Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jp.exe

Overview

General Information

Sample name:jp.exe
Analysis ID:1429061
MD5:1938a3545517650824657fd09ce4ee16
SHA1:25a3bb6c1d11fac492825178e5a4ca7c5a8c4910
SHA256:602dbcf4008c585582d5e5d5c8ddb1932fdee07a14308e9cbf937904f31df1f7
Tags:APT44exeJUICYPOTATONG
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • jp.exe (PID: 4984 cmdline: "C:\Users\user\Desktop\jp.exe" MD5: 1938A3545517650824657FD09CE4EE16)
    • conhost.exe (PID: 5160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: jp.exeReversingLabs: Detection: 65%
Source: jp.exeVirustotal: Detection: 69%Perma Link
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601382670 CoTaskMemAlloc,CoTaskMemAlloc,LoadLibraryW,GetProcAddress,GetCurrentProcess,CoInitialize,CoInitializeSecurity,CreateObjrefMoniker,CreateBindCtx,CryptStringToBinaryW,RpcServerUseProtseqEpW,RpcServerRegisterAuthInfoW,CreateILockBytesOnHGlobal,StgCreateDocfileOnILockBytes,CLSIDFromString,CoGetInstanceFromIStorage,WaitForSingleObject,CoTaskMemFree,CoTaskMemFree,CoUninitialize,GetLastError,AcceptSecurityContext,SetEvent,QuerySecurityContextToken,GetTokenInformation,GetTokenInformation,GetLengthSid,CopySid,LookupAccountSidW,GetTokenInformation,DuplicateTokenEx,SetEvent,0_2_00007FF601382670
Source: jp.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138FAC0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF60138FAC0
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013821C0 GetCurrentProcess,OpenProcessToken,ImpersonateLoggedOnUser,CloseHandle,GetProcessHeap,HeapAlloc,GetCurrentProcessId,ProcessIdToSessionId,SetTokenInformation,CreateProcessAsUserW,GetLastError,CreateProcessWithTokenW,GetLastError,WaitForSingleObject,CloseHandle,CloseHandle,RevertToSelf,GetProcessHeap,HeapFree,0_2_00007FF6013821C0
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013826700_2_00007FF601382670
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138FAC00_2_00007FF60138FAC0
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601392D8C0_2_00007FF601392D8C
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013929600_2_00007FF601392960
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138CE140_2_00007FF60138CE14
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138F2200_2_00007FF60138F220
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138ADC40_2_00007FF60138ADC4
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013965B80_2_00007FF6013965B8
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013885DC0_2_00007FF6013885DC
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013811300_2_00007FF601381130
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013883580_2_00007FF601388358
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138E8140_2_00007FF60138E814
Source: C:\Users\user\Desktop\jp.exeCode function: String function: 00007FF601381010 appears 54 times
Source: classification engineClassification label: mal48.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601382090 LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,PrivilegeCheck,GetLastError,0_2_00007FF601382090
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601381B20 CoInitialize,CoCreateInstance,CoUninitialize,CreateEventW,CreateEventW,InitSecurityInterfaceW,LogonUserW,ImpersonateLoggedOnUser,RevertToSelf,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,CloseHandle,GetLastError,0_2_00007FF601381B20
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5160:120:WilError_03
Source: jp.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\jp.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: jp.exeReversingLabs: Detection: 65%
Source: jp.exeVirustotal: Detection: 69%
Source: unknownProcess created: C:\Users\user\Desktop\jp.exe "C:\Users\user\Desktop\jp.exe"
Source: C:\Users\user\Desktop\jp.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\jp.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\jp.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\jp.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\jp.exeSection loaded: kernel.appcore.dllJump to behavior
Source: jp.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: jp.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: jp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: jp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: jp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: jp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: jp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: jp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601382670 CoTaskMemAlloc,CoTaskMemAlloc,LoadLibraryW,GetProcAddress,GetCurrentProcess,CoInitialize,CoInitializeSecurity,CreateObjrefMoniker,CreateBindCtx,CryptStringToBinaryW,RpcServerUseProtseqEpW,RpcServerRegisterAuthInfoW,CreateILockBytesOnHGlobal,StgCreateDocfileOnILockBytes,CLSIDFromString,CoGetInstanceFromIStorage,WaitForSingleObject,CoTaskMemFree,CoTaskMemFree,CoUninitialize,GetLastError,AcceptSecurityContext,SetEvent,QuerySecurityContextToken,GetTokenInformation,GetTokenInformation,GetLengthSid,CopySid,LookupAccountSidW,GetTokenInformation,DuplicateTokenEx,SetEvent,0_2_00007FF601382670
Source: jp.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\jp.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-9543
Source: C:\Users\user\Desktop\jp.exeAPI coverage: 4.5 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138FAC0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF60138FAC0
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138BE8C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60138BE8C
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601382670 CoTaskMemAlloc,CoTaskMemAlloc,LoadLibraryW,GetProcAddress,GetCurrentProcess,CoInitialize,CoInitializeSecurity,CreateObjrefMoniker,CreateBindCtx,CryptStringToBinaryW,RpcServerUseProtseqEpW,RpcServerRegisterAuthInfoW,CreateILockBytesOnHGlobal,StgCreateDocfileOnILockBytes,CLSIDFromString,CoGetInstanceFromIStorage,WaitForSingleObject,CoTaskMemFree,CoTaskMemFree,CoUninitialize,GetLastError,AcceptSecurityContext,SetEvent,QuerySecurityContextToken,GetTokenInformation,GetTokenInformation,GetLengthSid,CopySid,LookupAccountSidW,GetTokenInformation,DuplicateTokenEx,SetEvent,0_2_00007FF601382670
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013821C0 GetCurrentProcess,OpenProcessToken,ImpersonateLoggedOnUser,CloseHandle,GetProcessHeap,HeapAlloc,GetCurrentProcessId,ProcessIdToSessionId,SetTokenInformation,CreateProcessAsUserW,GetLastError,CreateProcessWithTokenW,GetLastError,WaitForSingleObject,CloseHandle,CloseHandle,RevertToSelf,GetProcessHeap,HeapFree,0_2_00007FF6013821C0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF60138BE8C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60138BE8C
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601383720 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF601383720
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601382DB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF601382DB4
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF6013838C8 SetUnhandledExceptionFilter,0_2_00007FF6013838C8
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601381B20 CoInitialize,CoCreateInstance,CoUninitialize,CreateEventW,CreateEventW,InitSecurityInterfaceW,LogonUserW,ImpersonateLoggedOnUser,RevertToSelf,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,CloseHandle,GetLastError,0_2_00007FF601381B20
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601396400 cpuid 0_2_00007FF601396400
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601383604 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF601383604
Source: C:\Users\user\Desktop\jp.exeCode function: 0_2_00007FF601382670 CoTaskMemAlloc,CoTaskMemAlloc,LoadLibraryW,GetProcAddress,GetCurrentProcess,CoInitialize,CoInitializeSecurity,CreateObjrefMoniker,CreateBindCtx,CryptStringToBinaryW,RpcServerUseProtseqEpW,RpcServerRegisterAuthInfoW,CreateILockBytesOnHGlobal,StgCreateDocfileOnILockBytes,CLSIDFromString,CoGetInstanceFromIStorage,WaitForSingleObject,CoTaskMemFree,CoTaskMemFree,CoUninitialize,GetLastError,AcceptSecurityContext,SetEvent,QuerySecurityContextToken,GetTokenInformation,GetTokenInformation,GetLengthSid,CopySid,LookupAccountSidW,GetTokenInformation,DuplicateTokenEx,SetEvent,0_2_00007FF601382670

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		2
Native API		2
Valid Accounts		2
Valid Accounts		2
Valid Accounts		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		21
Access Token Manipulation		21
Access Token Manipulation		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Process Injection		1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1429061 Sample: jp.exe Startdate: 20/04/2024 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 jp.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
jp.exe66%ReversingLabsWin64.Trojan.CobaltStrike
jp.exe69%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1429061
Start date and time:2024-04-20 13:34:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:jp.exe
Detection:MAL
Classification:mal48.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 97%
  • Number of executed functions: 13
  • Number of non-executed functions: 35
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\jp.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):724
Entropy (8bit):5.262038391161656
Encrypted:false
SSDEEP:12:IwZdPyZdPpOpqW8nY8GP/1mmCFZ1fTUcEaXg84EU8/aId4h2wpVY0AE2+z1jHi:H82kLB4mm8NNwWFb2We2UpHi
MD5:A980C5C269329585F5CF31F38DD0C3CD
SHA1:06EF2044D9A45A9B02C8B4414BD5EAA264673196
SHA-256:87CEA0250D7E3FAA1E5169DA5ECE6CEDFD40859C30C73F64F0DE660AA82767A1
SHA-512:47AB33CA5FA7EF773327F4371FC75DF307A4F5067562F357FD810D101C389D3585B1D36795DB189F6E31B3418B16C657D8F36E2800AAAAF31D8EE8C597B0A9C4
Malicious:false
Reputation:low
Preview:..... JuicyPotatoNG... by decoder_it & splinter_code......... JuicyPotatoNG... by decoder_it & splinter_code......Mandatory args: ..-t createprocess call: <t> CreateProcessWithTokenW, <u> CreateProcessAsUser, <*> try both..-p <program>: program to launch......Optional args: ..-l <port>: COM server listen port (Default 10247)..-a <argument>: command line argument to pass to program (default NULL)..-c <CLSID>: (Default {854A20FB-2D44-457D-992F-EF13785D2B51})..-i : Interactive Console (valid only with CreateProcessAsUser)......Additional modes: ..-b : Bruteforce all CLSIDs. !ALERT: USE ONLY FOR TESTING. About 1000 processes will be spawned!..-s : Seek for a suitable COM port not filtered by Windows Defender Firewall..

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.155325734871083
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:jp.exe
File size:153'600 bytes
MD5:1938a3545517650824657fd09ce4ee16
SHA1:25a3bb6c1d11fac492825178e5a4ca7c5a8c4910
SHA256:602dbcf4008c585582d5e5d5c8ddb1932fdee07a14308e9cbf937904f31df1f7
SHA512:8dcf8ba85b19e57074fba677bfa2aed646d531d7ebb0376cdecdb2a4247b2ea5a0188873f618033faedab764100c7e5db7001f8443136e5fb814ab39da5b6c26
SSDEEP:1536:bcmdSR7NBuNA124hAsuDBajpQZfCT4DbAkfe9j5w35GKQTgtxjsWCtd7p9dlw2Qn:4mQD0Ar7pyPA8e9u35GKckxStXlp4Il
TLSH:BBE35B0773A531F9E1778238C9A64906F776787207619BAF0364477A2F233D0AD3AB61
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[\E.5.E.5.E.5.Q.6.@.5.Q.0...5...0.m.5...1.U.5...6.L.5.Q.1.K.5.Q.4.H.5.E.4...5...<.C.5.....D.5...7.D.5.RichE.5.........PE..d..

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x140003200
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x633DBF34 [Wed Oct 5 17:30:28 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:f9a28c458284584a93b14216308d31bd

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F8054876C00h
dec eax
add esp, 28h
jmp 00007F8054876677h
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [000152E1h]
xorps xmm0, xmm0
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
dec eax
lea ecx, dword ptr [eax+08h]
movups dqword ptr [edx], xmm0
call 00007F8054877A44h
dec eax
lea eax, dword ptr [000152F4h]
dec eax
mov dword ptr [ebx], eax
dec eax
mov eax, ebx
dec eax
add esp, 20h
pop ebx
ret
dec eax
and dword ptr [ecx+10h], 00000000h
dec eax
lea eax, dword ptr [000152ECh]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [000152D1h]
dec eax
mov dword ptr [ecx], eax
dec eax
mov eax, ecx
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00015285h]
xorps xmm0, xmm0
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
dec eax
lea ecx, dword ptr [eax+08h]
movups dqword ptr [edx], xmm0
call 00007F80548779E8h
dec eax
lea eax, dword ptr [000152C0h]
dec eax
mov dword ptr [ebx], eax
dec eax
mov eax, ebx
dec eax
add esp, 20h
pop ebx
ret
dec eax
and dword ptr [ecx+10h], 00000000h
dec eax
lea eax, dword ptr [000152B8h]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [0001529Dh]
dec eax
mov dword ptr [ecx], eax
dec eax

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x233940x8c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x2a0000x1e0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x270000x14a0.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2b0000x6dc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x2164c0x38.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x216900x138.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x180000x3d8.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x162d00x164003809af1bd6599925c1f0c774abbec7a9False0.5888671875data6.475221223167762IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x180000xc11c0xc200a4781a429e1dd6769d8fcb0e6bbf7f86False0.4429768041237113data4.967175998304241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x250000x1f200xc00652a912811bc0d72e0c06afce264a2c3False0.16634114583333334data2.344185145643017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x270000x14a00x1600269f98767d4e10bd7f0694814a5a4559False0.45667613636363635PEX Binary Archive4.903861388939426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x290000xfc0x200c24443e17523c001def60fbb9673bc9eFalse0.30859375data1.9968912851420892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x2a0000x1e00x2000d7b54bda9ebee77bed1dbf8d90561e3False0.53125data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x2b0000x6dc0x8002ea5f13eea7586a1b187fa11ca9fd36aFalse0.54052734375data5.076358963025443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x2a0600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

Imports

DLLImport
KERNEL32.dllSetEvent, WriteConsoleW, GetProcAddress, LoadLibraryW, GetCurrentProcessId, GetLastError, ProcessIdToSessionId, CreateEventW, GetCurrentProcess, AllocConsole, GetConsoleWindow, CreateProcessW, GetProcessHeap, SetStdHandle, HeapAlloc, FreeConsole, CloseHandle, TerminateThread, CreateFileW, WaitForSingleObject, GetModuleFileNameW, TerminateProcess, HeapReAlloc, HeapSize, GetFileSizeEx, SetFilePointerEx, GetStringTypeW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, MultiByteToWideChar, GetCPInfo, GetStdHandle, HeapFree, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, WriteFile, GetCommandLineA, GetCommandLineW, CompareStringW, LCMapStringW, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, WideCharToMultiByte
ADVAPI32.dllOpenProcessToken, RegOpenKeyExW, RegEnumKeyW, CopySid, GetLengthSid, DuplicateTokenEx, LookupAccountSidW, GetTokenInformation, LookupPrivilegeValueW, AdjustTokenPrivileges, RevertToSelf, PrivilegeCheck, SetTokenInformation, CreateProcessWithTokenW, ImpersonateLoggedOnUser, LogonUserW, RegCloseKey, CreateProcessAsUserW, RegGetValueW
ole32.dllCreateObjrefMoniker, CoInitializeSecurity, CoGetInstanceFromIStorage, StgCreateDocfileOnILockBytes, CoTaskMemFree, CreateBindCtx, CoCreateInstance, CoUninitialize, CoInitialize, CLSIDFromString, CoTaskMemAlloc, CreateILockBytesOnHGlobal
CRYPT32.dllCryptStringToBinaryW
RPCRT4.dllRpcServerRegisterAuthInfoW, RpcServerUseProtseqEpW
Secur32.dllInitSecurityInterfaceW, QuerySecurityContextToken, AcceptSecurityContext

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:13:34:48
Start date:20/04/2024
Path:C:\Users\user\Desktop\jp.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\jp.exe"
Imagebase:0x7ff601380000
File size:153'600 bytes
MD5 hash:1938A3545517650824657FD09CE4EE16
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:1
Start time:13:34:48
Start date:20/04/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6d64d0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:4.1%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:16.4%
    Total number of Nodes:1835
    Total number of Limit Nodes:17
    execution_graph 9864 7ff60138b180 9867 7ff60138aa4c 9864->9867 9874 7ff60138a9d8 9867->9874 9872 7ff60138a8e0 14 API calls 9873 7ff60138aa74 9872->9873 9875 7ff60138a9e8 9874->9875 9876 7ff60138a9ed 9874->9876 9877 7ff60138a8e0 14 API calls 9875->9877 9878 7ff60138a9f4 9876->9878 9877->9876 9879 7ff60138aa04 9878->9879 9880 7ff60138aa09 9878->9880 9881 7ff60138a8e0 14 API calls 9879->9881 9880->9872 9881->9880 11094 7ff601394b00 11097 7ff601390748 11094->11097 11098 7ff60139079a 11097->11098 11099 7ff601390755 11097->11099 11103 7ff60138e5d8 11099->11103 11104 7ff60138e5ee 11103->11104 11105 7ff60138e5e9 11103->11105 11107 7ff60138c674 _invalid_parameter_noinfo 6 API calls 11104->11107 11112 7ff60138e5f6 11104->11112 11106 7ff60138c62c _invalid_parameter_noinfo 6 API calls 11105->11106 11106->11104 11108 7ff60138e60d 11107->11108 11110 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 11108->11110 11108->11112 11109 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11111 7ff60138e67e 11109->11111 11113 7ff60138e620 11110->11113 11112->11109 11116 7ff60138e670 11112->11116 11114 7ff60138e63e 11113->11114 11115 7ff60138e62e 11113->11115 11117 7ff60138c674 _invalid_parameter_noinfo 6 API calls 11114->11117 11118 7ff60138c674 _invalid_parameter_noinfo 6 API calls 11115->11118 11128 7ff6013904d0 11116->11128 11120 7ff60138e646 11117->11120 11119 7ff60138e635 11118->11119 11123 7ff60138c258 __free_lconv_mon 14 API calls 11119->11123 11121 7ff60138e64a 11120->11121 11122 7ff60138e65c 11120->11122 11124 7ff60138c674 _invalid_parameter_noinfo 6 API calls 11121->11124 11125 7ff60138e2b4 _invalid_parameter_noinfo 14 API calls 11122->11125 11123->11112 11124->11119 11126 7ff60138e664 11125->11126 11127 7ff60138c258 __free_lconv_mon 14 API calls 11126->11127 11127->11112 11146 7ff601390690 11128->11146 11133 7ff601390513 11133->11098 11134 7ff60138da88 15 API calls 11136 7ff601390524 11134->11136 11135 7ff60138c258 __free_lconv_mon 14 API calls 11135->11133 11141 7ff6013905bf 11136->11141 11164 7ff6013907c4 11136->11164 11139 7ff6013905ba 11140 7ff60138c1c0 memcpy_s 14 API calls 11139->11140 11140->11141 11141->11135 11142 7ff60139061c 11142->11141 11175 7ff601390020 11142->11175 11143 7ff6013905df 11143->11142 11145 7ff60138c258 __free_lconv_mon 14 API calls 11143->11145 11145->11142 11147 7ff6013906b3 11146->11147 11148 7ff6013906bd 11147->11148 11190 7ff60138cc84 EnterCriticalSection 11147->11190 11150 7ff6013904f9 11148->11150 11153 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11148->11153 11157 7ff6013901dc 11150->11157 11154 7ff601390747 11153->11154 11158 7ff601387680 34 API calls 11157->11158 11159 7ff6013901f0 11158->11159 11160 7ff60139020e 11159->11160 11161 7ff6013901fc GetOEMCP 11159->11161 11162 7ff601390223 11160->11162 11163 7ff601390213 GetACP 11160->11163 11161->11162 11162->11133 11162->11134 11163->11162 11165 7ff6013901dc 36 API calls 11164->11165 11166 7ff6013907ef 11165->11166 11168 7ff60139082c IsValidCodePage 11166->11168 11173 7ff60139086f memcpy_s 11166->11173 11167 7ff601382d90 _handle_error 8 API calls 11170 7ff6013905b3 11167->11170 11169 7ff60139083d 11168->11169 11168->11173 11171 7ff601390874 GetCPInfo 11169->11171 11174 7ff601390846 memcpy_s 11169->11174 11170->11139 11170->11143 11171->11173 11171->11174 11173->11167 11191 7ff6013902ec 11174->11191 11256 7ff60138cc84 EnterCriticalSection 11175->11256 11192 7ff601390329 GetCPInfo 11191->11192 11193 7ff60139041f 11191->11193 11192->11193 11198 7ff60139033c 11192->11198 11194 7ff601382d90 _handle_error 8 API calls 11193->11194 11196 7ff6013904b8 11194->11196 11196->11173 11202 7ff6013915e4 11198->11202 11201 7ff601394a68 38 API calls 11201->11193 11203 7ff601387680 34 API calls 11202->11203 11204 7ff601391626 11203->11204 11205 7ff601390a80 MultiByteToWideChar 11204->11205 11207 7ff60139165c 11205->11207 11206 7ff601391663 11209 7ff601382d90 _handle_error 8 API calls 11206->11209 11207->11206 11208 7ff60138da88 15 API calls 11207->11208 11211 7ff601391688 memcpy_s 11207->11211 11208->11211 11210 7ff6013903b3 11209->11210 11217 7ff601394a68 11210->11217 11212 7ff601391720 11211->11212 11213 7ff601390a80 MultiByteToWideChar 11211->11213 11212->11206 11214 7ff60138c258 __free_lconv_mon 14 API calls 11212->11214 11215 7ff601391702 11213->11215 11214->11206 11215->11212 11216 7ff601391706 GetStringTypeW 11215->11216 11216->11212 11218 7ff601387680 34 API calls 11217->11218 11219 7ff601394a8d 11218->11219 11222 7ff601394750 11219->11222 11223 7ff601394792 11222->11223 11224 7ff601390a80 MultiByteToWideChar 11223->11224 11228 7ff6013947dc 11224->11228 11225 7ff601394a1b 11226 7ff601382d90 _handle_error 8 API calls 11225->11226 11227 7ff6013903e6 11226->11227 11227->11201 11228->11225 11229 7ff60138da88 15 API calls 11228->11229 11232 7ff60139480f 11228->11232 11229->11232 11230 7ff601390a80 MultiByteToWideChar 11231 7ff601394881 11230->11231 11233 7ff601394913 11231->11233 11250 7ff60138c72c 11231->11250 11232->11230 11232->11233 11233->11225 11234 7ff60138c258 __free_lconv_mon 14 API calls 11233->11234 11234->11225 11237 7ff6013948d0 11237->11233 11239 7ff60138c72c __crtLCMapStringW 6 API calls 11237->11239 11238 7ff601394922 11240 7ff60139493c 11238->11240 11241 7ff60138da88 15 API calls 11238->11241 11239->11233 11240->11233 11242 7ff60138c72c __crtLCMapStringW 6 API calls 11240->11242 11241->11240 11243 7ff6013949bd 11242->11243 11244 7ff6013949f2 11243->11244 11246 7ff60138f6d4 WideCharToMultiByte 11243->11246 11244->11233 11245 7ff60138c258 __free_lconv_mon 14 API calls 11244->11245 11245->11233 11247 7ff6013949ec 11246->11247 11247->11244 11248 7ff601394a52 11247->11248 11248->11233 11249 7ff60138c258 __free_lconv_mon 14 API calls 11248->11249 11249->11233 11251 7ff60138c298 try_get_function 5 API calls 11250->11251 11252 7ff60138c76a 11251->11252 11253 7ff60138c808 __crtLCMapStringW 5 API calls 11252->11253 11255 7ff60138c76f 11252->11255 11254 7ff60138c7cb LCMapStringW 11253->11254 11254->11255 11255->11233 11255->11237 11255->11238 9882 7ff601386a78 9883 7ff601386aa2 9882->9883 9884 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9883->9884 9885 7ff601386ac1 9884->9885 9886 7ff60138c258 __free_lconv_mon 14 API calls 9885->9886 9887 7ff601386acf 9886->9887 9888 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9887->9888 9892 7ff601386af9 9887->9892 9889 7ff601386aeb 9888->9889 9891 7ff60138c258 __free_lconv_mon 14 API calls 9889->9891 9891->9892 9893 7ff601386b02 9892->9893 9894 7ff60138c6c8 9892->9894 9895 7ff60138c298 try_get_function 5 API calls 9894->9895 9896 7ff60138c6fe 9895->9896 9897 7ff60138c713 InitializeCriticalSectionAndSpinCount 9896->9897 9898 7ff60138c708 9896->9898 9897->9898 9898->9892 9899 7ff601395184 9900 7ff601395195 CloseHandle 9899->9900 9901 7ff60139519b 9899->9901 9900->9901 9902 7ff60138e384 9903 7ff60138e389 9902->9903 9907 7ff60138e39e 9902->9907 9908 7ff60138e3a4 9903->9908 9909 7ff60138e3ee 9908->9909 9910 7ff60138e3e6 9908->9910 9912 7ff60138c258 __free_lconv_mon 14 API calls 9909->9912 9911 7ff60138c258 __free_lconv_mon 14 API calls 9910->9911 9911->9909 9913 7ff60138e3fb 9912->9913 9914 7ff60138c258 __free_lconv_mon 14 API calls 9913->9914 9915 7ff60138e408 9914->9915 9916 7ff60138c258 __free_lconv_mon 14 API calls 9915->9916 9917 7ff60138e415 9916->9917 9918 7ff60138c258 __free_lconv_mon 14 API calls 9917->9918 9919 7ff60138e422 9918->9919 9920 7ff60138c258 __free_lconv_mon 14 API calls 9919->9920 9921 7ff60138e42f 9920->9921 9922 7ff60138c258 __free_lconv_mon 14 API calls 9921->9922 9923 7ff60138e43c 9922->9923 9924 7ff60138c258 __free_lconv_mon 14 API calls 9923->9924 9925 7ff60138e449 9924->9925 9926 7ff60138c258 __free_lconv_mon 14 API calls 9925->9926 9927 7ff60138e459 9926->9927 9928 7ff60138c258 __free_lconv_mon 14 API calls 9927->9928 9929 7ff60138e469 9928->9929 9934 7ff60138e254 9929->9934 9948 7ff60138cc84 EnterCriticalSection 9934->9948 9147 7ff601383084 9168 7ff6013833f0 9147->9168 9150 7ff6013831db 9247 7ff601383720 IsProcessorFeaturePresent 9150->9247 9151 7ff6013830a5 __scrt_acquire_startup_lock 9153 7ff6013831e5 9151->9153 9159 7ff6013830c3 __scrt_release_startup_lock 9151->9159 9154 7ff601383720 7 API calls 9153->9154 9156 7ff6013831f0 __FrameHandler3::FrameUnwindToEmptyState 9154->9156 9155 7ff6013830e8 9157 7ff60138316e 9176 7ff60138aa84 9157->9176 9159->9155 9159->9157 9236 7ff601389f68 9159->9236 9161 7ff601383173 9182 7ff601381b20 9161->9182 9165 7ff601383197 9165->9156 9243 7ff601383584 9165->9243 9254 7ff6013839ac 9168->9254 9171 7ff60138309d 9171->9150 9171->9151 9172 7ff60138341f 9256 7ff60138b274 9172->9256 9177 7ff60138aa94 9176->9177 9181 7ff60138aaa9 9176->9181 9177->9181 9299 7ff60138a764 9177->9299 9181->9161 9183 7ff601381c0f 9182->9183 9184 7ff601381be1 9182->9184 9187 7ff601381caf 9183->9187 9476 7ff601381010 9183->9476 9184->9183 9189 7ff601381fd1 9184->9189 9191 7ff601381cb4 9187->9191 9192 7ff601381cbe 9187->9192 9188 7ff601381010 69 API calls 9188->9187 9190 7ff601381010 69 API calls 9189->9190 9193 7ff601381fe0 9190->9193 9495 7ff601381130 GetProcessHeap HeapAlloc RegOpenKeyExW 9191->9495 9195 7ff601381cc7 9192->9195 9207 7ff601381ddf 9192->9207 9196 7ff601382600 69 API calls 9193->9196 9199 7ff601381010 69 API calls 9195->9199 9200 7ff601381fe5 9196->9200 9197 7ff601381e07 CreateEventW CreateEventW InitSecurityInterfaceW LogonUserW 9202 7ff601381ea1 ImpersonateLoggedOnUser 9197->9202 9203 7ff601381ff0 GetLastError 9197->9203 9204 7ff601381cd3 CoInitialize CoCreateInstance 9199->9204 9200->9203 9201 7ff601381f95 9206 7ff601382d90 _handle_error 8 API calls 9201->9206 9516 7ff601382670 CoTaskMemAlloc CoTaskMemAlloc LoadLibraryW GetProcAddress GetCurrentProcess 9202->9516 9208 7ff601381010 69 API calls 9203->9208 9220 7ff601381d0f 9204->9220 9211 7ff601381fa3 9206->9211 9207->9197 9212 7ff601381010 69 API calls 9207->9212 9213 7ff601382004 9207->9213 9208->9213 9210 7ff601382014 9241 7ff601383874 GetModuleHandleW 9211->9241 9212->9197 9480 7ff601382600 9213->9480 9214 7ff601381eb6 RevertToSelf 9215 7ff601381ec7 WaitForSingleObject 9214->9215 9216 7ff601381f44 WaitForSingleObject WaitForSingleObject 9214->9216 9217 7ff601381ed9 9215->9217 9218 7ff601381ee7 WaitForSingleObject 9215->9218 9219 7ff601381f61 CloseHandle CloseHandle CloseHandle CloseHandle 9216->9219 9221 7ff601381010 69 API calls 9217->9221 9222 7ff601381f2b 9218->9222 9223 7ff601381f02 9218->9223 9219->9201 9227 7ff601381d33 9220->9227 9232 7ff601381d41 9220->9232 9224 7ff601381ee5 9221->9224 9230 7ff601381010 69 API calls 9222->9230 9225 7ff601381f09 9223->9225 9226 7ff601381f17 9223->9226 9224->9219 9228 7ff601381010 69 API calls 9225->9228 9564 7ff6013821c0 GetCurrentProcess OpenProcessToken 9226->9564 9231 7ff601381010 69 API calls 9227->9231 9228->9224 9230->9224 9234 7ff601381d3f CoUninitialize 9231->9234 9233 7ff601381010 69 API calls 9232->9233 9232->9234 9233->9232 9234->9201 9237 7ff601389f9e 9236->9237 9238 7ff601389f8c 9236->9238 9806 7ff60138b2c0 9237->9806 9238->9157 9242 7ff601383885 9241->9242 9242->9165 9244 7ff601383595 9243->9244 9245 7ff6013831ae 9244->9245 9246 7ff6013845fc __scrt_initialize_crt 7 API calls 9244->9246 9245->9155 9246->9245 9248 7ff601383746 _invalid_parameter_noinfo memcpy_s 9247->9248 9249 7ff601383765 RtlCaptureContext RtlLookupFunctionEntry 9248->9249 9250 7ff6013837ca memcpy_s 9249->9250 9251 7ff60138378e RtlVirtualUnwind 9249->9251 9252 7ff6013837fc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9250->9252 9251->9250 9253 7ff60138384e _invalid_parameter_noinfo 9252->9253 9253->9153 9255 7ff601383412 __scrt_dllmain_crt_thread_attach 9254->9255 9255->9171 9255->9172 9257 7ff601391c40 9256->9257 9258 7ff601383424 9257->9258 9266 7ff60138cbc0 9257->9266 9258->9171 9260 7ff6013845fc 9258->9260 9261 7ff601384604 9260->9261 9262 7ff60138460e 9260->9262 9278 7ff601384944 9261->9278 9262->9171 9277 7ff60138cc84 EnterCriticalSection 9266->9277 9268 7ff60138cbd0 9269 7ff601391090 32 API calls 9268->9269 9270 7ff60138cbd9 9269->9270 9271 7ff60138cbe7 9270->9271 9272 7ff60138c9c4 34 API calls 9270->9272 9273 7ff60138ccd8 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 9271->9273 9274 7ff60138cbe2 9272->9274 9275 7ff60138cbf3 9273->9275 9276 7ff60138cab4 GetStdHandle GetFileType 9274->9276 9275->9257 9276->9271 9279 7ff601384953 9278->9279 9281 7ff601384609 9278->9281 9286 7ff60138616c 9279->9286 9282 7ff601385fa0 9281->9282 9283 7ff601385fcb 9282->9283 9284 7ff601385fcf 9283->9284 9285 7ff601385fae DeleteCriticalSection 9283->9285 9284->9262 9285->9283 9290 7ff601385fd8 9286->9290 9291 7ff6013860f0 TlsFree 9290->9291 9297 7ff60138601b try_get_function 9290->9297 9292 7ff601386048 LoadLibraryExW 9294 7ff601386069 GetLastError 9292->9294 9295 7ff6013860bf 9292->9295 9293 7ff6013860df GetProcAddress 9293->9291 9294->9297 9295->9293 9296 7ff6013860d6 FreeLibrary 9295->9296 9296->9293 9297->9291 9297->9292 9297->9293 9298 7ff60138608b LoadLibraryExW 9297->9298 9298->9295 9298->9297 9300 7ff60138a77d 9299->9300 9307 7ff60138a779 9299->9307 9317 7ff601390adc GetEnvironmentStringsW 9300->9317 9303 7ff60138a78a 9305 7ff60138c258 __free_lconv_mon 14 API calls 9303->9305 9305->9307 9307->9181 9309 7ff60138a924 9307->9309 9310 7ff60138a93f 9309->9310 9316 7ff60138a952 9309->9316 9310->9181 9311 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9311->9316 9312 7ff60138a9c8 9314 7ff60138c258 __free_lconv_mon 14 API calls 9312->9314 9313 7ff601390a80 MultiByteToWideChar 9313->9316 9314->9310 9315 7ff60138c258 __free_lconv_mon 14 API calls 9315->9316 9316->9310 9316->9311 9316->9312 9316->9313 9316->9315 9318 7ff60138a782 9317->9318 9319 7ff601390b00 9317->9319 9318->9303 9324 7ff60138a7cc 9318->9324 9319->9319 9347 7ff60138da88 9319->9347 9321 7ff601390b3a memcpy_s 9322 7ff60138c258 __free_lconv_mon 14 API calls 9321->9322 9323 7ff601390b5a FreeEnvironmentStringsW 9322->9323 9323->9318 9325 7ff60138a7f4 9324->9325 9326 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9325->9326 9333 7ff60138a82f 9326->9333 9327 7ff60138c258 __free_lconv_mon 14 API calls 9328 7ff60138a797 9327->9328 9341 7ff60138c258 9328->9341 9329 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9329->9333 9330 7ff60138a895 9433 7ff60138a8e0 9330->9433 9333->9329 9333->9330 9335 7ff60138a8cc 9333->9335 9338 7ff60138c258 __free_lconv_mon 14 API calls 9333->9338 9339 7ff60138a8a4 9333->9339 9424 7ff6013898e0 9333->9424 9439 7ff60138c0c0 IsProcessorFeaturePresent 9335->9439 9336 7ff60138c258 __free_lconv_mon 14 API calls 9336->9339 9338->9333 9339->9327 9342 7ff60138c25d HeapFree 9341->9342 9346 7ff60138c28d __free_lconv_mon 9341->9346 9343 7ff60138c278 9342->9343 9342->9346 9344 7ff60138c1c0 memcpy_s 12 API calls 9343->9344 9345 7ff60138c27d GetLastError 9344->9345 9345->9346 9346->9303 9348 7ff60138dad3 9347->9348 9352 7ff60138da97 _invalid_parameter_noinfo 9347->9352 9357 7ff60138c1c0 9348->9357 9350 7ff60138daba HeapAlloc 9351 7ff60138dad1 9350->9351 9350->9352 9351->9321 9352->9348 9352->9350 9354 7ff60138a168 9352->9354 9360 7ff60138a198 9354->9360 9366 7ff60138e680 GetLastError 9357->9366 9359 7ff60138c1c9 9359->9351 9365 7ff60138cc84 EnterCriticalSection 9360->9365 9367 7ff60138e6a7 9366->9367 9368 7ff60138e6a2 9366->9368 9372 7ff60138e6af SetLastError 9367->9372 9393 7ff60138c674 9367->9393 9389 7ff60138c62c 9368->9389 9372->9359 9376 7ff60138e6fb 9378 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9376->9378 9377 7ff60138e6eb 9379 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9377->9379 9380 7ff60138e703 9378->9380 9381 7ff60138e6f2 9379->9381 9382 7ff60138e707 9380->9382 9383 7ff60138e719 9380->9383 9384 7ff60138c258 __free_lconv_mon 12 API calls 9381->9384 9385 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9382->9385 9405 7ff60138e2b4 9383->9405 9384->9372 9385->9381 9390 7ff60138c298 try_get_function 5 API calls 9389->9390 9391 7ff60138c653 TlsGetValue 9390->9391 9394 7ff60138c298 try_get_function 5 API calls 9393->9394 9395 7ff60138c6a2 9394->9395 9396 7ff60138c6b4 TlsSetValue 9395->9396 9397 7ff60138c6ac 9395->9397 9396->9397 9397->9372 9398 7ff60138c1e0 9397->9398 9403 7ff60138c1f1 _invalid_parameter_noinfo 9398->9403 9399 7ff60138c242 9402 7ff60138c1c0 memcpy_s 13 API calls 9399->9402 9400 7ff60138c226 RtlAllocateHeap 9401 7ff60138c240 9400->9401 9400->9403 9401->9376 9401->9377 9402->9401 9403->9399 9403->9400 9404 7ff60138a168 _invalid_parameter_noinfo 2 API calls 9403->9404 9404->9403 9410 7ff60138e18c 9405->9410 9422 7ff60138cc84 EnterCriticalSection 9410->9422 9425 7ff6013898f7 9424->9425 9426 7ff6013898ed 9424->9426 9427 7ff60138c1c0 memcpy_s 14 API calls 9425->9427 9426->9425 9431 7ff601389913 9426->9431 9428 7ff6013898ff 9427->9428 9443 7ff60138c0a0 9428->9443 9430 7ff60138990b 9430->9333 9431->9430 9432 7ff60138c1c0 memcpy_s 14 API calls 9431->9432 9432->9428 9434 7ff60138a89d 9433->9434 9435 7ff60138a8e5 9433->9435 9434->9336 9436 7ff60138a90e 9435->9436 9437 7ff60138c258 __free_lconv_mon 14 API calls 9435->9437 9438 7ff60138c258 __free_lconv_mon 14 API calls 9436->9438 9437->9435 9438->9434 9440 7ff60138c0d3 9439->9440 9454 7ff60138be8c 9440->9454 9446 7ff60138bff0 9443->9446 9445 7ff60138c0b9 9445->9430 9447 7ff60138e680 _invalid_parameter_noinfo 14 API calls 9446->9447 9448 7ff60138c015 9447->9448 9449 7ff60138c026 9448->9449 9450 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 9448->9450 9449->9445 9451 7ff60138c09d 9450->9451 9452 7ff60138bff0 _invalid_parameter_noinfo 31 API calls 9451->9452 9453 7ff60138c0b9 9452->9453 9453->9445 9455 7ff60138bec6 _invalid_parameter_noinfo memcpy_s 9454->9455 9456 7ff60138beee RtlCaptureContext RtlLookupFunctionEntry 9455->9456 9457 7ff60138bf5e IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9456->9457 9458 7ff60138bf28 RtlVirtualUnwind 9456->9458 9459 7ff60138bfb0 _invalid_parameter_noinfo 9457->9459 9458->9457 9462 7ff601382d90 9459->9462 9463 7ff601382d9a 9462->9463 9464 7ff601382de8 IsProcessorFeaturePresent 9463->9464 9465 7ff601382da6 GetCurrentProcess TerminateProcess 9463->9465 9466 7ff601382e00 9464->9466 9471 7ff601382ebc RtlCaptureContext 9466->9471 9472 7ff601382ed6 RtlLookupFunctionEntry 9471->9472 9473 7ff601382eec RtlVirtualUnwind 9472->9473 9474 7ff601382e13 9472->9474 9473->9472 9473->9474 9475 7ff601382db4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9474->9475 9477 7ff60138103d 9476->9477 9607 7ff60138984c 9477->9607 9481 7ff601381010 69 API calls 9480->9481 9482 7ff601382610 9481->9482 9483 7ff601381010 69 API calls 9482->9483 9484 7ff60138261c 9483->9484 9485 7ff601381010 69 API calls 9484->9485 9486 7ff601382628 9485->9486 9487 7ff601381010 69 API calls 9486->9487 9488 7ff601382634 9487->9488 9489 7ff601381010 69 API calls 9488->9489 9490 7ff601382640 9489->9490 9491 7ff601381010 69 API calls 9490->9491 9492 7ff60138264c 9491->9492 9493 7ff601381010 69 API calls 9492->9493 9494 7ff601382658 9493->9494 9496 7ff6013811f0 RegEnumKeyW 9495->9496 9497 7ff60138121c RegGetValueW 9496->9497 9498 7ff601381215 memcpy_s 9496->9498 9497->9498 9498->9496 9499 7ff6013812a9 RegCloseKey 9498->9499 9500 7ff601381010 69 API calls 9499->9500 9501 7ff6013812c7 GetStdHandle GetStdHandle GetConsoleWindow 9500->9501 9502 7ff6013812fc 9501->9502 9503 7ff6013812ee AllocConsole 9501->9503 9504 7ff601381301 CreateFileW SetStdHandle SetStdHandle 9502->9504 9503->9504 9509 7ff601381360 memcpy_s 9504->9509 9505 7ff6013813b6 GetModuleFileNameW 9505->9509 9506 7ff6013813f6 CreateProcessW WaitForSingleObject 9507 7ff60138146e CloseHandle CloseHandle 9506->9507 9508 7ff60138144e TerminateThread TerminateProcess 9506->9508 9507->9509 9508->9507 9509->9505 9509->9506 9511 7ff6013814c0 SetStdHandle SetStdHandle 9509->9511 9624 7ff601386f0c 9509->9624 9512 7ff6013814ec GetProcessHeap HeapFree 9511->9512 9513 7ff6013814e6 FreeConsole 9511->9513 9514 7ff601382d90 _handle_error 8 API calls 9512->9514 9513->9512 9515 7ff60138150f 9514->9515 9515->9201 9517 7ff601382738 memcpy_s 9516->9517 9518 7ff601382766 CoInitialize CoInitializeSecurity 9517->9518 9519 7ff6013827de memcpy_s 9518->9519 9520 7ff6013827fe CreateObjrefMoniker 9519->9520 9521 7ff601382814 CreateBindCtx 9520->9521 9540 7ff601382a2c 9520->9540 9524 7ff60138283c CryptStringToBinaryW 9521->9524 9522 7ff601381010 69 API calls 9523 7ff601382a45 9522->9523 9527 7ff601382a50 GetLastError 9523->9527 9526 7ff60138288c RpcServerUseProtseqEpW 9524->9526 9524->9527 9528 7ff6013828cd RpcServerRegisterAuthInfoW CreateILockBytesOnHGlobal StgCreateDocfileOnILockBytes 9526->9528 9531 7ff601382a64 9526->9531 9529 7ff601381010 69 API calls 9527->9529 9649 7ff601382f5c 9528->9649 9529->9531 9532 7ff601381010 69 API calls 9531->9532 9533 7ff601382a7d 9532->9533 9541 7ff601382ad9 9533->9541 9542 7ff601382ae3 AcceptSecurityContext 9533->9542 9535 7ff601382a1d 9537 7ff601381010 69 API calls 9535->9537 9536 7ff6013829a4 9538 7ff6013829a9 WaitForSingleObject 9536->9538 9539 7ff6013829b7 CoTaskMemFree CoTaskMemFree CoUninitialize 9536->9539 9537->9540 9538->9539 9552 7ff601382d90 _handle_error 8 API calls 9539->9552 9540->9522 9544 7ff601382d90 _handle_error 8 API calls 9541->9544 9542->9541 9543 7ff601382b1e SetEvent QuerySecurityContextToken GetTokenInformation 9542->9543 9545 7ff601382d33 SetEvent 9543->9545 9546 7ff601382b93 9543->9546 9547 7ff601382d6f 9544->9547 9545->9541 9548 7ff601382ba2 GetTokenInformation GetLengthSid 9546->9548 9547->9214 9549 7ff601389cc0 9548->9549 9551 7ff601382bd7 CopySid LookupAccountSidW GetTokenInformation 9549->9551 9554 7ff601382c5f 9551->9554 9553 7ff601382a02 9552->9553 9553->9214 9658 7ff601389ff0 9554->9658 9556 7ff601382ca1 9557 7ff601382d04 9556->9557 9558 7ff601382cac 9556->9558 9559 7ff601381010 69 API calls 9557->9559 9560 7ff601381010 69 API calls 9558->9560 9561 7ff601382d21 9559->9561 9562 7ff601382cc9 DuplicateTokenEx 9560->9562 9563 7ff601386f0c 64 API calls 9561->9563 9562->9545 9563->9545 9791 7ff601382090 LookupPrivilegeValueW 9564->9791 9566 7ff601382240 9567 7ff601382248 9566->9567 9568 7ff601382511 9566->9568 9569 7ff601382090 75 API calls 9567->9569 9570 7ff601382090 75 API calls 9568->9570 9571 7ff60138225b 9569->9571 9572 7ff601382522 9570->9572 9573 7ff601382090 75 API calls 9571->9573 9574 7ff60138252a 9572->9574 9575 7ff6013825e2 9572->9575 9577 7ff60138226e 9573->9577 9581 7ff601381010 69 API calls 9574->9581 9576 7ff601381010 69 API calls 9575->9576 9578 7ff6013825ee 9576->9578 9579 7ff601382090 75 API calls 9577->9579 9580 7ff601382281 ImpersonateLoggedOnUser CloseHandle 9579->9580 9582 7ff6013822a6 GetProcessHeap HeapAlloc 9580->9582 9599 7ff6013822e0 9580->9599 9583 7ff60138250f 9581->9583 9582->9599 9588 7ff60138258a RevertToSelf 9583->9588 9589 7ff601382590 9583->9589 9584 7ff601382473 9584->9583 9587 7ff601382487 CreateProcessWithTokenW 9584->9587 9585 7ff6013823e3 GetCurrentProcessId ProcessIdToSessionId SetTokenInformation 9586 7ff601382410 CreateProcessAsUserW 9585->9586 9590 7ff60138253d 9586->9590 9591 7ff60138245f GetLastError 9586->9591 9587->9574 9594 7ff6013824fb GetLastError 9587->9594 9588->9589 9595 7ff6013825a7 9589->9595 9596 7ff601382595 HeapFree 9589->9596 9593 7ff601381010 69 API calls 9590->9593 9592 7ff601381010 69 API calls 9591->9592 9592->9584 9597 7ff601382549 9593->9597 9598 7ff601381010 69 API calls 9594->9598 9602 7ff601386f0c 64 API calls 9595->9602 9596->9595 9600 7ff60138256a CloseHandle CloseHandle 9597->9600 9601 7ff601381010 69 API calls 9597->9601 9598->9583 9599->9584 9599->9585 9599->9586 9600->9583 9604 7ff60138255a WaitForSingleObject 9601->9604 9603 7ff6013825b9 9602->9603 9605 7ff601382d90 _handle_error 8 API calls 9603->9605 9604->9600 9606 7ff6013825c7 9605->9606 9606->9222 9608 7ff601389872 9607->9608 9609 7ff601389887 9607->9609 9610 7ff60138c1c0 memcpy_s 14 API calls 9608->9610 9609->9608 9611 7ff60138988c 9609->9611 9612 7ff601389877 9610->9612 9616 7ff601386f74 9611->9616 9614 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 9612->9614 9615 7ff60138105b 9614->9615 9615->9188 9623 7ff601386c08 EnterCriticalSection 9616->9623 9618 7ff601386f91 9619 7ff601387730 67 API calls 9618->9619 9620 7ff601386f9a 9619->9620 9621 7ff601386c14 LeaveCriticalSection 9620->9621 9622 7ff601386fa4 9621->9622 9622->9615 9625 7ff601386f1a 9624->9625 9626 7ff601386f21 9624->9626 9630 7ff601386ddc 9625->9630 9628 7ff601386f1f 9626->9628 9633 7ff601386d9c 9626->9633 9628->9509 9640 7ff601386cbc 9630->9640 9648 7ff601386c08 EnterCriticalSection 9633->9648 9647 7ff60138cc84 EnterCriticalSection 9640->9647 9650 7ff601382f67 9649->9650 9651 7ff60138291c CLSIDFromString CoGetInstanceFromIStorage 9650->9651 9652 7ff60138a168 _invalid_parameter_noinfo 2 API calls 9650->9652 9653 7ff601382f86 9650->9653 9651->9535 9651->9536 9652->9650 9654 7ff601382f91 9653->9654 9675 7ff601383358 9653->9675 9679 7ff601383378 9654->9679 9659 7ff60138a021 9658->9659 9660 7ff601389ffd 9658->9660 9663 7ff60138a05b 9659->9663 9664 7ff60138a07a 9659->9664 9660->9659 9661 7ff60138a002 9660->9661 9662 7ff60138c1c0 memcpy_s 14 API calls 9661->9662 9665 7ff60138a007 9662->9665 9666 7ff60138c1c0 memcpy_s 14 API calls 9663->9666 9688 7ff601387680 9664->9688 9668 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 9665->9668 9669 7ff60138a060 9666->9669 9670 7ff60138a012 9668->9670 9671 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 9669->9671 9670->9556 9672 7ff60138a06b 9671->9672 9672->9556 9673 7ff60138a087 9673->9672 9674 7ff60138f8dc 35 API calls 9673->9674 9674->9673 9676 7ff601383366 std::bad_alloc::bad_alloc 9675->9676 9683 7ff601384534 9676->9683 9678 7ff601383377 9680 7ff601383386 std::bad_alloc::bad_alloc 9679->9680 9681 7ff601384534 Concurrency::cancel_current_task 2 API calls 9680->9681 9682 7ff601382f97 9681->9682 9684 7ff601384570 RtlPcToFileHeader 9683->9684 9687 7ff601384553 9683->9687 9685 7ff601384588 9684->9685 9686 7ff601384597 RaiseException 9684->9686 9685->9686 9686->9678 9687->9684 9689 7ff6013876a4 9688->9689 9695 7ff60138769f 9688->9695 9689->9695 9696 7ff60138e504 GetLastError 9689->9696 9695->9673 9697 7ff60138e52b 9696->9697 9698 7ff60138e526 9696->9698 9700 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9697->9700 9702 7ff60138e533 SetLastError 9697->9702 9699 7ff60138c62c _invalid_parameter_noinfo 6 API calls 9698->9699 9699->9697 9701 7ff60138e54e 9700->9701 9701->9702 9704 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9701->9704 9706 7ff60138e5d2 9702->9706 9707 7ff6013876bf 9702->9707 9705 7ff60138e561 9704->9705 9708 7ff60138e57f 9705->9708 9709 7ff60138e56f 9705->9709 9731 7ff60138b2e0 9706->9731 9723 7ff60138e7ac 9707->9723 9712 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9708->9712 9713 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9709->9713 9714 7ff60138e587 9712->9714 9715 7ff60138e576 9713->9715 9716 7ff60138e58b 9714->9716 9717 7ff60138e59d 9714->9717 9720 7ff60138c258 __free_lconv_mon 14 API calls 9715->9720 9718 7ff60138c674 _invalid_parameter_noinfo 6 API calls 9716->9718 9719 7ff60138e2b4 _invalid_parameter_noinfo 14 API calls 9717->9719 9718->9715 9721 7ff60138e5a5 9719->9721 9720->9702 9722 7ff60138c258 __free_lconv_mon 14 API calls 9721->9722 9722->9702 9724 7ff60138e7c1 9723->9724 9725 7ff6013876e2 9723->9725 9724->9725 9775 7ff601391aa8 9724->9775 9727 7ff60138e7e0 9725->9727 9728 7ff60138e7f5 9727->9728 9729 7ff60138e808 9727->9729 9728->9729 9788 7ff6013907a8 9728->9788 9729->9695 9740 7ff601391d44 9731->9740 9766 7ff601391cfc 9740->9766 9771 7ff60138cc84 EnterCriticalSection 9766->9771 9776 7ff60138e504 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 9775->9776 9777 7ff601391ab7 9776->9777 9778 7ff601391b02 9777->9778 9787 7ff60138cc84 EnterCriticalSection 9777->9787 9778->9725 9789 7ff60138e504 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 9788->9789 9790 7ff6013907b1 9789->9790 9792 7ff6013820b9 GetLastError 9791->9792 9793 7ff6013820e2 AdjustTokenPrivileges 9791->9793 9796 7ff601381010 69 API calls 9792->9796 9794 7ff601382128 GetLastError 9793->9794 9795 7ff601382140 PrivilegeCheck 9793->9795 9797 7ff601381010 69 API calls 9794->9797 9798 7ff601382179 GetLastError 9795->9798 9803 7ff60138213c 9795->9803 9799 7ff6013820cd 9796->9799 9797->9803 9800 7ff601381010 69 API calls 9798->9800 9801 7ff601382d90 _handle_error 8 API calls 9799->9801 9800->9803 9802 7ff6013820dc 9801->9802 9802->9566 9804 7ff601382d90 _handle_error 8 API calls 9803->9804 9805 7ff6013821af 9804->9805 9805->9566 9807 7ff60138e504 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 9806->9807 9808 7ff60138b2c9 9807->9808 9809 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 9808->9809 9810 7ff60138b2df 9809->9810 11257 7ff601383200 11260 7ff601383604 11257->11260 11261 7ff601383209 11260->11261 11262 7ff601383627 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 11260->11262 11262->11261 9950 7ff601390b7c 9951 7ff601390ba4 9950->9951 9953 7ff601390bb8 9950->9953 9952 7ff60138c1c0 memcpy_s 14 API calls 9951->9952 9972 7ff601390ba9 9952->9972 9954 7ff601390e4b 9953->9954 9956 7ff601390bf7 9953->9956 10000 7ff601390ea0 9953->10000 9955 7ff60138c1c0 memcpy_s 14 API calls 9954->9955 9957 7ff601390c82 9955->9957 9959 7ff601390c51 9956->9959 9960 7ff601390c1f 9956->9960 9975 7ff601390c45 9956->9975 9967 7ff60138c258 __free_lconv_mon 14 API calls 9957->9967 9959->9957 9966 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9959->9966 9980 7ff601390c79 9959->9980 10015 7ff60138aa10 9960->10015 9963 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9968 7ff601390ca4 9963->9968 9964 7ff601390d00 9969 7ff601390d1d 9964->9969 9977 7ff601390d70 9964->9977 9971 7ff601390c6b 9966->9971 9967->9972 9973 7ff60138c258 __free_lconv_mon 14 API calls 9968->9973 9974 7ff60138c258 __free_lconv_mon 14 API calls 9969->9974 9970 7ff601390c2d 9970->9975 9979 7ff601390ea0 34 API calls 9970->9979 9976 7ff60138c258 __free_lconv_mon 14 API calls 9971->9976 9973->9975 9978 7ff601390d26 9974->9978 9975->9957 9975->9964 10021 7ff601394b18 9975->10021 9976->9980 9977->9957 9981 7ff601391b80 34 API calls 9977->9981 9986 7ff601390d2c 9978->9986 10045 7ff601391b80 9978->10045 9979->9975 9980->9957 9980->9963 9980->9975 9982 7ff601390dac 9981->9982 9983 7ff60138c258 __free_lconv_mon 14 API calls 9982->9983 9983->9986 9985 7ff601390d58 9987 7ff60138c258 __free_lconv_mon 14 API calls 9985->9987 9986->9957 9986->9986 9988 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 9986->9988 9987->9986 9989 7ff601390df7 9988->9989 9990 7ff601390e39 9989->9990 9992 7ff6013898e0 31 API calls 9989->9992 9991 7ff60138c258 __free_lconv_mon 14 API calls 9990->9991 9991->9957 9993 7ff601390e0d 9992->9993 9994 7ff601390e11 SetEnvironmentVariableW 9993->9994 9995 7ff601390e89 9993->9995 9994->9990 9996 7ff601390e34 9994->9996 9997 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 9995->9997 9998 7ff60138c1c0 memcpy_s 14 API calls 9996->9998 9999 7ff601390e9d 9997->9999 9998->9990 10001 7ff601390ee0 10000->10001 10002 7ff601390ec3 10000->10002 10003 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 10001->10003 10002->9956 10010 7ff601390f04 10003->10010 10004 7ff601390f88 10006 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 10004->10006 10005 7ff601390f65 10007 7ff60138c258 __free_lconv_mon 14 API calls 10005->10007 10008 7ff601390f8e 10006->10008 10007->10002 10009 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 10009->10010 10010->10004 10010->10005 10010->10009 10011 7ff60138c258 __free_lconv_mon 14 API calls 10010->10011 10012 7ff6013898e0 31 API calls 10010->10012 10013 7ff601390f74 10010->10013 10011->10010 10012->10010 10014 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 10013->10014 10014->10004 10016 7ff60138aa20 10015->10016 10019 7ff60138aa29 10015->10019 10017 7ff60138a764 34 API calls 10016->10017 10016->10019 10018 7ff60138aa32 10017->10018 10018->10019 10020 7ff60138a924 15 API calls 10018->10020 10019->9954 10019->9970 10020->10019 10022 7ff601394b25 10021->10022 10026 7ff601394b52 10021->10026 10023 7ff601394b2a 10022->10023 10022->10026 10024 7ff60138c1c0 memcpy_s 14 API calls 10023->10024 10025 7ff601394b2f 10024->10025 10028 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10025->10028 10027 7ff601394b96 10026->10027 10029 7ff601394bb5 10026->10029 10041 7ff601394b8a __crtLCMapStringW 10026->10041 10030 7ff60138c1c0 memcpy_s 14 API calls 10027->10030 10031 7ff601394b3a 10028->10031 10032 7ff601394bbf 10029->10032 10033 7ff601394bd1 10029->10033 10034 7ff601394b9b 10030->10034 10031->9975 10035 7ff60138c1c0 memcpy_s 14 API calls 10032->10035 10036 7ff601387680 34 API calls 10033->10036 10037 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10034->10037 10038 7ff601394bc4 10035->10038 10039 7ff601394bde 10036->10039 10037->10041 10040 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10038->10040 10039->10041 10054 7ff601395da0 10039->10054 10040->10041 10041->9975 10044 7ff60138c1c0 memcpy_s 14 API calls 10044->10041 10046 7ff601391bbf 10045->10046 10047 7ff601391ba2 10045->10047 10052 7ff601391bc9 10046->10052 10067 7ff601394ca4 10046->10067 10047->10046 10048 7ff601391bb0 10047->10048 10049 7ff60138c1c0 memcpy_s 14 API calls 10048->10049 10053 7ff601391bb5 memcpy_s 10049->10053 10074 7ff601394ce0 10052->10074 10053->9985 10055 7ff601395dc9 __crtLCMapStringW 10054->10055 10056 7ff601394c1a 10055->10056 10058 7ff60138c4c0 10055->10058 10056->10041 10056->10044 10059 7ff60138c298 try_get_function 5 API calls 10058->10059 10060 7ff60138c4fe 10059->10060 10061 7ff60138c503 10060->10061 10064 7ff60138c808 10060->10064 10061->10056 10063 7ff60138c55f CompareStringW 10063->10061 10065 7ff60138c298 try_get_function 5 API calls 10064->10065 10066 7ff60138c836 __crtLCMapStringW 10065->10066 10066->10063 10068 7ff601394cc6 HeapSize 10067->10068 10069 7ff601394cad 10067->10069 10070 7ff60138c1c0 memcpy_s 14 API calls 10069->10070 10071 7ff601394cb2 10070->10071 10072 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10071->10072 10073 7ff601394cbd 10072->10073 10073->10052 10075 7ff601394cff 10074->10075 10076 7ff601394cf5 10074->10076 10078 7ff601394d04 10075->10078 10084 7ff601394d0b _invalid_parameter_noinfo 10075->10084 10077 7ff60138da88 15 API calls 10076->10077 10082 7ff601394cfd 10077->10082 10079 7ff60138c258 __free_lconv_mon 14 API calls 10078->10079 10079->10082 10080 7ff601394d3e HeapReAlloc 10080->10082 10080->10084 10081 7ff601394d11 10083 7ff60138c1c0 memcpy_s 14 API calls 10081->10083 10082->10053 10083->10082 10084->10080 10084->10081 10085 7ff60138a168 _invalid_parameter_noinfo 2 API calls 10084->10085 10085->10084 11263 7ff60138cbfc 11266 7ff60138cc08 11263->11266 11265 7ff60138cc2f 11266->11265 11267 7ff601391040 11266->11267 11268 7ff601391045 11267->11268 11272 7ff601391080 11267->11272 11269 7ff601391066 DeleteCriticalSection 11268->11269 11270 7ff601391078 11268->11270 11269->11269 11269->11270 11271 7ff60138c258 __free_lconv_mon 14 API calls 11270->11271 11271->11272 11272->11266 11273 7ff601396f06 11274 7ff601384820 _CallSETranslator 43 API calls 11273->11274 11275 7ff601396f1d 11274->11275 11276 7ff601384820 _CallSETranslator 43 API calls 11275->11276 11277 7ff601396f38 11276->11277 11282 7ff601385628 11277->11282 11279 7ff601396f79 11280 7ff601384820 _CallSETranslator 43 API calls 11279->11280 11281 7ff601396f7e 11280->11281 11283 7ff601385655 __except_validate_context_record 11282->11283 11284 7ff601384820 _CallSETranslator 43 API calls 11283->11284 11285 7ff60138565a 11284->11285 11287 7ff601385742 11285->11287 11289 7ff6013856b4 11285->11289 11303 7ff601385708 11285->11303 11286 7ff6013857b0 11286->11303 11346 7ff601384e08 11286->11346 11297 7ff601385761 11287->11297 11340 7ff601384038 11287->11340 11290 7ff60138572f 11289->11290 11291 7ff60138570d 11289->11291 11292 7ff6013856d6 11289->11292 11289->11303 11331 7ff601383c34 11290->11331 11291->11290 11296 7ff6013856e5 11291->11296 11307 7ff601384a0c 11292->11307 11298 7ff601385859 11296->11298 11301 7ff6013856f7 11296->11301 11297->11286 11297->11303 11343 7ff60138404c 11297->11343 11300 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11298->11300 11302 7ff60138585e 11300->11302 11312 7ff601385b30 11301->11312 11305 7ff60138447c __std_exception_copy 31 API calls 11302->11305 11303->11279 11306 7ff601385889 11305->11306 11306->11279 11308 7ff601384a1a 11307->11308 11309 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11308->11309 11311 7ff601384a2b 11308->11311 11310 7ff601384a71 11309->11310 11311->11296 11313 7ff601384038 Is_bad_exception_allowed 43 API calls 11312->11313 11314 7ff601385b5f 11313->11314 11408 7ff601384968 11314->11408 11317 7ff601384820 _CallSETranslator 43 API calls 11326 7ff601385b7c __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 11317->11326 11318 7ff601385c73 11319 7ff601384820 _CallSETranslator 43 API calls 11318->11319 11321 7ff601385c78 11319->11321 11320 7ff601385cae 11322 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11320->11322 11323 7ff601384820 _CallSETranslator 43 API calls 11321->11323 11325 7ff601385c83 11321->11325 11322->11325 11323->11325 11324 7ff601385c90 __FrameHandler3::GetHandlerSearchState 11324->11303 11325->11324 11327 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11325->11327 11326->11318 11326->11320 11329 7ff601384038 43 API calls Is_bad_exception_allowed 11326->11329 11330 7ff601384060 __FrameHandler3::FrameUnwindToEmptyState 43 API calls 11326->11330 11328 7ff601385cb9 11327->11328 11329->11326 11330->11326 11412 7ff601383c98 11331->11412 11338 7ff601385b30 __FrameHandler3::FrameUnwindToEmptyState 43 API calls 11339 7ff601383c88 11338->11339 11339->11303 11341 7ff601384820 _CallSETranslator 43 API calls 11340->11341 11342 7ff601384041 11341->11342 11342->11297 11344 7ff601384820 _CallSETranslator 43 API calls 11343->11344 11345 7ff601384055 11344->11345 11345->11286 11426 7ff601385cbc 11346->11426 11348 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11349 7ff6013852cc 11348->11349 11350 7ff601385217 11388 7ff6013852c6 11350->11388 11395 7ff601385215 11350->11395 11489 7ff6013852d0 11350->11489 11351 7ff601384f4e 11351->11350 11353 7ff601384f86 11351->11353 11352 7ff601384820 _CallSETranslator 43 API calls 11355 7ff601385259 11352->11355 11362 7ff601385144 11353->11362 11454 7ff601383d64 11353->11454 11358 7ff601385260 11355->11358 11355->11388 11356 7ff601384820 _CallSETranslator 43 API calls 11360 7ff601384eb5 11356->11360 11361 7ff601382d90 _handle_error 8 API calls 11358->11361 11360->11358 11365 7ff601384820 _CallSETranslator 43 API calls 11360->11365 11363 7ff60138526c 11361->11363 11364 7ff601384038 Is_bad_exception_allowed 43 API calls 11362->11364 11366 7ff601385165 11362->11366 11362->11395 11363->11303 11364->11366 11368 7ff601384ec5 11365->11368 11370 7ff601385187 11366->11370 11366->11395 11481 7ff601383c08 11366->11481 11369 7ff601384820 _CallSETranslator 43 API calls 11368->11369 11371 7ff601384ece 11369->11371 11372 7ff60138519d 11370->11372 11373 7ff6013852a9 11370->11373 11370->11395 11438 7ff601384078 11371->11438 11376 7ff6013851a8 11372->11376 11377 7ff601384038 Is_bad_exception_allowed 43 API calls 11372->11377 11374 7ff601384820 _CallSETranslator 43 API calls 11373->11374 11378 7ff6013852af 11374->11378 11381 7ff601385d54 __GSHandlerCheck_EH 43 API calls 11376->11381 11377->11376 11380 7ff601384820 _CallSETranslator 43 API calls 11378->11380 11382 7ff6013852b8 11380->11382 11384 7ff6013851bf 11381->11384 11386 7ff60138b2c0 __GSHandlerCheck_EH 34 API calls 11382->11386 11383 7ff60138404c 43 API calls __GSHandlerCheck_EH 11398 7ff601384fb5 11383->11398 11389 7ff601383c98 _GetEstablisherFrame 35 API calls 11384->11389 11384->11395 11385 7ff601384820 _CallSETranslator 43 API calls 11387 7ff601384f10 11385->11387 11386->11388 11387->11351 11391 7ff601384820 _CallSETranslator 43 API calls 11387->11391 11388->11348 11390 7ff6013851d9 11389->11390 11486 7ff601383ea4 RtlUnwindEx 11390->11486 11393 7ff601384f1c 11391->11393 11396 7ff601384820 _CallSETranslator 43 API calls 11393->11396 11395->11352 11397 7ff601384f25 11396->11397 11441 7ff601385d54 11397->11441 11398->11362 11398->11383 11460 7ff6013854e8 11398->11460 11474 7ff601384d34 11398->11474 11402 7ff601384f39 11450 7ff601385e44 11402->11450 11404 7ff6013852a3 11405 7ff60138b2c0 __GSHandlerCheck_EH 34 API calls 11404->11405 11405->11373 11406 7ff601384f41 __CxxCallCatchBlock std::bad_alloc::bad_alloc 11406->11404 11407 7ff601384534 Concurrency::cancel_current_task 2 API calls 11406->11407 11407->11404 11409 7ff60138498a 11408->11409 11410 7ff60138497f 11408->11410 11409->11317 11411 7ff601384a0c __GetCurrentState 34 API calls 11410->11411 11411->11409 11413 7ff601384a04 __FrameHandler3::ExecutionInCatch 34 API calls 11412->11413 11416 7ff601383cc6 11413->11416 11414 7ff601383c53 11417 7ff601384a04 11414->11417 11415 7ff601383cef RtlLookupFunctionEntry 11415->11416 11416->11414 11416->11415 11418 7ff601384a0c 11417->11418 11419 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11418->11419 11421 7ff601383c61 11418->11421 11420 7ff601384a71 11419->11420 11422 7ff601383bb4 11421->11422 11423 7ff601383bcb 11422->11423 11424 7ff601384820 _CallSETranslator 43 API calls 11423->11424 11425 7ff601383bf3 11423->11425 11424->11423 11425->11338 11427 7ff601384a04 __FrameHandler3::ExecutionInCatch 34 API calls 11426->11427 11428 7ff601385ce1 11427->11428 11429 7ff601383c98 _GetEstablisherFrame 35 API calls 11428->11429 11430 7ff601385cf6 11429->11430 11507 7ff601384990 11430->11507 11433 7ff601385d2b 11435 7ff601384990 __GetUnwindTryBlock 35 API calls 11433->11435 11434 7ff601385d08 __FrameHandler3::GetHandlerSearchState 11510 7ff6013849c8 11434->11510 11436 7ff601384e69 11435->11436 11436->11351 11436->11356 11436->11388 11439 7ff601384820 _CallSETranslator 43 API calls 11438->11439 11440 7ff601384086 11439->11440 11440->11385 11440->11388 11442 7ff601385e3b 11441->11442 11447 7ff601385d7f 11441->11447 11444 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11442->11444 11443 7ff601384f35 11443->11351 11443->11402 11446 7ff601385e40 11444->11446 11445 7ff60138404c 43 API calls __GSHandlerCheck_EH 11445->11447 11447->11443 11447->11445 11448 7ff601384038 Is_bad_exception_allowed 43 API calls 11447->11448 11449 7ff6013854e8 __GSHandlerCheck_EH 43 API calls 11447->11449 11448->11447 11449->11447 11451 7ff601385eb1 11450->11451 11453 7ff601385e61 Is_bad_exception_allowed 11450->11453 11451->11406 11452 7ff601384038 43 API calls Is_bad_exception_allowed 11452->11453 11453->11451 11453->11452 11455 7ff601384a04 __FrameHandler3::ExecutionInCatch 34 API calls 11454->11455 11456 7ff601383da3 11455->11456 11457 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11456->11457 11459 7ff601383db1 11456->11459 11458 7ff601383ea2 11457->11458 11459->11398 11461 7ff601385515 11460->11461 11473 7ff6013855a4 11460->11473 11462 7ff601384038 Is_bad_exception_allowed 43 API calls 11461->11462 11463 7ff60138551e 11462->11463 11464 7ff601384038 Is_bad_exception_allowed 43 API calls 11463->11464 11465 7ff601385537 11463->11465 11463->11473 11464->11465 11466 7ff601385563 11465->11466 11467 7ff601384038 Is_bad_exception_allowed 43 API calls 11465->11467 11465->11473 11468 7ff60138404c __GSHandlerCheck_EH 43 API calls 11466->11468 11467->11466 11469 7ff601385577 11468->11469 11470 7ff601385590 11469->11470 11471 7ff601384038 Is_bad_exception_allowed 43 API calls 11469->11471 11469->11473 11472 7ff60138404c __GSHandlerCheck_EH 43 API calls 11470->11472 11471->11470 11472->11473 11473->11398 11475 7ff601383c98 _GetEstablisherFrame 35 API calls 11474->11475 11476 7ff601384d71 __GSHandlerCheck_EH 11475->11476 11477 7ff601384038 Is_bad_exception_allowed 43 API calls 11476->11477 11478 7ff601384da9 11477->11478 11479 7ff601383ea4 __GSHandlerCheck_EH 9 API calls 11478->11479 11480 7ff601384ded 11479->11480 11480->11398 11482 7ff601384a04 __FrameHandler3::ExecutionInCatch 34 API calls 11481->11482 11483 7ff601383c1c 11482->11483 11484 7ff601383bb4 _CatchTryBlock 43 API calls 11483->11484 11485 7ff601383c26 11484->11485 11485->11370 11487 7ff601382d90 _handle_error 8 API calls 11486->11487 11488 7ff601383f9e 11487->11488 11488->11395 11490 7ff601385306 11489->11490 11491 7ff601385374 11489->11491 11492 7ff601384820 _CallSETranslator 43 API calls 11490->11492 11491->11395 11493 7ff60138530b 11492->11493 11494 7ff60138531a EncodePointer 11493->11494 11495 7ff601385370 11493->11495 11496 7ff601384820 _CallSETranslator 43 API calls 11494->11496 11495->11491 11497 7ff6013853a9 11495->11497 11498 7ff6013854df 11495->11498 11502 7ff60138532a 11496->11502 11499 7ff601383d64 __GSHandlerCheck_EH 34 API calls 11497->11499 11500 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11498->11500 11506 7ff6013853c6 11499->11506 11501 7ff6013854e4 11500->11501 11502->11495 11513 7ff601383b60 11502->11513 11504 7ff601384038 43 API calls Is_bad_exception_allowed 11504->11506 11505 7ff601384d34 __GSHandlerCheck_EH 45 API calls 11505->11506 11506->11491 11506->11504 11506->11505 11508 7ff601383c98 _GetEstablisherFrame 35 API calls 11507->11508 11509 7ff6013849a3 11508->11509 11509->11433 11509->11434 11511 7ff601383c98 _GetEstablisherFrame 35 API calls 11510->11511 11512 7ff6013849e2 11511->11512 11512->11436 11514 7ff601384820 _CallSETranslator 43 API calls 11513->11514 11515 7ff601383b8c 11514->11515 11515->11495 11516 7ff601383214 11517 7ff60138447c __std_exception_copy 31 API calls 11516->11517 11518 7ff60138323d 11517->11518 10086 7ff60138c88c 10087 7ff60138c8c5 10086->10087 10088 7ff60138c896 10086->10088 10088->10087 10089 7ff60138c8ab FreeLibrary 10088->10089 10089->10088 11519 7ff601396b20 11520 7ff601396b58 __GSHandlerCheckCommon 11519->11520 11521 7ff601396b84 11520->11521 11523 7ff601384090 11520->11523 11524 7ff601384820 _CallSETranslator 43 API calls 11523->11524 11525 7ff6013840ba 11524->11525 11526 7ff601384820 _CallSETranslator 43 API calls 11525->11526 11527 7ff6013840c7 11526->11527 11528 7ff601384820 _CallSETranslator 43 API calls 11527->11528 11529 7ff6013840d0 11528->11529 11530 7ff601385628 __GSHandlerCheck_EH 48 API calls 11529->11530 11531 7ff601384101 11530->11531 11531->11521 10090 7ff601396f97 10091 7ff601396faf 10090->10091 10097 7ff60139701a 10090->10097 10091->10097 10098 7ff601384820 10091->10098 10094 7ff601384820 _CallSETranslator 43 API calls 10095 7ff601397011 10094->10095 10096 7ff60138b2c0 __GSHandlerCheck_EH 34 API calls 10095->10096 10096->10097 10104 7ff60138483c 10098->10104 10101 7ff60138482e 10101->10094 10102 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 10103 7ff601384838 10102->10103 10105 7ff60138485b GetLastError 10104->10105 10106 7ff601384829 10104->10106 10116 7ff6013861b4 10105->10116 10106->10101 10106->10102 10117 7ff601385fd8 __vcrt_FlsAlloc 5 API calls 10116->10117 10118 7ff6013861db TlsGetValue 10117->10118 11532 7ff60138b218 11533 7ff60138c258 __free_lconv_mon 14 API calls 11532->11533 11534 7ff60138b228 11533->11534 11535 7ff60138c258 __free_lconv_mon 14 API calls 11534->11535 11536 7ff60138b23c 11535->11536 11537 7ff60138c258 __free_lconv_mon 14 API calls 11536->11537 11538 7ff60138b250 11537->11538 11539 7ff60138c258 __free_lconv_mon 14 API calls 11538->11539 11540 7ff60138b264 11539->11540 11541 7ff601391c18 GetProcessHeap 10120 7ff601382fa0 10121 7ff601382fb0 10120->10121 10137 7ff60138ab80 10121->10137 10123 7ff601382fbc 10143 7ff60138343c 10123->10143 10125 7ff601383029 10126 7ff601383720 7 API calls 10125->10126 10136 7ff601383045 10125->10136 10128 7ff601383055 10126->10128 10127 7ff601382fd4 _RTC_Initialize 10127->10125 10148 7ff6013835ec 10127->10148 10130 7ff601382fe9 10151 7ff60138a5e0 10130->10151 10138 7ff60138ab91 10137->10138 10139 7ff60138c1c0 memcpy_s 14 API calls 10138->10139 10142 7ff60138ab99 10138->10142 10140 7ff60138aba8 10139->10140 10141 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10140->10141 10141->10142 10142->10123 10144 7ff60138344d 10143->10144 10147 7ff601383452 __scrt_release_startup_lock 10143->10147 10145 7ff601383720 7 API calls 10144->10145 10144->10147 10146 7ff6013834c6 10145->10146 10147->10127 10176 7ff6013835b0 10148->10176 10150 7ff6013835f5 10150->10130 10152 7ff601382ff5 10151->10152 10153 7ff60138a600 10151->10153 10152->10125 10175 7ff6013836c0 InitializeSListHead 10152->10175 10154 7ff60138a61e GetModuleFileNameW 10153->10154 10155 7ff60138a608 10153->10155 10159 7ff60138a649 10154->10159 10156 7ff60138c1c0 memcpy_s 14 API calls 10155->10156 10157 7ff60138a60d 10156->10157 10158 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10157->10158 10158->10152 10191 7ff60138a580 10159->10191 10162 7ff60138a691 10163 7ff60138c1c0 memcpy_s 14 API calls 10162->10163 10164 7ff60138a696 10163->10164 10165 7ff60138c258 __free_lconv_mon 14 API calls 10164->10165 10165->10152 10166 7ff60138a6a9 10167 7ff60138a6cb 10166->10167 10169 7ff60138a710 10166->10169 10170 7ff60138a6f7 10166->10170 10168 7ff60138c258 __free_lconv_mon 14 API calls 10167->10168 10168->10152 10172 7ff60138c258 __free_lconv_mon 14 API calls 10169->10172 10171 7ff60138c258 __free_lconv_mon 14 API calls 10170->10171 10173 7ff60138a700 10171->10173 10172->10167 10174 7ff60138c258 __free_lconv_mon 14 API calls 10173->10174 10174->10152 10177 7ff6013835ca 10176->10177 10179 7ff6013835c3 10176->10179 10180 7ff60138b100 10177->10180 10179->10150 10183 7ff60138ad4c 10180->10183 10190 7ff60138cc84 EnterCriticalSection 10183->10190 10192 7ff60138a598 10191->10192 10193 7ff60138a5d0 10191->10193 10192->10193 10194 7ff60138c1e0 _invalid_parameter_noinfo 14 API calls 10192->10194 10193->10162 10193->10166 10195 7ff60138a5c6 10194->10195 10196 7ff60138c258 __free_lconv_mon 14 API calls 10195->10196 10196->10193 11542 7ff601381c1e 11543 7ff601381bf0 11542->11543 11544 7ff601381c0f 11543->11544 11549 7ff601381fd1 11543->11549 11545 7ff601381caf 11544->11545 11546 7ff601381010 69 API calls 11544->11546 11547 7ff601381cb4 11545->11547 11548 7ff601381cbe 11545->11548 11550 7ff601381ca3 11546->11550 11552 7ff601381130 96 API calls 11547->11552 11553 7ff601381cc7 11548->11553 11566 7ff601381ddf 11548->11566 11551 7ff601381010 69 API calls 11549->11551 11554 7ff601381010 69 API calls 11550->11554 11555 7ff601381fe0 11551->11555 11557 7ff601381cb9 11552->11557 11558 7ff601381010 69 API calls 11553->11558 11554->11545 11559 7ff601382600 69 API calls 11555->11559 11556 7ff601381e07 CreateEventW CreateEventW InitSecurityInterfaceW LogonUserW 11560 7ff601381ea1 ImpersonateLoggedOnUser 11556->11560 11561 7ff601381ff0 GetLastError 11556->11561 11564 7ff601382d90 _handle_error 8 API calls 11557->11564 11562 7ff601381cd3 CoInitialize CoCreateInstance 11558->11562 11565 7ff601381fe5 11559->11565 11568 7ff601382670 106 API calls 11560->11568 11567 7ff601381010 69 API calls 11561->11567 11574 7ff601381d0f 11562->11574 11563 7ff601382600 69 API calls 11569 7ff601382014 11563->11569 11570 7ff601381fa3 11564->11570 11565->11561 11566->11556 11571 7ff601381010 69 API calls 11566->11571 11572 7ff601382004 11566->11572 11567->11572 11573 7ff601381eb6 RevertToSelf 11568->11573 11571->11556 11572->11563 11575 7ff601381ec7 WaitForSingleObject 11573->11575 11576 7ff601381f44 WaitForSingleObject WaitForSingleObject 11573->11576 11584 7ff601381d33 11574->11584 11591 7ff601381d41 11574->11591 11577 7ff601381ed9 11575->11577 11578 7ff601381ee7 WaitForSingleObject 11575->11578 11579 7ff601381f61 CloseHandle CloseHandle CloseHandle CloseHandle 11576->11579 11580 7ff601381010 69 API calls 11577->11580 11581 7ff601381f02 11578->11581 11590 7ff601381f2b 11578->11590 11579->11557 11589 7ff601381ee5 11580->11589 11582 7ff601381f09 11581->11582 11583 7ff601381f17 11581->11583 11585 7ff601381010 69 API calls 11582->11585 11586 7ff6013821c0 95 API calls 11583->11586 11588 7ff601381010 69 API calls 11584->11588 11585->11589 11586->11590 11587 7ff601381010 69 API calls 11587->11589 11593 7ff601381d3f CoUninitialize 11588->11593 11589->11579 11590->11587 11592 7ff601381010 69 API calls 11591->11592 11591->11593 11592->11591 11593->11557 10197 7ff601386bac 10198 7ff601386bb7 10197->10198 10206 7ff60138c8d0 10198->10206 10219 7ff60138cc84 EnterCriticalSection 10206->10219 10220 7ff601386fb4 10221 7ff60138700b 10220->10221 10222 7ff601386ff3 10220->10222 10221->10222 10224 7ff601387015 10221->10224 10223 7ff60138c1c0 memcpy_s 14 API calls 10222->10223 10225 7ff601386ff8 10223->10225 10226 7ff601387680 34 API calls 10224->10226 10227 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10225->10227 10228 7ff601387026 10226->10228 10233 7ff601387003 10227->10233 10235 7ff601387cd4 10228->10235 10230 7ff601382d90 _handle_error 8 API calls 10231 7ff601387153 10230->10231 10232 7ff60138c258 __free_lconv_mon 14 API calls 10232->10233 10233->10230 10236 7ff601387f2c 10235->10236 10237 7ff601387d02 10235->10237 10238 7ff60138c1c0 memcpy_s 14 API calls 10236->10238 10239 7ff601387d08 10237->10239 10246 7ff601387d1f 10237->10246 10241 7ff601387f31 10238->10241 10242 7ff60138c1c0 memcpy_s 14 API calls 10239->10242 10240 7ff6013870c9 10240->10232 10243 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10241->10243 10244 7ff601387d0d 10242->10244 10243->10240 10245 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10244->10245 10245->10240 10246->10236 10246->10240 10250 7ff6013885dc 10246->10250 10268 7ff6013881c4 10246->10268 10292 7ff601387a1c 10246->10292 10251 7ff601388685 10250->10251 10262 7ff601388620 10250->10262 10252 7ff60138868f 10251->10252 10253 7ff601388716 10251->10253 10256 7ff6013886fc 10252->10256 10259 7ff60138869b 10252->10259 10319 7ff601388bc4 10253->10319 10255 7ff601388665 10267 7ff60138871f 10255->10267 10300 7ff601388e6c 10255->10300 10304 7ff60138921c 10256->10304 10265 7ff601388676 10259->10265 10259->10267 10310 7ff601389094 10259->10310 10261 7ff601382d90 _handle_error 8 API calls 10263 7ff601388888 10261->10263 10262->10253 10262->10255 10262->10259 10264 7ff601388655 10262->10264 10262->10265 10262->10267 10263->10246 10264->10253 10264->10255 10264->10265 10265->10267 10325 7ff6013895c4 10265->10325 10267->10261 10269 7ff6013881d2 10268->10269 10270 7ff6013881eb 10268->10270 10271 7ff601388685 10269->10271 10273 7ff601388211 10269->10273 10285 7ff601388620 10269->10285 10272 7ff60138c1c0 memcpy_s 14 API calls 10270->10272 10270->10273 10274 7ff60138868f 10271->10274 10275 7ff601388716 10271->10275 10276 7ff601388206 10272->10276 10273->10246 10280 7ff6013886fc 10274->10280 10283 7ff60138869b 10274->10283 10277 7ff601388bc4 36 API calls 10275->10277 10278 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10276->10278 10289 7ff601388676 10277->10289 10278->10273 10279 7ff601388665 10281 7ff601388e6c 35 API calls 10279->10281 10291 7ff60138871f 10279->10291 10282 7ff60138921c 31 API calls 10280->10282 10281->10289 10282->10289 10284 7ff601389094 32 API calls 10283->10284 10283->10289 10283->10291 10284->10289 10285->10275 10285->10279 10285->10283 10287 7ff601388655 10285->10287 10285->10289 10285->10291 10286 7ff601382d90 _handle_error 8 API calls 10288 7ff601388888 10286->10288 10287->10275 10287->10279 10287->10289 10288->10246 10290 7ff6013895c4 35 API calls 10289->10290 10289->10291 10290->10291 10291->10286 10293 7ff601387a45 10292->10293 10294 7ff601387a40 10292->10294 10573 7ff60138db14 10293->10573 10296 7ff60138c1c0 memcpy_s 14 API calls 10294->10296 10296->10293 10298 7ff601387a80 10298->10246 10299 7ff60138c1c0 memcpy_s 14 API calls 10299->10298 10301 7ff601388ea3 10300->10301 10303 7ff601388ed3 10301->10303 10329 7ff60138db40 10301->10329 10303->10265 10305 7ff60138923b 10304->10305 10306 7ff60138c1c0 memcpy_s 14 API calls 10305->10306 10309 7ff60138924f 10305->10309 10307 7ff601389244 10306->10307 10308 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10307->10308 10308->10309 10309->10265 10311 7ff6013890be 10310->10311 10312 7ff6013890f3 10311->10312 10313 7ff6013890dc 10311->10313 10318 7ff6013890ec 10312->10318 10360 7ff601387230 10312->10360 10314 7ff60138c1c0 memcpy_s 14 API calls 10313->10314 10315 7ff6013890e1 10314->10315 10317 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10315->10317 10317->10318 10318->10265 10320 7ff601388be8 10319->10320 10370 7ff601387188 10320->10370 10324 7ff601388d04 10324->10265 10326 7ff60138966a 10325->10326 10327 7ff6013895e7 10325->10327 10326->10267 10327->10326 10328 7ff60138db40 35 API calls 10327->10328 10328->10327 10330 7ff60138db68 10329->10330 10337 7ff60138db76 10329->10337 10331 7ff601387680 34 API calls 10330->10331 10330->10337 10332 7ff60138db94 10331->10332 10333 7ff60138dba2 10332->10333 10334 7ff60138dbc4 10332->10334 10345 7ff601392508 10333->10345 10334->10337 10348 7ff6013926f8 10334->10348 10337->10303 10339 7ff60138dc08 10341 7ff60138dc3d 10339->10341 10351 7ff601390a80 10339->10351 10340 7ff60138dc5a 10342 7ff601390a80 MultiByteToWideChar 10340->10342 10341->10337 10343 7ff60138c1c0 memcpy_s 14 API calls 10341->10343 10342->10341 10343->10337 10354 7ff601394f58 10345->10354 10349 7ff601387680 34 API calls 10348->10349 10350 7ff60138dc04 10349->10350 10350->10339 10350->10340 10352 7ff601390a88 MultiByteToWideChar 10351->10352 10356 7ff601394fb5 10354->10356 10357 7ff601394fc1 10354->10357 10355 7ff601382d90 _handle_error 8 API calls 10359 7ff60139251b 10355->10359 10356->10355 10357->10356 10358 7ff60138c1c0 memcpy_s 14 API calls 10357->10358 10358->10356 10359->10337 10361 7ff601387256 10360->10361 10362 7ff601387265 10360->10362 10363 7ff60138c1c0 memcpy_s 14 API calls 10361->10363 10364 7ff60138725b 10362->10364 10365 7ff60138da88 15 API calls 10362->10365 10363->10364 10364->10318 10366 7ff601387295 10365->10366 10367 7ff6013872a9 10366->10367 10368 7ff60138c258 __free_lconv_mon 14 API calls 10366->10368 10369 7ff60138c258 __free_lconv_mon 14 API calls 10367->10369 10368->10367 10369->10364 10371 7ff6013871bd 10370->10371 10372 7ff6013871ae 10370->10372 10374 7ff6013871b3 10371->10374 10375 7ff60138da88 15 API calls 10371->10375 10373 7ff60138c1c0 memcpy_s 14 API calls 10372->10373 10373->10374 10380 7ff60138f220 10374->10380 10376 7ff6013871ea 10375->10376 10377 7ff6013871fe 10376->10377 10378 7ff60138c258 __free_lconv_mon 14 API calls 10376->10378 10379 7ff60138c258 __free_lconv_mon 14 API calls 10377->10379 10378->10377 10379->10374 10381 7ff60138f262 10380->10381 10382 7ff60138f24a 10380->10382 10381->10382 10386 7ff60138f279 10381->10386 10383 7ff60138c1c0 memcpy_s 14 API calls 10382->10383 10384 7ff60138f24f 10383->10384 10385 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10384->10385 10394 7ff60138f25b 10385->10394 10390 7ff60138f38a 10386->10390 10401 7ff60138f2c2 10386->10401 10387 7ff60138f4eb 10485 7ff60138e814 10387->10485 10388 7ff60138f4ae 10478 7ff60138eb94 10388->10478 10390->10387 10390->10388 10391 7ff60138f41a 10390->10391 10393 7ff60138f3da 10390->10393 10396 7ff60138f3cc 10390->10396 10427 7ff601392d8c 10391->10427 10417 7ff60138efc0 10393->10417 10394->10324 10396->10388 10399 7ff60138f3d5 10396->10399 10399->10391 10399->10393 10401->10394 10408 7ff60138b338 10401->10408 10402 7ff60138f47b 10402->10394 10475 7ff60138ee58 10402->10475 10406 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 10407 7ff60138f556 10406->10407 10409 7ff60138b34f 10408->10409 10410 7ff60138b345 10408->10410 10411 7ff60138c1c0 memcpy_s 14 API calls 10409->10411 10410->10409 10415 7ff60138b36a 10410->10415 10412 7ff60138b356 10411->10412 10413 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10412->10413 10414 7ff60138b362 10413->10414 10414->10394 10414->10406 10415->10414 10416 7ff60138c1c0 memcpy_s 14 API calls 10415->10416 10416->10412 10418 7ff601392d8c 32 API calls 10417->10418 10419 7ff60138f002 10418->10419 10420 7ff601392800 31 API calls 10419->10420 10421 7ff60138f050 10420->10421 10422 7ff60138f054 10421->10422 10423 7ff60138f0ad 10421->10423 10424 7ff60138f070 10421->10424 10422->10394 10495 7ff60138ec84 10423->10495 10426 7ff60138ee58 34 API calls 10424->10426 10426->10422 10428 7ff601392dd6 fegetenv 10427->10428 10508 7ff601395260 10428->10508 10430 7ff601392e2a 10431 7ff601392e55 10430->10431 10434 7ff601392e7e 10430->10434 10432 7ff60138b338 __std_exception_copy 31 API calls 10431->10432 10433 7ff601392e71 10432->10433 10436 7ff601393fba 10433->10436 10441 7ff601392e79 10433->10441 10439 7ff601393f44 10434->10439 10440 7ff601392ee7 10434->10440 10435 7ff60138b338 __std_exception_copy 31 API calls 10435->10433 10437 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 10436->10437 10438 7ff601393fcf 10437->10438 10439->10435 10514 7ff601395450 10440->10514 10442 7ff601382d90 _handle_error 8 API calls 10441->10442 10444 7ff60138f440 10442->10444 10466 7ff601392800 10444->10466 10445 7ff6013932fc memcpy_s 10446 7ff601392f98 memcpy_s 10461 7ff6013938c7 memcpy_s 10446->10461 10462 7ff6013933ee memcpy_s 10446->10462 10447 7ff6013938aa 10532 7ff601392960 10447->10532 10449 7ff6013937d2 10449->10447 10523 7ff601393fd0 10449->10523 10450 7ff601392f57 memcpy_s 10450->10445 10450->10446 10453 7ff60138c1c0 memcpy_s 14 API calls 10450->10453 10451 7ff601393d9d 10451->10441 10463 7ff601392960 31 API calls 10451->10463 10465 7ff601393fd0 memcpy_s 31 API calls 10451->10465 10454 7ff6013933cb 10453->10454 10456 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10454->10456 10456->10446 10457 7ff601393fd0 memcpy_s 31 API calls 10457->10451 10458 7ff60138c1c0 14 API calls memcpy_s 10458->10462 10459 7ff60138c1c0 14 API calls memcpy_s 10459->10461 10460 7ff60138c0a0 31 API calls _invalid_parameter_noinfo 10460->10461 10461->10447 10461->10449 10461->10459 10461->10460 10462->10449 10462->10458 10464 7ff60138c0a0 31 API calls _invalid_parameter_noinfo 10462->10464 10463->10451 10464->10462 10465->10451 10467 7ff601392823 10466->10467 10468 7ff60139283b 10466->10468 10469 7ff60138c1c0 memcpy_s 14 API calls 10467->10469 10474 7ff601392834 memcpy_s 10467->10474 10468->10467 10470 7ff601392855 10468->10470 10471 7ff601392828 10469->10471 10472 7ff60138c1c0 memcpy_s 14 API calls 10470->10472 10473 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10471->10473 10472->10471 10473->10474 10474->10402 10476 7ff601387680 34 API calls 10475->10476 10477 7ff60138ee88 memcpy_s 10476->10477 10477->10394 10479 7ff601392d8c 32 API calls 10478->10479 10480 7ff60138ebde 10479->10480 10481 7ff601392800 31 API calls 10480->10481 10482 7ff60138ec29 10481->10482 10483 7ff60138ec2d 10482->10483 10484 7ff60138ec84 34 API calls 10482->10484 10483->10394 10484->10483 10486 7ff601387680 34 API calls 10485->10486 10487 7ff60138e862 10486->10487 10488 7ff60138e882 10487->10488 10489 7ff60138e86d 10487->10489 10492 7ff60138eb94 35 API calls 10488->10492 10494 7ff60138e87d memcpy_s 10488->10494 10490 7ff60138c1c0 memcpy_s 14 API calls 10489->10490 10491 7ff60138e872 10490->10491 10493 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10491->10493 10492->10494 10493->10494 10494->10394 10496 7ff60138ece9 10495->10496 10497 7ff60138ecbb 10495->10497 10498 7ff601387680 34 API calls 10496->10498 10499 7ff60138c1c0 memcpy_s 14 API calls 10497->10499 10503 7ff60138ecfb memcpy_s 10498->10503 10500 7ff60138ecc0 10499->10500 10501 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10500->10501 10502 7ff60138eccc 10501->10502 10502->10422 10503->10503 10504 7ff60138b338 __std_exception_copy 31 API calls 10503->10504 10507 7ff60138ed94 memcpy_s 10504->10507 10505 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 10506 7ff60138ee55 10505->10506 10507->10505 10509 7ff60139527d 10508->10509 10513 7ff60139529e 10508->10513 10510 7ff60138c1c0 memcpy_s 14 API calls 10509->10510 10511 7ff601395292 10510->10511 10512 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10511->10512 10512->10513 10513->10430 10515 7ff601395750 10514->10515 10516 7ff601395467 10514->10516 10517 7ff601395700 10516->10517 10518 7ff6013956e2 10516->10518 10520 7ff6013954cf 10516->10520 10519 7ff6013956f6 10517->10519 10522 7ff601396470 _log10_special 23 API calls 10517->10522 10542 7ff601396470 10518->10542 10519->10450 10520->10450 10522->10519 10526 7ff601393ff1 memcpy_s 10523->10526 10529 7ff601393fed memcpy_s 10523->10529 10524 7ff601393ff6 10525 7ff60138c1c0 memcpy_s 14 API calls 10524->10525 10531 7ff601393ffb 10525->10531 10526->10524 10528 7ff601394031 10526->10528 10526->10529 10527 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10527->10529 10528->10529 10530 7ff60138c1c0 memcpy_s 14 API calls 10528->10530 10529->10447 10530->10531 10531->10527 10533 7ff601392988 10532->10533 10541 7ff6013929cb 10532->10541 10534 7ff6013929d2 10533->10534 10535 7ff6013929ac 10533->10535 10533->10541 10537 7ff6013929d7 10534->10537 10538 7ff601392a0d 10534->10538 10536 7ff601393fd0 memcpy_s 31 API calls 10535->10536 10536->10541 10539 7ff601393fd0 memcpy_s 31 API calls 10537->10539 10540 7ff601393fd0 memcpy_s 31 API calls 10538->10540 10539->10541 10540->10541 10541->10451 10541->10457 10545 7ff601396490 10542->10545 10546 7ff6013964aa 10545->10546 10547 7ff60139648b 10546->10547 10549 7ff6013962bc 10546->10549 10547->10519 10550 7ff6013962fc _handle_error 10549->10550 10552 7ff601396368 _handle_error 10550->10552 10560 7ff601396590 10550->10560 10553 7ff6013963a5 10552->10553 10554 7ff601396375 10552->10554 10567 7ff6013968c8 10553->10567 10563 7ff601396198 10554->10563 10557 7ff6013963a3 _handle_error 10558 7ff601382d90 _handle_error 8 API calls 10557->10558 10559 7ff6013963cd 10558->10559 10559->10547 10561 7ff6013965b8 _raise_exc RaiseException 10560->10561 10562 7ff6013965b2 10561->10562 10562->10552 10565 7ff6013961dc _handle_error 10563->10565 10564 7ff6013961f1 10564->10557 10565->10564 10566 7ff6013968c8 _set_errno_from_matherr 14 API calls 10565->10566 10566->10564 10568 7ff6013968e6 10567->10568 10570 7ff6013968d1 10567->10570 10571 7ff60138c1c0 memcpy_s 14 API calls 10568->10571 10569 7ff6013968de 10569->10557 10570->10569 10572 7ff60138c1c0 memcpy_s 14 API calls 10570->10572 10571->10569 10572->10569 10574 7ff60138db27 10573->10574 10577 7ff60138b6a4 10574->10577 10578 7ff60138b6e1 10577->10578 10579 7ff60138b6cc 10577->10579 10578->10579 10581 7ff60138b6ef 10578->10581 10580 7ff60138c1c0 memcpy_s 14 API calls 10579->10580 10583 7ff60138b6d1 10580->10583 10582 7ff601387680 34 API calls 10581->10582 10585 7ff60138b6fc 10582->10585 10584 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10583->10584 10595 7ff601387a6f 10584->10595 10586 7ff60138b96e 10585->10586 10588 7ff60138c1c0 memcpy_s 14 API calls 10585->10588 10587 7ff60138c1c0 memcpy_s 14 API calls 10586->10587 10591 7ff60138bc3e 10586->10591 10589 7ff60138bc33 10587->10589 10590 7ff60138b9b6 10588->10590 10593 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10589->10593 10594 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10590->10594 10592 7ff60138c1c0 memcpy_s 14 API calls 10591->10592 10591->10595 10592->10595 10593->10591 10594->10586 10595->10298 10595->10299 10596 7ff6013831b2 10597 7ff601383874 __scrt_is_managed_app GetModuleHandleW 10596->10597 10598 7ff6013831b9 __FrameHandler3::FrameUnwindToEmptyState 10597->10598 11648 7ff601384d2e 11649 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 11648->11649 11650 7ff601384d33 11649->11650 11651 7ff60139702d 11654 7ff601385aa8 11651->11654 11655 7ff601385b13 11654->11655 11656 7ff601385aca 11654->11656 11656->11655 11657 7ff601384820 _CallSETranslator 43 API calls 11656->11657 11657->11655 11658 7ff6013858bc 11659 7ff601384820 _CallSETranslator 43 API calls 11658->11659 11660 7ff6013858f1 11659->11660 11661 7ff601384820 _CallSETranslator 43 API calls 11660->11661 11662 7ff6013858ff __except_validate_context_record 11661->11662 11663 7ff601384820 _CallSETranslator 43 API calls 11662->11663 11664 7ff601385943 11663->11664 11665 7ff601384820 _CallSETranslator 43 API calls 11664->11665 11666 7ff60138594c 11665->11666 11667 7ff601384820 _CallSETranslator 43 API calls 11666->11667 11668 7ff601385955 11667->11668 11681 7ff601383fa8 11668->11681 11671 7ff601384820 _CallSETranslator 43 API calls 11672 7ff601385985 __CxxCallCatchBlock 11671->11672 11673 7ff601383fe4 __CxxCallCatchBlock 43 API calls 11672->11673 11678 7ff601385a36 11673->11678 11674 7ff601385a5f __CxxCallCatchBlock 11675 7ff601384820 _CallSETranslator 43 API calls 11674->11675 11676 7ff601385a72 11675->11676 11677 7ff601384820 _CallSETranslator 43 API calls 11676->11677 11679 7ff601385a7b 11677->11679 11678->11674 11680 7ff60138418c __CxxCallCatchBlock 43 API calls 11678->11680 11680->11674 11682 7ff601384820 _CallSETranslator 43 API calls 11681->11682 11683 7ff601383fb9 11682->11683 11684 7ff601383fc4 11683->11684 11685 7ff601384820 _CallSETranslator 43 API calls 11683->11685 11686 7ff601384820 _CallSETranslator 43 API calls 11684->11686 11685->11684 11687 7ff601383fd5 11686->11687 11687->11671 11687->11672 11688 7ff60138fac0 11689 7ff60138faff 11688->11689 11710 7ff60138fb15 11688->11710 11690 7ff60138c1c0 memcpy_s 14 API calls 11689->11690 11691 7ff60138fb04 11690->11691 11693 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 11691->11693 11692 7ff60138fd0c 11695 7ff60138a580 14 API calls 11692->11695 11694 7ff60138fb0e 11693->11694 11697 7ff601382d90 _handle_error 8 API calls 11694->11697 11700 7ff60138fd7b 11695->11700 11696 7ff60138fd83 11699 7ff60138c258 __free_lconv_mon 14 API calls 11696->11699 11698 7ff60138fe5a 11697->11698 11701 7ff60138fe0d 11699->11701 11700->11696 11709 7ff60138fe75 11700->11709 11725 7ff60138f9c8 11700->11725 11704 7ff60138fe40 11701->11704 11705 7ff60138c258 __free_lconv_mon 14 API calls 11701->11705 11702 7ff60138fe8c 34 API calls 11702->11710 11703 7ff60138fc00 FindFirstFileExW 11703->11710 11706 7ff60138c258 __free_lconv_mon 14 API calls 11704->11706 11705->11701 11706->11694 11708 7ff60138fc81 FindNextFileW 11708->11710 11711 7ff60138c0c0 _invalid_parameter_noinfo 17 API calls 11709->11711 11710->11692 11710->11701 11710->11702 11710->11703 11710->11708 11712 7ff60138fce3 FindClose 11710->11712 11713 7ff60138fcb1 FindClose 11710->11713 11717 7ff6013943b0 11710->11717 11714 7ff60138fe89 11711->11714 11712->11710 11713->11710 11718 7ff6013943dd 11717->11718 11719 7ff60138c1c0 memcpy_s 14 API calls 11718->11719 11724 7ff6013943f2 11718->11724 11720 7ff6013943e7 11719->11720 11721 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 11720->11721 11721->11724 11722 7ff601382d90 _handle_error 8 API calls 11723 7ff60138fcd5 FindClose 11722->11723 11723->11710 11724->11722 11728 7ff60138f9e0 11725->11728 11726 7ff60138f9e5 11727 7ff60138c1c0 memcpy_s 14 API calls 11726->11727 11730 7ff60138f9fb 11726->11730 11733 7ff60138f9ef 11727->11733 11728->11726 11728->11730 11731 7ff60138fa2c 11728->11731 11729 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 11729->11730 11730->11700 11731->11730 11732 7ff60138c1c0 memcpy_s 14 API calls 11731->11732 11732->11733 11733->11729 11734 7ff60138abc0 GetCommandLineA GetCommandLineW 10599 7ff601397241 10600 7ff601397250 10599->10600 10601 7ff60139725a 10599->10601 10603 7ff60138ccd8 LeaveCriticalSection 10600->10603 11735 7ff6013859b6 11736 7ff601384820 _CallSETranslator 43 API calls 11735->11736 11738 7ff6013859c3 __CxxCallCatchBlock 11736->11738 11737 7ff601385a07 RaiseException 11739 7ff601385a2e 11737->11739 11738->11737 11740 7ff601383fe4 __CxxCallCatchBlock 43 API calls 11739->11740 11744 7ff601385a36 11740->11744 11741 7ff601384820 _CallSETranslator 43 API calls 11742 7ff601385a72 11741->11742 11743 7ff601384820 _CallSETranslator 43 API calls 11742->11743 11745 7ff601385a7b 11743->11745 11746 7ff60138418c __CxxCallCatchBlock 43 API calls 11744->11746 11747 7ff601385a5f __CxxCallCatchBlock 11744->11747 11746->11747 11747->11741 11748 7ff601381fc4 11749 7ff601382600 69 API calls 11748->11749 11750 7ff601381fc9 11749->11750 11751 7ff601381010 69 API calls 11750->11751 11752 7ff601381fe0 11751->11752 11753 7ff601382600 69 API calls 11752->11753 11754 7ff601381fe5 11753->11754 11755 7ff601381ff0 GetLastError 11754->11755 11756 7ff601381010 69 API calls 11755->11756 11757 7ff601382004 11756->11757 11758 7ff601382600 69 API calls 11757->11758 11759 7ff601382014 11758->11759 10657 7ff60138cc3c 10658 7ff60138cc44 10657->10658 10659 7ff60138c6c8 6 API calls 10658->10659 10660 7ff60138cc75 10658->10660 10662 7ff60138cc71 10658->10662 10659->10658 10663 7ff60138cca0 10660->10663 10664 7ff60138cccb 10663->10664 10665 7ff60138ccae DeleteCriticalSection 10664->10665 10666 7ff60138cccf 10664->10666 10665->10664 10666->10662 10667 7ff601385c4c 10672 7ff601385b7f __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 10667->10672 10668 7ff601385c73 10669 7ff601384820 _CallSETranslator 43 API calls 10668->10669 10671 7ff601385c78 10669->10671 10670 7ff601385cae 10673 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 10670->10673 10674 7ff601384820 _CallSETranslator 43 API calls 10671->10674 10676 7ff601385c83 10671->10676 10672->10668 10672->10670 10679 7ff601384038 43 API calls Is_bad_exception_allowed 10672->10679 10681 7ff601384060 10672->10681 10673->10676 10674->10676 10675 7ff601385c90 __FrameHandler3::GetHandlerSearchState 10676->10675 10677 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 10676->10677 10678 7ff601385cb9 10677->10678 10679->10672 10682 7ff601384820 _CallSETranslator 43 API calls 10681->10682 10683 7ff60138406e 10682->10683 10683->10672 9099 7ff601389dd0 9100 7ff601389e37 9099->9100 9101 7ff601389ded GetModuleHandleW 9099->9101 9109 7ff601389cc8 9100->9109 9101->9100 9107 7ff601389dfa 9101->9107 9104 7ff601389e79 9106 7ff601389e8b 9107->9100 9123 7ff601389ed8 GetModuleHandleExW 9107->9123 9129 7ff60138cc84 EnterCriticalSection 9109->9129 9111 7ff601389ce4 9112 7ff601389d00 14 API calls 9111->9112 9113 7ff601389ced 9112->9113 9114 7ff60138ccd8 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 9113->9114 9115 7ff601389cf5 9114->9115 9115->9104 9116 7ff601389e8c 9115->9116 9130 7ff60138f8a0 9116->9130 9119 7ff601389ec6 9121 7ff601389ed8 3 API calls 9119->9121 9120 7ff601389eb5 GetCurrentProcess TerminateProcess 9120->9119 9122 7ff601389ecd ExitProcess 9121->9122 9124 7ff601389efe GetProcAddress 9123->9124 9125 7ff601389f1d 9123->9125 9124->9125 9128 7ff601389f15 9124->9128 9126 7ff601389f27 FreeLibrary 9125->9126 9127 7ff601389f2d 9125->9127 9126->9127 9127->9100 9128->9125 9131 7ff60138f8be 9130->9131 9132 7ff601389e99 9130->9132 9134 7ff60138c470 9131->9134 9132->9119 9132->9120 9137 7ff60138c298 9134->9137 9138 7ff60138c2f9 9137->9138 9145 7ff60138c2f4 try_get_function 9137->9145 9138->9132 9139 7ff60138c3dc 9139->9138 9142 7ff60138c3ea GetProcAddress 9139->9142 9140 7ff60138c328 LoadLibraryW 9141 7ff60138c349 GetLastError 9140->9141 9140->9145 9141->9145 9143 7ff60138c3fb 9142->9143 9143->9138 9144 7ff60138c3c1 FreeLibrary 9144->9145 9145->9138 9145->9139 9145->9140 9145->9144 9146 7ff60138c383 LoadLibraryExW 9145->9146 9146->9145 11766 7ff601396ed0 11769 7ff60138a1cc 11766->11769 11770 7ff60138e680 _invalid_parameter_noinfo 14 API calls 11769->11770 11771 7ff60138a1ea 11770->11771 10737 7ff601397052 10746 7ff601383fe4 10737->10746 10739 7ff601384820 _CallSETranslator 43 API calls 10740 7ff6013970aa 10739->10740 10741 7ff601384820 _CallSETranslator 43 API calls 10740->10741 10743 7ff6013970ba 10741->10743 10745 7ff601397096 __CxxCallCatchBlock 10745->10739 10747 7ff601384820 _CallSETranslator 43 API calls 10746->10747 10748 7ff601383ff6 10747->10748 10749 7ff601384031 10748->10749 10751 7ff601384820 _CallSETranslator 43 API calls 10748->10751 10750 7ff60138b2e0 __FrameHandler3::FrameUnwindToEmptyState 34 API calls 10749->10750 10753 7ff601384036 10750->10753 10752 7ff601384001 10751->10752 10752->10749 10754 7ff60138401d 10752->10754 10755 7ff601384820 _CallSETranslator 43 API calls 10754->10755 10756 7ff601384022 10755->10756 10756->10745 10757 7ff60138418c 10756->10757 10758 7ff601384820 _CallSETranslator 43 API calls 10757->10758 10759 7ff60138419a 10758->10759 10759->10745 11772 7ff6013845d4 11779 7ff601385f6c 11772->11779 11775 7ff6013845e1 11791 7ff601386250 11779->11791 11782 7ff6013845dd 11782->11775 11784 7ff6013848fc 11782->11784 11783 7ff601385fa0 __vcrt_uninitialize_locks DeleteCriticalSection 11783->11782 11796 7ff601386124 11784->11796 11792 7ff601385fd8 __vcrt_FlsAlloc 5 API calls 11791->11792 11793 7ff601386286 11792->11793 11794 7ff60138629b InitializeCriticalSectionAndSpinCount 11793->11794 11795 7ff601385f84 11793->11795 11794->11795 11795->11782 11795->11783 11797 7ff601385fd8 __vcrt_FlsAlloc 5 API calls 11796->11797 11798 7ff601386149 TlsAlloc 11797->11798 10760 7ff601389948 10761 7ff60138998e 10760->10761 10762 7ff60138999f 10761->10762 10763 7ff6013899b8 10761->10763 10781 7ff601389993 10761->10781 10764 7ff60138c1c0 memcpy_s 14 API calls 10762->10764 10765 7ff601387680 34 API calls 10763->10765 10767 7ff6013899a4 10764->10767 10768 7ff6013899c4 10765->10768 10766 7ff601382d90 _handle_error 8 API calls 10769 7ff601389c91 10766->10769 10770 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 10767->10770 10771 7ff6013899f5 10768->10771 10772 7ff6013899d6 10768->10772 10770->10781 10773 7ff6013899fe 10771->10773 10774 7ff601389be0 10771->10774 10793 7ff60138f784 10772->10793 10778 7ff601389ad2 10773->10778 10783 7ff601389a07 10773->10783 10789 7ff601389a5d 10773->10789 10776 7ff601389c24 10774->10776 10785 7ff601389be9 10774->10785 10777 7ff60138f6d4 WideCharToMultiByte 10776->10777 10779 7ff601389c51 10777->10779 10780 7ff60138f6d4 WideCharToMultiByte 10778->10780 10779->10781 10788 7ff60138c1c0 memcpy_s 14 API calls 10779->10788 10784 7ff601389afa 10780->10784 10781->10766 10783->10781 10787 7ff60138c1c0 memcpy_s 14 API calls 10783->10787 10784->10779 10784->10781 10790 7ff601389b14 GetLastError 10784->10790 10785->10781 10786 7ff60138c1c0 memcpy_s 14 API calls 10785->10786 10786->10781 10787->10781 10788->10781 10801 7ff60138f6d4 10789->10801 10790->10779 10792 7ff601389b23 10790->10792 10791 7ff60138f6d4 WideCharToMultiByte 10791->10792 10792->10779 10792->10781 10792->10791 10796 7ff60138f847 10793->10796 10799 7ff60138f7c4 memcpy_s 10793->10799 10794 7ff601394284 14 API calls 10794->10796 10796->10794 10797 7ff60138f82d 10796->10797 10798 7ff601382d90 _handle_error 8 API calls 10797->10798 10800 7ff60138f887 10798->10800 10799->10797 10804 7ff601394284 10799->10804 10800->10781 10802 7ff60138f6f7 WideCharToMultiByte 10801->10802 10805 7ff6013942ae 10804->10805 10806 7ff60138c1c0 memcpy_s 14 API calls 10805->10806 10807 7ff6013942bc 10805->10807 10806->10807 10807->10799 11800 7ff6013970ca 11803 7ff6013841e0 11800->11803 11804 7ff60138420a 11803->11804 11805 7ff6013841f8 11803->11805 11807 7ff601384820 _CallSETranslator 43 API calls 11804->11807 11805->11804 11806 7ff601384200 11805->11806 11808 7ff601384820 _CallSETranslator 43 API calls 11806->11808 11813 7ff601384208 11806->11813 11809 7ff60138420f 11807->11809 11810 7ff60138422f 11808->11810 11811 7ff601384820 _CallSETranslator 43 API calls 11809->11811 11809->11813 11812 7ff601384820 _CallSETranslator 43 API calls 11810->11812 11811->11813 11814 7ff60138423c 11812->11814 11815 7ff60138b2c0 __GSHandlerCheck_EH 34 API calls 11814->11815 11816 7ff601384245 11815->11816 10808 7ff601381550 CLSIDFromString 10809 7ff60138e74c 10816 7ff60138c59c 10809->10816 10817 7ff60138c298 try_get_function 5 API calls 10816->10817 10818 7ff60138c5c4 TlsAlloc 10817->10818 11817 7ff6013970e0 11818 7ff601384820 _CallSETranslator 43 API calls 11817->11818 11819 7ff6013970ee 11818->11819 11820 7ff6013970f9 11819->11820 11821 7ff601384820 _CallSETranslator 43 API calls 11819->11821 11821->11820 11822 7ff6013838d8 11823 7ff60138390c 11822->11823 11824 7ff6013838f0 11822->11824 11824->11823 11831 7ff601384248 11824->11831 11829 7ff60138b2c0 __GSHandlerCheck_EH 34 API calls 11830 7ff601383932 11829->11830 11832 7ff601384820 _CallSETranslator 43 API calls 11831->11832 11833 7ff60138391e 11832->11833 11834 7ff60138425c 11833->11834 11835 7ff601384820 _CallSETranslator 43 API calls 11834->11835 11836 7ff60138392a 11835->11836 11836->11829 11837 7ff60138b1d8 11838 7ff60138b1f1 11837->11838 11840 7ff60138b209 11837->11840 11839 7ff60138c258 __free_lconv_mon 14 API calls 11838->11839 11838->11840 11839->11840 11841 7ff6013818e0 11842 7ff601381909 CoTaskMemAlloc 11841->11842 11843 7ff6013898e0 31 API calls 11842->11843 11844 7ff60138194b 11843->11844 11845 7ff601382d90 _handle_error 8 API calls 11844->11845 11846 7ff60138195d 11845->11846 10979 7ff601383068 10986 7ff6013838c8 SetUnhandledExceptionFilter 10979->10986 10987 7ff60138ac74 10990 7ff60138abf8 10987->10990 10997 7ff60138cc84 EnterCriticalSection 10990->10997 11051 7ff601383270 11054 7ff60138447c 11051->11054 11053 7ff601383299 11055 7ff60138449d 11054->11055 11056 7ff6013844d2 __std_exception_copy 11054->11056 11055->11056 11057 7ff60138b338 __std_exception_copy 31 API calls 11055->11057 11056->11053 11057->11056 11058 7ff601384270 11061 7ff6013842a0 _IsNonwritableInCurrentImage __C_specific_handler __except_validate_context_record 11058->11061 11059 7ff601384391 11060 7ff60138435c RtlUnwindEx 11060->11061 11061->11059 11061->11060 11062 7ff601381570 11063 7ff6013815d0 __std_exception_copy memcpy_s 11062->11063 11064 7ff601382d90 _handle_error 8 API calls 11063->11064 11065 7ff601381739 11064->11065 11066 7ff60139236c 11067 7ff601392395 11066->11067 11068 7ff6013923ad 11066->11068 11090 7ff60138c1a0 11067->11090 11069 7ff601392427 11068->11069 11074 7ff6013923de 11068->11074 11072 7ff60138c1a0 14 API calls 11069->11072 11075 7ff60139242c 11072->11075 11073 7ff60138c1c0 memcpy_s 14 API calls 11076 7ff6013923a2 11073->11076 11093 7ff601391138 EnterCriticalSection 11074->11093 11078 7ff60138c1c0 memcpy_s 14 API calls 11075->11078 11080 7ff601392434 11078->11080 11083 7ff60138c0a0 _invalid_parameter_noinfo 31 API calls 11080->11083 11083->11076 11091 7ff60138e680 _invalid_parameter_noinfo 14 API calls 11090->11091 11092 7ff60138c1a9 11091->11092 11092->11073

    Executed Functions

    Function 00007FF601381B20 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 264comCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff601381b20-7ff601381bdb 1 7ff601381c97-7ff601381caa call 7ff601381010 * 2 0->1 2 7ff601381be1-7ff601381bf8 0->2 8 7ff601381caf-7ff601381cb2 1->8 6 7ff601381c93-7ff601381c95 2->6 7 7ff601381bfe-7ff601381c09 2->7 6->1 6->8 10 7ff601381fd1-7ff601381fef call 7ff601381010 call 7ff601382600 call 7ff601389fa4 7->10 11 7ff601381c0f-7ff601381c19 7->11 13 7ff601381cb4-7ff601381cb9 call 7ff601381130 8->13 14 7ff601381cbe-7ff601381cc1 8->14 29 7ff601381ff0-7ff60138200e GetLastError call 7ff601381010 call 7ff601389fa4 10->29 11->6 27 7ff601381f95-7ff601381fc3 call 7ff601382d90 13->27 17 7ff601381cc7-7ff601381d31 call 7ff601381010 CoInitialize CoCreateInstance 14->17 18 7ff601381ddf-7ff601381de1 14->18 62 7ff601381d33-7ff601381d3f call 7ff601381010 17->62 63 7ff601381d41-7ff601381d4d 17->63 20 7ff601381e07-7ff601381e9b CreateEventW * 2 InitSecurityInterfaceW LogonUserW 18->20 21 7ff601381de3-7ff601381de6 18->21 28 7ff601381ea1-7ff601381ec5 ImpersonateLoggedOnUser call 7ff601382670 RevertToSelf 20->28 20->29 25 7ff601381dec-7ff601381def 21->25 26 7ff60138200f-7ff601382019 call 7ff601382600 call 7ff601389fa4 21->26 25->26 34 7ff601381df5-7ff601381e02 call 7ff601381010 25->34 48 7ff60138201e-7ff60138202b 26->48 46 7ff601381ec7-7ff601381ed7 WaitForSingleObject 28->46 47 7ff601381f44-7ff601381f5b WaitForSingleObject * 2 28->47 29->26 34->20 50 7ff601381ed9-7ff601381ee5 call 7ff601381010 46->50 51 7ff601381ee7-7ff601381f00 WaitForSingleObject 46->51 52 7ff601381f61-7ff601381f8f CloseHandle * 4 47->52 50->52 55 7ff601381f36 51->55 56 7ff601381f02-7ff601381f07 51->56 52->27 61 7ff601381f3d-7ff601381f42 call 7ff601381010 55->61 59 7ff601381f09-7ff601381f15 call 7ff601381010 56->59 60 7ff601381f17-7ff601381f34 call 7ff6013821c0 56->60 59->52 60->55 60->61 61->52 73 7ff601381da9-7ff601381dda CoUninitialize 62->73 68 7ff601381d50-7ff601381d8f 63->68 75 7ff601381d91-7ff601381d9a call 7ff601381010 68->75 76 7ff601381d9f-7ff601381da7 68->76 73->27 75->76 76->68 76->73
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: CreateErrorInitializeInstanceLastUninitialize
    • String ID: by decoder_it & splinter_code$ JuicyPotatoNG$JuicyPotatoNG$System$Wrong Argument: %S$[!] LogonUser failed with error code %d $[*] Finding suitable port not filtered by Windows Defender Firewall to be used in our local COM Server port.$[*] Testing CLSID %S - COM server port %S $[*] Windows Defender Firewall not enabled. Every COM port will work.$[+] Exploit successful! $[+] Found non filtered port: %d $[-] Cannot capture a valid SYSTEM token, exiting... $[-] Exploit failed! $[-] The privileged process failed to communicate with our COM Server :( Try a different COM port in the -l flag.
    • API String ID: 2713231385-3068781511
    • Opcode ID: 8623f890c42f5774dbe4108a2965b0c365eb254fb4121cadfa99a65d1e27bae9
    • Instruction ID: cfad11eec378aed627b9baacd2236e1ed664c58895e287b774e62c92d5758f74
    • Opcode Fuzzy Hash: 8623f890c42f5774dbe4108a2965b0c365eb254fb4121cadfa99a65d1e27bae9
    • Instruction Fuzzy Hash: 9CD15F76A08B428AEB58DF25E8552B933A1FF85B84F700132DA4DC36A5DF7CE54AC300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138D77C Relevance: 7.7, APIs: 5, Instructions: 202COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 82 7ff60138d77c-7ff60138d7a1 83 7ff60138da45 82->83 84 7ff60138d7a7-7ff60138d7aa 82->84 85 7ff60138da47-7ff60138da5e 83->85 86 7ff60138d7cb-7ff60138d7f2 84->86 87 7ff60138d7ac-7ff60138d7c6 call 7ff60138c1a0 call 7ff60138c1c0 call 7ff60138c0a0 84->87 89 7ff60138d7f4-7ff60138d7fb 86->89 90 7ff60138d7fd-7ff60138d803 86->90 87->85 89->87 89->90 92 7ff60138d813-7ff60138d821 call 7ff60139230c 90->92 93 7ff60138d805-7ff60138d80e call 7ff601392500 90->93 100 7ff60138d932-7ff60138d942 92->100 101 7ff60138d827-7ff60138d837 92->101 93->92 103 7ff60138d991-7ff60138d9b6 WriteFile 100->103 104 7ff60138d944-7ff60138d949 100->104 101->100 105 7ff60138d83d-7ff60138d850 call 7ff60138e504 101->105 107 7ff60138d9c1 103->107 108 7ff60138d9b8-7ff60138d9be GetLastError 103->108 109 7ff60138d94b-7ff60138d94e 104->109 110 7ff60138d97d-7ff60138d98a call 7ff60138d300 104->110 116 7ff60138d852-7ff60138d862 105->116 117 7ff60138d868-7ff60138d884 GetConsoleMode 105->117 113 7ff60138d9c4 107->113 108->107 114 7ff60138d950-7ff60138d953 109->114 115 7ff60138d969-7ff60138d97b call 7ff60138d520 109->115 118 7ff60138d98f 110->118 119 7ff60138d9c9 113->119 120 7ff60138d9ce-7ff60138d9d8 114->120 121 7ff60138d955-7ff60138d967 call 7ff60138d404 114->121 123 7ff60138d926-7ff60138d92d 115->123 116->100 116->117 117->100 124 7ff60138d88a-7ff60138d88d 117->124 118->123 119->120 125 7ff60138da3e-7ff60138da43 120->125 126 7ff60138d9da-7ff60138d9df 120->126 121->123 123->119 129 7ff60138d893-7ff60138d89a 124->129 130 7ff60138d914-7ff60138d921 call 7ff60138ce14 124->130 125->85 131 7ff60138da0e-7ff60138da1f 126->131 132 7ff60138d9e1-7ff60138d9e4 126->132 129->120 135 7ff60138d8a0-7ff60138d8ae 129->135 130->123 136 7ff60138da21-7ff60138da24 131->136 137 7ff60138da26-7ff60138da36 call 7ff60138c1c0 call 7ff60138c1a0 131->137 138 7ff60138da01-7ff60138da09 call 7ff60138c150 132->138 139 7ff60138d9e6-7ff60138d9f6 call 7ff60138c1c0 call 7ff60138c1a0 132->139 135->113 141 7ff60138d8b4 135->141 136->83 136->137 137->125 138->131 139->138 145 7ff60138d8b7-7ff60138d8ce call 7ff6013926bc 141->145 154 7ff60138d8d0-7ff60138d8da 145->154 155 7ff60138d906-7ff60138d90f GetLastError 145->155 156 7ff60138d8f7-7ff60138d8fe 154->156 157 7ff60138d8dc-7ff60138d8ee call 7ff6013926bc 154->157 155->113 156->113 158 7ff60138d904 156->158 157->155 161 7ff60138d8f0-7ff60138d8f5 157->161 158->145 161->156
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF60138D7BE
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF60138D73B,?,?,?,00007FF60139413A), ref: 00007FF60138D87C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF60138D73B,?,?,?,00007FF60139413A), ref: 00007FF60138D906
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2210144848-0
    • Opcode ID: 06bd3b9f3b53cefc93cbda7b6efa79f7bef2a22d73242619d6c2412d4d2ed7a8
    • Instruction ID: 98e81ae6bb0e3bb6df65dae2de0c401a22369ed6d8aa37c937c2663223c5bae7
    • Opcode Fuzzy Hash: 06bd3b9f3b53cefc93cbda7b6efa79f7bef2a22d73242619d6c2412d4d2ed7a8
    • Instruction Fuzzy Hash: 1881E122E187528AFB189FA598406BD67A1FB84B84F640135EE0ED3BD6DF7CE445C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601383084 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
    • String ID:
    • API String ID: 1321466686-0
    • Opcode ID: d93d4fe4c3147f8dd75fb8b499ad6044582861b0e5602ca9cc7bd7aba8b86e09
    • Instruction ID: 8746ec01d5029fa552c935ab8a25f3941c0643c62520a754593cca60f80b2b5c
    • Opcode Fuzzy Hash: d93d4fe4c3147f8dd75fb8b499ad6044582861b0e5602ca9cc7bd7aba8b86e09
    • Instruction Fuzzy Hash: 0C310721A0C34283FB1CBB6594523BA62A1BF85F84F644439EA4EC73D3DEADE4058351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601381FC4 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 28COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorLast
    • String ID: Wrong Argument: %S$[!] LogonUser failed with error code %d
    • API String ID: 1452528299-21614459
    • Opcode ID: 2aa21fa98bf69ebc61caf7d39c19fd3e2e0c52c9a463352acd9cb6b77a162fe5
    • Instruction ID: 8b4e65aa0e753c0f5f307b49a55953f87fd7d2d882f06386fb26dc8f54d756c7
    • Opcode Fuzzy Hash: 2aa21fa98bf69ebc61caf7d39c19fd3e2e0c52c9a463352acd9cb6b77a162fe5
    • Instruction Fuzzy Hash: F1F03462E0C6820BE74C3B70486A0BA27519F92B29F340A35F27EC22D3CD9E64099350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601389E8C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 323592aa12851e5ac18051ca5554eaaed32e18d467f3b4d26a4a4014d45106ce
    • Instruction ID: d1a01cd396d06c233241ea144afdbc8e6030f77e6cb2732b6b2abe8ab3c5fb90
    • Opcode Fuzzy Hash: 323592aa12851e5ac18051ca5554eaaed32e18d467f3b4d26a4a4014d45106ce
    • Instruction Fuzzy Hash: 44E0B620B1870A83EB5C6B3598A537A2652EFC9B45F305878D84EC23A2DE7DF8488301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138C470 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 268 7ff60138c470-7ff60138c493 call 7ff60138c298 270 7ff60138c498-7ff60138c49b 268->270 271 7ff60138c4b3-7ff60138c4bd 270->271 272 7ff60138c49d-7ff60138c4ac 270->272 272->271
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: try_get_function
    • String ID: AppPolicyGetProcessTerminationMethod
    • API String ID: 2742660187-2031265017
    • Opcode ID: 920e7f13ba4e9001cf1f39833cb0f67c0cde2827661895c9c35d481b79d854d3
    • Instruction ID: 892fed821913533a32c0dbb420ffd862dec000bcae07d0e3c64650abdc073532
    • Opcode Fuzzy Hash: 920e7f13ba4e9001cf1f39833cb0f67c0cde2827661895c9c35d481b79d854d3
    • Instruction Fuzzy Hash: A1E04691E09A0A92FF0E4792A8601F02255EF49770E685372D93C8B3E0DE6CA9948340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138D300 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 273 7ff60138d300-7ff60138d366 call 7ff601396bb0 276 7ff60138d3d7-7ff60138d401 call 7ff601382d90 273->276 277 7ff60138d368 273->277 279 7ff60138d36d-7ff60138d370 277->279 281 7ff60138d372-7ff60138d379 279->281 282 7ff60138d396-7ff60138d3bb WriteFile 279->282 283 7ff60138d384-7ff60138d394 281->283 284 7ff60138d37b-7ff60138d381 281->284 285 7ff60138d3cf-7ff60138d3d5 GetLastError 282->285 286 7ff60138d3bd-7ff60138d3c6 282->286 283->279 283->282 284->283 285->276 286->276 287 7ff60138d3c8-7ff60138d3cb 286->287 287->277 288 7ff60138d3cd 287->288 288->276
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: 4a0a031187a5340eb5846340a3a1e11f3483513388330991c6c6d31e4ed8205c
    • Instruction ID: 6e5c777a626bc36dfa3ab6d918da3387bfa156e15ec3c12ce238be0ca76ebb17
    • Opcode Fuzzy Hash: 4a0a031187a5340eb5846340a3a1e11f3483513388330991c6c6d31e4ed8205c
    • Instruction Fuzzy Hash: 2531E472A19B819BDB149F25E4802E977A0FB58780F644432EB4EC3B55EFBCD555CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138CAB4 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: 5bde3b8c39105ece3a600a50b8adc799804401ba0c9168840c2ac90ca72e6f2b
    • Instruction ID: 8dd6688ddf6fd32d3b86a172ba53bc4d23fa3f8e2639e157b8531df74b5f4436
    • Opcode Fuzzy Hash: 5bde3b8c39105ece3a600a50b8adc799804401ba0c9168840c2ac90ca72e6f2b
    • Instruction Fuzzy Hash: 7A318821A18F4682EB698B2595901B86650FB45BB0F782339DB6EC73E0DF78E461E350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138D690 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 302d10155a5b37d2c781d5e53b402121bff655f63c53ec9a03da3f6f8573ca67
    • Instruction ID: 3790bc6ffef67cc26ccfac3d0d021b91cabefb848fc1e8220ddfefc4aeb9dbad
    • Opcode Fuzzy Hash: 302d10155a5b37d2c781d5e53b402121bff655f63c53ec9a03da3f6f8573ca67
    • Instruction Fuzzy Hash: BA216D62E1838647F70A6F65A88137D2650AF84BB0FB55635F91DC73D2DEBCE8418710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601389DD0 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: 133c9d9f6119be43d44b1e3cba4acfd8d3e042a2e17dae3c1b50912ef4b6e89f
    • Instruction ID: c04c7c80e5630e0fef7bd6b7b4a596f515ac3db125891ea663359c938f5ce985
    • Opcode Fuzzy Hash: 133c9d9f6119be43d44b1e3cba4acfd8d3e042a2e17dae3c1b50912ef4b6e89f
    • Instruction Fuzzy Hash: 8A214C32A05B418EEB598F64C4843FC3BA0EB8870CF64553AD64D82AC5DF79E585CB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601391090 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 353f843d42cbf16aea8264e817aa79ed7a7f7c5f6c4975a9abdcb0a0aea5788a
    • Instruction ID: 81051625f159afbd949b108209514cddb8721393b1a97d4909070668eec5f073
    • Opcode Fuzzy Hash: 353f843d42cbf16aea8264e817aa79ed7a7f7c5f6c4975a9abdcb0a0aea5788a
    • Instruction Fuzzy Hash: 43119EB6A1874382F7189F15E46117AA3A4FB80750FB90535E65DE7B92DF7CE8118B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138984C Relevance: 1.5, APIs: 1, Instructions: 38COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 39d00d41c76ab373e85fd7b1f863c64934216b58732dd38827ee0c47210fdf71
    • Instruction ID: 6a590bd69c5959933a47996bb8bb814a8e35f3514499545f1af124b4b197ddca
    • Opcode Fuzzy Hash: 39d00d41c76ab373e85fd7b1f863c64934216b58732dd38827ee0c47210fdf71
    • Instruction Fuzzy Hash: C011C272A10F569DEB14CFA0E8811EC37B8FB1835CB601626EA4D92B59EF74C1A5C390
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138C1E0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF60138E6DD,?,?,?,00007FF60138C1C9,?,?,?,?,00007FF601389877), ref: 00007FF60138C235
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 71e694d1dc55d9fed12203a0ccba9e2d87d9437edea17dc52dc7f6b62d93b18c
    • Instruction ID: 9745521d03489c58deff312c3b22077335fa60dad5682b71f9d88e6b396ac625
    • Opcode Fuzzy Hash: 71e694d1dc55d9fed12203a0ccba9e2d87d9437edea17dc52dc7f6b62d93b18c
    • Instruction Fuzzy Hash: F3F03A65B1930783FF5C9BEA99512F552916F89B80F7C6431CD0EC63D2EEACE5808234
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF601382670 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 402memorylibraryencryptionCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: CreateTask$AllocBytesFreeFromInitializeLockServerString$AddressAuthBinaryBindCryptCurrentDocfileErrorGlobalInfoInstanceLastLibraryLoadMonikerObjectObjrefProcProcessProtseqRegisterSecuritySingleStorageUninitializeWait
    • String ID: ?$?$@$Anonymous$Delegation$Identification$Impersonation$NtQueryInformationProcess$SYSTEM$[!] CLSID %S not found. Error Bad path to object. Exiting...$[!] CreateObjrefMoniker failed with HRESULT %d$[!] CryptStringToBinaryW failed with error code %d$[!] RpcServerUseProtseqEp failed with rpc status code %d$[+] authresult success %S;%S\%S;%S$[-] authresult failed %S;%S\%S;%S$ncacn_ip_tcp$ntdll.dll
    • API String ID: 1070488198-2328110959
    • Opcode ID: cc7fb8e97b43def2173aa63e5b6f755fcd6a8ede11205693eb8deddf1c75a17f
    • Instruction ID: 0961c2f9db9803606884c5baa5e6f08ce99eb2f89796d39b3f5d438bd0bc0270
    • Opcode Fuzzy Hash: cc7fb8e97b43def2173aa63e5b6f755fcd6a8ede11205693eb8deddf1c75a17f
    • Instruction Fuzzy Hash: 4F127336A08B4686EB18CF65E8546AE77B0FB89B94F604135EE4D83B68DF7CD149C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601381130 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 219memoryregistryprocessCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Handle$HeapProcess$CloseConsole$AllocCreateFileFreeTerminate$EnumModuleNameObjectOpenSingleThreadValueWaitWindow
    • String ID: APPID$CLSID$CONOUT$$[*] Bruteforcing %d CLSIDs...
    • API String ID: 1374119132-3864066700
    • Opcode ID: 2566dd8f1384f2182b110ec117b80e7d2390633f8172438f9a36fc2d90d3a13d
    • Instruction ID: 3bada247ae88a45e623a22a5caba6acc4dcb910c7ed2fd6d374e5da604f2080f
    • Opcode Fuzzy Hash: 2566dd8f1384f2182b110ec117b80e7d2390633f8172438f9a36fc2d90d3a13d
    • Instruction Fuzzy Hash: AEB1B472A18B8686E714CF35E8542AA33A0FB89798F604335EA5D83BA8DF7CD145C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013821C0 Relevance: 47.5, APIs: 18, Strings: 9, Instructions: 266memoryprocesssynchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Process$ErrorLast$Token$CloseHandleHeap$CreateCurrentPrivilegeUser$AdjustAllocCheckFreeImpersonateInformationLoggedLookupObjectOpenPrivilegesRevertSelfSessionSingleValueWaitWith
    • String ID: SeAssignPrimaryTokenPrivilege$SeImpersonatePrivilege$SeTcbPrivilege$[!] Current process doesn't have SeImpersonate or SeAssignPrimaryToken privileges, exiting... $[*] Process output:$[+] CreateProcessAsUser OK$[+] CreateProcessWithTokenW OK$[-] CreateProcessAsUser Failed to create proc: %d$[-] CreateProcessWithTokenW Failed to create proc: %d
    • API String ID: 515620200-4034436330
    • Opcode ID: 40e8886b10da4b8089e19aef245874f7363ead7714efd4b4c7fef4e519746e68
    • Instruction ID: b8eac94d68efd9527449cefd26fac1ad698db7c2eecf4750e830a36369402c43
    • Opcode Fuzzy Hash: 40e8886b10da4b8089e19aef245874f7363ead7714efd4b4c7fef4e519746e68
    • Instruction Fuzzy Hash: 6BC19072E18B8286EB489F61E8502BA73A0FF99784F644135DE4DD3669EF7CE585C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601392D8C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: 2d070930f9244a49dda9650929d875ad854bb43130611f76e714999ac97ff3ae
    • Instruction ID: 2e5d675a98e49fb40312352a83dc3c851e46604f33236aec51c9d3337064d3ea
    • Opcode Fuzzy Hash: 2d070930f9244a49dda9650929d875ad854bb43130611f76e714999ac97ff3ae
    • Instruction Fuzzy Hash: CAB2C1B2E182928BE7698F78D4607FD77A1FB44788F605135DA0ED7A84DF38A905CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601382090 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorLast$AdjustLookupPrivilegePrivilegesTokenValue
    • String ID: AdjustTokenPrivileges() failed, error %u$LookupPrivilegeValue() failed, error %u$PrivilegeCheck() failed, error %u
    • API String ID: 3530718616-622133527
    • Opcode ID: 1c010e990fd707af817244d41b762582d40b43fe0a61ec7152c7b9dad956403a
    • Instruction ID: c78ffb9f8abddc4b52761c53be3cf559e4fd63f6953c2a53cd5a5fd85edc5365
    • Opcode Fuzzy Hash: 1c010e990fd707af817244d41b762582d40b43fe0a61ec7152c7b9dad956403a
    • Instruction Fuzzy Hash: E631257260878297E7589F21F85126BB7A0FB84784F704435EA8EC2759DFBCD449CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601383720 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: 7a496e64cc19f582afdba0dbec828cc9c30aecf5bf0ce59aaf7a9c4e527c2c11
    • Instruction ID: ab2e82555c4960b11df7f9771f515a79cb82319b0bea41582196d0c0e91af187
    • Opcode Fuzzy Hash: 7a496e64cc19f582afdba0dbec828cc9c30aecf5bf0ce59aaf7a9c4e527c2c11
    • Instruction Fuzzy Hash: A4318472609B8186EB649F60E8503ED7364FB85748F54403ADA8DC7B94DF7CD548C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138FAC0 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 1ee37b5fb91d7eca71b44fe795b3e55fbb91e8be7abb16ef4c51e5f64ad71a75
    • Instruction ID: 77dafd659cb5865df3774c726ff3ad9f2b1dfcf09659f622df3b13dd66bc5143
    • Opcode Fuzzy Hash: 1ee37b5fb91d7eca71b44fe795b3e55fbb91e8be7abb16ef4c51e5f64ad71a75
    • Instruction Fuzzy Hash: 8AA1F862B1878642EF28DF2694102BA63A4FB84BD4F605536EE5DC7BC5DFBCE5458300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138BE8C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 016805c7f9c284b35b6f7a8407c5926cd9f8f65b24be927f38edf8100e704f21
    • Instruction ID: 76da788948b735d7e10743618df5f6f6e0b0fce768828c768093937b6666c624
    • Opcode Fuzzy Hash: 016805c7f9c284b35b6f7a8407c5926cd9f8f65b24be927f38edf8100e704f21
    • Instruction Fuzzy Hash: E5317332608F8296DB64CF25E8502AE73A4FB85758F600135EA9D83B99DF7CD145CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138CE14 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorFileLastWrite$ConsoleOutput
    • String ID:
    • API String ID: 1443284424-0
    • Opcode ID: e4383e1d85c52f3ec7148e1c92ce68f735ecf849bc4c7098577a73fe005e72e0
    • Instruction ID: c7343c5e061d4a5ddb7b26a46213993847a90ce639ad956aa45c3be8905443a9
    • Opcode Fuzzy Hash: e4383e1d85c52f3ec7148e1c92ce68f735ecf849bc4c7098577a73fe005e72e0
    • Instruction Fuzzy Hash: 04E1EE72B18B819AE708CFA4D4401AD7BB1FB85798F608136DE4ED7B99DE78D41AC700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601392960 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
    • Instruction ID: 44e9c409db51d06b4f24b6d985b519c56dd5e44c6185dd742dc5e63a200d2925
    • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
    • Instruction Fuzzy Hash: 8BC1E372B18A8697EB28CF59E154A6BB791F798784F248135DB4A83744DF3CE801CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138E814 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: gfffffff
    • API String ID: 3215553584-1523873471
    • Opcode ID: 9113f52f8b6c296da0ca0e0bebe2f9d1301076a3c183c9c2c472c132cc5a97a4
    • Instruction ID: ac7b25e182827a2e02601b3afb13e9c2b483219d3f628649d3cd3304d323f3c1
    • Opcode Fuzzy Hash: 9113f52f8b6c296da0ca0e0bebe2f9d1301076a3c183c9c2c472c132cc5a97a4
    • Instruction Fuzzy Hash: 62912463B093C687EB1ACB2994107B9AB95EB91BC4F298032CE5DC7785DEBDE501C701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138F220 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF60138F256
      • Part of subcall function 00007FF60138C0C0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF60138C09D), ref: 00007FF60138C0C9
      • Part of subcall function 00007FF60138C0C0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF60138C09D), ref: 00007FF60138C0EE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
    • String ID: -
    • API String ID: 4036615347-2547889144
    • Opcode ID: e06f06fbfd26bc8929f6ad922c49e22dca0861f240b40954d143c0ab0bb30415
    • Instruction ID: 3f1f8551d6833c3f6ffa9feee6b186658efe469171c5eae6ff6b32bfbe6f12a0
    • Opcode Fuzzy Hash: e06f06fbfd26bc8929f6ad922c49e22dca0861f240b40954d143c0ab0bb30415
    • Instruction Fuzzy Hash: 00910332A0878587EB78CF25950076AB795FB99BD0F644235EA9DC3B99DFBCD5008B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013965B8 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 4f3d86407dd9789fcda393b78ce5ac7fd63888f80a1eb3623365494ce4a13953
    • Instruction ID: 0a811d4e8adb248091c5b2aac8cfcc0c5933df64d782124321c15afb82a0c3f7
    • Opcode Fuzzy Hash: 4f3d86407dd9789fcda393b78ce5ac7fd63888f80a1eb3623365494ce4a13953
    • Instruction Fuzzy Hash: F9B16EB7605B858BEB19CF29C85636C3BA0F784B58F248925DB5D877A4CF39D851C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013885DC Relevance: 1.5, Strings: 1, Instructions: 209COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: 2154855ced0343e2c7fd59c1889aee84958660fc752f0122978344f6df11f586
    • Instruction ID: 9b18817ace209e1900f69a7173ef9f2226f0a4aa47c179b5281acfd01af34ee7
    • Opcode Fuzzy Hash: 2154855ced0343e2c7fd59c1889aee84958660fc752f0122978344f6df11f586
    • Instruction Fuzzy Hash: EF71E525A1830343FBACAB1990006BA26A1EF40748FF45071EE4DD76D9CFBDE8538705
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601388358 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: 0
    • API String ID: 3215553584-4108050209
    • Opcode ID: d9ddcf06a8dc7956618ca082febf4e567d619336a2977e1d90f614f9fb80cf84
    • Instruction ID: 578dbef85f7031439e85678a5217a5687bc191e18c697111898c801b74fd3b05
    • Opcode Fuzzy Hash: d9ddcf06a8dc7956618ca082febf4e567d619336a2977e1d90f614f9fb80cf84
    • Instruction Fuzzy Hash: CA71D312A0C74687FB6C8B2D90003BA6792AF41748FF405B9DD49E77DACEADE8478711
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138ADC4 Relevance: .1, Instructions: 126COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: cb0247f97effa28143f1740f16645046826ae83636bc2f36bfa0056b57b7d8ac
    • Instruction ID: d7747ce5c883682646597454ab9106bccb22ed86511c6ae945006e39c4be1df8
    • Opcode Fuzzy Hash: cb0247f97effa28143f1740f16645046826ae83636bc2f36bfa0056b57b7d8ac
    • Instruction Fuzzy Hash: BA41F122714A5582EF08CF2AD9241AAB3A1FB48FD4B599037EE4DD7B98DF7CD0468340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601396400 Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 60d28e950f0d693c75d42953ea3d9e7bc6db12269998f177f14b0a4367596d0f
    • Instruction ID: c0e6b6a497db935263933165c0a989afec0b2a952f886fe89ccffd2525b340c9
    • Opcode Fuzzy Hash: 60d28e950f0d693c75d42953ea3d9e7bc6db12269998f177f14b0a4367596d0f
    • Instruction Fuzzy Hash: B2F068B27182958EDF988F2CE843A2A77D0E718380FA48039D68DC3B04DE7C90508F04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013838C8 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 87c72dc06805ad1d356ef763087d2c59a490b139fd2c26088d0c368b4dcef39b
    • Instruction ID: b992590c33cf972115c76b091884c335e11de5f5126e94ff4a51e76d7310edf6
    • Opcode Fuzzy Hash: 87c72dc06805ad1d356ef763087d2c59a490b139fd2c26088d0c368b4dcef39b
    • Instruction Fuzzy Hash: C4A00226A5CD46E1E70C8B00E8600312770FB91700B7004B1C05DC25609F7CE444C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601384E08 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 3606184308-393685449
    • Opcode ID: c222d5eb7d5ad78cc2310b0e2f3ea1a59d9ef57525a57029e21c0cd443b46712
    • Instruction ID: a51bea0833b55b3d89f5362574f0c5fb7e9cf66e7e458054a2c86f1e64f54163
    • Opcode Fuzzy Hash: c222d5eb7d5ad78cc2310b0e2f3ea1a59d9ef57525a57029e21c0cd443b46712
    • Instruction Fuzzy Hash: C0D1A132A087428BEB289F65E4403AD7BA0FB45798F200135EE4DD7B9ADF78E595C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601385FD8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF601386286,?,?,?,00007FF601385F84,?,?,?,?,00007FF6013845DD), ref: 00007FF60138605B
    • GetLastError.KERNEL32(?,?,?,00007FF601386286,?,?,?,00007FF601385F84,?,?,?,?,00007FF6013845DD), ref: 00007FF601386069
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF601386286,?,?,?,00007FF601385F84,?,?,?,?,00007FF6013845DD), ref: 00007FF601386093
    • FreeLibrary.KERNEL32(?,?,?,00007FF601386286,?,?,?,00007FF601385F84,?,?,?,?,00007FF6013845DD), ref: 00007FF6013860D9
    • GetProcAddress.KERNEL32(?,?,?,00007FF601386286,?,?,?,00007FF601385F84,?,?,?,?,00007FF6013845DD), ref: 00007FF6013860E5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: 6248718b182fb735672f6f1c14d4396476f09d08c01a1ff2e1023132875d6909
    • Instruction ID: 729dd4ae1143b9166a2fa58b4b9f330530d9109dca10bc058add69fcc719f088
    • Opcode Fuzzy Hash: 6248718b182fb735672f6f1c14d4396476f09d08c01a1ff2e1023132875d6909
    • Instruction Fuzzy Hash: 1B31C6A1B0EB4292EF19DB02A81157523A4FF44BA4F394635DD1DCB391DF7DE4468304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013951A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: 0c8d402cb0fc983fce876c4bd52032b6e5a711ef767058fd45171144aa971e07
    • Instruction ID: a675a6dc3096d0c3174f983607658e599c291a6201d1cf69ebb175d9966d4a2f
    • Opcode Fuzzy Hash: 0c8d402cb0fc983fce876c4bd52032b6e5a711ef767058fd45171144aa971e07
    • Instruction Fuzzy Hash: 5311B232B18B4182F7588B56E86532973A0FB89FE4F640234EA5EC7BA4DF3CD4548740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601385628 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
    • String ID: csm$csm
    • API String ID: 851805269-3733052814
    • Opcode ID: a0353fa51b9b3bfcb4650b69ce46101569b788fc43b9615068fc1c8f38ee74c2
    • Instruction ID: 76e859ef446aa711911735cb13666cbef6ec77e1d5ef0fb2bd5a6bd1e0699da2
    • Opcode Fuzzy Hash: a0353fa51b9b3bfcb4650b69ce46101569b788fc43b9615068fc1c8f38ee74c2
    • Instruction Fuzzy Hash: 44618432A18742C7EB288F21D4543697790FB54B94F649136DA9DC7B95CFBCE451C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601389ED8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: eb8e71c68aa0309a8f03d19f4ca3d157c42346ccdbc656e49594ebda2ddadee0
    • Instruction ID: b8276f3a3c353430c1b51130c08782b31d8385039a80aca4e35d8613717b0dcd
    • Opcode Fuzzy Hash: eb8e71c68aa0309a8f03d19f4ca3d157c42346ccdbc656e49594ebda2ddadee0
    • Instruction Fuzzy Hash: 03F05861B19B4682EB4C8B61E8A43792360EFC8B49F641079E44FC66A4CF7CE488C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601396200 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
    • Instruction ID: 3a9a76ebf5fcf087f2b9742710b47f6bee4ad8936009e8538336d91a6caee09c
    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
    • Instruction Fuzzy Hash: 4B1186E2E1EA0341F79C1368E9773751040EF557B1F381A79EBEECA2D68E5CA8414205
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013852D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: f377a43d4aacb8187967a8d91e14db74d4b784d72bf3f5b6e9284500e3677208
    • Instruction ID: 5b2761d595379990c7944e25c1e9c9ad6e9c5fa7a2536e5acef1107e19178f70
    • Opcode Fuzzy Hash: f377a43d4aacb8187967a8d91e14db74d4b784d72bf3f5b6e9284500e3677208
    • Instruction Fuzzy Hash: 82516C73A08B858AEB28CF65D0403AD77A0F744B88F244125EF4D97B59DFB8E445C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601387AC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-3916222277
    • Opcode ID: d5e711334f13a56f3bce066493cfc39ac13ce7c1a45b643f735f1bc8ce95b9c0
    • Instruction ID: eb3ab5aa5901c1a897fb47732824b42d89dac073d7fe065f1a24c53ab9ae772a
    • Opcode Fuzzy Hash: d5e711334f13a56f3bce066493cfc39ac13ce7c1a45b643f735f1bc8ce95b9c0
    • Instruction Fuzzy Hash: 1B615B729187028BEBAC8F28809537C37B7EB05B59F342135DA4AC72D9CFA8E585D601
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138EC84 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: e+000$gfff
    • API String ID: 3215553584-3030954782
    • Opcode ID: 55ca19833a6fd6218bb938f6e641c575bda540d0017eb9575132e8505d627e63
    • Instruction ID: 8abc33b800b8a0c9915e52a775f1ebde20e42e457a58677dea6724edbcf85441
    • Opcode Fuzzy Hash: 55ca19833a6fd6218bb938f6e641c575bda540d0017eb9575132e8505d627e63
    • Instruction Fuzzy Hash: 0D511962B187C28BE7688F39D8413697B91E781B90F589231D79CC7BD6CE6CE444C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF6013902EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Info
    • String ID: $
    • API String ID: 1807457897-227171996
    • Opcode ID: 851294b9fab3b5bd46c816aba98e4e7b2e7255f1dd443f51c24bfdf84b05199a
    • Instruction ID: ccef35846627e1022dc4424443f9f42bef878bd3ed84986cc0b624db109078f7
    • Opcode Fuzzy Hash: 851294b9fab3b5bd46c816aba98e4e7b2e7255f1dd443f51c24bfdf84b05199a
    • Instruction Fuzzy Hash: 45519332A1C6C18AE769CF24D0943AE7BA4F745B48F644136EA8D87A89CF7CD545CB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138A5E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF60138A612
      • Part of subcall function 00007FF60138C258: HeapFree.KERNEL32(?,?,?,00007FF60139148C,?,?,?,00007FF6013914CF,?,?,?,00007FF6013919C8,?,?,?,00007FF6013918FB), ref: 00007FF60138C26E
      • Part of subcall function 00007FF60138C258: GetLastError.KERNEL32(?,?,?,00007FF60139148C,?,?,?,00007FF6013914CF,?,?,?,00007FF6013919C8,?,?,?,00007FF6013918FB), ref: 00007FF60138C280
    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF601382FF5), ref: 00007FF60138A630
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\jp.exe
    • API String ID: 3580290477-398078364
    • Opcode ID: 6ecc3baf7dcdd53eebd94849cac9422497cdacd348962e1bdd54d312288b466c
    • Instruction ID: 093aa9d0e8669ad0d4556ba73638dc42b54abc8b0e9fde09fcd6c606a1ffa568
    • Opcode Fuzzy Hash: 6ecc3baf7dcdd53eebd94849cac9422497cdacd348962e1bdd54d312288b466c
    • Instruction Fuzzy Hash: 7C418276A08B1287EB5CEF6198410BD37A4EF85BD4B745036E94EC3B85DEBCE4818340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138D520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: e60cb4c14ddf63d2c3d71138226656ebadd48b39d4aa2c8d261ab259d099c3f7
    • Instruction ID: ffaaa323d12383f42b22fe3be23443e7ee0cae23cff90f46e687fb0feccaf234
    • Opcode Fuzzy Hash: e60cb4c14ddf63d2c3d71138226656ebadd48b39d4aa2c8d261ab259d099c3f7
    • Instruction Fuzzy Hash: 4241B062A18B4582DB24CF65E4443AA67A0FB98794FA04032EE4DC7798EF7CD441C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138C72C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Stringtry_get_function
    • String ID: LCMapStringEx
    • API String ID: 2588686239-3893581201
    • Opcode ID: 6b8871f541bf05813f0f77d86235b8ecd3febe95c4eda710b5ade56597c0c338
    • Instruction ID: a81aafb02aaf88435c212c3be9670b75f65f52f1d9167f6c3804e937190303c9
    • Opcode Fuzzy Hash: 6b8871f541bf05813f0f77d86235b8ecd3febe95c4eda710b5ade56597c0c338
    • Instruction Fuzzy Hash: C2111A36A0CB8186D764CB56F4902AAB7A4FBC9B80F644136EECD83B59DF3CD5448B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138C4C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: CompareStringtry_get_function
    • String ID: CompareStringEx
    • API String ID: 3328479835-2590796910
    • Opcode ID: 2f9ee97b485376b236bd900e4d9173567bd49cd48387b0961c440226c6f46f60
    • Instruction ID: b38e1ad021c328ecd2d09c1863bfda34aaf2948df2a2ceee884cde1732e03d2b
    • Opcode Fuzzy Hash: 2f9ee97b485376b236bd900e4d9173567bd49cd48387b0961c440226c6f46f60
    • Instruction Fuzzy Hash: D2112E36A0CB8186D764CB56F4502AAB7A4FBC9B90F644136EECD83B59CF3CD4448B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF601384534 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF601383397), ref: 00007FF601384578
    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF601383397), ref: 00007FF6013845BE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: c765308a0d805787d404dd0d0eabdd8135d35f791424f6d293b35c1aee34c8e4
    • Instruction ID: 930606aec2aff90440410145261cd3d3089d7cc03d00d0b79fe0efd9ad775afe
    • Opcode Fuzzy Hash: c765308a0d805787d404dd0d0eabdd8135d35f791424f6d293b35c1aee34c8e4
    • Instruction Fuzzy Hash: 4E113D32A08B4582EB148F15F54026D7BA0FB88B94F284271DF8D87B64DF7CD551C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138C6C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: CountCriticalInitializeSectionSpintry_get_function
    • String ID: InitializeCriticalSectionEx
    • API String ID: 539475747-3084827643
    • Opcode ID: e5c157d1541df5f71df01b68207be9144324416f0c20e490a60ec8cf403c77c9
    • Instruction ID: e816c5b9d93dfe5a0413bcb58c5add14cf9163daf38a7ef7cfa3e092498d8550
    • Opcode Fuzzy Hash: e5c157d1541df5f71df01b68207be9144324416f0c20e490a60ec8cf403c77c9
    • Instruction Fuzzy Hash: 49F0BE25A08B51C2FB089B51F0500A92320EF88BC0F685276EA4D83B54CF7CE9858300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF60138C674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • try_get_function.LIBVCRUNTIME ref: 00007FF60138C69D
    • TlsSetValue.KERNEL32(?,?,?,00007FF60138E6CA,?,?,?,00007FF60138C1C9,?,?,?,?,00007FF601389877), ref: 00007FF60138C6B4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1970646581.00007FF601381000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601380000, based on PE: true
    • Associated: 00000000.00000002.1970630855.00007FF601380000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970668741.00007FF601398000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970688114.00007FF6013A5000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1970710648.00007FF6013A7000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff601380000_jp.jbxd
    Similarity
    • API ID: Valuetry_get_function
    • String ID: FlsSetValue
    • API String ID: 738293619-3750699315
    • Opcode ID: 79fb1157ef4b4d7799115a42e867b27a2c81edb4728978485350c9684c16d774
    • Instruction ID: ddb0274e31393370c4a410c823efa32c0ce951a5e388d11c14dee51448045e92
    • Opcode Fuzzy Hash: 79fb1157ef4b4d7799115a42e867b27a2c81edb4728978485350c9684c16d774
    • Instruction Fuzzy Hash: 69E06D61A0C74282EB0C5B55F4504F93322FF88784F686276D95DC62A5CE3CE849C710
    Uniqueness

    Uniqueness Score: -1.00%