138 7ff6df072b40 14804->15138 14807 7ff6df0837ba 14809 7ff6df072e70 55 API calls 14807->14809 14811 7ff6df0837c6 14809->14811 14812 7ff6df08375c 14813 7ff6df0d2d64 __std_fs_convert_narrow_to_wide 2 API calls 14812->14813 14814 7ff6df08377b 14813->14814 14814->14803 15132 7ff6df072e70 14814->15132 14821 7ff6df0738a3 14816->14821 14817 7ff6df07398d 14818 7ff6df072550 55 API calls 14817->14818 14820 7ff6df073993 14818->14820 14819 7ff6df0738c7 memcpy_s 14819->14630 14821->14817 14821->14819 14822 7ff6df0738e3 14821->14822 14824 7ff6df073948 14821->14824 14829 7ff6df073987 14821->14829 14825 7ff6df0cc580 std::_Facet_Register 55 API calls 14822->14825 14822->14829 14823 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14823->14817 14824->14819 14826 7ff6df0cc580 std::_Facet_Register 55 API calls 14824->14826 14827 7ff6df073932 14825->14827 14826->14819 14827->14819 14828 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14827->14828 14828->14829 14829->14823 14835 7ff6df0730cb 14830->14835 14831 7ff6df073209 15162 7ff6df073780 14831->15162 14833 7ff6df073226 14833->14632 14834 7ff6df0731cc 14836 7ff6df0731e7 14834->14836 14841 7ff6df073243 14834->14841 14835->14831 14835->14834 14837 7ff6df0732f9 14836->14837 14838 7ff6df0731f6 14836->14838 15187 7ff6df07fe80 14837->15187 15182 7ff6df07ec70 14838->15182 14841->14838 15167 7ff6df0813a0 14841->15167 14845 7ff6df0748a1 14844->14845 15228 7ff6df0d308c 14845->15228 14848 7ff6df0cc440 _log10_special 8 API calls 14849 7ff6df074942 14848->14849 14849->14661 14850 7ff6df0805d0 14849->14850 14851 7ff6df073870 55 API calls 14850->14851 14852 7ff6df080612 14851->14852 15290 7ff6df074160 14852->15290 14855 7ff6df0cc580 std::_Facet_Register 55 API calls 14862 7ff6df08068a 14855->14862 14858 7ff6df073800 52 API calls 14859 7ff6df080764 14858->14859 14860 7ff6df0cc440 _log10_special 8 API calls 14859->14860 14861 7ff6df080775 14860->14861 14861->14751 15304 7ff6df0d2fbc 14862->15304 14864 7ff6df075b18 14863->14864 14869 7ff6df075e56 std::_Locinfo::_Locinfo_ctor 14863->14869 15340 7ff6df0cc508 AcquireSRWLockExclusive 14864->15340 14869->14751 15345 7ff6df0959c0 14885->15345 14887 7ff6df0962e2 14889 7ff6df09630a 14887->14889 15405 7ff6df080790 14887->15405 14890 7ff6df0cc440 _log10_special 8 API calls 14889->14890 14891 7ff6df09638d 14890->14891 14891->14751 17039 7ff6df07f9c0 14892->17039 14896 7ff6df07f8c6 14895->14896 14897 7ff6df07f7a3 14895->14897 14896->14897 14898 7ff6df07f8d3 14896->14898 14899 7ff6df0cc440 _log10_special 8 API calls 14897->14899 14900 7ff6df075ec0 236 API calls 14898->14900 14901 7ff6df07f7d2 14899->14901 14902 7ff6df07f8e4 14900->14902 14901->14751 17080 7ff6df081a80 14902->17080 14905 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14906 7ff6df07f905 14905->14906 14908 7ff6df080063 14907->14908 14909 7ff6df0cc440 _log10_special 8 API calls 14908->14909 14910 7ff6df080325 14909->14910 14910->14751 14912 7ff6df082c11 14911->14912 14913 7ff6df082ae1 14911->14913 14915 7ff6df07fea0 55 API calls 14912->14915 14914 7ff6df082c0c 14913->14914 14918 7ff6df082b65 14913->14918 14919 7ff6df082b31 14913->14919 14916 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14914->14916 14917 7ff6df082c17 14915->14917 14916->14912 14920 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14917->14920 14923 7ff6df0cc580 std::_Facet_Register 55 API calls 14918->14923 14928 7ff6df082b4f 14918->14928 14919->14914 14921 7ff6df082b3e 14919->14921 14932 7ff6df082c1d 14920->14932 14922 7ff6df0cc580 std::_Facet_Register 55 API calls 14921->14922 14925 7ff6df082b46 14922->14925 14923->14928 14924 7ff6df082d91 14926 7ff6df07fea0 55 API calls 14924->14926 14925->14917 14925->14928 14931 7ff6df082d97 14926->14931 14927 7ff6df082d8c 14933 7ff6df072490 Concurrency::cancel_current_task 55 API calls 14927->14933 14929 7ff6df080020 8 API calls 14928->14929 14930 7ff6df082bac 14929->14930 14934 7ff6df082bbd 14930->14934 17103 7ff6df0824b0 14930->17103 14938 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 14931->14938 14932->14924 14932->14927 14935 7ff6df082ce5 14932->14935 14936 7ff6df082cb1 14932->14936 14933->14924 14941 7ff6df0824b0 8 API calls 14934->14941 14943 7ff6df0cc580 std::_Facet_Register 55 API calls 14935->14943 14948 7ff6df082ccf 14935->14948 14936->14927 14939 7ff6df082cbe 14936->14939 14940 7ff6df082d9d 14938->14940 14942 7ff6df0cc580 std::_Facet_Register 55 API calls 14939->14942 14944 7ff6df082be7 14941->14944 14945 7ff6df082cc6 14942->14945 14943->14948 17107 7ff6df080360 14944->17107 14945->14931 14945->14948 14946 7ff6df07eee0 55 API calls 14949 7ff6df082d2c 14946->14949 14948->14946 14951 7ff6df082d3d 14949->14951 17118 7ff6df083890 14949->17118 14950 7ff6df082bf9 14950->14751 14953 7ff6df083890 52 API calls 14951->14953 14954 7ff6df082d67 14953->14954 17124 7ff6df0832d0 14954->17124 14956 7ff6df082d79 14956->14751 14958 7ff6df073450 14957->14958 14959 7ff6df081730 55 API calls 14958->14959 14960 7ff6df0734da 14959->14960 14961 7ff6df073300 14960->14961 14962 7ff6df073330 14961->14962 14963 7ff6df0d2d3c __std_fs_code_page 53 API calls 14962->14963 14964 7ff6df07333c 14963->14964 14965 7ff6df0733ca 14964->14965 14977 7ff6df073419 14964->14977 17136 7ff6df0d2dac 14964->17136 14965->14676 14966 7ff6df072b40 55 API calls 14968 7ff6df07341f 14966->14968 14970 7ff6df072e70 55 API calls 14968->14970 14972 7ff6df07342b 14970->14972 14971 7ff6df082650 55 API calls 14973 7ff6df0733a0 14971->14973 14974 7ff6df0d2dac __std_fs_convert_wide_to_narrow 5 API calls 14973->14974 14975 7ff6df0733bf 14974->14975 14975->14965 14976 7ff6df072e70 55 API calls 14975->14976 14976->14977 14977->14966 14979 7ff6df07f260 55 API calls 14978->14979 14980 7ff6df083ba3 14979->14980 14981 7ff6df0cc580 std::_Facet_Register 55 API calls 14980->14981 14982 7ff6df083bb8 14981->14982 14983 7ff6df07eee0 55 API calls 14982->14983 14984 7ff6df083bd5 14983->14984 14985 7ff6df0cc440 _log10_special 8 API calls 14984->14985 14986 7ff6df0769ef 14985->14986 14986->14688 14988 7ff6df07e8ea 14987->14988 14991 7ff6df07e8f2 14987->14991 17146 7ff6df081250 14988->17146 14990 7ff6df07ea74 17153 7ff6df0812e0 14990->17153 14991->14990 14996 7ff6df0cc580 std::_Facet_Register 55 API calls 14991->14996 15003 7ff6df07eab5 14991->15003 15005 7ff6df07e9ca 14991->15005 14994 7ff6df080fd0 236 API calls 14997 7ff6df07eaa4 14994->14997 14995 7ff6df074950 55 API calls 14998 7ff6df07eabb 14995->14998 14999 7ff6df07e977 14996->14999 15001 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 14997->15001 15002 7ff6df07f770 236 API calls 14999->15002 15000 7ff6df07ea2c 15004 7ff6df0cc440 _log10_special 8 API calls 15000->15004 15001->15003 15002->15005 15003->14995 15007 7ff6df076a2c 15004->15007 15005->15000 15006 7ff6df07ea6f 15005->15006 15008 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15006->15008 15007->14695 15008->14990 15010 7ff6df07f2a4 15009->15010 15011 7ff6df07f640 15009->15011 15012 7ff6df07f369 15010->15012 15013 7ff6df07f2ce 15010->15013 15014 7ff6df07f64c 15011->15014 15015 7ff6df07f713 15011->15015 15017 7ff6df07f38a 15012->15017 15020 7ff6df07f75e 15012->15020 15021 7ff6df07ff50 55 API calls 15012->15021 15013->15020 15030 7ff6df07f302 15013->15030 17161 7ff6df07ff50 15013->17161 15018 7ff6df07f704 15014->15018 15029 7ff6df07f655 15014->15029 17198 7ff6df083b00 15015->17198 15027 7ff6df082da0 55 API calls 15017->15027 15040 7ff6df07f364 15017->15040 15019 7ff6df07fec0 55 API calls 15018->15019 15034 7ff6df07f69b 15019->15034 15024 7ff6df07fea0 55 API calls 15020->15024 15021->15017 15022 7ff6df07f637 17191 7ff6df07fec0 15022->17191 15028 7ff6df07f764 15024->15028 15025 7ff6df0cc440 _log10_special 8 API calls 15032 7ff6df07f73b 15025->15032 15027->15017 15033 7ff6df07f759 15029->15033 15029->15034 15031 7ff6df082da0 55 API calls 15030->15031 15030->15040 15031->15030 15032->14713 15035 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15033->15035 15034->15025 15035->15020 15036 7ff6df07eac0 55 API calls 15036->15040 15038 7ff6df082da0 55 API calls 15038->15040 15039 7ff6df083c80 55 API calls 15039->15040 15040->15022 15040->15036 15040->15038 15040->15039 17186 7ff6df082390 15040->17186 15044 7ff6df074570 15041->15044 15042 7ff6df0d2f9c 2 API calls 15042->15044 15043 7ff6df0745b8 15047 7ff6df0cc440 _log10_special 8 API calls 15043->15047 15044->15042 15044->15043 15045 7ff6df07463e 15044->15045 15048 7ff6df0745ab 15044->15048 17212 7ff6df073f90 15045->17212 15051 7ff6df074629 15047->15051 17203 7ff6df0742f0 15048->17203 15051->14661 15053 7ff6df080f50 15052->15053 15054 7ff6df080f7e 15053->15054 15055 7ff6df081860 55 API calls 15053->15055 15056 7ff6df07fc60 55 API calls 15054->15056 15055->15054 15057 7ff6df080f9a 15056->15057 15058 7ff6df07fc60 55 API calls 15057->15058 15059 7ff6df076c94 15058->15059 15060 7ff6df080fd0 15059->15060 15061 7ff6df075f00 236 API calls 15060->15061 15062 7ff6df081027 15061->15062 15063 7ff6df075f00 236 API calls 15062->15063 15064 7ff6df081052 15063->15064 15065 7ff6df074990 55 API calls 15064->15065 15066 7ff6df081063 15065->15066 15067 7ff6df0829d0 55 API calls 15066->15067 15070 7ff6df081077 15067->15070 15068 7ff6df081237 15071 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15068->15071 15069 7ff6df08123d 15074 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15069->15074 15070->15068 15070->15069 15072 7ff6df0ce208 __std_exception_copy 53 API calls 15070->15072 15073 7ff6df081243 15070->15073 15071->15069 15075 7ff6df0811b2 15072->15075 15077 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15073->15077 15074->15073 15076 7ff6df0811ff 15075->15076 15081 7ff6df081232 15075->15081 15079 7ff6df0cc440 _log10_special 8 API calls 15076->15079 15078 7ff6df081249 15077->15078 15080 7ff6df076ca9 15079->15080 15080->14659 15082 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15081->15082 15082->15068 15084 7ff6df075ec0 236 API calls 15083->15084 15085 7ff6df074125 15084->15085 17243 7ff6df073a60 15085->17243 15087 7ff6df074147 15088 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15087->15088 15089 7ff6df074158 15088->15089 15091 7ff6df0740a9 15090->15091 15092 7ff6df075ec0 236 API calls 15091->15092 15093 7ff6df0740be 15092->15093 15094 7ff6df073a60 60 API calls 15093->15094 15095 7ff6df0740e0 15094->15095 15096 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15095->15096 15097 7ff6df0740f1 15096->15097 15099 7ff6df072eed 15098->15099 15100 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15099->15100 15101 7ff6df072efe 15100->15101 15103 7ff6df07edb8 15102->15103 15104 7ff6df07ed85 15102->15104 15103->14712 15104->15103 15105 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15104->15105 15106 7ff6df07ee01 15105->15106 15107 7ff6df07ee3b 15106->15107 15108 7ff6df07ee70 15106->15108 15111 7ff6df075f00 236 API calls 15107->15111 15109 7ff6df07fe80 55 API calls 15108->15109 15110 7ff6df07ee75 15109->15110 15112 7ff6df07ee5e 15111->15112 15112->14712 15114 7ff6df073818 15113->15114 15115 7ff6df073841 15113->15115 15114->15115 15116 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15114->15116 15115->14712 15117 7ff6df073865 15116->15117 15119 7ff6df0c4448 _Getctype 52 API calls 15118->15119 15120 7ff6df0d2d45 15119->15120 15121 7ff6df0d2d4e AreFileApisANSI 15120->15121 15122 7ff6df0836e6 15120->15122 15121->15122 15122->14803 15122->14804 15123 7ff6df0d2d64 MultiByteToWideChar 15122->15123 15124 7ff6df0d2d8e GetLastError 15123->15124 15125 7ff6df083743 15123->15125 15124->15125 15125->14807 15126 7ff6df07ebe0 15125->15126 15127 7ff6df07ec10 15126->15127 15128 7ff6df07ebf5 15126->15128 15129 7ff6df07ec22 15127->15129 15146 7ff6df081e80 15127->15146 15128->14812 15129->14812 15131 7ff6df07ec63 15131->14812 15133 7ff6df072e80 15132->15133 15155 7ff6df0729e0 15133->15155 15135 7ff6df072e97 15136 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15135->15136 15137 7ff6df072ea8 15136->15137 15137->14804 15139 7ff6df072b4e 15138->15139 15140 7ff6df0729e0 53 API calls 15139->15140 15141 7ff6df072b65 15140->15141 15142 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15141->15142 15143 7ff6df072b76 15142->15143 15144 7ff6df0ce208 __std_exception_copy 53 API calls 15143->15144 15145 7ff6df072bb2 15144->15145 15145->14807 15147 7ff6df082042 15146->15147 15149 7ff6df081eaf 15146->15149 15148 7ff6df072550 55 API calls 15147->15148 15153 7ff6df081f51 memcpy_s 15148->15153 15150 7ff6df0cc580 std::_Facet_Register 55 API calls 15149->15150 15150->15153 15151 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15152 7ff6df08204d 15151->15152 15153->15151 15154 7ff6df081fe2 15153->15154 15154->15131 15156 7ff6df072a14 15155->15156 15157 7ff6df072570 53 API calls 15156->15157 15159 7ff6df072a2a 15157->15159 15158 7ff6df072a66 15158->15135 15159->15158 15160 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15159->15160 15161 7ff6df072ab1 __std_exception_destroy 15160->15161 15161->15135 15163 7ff6df0737f5 15162->15163 15164 7ff6df07378e 15162->15164 15163->14833 15166 7ff6df0737a5 memcpy_s 15164->15166 15190 7ff6df081d10 15164->15190 15166->14833 15168 7ff6df081537 15167->15168 15172 7ff6df0813cf 15167->15172 15169 7ff6df072550 55 API calls 15168->15169 15180 7ff6df081471 memcpy_s 15169->15180 15170 7ff6df0813fa 15171 7ff6df081532 15170->15171 15173 7ff6df081469 15170->15173 15174 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15171->15174 15172->15170 15172->15171 15176 7ff6df081488 15172->15176 15177 7ff6df0cc580 std::_Facet_Register 55 API calls 15173->15177 15174->15168 15175 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15178 7ff6df081543 15175->15178 15179 7ff6df0cc580 std::_Facet_Register 55 API calls 15176->15179 15176->15180 15177->15180 15179->15180 15180->15175 15181 7ff6df0814ed memcpy_s 15180->15181 15181->14838 15183 7ff6df07ecd3 15182->15183 15185 7ff6df07ec8f memcpy_s 15182->15185 15205 7ff6df081550 15183->15205 15185->14833 15186 7ff6df07ecec 15186->14833 15220 7ff6df0d35f0 15187->15220 15195 7ff6df081d37 15190->15195 15201 7ff6df081e71 15190->15201 15191 7ff6df072550 55 API calls 15193 7ff6df081dcd memcpy_s 15191->15193 15192 7ff6df081d56 15194 7ff6df081e6c 15192->15194 15196 7ff6df081dc5 15192->15196 15197 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15193->15197 15204 7ff6df081e44 15193->15204 15199 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15194->15199 15195->15192 15195->15194 15202 7ff6df081de4 15195->15202 15198 7ff6df0cc580 std::_Facet_Register 55 API calls 15196->15198 15200 7ff6df081e7d 15197->15200 15198->15193 15199->15201 15201->15191 15202->15193 15203 7ff6df0cc580 std::_Facet_Register 55 API calls 15202->15203 15203->15193 15204->15163 15208 7ff6df08158a 15205->15208 15215 7ff6df081719 15205->15215 15206 7ff6df072550 55 API calls 15218 7ff6df081628 memcpy_s 15206->15218 15207 7ff6df0815b1 15209 7ff6df081714 15207->15209 15210 7ff6df081620 15207->15210 15208->15207 15208->15209 15212 7ff6df08163f 15208->15212 15211 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15209->15211 15213 7ff6df0cc580 std::_Facet_Register 55 API calls 15210->15213 15211->15215 15217 7ff6df0cc580 std::_Facet_Register 55 API calls 15212->15217 15212->15218 15213->15218 15214 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15216 7ff6df081725 15214->15216 15215->15206 15217->15218 15218->15214 15219 7ff6df0816c1 memcpy_s 15218->15219 15219->15186 15225 7ff6df0d3564 15220->15225 15223 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15224 7ff6df0d3612 15223->15224 15226 7ff6df0ce208 __std_exception_copy 53 API calls 15225->15226 15227 7ff6df0d3598 15226->15227 15227->15223 15230 7ff6df0d30ce 15228->15230 15229 7ff6df0cc440 _log10_special 8 API calls 15231 7ff6df0748bd 15229->15231 15233 7ff6df0d312f GetFileAttributesExW 15230->15233 15235 7ff6df0d3194 15230->15235 15259 7ff6df0d30d7 15230->15259 15231->14848 15234 7ff6df0d3143 GetLastError 15233->15234 15233->15235 15237 7ff6df0d3152 FindFirstFileW 15234->15237 15234->15259 15235->15259 15269 7ff6df0d33bc CreateFileW 15235->15269 15240 7ff6df0d3171 FindClose 15237->15240 15241 7ff6df0d3166 GetLastError 15237->15241 15238 7ff6df0d3232 15243 7ff6df0d3241 GetFileInformationByHandleEx 15238->15243 15263 7ff6df0d32df 15238->15263 15239 7ff6df0d3212 15242 7ff6df0d321d CloseHandle 15239->15242 15239->15259 15240->15235 15241->15259 15246 7ff6df0d33a1 15242->15246 15242->15259 15244 7ff6df0d3281 15243->15244 15245 7ff6df0d325b GetLastError 15243->15245 15255 7ff6df0d32a2 GetFileInformationByHandleEx 15244->15255 15244->15263 15249 7ff6df0d3269 CloseHandle 15245->15249 15245->15259 15272 7ff6df0bb594 15246->15272 15247 7ff6df0d32fa GetFileInformationByHandleEx 15248 7ff6df0d3334 15247->15248 15253 7ff6df0d3310 GetLastError 15247->15253 15250 7ff6df0d334b 15248->15250 15251 7ff6df0d3387 15248->15251 15249->15259 15268 7ff6df0d33b2 15249->15268 15254 7ff6df0d3351 CloseHandle 15250->15254 15250->15259 15256 7ff6df0d338d CloseHandle 15251->15256 15251->15259 15258 7ff6df0d3322 CloseHandle 15253->15258 15253->15259 15254->15246 15254->15259 15262 7ff6df0d32be GetLastError 15255->15262 15255->15263 15256->15246 15256->15259 15257 7ff6df0d33a6 15264 7ff6df0bb594 __std_fs_directory_iterator_open 59 API calls 15257->15264 15258->15259 15260 7ff6df0d33ac 15258->15260 15259->15229 15265 7ff6df0bb594 __std_fs_directory_iterator_open 59 API calls 15260->15265 15261 7ff6df0bb594 __std_fs_directory_iterator_open 59 API calls 15266 7ff6df0d33b8 15261->15266 15262->15259 15267 7ff6df0d32cc CloseHandle 15262->15267 15263->15247 15263->15248 15264->15260 15265->15268 15267->15257 15267->15259 15268->15261 15270 7ff6df0d33fe GetLastError 15269->15270 15271 7ff6df0d320c 15269->15271 15270->15271 15271->15238 15271->15239 15273 7ff6df0b8318 _Getctype 52 API calls 15272->15273 15274 7ff6df0bb59d 15273->15274 15275 7ff6df0ae684 __std_fs_directory_iterator_open 52 API calls 15274->15275 15277 7ff6df0bb5bd 15275->15277 15278 7ff6df0bb5f9 15277->15278 15280 7ff6df0bb5f5 15277->15280 15281 7ff6df0ba68c 15277->15281 15286 7ff6df0bb624 15278->15286 15280->15257 15282 7ff6df0ba018 __crtLCMapStringW 5 API calls 15281->15282 15283 7ff6df0ba6c2 15282->15283 15284 7ff6df0ba6e1 InitializeCriticalSectionAndSpinCount 15283->15284 15285 7ff6df0ba6c7 15283->15285 15284->15285 15285->15277 15287 7ff6df0bb64f 15286->15287 15288 7ff6df0bb653 15287->15288 15289 7ff6df0bb632 DeleteCriticalSection 15287->15289 15288->15280 15289->15287 15291 7ff6df074183 15290->15291 15301 7ff6df0742ab 15291->15301 15310 7ff6df081730 15291->15310 15293 7ff6df0741df 15294 7ff6df0730b0 55 API calls 15293->15294 15295 7ff6df07420a 15294->15295 15296 7ff6df074248 15295->15296 15298 7ff6df0742e6 15295->15298 15326 7ff6df0d2fdc 15296->15326 15299 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15298->15299 15300 7ff6df0742eb 15299->15300 15301->14855 15301->14862 15303 7ff6df074278 15303->15301 15337 7ff6df0d2f9c FindNextFileW 15303->15337 15305 7ff6df080759 15304->15305 15306 7ff6df0d2fc6 FindClose 15304->15306 15305->14858 15306->15305 15307 7ff6df0d2fd5 15306->15307 15308 7ff6df0bb594 __std_fs_directory_iterator_open 59 API calls 15307->15308 15309 7ff6df0d2fda 15308->15309 15311 7ff6df081851 15310->15311 15317 7ff6df081756 15310->15317 15312 7ff6df072550 55 API calls 15311->15312 15314 7ff6df0817f2 15312->15314 15313 7ff6df081769 memcpy_s 15313->15293 15319 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15314->15319 15325 7ff6df0817f7 memcpy_s 15314->15325 15315 7ff6df0817a3 15316 7ff6df08184c 15315->15316 15318 7ff6df0817ea 15315->15318 15320 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15316->15320 15317->15313 15317->15315 15317->15316 15321 7ff6df081805 15317->15321 15322 7ff6df0cc580 std::_Facet_Register 55 API calls 15318->15322 15323 7ff6df08185d 15319->15323 15320->15311 15324 7ff6df0cc580 std::_Facet_Register 55 API calls 15321->15324 15321->15325 15322->15314 15324->15325 15325->15293 15327 7ff6df0d2ffa FindClose 15326->15327 15328 7ff6df0d3007 FindFirstFileExW 15326->15328 15327->15328 15329 7ff6df0d3048 15327->15329 15330 7ff6df0d3032 GetLastError 15328->15330 15331 7ff6df0d302e 15328->15331 15332 7ff6df0bb594 __std_fs_directory_iterator_open 59 API calls 15329->15332 15330->15331 15331->15303 15333 7ff6df0d304d GetCurrentDirectoryW 15332->15333 15334 7ff6df0d3062 15333->15334 15335 7ff6df0d3071 GetLastError 15333->15335 15334->15335 15336 7ff6df0d3066 15334->15336 15335->15336 15336->15303 15338 7ff6df0d2fb1 GetLastError 15337->15338 15339 7ff6df0d2faa 15337->15339 15339->15303 15341 7ff6df0cc51e 15340->15341 15342 7ff6df0cc523 ReleaseSRWLockExclusive 15341->15342 15344 7ff6df0cc528 SleepConditionVariableSRW 15341->15344 15344->15341 15346 7ff6df074870 78 API calls 15345->15346 15347 7ff6df095a0f 15346->15347 15348 7ff6df096111 15347->15348 15353 7ff6df095a4b memcpy_s 15347->15353 15349 7ff6df09614e 15348->15349 15384 7ff6df095bb1 15348->15384 15350 7ff6df074100 233 API calls 15349->15350 15351 7ff6df09615d 15350->15351 15356 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15351->15356 15352 7ff6df0cc440 _log10_special 8 API calls 15354 7ff6df096133 15352->15354 15353->15384 15410 7ff6df0a3ea0 15353->15410 15354->14887 15363 7ff6df096163 15356->15363 15357 7ff6df095a80 15358 7ff6df095f13 15357->15358 15359 7ff6df095ae3 15357->15359 15516 7ff6df0a08c0 15358->15516 15439 7ff6df09ef10 15359->15439 15362 7ff6df095f31 15553 7ff6df0a07e0 15362->15553 15366 7ff6df0890c0 233 API calls 15363->15366 15369 7ff6df096189 15366->15369 15372 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15369->15372 15370 7ff6df095b06 15373 7ff6df095c02 GetFileSize 15370->15373 15374 7ff6df095b19 15370->15374 15371 7ff6df095f67 15376 7ff6df0a08c0 233 API calls 15371->15376 15388 7ff6df09619a 15372->15388 15377 7ff6df095c43 15373->15377 15381 7ff6df095c1e memcpy_s 15373->15381 15374->15351 15378 7ff6df095b60 15374->15378 15379 7ff6df095f7a 15376->15379 15377->15381 15499 7ff6df083000 15377->15499 15495 7ff6df0a02a0 15378->15495 15574 7ff6df0a2670 15379->15574 15380 7ff6df095ca8 SetFilePointer ReadFile 15387 7ff6df095e1c 15380->15387 15392 7ff6df095cf7 15380->15392 15381->15380 15384->15352 15387->15351 15399 7ff6df095e71 15387->15399 15391 7ff6df0890c0 233 API calls 15388->15391 15389 7ff6df096002 15594 7ff6df0a1dd0 15389->15594 15395 7ff6df0961df 15391->15395 15392->15351 15394 7ff6df095d7a 15392->15394 15393 7ff6df0a02a0 86 API calls 15393->15384 15398 7ff6df0a02a0 86 API calls 15394->15398 15400 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15395->15400 15397 7ff6df09603d 15401 7ff6df0a02a0 86 API calls 15397->15401 15398->15384 15399->15393 15402 7ff6df0961f0 15400->15402 15401->15384 15403 7ff6df0a02a0 86 API calls 15402->15403 15404 7ff6df096250 15403->15404 15404->14887 17033 7ff6df082650 15405->17033 15407 7ff6df0807fa 15408 7ff6df082650 55 API calls 15407->15408 15409 7ff6df08090d 15408->15409 15409->14889 15600 7ff6df093bd0 15410->15600 15417 7ff6df0a3fcc 15625 7ff6df0a1cd0 15417->15625 15418 7ff6df0a404b 15421 7ff6df0890c0 236 API calls 15418->15421 15425 7ff6df0a4002 15418->15425 15422 7ff6df0a40b5 15421->15422 15423 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15422->15423 15427 7ff6df0a40c6 15423->15427 15425->15357 15426 7ff6df0a42ad 15428 7ff6df072550 55 API calls 15426->15428 15427->15426 15429 7ff6df0a4245 15427->15429 15430 7ff6df0a421d 15427->15430 15437 7ff6df0a4122 memcpy_s 15427->15437 15431 7ff6df0a42b3 15428->15431 15434 7ff6df0cc580 std::_Facet_Register 55 API calls 15429->15434 15429->15437 15430->15431 15433 7ff6df0cc580 std::_Facet_Register 55 API calls 15430->15433 15432 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15431->15432 15435 7ff6df0a42b9 15432->15435 15436 7ff6df0a4232 15433->15436 15434->15437 15435->15357 15436->15437 15438 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15436->15438 15437->15357 15438->15426 15440 7ff6df09ef5f 15439->15440 15441 7ff6df09ef95 RmStartSession 15439->15441 15442 7ff6df0cc508 3 API calls 15440->15442 15443 7ff6df09f0b2 15441->15443 15444 7ff6df09efba RmRegisterResources 15441->15444 15445 7ff6df09ef6b 15442->15445 15449 7ff6df0cc440 _log10_special 8 API calls 15443->15449 15446 7ff6df09efe3 RmGetList 15444->15446 15447 7ff6df09f0a9 RmEndSession 15444->15447 15445->15441 15448 7ff6df09ef74 GetCurrentProcess GetProcessId 15445->15448 15450 7ff6df09f01f 15446->15450 15451 7ff6df09f0ee __std_exception_copy 15446->15451 15447->15443 15836 7ff6df0cc49c AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 15448->15836 15454 7ff6df095af5 15449->15454 15450->15451 15455 7ff6df0b7f98 __std_exception_copy 12 API calls 15450->15455 15452 7ff6df09f0f9 RmEndSession 15451->15452 15452->15443 15462 7ff6df09f110 15454->15462 15456 7ff6df09f047 15455->15456 15456->15452 15457 7ff6df09f056 RmGetList 15456->15457 15457->15451 15458 7ff6df09f07a 15457->15458 15458->15451 15459 7ff6df09f07f 15458->15459 15459->15447 15460 7ff6df09f0d9 __std_exception_copy 15459->15460 15461 7ff6df09f0e1 RmEndSession 15460->15461 15461->15443 15463 7ff6df09f16e 15462->15463 15464 7ff6df09f1b3 15462->15464 15465 7ff6df0cc508 3 API calls 15463->15465 15466 7ff6df09f1bd 15464->15466 15468 7ff6df0b7f98 __std_exception_copy 12 API calls 15464->15468 15467 7ff6df09f17a 15465->15467 15470 7ff6df0cc440 _log10_special 8 API calls 15466->15470 15467->15464 15469 7ff6df09f183 GetModuleHandleA GetProcAddress 15467->15469 15471 7ff6df09f1ce OpenProcess 15468->15471 15837 7ff6df0cc49c AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 15469->15837 15473 7ff6df09f5f3 15470->15473 15474 7ff6df09f1f3 NtQuerySystemInformation 15471->15474 15494 7ff6df09f5c4 __std_exception_copy 15471->15494 15473->15370 15475 7ff6df09f211 15474->15475 15490 7ff6df09f23c __std_exception_copy memcpy_s 15474->15490 15838 7ff6df0b67f8 15475->15838 15477 7ff6df09f5db CloseHandle 15477->15466 15479 7ff6df0b7f98 __std_exception_copy 12 API calls 15480 7ff6df09f2e9 GetCurrentProcess 15479->15480 15480->15490 15481 7ff6df09f66c 15482 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15481->15482 15484 7ff6df09f672 15482->15484 15483 7ff6df09f330 NtQueryObject 15485 7ff6df0b67f8 13 API calls 15483->15485 15484->15370 15485->15490 15486 7ff6df09f556 CloseHandle 15486->15490 15487 7ff6df09f427 GetFinalPathNameByHandleA 15487->15490 15488 7ff6df083000 55 API calls 15488->15490 15489 7ff6df073300 61 API calls 15489->15490 15490->15479 15490->15481 15490->15483 15490->15486 15490->15487 15490->15488 15490->15489 15491 7ff6df09f667 15490->15491 15493 7ff6df09f60e __std_exception_copy 15490->15493 15490->15494 15492 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15491->15492 15492->15481 15493->15481 15493->15494 15494->15466 15494->15477 15496 7ff6df0a02c1 15495->15496 15497 7ff6df0a1dd0 86 API calls 15496->15497 15498 7ff6df0a02fc 15496->15498 15497->15498 15498->15384 15500 7ff6df083192 15499->15500 15501 7ff6df08302e 15499->15501 15502 7ff6df072550 55 API calls 15500->15502 15504 7ff6df083098 15501->15504 15505 7ff6df0830c4 15501->15505 15503 7ff6df083197 15502->15503 15507 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15503->15507 15504->15503 15506 7ff6df0830a5 15504->15506 15509 7ff6df0cc580 std::_Facet_Register 55 API calls 15505->15509 15511 7ff6df0830ad memcpy_s 15505->15511 15508 7ff6df0cc580 std::_Facet_Register 55 API calls 15506->15508 15507->15511 15508->15511 15509->15511 15510 7ff6df083141 memcpy_s 15510->15380 15511->15510 15512 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15511->15512 15513 7ff6df0831a3 15512->15513 15514 7ff6df0831d0 15513->15514 15858 7ff6df083c80 15513->15858 15514->15380 15517 7ff6df0a091d 15516->15517 15519 7ff6df0a0a02 15516->15519 15867 7ff6df0a23a0 15517->15867 15520 7ff6df0890c0 236 API calls 15519->15520 15522 7ff6df0a0a44 15520->15522 15521 7ff6df0a09cf 15521->15362 15523 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15522->15523 15524 7ff6df0a0942 15523->15524 15524->15521 15525 7ff6df0890c0 236 API calls 15524->15525 15526 7ff6df0a0a9d 15525->15526 15527 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15526->15527 15528 7ff6df0a0ab1 15527->15528 15529 7ff6df0a0b14 15528->15529 15530 7ff6df089d90 236 API calls 15528->15530 15531 7ff6df0a0bf5 15529->15531 15533 7ff6df0a0bb3 15529->15533 15530->15529 15535 7ff6df0890c0 236 API calls 15531->15535 15532 7ff6df0a0bc4 15532->15362 15533->15532 15534 7ff6df08a160 236 API calls 15533->15534 15534->15532 15536 7ff6df0a0c37 15535->15536 15537 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15536->15537 15538 7ff6df0a0c48 15537->15538 15539 7ff6df089d90 236 API calls 15538->15539 15540 7ff6df0a0ca8 15538->15540 15539->15540 15548 7ff6df0a0d0c 15540->15548 15879 7ff6df091a80 15540->15879 15542 7ff6df0a0e38 15546 7ff6df0890c0 236 API calls 15542->15546 15543 7ff6df0a0e04 15543->15362 15544 7ff6df0a0df3 15544->15543 15545 7ff6df08a160 236 API calls 15544->15545 15545->15543 15547 7ff6df0a0e7a 15546->15547 15549 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15547->15549 15548->15542 15548->15544 15550 7ff6df0a0e8b 15549->15550 15551 7ff6df0a02a0 86 API calls 15550->15551 15552 7ff6df0a0ea4 15551->15552 15552->15362 15554 7ff6df0a0810 15553->15554 15555 7ff6df0a23a0 236 API calls 15554->15555 15556 7ff6df095f41 15555->15556 15556->15371 15557 7ff6df081860 15556->15557 15558 7ff6df081889 15557->15558 15559 7ff6df081998 15557->15559 15561 7ff6df0818e6 15558->15561 15562 7ff6df081912 15558->15562 15560 7ff6df072550 55 API calls 15559->15560 15563 7ff6df08199d 15560->15563 15561->15563 15564 7ff6df0818f3 15561->15564 15567 7ff6df0cc580 std::_Facet_Register 55 API calls 15562->15567 15568 7ff6df0818fb memcpy_s 15562->15568 15565 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15563->15565 15566 7ff6df0cc580 std::_Facet_Register 55 API calls 15564->15566 15565->15568 15566->15568 15567->15568 15569 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15568->15569 15571 7ff6df081965 memcpy_s 15568->15571 15573 7ff6df0819a9 15569->15573 15570 7ff6df0819d6 15570->15371 15571->15371 15572 7ff6df073800 52 API calls 15572->15573 15573->15570 15573->15572 15576 7ff6df0a26cd 15574->15576 15575 7ff6df0a278a 15580 7ff6df0a2795 15575->15580 16001 7ff6df087b80 15575->16001 15576->15575 15988 7ff6df0a9ce0 15576->15988 15579 7ff6df0a281a 15581 7ff6df0cc440 _log10_special 8 API calls 15579->15581 15580->15579 15582 7ff6df0a2859 15580->15582 15583 7ff6df095fdd 15581->15583 15584 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15582->15584 15583->15363 15583->15389 15585 7ff6df0a285e 15584->15585 15586 7ff6df07f770 236 API calls 15585->15586 15587 7ff6df0a2896 15586->15587 16028 7ff6df0a6ae0 15587->16028 15595 7ff6df09600b 15594->15595 15596 7ff6df0a1dea 15594->15596 15595->15388 15595->15397 17001 7ff6df0a1be0 15596->17001 15598 7ff6df0a1e24 15599 7ff6df0b6760 81 API calls 15598->15599 15599->15595 15601 7ff6df0cc580 std::_Facet_Register 55 API calls 15600->15601 15602 7ff6df093c57 15601->15602 15652 7ff6df0d39ec 15602->15652 15604 7ff6df093c67 15605 7ff6df0896f0 236 API calls 15604->15605 15607 7ff6df093c9d 15605->15607 15606 7ff6df093cf6 15612 7ff6df093d70 15606->15612 15607->15606 15608 7ff6df0890c0 236 API calls 15607->15608 15609 7ff6df093d54 15608->15609 15610 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15609->15610 15611 7ff6df093d65 15610->15611 15613 7ff6df0cc580 std::_Facet_Register 55 API calls 15612->15613 15614 7ff6df093d91 15613->15614 15615 7ff6df0d39ec 62 API calls 15614->15615 15616 7ff6df093da1 15615->15616 15616->15418 15617 7ff6df0d42bc 15616->15617 15620 7ff6df0d4302 15617->15620 15619 7ff6df0a3fc7 15619->15417 15619->15418 15620->15619 15679 7ff6df0d5414 15620->15679 15626 7ff6df0a1d6a 15625->15626 15627 7ff6df0a1d4a 15625->15627 15629 7ff6df0cc440 _log10_special 8 API calls 15626->15629 15766 7ff6df0b6f08 15627->15766 15630 7ff6df0a1db4 15629->15630 15631 7ff6df0a2a50 15630->15631 15632 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15631->15632 15633 7ff6df0a2a80 15632->15633 15634 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15633->15634 15637 7ff6df0a2aa5 15633->15637 15634->15637 15635 7ff6df0a2b1d 15636 7ff6df0cc440 _log10_special 8 API calls 15635->15636 15639 7ff6df0a2b83 15636->15639 15637->15635 15772 7ff6df0a3cf0 15637->15772 15639->15425 15640 7ff6df0a2b2f 15641 7ff6df0a2b35 15640->15641 15642 7ff6df0a2b96 15640->15642 15644 7ff6df0d39ac std::_Facet_Register 55 API calls 15641->15644 15643 7ff6df088ae0 Concurrency::cancel_current_task 55 API calls 15642->15643 15646 7ff6df0a2b9b 15643->15646 15644->15635 15645 7ff6df0a2c0f 15814 7ff6df07fc60 15645->15814 15646->15645 15647 7ff6df081860 55 API calls 15646->15647 15647->15645 15649 7ff6df0a2c28 15650 7ff6df07fc60 55 API calls 15649->15650 15651 7ff6df0a2c44 15650->15651 15651->15425 15653 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15652->15653 15654 7ff6df0d3a0e 15653->15654 15660 7ff6df0d3a70 memcpy_s 15654->15660 15661 7ff6df0d3be4 15654->15661 15658 7ff6df0d3a31 __std_exception_copy 15659 7ff6df0b7f98 __std_exception_copy 12 API calls 15658->15659 15658->15660 15659->15660 15660->15604 15662 7ff6df0cc580 std::_Facet_Register 55 API calls 15661->15662 15663 7ff6df0d3bf6 15662->15663 15664 7ff6df0d3a26 15663->15664 15670 7ff6df0d3850 15663->15670 15666 7ff6df0d3c14 15664->15666 15667 7ff6df0d3c26 15666->15667 15668 7ff6df0d3c39 15666->15668 15674 7ff6df0d439c 15667->15674 15668->15658 15671 7ff6df0d3897 15670->15671 15671->15671 15672 7ff6df0b7f98 __std_exception_copy 12 API calls 15671->15672 15673 7ff6df0d38ab memcpy_s 15672->15673 15673->15664 15675 7ff6df0d43d1 15674->15675 15676 7ff6df0d43aa EncodePointer 15674->15676 15677 7ff6df0ae684 __std_fs_directory_iterator_open 52 API calls 15675->15677 15676->15668 15678 7ff6df0d43d6 15677->15678 15680 7ff6df0d5348 15679->15680 15681 7ff6df0d536e 15680->15681 15684 7ff6df0d53a1 15680->15684 15682 7ff6df0b7450 memcpy_s 11 API calls 15681->15682 15683 7ff6df0d5373 15682->15683 15685 7ff6df0ae54c _invalid_parameter_noinfo 52 API calls 15683->15685 15686 7ff6df0d53b4 15684->15686 15687 7ff6df0d53a7 15684->15687 15691 7ff6df0d4335 15685->15691 15714 7ff6df0c0288 15686->15714 15689 7ff6df0b7450 memcpy_s 11 API calls 15687->15689 15689->15691 15691->15619 15698 7ff6df0b7efc 15691->15698 15699 7ff6df0b7f2c 15698->15699 15743 7ff6df0b7bf4 15699->15743 15702 7ff6df0b7f6d 15704 7ff6df0b7f82 15702->15704 15705 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 15702->15705 15703 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 15703->15702 15704->15619 15706 7ff6df0b6760 15704->15706 15705->15704 15707 7ff6df0b6790 15706->15707 15755 7ff6df0b663c 15707->15755 15709 7ff6df0b67a9 15710 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 15709->15710 15712 7ff6df0b67ce 15709->15712 15710->15712 15711 7ff6df0b67e3 15711->15619 15712->15711 15713 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 15712->15713 15713->15711 15727 7ff6df0bb608 EnterCriticalSection 15714->15727 15744 7ff6df0b7c5e 15743->15744 15745 7ff6df0b7c1e 15743->15745 15744->15745 15747 7ff6df0b7c6a 15744->15747 15746 7ff6df0ae480 _invalid_parameter_noinfo_noreturn 52 API calls 15745->15746 15748 7ff6df0b7c45 15746->15748 15754 7ff6df0b6f50 EnterCriticalSection 15747->15754 15748->15702 15748->15703 15756 7ff6df0b6685 15755->15756 15757 7ff6df0b6657 15755->15757 15759 7ff6df0b6677 15756->15759 15765 7ff6df0b6f50 EnterCriticalSection 15756->15765 15758 7ff6df0ae480 _invalid_parameter_noinfo_noreturn 52 API calls 15757->15758 15758->15759 15759->15709 15767 7ff6df0b6f11 15766->15767 15768 7ff6df0b6f21 15766->15768 15769 7ff6df0b7450 memcpy_s 11 API calls 15767->15769 15768->15626 15770 7ff6df0b6f16 15769->15770 15771 7ff6df0ae54c _invalid_parameter_noinfo 52 API calls 15770->15771 15771->15768 15773 7ff6df0a3d20 15772->15773 15791 7ff6df0a3df2 __std_exception_copy 15772->15791 15774 7ff6df0cc580 std::_Facet_Register 55 API calls 15773->15774 15773->15791 15775 7ff6df0a3d32 15774->15775 15776 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15775->15776 15777 7ff6df0a3d63 15776->15777 15778 7ff6df0a3d9f 15777->15778 15779 7ff6df0a3e85 15777->15779 15780 7ff6df0d3b5c std::_Locinfo::_Locinfo_ctor 87 API calls 15778->15780 15781 7ff6df0d3614 55 API calls 15779->15781 15782 7ff6df0a3dab 15780->15782 15783 7ff6df0a3e91 15781->15783 15819 7ff6df0d3bc8 15782->15819 15785 7ff6df093bd0 236 API calls 15783->15785 15786 7ff6df0a3f11 15785->15786 15787 7ff6df093d70 62 API calls 15786->15787 15788 7ff6df0a3f42 15787->15788 15789 7ff6df0d42bc 113 API calls 15788->15789 15795 7ff6df0a404b 15788->15795 15790 7ff6df0a3fc7 15789->15790 15792 7ff6df0a3fcc 15790->15792 15790->15795 15791->15640 15793 7ff6df0a1cd0 52 API calls 15792->15793 15794 7ff6df0a3fdb 15793->15794 15799 7ff6df0a2a50 236 API calls 15794->15799 15796 7ff6df0890c0 236 API calls 15795->15796 15811 7ff6df0a4002 15795->15811 15797 7ff6df0a40b5 15796->15797 15798 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15797->15798 15801 7ff6df0a40c6 15798->15801 15799->15811 15800 7ff6df0a42ad 15802 7ff6df072550 55 API calls 15800->15802 15801->15800 15803 7ff6df0a4245 15801->15803 15804 7ff6df0a421d 15801->15804 15806 7ff6df0a4122 memcpy_s 15801->15806 15805 7ff6df0a42b3 15802->15805 15803->15806 15809 7ff6df0cc580 std::_Facet_Register 55 API calls 15803->15809 15804->15805 15808 7ff6df0cc580 std::_Facet_Register 55 API calls 15804->15808 15807 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15805->15807 15806->15640 15810 7ff6df0a42b9 15807->15810 15812 7ff6df0a4232 15808->15812 15809->15806 15810->15640 15811->15640 15812->15806 15813 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15812->15813 15813->15800 15815 7ff6df07fcc2 15814->15815 15818 7ff6df07fc83 memcpy_s 15814->15818 15823 7ff6df0821c0 15815->15823 15818->15649 15820 7ff6df0d3bd5 15819->15820 15821 7ff6df0d3bdc 15819->15821 15822 7ff6df0d522c std::_Locinfo::_Locinfo_ctor 86 API calls 15820->15822 15821->15791 15822->15821 15824 7ff6df082334 15823->15824 15825 7ff6df072550 55 API calls 15824->15825 15826 7ff6df082339 15825->15826 15827 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15826->15827 15828 7ff6df08233f 15827->15828 15829 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15828->15829 15830 7ff6df082345 15829->15830 15831 7ff6df07fcdb 15830->15831 15833 7ff6df07eac0 15830->15833 15831->15649 15834 7ff6df07f260 55 API calls 15833->15834 15835 7ff6df07ead0 15834->15835 15835->15831 15839 7ff6df0c042c 15838->15839 15840 7ff6df0c0441 15839->15840 15841 7ff6df0c044b 15839->15841 15851 7ff6df0bb780 15840->15851 15843 7ff6df0c0450 15841->15843 15849 7ff6df0c0457 _Getctype 15841->15849 15844 7ff6df0baee0 __free_lconv_mon 11 API calls 15843->15844 15847 7ff6df09f21c NtQuerySystemInformation 15844->15847 15845 7ff6df0c045d 15848 7ff6df0b7450 memcpy_s 11 API calls 15845->15848 15846 7ff6df0c048a HeapReAlloc 15846->15847 15846->15849 15847->15475 15847->15490 15848->15847 15849->15845 15849->15846 15850 7ff6df0c75a4 std::_Facet_Register 2 API calls 15849->15850 15850->15849 15852 7ff6df0bb78f _Getctype 15851->15852 15853 7ff6df0bb7cb 15851->15853 15852->15853 15854 7ff6df0bb7b2 RtlAllocateHeap 15852->15854 15857 7ff6df0c75a4 std::_Facet_Register 2 API calls 15852->15857 15855 7ff6df0b7450 memcpy_s 11 API calls 15853->15855 15854->15852 15856 7ff6df0bb7c9 15854->15856 15855->15856 15856->15847 15857->15852 15859 7ff6df07eac0 55 API calls 15858->15859 15861 7ff6df083c97 15859->15861 15860 7ff6df083cc6 15860->15514 15861->15860 15862 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15861->15862 15863 7ff6df083cec 15862->15863 15864 7ff6df083d2b 15863->15864 15865 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15863->15865 15864->15514 15866 7ff6df083d4b 15865->15866 15866->15514 15868 7ff6df0a23e0 15867->15868 15872 7ff6df0a23bd 15867->15872 15870 7ff6df0a23ee 15868->15870 15871 7ff6df089d90 236 API calls 15868->15871 15869 7ff6df0a23da 15869->15524 15870->15524 15871->15870 15872->15869 15873 7ff6df0890c0 236 API calls 15872->15873 15874 7ff6df0a2443 15873->15874 15875 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 15874->15875 15876 7ff6df0a2454 15875->15876 15877 7ff6df075f00 236 API calls 15876->15877 15878 7ff6df0a2499 15877->15878 15878->15524 15880 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15879->15880 15881 7ff6df091ab0 15880->15881 15882 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15881->15882 15884 7ff6df091ad5 15881->15884 15882->15884 15883 7ff6df091b4d 15885 7ff6df0cc440 _log10_special 8 API calls 15883->15885 15884->15883 15925 7ff6df0921c0 15884->15925 15886 7ff6df091bb3 15885->15886 15886->15548 15888 7ff6df091b5f 15889 7ff6df091b65 15888->15889 15890 7ff6df091bc6 15888->15890 15892 7ff6df0d39ac std::_Facet_Register 55 API calls 15889->15892 15891 7ff6df088ae0 Concurrency::cancel_current_task 55 API calls 15890->15891 15893 7ff6df091bcb 15891->15893 15892->15883 15894 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15893->15894 15895 7ff6df091c00 15894->15895 15896 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15895->15896 15898 7ff6df091c25 15895->15898 15896->15898 15897 7ff6df091c9d 15899 7ff6df0cc440 _log10_special 8 API calls 15897->15899 15898->15897 15939 7ff6df091f50 15898->15939 15900 7ff6df091d03 15899->15900 15900->15548 15902 7ff6df091caf 15926 7ff6df0922b8 __std_exception_copy 15925->15926 15927 7ff6df0921f0 15925->15927 15926->15888 15927->15926 15928 7ff6df0cc580 std::_Facet_Register 55 API calls 15927->15928 15929 7ff6df092202 15928->15929 15930 7ff6df0d379c std::_Lockit::_Lockit 6 API calls 15929->15930 15931 7ff6df092233 15930->15931 15932 7ff6df09226f 15931->15932 15933 7ff6df09234b 15931->15933 15934 7ff6df0d3b5c std::_Locinfo::_Locinfo_ctor 87 API calls 15932->15934 15935 7ff6df0d3614 55 API calls 15933->15935 15936 7ff6df09227b 15934->15936 15938 7ff6df092357 __std_exception_copy 15935->15938 15937 7ff6df0d3bc8 86 API calls 15936->15937 15937->15926 15938->15888 15940 7ff6df091f81 15939->15940 15964 7ff6df0920ff __std_exception_copy 15939->15964 15941 7ff6df0cc580 std::_Facet_Register 55 API calls 15940->15941 15940->15964 15942 7ff6df091f93 15941->15942 15964->15902 15992 7ff6df0a9d1e memcpy_s 15988->15992 15989 7ff6df0a9eed 15989->15575 15990 7ff6df072550 55 API calls 15991 7ff6df0a9f26 15990->15991 15993 7ff6df072490 Concurrency::cancel_current_task 55 API calls 15991->15993 15992->15989 15992->15991 15994 7ff6df0cc580 55 API calls std::_Facet_Register 15992->15994 15997 7ff6df0a9f1b 15992->15997 16000 7ff6df0a9f20 15992->16000 15995 7ff6df0a9f2c 15993->15995 15994->15992 15995->15995 15996 7ff6df0cc440 _log10_special 8 API calls 15995->15996 15998 7ff6df0a9fc9 15996->15998 15999 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 15997->15999 15998->15575 15999->16000 16000->15990 16005 7ff6df087b9e memcpy_s 16001->16005 16006 7ff6df087bca 16001->16006 16002 7ff6df087ccf 16003 7ff6df072550 55 API calls 16002->16003 16004 7ff6df087cd5 16003->16004 16010 7ff6df072490 Concurrency::cancel_current_task 55 API calls 16004->16010 16005->15580 16006->16002 16007 7ff6df087c28 16006->16007 16008 7ff6df087c54 16006->16008 16007->16004 16011 7ff6df0cc580 std::_Facet_Register 55 API calls 16007->16011 16009 7ff6df0cc580 std::_Facet_Register 55 API calls 16008->16009 16014 7ff6df087c3d memcpy_s 16008->16014 16009->16014 16012 7ff6df087cdb 16010->16012 16011->16014 16013 7ff6df073870 55 API calls 16012->16013 16016 7ff6df087d27 16013->16016 16015 7ff6df087cab 16014->16015 16017 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 16014->16017 16015->15580 16018 7ff6df074160 69 API calls 16016->16018 16017->16002 16019 7ff6df087d47 16018->16019 16021 7ff6df0cc580 std::_Facet_Register 55 API calls 16019->16021 16027 7ff6df087d9d 16019->16027 16020 7ff6df0d2fbc 60 API calls 16022 7ff6df087e84 16020->16022 16021->16027 16023 7ff6df073800 52 API calls 16022->16023 16024 7ff6df087e8f 16023->16024 16027->16020 16029 7ff6df0a6b34 16028->16029 16030 7ff6df0b15f4 52 API calls 16029->16030 16031 7ff6df0a6c1a 16030->16031 16120 7ff6df0a4d80 16031->16120 16121 7ff6df0a4da3 16120->16121 16125 7ff6df0a4df0 16120->16125 16145 7ff6df0a6410 16121->16145 16123 7ff6df0a6410 236 API calls 16123->16125 16124 7ff6df0a4da8 16124->16125 16125->16123 16137 7ff6df0a4e43 16125->16137 16133 7ff6df0a4f48 16134 7ff6df0cc440 _log10_special 8 API calls 16133->16134 16135 7ff6df0a509b 16134->16135 16136 7ff6df0a6410 236 API calls 16136->16137 16137->16133 16137->16136 16147 7ff6df0a642d 16145->16147 16148 7ff6df0a6433 16145->16148 16146 7ff6df0a64b7 16146->16124 16147->16146 16160 7ff6df0aa4b0 16147->16160 16148->16147 16150 7ff6df0a64e4 16148->16150 16151 7ff6df0890c0 236 API calls 16150->16151 16161 7ff6df0aa64e 16160->16161 16162 7ff6df0aa4f8 16160->16162 17002 7ff6df0a1c03 17001->17002 17003 7ff6df0a1cb2 17001->17003 17002->17003 17008 7ff6df0a1c0d 17002->17008 17004 7ff6df0cc440 _log10_special 8 API calls 17003->17004 17005 7ff6df0a1cc1 17004->17005 17005->15598 17006 7ff6df0cc440 _log10_special 8 API calls 17007 7ff6df0a1c6e 17006->17007 17007->15598 17009 7ff6df0a1c51 17008->17009 17011 7ff6df0b72d8 17008->17011 17009->17006 17012 7ff6df0b7308 17011->17012 17019 7ff6df0b7028 17012->17019 17015 7ff6df0b734c 17017 7ff6df0b7361 17015->17017 17018 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 17015->17018 17016 7ff6df0ae160 _invalid_parameter_noinfo_noreturn 52 API calls 17016->17015 17017->17009 17018->17017 17020 7ff6df0b7075 17019->17020 17021 7ff6df0b7048 17019->17021 17020->17015 17020->17016 17021->17020 17022 7ff6df0b7052 17021->17022 17023 7ff6df0b707d 17021->17023 17034 7ff6df082665 17033->17034 17035 7ff6df08267b 17033->17035 17034->15407 17036 7ff6df083000 55 API calls 17035->17036 17038 7ff6df082695 memcpy_s 17035->17038 17037 7ff6df0826e1 17036->17037 17037->15407 17038->15407 17040 7ff6df07fa03 17039->17040 17041 7ff6df07fa62 17040->17041 17042 7ff6df07fbde 17040->17042 17046 7ff6df07fc17 17040->17046 17044 7ff6df07f770 236 API calls 17041->17044 17043 7ff6df075ec0 236 API calls 17042->17043 17045 7ff6df07fbee 17043->17045 17054 7ff6df07fa73 17044->17054 17047 7ff6df080fd0 236 API calls 17045->17047 17072 7ff6df0823f0 17046->17072 17050 7ff6df07fc01 17047->17050 17048 7ff6df07fbb4 17049 7ff6df0cc440 _log10_special 8 API calls 17048->17049 17051 7ff6df07eb07 17049->17051 17052 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 17050->17052 17051->14751 17055 7ff6df07fc11 17052->17055 17054->17048 17054->17055 17063 7ff6df0cc580 std::_Facet_Register 55 API calls 17054->17063 17064 7ff6df07f260 55 API calls 17054->17064 17065 7ff6df07fdb0 17054->17065 17069 7ff6df074950 17055->17069 17058 7ff6df080fd0 236 API calls 17060 7ff6df07fc42 17058->17060 17061 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 17060->17061 17062 7ff6df07fc52 17061->17062 17063->17054 17064->17054 17066 7ff6df07fde4 17065->17066 17067 7ff6df07fdce 17065->17067 17068 7ff6df080020 8 API calls 17066->17068 17067->17054 17068->17067 17070 7ff6df0d35cc 55 API calls 17069->17070 17071 7ff6df074960 17070->17071 17071->17046 17073 7ff6df082440 17072->17073 17073->17073 17074 7ff6df081860 55 API calls 17073->17074 17077 7ff6df08245f 17073->17077 17074->17077 17075 7ff6df07fc60 55 API calls 17076 7ff6df082478 17075->17076 17078 7ff6df07fc60 55 API calls 17076->17078 17077->17075 17079 7ff6df07fc30 17078->17079 17079->17058 17081 7ff6df075f00 236 API calls 17080->17081 17082 7ff6df081ad5 17081->17082 17083 7ff6df075f00 236 API calls 17082->17083 17084 7ff6df081b00 17083->17084 17085 7ff6df074990 55 API calls 17084->17085 17086 7ff6df081b14 17085->17086 17087 7ff6df0829d0 55 API calls 17086->17087 17089 7ff6df081b28 17087->17089 17088 7ff6df081cf6 17093 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17088->17093 17089->17088 17091 7ff6df0ce208 __std_exception_copy 53 API calls 17089->17091 17092 7ff6df081cfc 17089->17092 17102 7ff6df081cf0 17089->17102 17090 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17090->17088 17097 7ff6df081c66 17091->17097 17094 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17092->17094 17093->17092 17098 7ff6df081d02 17094->17098 17095 7ff6df0cc440 _log10_special 8 API calls 17099 7ff6df07f8f4 17095->17099 17096 7ff6df081cb3 17096->17095 17097->17096 17100 7ff6df081ceb 17097->17100 17099->14905 17101 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17100->17101 17101->17102 17102->17090 17104 7ff6df0824e7 17103->17104 17105 7ff6df0cc440 _log10_special 8 API calls 17104->17105 17106 7ff6df08252b 17105->17106 17106->14934 17108 7ff6df080387 17107->17108 17111 7ff6df0803d7 17107->17111 17109 7ff6df0803a6 17108->17109 17110 7ff6df07eac0 55 API calls 17108->17110 17109->17111 17112 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17109->17112 17110->17108 17111->14950 17113 7ff6df080411 17112->17113 17114 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17113->17114 17115 7ff6df080460 17114->17115 17116 7ff6df07fc60 55 API calls 17115->17116 17117 7ff6df0804a9 17116->17117 17117->14950 17119 7ff6df0838cb 17118->17119 17131 7ff6df0819f0 17119->17131 17122 7ff6df0cc440 _log10_special 8 API calls 17123 7ff6df08392c 17122->17123 17123->14951 17125 7ff6df0832f8 17124->17125 17128 7ff6df08332d 17124->17128 17126 7ff6df0819f0 52 API calls 17125->17126 17127 7ff6df083301 17126->17127 17127->17128 17129 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17127->17129 17128->14956 17130 7ff6df083368 17129->17130 17132 7ff6df081a5e 17131->17132 17133 7ff6df0819f5 17131->17133 17132->17122 17133->17132 17134 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17133->17134 17135 7ff6df081a73 17134->17135 17137 7ff6df0d2dd3 17136->17137 17138 7ff6df0d2e2a WideCharToMultiByte 17136->17138 17137->17138 17140 7ff6df0d2ddb WideCharToMultiByte 17137->17140 17139 7ff6df0d2e5b 17138->17139 17141 7ff6df0d2e5f GetLastError 17139->17141 17142 7ff6df0d2e67 17139->17142 17140->17139 17143 7ff6df073383 17140->17143 17141->17142 17142->17143 17144 7ff6df0d2e74 WideCharToMultiByte 17142->17144 17143->14968 17143->14971 17144->17143 17145 7ff6df0d2ea1 GetLastError 17144->17145 17145->17143 17147 7ff6df0cc580 std::_Facet_Register 55 API calls 17146->17147 17148 7ff6df081277 17147->17148 17149 7ff6df0cc580 std::_Facet_Register 55 API calls 17148->17149 17150 7ff6df0812a7 17149->17150 17151 7ff6df0cc440 _log10_special 8 API calls 17150->17151 17152 7ff6df0812d4 17151->17152 17152->14991 17155 7ff6df081330 17153->17155 17154 7ff6df08134f 17157 7ff6df07fc60 55 API calls 17154->17157 17155->17154 17156 7ff6df081860 55 API calls 17155->17156 17156->17154 17158 7ff6df081368 17157->17158 17159 7ff6df07fc60 55 API calls 17158->17159 17160 7ff6df07ea91 17159->17160 17160->14994 17162 7ff6df07ff84 17161->17162 17163 7ff6df080002 17161->17163 17165 7ff6df07ffb8 17162->17165 17166 7ff6df07ff94 17162->17166 17164 7ff6df072490 Concurrency::cancel_current_task 55 API calls 17163->17164 17167 7ff6df080007 17164->17167 17169 7ff6df07ffaa 17165->17169 17171 7ff6df0cc580 std::_Facet_Register 55 API calls 17165->17171 17166->17163 17168 7ff6df07ff9d 17166->17168 17173 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17167->17173 17170 7ff6df0cc580 std::_Facet_Register 55 API calls 17168->17170 17172 7ff6df0824b0 8 API calls 17169->17172 17174 7ff6df07ffa5 17170->17174 17171->17169 17177 7ff6df07ffe1 17172->17177 17175 7ff6df08000d 17173->17175 17174->17167 17174->17169 17175->15030 17176 7ff6df0803a6 17179 7ff6df0803d7 17176->17179 17180 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17176->17180 17177->17176 17178 7ff6df07eac0 55 API calls 17177->17178 17177->17179 17178->17177 17179->15030 17181 7ff6df080411 17180->17181 17182 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17181->17182 17183 7ff6df080460 17182->17183 17184 7ff6df07fc60 55 API calls 17183->17184 17185 7ff6df0804a9 17184->17185 17185->15030 17187 7ff6df0823e1 17186->17187 17190 7ff6df0823ac 17186->17190 17187->15040 17188 7ff6df082390 55 API calls 17188->17190 17189 7ff6df083c80 55 API calls 17189->17190 17190->17187 17190->17188 17190->17189 17192 7ff6df07feda 17191->17192 17195 7ff6df07ff20 17191->17195 17193 7ff6df07fef4 17192->17193 17194 7ff6df07eac0 55 API calls 17192->17194 17193->17195 17196 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17193->17196 17194->17192 17195->15011 17197 7ff6df07ff4a 17196->17197 17199 7ff6df083b51 17198->17199 17202 7ff6df083b1f 17198->17202 17200 7ff6df082390 55 API calls 17200->17202 17201 7ff6df083c80 55 API calls 17201->17202 17202->17199 17202->17200 17202->17201 17204 7ff6df07433e 17203->17204 17205 7ff6df081730 55 API calls 17204->17205 17206 7ff6df074380 17205->17206 17207 7ff6df07fe80 55 API calls 17206->17207 17208 7ff6df074495 17207->17208 17209 7ff6df07ed70 236 API calls 17208->17209 17210 7ff6df0744fa 17209->17210 17211 7ff6df0742f0 236 API calls 17210->17211 17213 7ff6df073fa4 17212->17213 17214 7ff6df075ec0 236 API calls 17213->17214 17215 7ff6df073fb9 17214->17215 17228 7ff6df0739a0 17215->17228 17218 7ff6df0cf3f4 Concurrency::cancel_current_task 2 API calls 17219 7ff6df073fe9 17218->17219 17220 7ff6df0ce208 __std_exception_copy 53 API calls 17219->17220 17221 7ff6df074022 17220->17221 17222 7ff6df073870 55 API calls 17221->17222 17223 7ff6df074060 17222->17223 17224 7ff6df073870 55 API calls 17223->17224 17225 7ff6df07406e 17224->17225 17226 7ff6df07eee0 55 API calls 17225->17226 17227 7ff6df07407c 17226->17227 17233 7ff6df0728c0 17228->17233 17230 7ff6df0739c3 17231 7ff6df075f00 236 API calls 17230->17231 17232 7ff6df073a4f 17231->17232 17232->17218 17234 7ff6df07eee0 55 API calls 17233->17234 17235 7ff6df0728ef 17234->17235 17236 7ff6df072740 55 API calls 17235->17236 17237 7ff6df07290a 17236->17237 17238 7ff6df072570 53 API calls 17237->17238 17239 7ff6df072916 17238->17239 17240 7ff6df07294b 17239->17240 17241 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17239->17241 17240->17230 17242 7ff6df07298d __std_exception_destroy 17241->17242 17242->17230 17244 7ff6df0728c0 55 API calls 17243->17244 17245 7ff6df073a89 17244->17245 17246 7ff6df073870 55 API calls 17245->17246 17247 7ff6df073aaa 17246->17247 17253 7ff6df073bc0 17247->17253 17249 7ff6df073b7d 17249->15087 17250 7ff6df073b43 17250->17249 17251 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17250->17251 17252 7ff6df073ba5 17251->17252 17252->15087 17254 7ff6df0d2d3c __std_fs_code_page 53 API calls 17253->17254 17255 7ff6df073c24 17254->17255 17298 7ff6df0804f0 17255->17298 17258 7ff6df0804f0 59 API calls 17259 7ff6df073c7a 17258->17259 17260 7ff6df073caf 17259->17260 17261 7ff6df081860 55 API calls 17259->17261 17262 7ff6df07fc60 55 API calls 17260->17262 17261->17260 17263 7ff6df073cc2 17262->17263 17264 7ff6df07fc60 55 API calls 17263->17264 17265 7ff6df073cd7 17264->17265 17266 7ff6df07fc60 55 API calls 17265->17266 17267 7ff6df073cf1 17266->17267 17268 7ff6df073d24 17267->17268 17269 7ff6df07fc60 55 API calls 17267->17269 17271 7ff6df082050 55 API calls 17268->17271 17275 7ff6df073d31 17268->17275 17270 7ff6df073d0a 17269->17270 17272 7ff6df07fc60 55 API calls 17270->17272 17271->17275 17272->17268 17273 7ff6df073de0 17276 7ff6df0cc440 _log10_special 8 API calls 17273->17276 17274 7ff6df073e25 17277 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17274->17277 17275->17273 17275->17274 17278 7ff6df073e20 17275->17278 17279 7ff6df073e04 17276->17279 17280 7ff6df073e2b 17277->17280 17281 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17278->17281 17279->17250 17282 7ff6df073e76 17280->17282 17284 7ff6df073edd 17280->17284 17281->17274 17283 7ff6df073800 52 API calls 17282->17283 17285 7ff6df073e9e 17283->17285 17286 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17284->17286 17287 7ff6df073800 52 API calls 17285->17287 17288 7ff6df073ee2 17286->17288 17289 7ff6df073ea8 __std_exception_destroy 17287->17289 17290 7ff6df073f30 17288->17290 17292 7ff6df073f7d 17288->17292 17289->17250 17291 7ff6df073800 52 API calls 17290->17291 17293 7ff6df073f58 17291->17293 17294 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17292->17294 17295 7ff6df073800 52 API calls 17293->17295 17296 7ff6df073f82 17294->17296 17297 7ff6df073f62 __std_exception_destroy 17295->17297 17297->17250 17299 7ff6df073c50 17298->17299 17300 7ff6df080538 17298->17300 17299->17258 17301 7ff6df0805bb 17300->17301 17313 7ff6df0d2ed0 WideCharToMultiByte 17300->17313 17302 7ff6df072b40 55 API calls 17301->17302 17305 7ff6df0805c1 17302->17305 17306 7ff6df072e70 55 API calls 17305->17306 17308 7ff6df0805cd 17306->17308 17307 7ff6df082650 55 API calls 17309 7ff6df080572 17307->17309 17310 7ff6df0d2ed0 4 API calls 17309->17310 17311 7ff6df080591 17310->17311 17311->17299 17312 7ff6df072e70 55 API calls 17311->17312 17312->17301 17314 7ff6df0d2f27 GetLastError 17313->17314 17315 7ff6df0d2f2f 17313->17315 17314->17315 17316 7ff6df080559 17315->17316 17317 7ff6df0d2f3c WideCharToMultiByte 17315->17317 17316->17305 17316->17307 17317->17316 17318 7ff6df0d2f6a GetLastError 17317->17318 17318->17316 17319 7ff6df055355 17320 7ff6df055358 17319->17320 17321 7ff6df05537d 17319->17321 17322 7ff6df075f00 236 API calls 17320->17322 17323 7ff6df075f00 236 API calls 17321->17323 17322->17321 17324 7ff6df05541f 17323->17324 17331 7ff6df07e4b0 17324->17331 17326 7ff6df055448 17353 7ff6df0cc8c4 17326->17353 17329 7ff6df0cc440 _log10_special 8 API calls 17330 7ff6df055480 17329->17330 17332 7ff6df07e51c 17331->17332 17342 7ff6df07e607 17331->17342 17334 7ff6df07e544 17332->17334 17335 7ff6df07e570 17332->17335 17347 7ff6df07e647 17332->17347 17333 7ff6df0cc440 _log10_special 8 API calls 17336 7ff6df07e62c 17333->17336 17338 7ff6df07e64d 17334->17338 17340 7ff6df0cc580 std::_Facet_Register 55 API calls 17334->17340 17341 7ff6df0cc580 std::_Facet_Register 55 API calls 17335->17341 17346 7ff6df07e562 17335->17346 17336->17326 17337 7ff6df07fea0 55 API calls 17337->17338 17339 7ff6df072490 Concurrency::cancel_current_task 55 API calls 17338->17339 17348 7ff6df073800 17339->17348 17343 7ff6df07e556 17340->17343 17341->17346 17342->17333 17344 7ff6df07e642 17343->17344 17343->17346 17345 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17344->17345 17345->17347 17346->17342 17350 7ff6df07eee0 55 API calls 17346->17350 17347->17337 17349 7ff6df073841 17348->17349 17351 7ff6df0ae56c _invalid_parameter_noinfo_noreturn 52 API calls 17348->17351 17349->17326 17350->17346 17352 7ff6df073865 17351->17352 17356 7ff6df0cc888 17353->17356 17355 7ff6df055471 17355->17329 17357 7ff6df0cc8a2 17356->17357 17358 7ff6df0cc89b 17356->17358 17360 7ff6df0bb54c 17357->17360 17358->17355 17363 7ff6df0bb188 17360->17363 17370 7ff6df0bb608 EnterCriticalSection 17363->17370

      Executed Functions

      Function 00007FF6DF075F00 Relevance: 38.0, APIs: 15, Strings: 6, Instructions: 1237COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
      • String ID: cannot use push_back() with $content$directory_iterator::directory_iterator$filename$status$telegram
      • API String ID: 73155330-1682428876
      • Opcode ID: b2c386aaff44f21faa9323e9549d45462ca294a1c62cdbcd0c795dab9cec7129
      • Instruction ID: 5c60288f60a947b433be42ada48720ef19acbd5478624d15b5c73196fd319174
      • Opcode Fuzzy Hash: b2c386aaff44f21faa9323e9549d45462ca294a1c62cdbcd0c795dab9cec7129
      • Instruction Fuzzy Hash: B8C2A062A19BC189EB21CF35D8903ED7364FB85798F544236EA8D87B99DF38D691C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BA018 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      • FreeLibrary.KERNEL32(?,?,?,00007FF6DF0BA6C2,?,?,?,00007FF6DF0BB5E4), ref: 00007FF6DF0BA194
      • GetProcAddressForCaller.KERNELBASE(?,?,?,00007FF6DF0BA6C2,?,?,?,00007FF6DF0BB5E4), ref: 00007FF6DF0BA1A0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: AddressCallerFreeLibraryProc
      • String ID: api-ms-$ext-ms-
      • API String ID: 3520295827-537541572
      • Opcode ID: 8018236b3e31d5400bad457142b1c513f9e0a2281b30da1e5932f2d818f46253
      • Instruction ID: 46e11140b5ae21b1b2adaee83917288a4787a1920a99ee074fc8a029ae228daa
      • Opcode Fuzzy Hash: 8018236b3e31d5400bad457142b1c513f9e0a2281b30da1e5932f2d818f46253
      • Instruction Fuzzy Hash: 1A41B122B1AA0245FA56CB16AC3467E2395BF45BA0F498937DE1DCB794EF7CE425C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF07E4B0 Relevance: 3.1, APIs: 2, Instructions: 141COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
      • String ID:
      • API String ID: 73155330-0
      • Opcode ID: 934906d154d1734d4dd63ea35d7866786702960bfb32e01e6ad4ff713fc1fda4
      • Instruction ID: 97695fa6f7e88e3bcf54575ff88af66127f0798a7d8c90be8b65c9b18829b70b
      • Opcode Fuzzy Hash: 934906d154d1734d4dd63ea35d7866786702960bfb32e01e6ad4ff713fc1fda4
      • Instruction Fuzzy Hash: 97519172E19B8686EA10DB25E85036D73A5FB94784F544632EB8C877A5EF7CE4B18300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF07EEE0 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
      • String ID:
      • API String ID: 73155330-0
      • Opcode ID: fa56406c03b6c9ca001bdad761f259cc8ce6151ab533f09826cde0c63591774f
      • Instruction ID: 9383a42b6a2b0f56673296298346efdbc27a5cb6c1a3f5cbb86a879e909e7379
      • Opcode Fuzzy Hash: fa56406c03b6c9ca001bdad761f259cc8ce6151ab533f09826cde0c63591774f
      • Instruction Fuzzy Hash: 1C31C522F06B8545EE189B25A52027D6351EF44BB4F244732DB7C87BD5EE7CE4E28340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0CC580 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
      • String ID:
      • API String ID: 1173176844-0
      • Opcode ID: 8edfc3d1130c62526de880746612556dd1d2b5bb9bdd5d839ad3c011f6f06b87
      • Instruction ID: edbe792ea4225e8dad4ce3ce0d32c8db46b25697d9ea0c9f4fd40a596810c5e5
      • Opcode Fuzzy Hash: 8edfc3d1130c62526de880746612556dd1d2b5bb9bdd5d839ad3c011f6f06b87
      • Instruction Fuzzy Hash: 1AE0E240E1A14749FE2932B6A83A0BD03404F98371E289B72D97E872C2ED1CF4F29530
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D5278 Relevance: 1.6, APIs: 1, Instructions: 64COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: d96538fd9e4c0ba1957b4897a3115e7797365899696c5d934e3a4e46a089f122
      • Instruction ID: e1ff70fe6ec38066a3a7aad8d8d0b3591cac549010582fc9feec070854348120
      • Opcode Fuzzy Hash: d96538fd9e4c0ba1957b4897a3115e7797365899696c5d934e3a4e46a089f122
      • Instruction Fuzzy Hash: F7112721A0860282FB14AB75A83137E6390AF907A0F144532EF5CC7FC6DFBCE4214700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BB780 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      • RtlAllocateHeap.NTDLL(?,?,?,00007FF6DF0CE247,?,?,?,?,?,?,?,?,?,00007FF6DF0D35DD), ref: 00007FF6DF0BB7BE
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: cdc2d6fae817b89a224673727086d8959dbde9ebb7d6078baeca0d48c9324078
      • Instruction ID: eb6fe1a77cc2ad83fac0b4ff54f9d2fa60a092a9506980c06b3ff79e60db8e65
      • Opcode Fuzzy Hash: cdc2d6fae817b89a224673727086d8959dbde9ebb7d6078baeca0d48c9324078
      • Instruction Fuzzy Hash: A1F01294F4960642FE745775587167E17905F44BB0F080E76EC2EC73E1DE5CA4A15510
      Uniqueness

      Uniqueness Score: -1.00%

      Non-executed Functions

      Function 00007FF6DF0896F0 Relevance: 28.7, APIs: 12, Strings: 4, Instructions: 717COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
      • String ID: File Downloader$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 1168246061-2259054128
      • Opcode ID: 7721040ffac38007c553ca3dc60ff604b49acf4bb86305ae07b5ad0cdd2784ac
      • Instruction ID: 4b2f71ba803312bef7ca54ad5868eb909d39c97cd064cdf0b9290cfdf4b66ad8
      • Opcode Fuzzy Hash: 7721040ffac38007c553ca3dc60ff604b49acf4bb86305ae07b5ad0cdd2784ac
      • Instruction Fuzzy Hash: 6E527E32A09A8196EB60EF19E56036DA7A0FB84F98F588532DE5D87B94DF3DD461C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D308C Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 812 7ff6df0d308c-7ff6df0d30cc 813 7ff6df0d30ce-7ff6df0d30d5 812->813 814 7ff6df0d30e1-7ff6df0d30ea 812->814 813->814 815 7ff6df0d30d7-7ff6df0d30dc 813->815 816 7ff6df0d30ec-7ff6df0d30ef 814->816 817 7ff6df0d3106-7ff6df0d3108 814->817 818 7ff6df0d3360-7ff6df0d3386 call 7ff6df0cc440 815->818 816->817 819 7ff6df0d30f1-7ff6df0d30f9 816->819 820 7ff6df0d335e 817->820 821 7ff6df0d310e-7ff6df0d3112 817->821 823 7ff6df0d30ff-7ff6df0d3102 819->823 824 7ff6df0d30fb-7ff6df0d30fd 819->824 820->818 825 7ff6df0d3118-7ff6df0d311b 821->825 826 7ff6df0d31e9-7ff6df0d3210 call 7ff6df0d33bc 821->826 823->817 824->817 824->823 829 7ff6df0d312f-7ff6df0d3141 GetFileAttributesExW 825->829 830 7ff6df0d311d-7ff6df0d3125 825->830 837 7ff6df0d3232-7ff6df0d323b 826->837 838 7ff6df0d3212-7ff6df0d321b 826->838 831 7ff6df0d3143-7ff6df0d314c GetLastError 829->831 832 7ff6df0d3194-7ff6df0d31a3 829->832 830->829 834 7ff6df0d3127-7ff6df0d3129 830->834 831->818 835 7ff6df0d3152-7ff6df0d3164 FindFirstFileW 831->835 836 7ff6df0d31a7-7ff6df0d31a9 832->836 834->826 834->829 839 7ff6df0d3171-7ff6df0d3192 FindClose 835->839 840 7ff6df0d3166-7ff6df0d316c GetLastError 835->840 841 7ff6df0d31b5-7ff6df0d31e3 836->841 842 7ff6df0d31ab-7ff6df0d31b3 836->842 845 7ff6df0d32ef-7ff6df0d32f8 837->845 846 7ff6df0d3241-7ff6df0d3259 GetFileInformationByHandleEx 837->846 843 7ff6df0d322b-7ff6df0d322d 838->843 844 7ff6df0d321d-7ff6df0d3225 CloseHandle 838->844 839->836 840->818 841->820 841->826 842->826 842->841 843->818 844->843 849 7ff6df0d33a1-7ff6df0d33a6 call 7ff6df0bb594 844->849 850 7ff6df0d32fa-7ff6df0d330e GetFileInformationByHandleEx 845->850 851 7ff6df0d3347-7ff6df0d3349 845->851 847 7ff6df0d3281-7ff6df0d329a 846->847 848 7ff6df0d325b-7ff6df0d3267 GetLastError 846->848 847->845 856 7ff6df0d329c-7ff6df0d32a0 847->856 852 7ff6df0d327a-7ff6df0d327c 848->852 853 7ff6df0d3269-7ff6df0d3274 CloseHandle 848->853 874 7ff6df0d33a7-7ff6df0d33ac call 7ff6df0bb594 849->874 858 7ff6df0d3334-7ff6df0d3344 850->858 859 7ff6df0d3310-7ff6df0d331c GetLastError 850->859 854 7ff6df0d334b-7ff6df0d334f 851->854 855 7ff6df0d3387-7ff6df0d338b 851->855 852->818 853->852 860 7ff6df0d33b3-7ff6df0d33bb call 7ff6df0bb594 853->860 854->820 861 7ff6df0d3351-7ff6df0d335c CloseHandle 854->861 864 7ff6df0d339a-7ff6df0d339f 855->864 865 7ff6df0d338d-7ff6df0d3398 CloseHandle 855->865 862 7ff6df0d32a2-7ff6df0d32bc GetFileInformationByHandleEx 856->862 863 7ff6df0d32e8 856->863 858->851 859->852 867 7ff6df0d3322-7ff6df0d332d CloseHandle 859->867 861->820 861->849 871 7ff6df0d32be-7ff6df0d32ca GetLastError 862->871 872 7ff6df0d32df-7ff6df0d32e6 862->872 873 7ff6df0d32ec 863->873 864->818 865->849 865->864 868 7ff6df0d332f 867->868 869 7ff6df0d33ad-7ff6df0d33b2 call 7ff6df0bb594 867->869 868->852 869->860 871->852 878 7ff6df0d32cc-7ff6df0d32d7 CloseHandle 871->878 872->873 873->845 874->869 878->874 881 7ff6df0d32dd 878->881 881->852
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
      • String ID:
      • API String ID: 2398595512-0
      • Opcode ID: 933ae3730207d125b828c856b205ce3c44c04271787765837734cf2a07481d77
      • Instruction ID: 9ed4659a338e7c9f943e474b9a8797e93ff339b8537b402f8f97afa360f7952d
      • Opcode Fuzzy Hash: 933ae3730207d125b828c856b205ce3c44c04271787765837734cf2a07481d77
      • Instruction Fuzzy Hash: 1091A331B08A0286E6648B15AC256BD2398AFC57B4F044336D9BEC7BD4DF3CE8A5C700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF09F110 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 371nativelibraryloaderCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 882 7ff6df09f110-7ff6df09f16c 883 7ff6df09f16e-7ff6df09f181 call 7ff6df0cc508 882->883 884 7ff6df09f1b3-7ff6df09f1bb 882->884 883->884 891 7ff6df09f183-7ff6df09f1ae GetModuleHandleA GetProcAddress call 7ff6df0cc49c 883->891 886 7ff6df09f1c4-7ff6df09f1ed call 7ff6df0b7f98 OpenProcess 884->886 887 7ff6df09f1bd-7ff6df09f1bf 884->887 896 7ff6df09f1f3-7ff6df09f20f NtQuerySystemInformation 886->896 897 7ff6df09f5c8-7ff6df09f5cb 886->897 889 7ff6df09f5e7-7ff6df09f60d call 7ff6df0cc440 887->889 891->884 898 7ff6df09f211-7ff6df09f23a call 7ff6df0b67f8 NtQuerySystemInformation 896->898 899 7ff6df09f23c-7ff6df09f23e 896->899 900 7ff6df09f5d6-7ff6df09f5d9 897->900 901 7ff6df09f5cd-7ff6df09f5d5 call 7ff6df0ae6dc 897->901 898->899 899->897 904 7ff6df09f244-7ff6df09f24a 899->904 905 7ff6df09f5e4 900->905 906 7ff6df09f5db-7ff6df09f5de CloseHandle 900->906 901->900 904->897 909 7ff6df09f250-7ff6df09f258 904->909 905->889 906->905 910 7ff6df09f260-7ff6df09f296 909->910 911 7ff6df09f298-7ff6df09f2a0 910->911 912 7ff6df09f2dc-7ff6df09f328 call 7ff6df0b7f98 GetCurrentProcess 910->912 913 7ff6df09f2a6-7ff6df09f2b7 911->913 914 7ff6df09f5a8-7ff6df09f5be 911->914 925 7ff6df09f330-7ff6df09f368 NtQueryObject call 7ff6df0b67f8 912->925 917 7ff6df09f2d2-7ff6df09f2d7 call 7ff6df0cc8e4 913->917 918 7ff6df09f2b9-7ff6df09f2cc 913->918 914->910 916 7ff6df09f5c4 914->916 916->897 917->914 918->917 920 7ff6df09f66d-7ff6df09f68a call 7ff6df0ae56c 918->920 928 7ff6df09f696-7ff6df09f69a 920->928 929 7ff6df09f68c-7ff6df09f695 920->929 931 7ff6df09f36a-7ff6df09f36f 925->931 929->928 933 7ff6df09f375-7ff6df09f37c 931->933 934 7ff6df09f54d-7ff6df09f554 931->934 937 7ff6df09f383-7ff6df09f390 933->937 935 7ff6df09f556 CloseHandle 934->935 936 7ff6df09f55c-7ff6df09f55f 934->936 935->936 938 7ff6df09f561-7ff6df09f569 call 7ff6df0ae6dc 936->938 939 7ff6df09f56a-7ff6df09f572 936->939 937->934 940 7ff6df09f396-7ff6df09f39a 937->940 938->939 943 7ff6df09f5a5 939->943 944 7ff6df09f574-7ff6df09f585 939->944 940->937 942 7ff6df09f39c-7ff6df09f3a7 940->942 946 7ff6df09f3a9-7ff6df09f3c6 942->946 947 7ff6df09f3c8-7ff6df09f3de 942->947 943->914 948 7ff6df09f5a0 call 7ff6df0cc8e4 944->948 949 7ff6df09f587-7ff6df09f59a 944->949 950 7ff6df09f427-7ff6df09f4cb GetFinalPathNameByHandleA call 7ff6df0cea30 call 7ff6df073300 946->950 951 7ff6df09f3e0-7ff6df09f40a call 7ff6df0ce510 947->951 952 7ff6df09f40c-7ff6df09f41f call 7ff6df083000 947->952 948->943 949->920 949->948 962 7ff6df09f4d0-7ff6df09f4de 950->962 963 7ff6df09f4cd 950->963 957 7ff6df09f424 951->957 952->957 957->950 964 7ff6df09f4e1-7ff6df09f4e7 962->964 963->962 965 7ff6df09f4f5-7ff6df09f4f7 964->965 966 7ff6df09f4e9-7ff6df09f4ee 964->966 968 7ff6df09f4fa-7ff6df09f502 965->968 966->964 967 7ff6df09f4f0-7ff6df09f4f3 966->967 967->968 969 7ff6df09f535-7ff6df09f547 968->969 970 7ff6df09f504-7ff6df09f515 968->970 969->934 971 7ff6df09f60e-7ff6df09f623 call 7ff6df0ae6dc 969->971 972 7ff6df09f530 call 7ff6df0cc8e4 970->972 973 7ff6df09f517-7ff6df09f52a 970->973 980 7ff6df09f652-7ff6df09f662 971->980 981 7ff6df09f625-7ff6df09f636 971->981 972->969 973->972 974 7ff6df09f667-7ff6df09f66c call 7ff6df0ae56c 973->974 974->920 980->897 982 7ff6df09f638-7ff6df09f64b 981->982 983 7ff6df09f64d call 7ff6df0cc8e4 981->983 982->920 982->983 983->980
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Handle$ExclusiveLockQuery$AcquireCloseInformationProcessSystem_invalid_parameter_noinfo_noreturn$AddressCurrentFinalModuleNameObjectOpenPathProcRelease
      • String ID: File$NtDuplicateObject$ntdll.dll
      • API String ID: 4149831788-3955674919
      • Opcode ID: f2562741e349a99349bf9fbdd4a2689032d25329a2ca763909391ef5ac847b7b
      • Instruction ID: 1dab93e0bc083a01ecf28f4b61c27eabcf1a8916959e3e8c17d2f86f72ddc70d
      • Opcode Fuzzy Hash: f2562741e349a99349bf9fbdd4a2689032d25329a2ca763909391ef5ac847b7b
      • Instruction Fuzzy Hash: DDE19F62B08A819AFB00DF65D4643BC2361FB48B99F548536DE1DA7B99EF3CE165C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0C7830 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
      • API String ID: 808467561-2761157908
      • Opcode ID: c5e876ca772328fb97aec2cc79d7cc9b942190f7e0823540ab8001b230db0c95
      • Instruction ID: ab6a03bb69266ea0cce739f17cfadd542fd7dea873acde675dda2c44cdcc5d71
      • Opcode Fuzzy Hash: c5e876ca772328fb97aec2cc79d7cc9b942190f7e0823540ab8001b230db0c95
      • Instruction Fuzzy Hash: 8BB2D172E182828BEB658F64D4607FD77E1FB54388F549136DA0D97A88DF38EA10CB50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0AD590 Relevance: 21.9, APIs: 14, Instructions: 865COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1354 7ff6df0ad590-7ff6df0ad5cb 1355 7ff6df0ad5d1-7ff6df0ad5ef 1354->1355 1356 7ff6df0ad707-7ff6df0ad70c call 7ff6df07fea0 1354->1356 1358 7ff6df0ad701-7ff6df0ad706 call 7ff6df072490 1355->1358 1359 7ff6df0ad5f5-7ff6df0ad606 1355->1359 1364 7ff6df0ad70d-7ff6df0ad75b call 7ff6df0ae56c 1356->1364 1358->1356 1359->1358 1362 7ff6df0ad60c-7ff6df0ad61f 1359->1362 1365 7ff6df0ad621-7ff6df0ad628 1362->1365 1366 7ff6df0ad655-7ff6df0ad658 1362->1366 1377 7ff6df0ad761-7ff6df0ad77f 1364->1377 1378 7ff6df0ad89b-7ff6df0ad8a0 call 7ff6df07fea0 1364->1378 1365->1358 1370 7ff6df0ad62e-7ff6df0ad639 call 7ff6df0cc580 1365->1370 1367 7ff6df0ad66c 1366->1367 1368 7ff6df0ad65a-7ff6df0ad66a call 7ff6df0cc580 1366->1368 1372 7ff6df0ad66e 1367->1372 1368->1372 1370->1364 1380 7ff6df0ad63f-7ff6df0ad653 1370->1380 1376 7ff6df0ad673-7ff6df0ad6b0 call 7ff6df07f770 1372->1376 1390 7ff6df0ad6b2-7ff6df0ad6b5 1376->1390 1391 7ff6df0ad6b7-7ff6df0ad6cd call 7ff6df0824b0 1376->1391 1383 7ff6df0ad895-7ff6df0ad89a call 7ff6df072490 1377->1383 1384 7ff6df0ad785-7ff6df0ad796 1377->1384 1392 7ff6df0ad8a1-7ff6df0ad8f3 call 7ff6df0ae56c 1378->1392 1380->1376 1383->1378 1384->1383 1388 7ff6df0ad79c-7ff6df0ad7af 1384->1388 1393 7ff6df0ad7b1-7ff6df0ad7b8 1388->1393 1394 7ff6df0ad7e5-7ff6df0ad7e8 1388->1394 1398 7ff6df0ad6d1-7ff6df0ad700 call 7ff6df0824b0 call 7ff6df080360 1390->1398 1391->1398 1411 7ff6df0ad8f9-7ff6df0ad91c 1392->1411 1412 7ff6df0ada6d-7ff6df0ada72 call 7ff6df07fea0 1392->1412 1393->1383 1395 7ff6df0ad7be-7ff6df0ad7c9 call 7ff6df0cc580 1393->1395 1396 7ff6df0ad7fc 1394->1396 1397 7ff6df0ad7ea-7ff6df0ad7fa call 7ff6df0cc580 1394->1397 1395->1392 1416 7ff6df0ad7cf-7ff6df0ad7e3 1395->1416 1403 7ff6df0ad7fe 1396->1403 1397->1403 1410 7ff6df0ad803-7ff6df0ad844 call 7ff6df083b70 1403->1410 1427 7ff6df0ad846-7ff6df0ad849 1410->1427 1428 7ff6df0ad84b-7ff6df0ad861 call 7ff6df0824b0 1410->1428 1413 7ff6df0ad922-7ff6df0ad933 1411->1413 1414 7ff6df0ada67-7ff6df0ada6c call 7ff6df072490 1411->1414 1429 7ff6df0ada73-7ff6df0adac0 call 7ff6df0ae56c 1412->1429 1413->1414 1419 7ff6df0ad939-7ff6df0ad94f 1413->1419 1414->1412 1416->1410 1424 7ff6df0ad951-7ff6df0ad958 1419->1424 1425 7ff6df0ad985-7ff6df0ad988 1419->1425 1424->1414 1431 7ff6df0ad95e-7ff6df0ad969 call 7ff6df0cc580 1424->1431 1432 7ff6df0ad99c 1425->1432 1433 7ff6df0ad98a-7ff6df0ad99a call 7ff6df0cc580 1425->1433 1434 7ff6df0ad865-7ff6df0ad894 call 7ff6df0824b0 call 7ff6df080360 1427->1434 1428->1434 1442 7ff6df0adac6-7ff6df0adae9 1429->1442 1443 7ff6df0adc2b-7ff6df0adc30 call 7ff6df07fea0 1429->1443 1431->1429 1452 7ff6df0ad96f-7ff6df0ad983 1431->1452 1441 7ff6df0ad99e 1432->1441 1433->1441 1447 7ff6df0ad9a6-7ff6df0ada0f call 7ff6df07f260 1441->1447 1449 7ff6df0adaef-7ff6df0adb00 1442->1449 1450 7ff6df0adc25-7ff6df0adc2a call 7ff6df072490 1442->1450 1461 7ff6df0adc31-7ff6df0adc80 call 7ff6df0ae56c 1443->1461 1459 7ff6df0ada11-7ff6df0ada14 1447->1459 1460 7ff6df0ada16-7ff6df0ada2c call 7ff6df0824b0 1447->1460 1449->1450 1455 7ff6df0adb06-7ff6df0adb1c 1449->1455 1450->1443 1452->1447 1462 7ff6df0adb1e-7ff6df0adb25 1455->1462 1463 7ff6df0adb52-7ff6df0adb55 1455->1463 1465 7ff6df0ada30-7ff6df0ada66 call 7ff6df0824b0 call 7ff6df080360 1459->1465 1460->1465 1478 7ff6df0adc86-7ff6df0adca9 1461->1478 1479 7ff6df0addeb-7ff6df0addf0 call 7ff6df07fea0 1461->1479 1462->1450 1468 7ff6df0adb2b-7ff6df0adb36 call 7ff6df0cc580 1462->1468 1469 7ff6df0adb69 1463->1469 1470 7ff6df0adb57-7ff6df0adb67 call 7ff6df0cc580 1463->1470 1468->1461 1488 7ff6df0adb3c-7ff6df0adb50 1468->1488 1476 7ff6df0adb6b 1469->1476 1470->1476 1477 7ff6df0adb73-7ff6df0adbd2 call 7ff6df07f260 1476->1477 1495 7ff6df0adbd4-7ff6df0adbd7 1477->1495 1496 7ff6df0adbd9-7ff6df0adbef call 7ff6df0824b0 1477->1496 1485 7ff6df0adcaf-7ff6df0adcc0 1478->1485 1486 7ff6df0adde5-7ff6df0addea call 7ff6df072490 1478->1486 1497 7ff6df0addf1-7ff6df0ade40 call 7ff6df0ae56c 1479->1497 1485->1486 1492 7ff6df0adcc6-7ff6df0adcdc 1485->1492 1486->1479 1488->1477 1498 7ff6df0adcde-7ff6df0adce5 1492->1498 1499 7ff6df0add12-7ff6df0add15 1492->1499 1500 7ff6df0adbf3-7ff6df0adc24 call 7ff6df0824b0 call 7ff6df080360 1495->1500 1496->1500 1514 7ff6df0adfb0-7ff6df0adfb5 call 7ff6df07fea0 1497->1514 1515 7ff6df0ade46-7ff6df0ade69 1497->1515 1498->1486 1503 7ff6df0adceb-7ff6df0adcf6 call 7ff6df0cc580 1498->1503 1504 7ff6df0add29 1499->1504 1505 7ff6df0add17-7ff6df0add27 call 7ff6df0cc580 1499->1505 1503->1497 1523 7ff6df0adcfc-7ff6df0add10 1503->1523 1506 7ff6df0add2b 1504->1506 1505->1506 1513 7ff6df0add33-7ff6df0add92 call 7ff6df07f260 1506->1513 1530 7ff6df0add94-7ff6df0add97 1513->1530 1531 7ff6df0add99-7ff6df0addaf call 7ff6df0824b0 1513->1531 1532 7ff6df0adfb6-7ff6df0adffb call 7ff6df0ae56c 1514->1532 1520 7ff6df0ade6f-7ff6df0ade80 1515->1520 1521 7ff6df0adfaa-7ff6df0adfaf call 7ff6df072490 1515->1521 1520->1521 1527 7ff6df0ade86-7ff6df0ade9c 1520->1527 1521->1514 1523->1513 1533 7ff6df0ade9e-7ff6df0adea5 1527->1533 1534 7ff6df0aded2-7ff6df0aded5 1527->1534 1537 7ff6df0addb3-7ff6df0adde4 call 7ff6df0824b0 call 7ff6df080360 1530->1537 1531->1537 1549 7ff6df0ae001-7ff6df0ae01f 1532->1549 1550 7ff6df0ae13e-7ff6df0ae143 call 7ff6df07fea0 1532->1550 1533->1521 1540 7ff6df0adeab-7ff6df0adeb6 call 7ff6df0cc580 1533->1540 1535 7ff6df0adee9 1534->1535 1536 7ff6df0aded7-7ff6df0adee7 call 7ff6df0cc580 1534->1536 1542 7ff6df0adeeb 1535->1542 1536->1542 1540->1532 1558 7ff6df0adebc-7ff6df0aded0 1540->1558 1548 7ff6df0adef3-7ff6df0adf57 call 7ff6df07f260 1542->1548 1565 7ff6df0adf5e-7ff6df0adf74 call 7ff6df0824b0 1548->1565 1566 7ff6df0adf59-7ff6df0adf5c 1548->1566 1555 7ff6df0ae025-7ff6df0ae036 1549->1555 1556 7ff6df0ae138-7ff6df0ae13d call 7ff6df072490 1549->1556 1567 7ff6df0ae144-7ff6df0ae150 call 7ff6df0ae56c 1550->1567 1555->1556 1562 7ff6df0ae03c-7ff6df0ae052 1555->1562 1556->1550 1558->1548 1568 7ff6df0ae080-7ff6df0ae083 1562->1568 1569 7ff6df0ae054-7ff6df0ae05b 1562->1569 1572 7ff6df0adf78-7ff6df0adfa9 call 7ff6df0824b0 call 7ff6df080360 1565->1572 1566->1572 1570 7ff6df0ae085-7ff6df0ae09a call 7ff6df0cc580 1568->1570 1571 7ff6df0ae09c-7ff6df0ae09e 1568->1571 1569->1556 1575 7ff6df0ae061-7ff6df0ae06c call 7ff6df0cc580 1569->1575 1584 7ff6df0ae0ab-7ff6df0ae0e7 call 7ff6df07f770 1570->1584 1578 7ff6df0ae0a6 1571->1578 1575->1567 1587 7ff6df0ae072-7ff6df0ae07e 1575->1587 1578->1584 1591 7ff6df0ae0ee-7ff6df0ae104 call 7ff6df0824b0 1584->1591 1592 7ff6df0ae0e9-7ff6df0ae0ec 1584->1592 1587->1578 1593 7ff6df0ae108-7ff6df0ae137 call 7ff6df0824b0 call 7ff6df080360 1591->1593 1592->1593
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn$__std_exception_copy
      • String ID:
      • API String ID: 3741619608-0
      • Opcode ID: 7f864cd145c1b37dbd6398310a558c5b47d3be5f7fddbc3ee37f12577edc1d72
      • Instruction ID: e61182fc10b6e5763bf37b1130028076f79bf585630f219f4b8da472f6d09694
      • Opcode Fuzzy Hash: 7f864cd145c1b37dbd6398310a558c5b47d3be5f7fddbc3ee37f12577edc1d72
      • Instruction Fuzzy Hash: AC52E322B09B8581EA20DB26E4249BE7394FB44BE4F548636EEAD977C5DF3CD061C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A3680 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 405COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1600 7ff6df0a3680-7ff6df0a36c1 1601 7ff6df0a39ae-7ff6df0a39f3 call 7ff6df0a83a0 call 7ff6df0a4d80 1600->1601 1602 7ff6df0a36c7-7ff6df0a36f1 call 7ff6df0ce510 1600->1602 1614 7ff6df0a39f9-7ff6df0a3a73 call 7ff6df075f00 call 7ff6df0a4680 call 7ff6df0a8090 call 7ff6df0a4c00 1601->1614 1615 7ff6df0a3b8d-7ff6df0a3b91 1601->1615 1608 7ff6df0a3700-7ff6df0a3739 call 7ff6df0a4530 call 7ff6df0a7180 call 7ff6df0a4d80 1602->1608 1609 7ff6df0a36f3-7ff6df0a36fc 1602->1609 1640 7ff6df0a373f-7ff6df0a37c3 call 7ff6df075f00 call 7ff6df0a4680 call 7ff6df0a8090 call 7ff6df0a4c00 1608->1640 1641 7ff6df0a38dd-7ff6df0a38e4 1608->1641 1609->1608 1665 7ff6df0a3cc1-7ff6df0a3cdd call 7ff6df0a1f20 call 7ff6df0cf3f4 1614->1665 1666 7ff6df0a3a79-7ff6df0a3a81 1614->1666 1617 7ff6df0a3c4f-7ff6df0a3c56 1615->1617 1618 7ff6df0a3b97-7ff6df0a3be9 call 7ff6df07f770 call 7ff6df07f260 1615->1618 1621 7ff6df0a3c28-7ff6df0a3c4e call 7ff6df0cc440 1617->1621 1622 7ff6df0a3c58-7ff6df0a3c6d 1617->1622 1618->1621 1649 7ff6df0a3beb-7ff6df0a3c00 1618->1649 1627 7ff6df0a3c6f-7ff6df0a3c82 1622->1627 1628 7ff6df0a3c17-7ff6df0a3c23 call 7ff6df0cc8e4 1622->1628 1635 7ff6df0a3c84 1627->1635 1636 7ff6df0a3c8c-7ff6df0a3c91 call 7ff6df0ae56c 1627->1636 1628->1621 1635->1628 1651 7ff6df0a3c92-7ff6df0a3cae call 7ff6df0a1f20 call 7ff6df0cf3f4 1636->1651 1640->1651 1697 7ff6df0a37c9-7ff6df0a37d1 1640->1697 1646 7ff6df0a3942-7ff6df0a3945 1641->1646 1647 7ff6df0a38e6-7ff6df0a393d call 7ff6df07f770 call 7ff6df07f260 call 7ff6df0a42f0 1641->1647 1655 7ff6df0a3947-7ff6df0a399c call 7ff6df07f770 call 7ff6df07f260 1646->1655 1656 7ff6df0a399d-7ff6df0a39a9 call 7ff6df0a42f0 1646->1656 1647->1621 1649->1628 1650 7ff6df0a3c02-7ff6df0a3c15 1649->1650 1650->1628 1650->1636 1687 7ff6df0a3caf-7ff6df0a3cb4 call 7ff6df0ae56c 1651->1687 1655->1656 1656->1621 1688 7ff6df0a3cde-7ff6df0a3ce3 call 7ff6df0ae56c 1665->1688 1673 7ff6df0a3a83-7ff6df0a3a94 1666->1673 1674 7ff6df0a3ab4-7ff6df0a3af9 call 7ff6df0ce298 * 2 1666->1674 1680 7ff6df0a3aaf call 7ff6df0cc8e4 1673->1680 1681 7ff6df0a3a96-7ff6df0a3aa9 1673->1681 1705 7ff6df0a3afb-7ff6df0a3b0c 1674->1705 1706 7ff6df0a3b2c-7ff6df0a3b46 1674->1706 1680->1674 1681->1680 1681->1688 1704 7ff6df0a3cb5-7ff6df0a3cba call 7ff6df0ae56c 1687->1704 1703 7ff6df0a3ce4-7ff6df0a3ce9 call 7ff6df0ae56c 1688->1703 1701 7ff6df0a37d3-7ff6df0a37e4 1697->1701 1702 7ff6df0a3804-7ff6df0a3849 call 7ff6df0ce298 * 2 1697->1702 1709 7ff6df0a37ff call 7ff6df0cc8e4 1701->1709 1710 7ff6df0a37e6-7ff6df0a37f9 1701->1710 1730 7ff6df0a384b-7ff6df0a385c 1702->1730 1731 7ff6df0a387c-7ff6df0a3896 1702->1731 1726 7ff6df0a3cbb-7ff6df0a3cc0 call 7ff6df0ae56c 1704->1726 1707 7ff6df0a3b0e-7ff6df0a3b21 1705->1707 1708 7ff6df0a3b27 call 7ff6df0cc8e4 1705->1708 1711 7ff6df0a3b48-7ff6df0a3b5a 1706->1711 1712 7ff6df0a3b7a-7ff6df0a3b88 1706->1712 1707->1703 1707->1708 1708->1706 1709->1702 1710->1687 1710->1709 1717 7ff6df0a3b75 call 7ff6df0cc8e4 1711->1717 1718 7ff6df0a3b5c-7ff6df0a3b6f 1711->1718 1712->1615 1717->1712 1718->1717 1723 7ff6df0a3c86-7ff6df0a3c8b call 7ff6df0ae56c 1718->1723 1723->1636 1726->1665 1736 7ff6df0a385e-7ff6df0a3871 1730->1736 1737 7ff6df0a3877 call 7ff6df0cc8e4 1730->1737 1734 7ff6df0a3898-7ff6df0a38aa 1731->1734 1735 7ff6df0a38ca-7ff6df0a38d8 1731->1735 1738 7ff6df0a38c5 call 7ff6df0cc8e4 1734->1738 1739 7ff6df0a38ac-7ff6df0a38bf 1734->1739 1735->1641 1736->1704 1736->1737 1737->1731 1738->1735 1739->1726 1739->1738
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
      • String ID: value
      • API String ID: 1346393832-494360628
      • Opcode ID: 248876450d4c3ec0651d2e53ac619a801cd936c834002fcee5982df9f58dbb71
      • Instruction ID: 276365481285cc453d034a75b90aefccd015ef0cd9d1ab57d6bcecda10c79918
      • Opcode Fuzzy Hash: 248876450d4c3ec0651d2e53ac619a801cd936c834002fcee5982df9f58dbb71
      • Instruction Fuzzy Hash: 4A02B222A18BC185EB10CB79D8607AD77A1FB85794F505333EA9D93ADADF2CE194C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF091A80 Relevance: 16.8, APIs: 11, Instructions: 345COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1911 7ff6df091a80-7ff6df091ac7 call 7ff6df0d379c 1914 7ff6df091b07-7ff6df091b17 1911->1914 1915 7ff6df091ac9-7ff6df091add call 7ff6df0d379c 1911->1915 1917 7ff6df091b28 1914->1917 1918 7ff6df091b19-7ff6df091b24 1914->1918 1923 7ff6df091adf-7ff6df091aef 1915->1923 1924 7ff6df091af6-7ff6df091b00 call 7ff6df0d3814 1915->1924 1922 7ff6df091b2a-7ff6df091b2e 1917->1922 1920 7ff6df091b26 1918->1920 1921 7ff6df091b99-7ff6df091bc5 call 7ff6df0d3814 call 7ff6df0cc440 1918->1921 1920->1922 1926 7ff6df091b30-7ff6df091b39 call 7ff6df0d39e4 1922->1926 1927 7ff6df091b43-7ff6df091b46 1922->1927 1923->1924 1924->1914 1928 7ff6df091b48-7ff6df091b4b 1926->1928 1938 7ff6df091b3b-7ff6df091b3f 1926->1938 1927->1921 1927->1928 1934 7ff6df091b52-7ff6df091b63 call 7ff6df0921c0 1928->1934 1935 7ff6df091b4d-7ff6df091b50 1928->1935 1941 7ff6df091b65-7ff6df091b90 call 7ff6df0d39ac 1934->1941 1942 7ff6df091bc6-7ff6df091c17 call 7ff6df088ae0 call 7ff6df0d379c 1934->1942 1935->1921 1938->1927 1941->1921 1950 7ff6df091c57-7ff6df091c67 1942->1950 1951 7ff6df091c19-7ff6df091c2d call 7ff6df0d379c 1942->1951 1953 7ff6df091c78 1950->1953 1954 7ff6df091c69-7ff6df091c74 1950->1954 1962 7ff6df091c2f-7ff6df091c3f 1951->1962 1963 7ff6df091c46-7ff6df091c50 call 7ff6df0d3814 1951->1963 1957 7ff6df091c7a-7ff6df091c7e 1953->1957 1955 7ff6df091c76 1954->1955 1956 7ff6df091ce9-7ff6df091d15 call 7ff6df0d3814 call 7ff6df0cc440 1954->1956 1955->1957 1960 7ff6df091c80-7ff6df091c89 call 7ff6df0d39e4 1957->1960 1961 7ff6df091c93-7ff6df091c96 1957->1961 1966 7ff6df091c98-7ff6df091c9b 1960->1966 1974 7ff6df091c8b-7ff6df091c8f 1960->1974 1961->1956 1961->1966 1962->1963 1963->1950 1970 7ff6df091ca2-7ff6df091cb3 call 7ff6df091f50 1966->1970 1971 7ff6df091c9d-7ff6df091ca0 1966->1971 1977 7ff6df091cb5-7ff6df091ce0 call 7ff6df0d39ac 1970->1977 1978 7ff6df091d16-7ff6df091d47 call 7ff6df088ae0 1970->1978 1971->1956 1974->1961 1977->1956 1983 7ff6df091ecf-7ff6df091ed4 call 7ff6df072550 1978->1983 1984 7ff6df091d4d-7ff6df091d69 1978->1984 1995 7ff6df091ed5-7ff6df091eda call 7ff6df072490 1983->1995 1986 7ff6df091d8a-7ff6df091dad 1984->1986 1987 7ff6df091d6b-7ff6df091d7a 1984->1987 1990 7ff6df091daf-7ff6df091db6 1986->1990 1991 7ff6df091ddb-7ff6df091dde 1986->1991 1987->1986 1989 7ff6df091d7c-7ff6df091d86 1987->1989 1989->1986 1990->1995 1996 7ff6df091dbc-7ff6df091dc7 call 7ff6df0cc580 1990->1996 1993 7ff6df091de0-7ff6df091de8 call 7ff6df0cc580 1991->1993 1994 7ff6df091dea 1991->1994 2000 7ff6df091dec-7ff6df091e19 1993->2000 1994->2000 2006 7ff6df091edb-7ff6df091efc call 7ff6df0ae56c 1995->2006 1996->2006 2007 7ff6df091dcd-7ff6df091dd9 1996->2007 2004 7ff6df091e80-7ff6df091ea6 call 7ff6df0cea30 call 7ff6df0ce510 call 7ff6df0cea30 2000->2004 2005 7ff6df091e1b-7ff6df091e5c call 7ff6df0cea30 call 7ff6df0ce510 call 7ff6df0cea30 2000->2005 2025 7ff6df091eab-7ff6df091ece 2004->2025 2027 7ff6df091e5e-7ff6df091e71 2005->2027 2028 7ff6df091e76-7ff6df091e7e call 7ff6df0cc8e4 2005->2028 2016 7ff6df091efe-7ff6df091f04 2006->2016 2017 7ff6df091f44-7ff6df091f49 2006->2017 2007->2000 2016->2017 2020 7ff6df091f06-7ff6df091f18 2016->2020 2023 7ff6df091f32-7ff6df091f40 call 7ff6df0cc8e4 2020->2023 2024 7ff6df091f1a-7ff6df091f2d 2020->2024 2023->2017 2029 7ff6df091f2f 2024->2029 2030 7ff6df091f4a-7ff6df091f4f call 7ff6df0ae56c 2024->2030 2027->2006 2032 7ff6df091e73 2027->2032 2028->2025 2029->2023 2032->2028
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_task$Facet_Register_invalid_parameter_noinfo_noreturn$Locinfo::_Locinfo_ctor__std_exception_copy
      • String ID:
      • API String ID: 547876327-0
      • Opcode ID: 419aece7a95726e8b14d84824d5ede77fc41d941f359a36a29c7aab817f89eb2
      • Instruction ID: e15a7055148304aec6e439cb30934ace720b45f02fbc16b8e7cf2030d75dcb6d
      • Opcode Fuzzy Hash: 419aece7a95726e8b14d84824d5ede77fc41d941f359a36a29c7aab817f89eb2
      • Instruction Fuzzy Hash: 96D1D462B18B4190EF14DB16E8602BD6365FB88BD4F584633EA5D8B7D5EF3CE4618700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0AB510 Relevance: 15.4, APIs: 6, Strings: 2, Instructions: 1406COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: iterator does not fit current value$iterator out of range
      • API String ID: 0-1046077056
      • Opcode ID: 3a3940073ea05fff7c7397e53fce3ef79faf48c6a5268317bec3148e13283907
      • Instruction ID: bfa81cda593ddcd41314ece048117eae76cf1aec433b9d5c110950452121b9d3
      • Opcode Fuzzy Hash: 3a3940073ea05fff7c7397e53fce3ef79faf48c6a5268317bec3148e13283907
      • Instruction Fuzzy Hash: 0AD28D62B09B9989EB00CBB9D4A03AC3BB0F719B48F548426DF8D97B59DF38D561C350
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D6EF4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
      • String ID:
      • API String ID: 1617910340-0
      • Opcode ID: 6305d654d880c265465ec88e1e3bb8ce9f9decaff5ee571d2c1cd0f376e67421
      • Instruction ID: 792d2813a5e102d4265675a4253084381a15a577eec0706c980d3950c1d05630
      • Opcode Fuzzy Hash: 6305d654d880c265465ec88e1e3bb8ce9f9decaff5ee571d2c1cd0f376e67421
      • Instruction Fuzzy Hash: 6EC19136B24A4286EB10CFA5D8A16BD3775EB89B98B015236DE1ED77D4CF38D466C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0959C0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 498fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: File$PointerReadSize_invalid_parameter_noinfo_noreturn
      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 2478245620-1866435925
      • Opcode ID: ebc14059675afdffc1c0e00e02e81ee7f2b23703b5d5e47db5ed10acfccf5cca
      • Instruction ID: 041f1d66be654b088dbb059dbb397750f7cd89a818cb3ed2840ae264aebb2ce1
      • Opcode Fuzzy Hash: ebc14059675afdffc1c0e00e02e81ee7f2b23703b5d5e47db5ed10acfccf5cca
      • Instruction Fuzzy Hash: 80421932A15BC589EB20CF29D8903ED77A1FB85748F448236DA4D87B59EF78D664C700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A8090 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
      • String ID: parse_error
      • API String ID: 1944019136-3903021949
      • Opcode ID: 3503dd9d560496cc456b1a85817b0fc74169cb4bb1818516a66f2a5e07f554f2
      • Instruction ID: d7d09a8b8d23ada7ed79617c3503cc747c8688b64838b22c5dea6b73c07266ae
      • Opcode Fuzzy Hash: 3503dd9d560496cc456b1a85817b0fc74169cb4bb1818516a66f2a5e07f554f2
      • Instruction Fuzzy Hash: C2A1A162F14B8185EB10CB65E4643BD3361FB85798F509332EA9C57AD9EF78E1A4C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0C6678 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
      • String ID: utf8
      • API String ID: 3069159798-905460609
      • Opcode ID: cae4d8fe2d339fedd3641ce39a67522b094084baf9723c6f317c4c3e480531b0
      • Instruction ID: 7d3070f0632ede3615b3ae3d0c37c4ef1f1b7ec2bea834fc8df4cdc12c4ef13e
      • Opcode Fuzzy Hash: cae4d8fe2d339fedd3641ce39a67522b094084baf9723c6f317c4c3e480531b0
      • Instruction Fuzzy Hash: E2918C32A0878286FB349F22D5612BD23A4EF84B84F444632DE5D8779ADF3CE565C721
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0C70C0 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
      • String ID:
      • API String ID: 2591520935-0
      • Opcode ID: 1b101f68b72b9e63831ac9c1a8c55107b6bd1a777d81b40b91e723d4836e9b85
      • Instruction ID: 7b86c8a6a659ad9cae9ebce15d46b10f281c2292a09cbb48c2d75e60ee79af4b
      • Opcode Fuzzy Hash: 1b101f68b72b9e63831ac9c1a8c55107b6bd1a777d81b40b91e723d4836e9b85
      • Instruction Fuzzy Hash: 7F716B22F0860289FB219B65E9606BD33A4BF44B48F448537CE1DD7695EF3CE865C360
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A7180 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 378COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: parse_error$value
      • API String ID: 0-1739288027
      • Opcode ID: c606767a549cfb17dded79a14f1380d0adaa52440e96362eae97215e151a2f73
      • Instruction ID: fee41e23049737e9ea42be146464723427c085842e5156c2143b6feb59385adf
      • Opcode Fuzzy Hash: c606767a549cfb17dded79a14f1380d0adaa52440e96362eae97215e151a2f73
      • Instruction Fuzzy Hash: FA02B562F18A8295FB10CB74D4616FD77A1EB95398F509232DA4C979DAEF3CE1A4C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0AE280 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
      • String ID:
      • API String ID: 1239891234-0
      • Opcode ID: 232773d37e55a069ded19441184962d741e03d13251d397c164fd4b25c33d808
      • Instruction ID: 9aa50ccbaeb36275a480323cace04512f56b48be0d93b554babba45731b2cb36
      • Opcode Fuzzy Hash: 232773d37e55a069ded19441184962d741e03d13251d397c164fd4b25c33d808
      • Instruction Fuzzy Hash: 96316032608F8186EB60CF25E8506EE73A4FB88758F504136EA9D83B94EF3CD565CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A83A0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 429COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: cannot get value$value
      • API String ID: 0-2898753692
      • Opcode ID: e4b3684f87bd621bf198c0071bfaada2cc9814266a7fd9d59047bb45257ba9fe
      • Instruction ID: 85c41eba3746e05344d7595547c5f5e9c6ecf3e1272c84bb92df5e4850a78e5d
      • Opcode Fuzzy Hash: e4b3684f87bd621bf198c0071bfaada2cc9814266a7fd9d59047bb45257ba9fe
      • Instruction Fuzzy Hash: 8C02CF63B08A8295EB10CB35D8A16FD77B1EB95788F444233EB4C97A9ADF38D565C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0CD3CC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
      • String ID:
      • API String ID: 2933794660-0
      • Opcode ID: c31ceebb870f15682e9cbc60434d20966c96c390c5f1a515c1752a9c8c79f626
      • Instruction ID: b9a885baf6ae3fcdb37364cb3b52b9c134d129659afaa5db622a4b94d700ad5d
      • Opcode Fuzzy Hash: c31ceebb870f15682e9cbc60434d20966c96c390c5f1a515c1752a9c8c79f626
      • Instruction Fuzzy Hash: F1112E36B18F018AEB00DF61E8542BC33A4F719768F441E36DA6D877A4DF78D1A58340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B6110 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: memcpy_s
      • String ID:
      • API String ID: 1502251526-0
      • Opcode ID: 8101bab96facb9530bfb020494a0e1e968264cdbe7156957248635d7c5768935
      • Instruction ID: 0964052a273beb0334d982228bced5bc2986db7138d53392dd4b59b1018fe684
      • Opcode Fuzzy Hash: 8101bab96facb9530bfb020494a0e1e968264cdbe7156957248635d7c5768935
      • Instruction Fuzzy Hash: 49C1D372B1C68687EB24CF19E15466EB7A1F798B84F448536DB4A83784DF3DE821CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BA4DC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID: GetLocaleInfoEx
      • API String ID: 2299586839-2904428671
      • Opcode ID: f065cd492f56ebf8fdb96fbee4f494c41a6fd0c3a67e997235c05111211f873c
      • Instruction ID: 6a092d9d02e874492f3c882c6e39bb190cccef7a9a4ff471045f8562e9e1eb14
      • Opcode Fuzzy Hash: f065cd492f56ebf8fdb96fbee4f494c41a6fd0c3a67e997235c05111211f873c
      • Instruction Fuzzy Hash: 4F01D121B0CB8285EB408B56B4500AEB760FF98BC0F588437EE4DC7BA9CE3CD5658340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BD488 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ExceptionRaise_clrfp
      • String ID:
      • API String ID: 15204871-0
      • Opcode ID: f4a5526b932b69e9ce5f40527f91a572126b7255d163c3a713e7a1986eaa3783
      • Instruction ID: 454627d82b7b0a77118e9e0c3030018afc40e94a5438a0ea851bd164d348a0e5
      • Opcode Fuzzy Hash: f4a5526b932b69e9ce5f40527f91a572126b7255d163c3a713e7a1986eaa3783
      • Instruction Fuzzy Hash: EFB16D73A05B898BEB15CF29C85636C7BA0F744B88F148922DB5D837A4CF39D461C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF075AD0 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: AcquireExclusiveLock
      • String ID: dumps$emoji
      • API String ID: 4021432409-2873254224
      • Opcode ID: 3f1f093d587588a36e019ea42e551b905328b6084370b8046c144ffb50549b2f
      • Instruction ID: 957fc0d76e156cfcb63d2a40f43bd30295c37a0d7576f6e3ac216758b4b61745
      • Opcode Fuzzy Hash: 3f1f093d587588a36e019ea42e551b905328b6084370b8046c144ffb50549b2f
      • Instruction Fuzzy Hash: ACC17A32E15B86C9E700CF75E9801AC33B5EB49788B405276EE4CA7B99DF38E1A5C344
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BBF9C Relevance: 2.6, Strings: 2, Instructions: 144COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: e+000$gfff
      • API String ID: 0-3030954782
      • Opcode ID: bcb0979baf6f2a0dc32efa5edafdd338046048a5fea5f299f9dee62206340c8c
      • Instruction ID: 84a738a0e96d4262b35ac2366be3a519f3fbb8b54a378d6cea6e2a86f9d73ded
      • Opcode Fuzzy Hash: bcb0979baf6f2a0dc32efa5edafdd338046048a5fea5f299f9dee62206340c8c
      • Instruction Fuzzy Hash: F8513662B286C586E7248F35986076EAB95E745B94F08CA32CB98CBAD5CF3DE450C700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0C69D4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF6DF0B8318: GetLastError.KERNEL32 ref: 00007FF6DF0B8327
        • Part of subcall function 00007FF6DF0B8318: FlsGetValue.KERNEL32 ref: 00007FF6DF0B833C
        • Part of subcall function 00007FF6DF0B8318: SetLastError.KERNEL32 ref: 00007FF6DF0B83C7
      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6DF0C71C3,?,00000000,00000092,?,?,00000000,?,00007FF6DF0B8F01), ref: 00007FF6DF0C6A72
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystemValue
      • String ID:
      • API String ID: 3029459697-0
      • Opcode ID: 15be25467689dc08095486fceb79fd93fb848ed56f233dc2ec919878b58a73fd
      • Instruction ID: e7cdd148738e2b8310ed081e660c2d8bcb814064b2494ef8728d99c15e826374
      • Opcode Fuzzy Hash: 15be25467689dc08095486fceb79fd93fb848ed56f233dc2ec919878b58a73fd
      • Instruction Fuzzy Hash: F911B467A08645CAEB259F15D0906ACB7A0FB90FA4F449136D66D833D0DE38D5E1CB50
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0C6AA4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF6DF0B8318: GetLastError.KERNEL32 ref: 00007FF6DF0B8327
        • Part of subcall function 00007FF6DF0B8318: FlsGetValue.KERNEL32 ref: 00007FF6DF0B833C
        • Part of subcall function 00007FF6DF0B8318: SetLastError.KERNEL32 ref: 00007FF6DF0B83C7
      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6DF0C717F,?,00000000,00000092,?,?,00000000,?,00007FF6DF0B8F01), ref: 00007FF6DF0C6B22
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystemValue
      • String ID:
      • API String ID: 3029459697-0
      • Opcode ID: 94c53289251789d7f71ffd127a5f3d4f02ca299b4af7a6dfa8e9d981be19ec78
      • Instruction ID: 4cfe9938c8410d086d2793e5e7e89663e8f27146b053321eeec04806250c7b4a
      • Opcode Fuzzy Hash: 94c53289251789d7f71ffd127a5f3d4f02ca299b4af7a6dfa8e9d981be19ec78
      • Instruction Fuzzy Hash: 6F01B1A2F0828286EB205B15E5607BEBBE1EB40BA4F459233D66C872D4CF7994E1C700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B9F9C Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6DF0BA3EB,?,?,?,?,?,?,?,?,00000000,00007FF6DF0C6024), ref: 00007FF6DF0B9FEB
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: EnumLocalesSystem
      • String ID:
      • API String ID: 2099609381-0
      • Opcode ID: bb03dad6bfc93157cce2339d4a2506c1db6583d6fd6528948ede6fef768c66be
      • Instruction ID: ee5d7436d0d4064f3eac4b4848e4507e2ed05f62b78ba5f0d0d4c924b1d5d97d
      • Opcode Fuzzy Hash: bb03dad6bfc93157cce2339d4a2506c1db6583d6fd6528948ede6fef768c66be
      • Instruction Fuzzy Hash: DAF019B6B08B4583E704DB16E8A05A93365EB98784F948037DA5DC3765DF7CD8718300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BBB08 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: gfffffff
      • API String ID: 0-1523873471
      • Opcode ID: 27cb439475e82ecb28d5fff70dc598369cf91446bdfbb9a1551da527ae7a01bc
      • Instruction ID: deb5497428123da3e18720aeaaa32d532f44e618a5efbe9bbe1907c4c321cafd
      • Opcode Fuzzy Hash: 27cb439475e82ecb28d5fff70dc598369cf91446bdfbb9a1551da527ae7a01bc
      • Instruction Fuzzy Hash: 3AA156A2A087C687EB25CF26A4207AE7B91EB607C4F018432DF8D87795EE3DD411C701
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF080790 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
      Download Yara Rule
      Strings
      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF6DF080819
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
      • API String ID: 0-1713319389
      • Opcode ID: 52bd2959f18820258bf82267d1548700a3730a9b899ad7775dfc78fafd797603
      • Instruction ID: 47efe48ea5c4d7f010a8e6718910227c6c944b74df97076ae5e2a87101816846
      • Opcode Fuzzy Hash: 52bd2959f18820258bf82267d1548700a3730a9b899ad7775dfc78fafd797603
      • Instruction Fuzzy Hash: 5641C363A1D6E08AD702CB39841127D7FB2E766B88B1CC162DBD88774ADA2DD256C710
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0510E0 Relevance: .6, Instructions: 588COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9c67487f25f27a81f9c88534c1435f214ab043a6f9bb0a0e72422fd12cb374a2
      • Instruction ID: e0dc8e8f764f7dddf4e7d9776c5402f7185f484d514216327dc99919f131521e
      • Opcode Fuzzy Hash: 9c67487f25f27a81f9c88534c1435f214ab043a6f9bb0a0e72422fd12cb374a2
      • Instruction Fuzzy Hash: 31729232905FC5AED7618F39DC802E877A8F759788F509226EA8C5BB59EF709394C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B0874 Relevance: .3, Instructions: 327COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 29da48a445a8d74a530d1f9310ddd391d06b70c14c42cab432ab39b56ae3622f
      • Instruction ID: 44acaf2666873c9b833cdf3b23b09ed4a45eaafcaec423d8b5e78f8fa6663739
      • Opcode Fuzzy Hash: 29da48a445a8d74a530d1f9310ddd391d06b70c14c42cab432ab39b56ae3622f
      • Instruction Fuzzy Hash: F2D1CF22A0864786FB688F29847467D37A0FF45B48F188A37CE4E97695DF3DE865C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B8D50 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
      • String ID:
      • API String ID: 4023145424-0
      • Opcode ID: a60a87b73dc126d53cd38972014eeb2ae2649f6c6f5a23fb58f30f8edbbfe1f3
      • Instruction ID: fd76be7277940e884608a1563b255fc8dcf9021adba2edde25a6488f47de664d
      • Opcode Fuzzy Hash: a60a87b73dc126d53cd38972014eeb2ae2649f6c6f5a23fb58f30f8edbbfe1f3
      • Instruction Fuzzy Hash: 73C1D666B0868285EB609B62D8203BE67E5FB94B8CF408833DE4DC7695DF3CD565C700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B036C Relevance: .2, Instructions: 241COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: bfaab0e22a10d019a9d37feb41161a6f82f575a0615b00055f0a527e1dc41d23
      • Instruction ID: 6bb19b137c8bd96e9b35734a6bc099bc4d147061a89ffc7a20b18d7af360ea4b
      • Opcode Fuzzy Hash: bfaab0e22a10d019a9d37feb41161a6f82f575a0615b00055f0a527e1dc41d23
      • Instruction Fuzzy Hash: 8DB180B290879589EB648F39C06023D3BA4FB45B48F288537CB4E87795DF39D961C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D4F90 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: 016e06e118f6e72abd969c81d9ee1565c237d24093ddecda5226a23047575563
      • Instruction ID: 38a719daee746976274d33948e7b70194c291f48698971cff15fa66c25d036ab
      • Opcode Fuzzy Hash: 016e06e118f6e72abd969c81d9ee1565c237d24093ddecda5226a23047575563
      • Instruction Fuzzy Hash: 5481B172A04B5186EB60CF25D8A17BD27A4FB84B98F544637EE1EC7B99CF38D0618340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BC61C Relevance: .2, Instructions: 198COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: cb0076737848a656ac8b0bf958e11f50487e780bbf46ce8457cc12b5fc7fd19b
      • Instruction ID: bff1734abca2bd73396425bee6695740bd51697518b0ce0016eadac9e824d05f
      • Opcode Fuzzy Hash: cb0076737848a656ac8b0bf958e11f50487e780bbf46ce8457cc12b5fc7fd19b
      • Instruction Fuzzy Hash: E981D4B2A0878186E774CB1994A077E6B91FB457D4F14863BDA9E87B99DF3CD410CB00
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D69A8 Relevance: .2, Instructions: 183COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: e88f7f6b4088201f1d6d54c4c9254369c597506d9e09caf11f39825c8fb400bd
      • Instruction ID: d17f9b4481cfbe22d4a058fda117b2a83af2d74b9ab1b3714f6749b0160c2516
      • Opcode Fuzzy Hash: e88f7f6b4088201f1d6d54c4c9254369c597506d9e09caf11f39825c8fb400bd
      • Instruction Fuzzy Hash: B161F922F1969286FB688A2C8C7427D6790AFC1774F144237D66DC7ED1DE7DE8A08700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0AF7A0 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
      • Instruction ID: ab9456eb5f44b58e3bb3e8e76666f4a97993a54c7aa90a4660a96022f757302f
      • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
      • Instruction Fuzzy Hash: 23518236A1879285E7248B29D060A3C77E1EB4DB59F244172CE4D97798CF3AEC63D740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0AF9A4 Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
      • Instruction ID: 314e37203917dbfb8fae56fdceaef1728b4faaa4c7bf91b7dcaf65b42ea75032
      • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
      • Instruction Fuzzy Hash: BC518576A2879186E7248B29D060A7C77E0EB5CF59F245132CE4D87794DF3AE863C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0AF59C Relevance: .1, Instructions: 145COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
      • Instruction ID: 1ce45c5210b9f0b7d35229ba06ab385fe705a8f30f0a60df224b59297cd5638a
      • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
      • Instruction Fuzzy Hash: 02515F36A1879186EB248F29D064A3C37E4EB4DB59F245132CE4D977A4CF3AE863C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BB200 Relevance: .1, Instructions: 126COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ErrorFreeHeapLast
      • String ID:
      • API String ID: 485612231-0
      • Opcode ID: c38df702ad1cd7bd8676610964d002ed7ee257a7de35b02d7e799bc71ac0ca8b
      • Instruction ID: e8ab0bcb68b00c9aa582a5c4ca0f6f102c941a13011c571ee469d5349fda7614
      • Opcode Fuzzy Hash: c38df702ad1cd7bd8676610964d002ed7ee257a7de35b02d7e799bc71ac0ca8b
      • Instruction Fuzzy Hash: 5941BFB2718A5586EF44CF2AD96416E63A1FB48FD0B499433EE4D87B58DF7CD0628300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B8318 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1742 7ff6df0b8318-7ff6df0b833a GetLastError 1743 7ff6df0b8359-7ff6df0b8364 FlsSetValue 1742->1743 1744 7ff6df0b833c-7ff6df0b8347 FlsGetValue 1742->1744 1747 7ff6df0b8366-7ff6df0b8369 1743->1747 1748 7ff6df0b836b-7ff6df0b8370 1743->1748 1745 7ff6df0b8353 1744->1745 1746 7ff6df0b8349-7ff6df0b8351 1744->1746 1745->1743 1749 7ff6df0b83c5-7ff6df0b83d0 SetLastError 1746->1749 1747->1749 1750 7ff6df0b8375 call 7ff6df0bb708 1748->1750 1752 7ff6df0b83e5-7ff6df0b83fb call 7ff6df0ae684 1749->1752 1753 7ff6df0b83d2-7ff6df0b83e4 1749->1753 1751 7ff6df0b837a-7ff6df0b8386 1750->1751 1755 7ff6df0b8398-7ff6df0b83a2 FlsSetValue 1751->1755 1756 7ff6df0b8388-7ff6df0b838f FlsSetValue 1751->1756 1761 7ff6df0b8418-7ff6df0b8423 FlsSetValue 1752->1761 1762 7ff6df0b83fd-7ff6df0b8408 FlsGetValue 1752->1762 1759 7ff6df0b83a4-7ff6df0b83b4 FlsSetValue 1755->1759 1760 7ff6df0b83b6-7ff6df0b83c0 call 7ff6df0b80c8 call 7ff6df0baee0 1755->1760 1758 7ff6df0b8391-7ff6df0b8396 call 7ff6df0baee0 1756->1758 1758->1747 1759->1758 1760->1749 1768 7ff6df0b8425-7ff6df0b842a 1761->1768 1769 7ff6df0b8488-7ff6df0b848f call 7ff6df0ae684 1761->1769 1765 7ff6df0b8412 1762->1765 1766 7ff6df0b840a-7ff6df0b840e 1762->1766 1765->1761 1766->1769 1771 7ff6df0b8410 1766->1771 1773 7ff6df0b842f call 7ff6df0bb708 1768->1773 1775 7ff6df0b847f-7ff6df0b8487 1771->1775 1777 7ff6df0b8434-7ff6df0b8440 1773->1777 1778 7ff6df0b8452-7ff6df0b845c FlsSetValue 1777->1778 1779 7ff6df0b8442-7ff6df0b8449 FlsSetValue 1777->1779 1781 7ff6df0b8470-7ff6df0b847a call 7ff6df0b80c8 call 7ff6df0baee0 1778->1781 1782 7ff6df0b845e-7ff6df0b846e FlsSetValue 1778->1782 1780 7ff6df0b844b-7ff6df0b8450 call 7ff6df0baee0 1779->1780 1780->1769 1781->1775 1782->1780
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Value$ErrorLast$Heap$AllocFree
      • String ID:
      • API String ID: 570795689-0
      • Opcode ID: 142b0d750e11022f993b11fa3105a8e5230c7cf4a8e06bc9f771e789c5e31b15
      • Instruction ID: 35939136b7a2a62ac061966cd935b44da9c30161d8f826c6804ebbb70fde252b
      • Opcode Fuzzy Hash: 142b0d750e11022f993b11fa3105a8e5230c7cf4a8e06bc9f771e789c5e31b15
      • Instruction Fuzzy Hash: 6F410A60A0D60246FA58B721597517E23829F84BB0F588F37DD3EDB6E6DF2CB4728610
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A4680 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 364COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1788 7ff6df0a4680-7ff6df0a46d8 call 7ff6df075f00 1791 7ff6df0a46de-7ff6df0a4711 1788->1791 1792 7ff6df0a47fb-7ff6df0a4816 call 7ff6df07fc60 1788->1792 1793 7ff6df0a4720-7ff6df0a473f call 7ff6df07fc60 1791->1793 1794 7ff6df0a4713-7ff6df0a471c call 7ff6df081860 1791->1794 1801 7ff6df0a49d1-7ff6df0a4a08 call 7ff6df0a5160 1792->1801 1802 7ff6df0a481c-7ff6df0a485f call 7ff6df0a4c00 1792->1802 1804 7ff6df0a4741 1793->1804 1805 7ff6df0a4744-7ff6df0a475b call 7ff6df07fc60 1793->1805 1794->1793 1810 7ff6df0a4a10-7ff6df0a4a18 1801->1810 1812 7ff6df0a4862-7ff6df0a4869 1802->1812 1804->1805 1815 7ff6df0a477a-7ff6df0a478b call 7ff6df082050 1805->1815 1816 7ff6df0a475d-7ff6df0a4778 1805->1816 1810->1810 1814 7ff6df0a4a1a-7ff6df0a4a22 1810->1814 1812->1812 1813 7ff6df0a486b-7ff6df0a487a 1812->1813 1818 7ff6df0a4889-7ff6df0a488c 1813->1818 1819 7ff6df0a487c-7ff6df0a4885 call 7ff6df081860 1813->1819 1820 7ff6df0a4a31-7ff6df0a4a4a call 7ff6df07fc60 1814->1820 1821 7ff6df0a4a24-7ff6df0a4a2d call 7ff6df081860 1814->1821 1822 7ff6df0a4790-7ff6df0a47b8 call 7ff6df07fc60 1815->1822 1816->1822 1825 7ff6df0a4890-7ff6df0a4898 1818->1825 1819->1818 1836 7ff6df0a4a50-7ff6df0a4a58 1820->1836 1821->1820 1833 7ff6df0a47eb-7ff6df0a47f7 1822->1833 1834 7ff6df0a47ba-7ff6df0a47cb 1822->1834 1825->1825 1830 7ff6df0a489a-7ff6df0a48c5 call 7ff6df07fc60 * 2 1825->1830 1849 7ff6df0a48c7 1830->1849 1850 7ff6df0a48ca-7ff6df0a48e1 call 7ff6df07fc60 1830->1850 1833->1792 1837 7ff6df0a47e6 call 7ff6df0cc8e4 1834->1837 1838 7ff6df0a47cd-7ff6df0a47e0 1834->1838 1836->1836 1840 7ff6df0a4a5a-7ff6df0a4a8e call 7ff6df07fc60 * 2 1836->1840 1837->1833 1838->1837 1841 7ff6df0a4be0-7ff6df0a4be5 call 7ff6df0ae56c 1838->1841 1855 7ff6df0a4ac1-7ff6df0a4acd 1840->1855 1856 7ff6df0a4a90-7ff6df0a4aa1 1840->1856 1852 7ff6df0a4be6-7ff6df0a4beb call 7ff6df0ae56c 1841->1852 1849->1850 1863 7ff6df0a4900-7ff6df0a4911 call 7ff6df082050 1850->1863 1864 7ff6df0a48e3-7ff6df0a48fe 1850->1864 1869 7ff6df0a4bec-7ff6df0a4bf1 call 7ff6df0ae56c 1852->1869 1862 7ff6df0a4ad1-7ff6df0a4ad4 1855->1862 1859 7ff6df0a4aa3-7ff6df0a4ab6 1856->1859 1860 7ff6df0a4abc call 7ff6df0cc8e4 1856->1860 1859->1860 1867 7ff6df0a4bf2-7ff6df0a4bf7 call 7ff6df0ae56c 1859->1867 1860->1855 1870 7ff6df0a4bc6-7ff6df0a4bd9 1862->1870 1871 7ff6df0a4ada-7ff6df0a4b0d call 7ff6df0a5160 1862->1871 1865 7ff6df0a4916-7ff6df0a493e call 7ff6df07fc60 1863->1865 1864->1865 1880 7ff6df0a4971-7ff6df0a4989 1865->1880 1881 7ff6df0a4940-7ff6df0a4951 1865->1881 1869->1867 1882 7ff6df0a4b10-7ff6df0a4b18 1871->1882 1885 7ff6df0a498b-7ff6df0a499c 1880->1885 1886 7ff6df0a49bc-7ff6df0a49cc 1880->1886 1883 7ff6df0a4953-7ff6df0a4966 1881->1883 1884 7ff6df0a496c call 7ff6df0cc8e4 1881->1884 1882->1882 1887 7ff6df0a4b1a-7ff6df0a4b22 1882->1887 1883->1852 1883->1884 1884->1880 1889 7ff6df0a499e-7ff6df0a49b1 1885->1889 1890 7ff6df0a49b7 call 7ff6df0cc8e4 1885->1890 1886->1862 1891 7ff6df0a4b31-7ff6df0a4b42 call 7ff6df07fc60 1887->1891 1892 7ff6df0a4b24-7ff6df0a4b2d call 7ff6df081860 1887->1892 1889->1869 1889->1890 1890->1886 1896 7ff6df0a4b47-7ff6df0a4b4e 1891->1896 1892->1891 1896->1896 1898 7ff6df0a4b50-7ff6df0a4b87 call 7ff6df07fc60 * 2 1896->1898 1903 7ff6df0a4bb6-7ff6df0a4bc2 1898->1903 1904 7ff6df0a4b89-7ff6df0a4b9a 1898->1904 1903->1870 1905 7ff6df0a4bb1 call 7ff6df0cc8e4 1904->1905 1906 7ff6df0a4b9c-7ff6df0a4baf 1904->1906 1905->1903 1906->1905 1907 7ff6df0a4bda-7ff6df0a4bdf call 7ff6df0ae56c 1906->1907 1907->1841
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn
      • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
      • API String ID: 3668304517-4239264347
      • Opcode ID: bf2c6a3dbc4ebe8e6f6f02efdb94b6935a189523ced9c98331939a6088174238
      • Instruction ID: 36e58735344d04177eb6b3e22c971fb173bebe861f67467b14c1fd949c3984a6
      • Opcode Fuzzy Hash: bf2c6a3dbc4ebe8e6f6f02efdb94b6935a189523ced9c98331939a6088174238
      • Instruction Fuzzy Hash: 57F1D466F1468188FB00DBA4E4503EC3BB2FB457A8F604236DE1CA7AD9DF7895A5C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF073BC0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 278COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy__std_fs_code_page
      • String ID: ", "$: "
      • API String ID: 2261858363-747220369
      • Opcode ID: 2d0fd51da2a97440119ab09b1080441983739d265db453ad23bb54c0850d6247
      • Instruction ID: 585eedb2d744a0ab715922284f12b2cc690a726ceae815ebbc7960005b664f0c
      • Opcode Fuzzy Hash: 2d0fd51da2a97440119ab09b1080441983739d265db453ad23bb54c0850d6247
      • Instruction Fuzzy Hash: 4EA1AC72B08A8185FB04DF65E4A43AD3366FB48B88F508532DE5C87B9ADF79D4A5C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF091F50 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
      • String ID: bad locale name$false$true
      • API String ID: 164343898-1062449267
      • Opcode ID: 0e023d3a70087abb8cb7f41ef3c4db963ea3e006f3ebe339350d3f2a4e60cca4
      • Instruction ID: 09b5bd7b80d73f73ae581426f94bfc399248f0d04470c89c65736078db43f86b
      • Opcode Fuzzy Hash: 0e023d3a70087abb8cb7f41ef3c4db963ea3e006f3ebe339350d3f2a4e60cca4
      • Instruction Fuzzy Hash: D2715D22B09B418AEB15DF61E8602BC33B5EF94748F184136DE4DA7A99DF38E471D348
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF09EF10 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Session$ExclusiveLock$AcquireListProcess$CurrentRegisterReleaseResourcesStart
      • String ID:
      • API String ID: 1125094793-0
      • Opcode ID: 9224aefd456c5a56f14eb00f4f82c7ff3c1e505fea830415aac720a8f641c836
      • Instruction ID: 69ed09678ff4a2adf62136a42e34c115be1f1c5e9504fff7d989a1f7817f1230
      • Opcode Fuzzy Hash: 9224aefd456c5a56f14eb00f4f82c7ff3c1e505fea830415aac720a8f641c836
      • Instruction Fuzzy Hash: 36514E72B086428AF710CFA5E8606AC33B5FB88758F444536DA4ED7B94EF38E925C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B1CC4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: f$p$p
      • API String ID: 3215553584-1995029353
      • Opcode ID: 041123ea1ae73b1056cdf3cb09bcf9ac158754c1906be7325b4519b920a27214
      • Instruction ID: abcc4ed946b8a26679ef1995f26f1d6f0371259edb7c0ec0ef26a5c331b2d418
      • Opcode Fuzzy Hash: 041123ea1ae73b1056cdf3cb09bcf9ac158754c1906be7325b4519b920a27214
      • Instruction Fuzzy Hash: B7129F22E1814386FB21AB15D5642BE77A1FB50754F944937EEA9C76C8DF3CE8A0CB04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0C2C20 Relevance: 10.8, APIs: 7, Instructions: 290COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID:
      • API String ID: 3215553584-0
      • Opcode ID: b4da801f1259168053745cd1e4cf0e15fe88548eb24a1c6b213108a9908027a9
      • Instruction ID: cbd76e43bc6d2c3162b835c3243c33979f7f5523229aaf44100a6062e572b7c4
      • Opcode Fuzzy Hash: b4da801f1259168053745cd1e4cf0e15fe88548eb24a1c6b213108a9908027a9
      • Instruction Fuzzy Hash: 41C10532A0C78641E7609B1594602BE7B55FF90B80F5A4137EE4E87BA1CF7CE865C360
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0ACB00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
      • String ID: invalid_iterator
      • API String ID: 1944019136-2508626007
      • Opcode ID: ad605efa5f4ff98795b83beeeb94bd7016d81a0ad85fffbed83e05510bcfadb6
      • Instruction ID: 4e1c72ca0246b8724714c174fe9dce50473c4f3d1a6f08dedc15562410ca03b5
      • Opcode Fuzzy Hash: ad605efa5f4ff98795b83beeeb94bd7016d81a0ad85fffbed83e05510bcfadb6
      • Instruction Fuzzy Hash: C8718363F19B8185FB00DB79D4607BC3361AB95798F509232DE6C97AD9EE38E1A5C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF081A80 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
      • String ID: other_error
      • API String ID: 1944019136-896093151
      • Opcode ID: 3027fed06361fb3a5dadd376c1d5dac625760c33528e380cba5ef62c381b4d6e
      • Instruction ID: 4d9910a4949b17f9b9d95a7ffd802e9197c222f9547feeebec4b8bb71dc22cba
      • Opcode Fuzzy Hash: 3027fed06361fb3a5dadd376c1d5dac625760c33528e380cba5ef62c381b4d6e
      • Instruction Fuzzy Hash: 9F719462F18B8198FB00DB75D4603AC3361AF953A8F509333EA5C97AD9EE78D1A5C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF080FD0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
      • String ID: type_error
      • API String ID: 1944019136-1406221190
      • Opcode ID: a71837deddd9ef77c740ff3000a57f75b4692660e40bbd89b3af669be55d46cc
      • Instruction ID: b2b6dfdee58528a8e6d51ac0f4476805344157bf7a8b308ee9b25eaaefd3dc95
      • Opcode Fuzzy Hash: a71837deddd9ef77c740ff3000a57f75b4692660e40bbd89b3af669be55d46cc
      • Instruction Fuzzy Hash: 1D719563F19B8198FB00DB75D4613EC2321AF857A8F509332DE6C976D9EE78A1A5C304
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0946D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
      • String ID: at line $, column
      • API String ID: 729085983-191570568
      • Opcode ID: 4aa65757a4dfbd17e01377d747f016017521376861a771e4b66811c38d452e8c
      • Instruction ID: 8388d0126899ede0cd2a28ee89bfc397d54934e379bac38b962461ba2df73f2d
      • Opcode Fuzzy Hash: 4aa65757a4dfbd17e01377d747f016017521376861a771e4b66811c38d452e8c
      • Instruction Fuzzy Hash: 1451C772A0878581EB14DB15E16426E7721FB85BD4F548232EB9C87BD6DF3CE1A1C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0CB0E0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
      • String ID: CONOUT$
      • API String ID: 3230265001-3130406586
      • Opcode ID: a31fbbc51efb013240dbae52d240f628ffe7e4362ba99ccc1f003ae6e1d3dd90
      • Instruction ID: 1544972ae848eb33c4bf25823398c5e022e6c02d0fc0c96d5f3ec6981bf492e9
      • Opcode Fuzzy Hash: a31fbbc51efb013240dbae52d240f628ffe7e4362ba99ccc1f003ae6e1d3dd90
      • Instruction Fuzzy Hash: 24119D72B18A4186E3508B56E86436D63A4FB98FE8F444236EE5EC77E4DF7CD8248740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D43D8 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ByteCharMultiStringWide
      • String ID:
      • API String ID: 2829165498-0
      • Opcode ID: 02d7407602bfee31715a6bc1cba33474870e9b56b20ba3235c26d731ac343351
      • Instruction ID: 7eabdb5e543c4fc77f95fa4bcc7dc4a325f4858787bc9e4ad7da11f55c179933
      • Opcode Fuzzy Hash: 02d7407602bfee31715a6bc1cba33474870e9b56b20ba3235c26d731ac343351
      • Instruction Fuzzy Hash: 1B81A076A0974186EB208F21E86037E63A1FF847A8F044636EA5E9BFC8DF7CD5558700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A3EA0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 311COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: LockitLockit::_std::_$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 3294575841-1866435925
      • Opcode ID: 361e196d3f17deaaceb189b7e2bc1bfaec2dfbc40cef2e27739264da22a5e767
      • Instruction ID: 52c740252d6e63782c1b77f446e6e770de86bbf510654d75aa339f149e675c1a
      • Opcode Fuzzy Hash: 361e196d3f17deaaceb189b7e2bc1bfaec2dfbc40cef2e27739264da22a5e767
      • Instruction Fuzzy Hash: 18D1CD36A08B8196EB14CF25E5602AD73A4FB48B84F544636CB9D837A5DF3DE2B5C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B8490 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,8000000000000000,00007FF6DF0B7459,?,?,?,?,00007FF6DF0BB7D0,?,?,?,00007FF6DF0CE247), ref: 00007FF6DF0B849F
      • FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6DF0B7459,?,?,?,?,00007FF6DF0BB7D0,?,?,?,00007FF6DF0CE247), ref: 00007FF6DF0B84D5
      • FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6DF0B7459,?,?,?,?,00007FF6DF0BB7D0,?,?,?,00007FF6DF0CE247), ref: 00007FF6DF0B8502
      • FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6DF0B7459,?,?,?,?,00007FF6DF0BB7D0,?,?,?,00007FF6DF0CE247), ref: 00007FF6DF0B8513
      • FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6DF0B7459,?,?,?,?,00007FF6DF0BB7D0,?,?,?,00007FF6DF0CE247), ref: 00007FF6DF0B8524
      • SetLastError.KERNEL32(?,?,8000000000000000,00007FF6DF0B7459,?,?,?,?,00007FF6DF0BB7D0,?,?,?,00007FF6DF0CE247), ref: 00007FF6DF0B853F
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Value$ErrorLast
      • String ID:
      • API String ID: 2506987500-0
      • Opcode ID: b1e42cd46dd091a5dc78ccb70ba89562456f872cb82161c5ad98c3cbe01ccb08
      • Instruction ID: 9933855f2704bb9655e881f93c7013ed2e2be1561e3703d5ccb646bc7b877932
      • Opcode Fuzzy Hash: b1e42cd46dd091a5dc78ccb70ba89562456f872cb82161c5ad98c3cbe01ccb08
      • Instruction Fuzzy Hash: 5E115E60A0D64242FA54A721696513E63926F887F0F548F37DC3ECB6E6DF6CE4628200
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A2A50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
      • String ID: cannot use at() with
      • API String ID: 1168246061-1462974127
      • Opcode ID: b0f02359b70497739aadaf27562320c49df78749e6bccfddbf07e9b7ed634968
      • Instruction ID: 429ae4eb2bec8fab2f4933a9b6ec6d606c7bab29b79c6c174ddecca1cc14df9d
      • Opcode Fuzzy Hash: b0f02359b70497739aadaf27562320c49df78749e6bccfddbf07e9b7ed634968
      • Instruction Fuzzy Hash: C4518032A18B4185EB20DF15E85027DB7A4FB94B94F584633DE9D87BA5DF7CD0A28700
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A42F0 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn
      • String ID:
      • API String ID: 3668304517-0
      • Opcode ID: 34f558122bf865e906197af462b18e5a852b25263ca10d9f4a0b1783e48121ce
      • Instruction ID: 56f24c14c7f68d4dfa8f93fcfd76c76b6519af0c7395a3d9250dbc860177b5f0
      • Opcode Fuzzy Hash: 34f558122bf865e906197af462b18e5a852b25263ca10d9f4a0b1783e48121ce
      • Instruction Fuzzy Hash: 32518966B16B8181EF08CF69E06436C73A5FB44F94F544636EB6C87A99DF2CD5A0C340
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0CB6FC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _set_statfp
      • String ID:
      • API String ID: 1156100317-0
      • Opcode ID: 3db377e8cdbf53e49e91e2e74fb0c015a106e25631abdc3b155b97891ea90345
      • Instruction ID: c35de75fbac9d2ab149233fbafca223d7ff8f66ab06c319d8eddf060d5c06581
      • Opcode Fuzzy Hash: 3db377e8cdbf53e49e91e2e74fb0c015a106e25631abdc3b155b97891ea90345
      • Instruction Fuzzy Hash: A01191A6E1CA0301F774152AE56637D5342AF543B4E080B36EE6E976FADE6CA8704224
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0B8558 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • FlsGetValue.KERNEL32(?,?,?,00007FF6DF0AE20F,?,?,00000000,00007FF6DF0AE4AA,?,?,?,?,8000000000000000,00007FF6DF0AE436), ref: 00007FF6DF0B8577
      • FlsSetValue.KERNEL32(?,?,?,00007FF6DF0AE20F,?,?,00000000,00007FF6DF0AE4AA,?,?,?,?,8000000000000000,00007FF6DF0AE436), ref: 00007FF6DF0B8596
      • FlsSetValue.KERNEL32(?,?,?,00007FF6DF0AE20F,?,?,00000000,00007FF6DF0AE4AA,?,?,?,?,8000000000000000,00007FF6DF0AE436), ref: 00007FF6DF0B85BE
      • FlsSetValue.KERNEL32(?,?,?,00007FF6DF0AE20F,?,?,00000000,00007FF6DF0AE4AA,?,?,?,?,8000000000000000,00007FF6DF0AE436), ref: 00007FF6DF0B85CF
      • FlsSetValue.KERNEL32(?,?,?,00007FF6DF0AE20F,?,?,00000000,00007FF6DF0AE4AA,?,?,?,?,8000000000000000,00007FF6DF0AE436), ref: 00007FF6DF0B85E0
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Value
      • String ID:
      • API String ID: 3702945584-0
      • Opcode ID: 078a902eec1aa32f9bbb7f0bccf8443e93c26390936cae6de50c508c51a1d619
      • Instruction ID: c0be4f76ae23301a5a797c78b09e6055c0f4d191af530e7e6e45be72df843c90
      • Opcode Fuzzy Hash: 078a902eec1aa32f9bbb7f0bccf8443e93c26390936cae6de50c508c51a1d619
      • Instruction Fuzzy Hash: 9E114C60E0C64241FA58A726696517E63869F847B0F448F37ED3DCB6E6DE2CF4728600
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D5FDC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo
      • String ID: UTF-16LEUNICODE$UTF-8$ccs
      • API String ID: 3215553584-1196891531
      • Opcode ID: 7284a90c9f2e9dd3f7227fabfef20605241c7f268e52af124d130a8212c007cf
      • Instruction ID: c041e159e2a27acbc97ddf6d4aeac5a0df9f4570ba09681439b8fb552802b2fd
      • Opcode Fuzzy Hash: 7284a90c9f2e9dd3f7227fabfef20605241c7f268e52af124d130a8212c007cf
      • Instruction Fuzzy Hash: 7381D53AE0C60385FB754F698D7023D2BA4AB91748F598037CA0ED7A86DF2DE4229701
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF088D60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
      • String ID: bad locale name
      • API String ID: 1612978173-1405518554
      • Opcode ID: b9d950414393fc73db6700ce3be29ab8677aec3015980b7ffe4ac9adb3849b91
      • Instruction ID: fcd753ff8235b085dcfd47b7b562e7331ac54ec0918954beb4deeb861fc7b7ea
      • Opcode Fuzzy Hash: b9d950414393fc73db6700ce3be29ab8677aec3015980b7ffe4ac9adb3849b91
      • Instruction Fuzzy Hash: 79919C32B09B418AFB11DF21D8A02FC37A6EF90784F144436DA8D97A9ADF38E565C354
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF074990 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 187COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID:
      • String ID: [json.exception.
      • API String ID: 0-791563284
      • Opcode ID: 6fe8fb0c9968038b29a8638f9797f4334faf7de4f1b8b181b4a0abe00a99f196
      • Instruction ID: 0979561749a0584a006275f268efbf3c598310180439949b053ee37a7782127d
      • Opcode Fuzzy Hash: 6fe8fb0c9968038b29a8638f9797f4334faf7de4f1b8b181b4a0abe00a99f196
      • Instruction Fuzzy Hash: C261C376E18B8182EB10CF29E46036EB761EBC5B94F544232EA9D47B9ACF7CD161C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BF308 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: FileWrite$ConsoleErrorLastOutput
      • String ID:
      • API String ID: 2718003287-0
      • Opcode ID: f9d86d9bd444fd118df228010101dc81beb47c4f6f150a854bed3fc07db29987
      • Instruction ID: ad5ed94b343286ee2ec4dc87da54601e21083b5059ae9851cef51d32cf5c453f
      • Opcode Fuzzy Hash: f9d86d9bd444fd118df228010101dc81beb47c4f6f150a854bed3fc07db29987
      • Instruction Fuzzy Hash: 0BD1F536B18A818AE710CFB9D4502EC37B5FB58798B548636CE5DD7B99DE38D426C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF082AA0 Relevance: 6.2, APIs: 4, Instructions: 220COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
      • String ID:
      • API String ID: 73155330-0
      • Opcode ID: 41ff5cef601d685c722a1ad8a358c84b4c3d29c7c1d14b1135a6f44c8b1a1f07
      • Instruction ID: 3a515fb4c76672e5255d644b026ce78836673344e562a92c0fa6c723ecb0b698
      • Opcode Fuzzy Hash: 41ff5cef601d685c722a1ad8a358c84b4c3d29c7c1d14b1135a6f44c8b1a1f07
      • Instruction Fuzzy Hash: 04711762B09B8681ED14EB56E4245BE6790FB44BE4F944A36DFAD87BD5CF3CE0618300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BFCC8 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
      Download Yara Rule
      APIs
      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF0BFCB3), ref: 00007FF6DF0BFDE4
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DF0BFCB3), ref: 00007FF6DF0BFE6F
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ConsoleErrorLastMode
      • String ID:
      • API String ID: 953036326-0
      • Opcode ID: d409dfd16bc18727b876812e7f265304e9354bdde45e1157d8325eb742d43cc0
      • Instruction ID: 53f6bc30166a173a74426783e7848d4b618af3cfdcd66e0dc67cf9c014ea9409
      • Opcode Fuzzy Hash: d409dfd16bc18727b876812e7f265304e9354bdde45e1157d8325eb742d43cc0
      • Instruction Fuzzy Hash: AF91D332F1869285F7608FA5D4602BD2BA1BB49B8AF54453BDE1ED7A95CF3CD462C300
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF072740 Relevance: 6.2, APIs: 4, Instructions: 184COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
      • String ID:
      • API String ID: 1346393832-0
      • Opcode ID: a368585bf3662c78e9a9efab872df86b2ce5959888669c2c45dc9db72dab3b8b
      • Instruction ID: 36137490cd9de54d98e95cb44656184b79740ef15d4f17902c96e4e10aa854a5
      • Opcode Fuzzy Hash: a368585bf3662c78e9a9efab872df86b2ce5959888669c2c45dc9db72dab3b8b
      • Instruction Fuzzy Hash: 9371A262E08B8181EB109B25E45136DB361FB89BD4F549232EF9C43B9ADF7CE1A0C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0D2ED0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ByteCharErrorLastMultiWide
      • String ID:
      • API String ID: 203985260-0
      • Opcode ID: 66186533058f7cadebb3082776b351f2adfa147ae5296369620ec292b25ff590
      • Instruction ID: 6a721a3e9bdb7040d3913088380e836c0da2408909ef6b7865e06123f871164d
      • Opcode Fuzzy Hash: 66186533058f7cadebb3082776b351f2adfa147ae5296369620ec292b25ff590
      • Instruction Fuzzy Hash: 4E21F976A28B858AE3508F11E85432EB7B4FB89B94F544139DB8993B54DF3DD811CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0A3CF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
      • String ID: bad locale name
      • API String ID: 3988782225-1405518554
      • Opcode ID: 96ef8150aa1f0eba1261c1f9aa30cc89bf3811c7c2501a4edfb691f47747fcc1
      • Instruction ID: 24d711b8a4e9ec6c80d2af080edd55b9d4f1920736ed8928e16611861d6033a8
      • Opcode Fuzzy Hash: 96ef8150aa1f0eba1261c1f9aa30cc89bf3811c7c2501a4edfb691f47747fcc1
      • Instruction Fuzzy Hash: 2CA16936609B419AEB10CF65E8A06AC73A8FB88B44F444136DB8D97BA5DF38E575C304
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF07E680 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
      • String ID: cannot use push_back() with
      • API String ID: 73155330-4122110429
      • Opcode ID: 770dbedafe867ed2f0c2a7fb682f8e03d833e983382234f98b866b15cd3830e3
      • Instruction ID: 1b9a7fc4be8b4e6d58dc1b60113da4032854b73c797a38c8e77b6539b1298ce1
      • Opcode Fuzzy Hash: 770dbedafe867ed2f0c2a7fb682f8e03d833e983382234f98b866b15cd3830e3
      • Instruction Fuzzy Hash: ED519632A09B8281EA609F21F4503AEA3A5FF48794F584532DF9D87B96DF3CD461C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0921C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
      • String ID: bad locale name
      • API String ID: 3988782225-1405518554
      • Opcode ID: 91db57b10f62ca1347222afa0fda0f7146d0f222da3f1973ca5202cc53bb3525
      • Instruction ID: f48af0d3035f77303ce0af7a4b0ed6fefefa5f2db996d27fb2709a59461c8001
      • Opcode Fuzzy Hash: 91db57b10f62ca1347222afa0fda0f7146d0f222da3f1973ca5202cc53bb3525
      • Instruction Fuzzy Hash: FE516E32B09A419AEB14DF71E8A02FC33A4EF54B48F484436EF4DA7A95DE38D562C344
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0BF9A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ErrorFileLastWrite
      • String ID: U
      • API String ID: 442123175-4171548499
      • Opcode ID: fe8bda706c613ae14a45258dbcdb5513988a1c9fb56f42e7dad01d90755ce01d
      • Instruction ID: 5557b615218d426fa51a11231ed96dd03933091edaf339465ebb104d6163a1cb
      • Opcode Fuzzy Hash: fe8bda706c613ae14a45258dbcdb5513988a1c9fb56f42e7dad01d90755ce01d
      • Instruction Fuzzy Hash: 0841A272B18A8186EB20CF65E8543AEA7A0FB98B94F844432EE4DC7798DF7CD451C740
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0888A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: _invalid_parameter_noinfo_noreturn
      • String ID: iostream
      • API String ID: 3668304517-2522040138
      • Opcode ID: 0656a1b7ccf82d60add90f479d50827246c7bbe713b1ccb287cc66060cc9d5cb
      • Instruction ID: 2cefc13e201ea0ca7e88554a493afb636b138b51b6a9e9d46aa0d08b73b85171
      • Opcode Fuzzy Hash: 0656a1b7ccf82d60add90f479d50827246c7bbe713b1ccb287cc66060cc9d5cb
      • Instruction Fuzzy Hash: C0418562E18BC641EE119B28E4513AE6351FFD57A4F509332EAEC836D6EF2CD194C704
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6DF0CF3F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6DF0D35EE), ref: 00007FF6DF0CF444
      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6DF0D35EE), ref: 00007FF6DF0CF485
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.1642161747.00007FF6DF051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DF050000, based on PE: true
      • Associated: 00000000.00000002.1642152918.00007FF6DF050000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642198658.00007FF6DF0E9000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642215267.00007FF6DF108000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.1642224826.00007FF6DF10D000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6df050000_Metamask_setup.jbxd
      Similarity
      • API ID: ExceptionFileHeaderRaise
      • String ID: csm
      • API String ID: 2573137834-1018135373
      • Opcode ID: 5f9d82367ba7d16b9c020008a7c4cdc299bef0669957e85fe42ba619740a2db2
      • Instruction ID: 684d94d05fa7fb8ae887d6acbdbe4b09b125a892ccdf32eca8e49807b5fe094d
      • Opcode Fuzzy Hash: 5f9d82367ba7d16b9c020008a7c4cdc299bef0669957e85fe42ba619740a2db2
      • Instruction Fuzzy Hash: 10113032618B8182EB218F25F4502AD77E4FB88B99F584236DF8C47B58DF3DD5618710
      Uniqueness

      Uniqueness Score: -1.00%